Loading core/java/android/security/net/config/NetworkSecurityConfig.java +2 −2 Original line number Diff line number Diff line Loading @@ -41,7 +41,7 @@ public final class NetworkSecurityConfig { private final List<CertificatesEntryRef> mCertificatesEntryRefs; private Set<TrustAnchor> mAnchors; private final Object mAnchorsLock = new Object(); private X509TrustManager mTrustManager; private NetworkSecurityTrustManager mTrustManager; private final Object mTrustManagerLock = new Object(); private NetworkSecurityConfig(boolean cleartextTrafficPermitted, boolean hstsEnforced, Loading Loading @@ -78,7 +78,7 @@ public final class NetworkSecurityConfig { return mPins; } public X509TrustManager getTrustManager() { public NetworkSecurityTrustManager getTrustManager() { synchronized(mTrustManagerLock) { if (mTrustManager == null) { mTrustManager = new NetworkSecurityTrustManager(this); Loading core/java/android/security/net/config/NetworkSecurityTrustManager.java +21 −2 Original line number Diff line number Diff line Loading @@ -71,9 +71,28 @@ public class NetworkSecurityTrustManager implements X509TrustManager { @Override public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException { List<X509Certificate> trustedChain = mDelegate.checkServerTrusted(certs, authType, (String) null); checkServerTrusted(certs, authType, null); } /** * Hostname aware version of {@link #checkServerTrusted(X509Certificate[], String)}. * This interface is used by conscrypt and android.net.http.X509TrustManagerExtensions do not * modify without modifying those callers. */ public List<X509Certificate> checkServerTrusted(X509Certificate[] certs, String authType, String host) throws CertificateException { List<X509Certificate> trustedChain = mDelegate.checkServerTrusted(certs, authType, host); checkPins(trustedChain); return trustedChain; } /** * Check if the provided certificate is a user added certificate authority. * This is required by android.net.http.X509TrustManagerExtensions. */ public boolean isUserAddedCertificate(X509Certificate cert) { // TODO: Figure out the right way to handle this, and if it is still even used. return false; } private void checkPins(List<X509Certificate> chain) throws CertificateException { Loading core/java/android/security/net/config/RootTrustManager.java +18 −3 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ package android.security.net.config; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.List; import javax.net.ssl.X509TrustManager; Loading Loading @@ -61,10 +62,24 @@ public class RootTrustManager implements X509TrustManager { config.getTrustManager().checkServerTrusted(certs, authType); } public void checkServerTrusted(X509Certificate[] certs, String authType, String hostname) throws CertificateException { /** * Hostname aware version of {@link #checkServerTrusted(X509Certificate[], String)}. * This interface is used by conscrypt and android.net.http.X509TrustManagerExtensions do not * modify without modifying those callers. */ public List<X509Certificate> checkServerTrusted(X509Certificate[] certs, String authType, String hostname) throws CertificateException { NetworkSecurityConfig config = mConfig.getConfigForHostname(hostname); config.getTrustManager().checkServerTrusted(certs, authType); return config.getTrustManager().checkServerTrusted(certs, authType, hostname); } /** * Check if the provided certificate is a user added certificate authority. * This is required by android.net.http.X509TrustManagerExtensions. */ public boolean isUserAddedCertificate(X509Certificate cert) { // TODO: Figure out the right way to handle this, and if it is still even used. return false; } @Override Loading Loading
core/java/android/security/net/config/NetworkSecurityConfig.java +2 −2 Original line number Diff line number Diff line Loading @@ -41,7 +41,7 @@ public final class NetworkSecurityConfig { private final List<CertificatesEntryRef> mCertificatesEntryRefs; private Set<TrustAnchor> mAnchors; private final Object mAnchorsLock = new Object(); private X509TrustManager mTrustManager; private NetworkSecurityTrustManager mTrustManager; private final Object mTrustManagerLock = new Object(); private NetworkSecurityConfig(boolean cleartextTrafficPermitted, boolean hstsEnforced, Loading Loading @@ -78,7 +78,7 @@ public final class NetworkSecurityConfig { return mPins; } public X509TrustManager getTrustManager() { public NetworkSecurityTrustManager getTrustManager() { synchronized(mTrustManagerLock) { if (mTrustManager == null) { mTrustManager = new NetworkSecurityTrustManager(this); Loading
core/java/android/security/net/config/NetworkSecurityTrustManager.java +21 −2 Original line number Diff line number Diff line Loading @@ -71,9 +71,28 @@ public class NetworkSecurityTrustManager implements X509TrustManager { @Override public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException { List<X509Certificate> trustedChain = mDelegate.checkServerTrusted(certs, authType, (String) null); checkServerTrusted(certs, authType, null); } /** * Hostname aware version of {@link #checkServerTrusted(X509Certificate[], String)}. * This interface is used by conscrypt and android.net.http.X509TrustManagerExtensions do not * modify without modifying those callers. */ public List<X509Certificate> checkServerTrusted(X509Certificate[] certs, String authType, String host) throws CertificateException { List<X509Certificate> trustedChain = mDelegate.checkServerTrusted(certs, authType, host); checkPins(trustedChain); return trustedChain; } /** * Check if the provided certificate is a user added certificate authority. * This is required by android.net.http.X509TrustManagerExtensions. */ public boolean isUserAddedCertificate(X509Certificate cert) { // TODO: Figure out the right way to handle this, and if it is still even used. return false; } private void checkPins(List<X509Certificate> chain) throws CertificateException { Loading
core/java/android/security/net/config/RootTrustManager.java +18 −3 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ package android.security.net.config; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.List; import javax.net.ssl.X509TrustManager; Loading Loading @@ -61,10 +62,24 @@ public class RootTrustManager implements X509TrustManager { config.getTrustManager().checkServerTrusted(certs, authType); } public void checkServerTrusted(X509Certificate[] certs, String authType, String hostname) throws CertificateException { /** * Hostname aware version of {@link #checkServerTrusted(X509Certificate[], String)}. * This interface is used by conscrypt and android.net.http.X509TrustManagerExtensions do not * modify without modifying those callers. */ public List<X509Certificate> checkServerTrusted(X509Certificate[] certs, String authType, String hostname) throws CertificateException { NetworkSecurityConfig config = mConfig.getConfigForHostname(hostname); config.getTrustManager().checkServerTrusted(certs, authType); return config.getTrustManager().checkServerTrusted(certs, authType, hostname); } /** * Check if the provided certificate is a user added certificate authority. * This is required by android.net.http.X509TrustManagerExtensions. */ public boolean isUserAddedCertificate(X509Certificate cert) { // TODO: Figure out the right way to handle this, and if it is still even used. return false; } @Override Loading
