am 52a154fe: Merge "Remove"

* commit '52a154febb7c06b142116235c368417dd5e542ba': Remove
2014-07-07 20:55:16 +00:00
parent a7f02a5cda 52a154febb
commit 044492e1b7
4 changed files with 23 additions and 165 deletions
--- a/core/java/android/net/http/CertificateChainValidator.java
+++ b/core/java/android/net/http/CertificateChainValidator.java
@@ -16,6 +16,9 @@

 package android.net.http;

+import com.android.org.conscrypt.SSLParametersImpl;
+import com.android.org.conscrypt.TrustManagerImpl;
+
 import android.util.Slog;

 import java.io.ByteArrayInputStream;
@@ -37,7 +40,7 @@ import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509ExtendedTrustManager;
+import javax.net.ssl.X509TrustManager;

 /**
 * Class responsible for all server certificate validation functionality
@@ -60,7 +63,7 @@ public class CertificateChainValidator {
                .getDefaultHostnameVerifier();
    }

-    private X509ExtendedTrustManager mTrustManager;
+    private X509TrustManager mTrustManager;

    /**
     * @return The singleton instance of the certificates chain validator
@@ -78,8 +81,8 @@ public class CertificateChainValidator {
            TrustManagerFactory tmf = TrustManagerFactory.getInstance("X.509");
            tmf.init((KeyStore) null);
            for (TrustManager tm : tmf.getTrustManagers()) {
-                if (tm instanceof X509ExtendedTrustManager) {
-                    mTrustManager = (X509ExtendedTrustManager) tm;
+                if (tm instanceof X509TrustManager) {
+                    mTrustManager = (X509TrustManager) tm;
                }
            }
        } catch (NoSuchAlgorithmException e) {
@@ -90,7 +93,7 @@ public class CertificateChainValidator {

        if (mTrustManager == null) {
            throw new RuntimeException(
-                    "None of the X.509 TrustManagers are X509ExtendedTrustManager");
+                    "None of the X.509 TrustManagers are X509TrustManager");
        }
    }

@@ -225,8 +228,13 @@ public class CertificateChainValidator {
        }

        try {
-            getInstance().getTrustManager().checkServerTrusted(chain, authType,
-                    new DelegatingSocketWrapper(domain));
+            X509TrustManager x509TrustManager = SSLParametersImpl.getDefaultX509TrustManager();
+            if (x509TrustManager instanceof TrustManagerImpl) {
+                TrustManagerImpl trustManager = (TrustManagerImpl) x509TrustManager;
+                trustManager.checkServerTrusted(chain, authType, domain);
+            } else {
+                x509TrustManager.checkServerTrusted(chain, authType);
+            }
            return null;  // No errors.
        } catch (GeneralSecurityException e) {
            if (HttpLog.LOGV) {
@@ -238,9 +246,9 @@ public class CertificateChainValidator {
    }

    /**
-     * Returns the platform default {@link X509ExtendedTrustManager}.
+     * Returns the platform default {@link X509TrustManager}.
     */
-    private X509ExtendedTrustManager getTrustManager() {
+    private X509TrustManager getTrustManager() {
        return mTrustManager;
    }

@@ -268,4 +276,4 @@ public class CertificateChainValidator {

        throw new SSLHandshakeException(errorMessage);
    }
-}
+}
--- a/core/java/android/net/http/DelegatingSSLSession.java
+++ b/core/java/android/net/http/DelegatingSSLSession.java
@@ -24,12 +24,11 @@ import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSessionContext;
 import javax.net.ssl.SSLSocket;
-import javax.net.ssl.X509ExtendedTrustManager;
+import javax.net.ssl.X509TrustManager;

 /**
- * This is used when only a {@code hostname} is available but usage of the new API
- * {@link X509ExtendedTrustManager#checkServerTrusted(X509Certificate[], String, Socket)}
- * requires a {@link SSLSocket}.
+ * This is only used when a {@code certificate} is available but usage
+ * requires a {@link SSLSession}.
 *
 * @hide
 */
@@ -37,19 +36,6 @@ public class DelegatingSSLSession implements SSLSession {
    protected DelegatingSSLSession() {
    }

