Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5dc0c002 authored by Bob Lee's avatar Bob Lee Committed by Android Git Automerger
Browse files

am e97c2006: Updated Browser and MCS to use shared default trust manager... 

am e97c2006: Updated Browser and MCS to use shared default trust manager instead of initializing their own copies.

Merge commit 'e97c2006' into eclair

* commit 'e97c2006':
  Updated Browser and MCS to use shared default trust manager instead of initializing their own copies.
parents 4717cace e97c2006

core/java/android/net/SSLCertificateSocketFactory.java

+3 −31
Original line number Diff line number Diff line
@@ -41,6 +41,7 @@ import javax.net.ssl.X509TrustManager; 


import org.apache.harmony.xnet.provider.jsse.SSLClientSessionCache;

import org.apache.harmony.xnet.provider.jsse.SSLContextImpl;

import org.apache.harmony.xnet.provider.jsse.SSLParameters;



/**

 * SSLSocketFactory that provides optional (on debug devices, only) skipping of ssl certificfate
@@ -54,28 +55,6 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { 


    private static final String LOG_TAG = "SSLCertificateSocketFactory";



    private static X509TrustManager sDefaultTrustManager;



    static {

        try {

            TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");

            tmf.init((KeyStore)null);

            TrustManager[] tms = tmf.getTrustManagers();

            if (tms != null) {

                for (TrustManager tm : tms) {

                    if (tm instanceof X509TrustManager) {

                        sDefaultTrustManager = (X509TrustManager)tm;

                        break;

                    }

                }

            }

        } catch (NoSuchAlgorithmException e) {

            Log.e(LOG_TAG, "Unable to get X509 Trust Manager ", e);

        } catch (KeyStoreException e) {

            Log.e(LOG_TAG, "Key Store exception while initializing TrustManagerFactory ", e);

        }

    }



    private static final TrustManager[] TRUST_MANAGER = new TrustManager[] {

        new X509TrustManager() {

            public X509Certificate[] getAcceptedIssuers() {
@@ -155,20 +134,13 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { 


    private boolean hasValidCertificateChain(Certificate[] certs) 

            throws IOException {

        if (sDefaultTrustManager == null) {

            if (Config.LOGD) {

                Log.d(LOG_TAG,"hasValidCertificateChain():" +

                          " null default trust manager!");

            }

            throw new IOException("null default trust manager");

        }



        boolean trusted = (certs != null && (certs.length > 0));



        if (trusted) {

            try {

                // the authtype we pass in doesn't actually matter

                sDefaultTrustManager.checkServerTrusted((X509Certificate[]) certs, "RSA");

                SSLParameters.getDefaultTrustManager()

                        .checkServerTrusted((X509Certificate[]) certs, "RSA");

            } catch (GeneralSecurityException e) { 

                String exceptionMessage = e != null ? e.getMessage() : "none";

                if (Config.LOGD) {

core/java/android/net/http/CertificateChainValidator.java

+5 −29
Original line number Diff line number Diff line
@@ -16,6 +16,8 @@ 


package android.net.http;



import org.apache.harmony.xnet.provider.jsse.SSLParameters;



import java.io.IOException;



import java.security.cert.Certificate;
@@ -46,11 +48,6 @@ class CertificateChainValidator { 
    private static final CertificateChainValidator sInstance

            = new CertificateChainValidator();



    /**

     * Default trust manager (used to perform CA certificate validation)

     */

    private X509TrustManager mDefaultTrustManager;



    /**

     * @return The singleton instance of the certificator chain validator

     */
@@ -62,28 +59,7 @@ class CertificateChainValidator { 
     * Creates a new certificate chain validator. This is a pivate constructor.

     * If you need a Certificate chain validator, call getInstance().

     */

    private CertificateChainValidator() {

        try {

            TrustManagerFactory trustManagerFactory

                = TrustManagerFactory.getInstance("X509");

            trustManagerFactory.init((KeyStore)null);

            TrustManager[] trustManagers =

                trustManagerFactory.getTrustManagers();

            if (trustManagers != null && trustManagers.length > 0) {

                for (TrustManager trustManager : trustManagers) {

                    if (trustManager instanceof X509TrustManager) {

                        mDefaultTrustManager = (X509TrustManager)(trustManager);

                        break;

                    }

                }

            }

        } catch (Exception exc) {

            if (HttpLog.LOGV) {

                HttpLog.v("CertificateChainValidator():" +

                          " failed to initialize the trust manager");

            }

        }

    }

    private CertificateChainValidator() {}



    /**

     * Performs the handshake and server certificates validation
@@ -156,7 +132,7 @@ class CertificateChainValidator { 
        // report back to the user.

        //

        try {

            mDefaultTrustManager.checkServerTrusted(

            SSLParameters.getDefaultTrustManager().checkServerTrusted(

                serverCertificates, "RSA");



            // no errors!!!
@@ -186,7 +162,7 @@ class CertificateChainValidator { 
        // check if the last certificate in the chain (root) is trusted

        X509Certificate[] rootCertificateChain = { currCertificate };

        try {

            mDefaultTrustManager.checkServerTrusted(

            SSLParameters.getDefaultTrustManager().checkServerTrusted(

                rootCertificateChain, "RSA");

        } catch (CertificateExpiredException e) {

            String errorMessage = e.getMessage();