Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 19254043 authored by Adam Vartanian's avatar Adam Vartanian
Browse files

Use public APIs instead of Conscrypt ones 

Use the equivalent public APIs on SSLContext instead of reaching into
OpenSSLContextImpl, except for the one place where a
Conscrypt-specific API is needed.

Bug: 123738844
Bug: 119752589
Test: cts -m CtsLibcoreTestCases
Test: atest android.net.SSLCertificateSocketFactoryTest
Change-Id: I61aebac4ad713b8ce53a47e72def0c537b4ab1c9
parent c5ea003b

core/java/android/net/SSLCertificateSocketFactory.java

+10 −7
Original line number Diff line number Diff line
@@ -23,8 +23,7 @@ import android.util.Log; 


import com.android.internal.annotations.VisibleForTesting;

import com.android.internal.os.RoSystemProperties;

import com.android.org.conscrypt.Conscrypt;

import com.android.org.conscrypt.OpenSSLContextImpl;

import com.android.org.conscrypt.ClientSessionContext;

import com.android.org.conscrypt.OpenSSLSocketImpl;

import com.android.org.conscrypt.SSLClientSessionCache;
@@ -33,6 +32,8 @@ import java.net.InetAddress; 
import java.net.Socket;

import java.net.SocketException;

import java.security.KeyManagementException;

import java.security.NoSuchAlgorithmException;

import java.security.NoSuchProviderException;

import java.security.PrivateKey;

import java.security.cert.X509Certificate;
@@ -40,6 +41,7 @@ import javax.net.SocketFactory; 
import javax.net.ssl.HostnameVerifier;

import javax.net.ssl.HttpsURLConnection;

import javax.net.ssl.KeyManager;

import javax.net.ssl.SSLContext;

import javax.net.ssl.SSLException;

import javax.net.ssl.SSLPeerUnverifiedException;

import javax.net.ssl.SSLSession;
@@ -251,11 +253,12 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { 
    private SSLSocketFactory makeSocketFactory(

            KeyManager[] keyManagers, TrustManager[] trustManagers) {

        try {

            OpenSSLContextImpl sslContext =  (OpenSSLContextImpl) Conscrypt.newPreferredSSLContextSpi();

            sslContext.engineInit(keyManagers, trustManagers, null);

            sslContext.engineGetClientSessionContext().setPersistentCache(mSessionCache);

            return sslContext.engineGetSocketFactory();

        } catch (KeyManagementException e) {

            SSLContext sslContext = SSLContext.getInstance("TLS", "AndroidOpenSSL");

            sslContext.init(keyManagers, trustManagers, null);

            ((ClientSessionContext) sslContext.getClientSessionContext())

                .setPersistentCache(mSessionCache);

            return sslContext.getSocketFactory();

        } catch (KeyManagementException | NoSuchAlgorithmException | NoSuchProviderException e) {

            Log.wtf(TAG, e);

            return (SSLSocketFactory) SSLSocketFactory.getDefault();  // Fallback

        }