Loading core/java/android/net/http/CertificateChainValidator.java +15 −1 Original line number Original line Diff line number Diff line Loading @@ -25,15 +25,17 @@ import javax.net.ssl.DefaultHostnameVerifier; import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocket; import javax.net.ssl.X509TrustManager; import org.apache.harmony.security.provider.cert.X509CertImpl; import org.apache.harmony.security.provider.cert.X509CertImpl; import org.apache.harmony.xnet.provider.jsse.SSLParametersImpl; import org.apache.harmony.xnet.provider.jsse.SSLParametersImpl; import org.apache.harmony.xnet.provider.jsse.TrustManagerImpl; /** /** * Class responsible for all server certificate validation functionality * Class responsible for all server certificate validation functionality * * * {@hide} * {@hide} */ */ class CertificateChainValidator { public class CertificateChainValidator { /** /** * The singleton instance of the certificate chain validator * The singleton instance of the certificate chain validator Loading Loading @@ -121,6 +123,18 @@ class CertificateChainValidator { return verifyServerDomainAndCertificates(serverCertificates, domain, authType); return verifyServerDomainAndCertificates(serverCertificates, domain, authType); } } /** * Handles updates to credential storage. */ public static void handleTrustStorageUpdate() { X509TrustManager x509TrustManager = SSLParametersImpl.getDefaultTrustManager(); if( x509TrustManager instanceof TrustManagerImpl ) { TrustManagerImpl trustManager = (TrustManagerImpl) x509TrustManager; trustManager.handleTrustStorageUpdate(); } } /** /** * Common code of doHandshakeAndValidateServerCertificates and verifyServerCertificates. * Common code of doHandshakeAndValidateServerCertificates and verifyServerCertificates. * Calls DomainNamevalidator to verify the domain, and TrustManager to verify the certs. * Calls DomainNamevalidator to verify the domain, and TrustManager to verify the certs. Loading core/java/android/webkit/WebView.java +37 −0 Original line number Original line Diff line number Diff line Loading @@ -59,6 +59,7 @@ import android.os.Message; import android.os.StrictMode; import android.os.StrictMode; import android.os.SystemClock; import android.os.SystemClock; import android.provider.Settings; import android.provider.Settings; import android.security.KeyChain; import android.speech.tts.TextToSpeech; import android.speech.tts.TextToSpeech; import android.text.Editable; import android.text.Editable; import android.text.InputType; import android.text.InputType; Loading Loading @@ -1303,6 +1304,7 @@ public class WebView extends AbsoluteLayout init(); init(); setupPackageListener(context); setupPackageListener(context); setupProxyListener(context); setupProxyListener(context); setupTrustStorageListener(context); updateMultiTouchSupport(context); updateMultiTouchSupport(context); if (privateBrowsing) { if (privateBrowsing) { Loading @@ -1312,6 +1314,41 @@ public class WebView extends AbsoluteLayout mAutoFillData = new WebViewCore.AutoFillData(); mAutoFillData = new WebViewCore.AutoFillData(); } } private static class TrustStorageListener extends BroadcastReceiver { @Override public void onReceive(Context context, Intent intent) { if (intent.getAction().equals(KeyChain.ACTION_STORAGE_CHANGED)) { handleCertTrustChanged(); } } } private static TrustStorageListener sTrustStorageListener; /** * Handles update to the trust storage. */ private static void handleCertTrustChanged() { // send a message for indicating trust storage change WebViewCore.sendStaticMessage(EventHub.TRUST_STORAGE_UPDATED, null); } /* * @param context This method expects this to be a valid context. */ private static void setupTrustStorageListener(Context context) { if (sTrustStorageListener != null ) { return; } IntentFilter filter = new IntentFilter(); filter.addAction(KeyChain.ACTION_STORAGE_CHANGED); sTrustStorageListener = new TrustStorageListener(); Intent current = context.getApplicationContext().registerReceiver(sTrustStorageListener, filter); if (current != null) { handleCertTrustChanged(); } } private static class ProxyReceiver extends BroadcastReceiver { private static class ProxyReceiver extends BroadcastReceiver { @Override @Override public void onReceive(Context context, Intent intent) { public void onReceive(Context context, Intent intent) { Loading core/java/android/webkit/WebViewCore.java +11 −0 Original line number Original line Diff line number Diff line Loading @@ -26,6 +26,7 @@ import android.graphics.Region; import android.media.MediaFile; import android.media.MediaFile; import android.net.ProxyProperties; import android.net.ProxyProperties; import android.net.Uri; import android.net.Uri; import android.net.http.CertificateChainValidator; import android.os.Bundle; import android.os.Bundle; import android.os.Handler; import android.os.Handler; import android.os.Looper; import