Merge "Add handleTrustStorageUpdate" into nyc-dev

api/test-current.txt

@@ -34342,6 +34342,7 @@ package android.security {
 
   public class NetworkSecurityPolicy {
     method public static android.security.NetworkSecurityPolicy getInstance();
+    method public void handleTrustStorageUpdate();
     method public boolean isCleartextTrafficPermitted();
     method public boolean isCleartextTrafficPermitted(java.lang.String);
   }

core/java/android/security/NetworkSecurityPolicy.java

@@ -16,6 +16,7 @@
 
 package android.security;
 
+import android.annotation.TestApi;
 import android.content.Context;
 import android.content.pm.PackageManager;
 import android.security.net.config.ApplicationConfig;
@@ -104,4 +105,13 @@ public class NetworkSecurityPolicy {
         ManifestConfigSource source = new ManifestConfigSource(appContext);
         return new ApplicationConfig(source);
     }
+
+    /**
+     * Handle an update to the system or user certificate stores.
+     * @hide
+     */
+    @TestApi
+    public void handleTrustStorageUpdate() {
+        ApplicationConfig.getDefaultInstance().handleTrustStorageUpdate();
+    }
 }

core/java/android/security/net/config/ApplicationConfig.java

@@ -17,6 +17,7 @@
 package android.security.net.config;
 
 import android.util.Pair;
+import java.util.HashSet;
 import java.util.Locale;
 import java.util.Set;
 import javax.net.ssl.X509TrustManager;
@@ -146,6 +147,20 @@ public final class ApplicationConfig {
         return getConfigForHostname(hostname).isCleartextTrafficPermitted();
     }
 
+    public void handleTrustStorageUpdate() {
+        ensureInitialized();
+        mDefaultConfig.handleTrustStorageUpdate();
+        if (mConfigs != null) {
+            Set<NetworkSecurityConfig> updatedConfigs =
+                    new HashSet<NetworkSecurityConfig>(mConfigs.size());
+            for (Pair<Domain, NetworkSecurityConfig> entry : mConfigs) {
+                if (updatedConfigs.add(entry.second)) {
+                    entry.second.handleTrustStorageUpdate();
+                }
+            }
+        }
+    }
+
     private void ensureInitialized() {
         synchronized(mLock) {
             if (mInitialized) {

core/java/android/security/net/config/CertificateSource.java

@@ -25,4 +25,5 @@ public interface CertificateSource {
     X509Certificate findBySubjectAndPublicKey(X509Certificate cert);
     X509Certificate findByIssuerAndSignature(X509Certificate cert);
     Set<X509Certificate> findAllByIssuerAndSignature(X509Certificate cert);
+    void handleTrustStorageUpdate();
 }

core/java/android/security/net/config/CertificatesEntryRef.java

@@ -64,4 +64,8 @@ public final class CertificatesEntryRef {
     public Set<X509Certificate> findAllCertificatesByIssuerAndSignature(X509Certificate cert) {
         return mSource.findAllByIssuerAndSignature(cert);
     }
+
+    public void handleTrustStorageUpdate() {
+        mSource.handleTrustStorageUpdate();
+    }
 }

core/java/android/security/net/config/DirectoryCertificateSource.java

@@ -126,6 +126,13 @@ abstract class DirectoryCertificateSource implements CertificateSource {
         });
     }
 
+    @Override
+    public void handleTrustStorageUpdate() {
+        synchronized (mLock) {
+            mCertificates = null;
+        }
+    }
+
     private static interface CertSelector {
         boolean match(X509Certificate cert);
     }

core/java/android/security/net/config/KeyStoreCertificateSource.java

@@ -105,4 +105,9 @@ class KeyStoreCertificateSource implements CertificateSource {
         }
         return certs;
     }
+
+    @Override
+    public void handleTrustStorageUpdate() {
+        // Nothing to do.
+    }
 }

core/java/android/security/net/config/NetworkSecurityConfig.java

@@ -117,12 +117,6 @@ public final class NetworkSecurityConfig {
         }
     }
 
-    void onTrustStoreChange() {
-        synchronized (mAnchorsLock) {
-            mAnchors = null;
-        }
-    }
-
     /** @hide */
     public TrustAnchor findTrustAnchorBySubjectAndPublicKey(X509Certificate cert) {
         for (CertificatesEntryRef ref : mCertificatesEntryRefs) {
@@ -154,6 +148,16 @@ public final class NetworkSecurityConfig {
         return certs;
     }
 
+    public void handleTrustStorageUpdate() {
+        synchronized (mAnchorsLock) {
+            mAnchors = null;
+            for (CertificatesEntryRef ref : mCertificatesEntryRefs) {
+                ref.handleTrustStorageUpdate();
+            }
+        }
+        getTrustManager().handleTrustStorageUpdate();
+    }
+
     /**
      * Return a {@link Builder} for the default {@code NetworkSecurityConfig}.
      *

core/java/android/security/net/config/NetworkSecurityTrustManager.java

@@ -157,4 +157,11 @@ public class NetworkSecurityTrustManager implements X509TrustManager {
             return mIssuers.clone();
         }
     }
+
+    public void handleTrustStorageUpdate() {
+        synchronized (mIssuersLock) {
+            mIssuers = null;
+            mDelegate.handleTrustStorageUpdate();
+        }
+    }
 }

core/java/android/security/net/config/ResourceCertificateSource.java

@@ -115,4 +115,9 @@ public class ResourceCertificateSource implements CertificateSource {
         }
         return certs;
     }
+
+    @Override
+    public void handleTrustStorageUpdate() {
+        // Nothing to do, resource sources never change.
+    }
 }

tests/NetworkSecurityConfigTest/src/android/security/net/config/TestCertificateSource.java

@@ -65,4 +65,9 @@ public class TestCertificateSource implements CertificateSource {
         }
         return certs;
     }
+
+    @Override
+    public void handleTrustStorageUpdate() {
+        // Nothing to do.
+    }
 }