Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1edf8502 authored by Chad Brubaker's avatar Chad Brubaker Committed by android-build-merger
Browse files

Merge "Use a custom TrustedCertificateStore" am: 95f15495 

am: 5a12cf5c

* commit '5a12cf5c':
  Use a custom TrustedCertificateStore
parents 8d92314e 5a12cf5c

core/java/android/security/net/config/NetworkSecurityTrustManager.java

+4 −8
Original line number Diff line number Diff line
@@ -46,17 +46,13 @@ public class NetworkSecurityTrustManager implements X509TrustManager { 
            throw new NullPointerException("config must not be null");

        }

        mNetworkSecurityConfig = config;

        // TODO: Create our own better KeyStoreImpl

        try {

            TrustedCertificateStoreAdapter certStore = new TrustedCertificateStoreAdapter(config);

            // Provide an empty KeyStore since TrustManagerImpl doesn't support null KeyStores.

            // TrustManagerImpl will use certStore to lookup certificates.

            KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType());

            store.load(null);

            int certNum = 0;

            for (TrustAnchor anchor : mNetworkSecurityConfig.getTrustAnchors()) {

                store.setEntry(String.valueOf(certNum++),

                        new KeyStore.TrustedCertificateEntry(anchor.certificate),

                        null);

            }

            mDelegate = new TrustManagerImpl(store);

            mDelegate = new TrustManagerImpl(store, null, certStore);

        } catch (GeneralSecurityException | IOException e) {

            throw new RuntimeException(e);

        }

core/java/android/security/net/config/TrustedCertificateStoreAdapter.java

0 → 100644
+116 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2015 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package android.security.net.config;



import java.io.File;

import java.security.cert.Certificate;

import java.security.cert.X509Certificate;

import java.util.Date;

import java.util.Set;



import com.android.org.conscrypt.TrustedCertificateStore;



/** @hide */

public class TrustedCertificateStoreAdapter extends TrustedCertificateStore {

    private final NetworkSecurityConfig mConfig;



    public TrustedCertificateStoreAdapter(NetworkSecurityConfig config) {

        mConfig = config;

    }



    @Override

    public X509Certificate findIssuer(X509Certificate cert) {

        TrustAnchor anchor = mConfig.findTrustAnchorByIssuerAndSignature(cert);

        if (anchor == null) {

            return null;

        }

        return anchor.certificate;

    }



    @Override

    public X509Certificate getTrustAnchor(X509Certificate cert) {

        TrustAnchor anchor = mConfig.findTrustAnchorBySubjectAndPublicKey(cert);

        if (anchor == null) {

            return null;

        }

        return anchor.certificate;

    }



    @Override

    public boolean isUserAddedCertificate(X509Certificate cert) {

        // isUserAddedCertificate is used only for pinning overrides, so use overridesPins here.

        TrustAnchor anchor = mConfig.findTrustAnchorBySubjectAndPublicKey(cert);

        if (anchor == null) {

            return false;

        }

        return anchor.overridesPins;

    }



    @Override

    public File getCertificateFile(File dir, X509Certificate x) {

        // getCertificateFile is only used for tests, do not support it here.

        throw new UnsupportedOperationException();

    }



    // The methods below are exposed in TrustedCertificateStore but not used by conscrypt, do not

    // support them.



    @Override

    public Certificate getCertificate(String alias) {

        throw new UnsupportedOperationException();

    }



    @Override

    public Certificate getCertificate(String alias, boolean includeDeletedSystem) {

        throw new UnsupportedOperationException();

    }



    @Override

    public Date getCreationDate(String alias) {

        throw new UnsupportedOperationException();

    }



    @Override

    public Set<String> aliases() {

        throw new UnsupportedOperationException();

    }



    @Override

    public Set<String> userAliases() {

        throw new UnsupportedOperationException();

    }



    @Override

    public Set<String> allSystemAliases() {

        throw new UnsupportedOperationException();

    }



    @Override

    public boolean containsAlias(String alias) {

        throw new UnsupportedOperationException();

    }



    @Override

    public String getCertificateAlias(Certificate c) {

        throw new UnsupportedOperationException();

    }



    @Override

    public String getCertificateAlias(Certificate c, boolean includeDeletedSystem) {

        throw new UnsupportedOperationException();

    }

}