android.os.Looper; Loading Loading @@ -775,6 +776,11 @@ public final class WebViewCore { Message m = (Message)msg.obj; Message m = (Message)msg.obj; m.sendToTarget(); m.sendToTarget(); break; break; case EventHub.TRUST_STORAGE_UPDATED: // post a task to network thread for updating trust manager nativeCertTrustChanged(); CertificateChainValidator.handleTrustStorageUpdate(); break; } } } } }; }; Loading Loading @@ -1133,6 +1139,9 @@ public final class WebViewCore { static final int SELECT_WORD_AT = 214; static final int SELECT_WORD_AT = 214; static final int SELECT_ALL = 215; static final int SELECT_ALL = 215; // for updating state on trust storage change static final int TRUST_STORAGE_UPDATED = 220; // Private handler for WebCore messages. // Private handler for WebCore messages. private Handler mHandler; private Handler mHandler; // Message queue for containing messages before the WebCore thread is // Message queue for containing messages before the WebCore thread is Loading Loading @@ -3082,4 +3091,6 @@ public final class WebViewCore { private native void nativeClearTextSelection(int nativeClass); private native void nativeClearTextSelection(int nativeClass); private native void nativeSelectWordAt(int nativeClass, int x, int y); private native void nativeSelectWordAt(int nativeClass, int x, int y); private native void nativeSelectAll(int nativeClass); private native void nativeSelectAll(int nativeClass); private static native void nativeCertTrustChanged(); } } keystore/java/android/security/KeyChain.java +17 −1 Original line number Original line Diff line number Diff line Loading @@ -124,7 +124,7 @@ public final class KeyChain { public static final String EXTRA_SENDER = "sender"; public static final String EXTRA_SENDER = "sender"; /** /** * Action to bring up the CertInstaller * Action to bring up the CertInstaller. */ */ private static final String ACTION_INSTALL = "android.credentials.INSTALL"; private static final String ACTION_INSTALL = "android.credentials.INSTALL"; Loading Loading @@ -167,6 +167,22 @@ public final class KeyChain { // Compatible with old android.security.Credentials.PKCS12 // Compatible with old android.security.Credentials.PKCS12 public static final String EXTRA_PKCS12 = "PKCS12"; public static final String EXTRA_PKCS12 = "PKCS12"; /** * @hide TODO This is temporary and will be removed * Broadcast Action: Indicates the trusted storage has changed. Sent when * one of this happens: * * <ul> * <li>a new CA is added, * <li>an existing CA is removed or disabled, * <li>a disabled CA is enabled, * <li>trusted storage is reset (all user certs are cleared), * <li>when permission to access a private key is changed. * </ul> */ public static final String ACTION_STORAGE_CHANGED = "android.security.STORAGE_CHANGED"; /** /** * Returns an {@code Intent} that can be used for credential * Returns an {@code Intent} that can be used for credential * installation. The intent may be used without any extras, in * installation. The intent may be used without any extras, in Loading Loading
core/java/android/net/http/CertificateChainValidator.java +15 −1 Original line number Original line Diff line number Diff line Loading @@ -25,15 +25,17 @@ import javax.net.ssl.DefaultHostnameVerifier; import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocket; import javax.net.ssl.X509TrustManager; import org.apache.harmony.security.provider.cert.X509CertImpl; import org.apache.harmony.security.provider.cert.X509CertImpl; import org.apache.harmony.xnet.provider.jsse.SSLParametersImpl; import org.apache.harmony.xnet.provider.jsse.SSLParametersImpl; import org.apache.harmony.xnet.provider.jsse.TrustManagerImpl; /** /** * Class responsible for all server certificate validation functionality * Class responsible for all server certificate validation functionality * * * {@hide} * {@hide} */ */ class CertificateChainValidator { public class CertificateChainValidator { /** /** * The singleton instance of the certificate chain validator * The singleton instance of the certificate chain validator Loading Loading @@ -121,6 +123,18 @@ class CertificateChainValidator { return verifyServerDomainAndCertificates(serverCertificates, domain, authType); return verifyServerDomainAndCertificates(serverCertificates, domain, authType); } } /** * Handles updates to credential storage. */ public static void handleTrustStorageUpdate() { X509TrustManager x509TrustManager = SSLParametersImpl.getDefaultTrustManager(); if( x509TrustManager instanceof TrustManagerImpl ) { TrustManagerImpl trustManager = (TrustManagerImpl) x509TrustManager; trustManager.handleTrustStorageUpdate(); } } /** /** * Common code of doHandshakeAndValidateServerCertificates and verifyServerCertificates. * Common code of doHandshakeAndValidateServerCertificates and verifyServerCertificates. * Calls DomainNamevalidator to verify the domain, and TrustManager to verify the certs. * Calls DomainNamevalidator to verify the domain, and TrustManager to verify the certs. Loading
