Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Implement checkClientTrusted"

Browse Source
This commit is contained in:
Chad Brubaker
2015-11-25 20:33:31 +00:00
committed by Gerrit Code Review
parent e766e399c5 bdd13f02bc
commit 8e19803a6a
2 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/java/android/security/net/config/NetworkSecurityTrustManager.java
View File

@@ -65,7 +65,7 @@ public class NetworkSecurityTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
throw new CertificateException("Client authentication not supported");
mDelegate.checkClientTrusted(chain, authType);
}
@Override
@@ -149,6 +149,6 @@ public class NetworkSecurityTrustManager implements X509TrustManager {
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
return mDelegate.getAcceptedIssuers();
}
}

12
core/java/android/security/net/config/RootTrustManager.java
View File

@@ -35,7 +35,6 @@ import javax.net.ssl.X509TrustManager;
* @hide */
public class RootTrustManager implements X509TrustManager {
private final ApplicationConfig mConfig;
private static final X509Certificate[] EMPTY_ISSUERS = new X509Certificate[0];
public RootTrustManager(ApplicationConfig config) {
if (config == null) {
@@ -47,7 +46,10 @@ public class RootTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
throw new CertificateException("Client authentication not supported");
// Use the default configuration for all client authentication. Domain specific configs are
// only for use in checking server trust not client trust.
NetworkSecurityConfig config = mConfig.getConfigForHostname("");
config.getTrustManager().checkClientTrusted(chain, authType);
}
@Override
@@ -84,6 +86,10 @@ public class RootTrustManager implements X509TrustManager {
@Override
public X509Certificate[] getAcceptedIssuers() {
return EMPTY_ISSUERS;
// getAcceptedIssuers is meant to be used to determine which trust anchors the server will
// accept when verifying clients. Domain specific configs are only for use in checking
// server trust not client trust so use the default config.
NetworkSecurityConfig config = mConfig.getConfigForHostname("");
return config.getTrustManager().getAcceptedIssuers();
}
}