Merge "Implement checkClientTrusted"

am: 8e19803a6a * commit '8e19803a6a10ac44ca59cf15a2ae1f2eedb13cf8': Implement checkClientTrusted
2015-11-25 20:41:03 +00:00
parent 4bc1904119 8e19803a6a
commit a4a6cf9b51
2 changed files with 11 additions and 5 deletions
--- a/core/java/android/security/net/config/NetworkSecurityTrustManager.java
+++ b/core/java/android/security/net/config/NetworkSecurityTrustManager.java
@@ -65,7 +65,7 @@ public class NetworkSecurityTrustManager implements X509TrustManager {
    @Override
    public void checkClientTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
-        throw new CertificateException("Client authentication not supported");
+        mDelegate.checkClientTrusted(chain, authType);
    }

    @Override
@@ -149,6 +149,6 @@ public class NetworkSecurityTrustManager implements X509TrustManager {

    @Override
    public X509Certificate[] getAcceptedIssuers() {
-        return new X509Certificate[0];
+        return mDelegate.getAcceptedIssuers();
    }
 }
--- a/core/java/android/security/net/config/RootTrustManager.java
+++ b/core/java/android/security/net/config/RootTrustManager.java
@@ -35,7 +35,6 @@ import javax.net.ssl.X509TrustManager;
 * @hide */
 public class RootTrustManager implements X509TrustManager {
    private final ApplicationConfig mConfig;
-    private static final X509Certificate[] EMPTY_ISSUERS = new X509Certificate[0];

    public RootTrustManager(ApplicationConfig config) {
        if (config == null) {
@@ -47,7 +46,10 @@ public class RootTrustManager implements X509TrustManager {
    @Override
    public void checkClientTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
-        throw new CertificateException("Client authentication not supported");
+        // Use the default configuration for all client authentication. Domain specific configs are
+        // only for use in checking server trust not client trust.
+        NetworkSecurityConfig config = mConfig.getConfigForHostname("");
+        config.getTrustManager().checkClientTrusted(chain, authType);
    }

    @Override
@@ -84,6 +86,10 @@ public class RootTrustManager implements X509TrustManager {

    @Override
    public X509Certificate[] getAcceptedIssuers() {
-        return EMPTY_ISSUERS;
+        // getAcceptedIssuers is meant to be used to determine which trust anchors the server will
+        // accept when verifying clients. Domain specific configs are only for use in checking
+        // server trust not client trust so use the default config.
+        NetworkSecurityConfig config = mConfig.getConfigForHostname("");
+        return config.getTrustManager().getAcceptedIssuers();
    }
 }