Loading core/java/android/security/net/config/CertificateSource.java +2 −1 Original line number Diff line number Diff line Loading @@ -16,12 +16,13 @@ package android.security.net.config; import java.util.Set; import java.security.cert.X509Certificate; import java.util.Set; /** @hide */ public interface CertificateSource { Set<X509Certificate> getCertificates(); X509Certificate findBySubjectAndPublicKey(X509Certificate cert); X509Certificate findByIssuerAndSignature(X509Certificate cert); Set<X509Certificate> findAllByIssuerAndSignature(X509Certificate cert); } core/java/android/security/net/config/CertificatesEntryRef.java +5 −1 Original line number Diff line number Diff line Loading @@ -17,8 +17,8 @@ package android.security.net.config; import android.util.ArraySet; import java.util.Set; import java.security.cert.X509Certificate; import java.util.Set; /** @hide */ public final class CertificatesEntryRef { Loading Loading @@ -60,4 +60,8 @@ public final class CertificatesEntryRef { return new TrustAnchor(foundCert, mOverridesPins); } public Set<X509Certificate> findAllCertificatesByIssuerAndSignature(X509Certificate cert) { return mSource.findAllByIssuerAndSignature(cert); } } core/java/android/security/net/config/DirectoryCertificateSource.java +41 −0 Original line number Diff line number Diff line Loading @@ -29,6 +29,7 @@ import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.Collections; import java.util.Set; import libcore.io.IoUtils; Loading Loading @@ -110,10 +111,50 @@ abstract class DirectoryCertificateSource implements CertificateSource { }); } @Override public Set<X509Certificate> findAllByIssuerAndSignature(final X509Certificate cert) { return findCerts(cert.getIssuerX500Principal(), new CertSelector() { @Override public boolean match(X509Certificate ca) { try { cert.verify(ca.getPublicKey()); return true; } catch (Exception e) { return false; } } }); } private static interface CertSelector { boolean match(X509Certificate cert); } private Set<X509Certificate> findCerts(X500Principal subj, CertSelector selector) { String hash = getHash(subj); Set<X509Certificate> certs = null; for (int index = 0; index >= 0; index++) { String fileName = hash + "." + index; if (!new File(mDir, fileName).exists()) { break; } if (isCertMarkedAsRemoved(fileName)) { continue; } X509Certificate cert = readCertificate(fileName); if (!subj.equals(cert.getSubjectX500Principal())) { continue; } if (selector.match(cert)) { if (certs == null) { certs = new ArraySet<X509Certificate>(); } certs.add(cert); } } return certs != null ? certs : Collections.<X509Certificate>emptySet(); } private X509Certificate findCert(X500Principal subj, CertSelector selector) { String hash = getHash(subj); for (int index = 0; index >= 0; index++) { Loading core/java/android/security/net/config/KeyStoreCertificateSource.java +15 −0 Original line number Diff line number Diff line Loading @@ -21,6 +21,7 @@ import java.security.KeyStore; import java.security.KeyStoreException; import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.Collections; import java.util.Enumeration; import java.util.Set; Loading Loading @@ -90,4 +91,18 @@ class KeyStoreCertificateSource implements CertificateSource { } return anchor.getTrustedCert(); } @Override public Set<X509Certificate> findAllByIssuerAndSignature(X509Certificate cert) { ensureInitialized(); Set<java.security.cert.TrustAnchor> anchors = mIndex.findAllByIssuerAndSignature(cert); if (anchors.isEmpty()) { return Collections.<X509Certificate>emptySet(); } Set<X509Certificate> certs = new ArraySet<X509Certificate>(anchors.size()); for (java.security.cert.TrustAnchor anchor : anchors) { certs.add(anchor.getTrustedCert()); } return certs; } } core/java/android/security/net/config/NetworkSecurityConfig.java +9 −0 Original line number Diff line number Diff line Loading @@ -145,6 +145,15 @@ public final class NetworkSecurityConfig { return null; } /** @hide */ public Set<X509Certificate> findAllCertificatesByIssuerAndSignature(X509Certificate cert) { Set<X509Certificate> certs = new ArraySet<X509Certificate>(); for (CertificatesEntryRef ref : mCertificatesEntryRefs) { certs.addAll(ref.findAllCertificatesByIssuerAndSignature(cert)); } return certs; } /** * Return a {@link Builder} for the default {@code NetworkSecurityConfig}. * Loading Loading
