Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 973f82f2 authored by Treehugger Robot's avatar Treehugger Robot Committed by Android (Google) Code Review
Browse files

Merge "Remove android.security.certificate_transparency_configuration flag" into main

parents 6c67075b 58748736

core/api/current.txt

+2 −2
Original line number Original line Diff line number Diff line
@@ -30454,7 +30454,7 @@ package android.net.http { 
  public class X509TrustManagerExtensions {

  public class X509TrustManagerExtensions {

    ctor public X509TrustManagerExtensions(javax.net.ssl.X509TrustManager) throws java.lang.IllegalArgumentException;

    ctor public X509TrustManagerExtensions(javax.net.ssl.X509TrustManager) throws java.lang.IllegalArgumentException;

    method public java.util.List<java.security.cert.X509Certificate> checkServerTrusted(java.security.cert.X509Certificate[], String, String) throws java.security.cert.CertificateException;

    method public java.util.List<java.security.cert.X509Certificate> checkServerTrusted(java.security.cert.X509Certificate[], String, String) throws java.security.cert.CertificateException;

    method @FlaggedApi("android.security.certificate_transparency_configuration") @NonNull public java.util.List<java.security.cert.X509Certificate> checkServerTrusted(@NonNull java.security.cert.X509Certificate[], @Nullable byte[], @Nullable byte[], @NonNull String, @NonNull String) throws java.security.cert.CertificateException;

    method @NonNull public java.util.List<java.security.cert.X509Certificate> checkServerTrusted(@NonNull java.security.cert.X509Certificate[], @Nullable byte[], @Nullable byte[], @NonNull String, @NonNull String) throws java.security.cert.CertificateException;

    method public boolean isSameTrustConfiguration(String, String);

    method public boolean isSameTrustConfiguration(String, String);

    method public boolean isUserAddedCertificate(java.security.cert.X509Certificate);

    method public boolean isUserAddedCertificate(java.security.cert.X509Certificate);

  }

  }
@@ -40940,7 +40940,7 @@ package android.security { 
















  public class NetworkSecurityPolicy {







  public class NetworkSecurityPolicy {











    method public static android.security.NetworkSecurityPolicy getInstance();







    method public static android.security.NetworkSecurityPolicy getInstance();











    method @FlaggedApi("android.security.certificate_transparency_configuration") public boolean isCertificateTransparencyVerificationRequired(@NonNull String);







    method public boolean isCertificateTransparencyVerificationRequired(@NonNull String);











    method public boolean isCleartextTrafficPermitted();







    method public boolean isCleartextTrafficPermitted();











    method public boolean isCleartextTrafficPermitted(String);







    method public boolean isCleartextTrafficPermitted(String);











  }







  }

























core/java/android/net/http/X509TrustManagerExtensions.java



+6
−8




























Original line number
Original line
Diff line number
Diff line








@@ -18,7 +18,6 @@ package android.net.http;





























import static com.android.org.conscrypt.flags.Flags.certificateTransparencyCheckservertrustedApi;







import static com.android.org.conscrypt.flags.Flags.certificateTransparencyCheckservertrustedApi;































import android.annotation.FlaggedApi;














import android.annotation.NonNull;







import android.annotation.NonNull;











import android.annotation.Nullable;







import android.annotation.Nullable;











import android.annotation.SuppressLint;







import android.annotation.SuppressLint;










@@ -140,26 +139,25 @@ public class X509TrustManagerExtensions {









     *







     *











     * <p>See {@link X509TrustManager#checkServerTrusted(X509Certificate[], String)} for a







     * <p>See {@link X509TrustManager#checkServerTrusted(X509Certificate[], String)} for a











     * description of the chain and authType parameters. The final parameter, host, should be the







     * description of the chain and authType parameters. The final parameter, host, should be the











     * hostname of the server.</p>







     * hostname of the server.











     *







     *











     * <p>ocspData and tlsSctData may be provided to verify any Signed Certificate Timestamp (SCT)







     * <p>ocspData and tlsSctData may be provided to verify any Signed Certificate Timestamp (SCT)











     * attached to the connection. These are ASN.1 octet strings (SignedCertificateTimestampList)







     * attached to the connection. These are ASN.1 octet strings (SignedCertificateTimestampList) as











     * as described in RFC 6962, Section 3.3. Note that SCTs embedded in the certificate chain







     * described in RFC 6962, Section 3.3. Note that SCTs embedded in the certificate chain will











     * will automatically be processed.







     * automatically be processed.











     * </p>














     *







     *











     * @throws CertificateException if the chain does not verify correctly.







     * @throws CertificateException if the chain does not verify correctly.











