Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Dedupe trust anchors"

Browse Source
This commit is contained in:
Chad Brubaker
2015-11-17 18:51:38 +00:00
committed by Gerrit Code Review
parent 9574e58027 2bd2eb33c0
commit 690b5f6c0a
1 changed files with 18 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
core/java/android/security/net/config/NetworkSecurityConfig.java
View File

@@ -16,11 +16,14 @@
package android.security.net.config;
import android.util.ArrayMap;
import android.util.ArraySet;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.X509TrustManager;
@@ -57,12 +60,24 @@ public final class NetworkSecurityConfig {
if (mAnchors != null) {
return mAnchors;
}
Set<TrustAnchor> anchors = new ArraySet<TrustAnchor>();
// Merge trust anchors based on the X509Certificate.
// If we see the same certificate in two TrustAnchors, one with overridesPins and one
// without, the one with overridesPins wins.
Map<X509Certificate, TrustAnchor> anchorMap = new ArrayMap<>();
for (CertificatesEntryRef ref : mCertificatesEntryRefs) {
anchors.addAll(ref.getTrustAnchors());
Set<TrustAnchor> anchors = ref.getTrustAnchors();
for (TrustAnchor anchor : anchors) {
if (anchor.overridesPins) {
anchorMap.put(anchor.certificate, anchor);
} else if (!anchorMap.containsKey(anchor.certificate)) {
anchorMap.put(anchor.certificate, anchor);
}
}
}
ArraySet<TrustAnchor> anchors = new ArraySet<TrustAnchor>(anchorMap.size());
anchors.addAll(anchorMap.values());
mAnchors = anchors;
return anchors;
return mAnchors;
}
}