Loading core/java/android/security/net/config/XmlConfigSource.java +2 −2 Original line number Diff line number Diff line Loading @@ -111,7 +111,7 @@ public class XmlConfigSource implements ConfigSource { if (parser.next() != XmlPullParser.TEXT) { throw new ParserException(parser, "Missing pin digest"); } String digest = parser.getText(); String digest = parser.getText().trim(); byte[] decodedDigest = null; try { decodedDigest = Base64.decode(digest, 0); Loading Loading @@ -168,7 +168,7 @@ public class XmlConfigSource implements ConfigSource { if (parser.next() != XmlPullParser.TEXT) { throw new ParserException(parser, "Domain name missing"); } String domain = parser.getText().toLowerCase(Locale.US); String domain = parser.getText().trim().toLowerCase(Locale.US); if (parser.next() != XmlPullParser.END_TAG) { throw new ParserException(parser, "domain contains additional elements"); } Loading tests/NetworkSecurityConfigTest/res/xml/domain_whitespace.xml 0 → 100644 +11 −0 Original line number Diff line number Diff line <?xml version="1.0" encoding="utf-8"?> <network-security-config> <domain-config> <domain>android.com </domain> <domain> developer.android.com </domain> <pin-set> <pin digest="SHA-256"> 7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y= </pin> </pin-set> </domain-config> </network-security-config> tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java +12 −0 Original line number Diff line number Diff line Loading @@ -464,4 +464,16 @@ public class XmlConfigTests extends AndroidTestCase { } catch (RuntimeException expected) { } } public void testDomainWhitespaceTrimming() throws Exception { XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.domain_whitespace, false); ApplicationConfig appConfig = new ApplicationConfig(source); NetworkSecurityConfig defaultConfig = appConfig.getConfigForHostname(""); MoreAsserts.assertNotEqual(defaultConfig, appConfig.getConfigForHostname("developer.android.com")); MoreAsserts.assertNotEqual(defaultConfig, appConfig.getConfigForHostname("android.com")); SSLContext context = TestUtils.getSSLContext(source); TestUtils.assertConnectionSucceeds(context, "android.com", 443); TestUtils.assertConnectionSucceeds(context, "developer.android.com", 443); } } Loading
core/java/android/security/net/config/XmlConfigSource.java +2 −2 Original line number Diff line number Diff line Loading @@ -111,7 +111,7 @@ public class XmlConfigSource implements ConfigSource { if (parser.next() != XmlPullParser.TEXT) { throw new ParserException(parser, "Missing pin digest"); } String digest = parser.getText(); String digest = parser.getText().trim(); byte[] decodedDigest = null; try { decodedDigest = Base64.decode(digest, 0); Loading Loading @@ -168,7 +168,7 @@ public class XmlConfigSource implements ConfigSource { if (parser.next() != XmlPullParser.TEXT) { throw new ParserException(parser, "Domain name missing"); } String domain = parser.getText().toLowerCase(Locale.US); String domain = parser.getText().trim().toLowerCase(Locale.US); if (parser.next() != XmlPullParser.END_TAG) { throw new ParserException(parser, "domain contains additional elements"); } Loading
tests/NetworkSecurityConfigTest/res/xml/domain_whitespace.xml 0 → 100644 +11 −0 Original line number Diff line number Diff line <?xml version="1.0" encoding="utf-8"?> <network-security-config> <domain-config> <domain>android.com </domain> <domain> developer.android.com </domain> <pin-set> <pin digest="SHA-256"> 7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y= </pin> </pin-set> </domain-config> </network-security-config>
tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java +12 −0 Original line number Diff line number Diff line Loading @@ -464,4 +464,16 @@ public class XmlConfigTests extends AndroidTestCase { } catch (RuntimeException expected) { } } public void testDomainWhitespaceTrimming() throws Exception { XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.domain_whitespace, false); ApplicationConfig appConfig = new ApplicationConfig(source); NetworkSecurityConfig defaultConfig = appConfig.getConfigForHostname(""); MoreAsserts.assertNotEqual(defaultConfig, appConfig.getConfigForHostname("developer.android.com")); MoreAsserts.assertNotEqual(defaultConfig, appConfig.getConfigForHostname("android.com")); SSLContext context = TestUtils.getSSLContext(source); TestUtils.assertConnectionSucceeds(context, "android.com", 443); TestUtils.assertConnectionSucceeds(context, "developer.android.com", 443); } }
