Updated Browser and MCS to use shared default trust manager instead of initializing their own copies.

2009-08-20 17:36:11 -07:00
parent b7aec9124a
commit e97c2006bf
2 changed files with 8 additions and 60 deletions
--- a/core/java/android/net/SSLCertificateSocketFactory.java
+++ b/core/java/android/net/SSLCertificateSocketFactory.java
@@ -41,6 +41,7 @@ import javax.net.ssl.X509TrustManager;

 import org.apache.harmony.xnet.provider.jsse.SSLClientSessionCache;
 import org.apache.harmony.xnet.provider.jsse.SSLContextImpl;
+import org.apache.harmony.xnet.provider.jsse.SSLParameters;

 /**
 * SSLSocketFactory that provides optional (on debug devices, only) skipping of ssl certificfate
@@ -54,28 +55,6 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory {

    private static final String LOG_TAG = "SSLCertificateSocketFactory";

-    private static X509TrustManager sDefaultTrustManager;
-
-    static {
-        try {
-            TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
-            tmf.init((KeyStore)null);
-            TrustManager[] tms = tmf.getTrustManagers();
-            if (tms != null) {
-                for (TrustManager tm : tms) {
-                    if (tm instanceof X509TrustManager) {
-                        sDefaultTrustManager = (X509TrustManager)tm;
-                        break;
-                    }
-                }
-            }
-        } catch (NoSuchAlgorithmException e) {
-            Log.e(LOG_TAG, "Unable to get X509 Trust Manager ", e);
-        } catch (KeyStoreException e) {
-            Log.e(LOG_TAG, "Key Store exception while initializing TrustManagerFactory ", e);
-        }
-    }
-
    private static final TrustManager[] TRUST_MANAGER = new TrustManager[] {
        new X509TrustManager() {
            public X509Certificate[] getAcceptedIssuers() {
@@ -155,20 +134,13 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory {

    private boolean hasValidCertificateChain(Certificate[] certs) 
            throws IOException {
-        if (sDefaultTrustManager == null) {
-            if (Config.LOGD) {
-                Log.d(LOG_TAG,"hasValidCertificateChain():" +
-                          " null default trust manager!");
-            }
-            throw new IOException("null default trust manager");
-        }
-
        boolean trusted = (certs != null && (certs.length > 0));

        if (trusted) {
            try {
                // the authtype we pass in doesn't actually matter
-                sDefaultTrustManager.checkServerTrusted((X509Certificate[]) certs, "RSA");
+                SSLParameters.getDefaultTrustManager()
+                        .checkServerTrusted((X509Certificate[]) certs, "RSA");
            } catch (GeneralSecurityException e) { 
                String exceptionMessage = e != null ? e.getMessage() : "none";
                if (Config.LOGD) {
--- a/core/java/android/net/http/CertificateChainValidator.java
+++ b/core/java/android/net/http/CertificateChainValidator.java
@@ -16,6 +16,8 @@

 package android.net.http;

+import org.apache.harmony.xnet.provider.jsse.SSLParameters;
+
 import java.io.IOException;

 import java.security.cert.Certificate;
@@ -46,11 +48,6 @@ class CertificateChainValidator {
    private static final CertificateChainValidator sInstance
            = new CertificateChainValidator();

-    /**
-     * Default trust manager (used to perform CA certificate validation)
-     */
-    private X509TrustManager mDefaultTrustManager;
-
    /**
     * @return The singleton instance of the certificator chain validator
     */
@@ -62,28 +59,7 @@ class CertificateChainValidator {
     * Creates a new certificate chain validator. This is a pivate constructor.
     * If you need a Certificate chain validator, call getInstance().
     */
-    private CertificateChainValidator() {
-        try {
-            TrustManagerFactory trustManagerFactory
-                = TrustManagerFactory.getInstance("X509");
-            trustManagerFactory.init((KeyStore)null);
-            TrustManager[] trustManagers =
-                trustManagerFactory.getTrustManagers();
-            if (trustManagers != null && trustManagers.length > 0) {
-                for (TrustManager trustManager : trustManagers) {
-                    if (trustManager instanceof X509TrustManager) {
-                        mDefaultTrustManager = (X509TrustManager)(trustManager);
-                        break;
-                    }
-                }
-            }
-        } catch (Exception exc) {
-            if (HttpLog.LOGV) {
-                HttpLog.v("CertificateChainValidator():" +
-                          " failed to initialize the trust manager");
-            }
-        }
-    }
+    private CertificateChainValidator() {}

    /**
     * Performs the handshake and server certificates validation
@@ -156,7 +132,7 @@ class CertificateChainValidator {
        // report back to the user.
        //
        try {
-            mDefaultTrustManager.checkServerTrusted(
+            SSLParameters.getDefaultTrustManager().checkServerTrusted(
                serverCertificates, "RSA");

            // no errors!!!
@@ -186,7 +162,7 @@ class CertificateChainValidator {
        // check if the last certificate in the chain (root) is trusted
        X509Certificate[] rootCertificateChain = { currCertificate };
        try {
-            mDefaultTrustManager.checkServerTrusted(
+            SSLParameters.getDefaultTrustManager().checkServerTrusted(
                rootCertificateChain, "RSA");
        } catch (CertificateExpiredException e) {
            String errorMessage = e.getMessage();