Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit acca0090 authored by Adam Vartanian's avatar Adam Vartanian
Browse files

Clarify which methods return connected sockets 

Some methods in SSLCertificateSocketFactory return connected sockets
and some return unconnected sockets.  Be explicit in each method's
documentation about whether it returns a connected or unconnected
socket.

Bug: 37618511
Test: cts -m CtsNetTestCases -t android.net.cts.SSLCertificateSocketFactoryTest
Change-Id: Ia9c6c8bec15a2d3fbd0d86f8accff13627c79565
parent 0cbdca3e

core/java/android/net/SSLCertificateSocketFactory.java

+22 −8
Original line number Diff line number Diff line
@@ -68,10 +68,14 @@ import javax.net.ssl.X509TrustManager; 
 * use {@link InetAddress} or which return an unconnected socket, you MUST

 * verify the server's identity yourself to ensure a secure connection.</p>

 *

 * <p>One way to verify the server's identity is to use

 * <p>The recommended way to verify the server's identity is to use

 * {@link HttpsURLConnection#getDefaultHostnameVerifier()} to get a

 * {@link HostnameVerifier} to verify the certificate hostname.

 *

 * <p><b>Warning</b>: Some methods on this class return connected sockets and some return

 * unconnected sockets.  For the methods that return connected sockets, setting

 * connection- or handshake-related properties on those sockets will have no effect.

 *

 * <p>On development devices, "setprop socket.relaxsslcheck yes" bypasses all

 * SSL certificate and hostname checks for testing purposes.  This setting

 * requires root access.
@@ -437,8 +441,10 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { 
    /**

     * {@inheritDoc}

     *

     * <p>This method verifies the peer's certificate hostname after connecting

     * (unless created with {@link #getInsecure(int, SSLSessionCache)}).

     * <p>By default, this method returns a <i>connected</i> socket and verifies the peer's

     * certificate hostname after connecting; if this instance was created with

     * {@link #getInsecure(int, SSLSessionCache)}, it returns a socket that is <i>not connected</i>

     * instead.

     */

    @Override

    public Socket createSocket(Socket k, String host, int port, boolean close) throws IOException {
@@ -454,7 +460,7 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { 
    }



    /**

     * Creates a new socket which is not connected to any remote host.

     * Creates a new socket which is <i>not connected</i> to any remote host.

     * You must use {@link Socket#connect} to connect the socket.

     *

     * <p class="caution"><b>Warning:</b> Hostname verification is not performed
@@ -474,6 +480,8 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { 
    /**

     * {@inheritDoc}

     *

     * <p>This method returns a socket that is <i>not connected</i>.

     *

     * <p class="caution"><b>Warning:</b> Hostname verification is not performed

     * with this method.  You MUST verify the server's identity after connecting

     * the socket to avoid man-in-the-middle attacks.</p>
@@ -493,6 +501,8 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { 
    /**

     * {@inheritDoc}

     *

     * <p>This method returns a socket that is <i>not connected</i>.

     *

     * <p class="caution"><b>Warning:</b> Hostname verification is not performed

     * with this method.  You MUST verify the server's identity after connecting

     * the socket to avoid man-in-the-middle attacks.</p>
@@ -510,8 +520,10 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { 
    /**

     * {@inheritDoc}

     *

     * <p>This method verifies the peer's certificate hostname after connecting

     * (unless created with {@link #getInsecure(int, SSLSessionCache)}).

     * <p>By default, this method returns a <i>connected</i> socket and verifies the peer's

     * certificate hostname after connecting; if this instance was created with

     * {@link #getInsecure(int, SSLSessionCache)}, it returns a socket that is <i>not connected</i>

     * instead.

     */

    @Override

    public Socket createSocket(String host, int port, InetAddress localAddr, int localPort)
@@ -531,8 +543,10 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { 
    /**

     * {@inheritDoc}

     *

     * <p>This method verifies the peer's certificate hostname after connecting

     * (unless created with {@link #getInsecure(int, SSLSessionCache)}).

     * <p>By default, this method returns a <i>connected</i> socket and verifies the peer's

     * certificate hostname after connecting; if this instance was created with

     * {@link #getInsecure(int, SSLSessionCache)}, it returns a socket that is <i>not connected</i>

     * instead.

     */

    @Override

    public Socket createSocket(String host, int port) throws IOException {