     * @throws IllegalArgumentException if the TrustManager is not compatible.







     * @throws IllegalArgumentException if the TrustManager is not compatible.











     * @return the properly ordered chain used for verification as a list of X509Certificates.







     * @return the properly ordered chain used for verification as a list of X509Certificates.











     */







     */











    @FlaggedApi(Flags.FLAG_CERTIFICATE_TRANSPARENCY_CONFIGURATION)














    @NonNull







    @NonNull











    public List<X509Certificate> checkServerTrusted(







    public List<X509Certificate> checkServerTrusted(











            @SuppressLint("ArrayReturn") @NonNull X509Certificate[] chain,







            @SuppressLint("ArrayReturn") @NonNull X509Certificate[] chain,











            @Nullable byte[] ocspData,







            @Nullable byte[] ocspData,











            @Nullable byte[] tlsSctData,







            @Nullable byte[] tlsSctData,











            @NonNull String authType,







            @NonNull String authType,











            @NonNull String host) throws CertificateException {







            @NonNull String host)














            throws CertificateException {











        List<X509Certificate> result;







        List<X509Certificate> result;











        if (mDelegate != null) {







        if (mDelegate != null) {











            if (certificateTransparencyCheckservertrustedApi()) {







            if (certificateTransparencyCheckservertrustedApi()) {

































core/java/android/security/NetworkSecurityPolicy.java



+0
−2




























Original line number
Original line
Diff line number
Diff line








@@ -16,7 +16,6 @@





























package android.security;







package android.security;































import android.annotation.FlaggedApi;














import android.annotation.NonNull;







import android.annotation.NonNull;











import android.content.Context;







import android.content.Context;











import android.content.pm.PackageManager;







import android.content.pm.PackageManager;










@@ -105,7 +104,6 @@ public class NetworkSecurityPolicy {









     * @return {@code true} if certificate transparency verification is required and {@code false}







     * @return {@code true} if certificate transparency verification is required and {@code false}











     *     otherwise







     *     otherwise











     */







     */











    @FlaggedApi(Flags.FLAG_CERTIFICATE_TRANSPARENCY_CONFIGURATION)














    public boolean isCertificateTransparencyVerificationRequired(@NonNull String hostname) {







    public boolean isCertificateTransparencyVerificationRequired(@NonNull String hostname) {











        return libcore.net.NetworkSecurityPolicy.getInstance()







        return libcore.net.NetworkSecurityPolicy.getInstance()











                .isCertificateTransparencyVerificationRequired(hostname);







                .isCertificateTransparencyVerificationRequired(hostname);

































packages/NetworkSecurityConfig/platform/src/android/security/net/config/ApplicationConfig.java



+1
−5




























Original line number
Original line
Diff line number
Diff line








@@ -16,8 +16,6 @@





























package android.security.net.config;







package android.security.net.config;































import static android.security.Flags.certificateTransparencyConfiguration;





























import static libcore.net.NetworkSecurityPolicy.CERTIFICATE_TRANSPARENCY_REASON_APP_OPT_IN;







import static libcore.net.NetworkSecurityPolicy.CERTIFICATE_TRANSPARENCY_REASON_APP_OPT_IN;











import static libcore.net.NetworkSecurityPolicy.CERTIFICATE_TRANSPARENCY_REASON_DOMAIN_OPT_IN;







import static libcore.net.NetworkSecurityPolicy.CERTIFICATE_TRANSPARENCY_REASON_DOMAIN_OPT_IN;











import static libcore.net.NetworkSecurityPolicy.CERTIFICATE_TRANSPARENCY_REASON_SDK_TARGET_DEFAULT_ENABLED;







import static libcore.net.NetworkSecurityPolicy.CERTIFICATE_TRANSPARENCY_REASON_SDK_TARGET_DEFAULT_ENABLED;










@@ -177,9 +175,7 @@ public final class ApplicationConfig {









     *     otherwise







     *     otherwise











     */







     */











    public boolean isCertificateTransparencyVerificationRequired(@NonNull String hostname) {







    public boolean isCertificateTransparencyVerificationRequired(@NonNull String hostname) {











        return certificateTransparencyConfiguration()







        return getConfigForHostname(hostname).isCertificateTransparencyVerificationRequired();











                ? getConfigForHostname(hostname).isCertificateTransparencyVerificationRequired()














                : NetworkSecurityConfig.certificateTransparencyVerificationRequiredDefault();














    }







    }































    int getCertificateTransparencyVerificationReason(@NonNull String hostname) {







    int getCertificateTransparencyVerificationReason(@NonNull String hostname) {