Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Fix isUserAddedCertificate" into nyc-dev

Browse Source 
am: 439525a

* commit '439525a99372edcd92e02ca2ec52a0f24b775348':
  Fix isUserAddedCertificate

Change-Id: I9a3a3c518fa634be2911848b0c12ed3d62999a6e
This commit is contained in:
Chad Brubaker
2016-04-14 20:54:19 +00:00
committed by android-build-merger
parent d16c0237cc 439525a993
commit 69d729b851
3 changed files with 5 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
core/java/android/net/http/X509TrustManagerExtensions.java
View File

@@ -17,6 +17,7 @@
package android.net.http; package android.net.http;
import android.annotation.SystemApi; import android.annotation.SystemApi;
import android.security.net.config.UserCertificateSource;
import com.android.org.conscrypt.TrustManagerImpl; import com.android.org.conscrypt.TrustManagerImpl;
@@ -43,7 +44,6 @@ public class X509TrustManagerExtensions {
// Methods to use when mDelegate is not a TrustManagerImpl and duck typing is being used. // Methods to use when mDelegate is not a TrustManagerImpl and duck typing is being used.
private final X509TrustManager mTrustManager; private final X509TrustManager mTrustManager;
private final Method mCheckServerTrusted; private final Method mCheckServerTrusted;
private final Method mIsUserAddedCertificate;
private final Method mIsSameTrustConfiguration; private final Method mIsSameTrustConfiguration;
/** /**
@@ -57,7 +57,6 @@ public class X509TrustManagerExtensions {
mDelegate = (TrustManagerImpl) tm; mDelegate = (TrustManagerImpl) tm;
mTrustManager = null; mTrustManager = null;
mCheckServerTrusted = null; mCheckServerTrusted = null;
mIsUserAddedCertificate = null;
mIsSameTrustConfiguration = null; mIsSameTrustConfiguration = null;
return; return;
} }
@@ -74,14 +73,6 @@ public class X509TrustManagerExtensions {
throw new IllegalArgumentException("Required method" throw new IllegalArgumentException("Required method"
+ " checkServerTrusted(X509Certificate[], String, String, String) missing"); + " checkServerTrusted(X509Certificate[], String, String, String) missing");
} }
// Check that isUserAddedCertificate is present.
try {
mIsUserAddedCertificate = tm.getClass().getMethod("isUserAddedCertificate",
X509Certificate.class);
} catch (NoSuchMethodException e) {
throw new IllegalArgumentException(
"Required method isUserAddedCertificate(X509Certificate) missing");
}
// Get the option isSameTrustConfiguration method. // Get the option isSameTrustConfiguration method.
Method isSameTrustConfiguration = null; Method isSameTrustConfiguration = null;
try { try {
@@ -128,29 +119,15 @@ public class X509TrustManagerExtensions {
/** /**
* Checks whether a CA certificate is added by an user. * Checks whether a CA certificate is added by an user.
* *
* <p>Since {@link X509TrustManager#checkServerTrusted} allows its parameter {@code chain} to * <p>Since {@link X509TrustManager#checkServerTrusted} may allow its parameter {@code chain} to
* chain up to user-added CA certificates, this method can be used to perform additional * chain up to user-added CA certificates, this method can be used to perform additional
* policies for user-added CA certificates. * policies for user-added CA certificates.
* *
* @return {@code true} to indicate that the certificate was added by the user, {@code false} * @return {@code true} to indicate that the certificate authority exists in the user added
* otherwise. * certificate store, {@code false} otherwise.
*/ */
public boolean isUserAddedCertificate(X509Certificate cert) { public boolean isUserAddedCertificate(X509Certificate cert) {
if (mDelegate != null) { return UserCertificateSource.getInstance().findBySubjectAndPublicKey(cert) != null;
return mDelegate.isUserAddedCertificate(cert);
} else {
try {
return (Boolean) mIsUserAddedCertificate.invoke(mTrustManager, cert);
} catch (IllegalAccessException e) {
throw new RuntimeException("Failed to call isUserAddedCertificate", e);
} catch (InvocationTargetException e) {
if (e.getCause() instanceof RuntimeException) {
throw (RuntimeException) e.getCause();
} else {
throw new RuntimeException("isUserAddedCertificate failed", e.getCause());
}
}
}
} }
/** /**

9
core/java/android/security/net/config/NetworkSecurityTrustManager.java
View File

@@ -115,15 +115,6 @@ public class NetworkSecurityTrustManager extends X509ExtendedTrustManager {
return trustedChain; return trustedChain;
} }
/**
* Check if the provided certificate is a user added certificate authority.
* This is required by android.net.http.X509TrustManagerExtensions.
*/
public boolean isUserAddedCertificate(X509Certificate cert) {
// TODO: Figure out the right way to handle this, and if it is still even used.
return false;
}
private void checkPins(List<X509Certificate> chain) throws CertificateException { private void checkPins(List<X509Certificate> chain) throws CertificateException {
PinSet pinSet = mNetworkSecurityConfig.getPins(); PinSet pinSet = mNetworkSecurityConfig.getPins();
if (pinSet.pins.isEmpty() if (pinSet.pins.isEmpty()

9
core/java/android/security/net/config/RootTrustManager.java
View File

@@ -131,15 +131,6 @@ public class RootTrustManager extends X509ExtendedTrustManager {
return config.getTrustManager().checkServerTrusted(certs, authType, hostname); return config.getTrustManager().checkServerTrusted(certs, authType, hostname);
} }
/**
* Check if the provided certificate is a user added certificate authority.
* This is required by android.net.http.X509TrustManagerExtensions.
*/
public boolean isUserAddedCertificate(X509Certificate cert) {
// TODO: Figure out the right way to handle this, and if it is still even used.
return false;
}
@Override @Override
public X509Certificate[] getAcceptedIssuers() { public X509Certificate[] getAcceptedIssuers() {
// getAcceptedIssuers is meant to be used to determine which trust anchors the server will // getAcceptedIssuers is meant to be used to determine which trust anchors the server will