Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 14efdf35 authored by Thiébaud Weksteen's avatar Thiébaud Weksteen
Browse files

Implement getCertificateTransparencyVerificationReason for ConfigNetworkSecurityPolicy 

Bug: 425786616
Test: presubmit
Flag: com.android.libcore.network_security_policy_reason_ct_enabled_api
Change-Id: Ie3feca711d5e5f90e0cbacfe0efd8d45e9864322
parent 0b4e1d2f

packages/NetworkSecurityConfig/platform/src/android/security/net/config/ApplicationConfig.java

+18 −0
Original line number Original line Diff line number Diff line
@@ -18,6 +18,11 @@ package android.security.net.config; 




import static android.security.Flags.certificateTransparencyConfiguration;

import static android.security.Flags.certificateTransparencyConfiguration;





import static libcore.net.NetworkSecurityPolicy.CERTIFICATE_TRANSPARENCY_REASON_APP_OPT_IN;

import static libcore.net.NetworkSecurityPolicy.CERTIFICATE_TRANSPARENCY_REASON_DOMAIN_OPT_IN;

import static libcore.net.NetworkSecurityPolicy.CERTIFICATE_TRANSPARENCY_REASON_SDK_TARGET_DEFAULT_ENABLED;

import static libcore.net.NetworkSecurityPolicy.CERTIFICATE_TRANSPARENCY_REASON_UNKNOWN;



import android.annotation.NonNull;

import android.annotation.NonNull;

import android.util.Pair;

import android.util.Pair;
@@ -177,6 +182,19 @@ public final class ApplicationConfig { 
                : NetworkSecurityConfig.certificateTransparencyVerificationRequiredDefault();

                : NetworkSecurityConfig.certificateTransparencyVerificationRequiredDefault();

    }

    }





    int getCertificateTransparencyVerificationReason(@NonNull String hostname) {

        if (NetworkSecurityConfig.certificateTransparencyVerificationRequiredDefault()) {

            return CERTIFICATE_TRANSPARENCY_REASON_SDK_TARGET_DEFAULT_ENABLED;

        }

        if (getConfigForHostname(null).isCertificateTransparencyVerificationRequired()) {

            return CERTIFICATE_TRANSPARENCY_REASON_APP_OPT_IN;

        }

        if (getConfigForHostname(hostname).isCertificateTransparencyVerificationRequired()) {

            return CERTIFICATE_TRANSPARENCY_REASON_DOMAIN_OPT_IN;

        }

        return CERTIFICATE_TRANSPARENCY_REASON_UNKNOWN;

    }



    public void handleTrustStorageUpdate() {

    public void handleTrustStorageUpdate() {

        synchronized(mLock) {

        synchronized(mLock) {

            // If the config is uninitialized then there is no work to be done to handle an update,

            // If the config is uninitialized then there is no work to be done to handle an update,

packages/NetworkSecurityConfig/platform/src/android/security/net/config/ConfigNetworkSecurityPolicy.java

+5 −0
Original line number Original line Diff line number Diff line
@@ -42,4 +42,9 @@ public class ConfigNetworkSecurityPolicy extends libcore.net.NetworkSecurityPoli 
    public boolean isCertificateTransparencyVerificationRequired(String hostname) {

    public boolean isCertificateTransparencyVerificationRequired(String hostname) {

        return mConfig.isCertificateTransparencyVerificationRequired(hostname);

        return mConfig.isCertificateTransparencyVerificationRequired(hostname);

    }

    }



    @Override

    public int getCertificateTransparencyVerificationReason(String hostname) {

        return mConfig.getCertificateTransparencyVerificationReason(hostname);

    }

}
 
}