Loading core/java/android/net/http/CertificateChainValidator.java +18 −10 Original line number Diff line number Diff line Loading @@ -16,6 +16,9 @@ package android.net.http; import com.android.org.conscrypt.SSLParametersImpl; import com.android.org.conscrypt.TrustManagerImpl; import android.util.Slog; import java.io.ByteArrayInputStream; Loading @@ -37,7 +40,7 @@ import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509ExtendedTrustManager; import javax.net.ssl.X509TrustManager; /** * Class responsible for all server certificate validation functionality Loading @@ -60,7 +63,7 @@ public class CertificateChainValidator { .getDefaultHostnameVerifier(); } private X509ExtendedTrustManager mTrustManager; private X509TrustManager mTrustManager; /** * @return The singleton instance of the certificates chain validator Loading @@ -78,8 +81,8 @@ public class CertificateChainValidator { TrustManagerFactory tmf = TrustManagerFactory.getInstance("X.509"); tmf.init((KeyStore) null); for (TrustManager tm : tmf.getTrustManagers()) { if (tm instanceof X509ExtendedTrustManager) { mTrustManager = (X509ExtendedTrustManager) tm; if (tm instanceof X509TrustManager) { mTrustManager = (X509TrustManager) tm; } } } catch (NoSuchAlgorithmException e) { Loading @@ -90,7 +93,7 @@ public class CertificateChainValidator { if (mTrustManager == null) { throw new RuntimeException( "None of the X.509 TrustManagers are X509ExtendedTrustManager"); "None of the X.509 TrustManagers are X509TrustManager"); } } Loading Loading @@ -225,8 +228,13 @@ public class CertificateChainValidator { } try { getInstance().getTrustManager().checkServerTrusted(chain, authType, new DelegatingSocketWrapper(domain)); X509TrustManager x509TrustManager = SSLParametersImpl.getDefaultX509TrustManager(); if (x509TrustManager instanceof TrustManagerImpl) { TrustManagerImpl trustManager = (TrustManagerImpl) x509TrustManager; trustManager.checkServerTrusted(chain, authType, domain); } else { x509TrustManager.checkServerTrusted(chain, authType); } return null; // No errors. } catch (GeneralSecurityException e) { if (HttpLog.LOGV) { Loading @@ -238,9 +246,9 @@ public class CertificateChainValidator { } /** * Returns the platform default {@link X509ExtendedTrustManager}. * Returns the platform default {@link X509TrustManager}. */ private X509ExtendedTrustManager getTrustManager() { private X509TrustManager getTrustManager() { return mTrustManager; } Loading core/java/android/net/http/DelegatingSSLSession.java +4 −18 Original line number Diff line number Diff line Loading @@ -24,12 +24,11 @@ import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSessionContext; import javax.net.ssl.SSLSocket; import javax.net.ssl.X509ExtendedTrustManager; import javax.net.ssl.X509TrustManager; /** * This is used when only a {@code hostname} is available but usage of the new API * {@link X509ExtendedTrustManager#checkServerTrusted(X509Certificate[], String, Socket)} * requires a {@link SSLSocket}. * This is only used when a {@code certificate} is available but usage * requires a {@link SSLSession}. * * @hide */ Loading @@ -37,19 +36,6 @@ public class DelegatingSSLSession implements SSLSession { protected DelegatingSSLSession() { } public static class HostnameWrap extends DelegatingSSLSession { private final String mHostname; public HostnameWrap(String hostname) { mHostname = hostname; } @Override public String getPeerHost() { return mHostname; } } public static class CertificateWrap extends DelegatingSSLSession { private final Certificate mCertificate; Loading core/java/android/net/http/DelegatingSocketWrapper.javadeleted 100644 → 0 +0 −127 Original line number Diff line number Diff line /* * Copyright 2014 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.net.http; import java.io.IOException; import javax.net.ssl.HandshakeCompletedListener; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; import javax.net.ssl.X509ExtendedTrustManager; /** * This is used when only a {@code hostname} is available for * {@link X509ExtendedTrustManager#checkServerTrusted(java.security.cert.X509Certificate[], String, Socket)} * but we want to use the new API that requires a {@link SSLSocket}. */ class DelegatingSocketWrapper extends SSLSocket { private String hostname; public DelegatingSocketWrapper(String hostname) { this.hostname = hostname; } @Override public String[] getSupportedCipherSuites() { throw new UnsupportedOperationException(); } @Override public String[] getEnabledCipherSuites() { throw new UnsupportedOperationException(); } @Override public void setEnabledCipherSuites(String[] suites) { throw new UnsupportedOperationException(); } @Override public String[] getSupportedProtocols() { throw new UnsupportedOperationException(); } @Override public String[] getEnabledProtocols() { throw new UnsupportedOperationException(); } @Override public void setEnabledProtocols(String[] protocols) { throw new UnsupportedOperationException(); } @Override public SSLSession