Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 14efdf35 authored by Thiébaud Weksteen's avatar Thiébaud Weksteen
Browse files

Implement getCertificateTransparencyVerificationReason for ConfigNetworkSecurityPolicy

Bug: 425786616
Test: presubmit
Flag: com.android.libcore.network_security_policy_reason_ct_enabled_api
Change-Id: Ie3feca711d5e5f90e0cbacfe0efd8d45e9864322
parent 0b4e1d2f
Loading
Loading
Loading
Loading
+18 −0
Original line number Original line Diff line number Diff line
@@ -18,6 +18,11 @@ package android.security.net.config;


import static android.security.Flags.certificateTransparencyConfiguration;
import static android.security.Flags.certificateTransparencyConfiguration;


import static libcore.net.NetworkSecurityPolicy.CERTIFICATE_TRANSPARENCY_REASON_APP_OPT_IN;
import static libcore.net.NetworkSecurityPolicy.CERTIFICATE_TRANSPARENCY_REASON_DOMAIN_OPT_IN;
import static libcore.net.NetworkSecurityPolicy.CERTIFICATE_TRANSPARENCY_REASON_SDK_TARGET_DEFAULT_ENABLED;
import static libcore.net.NetworkSecurityPolicy.CERTIFICATE_TRANSPARENCY_REASON_UNKNOWN;

import android.annotation.NonNull;
import android.annotation.NonNull;
import android.util.Pair;
import android.util.Pair;


@@ -177,6 +182,19 @@ public final class ApplicationConfig {
                : NetworkSecurityConfig.certificateTransparencyVerificationRequiredDefault();
                : NetworkSecurityConfig.certificateTransparencyVerificationRequiredDefault();
    }
    }


    int getCertificateTransparencyVerificationReason(@NonNull String hostname) {
        if (NetworkSecurityConfig.certificateTransparencyVerificationRequiredDefault()) {
            return CERTIFICATE_TRANSPARENCY_REASON_SDK_TARGET_DEFAULT_ENABLED;
        }
        if (getConfigForHostname(null).isCertificateTransparencyVerificationRequired()) {
            return CERTIFICATE_TRANSPARENCY_REASON_APP_OPT_IN;
        }
        if (getConfigForHostname(hostname).isCertificateTransparencyVerificationRequired()) {
            return CERTIFICATE_TRANSPARENCY_REASON_DOMAIN_OPT_IN;
        }
        return CERTIFICATE_TRANSPARENCY_REASON_UNKNOWN;
    }

    public void handleTrustStorageUpdate() {
    public void handleTrustStorageUpdate() {
        synchronized(mLock) {
        synchronized(mLock) {
            // If the config is uninitialized then there is no work to be done to handle an update,
            // If the config is uninitialized then there is no work to be done to handle an update,
+5 −0
Original line number Original line Diff line number Diff line
@@ -42,4 +42,9 @@ public class ConfigNetworkSecurityPolicy extends libcore.net.NetworkSecurityPoli
    public boolean isCertificateTransparencyVerificationRequired(String hostname) {
    public boolean isCertificateTransparencyVerificationRequired(String hostname) {
        return mConfig.isCertificateTransparencyVerificationRequired(hostname);
        return mConfig.isCertificateTransparencyVerificationRequired(hostname);
    }
    }

    @Override
    public int getCertificateTransparencyVerificationReason(String hostname) {
        return mConfig.getCertificateTransparencyVerificationReason(hostname);
    }
}
}