Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 01e9682c authored by Chad Brubaker's avatar Chad Brubaker
Browse files

Avoid NPE on certificates that cannot be read 

Skip certificates in a DirectoryCertificateSource that cannot be read to
due IOExceptions or CertificateExceptions, this prevents a NPE but
connections will still fail due to the certificate being unusable and no
valid trust-anchor existing.

This also logs the error since this really shouldn't happen.
Bug: 29997695

Change-Id: I9f7327efc302a259fb951f1f61f7fc4d647821fa
parent 3c75a038

core/java/android/security/net/config/DirectoryCertificateSource.java

+9 −0
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ package android.security.net.config; 
import android.os.Environment;

import android.os.UserHandle;

import android.util.ArraySet;

import android.util.Log;

import android.util.Pair;

import java.io.BufferedInputStream;

import java.io.File;
@@ -44,6 +45,7 @@ import javax.security.auth.x500.X500Principal; 
 * @hide

 */

abstract class DirectoryCertificateSource implements CertificateSource {

    private static final String LOG_TAG = "DirectoryCertificateSrc";

    private final File mDir;

    private final Object mLock = new Object();

    private final CertificateFactory mCertFactory;
@@ -149,6 +151,9 @@ abstract class DirectoryCertificateSource implements CertificateSource { 
                continue;

            }

            X509Certificate cert = readCertificate(fileName);

            if (cert == null) {

                continue;

            }

            if (!subj.equals(cert.getSubjectX500Principal())) {

                continue;

            }
@@ -173,6 +178,9 @@ abstract class DirectoryCertificateSource implements CertificateSource { 
                continue;

            }

            X509Certificate cert = readCertificate(fileName);

            if (cert == null) {

                continue;

            }

            if (!subj.equals(cert.getSubjectX500Principal())) {

                continue;

            }
@@ -194,6 +202,7 @@ abstract class DirectoryCertificateSource implements CertificateSource { 
            is = new BufferedInputStream(new FileInputStream(new File(mDir, file)));

            return (X509Certificate) mCertFactory.generateCertificate(is);

        } catch (CertificateException | IOException e) {

            Log.e(LOG_TAG, "Failed to read certificate from " + file, e);

            return null;

        } finally {

            IoUtils.closeQuietly(is);