Chad Brubaker
05dd853526
Merge "Support TrustedCertificateStore.findAllIssuers"
2016-01-26 23:49:00 +00:00
Chad Brubaker
d321954f72
Merge "Add getApplicationConfigForPackage" am: 7519dce8c2
...
am: 8500093a35
2016-01-25 18:18:39 +00:00
Chad Brubaker
056e8b5a5a
Add getApplicationConfigForPackage
...
This allows services which make network connections on behalf of
applications to honor the application's network security policy.
Change-Id: I562b7bd0eb20f2f8c9f8342c211166d4e3397780
2016-01-22 22:04:20 -08:00
Chad Brubaker
aa6c3c3e25
Support TrustedCertificateStore.findAllIssuers
...
Change-Id: I176ec42c9907e50ee218e4fb352b530ca797be46
2016-01-13 15:19:45 -08:00
Chad Brubaker
25e34339ba
Unhide hostname aware isCleartextTrafficPermitted
...
Change-Id: Id2bde5889d963ca2820fdecce1628dce022b510b
2016-01-05 11:36:43 -08:00
Chad Brubaker
d8844613a3
Merge "Add ConfigNetworkSecurityPolicy" am: 2786002bd5
...
am: a35d617cce
2016-01-04 20:54:00 +00:00
Chad Brubaker
2786002bd5
Merge "Add ConfigNetworkSecurityPolicy"
2016-01-04 20:26:56 +00:00
Chad Brubaker
2eae60271a
Don't use IntegralToString
...
Fix master build
(cherry picked from commit 7845e44c0c
2015-12-22 13:41:08 +00:00
Chad Brubaker
3d27be827b
Merge "Add hostname aware isCleartextTrafficPermitted" am: a2f2c5c340
...
am: c642e052f0
2015-12-21 19:05:01 +00:00
Chad Brubaker
a2f2c5c340
Merge "Add hostname aware isCleartextTrafficPermitted"
2015-12-21 18:52:48 +00:00
Chad Brubaker
c136cb0abd
Add ConfigNetworkSecurityPolicy
...
ConfigNetworkSecurityPolicy is a NetworkSecurityPolicy based on an
ApplicationConfig.
Change-Id: I623854090f9eaa1c2bd3561dce6ce8268850c819
2015-12-14 15:20:19 -08:00
Chad Brubaker
827c3498eb
Merge "Use the application\'s usesCleartextTraffic flag" am: d16f5f121e
...
am: a1c0bea895
2015-12-14 12:05:20 -08:00
Chad Brubaker
4b4a252931
Merge "Check for null hostnames in RootTrustManager" am: 49ce7dc2ba
...
am: 15ea45c848
2015-12-14 12:03:22 -08:00
Chad Brubaker
d16f5f121e
Merge "Use the application's usesCleartextTraffic flag"
2015-12-14 19:31:08 +00:00
Chad Brubaker
49ce7dc2ba
Merge "Check for null hostnames in RootTrustManager"
2015-12-14 19:30:44 +00:00
Chad Brubaker
8d28e4f07f
Use the application's usesCleartextTraffic flag
...
When no config is specified use the application's usesCleartextTraffic
flag when building the default config.
Change-Id: I07378f88da47b49f63e9089fca7f1e99efede272
2015-12-11 12:35:11 -08:00
Chad Brubaker
2907274f1d
Merge "Add null check to getConfigForHostname" am: fe1eac7a19
...
am: 14cf68c284#25467052 : System lagged out
2015-12-11 10:26:09 -08:00
Chad Brubaker
fe1eac7a19
Merge "Add null check to getConfigForHostname"
2015-12-11 18:02:34 +00:00
Chad Brubaker
dd586a46c9
Check for null hostnames in RootTrustManager
...
Even if the hostname aware method is called if the hostname is null then
the destination is unknown and the configuration can be ambiguous.
