Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Don't use X509CertImpl directly"

Browse Source
This commit is contained in:
Kenny Root
2013-04-29 20:54:48 +00:00
committed by Gerrit Code Review
parent 0bb497b8d1 28b1f0ee02
commit d152f7ec1a
2 changed files with 20 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
core/java/android/net/http/CertificateChainValidator.java
View File

@@ -17,18 +17,19 @@
package android.net.http;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.DefaultHostnameVerifier;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509TrustManager;
import org.apache.harmony.security.provider.cert.X509CertImpl;
import org.apache.harmony.xnet.provider.jsse.SSLParametersImpl;
import org.apache.harmony.xnet.provider.jsse.TrustManagerImpl;
@@ -118,8 +119,14 @@ public class CertificateChainValidator {
X509Certificate[] serverCertificates = new X509Certificate[certChain.length];
for (int i = 0; i < certChain.length; ++i) {
serverCertificates[i] = new X509CertImpl(certChain[i]);
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
for (int i = 0; i < certChain.length; ++i) {
serverCertificates[i] = (X509Certificate) cf.generateCertificate(
new ByteArrayInputStream(certChain[i]));
}
} catch (CertificateException e) {
throw new IOException("can't read certificate", e);
}
return verifyServerDomainAndCertificates(serverCertificates, domain, authType);

17
core/java/android/webkit/BrowserFrame.java
View File

@@ -40,13 +40,13 @@ import android.view.WindowManager;
import junit.framework.Assert;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.ref.WeakReference;
import java.net.URLEncoder;
import java.nio.charset.Charsets;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
@@ -55,7 +55,6 @@ import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.harmony.security.provider.cert.X509CertImpl;
import org.apache.harmony.xnet.provider.jsse.OpenSSLKey;
import org.apache.harmony.xnet.provider.jsse.OpenSSLKeyHolder;
@@ -1079,10 +1078,12 @@ class BrowserFrame extends Handler {
String url) {
final SslError sslError;
try {
X509Certificate cert = new X509CertImpl(certDER);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(
new ByteArrayInputStream(certDER));
SslCertificate sslCert = new SslCertificate(cert);
sslError = SslError.SslErrorFromChromiumErrorCode(certError, sslCert, url);
} catch (IOException e) {
} catch (Exception e) {
// Can't get the certificate, not much to do.
Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling");
nativeSslCertErrorCancel(handle, certError);
@@ -1200,9 +1201,11 @@ class BrowserFrame extends Handler {
*/
private void setCertificate(byte cert_der[]) {
try {
X509Certificate cert = new X509CertImpl(cert_der);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(
new ByteArrayInputStream(cert_der));
mCallbackProxy.onReceivedCertificate(new SslCertificate(cert));
} catch (IOException e) {
} catch (Exception e) {
// Can't get the certificate, not much to do.
Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling");
return;