Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

am d152f7ec: Merge "Don\'t use X509CertImpl directly"

Browse Source 
* commit 'd152f7ec1ae43d77ff8e2206724ce71da3da9913':
  Don't use X509CertImpl directly
This commit is contained in:
Kenny Root
2013-04-29 14:16:09 -07:00
committed by Android Git Automerger
parent 3424b817f6 d152f7ec1a
commit d334cb13d6
2 changed files with 20 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
core/java/android/net/http/CertificateChainValidator.java
View File

@@ -17,18 +17,19 @@
package android.net.http; package android.net.http;
import java.io.ByteArrayInputStream;
import java.io.IOException; import java.io.IOException;
import java.security.GeneralSecurityException; import java.security.GeneralSecurityException;
import java.security.KeyManagementException; import java.security.KeyManagementException;
import java.security.cert.Certificate; import java.security.cert.Certificate;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import javax.net.ssl.DefaultHostnameVerifier; import javax.net.ssl.DefaultHostnameVerifier;
import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509TrustManager; import javax.net.ssl.X509TrustManager;
import org.apache.harmony.security.provider.cert.X509CertImpl;
import org.apache.harmony.xnet.provider.jsse.SSLParametersImpl; import org.apache.harmony.xnet.provider.jsse.SSLParametersImpl;
import org.apache.harmony.xnet.provider.jsse.TrustManagerImpl; import org.apache.harmony.xnet.provider.jsse.TrustManagerImpl;
@@ -118,8 +119,14 @@ public class CertificateChainValidator {
X509Certificate[] serverCertificates = new X509Certificate[certChain.length]; X509Certificate[] serverCertificates = new X509Certificate[certChain.length];
for (int i = 0; i < certChain.length; ++i) { try {
serverCertificates[i] = new X509CertImpl(certChain[i]); CertificateFactory cf = CertificateFactory.getInstance("X.509");
for (int i = 0; i < certChain.length; ++i) {
serverCertificates[i] = (X509Certificate) cf.generateCertificate(
new ByteArrayInputStream(certChain[i]));
}
} catch (CertificateException e) {
throw new IOException("can't read certificate", e);
} }
return verifyServerDomainAndCertificates(serverCertificates, domain, authType); return verifyServerDomainAndCertificates(serverCertificates, domain, authType);

17
core/java/android/webkit/BrowserFrame.java
View File

@@ -40,13 +40,13 @@ import android.view.WindowManager;
import junit.framework.Assert; import junit.framework.Assert;
import java.io.ByteArrayInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.lang.ref.WeakReference; import java.lang.ref.WeakReference;
import java.net.URLEncoder; import java.net.URLEncoder;
import java.nio.charset.Charsets;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
@@ -55,7 +55,6 @@ import java.util.Iterator;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import org.apache.harmony.security.provider.cert.X509CertImpl;
import org.apache.harmony.xnet.provider.jsse.OpenSSLKey; import org.apache.harmony.xnet.provider.jsse.OpenSSLKey;
import org.apache.harmony.xnet.provider.jsse.OpenSSLKeyHolder; import org.apache.harmony.xnet.provider.jsse.OpenSSLKeyHolder;
@@ -1081,10 +1080,12 @@ class BrowserFrame extends Handler {
String url) { String url) {
final SslError sslError; final SslError sslError;
try { try {
X509Certificate cert = new X509CertImpl(certDER); CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(
new ByteArrayInputStream(certDER));
SslCertificate sslCert = new SslCertificate(cert); SslCertificate sslCert = new SslCertificate(cert);
sslError = SslError.SslErrorFromChromiumErrorCode(certError, sslCert, url); sslError = SslError.SslErrorFromChromiumErrorCode(certError, sslCert, url);
} catch (IOException e) { } catch (Exception e) {
// Can't get the certificate, not much to do. // Can't get the certificate, not much to do.
Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling"); Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling");
nativeSslCertErrorCancel(handle, certError); nativeSslCertErrorCancel(handle, certError);
@@ -1202,9 +1203,11 @@ class BrowserFrame extends Handler {
*/ */
private void setCertificate(byte cert_der[]) { private void setCertificate(byte cert_der[]) {
try { try {
X509Certificate cert = new X509CertImpl(cert_der); CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(
new ByteArrayInputStream(cert_der));
mCallbackProxy.onReceivedCertificate(new SslCertificate(cert)); mCallbackProxy.onReceivedCertificate(new SslCertificate(cert));
} catch (IOException e) { } catch (Exception e) {
// Can't get the certificate, not much to do. // Can't get the certificate, not much to do.
Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling"); Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling");
return; return;