Change-Id: I7cacbd57a42604933fdc882371f143dc0a20902d
2015-12-10 18:32:40 -08:00
Chad Brubaker
9613157d5e
Add null check to getConfigForHostname
...
bug: 26144676
Change-Id: I18f50940846f1ce8109560c63ce2a87ce084d9e5
2015-12-10 18:12:59 -08:00
Chad Brubaker
2091ab9456
Add hostname aware isCleartextTrafficPermitted
...
Change-Id: I22b9ea277407846f9c333ce0cc37c25a2be1381e
2015-12-10 10:30:33 -08:00
Chad Brubaker
1edf850235
Merge "Use a custom TrustedCertificateStore" am: 95f15495a2
...
am: 5a12cf5cb7
2015-12-09 23:15:42 +00:00
Chad Brubaker
8d92314e5f
Merge "Expose findByIssuerAndSignature" am: b27d820920
...
am: f1870eee34
2015-12-09 23:13:41 +00:00
Chad Brubaker
95f15495a2
Merge "Use a custom TrustedCertificateStore"
2015-12-09 20:53:01 +00:00
Chad Brubaker
b27d820920
Merge "Expose findByIssuerAndSignature"
2015-12-09 20:52:50 +00:00
Chad Brubaker
718e16ad57
Merge "Refactor NetworkSecurityPolicy to be pluggable" am: 224318aa13
...
am: cea1cf0185
2015-12-09 19:02:43 +00:00
Chad Brubaker
6568cf185d
Refactor NetworkSecurityPolicy to be pluggable
...
This allows us to keep the logic for the NetworkSecurityPolicy in the
framework instead of in libcore.
Change-Id: I4bf494f79c27729cb17d93d90a91319492270ce9
2015-12-08 13:38:43 -08:00
Chad Brubaker
7845e44c0c
Don't use IntegralToString
...
Fix master build
Change-Id: I084ada7ccf54ab1708306ad2a412d8a09f78dec4
2015-12-01 13:03:41 -08:00
Chad Brubaker
725fefb38a
Use a custom TrustedCertificateStore
...
Providing a TrustedCertificateStore to TrustManagerImpl avoids loading
all of the trusted certificates into memory and indexing them. This
is mainly for the system certificate store where loading all of the
store into memory is wasteful for most applications.
Change-Id: I9e6057f6a13d38ea7762fcac2f62bd3ff475af39
2015-12-01 12:44:57 -08:00
Chad Brubaker
943baa1f09
Merge "Expose findTrustAnchorBySubjectAndPublicKey" am: 6fea66116c am: 3c096b3a88
...
am: bb670fc3ea
2015-12-01 20:36:22 +00:00
Chad Brubaker
bd94b53f63
Merge "Make NetworkSecurityConfigProvider.install lazy" am: 73c06b1dbe am: a2388beca1
...
am: e83b773bf5
2015-12-01 20:35:02 +00:00
Chad Brubaker
fa9beebb83
Expose findByIssuerAndSignature
...
This will be used to create a custom conscrypt TrustedCertificateStore
to avoid loading all of the trusted certificates into memory in a
keystore.
Change-Id: Iaf54b691393ecadae6c7ff56b8adc6a2a2923d29
2015-12-01 12:19:39 -08:00
Chad Brubaker
6fea66116c
Merge "Expose findTrustAnchorBySubjectAndPublicKey"
2015-12-01 20:13:40 +00:00
Chad Brubaker
73c06b1dbe
Merge "Make NetworkSecurityConfigProvider.install lazy"
2015-12-01 20:13:23 +00:00
Chad Brubaker
d3af962081
Expose findTrustAnchorBySubjectAndPublicKey
...
This allows for faster lookups of TrustAnchors when checking pin
overrides without needing to iterate over all certificates.
Currently only the system and user trusted certificate store are
optimized to avoid reading the entire source before doing the trust
anchor lookup, improvements to the resource source will come in a later
commit.