getSession() { return new DelegatingSSLSession.HostnameWrap(hostname); } @Override public void addHandshakeCompletedListener(HandshakeCompletedListener listener) { throw new UnsupportedOperationException(); } @Override public void removeHandshakeCompletedListener(HandshakeCompletedListener listener) { throw new UnsupportedOperationException(); } @Override public void startHandshake() throws IOException { throw new UnsupportedOperationException(); } @Override public void setUseClientMode(boolean mode) { throw new UnsupportedOperationException(); } @Override public boolean getUseClientMode() { throw new UnsupportedOperationException(); } @Override public void setNeedClientAuth(boolean need) { throw new UnsupportedOperationException(); } @Override public void setWantClientAuth(boolean want) { throw new UnsupportedOperationException(); } @Override public boolean getNeedClientAuth() { throw new UnsupportedOperationException(); } @Override public boolean getWantClientAuth() { throw new UnsupportedOperationException(); } @Override public void setEnableSessionCreation(boolean flag) { throw new UnsupportedOperationException(); } @Override public boolean getEnableSessionCreation() { throw new UnsupportedOperationException(); } } No newline at end of file core/java/android/net/http/X509TrustManagerExtensions.java +1 −10 Original line number Diff line number Diff line Loading @@ -24,7 +24,6 @@ import java.util.List; import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLSocket; import javax.net.ssl.X509ExtendedTrustManager; import javax.net.ssl.X509TrustManager; /** Loading @@ -34,13 +33,6 @@ import javax.net.ssl.X509TrustManager; * verification of certificate chains after they have been successfully verified * by the platform. * </p> * <p> * If the returned certificate list is not needed, see also * {@code X509ExtendedTrustManager#checkServerTrusted(X509Certificate[], String, java.net.Socket)} * where an {@link SSLSocket} can be used to verify the given hostname during * handshake using * {@code SSLParameters#setEndpointIdentificationAlgorithm(String)}. * </p> */ public class X509TrustManagerExtensions { Loading Loading @@ -73,7 +65,6 @@ public class X509TrustManagerExtensions { */ public List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType, String host) throws CertificateException { return mDelegate.checkServerTrusted(chain, authType, new DelegatingSSLSession.HostnameWrap(host)); return mDelegate.checkServerTrusted(chain, authType, host); } } Loading
core/java/android/net/http/CertificateChainValidator.java +18 −10 Original line number Diff line number Diff line Loading @@ -16,6 +16,9 @@ package android.net.http; import com.android.org.conscrypt.SSLParametersImpl; import com.android.org.conscrypt.TrustManagerImpl; import android.util.Slog; import java.io.ByteArrayInputStream; Loading @@ -37,7 +40,7 @@ import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509ExtendedTrustManager; import javax.net.ssl.X509TrustManager; /** * Class responsible for all server certificate validation functionality Loading @@ -60,7 +63,7 @@ public class CertificateChainValidator { .getDefaultHostnameVerifier(); } private X509ExtendedTrustManager mTrustManager; private X509TrustManager mTrustManager; /** * @return The singleton instance of the certificates chain validator Loading @@ -78,8 +81,8 @@ public class CertificateChainValidator { TrustManagerFactory tmf = TrustManagerFactory.getInstance("X.509"); tmf.init((KeyStore) null); for (TrustManager tm : tmf.getTrustManagers()) { if (tm instanceof X509ExtendedTrustManager) { mTrustManager = (X509ExtendedTrustManager) tm; if (tm instanceof X509TrustManager) { mTrustManager = (X509TrustManager) tm; } } } catch (NoSuchAlgorithmException e) { Loading @@ -90,7 +93,7 @@ public class CertificateChainValidator { if (mTrustManager == null) { throw new RuntimeException( "None of the X.509 TrustManagers are X509ExtendedTrustManager"); "None of the X.509 TrustManagers are X509TrustManager"); } } Loading Loading @@ -225,8 +228,13 @@ public class CertificateChainValidator { } try { getInstance().getTrustManager().checkServerTrusted(chain, authType, new DelegatingSocketWrapper(domain)); X509TrustManager x509TrustManager = SSLParametersImpl.getDefaultX509TrustManager(); if (x509TrustManager instanceof TrustManagerImpl) { TrustManagerImpl trustManager = (TrustManagerImpl) x509TrustManager; trustManager.checkServerTrusted(chain, authType, domain); } else { x509TrustManager.checkServerTrusted(chain, authType); } return null; // No errors. } catch (GeneralSecurityException e) { if (HttpLog.LOGV) { Loading @@ -238,9 +246,9 @@ public class CertificateChainValidator { } /** * Returns the platform default {@link X509ExtendedTrustManager}. * Returns the platform default {@link X509TrustManager}. */ private X509ExtendedTrustManager getTrustManager() { private X509TrustManager getTrustManager() { return mTrustManager; } Loading
