Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Check for null hostnames in RootTrustManager"

Browse Source
This commit is contained in:
Chad Brubaker
2015-12-14 19:30:44 +00:00
committed by Gerrit Code Review
parent cfed01af4b dd586a46c9
commit 49ce7dc2ba
2 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/java/android/security/net/config/RootTrustManager.java
View File

@@ -71,6 +71,10 @@ public class RootTrustManager implements X509TrustManager {
*/
public List<X509Certificate> checkServerTrusted(X509Certificate[] certs, String authType,
String hostname) throws CertificateException {
if (hostname == null && mConfig.hasPerDomainConfigs()) {
throw new CertificateException(
"Domain specific configurations require that the hostname be provided");
}
NetworkSecurityConfig config = mConfig.getConfigForHostname(hostname);
return config.getTrustManager().checkServerTrusted(certs, authType, hostname);
}

11
tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java
View File

@@ -22,6 +22,7 @@ import android.test.MoreAsserts;
import android.util.ArraySet;
import android.util.Pair;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.URL;
import java.security.KeyStore;
@@ -34,6 +35,7 @@ import java.util.Set;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
@@ -103,6 +105,15 @@ public class XmlConfigTests extends AndroidTestCase {
TestUtils.assertConnectionFails(context, "developer.android.com", 443);
TestUtils.assertUrlConnectionFails(context, "google.com", 443);
TestUtils.assertUrlConnectionSucceeds(context, "android.com", 443);
// Check that sockets created without the hostname fail with per-domain configs
SSLSocket socket = (SSLSocket) context.getSocketFactory()
.createSocket(InetAddress.getByName("android.com"), 443);
try {
socket.startHandshake();
socket.getInputStream();
fail();
} catch (IOException expected) {
}
}
public void testBasicPinning() throws Exception {