This also refactors System/UserCertificateSource to avoid code
duplication.
Change-Id: Ice00c5e047140f3d102306937556b761faaf0d0e
2015-11-30 17:20:00 -08:00
Chad Brubaker
291a136a96
Merge "Remove isCertificateEntry check" am: 7d72975c5b am: 59919babe0
...
am: 19c7afab62
2015-11-30 00:00:44 +00:00
Chad Brubaker
7d72975c5b
Merge "Remove isCertificateEntry check"
2015-11-29 23:45:47 +00:00
Chad Brubaker
9a0130865e
Remove isCertificateEntry check
...
This was returning false on some test keystores even when
getCertificate would correct return a certificate. Remove the check to
be consistent with how conscrypt loads trust anchors from the keystore.
Bug: 25897324
Change-Id: Ie87658a261ee7ba1cca6896e34b6c53b8abfba85
2015-11-26 14:00:50 -08:00
Chad Brubaker
2075a3ebc0
Make NetworkSecurityConfigProvider.install lazy
...
This defers looking up the meta-data from the install call to when the
rest of the config is lazily initialized.
Change-Id: I008a86f885e158ebe06a2bacdc358cd217635d05
2015-11-25 13:15:59 -08:00
Chad Brubaker
4148b1af0c
Merge "Implement checkClientTrusted" am: 8e19803a6a am: a4a6cf9b51
...
am: 52ae900a29
2015-11-25 20:55:01 +00:00
Chad Brubaker
bdd13f02bc
Implement checkClientTrusted
...
Bug: 25885029
Change-Id: I07ef11a556f1a1a65456ae5e3904c56902c6e82a
2015-11-25 12:22:06 -08:00
Chad Brubaker
aaffed261c
Merge "Add NetworkSecurityConfigProvider.install" am: 08181cf647 am: 97f92ce41e
...
am: 1627a091f4
2015-11-17 23:36:13 +00:00
Chad Brubaker
93f027c32f
Merge "Dedupe trust anchors" am: 690b5f6c0a am: e2caaea951
...
am: d2347a89fb
2015-11-17 23:25:52 +00:00
Chad Brubaker
fd0d31a3f4
Add NetworkSecurityConfigProvider.install
...
This method is not currently called.
Change-Id: I73fd166b03009526868e0d9b5b209a9adaa4232f
2015-11-16 12:49:36 -08:00
Chad Brubaker
b0efdda86c
Merge "Support X509TrustManagerExtensions methods" am: b324fb18d9 am: 8f45b48757
...
am: 35e8a31bfa
2015-11-12 23:10:58 +00:00
Chad Brubaker
2bd2eb33c0
Dedupe trust anchors
...
When getting trust anchors we need to dedup them based on the
certificate to avoid having multiple trust anchors with the same cert
but different pin override behavior. If there are multiple trust anchors
with the same cert, the trust anchor which overrides pins wins.
Change-Id: Ida31f2551f56997418b8b091bb2598c5593cb069
2015-11-12 13:13:45 -08:00
Chad Brubaker
93962c2f01
Support X509TrustManagerExtensions methods
...
Change-Id: I14a405e90f139b8d73eb9f88597fac804a7c18f3
2015-11-11 14:35:46 -08:00
Chad Brubaker
669692234b
Merge "Add NetworkSecurityConfigProvider" am: d1c469e876 am: 8c89f4d28c
...
am: 70b2eede18
2015-11-11 20:46:48 +00:00
Chad Brubaker
7d78ffcd7f
Merge "Add support for debug-overrides configuration" am: f1e813ea33 am: 467804448d
...
am: 3210b8b4da
2015-11-11 19:38:13 +00:00
Chad Brubaker
5a1078f40d
Add NetworkSecurityConfigProvider
...
Change-Id: I321e3ca94cc2a8d5e0e5d82a83b255ff5b8a71d2
2015-11-11 10:54:54 -08:00
