Loading core/java/android/security/net/config/NetworkSecurityTrustManager.java +18 −4 Original line number Diff line number Diff line Loading @@ -16,16 +16,17 @@ package android.security.net.config; import android.util.ArrayMap; import com.android.org.conscrypt.TrustManagerImpl; import android.util.ArrayMap; import java.io.IOException; import java.net.Socket; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.security.GeneralSecurityException; import java.security.KeyStore; import java.security.MessageDigest; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.List; import java.util.Map; import java.util.Set; Loading Loading @@ -105,7 +106,7 @@ public class NetworkSecurityTrustManager extends X509ExtendedTrustManager { /** * Hostname aware version of {@link #checkServerTrusted(X509Certificate[], String)}. * This interface is used by conscrypt and android.net.http.X509TrustManagerExtensions do not * This interface is used by Conscrypt and android.net.http.X509TrustManagerExtensions do not * modify without modifying those callers. */ public List<X509Certificate> checkServerTrusted(X509Certificate[] certs, String authType, Loading @@ -115,6 +116,19 @@ public class NetworkSecurityTrustManager extends X509ExtendedTrustManager { return trustedChain; } /** * This interface is used by Conscrypt and android.net.http.X509TrustManagerExtensions do not * modify without modifying those callers. */ public List<X509Certificate> checkServerTrusted(X509Certificate[] certs, byte[] ocspData, byte[] tlsSctData, String authType, String host) throws CertificateException { List<X509Certificate> trustedChain = mDelegate.checkServerTrusted( certs, ocspData, tlsSctData, authType, host); checkPins(trustedChain); return trustedChain; } private void checkPins(List<X509Certificate> chain) throws CertificateException { PinSet pinSet = mNetworkSecurityConfig.getPins(); if (pinSet.pins.isEmpty() Loading core/java/android/security/net/config/RootTrustManager.java +17 −1 Original line number Diff line number Diff line Loading @@ -120,7 +120,7 @@ public class RootTrustManager extends X509ExtendedTrustManager { /** * Hostname aware version of {@link #checkServerTrusted(X509Certificate[], String)}. * This interface is used by conscrypt and android.net.http.X509TrustManagerExtensions do not * This interface is used by Conscrypt and android.net.http.X509TrustManagerExtensions do not * modify without modifying those callers. */ @UnsupportedAppUsage Loading @@ -134,6 +134,22 @@ public class RootTrustManager extends X509ExtendedTrustManager { return config.getTrustManager().checkServerTrusted(certs, authType, hostname); } /** * This interface is used by Conscrypt and android.net.http.X509TrustManagerExtensions do not * modify without modifying those callers. */ public List<X509Certificate> checkServerTrusted(X509Certificate[] certs, byte[] ocspData, byte[] tlsSctData, String authType, String hostname) throws CertificateException { if (hostname == null && mConfig.hasPerDomainConfigs()) { throw new CertificateException( "Domain specific configurations require that the hostname be provided"); } NetworkSecurityConfig config = mConfig.getConfigForHostname(hostname); return config.getTrustManager().checkServerTrusted( certs, ocspData, tlsSctData, authType, hostname); } @Override public X509Certificate[] getAcceptedIssuers() { // getAcceptedIssuers is meant to be used to determine which trust anchors the server will Loading Loading
core/java/android/security/net/config/NetworkSecurityTrustManager.java +18 −4 Original line number Diff line number Diff line Loading @@ -16,16 +16,17 @@ package android.security.net.config; import android.util.ArrayMap; import com.android.org.conscrypt.TrustManagerImpl; import android.util.ArrayMap; import java.io.IOException; import java.net.Socket; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.security.GeneralSecurityException; import java.security.KeyStore; import java.security.MessageDigest; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.List; import java.util.Map; import java.util.Set; Loading Loading @@ -105,7 +106,7 @@ public class NetworkSecurityTrustManager extends X509ExtendedTrustManager { /** * Hostname aware version of {@link #checkServerTrusted(X509Certificate[], String)}. * This interface is used by conscrypt and android.net.http.X509TrustManagerExtensions do not * This interface is used by Conscrypt and android.net.http.X509TrustManagerExtensions do not * modify without modifying those callers. */ public List<X509Certificate> checkServerTrusted(X509Certificate[] certs, String authType, Loading @@ -115,6 +116,19 @@ public class NetworkSecurityTrustManager extends X509ExtendedTrustManager { return trustedChain; } /** * This interface is used by Conscrypt and android.net.http.X509TrustManagerExtensions do not * modify without modifying those callers. */ public List<X509Certificate> checkServerTrusted(X509Certificate[] certs, byte[] ocspData, byte[] tlsSctData, String authType, String host) throws CertificateException { List<X509Certificate> trustedChain = mDelegate.checkServerTrusted( certs, ocspData, tlsSctData, authType, host); checkPins(trustedChain); return trustedChain; } private void checkPins(List<X509Certificate> chain) throws CertificateException { PinSet pinSet = mNetworkSecurityConfig.getPins(); if (pinSet.pins.isEmpty() Loading
core/java/android/security/net/config/RootTrustManager.java +17 −1 Original line number Diff line number Diff line Loading @@ -120,7 +120,7 @@ public class RootTrustManager extends X509ExtendedTrustManager { /** * Hostname aware version of {@link #checkServerTrusted(X509Certificate[], String)}. * This interface is used by conscrypt and android.net.http.X509TrustManagerExtensions do not * This interface is used by Conscrypt and android.net.http.X509TrustManagerExtensions do not * modify without modifying those callers. */ @UnsupportedAppUsage Loading @@ -134,6 +134,22 @@ public class RootTrustManager extends X509ExtendedTrustManager { return config.getTrustManager().checkServerTrusted(certs, authType, hostname); } /** * This interface is used by Conscrypt and android.net.http.X509TrustManagerExtensions do not * modify without modifying those callers. */ public List<X509Certificate> checkServerTrusted(X509Certificate[] certs, byte[] ocspData, byte[] tlsSctData, String authType, String hostname) throws CertificateException { if (hostname == null && mConfig.hasPerDomainConfigs()) { throw new CertificateException( "Domain specific configurations require that the hostname be provided"); } NetworkSecurityConfig config = mConfig.getConfigForHostname(hostname); return config.getTrustManager().checkServerTrusted( certs, ocspData, tlsSctData, authType, hostname); } @Override public X509Certificate[] getAcceptedIssuers() { // getAcceptedIssuers is meant to be used to determine which trust anchors the server will Loading
