Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge changes I5d2be3c5,I9017256b

Browse Source 
* changes:
  Add argument to binder call to check key types
  Use hostname verifier directly instead of instance
This commit is contained in:
Kenny Root
2013-09-10 18:50:02 +00:00
committed by Gerrit Code Review
parent 7adc233cf8 0b83f9c805
commit 90e42717e5
4 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
core/java/android/net/SSLCertificateSocketFactory.java
View File

@@ -81,9 +81,6 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory {
}
};
private static final HostnameVerifier HOSTNAME_VERIFIER =
HttpsURLConnection.getDefaultHostnameVerifier();
private SSLSocketFactory mInsecureFactory = null;
private SSLSocketFactory mSecureFactory = null;
private TrustManager[] mTrustManagers = null;
@@ -196,7 +193,7 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory {
if (session == null) {
throw new SSLException("Cannot verify SSL socket without session");
}
if (!HOSTNAME_VERIFIER.verify(hostname, session)) {
if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(hostname, session)) {
throw new SSLPeerUnverifiedException("Cannot verify hostname: " + hostname);
}
}

5
core/java/android/security/IKeystoreService.java
View File

@@ -444,12 +444,13 @@ public interface IKeystoreService extends IInterface {
}
@Override
public int is_hardware_backed() throws RemoteException {
public int is_hardware_backed(String keyType) throws RemoteException {
Parcel _data = Parcel.obtain();
Parcel _reply = Parcel.obtain();
int _result;
try {
_data.writeInterfaceToken(DESCRIPTOR);
_data.writeString(keyType);
mRemote.transact(Stub.TRANSACTION_is_hardware_backed, _data, _reply, 0);
_reply.readException();
_result = _reply.readInt();
@@ -593,7 +594,7 @@ public interface IKeystoreService extends IInterface {
public int duplicate(String srcKey, int srcUid, String destKey, int destUid)
throws RemoteException;
public int is_hardware_backed() throws RemoteException;
public int is_hardware_backed(String string) throws RemoteException;
public int clear_uid(long uid) throws RemoteException;
}

6
keystore/java/android/security/KeyChain.java
View File

@@ -34,6 +34,7 @@ import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Locale;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
@@ -364,7 +365,8 @@ public final class KeyChain {
* "RSA").
*/
public static boolean isKeyAlgorithmSupported(String algorithm) {
return "RSA".equals(algorithm);
final String algUpper = algorithm.toUpperCase(Locale.US);
return "DSA".equals(algUpper) || "EC".equals(algUpper) || "RSA".equals(algUpper);
}
/**
@@ -379,7 +381,7 @@ public final class KeyChain {
return false;
}
return KeyStore.getInstance().isHardwareBacked();
return KeyStore.getInstance().isHardwareBacked(algorithm);
}
private static X509Certificate toCertificate(byte[] bytes) {

9
keystore/java/android/security/KeyStore.java
View File

@@ -22,6 +22,8 @@ import android.os.RemoteException;
import android.os.ServiceManager;
import android.util.Log;
import java.util.Locale;
/**
* @hide This should not be made public in its present form because it
* assumes that private and secret key bytes are available and would
@@ -306,9 +308,14 @@ public class KeyStore {
}
}
// TODO remove this when it's removed from Settings
public boolean isHardwareBacked() {
return isHardwareBacked("RSA");
}
public boolean isHardwareBacked(String keyType) {
try {
return mBinder.is_hardware_backed() == NO_ERROR;
return mBinder.is_hardware_backed(keyType.toUpperCase(Locale.US)) == NO_ERROR;
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return false;