Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Expose findByIssuerAndSignature

Browse Source 
This will be used to create a custom conscrypt TrustedCertificateStore
to avoid loading all of the trusted certificates into memory in a
keystore.

Change-Id: Iaf54b691393ecadae6c7ff56b8adc6a2a2923d29
This commit is contained in:
Chad Brubaker
2015-11-25 13:12:55 -08:00
parent 6fea66116c
commit fa9beebb83
7 changed files with 64 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
core/java/android/security/net/config/CertificateSource.java
View File

@@ -23,4 +23,5 @@ import java.security.cert.X509Certificate;
public interface CertificateSource {
Set<X509Certificate> getCertificates();
X509Certificate findBySubjectAndPublicKey(X509Certificate cert);
X509Certificate findByIssuerAndSignature(X509Certificate cert);
}

9
core/java/android/security/net/config/CertificatesEntryRef.java
View File

@@ -51,4 +51,13 @@ public final class CertificatesEntryRef {
return new TrustAnchor(foundCert, mOverridesPins);
}
public TrustAnchor findByIssuerAndSignature(X509Certificate cert) {
X509Certificate foundCert = mSource.findByIssuerAndSignature(cert);
if (foundCert == null) {
return null;
}
return new TrustAnchor(foundCert, mOverridesPins);
}
}

15
core/java/android/security/net/config/DirectoryCertificateSource.java
View File

@@ -94,6 +94,21 @@ abstract class DirectoryCertificateSource implements CertificateSource {
});
}
@Override
public X509Certificate findByIssuerAndSignature(final X509Certificate cert) {
return findCert(cert.getIssuerX500Principal(), new CertSelector() {
@Override
public boolean match(X509Certificate ca) {
try {
cert.verify(ca.getPublicKey());
return true;
} catch (Exception e) {
return false;
}
}
});
}
private static interface CertSelector {
boolean match(X509Certificate cert);
}

10
core/java/android/security/net/config/KeyStoreCertificateSource.java
View File

@@ -80,4 +80,14 @@ class KeyStoreCertificateSource implements CertificateSource {
}
return anchor.getTrustedCert();
}
@Override
public X509Certificate findByIssuerAndSignature(X509Certificate cert) {
ensureInitialized();
java.security.cert.TrustAnchor anchor = mIndex.findByIssuerAndSignature(cert);
if (anchor == null) {
return null;
}
return anchor.getTrustedCert();
}
}

11
core/java/android/security/net/config/NetworkSecurityConfig.java
View File

@@ -134,6 +134,17 @@ public final class NetworkSecurityConfig {
return null;
}
/** @hide */
public TrustAnchor findTrustAnchorByIssuerAndSignature(X509Certificate cert) {
for (CertificatesEntryRef ref : mCertificatesEntryRefs) {
TrustAnchor anchor = ref.findByIssuerAndSignature(cert);
if (anchor != null) {
return anchor;
}
}
return null;
}
/**
* Return a {@link Builder} for the default {@code NetworkSecurityConfig}.
*

10
core/java/android/security/net/config/ResourceCertificateSource.java
View File

@@ -90,4 +90,14 @@ public class ResourceCertificateSource implements CertificateSource {
}
return anchor.getTrustedCert();
}
@Override
public X509Certificate findByIssuerAndSignature(X509Certificate cert) {
ensureInitialized();
java.security.cert.TrustAnchor anchor = mIndex.findByIssuerAndSignature(cert);
if (anchor == null) {
return null;
}
return anchor.getTrustedCert();
}
}

8
tests/NetworkSecurityConfigTest/src/android/security/net/config/TestCertificateSource.java
View File

@@ -44,4 +44,12 @@ public class TestCertificateSource implements CertificateSource {
}
return anchor.getTrustedCert();
}
public X509Certificate findByIssuerAndSignature(X509Certificate cert) {
java.security.cert.TrustAnchor anchor = mIndex.findByIssuerAndSignature(cert);
if (anchor == null) {
return null;
}
return anchor.getTrustedCert();
}
}