Add nsconfig support for WFA CAs

Bug: 78643773 Test: manually verified Change-Id: Ib7d2b24669074b74bbda7ab7163ef25584e95a11
2018-04-26 11:20:16 -07:00
parent 0c0739093b
commit 8bfbc6e710
2 changed files with 44 additions and 0 deletions
--- a/core/java/android/security/net/config/WfaCertificateSource.java
+++ b/core/java/android/security/net/config/WfaCertificateSource.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.net.config;
+
+import java.io.File;
+
+/**
+ * {@link CertificateSource} based on the system WFA CA store.
+ * @hide
+ */
+public final class WfaCertificateSource extends DirectoryCertificateSource {
+    private static class NoPreloadHolder {
+        private static final WfaCertificateSource INSTANCE = new WfaCertificateSource();
+    }
+
+    private WfaCertificateSource() {
+        super(new File(System.getenv("ANDROID_ROOT") + "/etc/security/cacerts_wfa"));
+    }
+
+    public static WfaCertificateSource getInstance() {
+        return NoPreloadHolder.INSTANCE;
+    }
+
+    @Override
+    protected boolean isCertMarkedAsRemoved(String caFile) {
+        return false;
+    }
+}
--- a/core/java/android/security/net/config/XmlConfigSource.java
+++ b/core/java/android/security/net/config/XmlConfigSource.java
@@ -189,6 +189,8 @@ public class XmlConfigSource implements ConfigSource {
            source = SystemCertificateSource.getInstance();
        } else if ("user".equals(sourceString)) {
            source = UserCertificateSource.getInstance();
+        } else if ("wfa".equals(sourceString)) {
+            source = WfaCertificateSource.getInstance();
        } else {
            throw new ParserException(parser, "Unknown certificates src. "
                    + "Should be one of system|user|@resourceVal");