core/java/android/net/http/DelegatingSSLSession.java +4 −18 Original line number Diff line number Diff line Loading @@ -24,12 +24,11 @@ import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSessionContext; import javax.net.ssl.SSLSocket; import javax.net.ssl.X509ExtendedTrustManager; import javax.net.ssl.X509TrustManager; /** * This is used when only a {@code hostname} is available but usage of the new API * {@link X509ExtendedTrustManager#checkServerTrusted(X509Certificate[], String, Socket)} * requires a {@link SSLSocket}. * This is only used when a {@code certificate} is available but usage * requires a {@link SSLSession}. * * @hide */ Loading @@ -37,19 +36,6 @@ public class DelegatingSSLSession implements SSLSession { protected DelegatingSSLSession() { } public static class HostnameWrap extends DelegatingSSLSession { private final String mHostname; public HostnameWrap(String hostname) { mHostname = hostname; } @Override public String getPeerHost() { return mHostname; } } public static class CertificateWrap extends DelegatingSSLSession { private final Certificate mCertificate; Loading
core/java/android/net/http/DelegatingSocketWrapper.javadeleted 100644 → 0 +0 −127 Original line number Diff line number Diff line /* * Copyright 2014 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.net.http; import java.io.IOException; import javax.net.ssl.HandshakeCompletedListener; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; import javax.net.ssl.X509ExtendedTrustManager; /** * This is used when only a {@code hostname} is available for * {@link X509ExtendedTrustManager#checkServerTrusted(java.security.cert.X509Certificate[], String, Socket)} * but we want to use the new API that requires a {@link SSLSocket}. */ class DelegatingSocketWrapper extends SSLSocket { private String hostname; public DelegatingSocketWrapper(String hostname) { this.hostname = hostname; } @Override public String[] getSupportedCipherSuites() { throw new UnsupportedOperationException(); } @Override public String[] getEnabledCipherSuites() { throw new UnsupportedOperationException(); } @Override public void setEnabledCipherSuites(String[] suites) { throw new UnsupportedOperationException(); } @Override public String[] getSupportedProtocols() { throw new UnsupportedOperationException(); } @Override public String[] getEnabledProtocols() { throw new UnsupportedOperationException(); } @Override public void setEnabledProtocols(String[] protocols) { throw new UnsupportedOperationException(); } @Override public SSLSession getSession() { return new DelegatingSSLSession.HostnameWrap(hostname); } @Override public void addHandshakeCompletedListener(HandshakeCompletedListener listener) { throw new UnsupportedOperationException(); } @Override public void removeHandshakeCompletedListener(HandshakeCompletedListener listener) { throw new UnsupportedOperationException(); } @Override public void startHandshake() throws IOException { throw new UnsupportedOperationException(); } @Override public void setUseClientMode(boolean mode) { throw new UnsupportedOperationException(); } @Override public boolean getUseClientMode() { throw new UnsupportedOperationException(); } @Override public void setNeedClientAuth(boolean need) { throw new UnsupportedOperationException(); } @Override public void setWantClientAuth(boolean want) { throw new UnsupportedOperationException(); } @Override public boolean getNeedClientAuth() { throw new UnsupportedOperationException(); } @Override public boolean getWantClientAuth() { throw new UnsupportedOperationException(); } @Override public void setEnableSessionCreation(boolean flag) { throw new UnsupportedOperationException(); } @Override public boolean getEnableSessionCreation() { throw new UnsupportedOperationException(); } } No newline at end of file
core/java/android/net/http/X509TrustManagerExtensions.java +1 −10 Original line number Diff line number Diff line Loading @@ -24,7 +24,6 @@ import java.util.List; import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLSocket; import javax.net.ssl.X509ExtendedTrustManager; import javax.net.ssl.X509TrustManager; /** Loading @@ -34,13 +33,6 @@ import javax.net.ssl.X509TrustManager; * verification of certificate chains after they have been successfully verified * by the platform. * </p> * <p> * If the returned certificate list is not needed, see also * {@code X509ExtendedTrustManager#checkServerTrusted(X509Certificate[], String, java.net.Socket)} * where an {@link SSLSocket} can be used to verify the given hostname during * handshake using * {@code SSLParameters#setEndpointIdentificationAlgorithm(String)}. * </p> */ public class X509TrustManagerExtensions { Loading Loading @@ -73,7 +65,6 @@ public class X509TrustManagerExtensions { */ public List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType, String host) throws CertificateException { return mDelegate.checkServerTrusted(chain, authType, new DelegatingSSLSession.HostnameWrap(host)); return mDelegate.checkServerTrusted(chain, authType, host); } }