-    public static class HostnameWrap extends DelegatingSSLSession {
-        private final String mHostname;
-
-        public HostnameWrap(String hostname) {
-            mHostname = hostname;
-        }
-
-        @Override
-        public String getPeerHost() {
-            return mHostname;
-        }
-    }
-
    public static class CertificateWrap extends DelegatingSSLSession {
        private final Certificate mCertificate;

@@ -169,4 +155,4 @@ public class DelegatingSSLSession implements SSLSession {
    public void removeValue(String name) {
        throw new UnsupportedOperationException();
    }
-}
+}
--- a/core/java/android/net/http/DelegatingSocketWrapper.java
+++ b/core/java/android/net/http/DelegatingSocketWrapper.java
@@ -1,127 +0,0 @@
-/*
- * Copyright 2014 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.http;
-
-import java.io.IOException;
-
-import javax.net.ssl.HandshakeCompletedListener;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.X509ExtendedTrustManager;
-
-/**
- * This is used when only a {@code hostname} is available for
- * {@link X509ExtendedTrustManager#checkServerTrusted(java.security.cert.X509Certificate[], String, Socket)}
- * but we want to use the new API that requires a {@link SSLSocket}.
- */
-class DelegatingSocketWrapper extends SSLSocket {
-    private String hostname;
-
-    public DelegatingSocketWrapper(String hostname) {
-        this.hostname = hostname;
-    }
-
-    @Override
-    public String[] getSupportedCipherSuites() {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public String[] getEnabledCipherSuites() {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public void setEnabledCipherSuites(String[] suites) {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public String[] getSupportedProtocols() {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public String[] getEnabledProtocols() {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public void setEnabledProtocols(String[] protocols) {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public SSLSession getSession() {
-        return new DelegatingSSLSession.HostnameWrap(hostname);
-    }
-
-    @Override
-    public void addHandshakeCompletedListener(HandshakeCompletedListener listener) {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public void removeHandshakeCompletedListener(HandshakeCompletedListener listener) {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public void startHandshake() throws IOException {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public void setUseClientMode(boolean mode) {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public boolean getUseClientMode() {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public void setNeedClientAuth(boolean need) {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public void setWantClientAuth(boolean want) {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public boolean getNeedClientAuth() {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public boolean getWantClientAuth() {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public void setEnableSessionCreation(boolean flag) {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public boolean getEnableSessionCreation() {
-        throw new UnsupportedOperationException();
-    }
-}
--- a/core/java/android/net/http/X509TrustManagerExtensions.java
+++ b/core/java/android/net/http/X509TrustManagerExtensions.java
@@ -24,7 +24,6 @@ import java.util.List;

 import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSocket;
-import javax.net.ssl.X509ExtendedTrustManager;
 import javax.net.ssl.X509TrustManager;

 /**
@@ -34,13 +33,6 @@ import javax.net.ssl.X509TrustManager;
 * verification of certificate chains after they have been successfully verified
 * by the platform.
 * </p>
- * <p>
- * If the returned certificate list is not needed, see also
- * {@code X509ExtendedTrustManager#checkServerTrusted(X509Certificate[], String, java.net.Socket)}
- * where an {@link SSLSocket} can be used to verify the given hostname during
- * handshake using
- * {@code SSLParameters#setEndpointIdentificationAlgorithm(String)}.
- * </p>
 */
 public class X509TrustManagerExtensions {

@@ -73,7 +65,6 @@ public class X509TrustManagerExtensions {
     */
    public List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType,
                                                    String host) throws CertificateException {
-        return mDelegate.checkServerTrusted(chain, authType,
-                new DelegatingSSLSession.HostnameWrap(host));
+        return mDelegate.checkServerTrusted(chain, authType, host);
    }
 }