core/java/android/security/net/config/CertificateSource.java +2 −1 Original line number Diff line number Diff line Loading @@ -16,12 +16,13 @@ package android.security.net.config; import java.util.Set; import java.security.cert.X509Certificate; import java.util.Set; /** @hide */ public interface CertificateSource { Set<X509Certificate> getCertificates(); X509Certificate findBySubjectAndPublicKey(X509Certificate cert); X509Certificate findByIssuerAndSignature(X509Certificate cert); Set<X509Certificate> findAllByIssuerAndSignature(X509Certificate cert); }
core/java/android/security/net/config/CertificatesEntryRef.java +5 −1 Original line number Diff line number Diff line Loading @@ -17,8 +17,8 @@ package android.security.net.config; import android.util.ArraySet; import java.util.Set; import java.security.cert.X509Certificate; import java.util.Set; /** @hide */ public final class CertificatesEntryRef { Loading Loading @@ -60,4 +60,8 @@ public final class CertificatesEntryRef { return new TrustAnchor(foundCert, mOverridesPins); } public Set<X509Certificate> findAllCertificatesByIssuerAndSignature(X509Certificate cert) { return mSource.findAllByIssuerAndSignature(cert); } }
core/java/android/security/net/config/DirectoryCertificateSource.java +41 −0 Original line number Diff line number Diff line Loading @@ -29,6 +29,7 @@ import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.Collections; import java.util.Set; import libcore.io.IoUtils; Loading Loading @@ -110,10 +111,50 @@ abstract class DirectoryCertificateSource implements CertificateSource { }); } @Override public Set<X509Certificate> findAllByIssuerAndSignature(final X509Certificate cert) { return findCerts(cert.getIssuerX500Principal(), new CertSelector() { @Override public boolean match(X509Certificate ca) { try { cert.verify(ca.getPublicKey()); return true; } catch (Exception e) { return false; } } }); } private static interface CertSelector { boolean match(X509Certificate cert); } private Set<X509Certificate> findCerts(X500Principal subj, CertSelector selector) { String hash = getHash(subj); Set<X509Certificate> certs = null; for (int index = 0; index >= 0; index++) { String fileName = hash + "." + index; if (!new File(mDir, fileName).exists()) { break; } if (isCertMarkedAsRemoved(fileName)) { continue; } X509Certificate cert = readCertificate(fileName); if (!subj.equals(cert.getSubjectX500Principal())) { continue; } if (selector.match(cert)) { if (certs == null) { certs = new ArraySet<X509Certificate>(); } certs.add(cert); } } return certs != null ? certs : Collections.<X509Certificate>emptySet(); } private X509Certificate findCert(X500Principal subj, CertSelector selector) { String hash = getHash(subj); for (int index = 0; index >= 0; index++) { Loading
core/java/android/security/net/config/KeyStoreCertificateSource.java +15 −0 Original line number Diff line number Diff line Loading @@ -21,6 +21,7 @@ import java.security.KeyStore; import java.security.KeyStoreException; import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.Collections; import java.util.Enumeration; import java.util.Set; Loading Loading @@ -90,4 +91,18 @@ class KeyStoreCertificateSource implements CertificateSource { } return anchor.getTrustedCert(); } @Override public Set<X509Certificate> findAllByIssuerAndSignature(X509Certificate cert) { ensureInitialized(); Set<java.security.cert.TrustAnchor> anchors = mIndex.findAllByIssuerAndSignature(cert); if (anchors.isEmpty()) { return Collections.<X509Certificate>emptySet(); } Set<X509Certificate> certs = new ArraySet<X509Certificate>(anchors.size()); for (java.security.cert.TrustAnchor anchor : anchors) { certs.add(anchor.getTrustedCert()); } return certs; } }
core/java/android/security/net/config/NetworkSecurityConfig.java +9 −0 Original line number Diff line number Diff line Loading @@ -145,6 +145,15 @@ public final class NetworkSecurityConfig { return null; } /** @hide */ public Set<X509Certificate> findAllCertificatesByIssuerAndSignature(X509Certificate cert) { Set<X509Certificate> certs = new ArraySet<X509Certificate>(); for (CertificatesEntryRef ref : mCertificatesEntryRefs) { certs.addAll(ref.findAllCertificatesByIssuerAndSignature(cert)); } return certs; } /** * Return a {@link Builder} for the default {@code NetworkSecurityConfig}. * Loading