core/java/android/webkit/WebView.java +37 −0 Original line number Original line Diff line number Diff line Loading @@ -59,6 +59,7 @@ import android.os.Message; import android.os.StrictMode; import android.os.StrictMode; import android.os.SystemClock; import android.os.SystemClock; import android.provider.Settings; import android.provider.Settings; import android.security.KeyChain; import android.speech.tts.TextToSpeech; import android.speech.tts.TextToSpeech; import android.text.Editable; import android.text.Editable; import android.text.InputType; import android.text.InputType; Loading Loading @@ -1303,6 +1304,7 @@ public class WebView extends AbsoluteLayout init(); init(); setupPackageListener(context); setupPackageListener(context); setupProxyListener(context); setupProxyListener(context); setupTrustStorageListener(context); updateMultiTouchSupport(context); updateMultiTouchSupport(context); if (privateBrowsing) { if (privateBrowsing) { Loading @@ -1312,6 +1314,41 @@ public class WebView extends AbsoluteLayout mAutoFillData = new WebViewCore.AutoFillData(); mAutoFillData = new WebViewCore.AutoFillData(); } } private static class TrustStorageListener extends BroadcastReceiver { @Override public void onReceive(Context context, Intent intent) { if (intent.getAction().equals(KeyChain.ACTION_STORAGE_CHANGED)) { handleCertTrustChanged(); } } } private static TrustStorageListener sTrustStorageListener; /** * Handles update to the trust storage. */ private static void handleCertTrustChanged() { // send a message for indicating trust storage change WebViewCore.sendStaticMessage(EventHub.TRUST_STORAGE_UPDATED, null); } /* * @param context This method expects this to be a valid context. */ private static void setupTrustStorageListener(Context context) { if (sTrustStorageListener != null ) { return; } IntentFilter filter = new IntentFilter(); filter.addAction(KeyChain.ACTION_STORAGE_CHANGED); sTrustStorageListener = new TrustStorageListener(); Intent current = context.getApplicationContext().registerReceiver(sTrustStorageListener, filter); if (current != null) { handleCertTrustChanged(); } } private static class ProxyReceiver extends BroadcastReceiver { private static class ProxyReceiver extends BroadcastReceiver { @Override @Override public void onReceive(Context context, Intent intent) { public void onReceive(Context context, Intent intent) { Loading
core/java/android/webkit/WebViewCore.java +11 −0 Original line number Original line Diff line number Diff line Loading @@ -26,6 +26,7 @@ import android.graphics.Region; import android.media.MediaFile; import android.media.MediaFile; import android.net.ProxyProperties; import android.net.ProxyProperties; import android.net.Uri; import android.net.Uri; import android.net.http.CertificateChainValidator; import android.os.Bundle; import android.os.Bundle; import android.os.Handler; import android.os.Handler; import android.os.Looper; import android.os.Looper; Loading Loading @@ -775,6 +776,11 @@ public final class WebViewCore { Message m = (Message)msg.obj; Message m = (Message)msg.obj; m.sendToTarget(); m.sendToTarget(); break; break; case EventHub.TRUST_STORAGE_UPDATED: // post a task to network thread for updating trust manager nativeCertTrustChanged(); CertificateChainValidator.handleTrustStorageUpdate(); break; } } } } }; }; Loading Loading @@ -1133,6 +1139,9 @@ public final class WebViewCore { static final int SELECT_WORD_AT = 214; static final int SELECT_WORD_AT = 214; static final int SELECT_ALL = 215; static final int SELECT_ALL = 215; // for updating state on trust storage change static final int TRUST_STORAGE_UPDATED = 220; // Private handler for WebCore messages. // Private handler for WebCore messages. private Handler mHandler; private Handler mHandler; // Message queue for containing messages before the WebCore thread is // Message queue for containing messages before the WebCore thread is Loading Loading @@ -3082,4 +3091,6 @@ public final class WebViewCore { private native void nativeClearTextSelection(int nativeClass); private native void nativeClearTextSelection(int nativeClass); private native void nativeSelectWordAt(int nativeClass, int x, int y); private native void nativeSelectWordAt(int nativeClass, int x, int y); private native void nativeSelectAll(int nativeClass); private native void nativeSelectAll(int nativeClass); private static native void nativeCertTrustChanged(); } }
keystore/java/android/security/KeyChain.java +17 −1 Original line number Original line Diff line number Diff line Loading @@ -124,7 +124,7 @@ public final class KeyChain { public static final String EXTRA_SENDER = "sender"; public static final String EXTRA_SENDER = "sender"; /** /** * Action to bring up the CertInstaller * Action to bring up the CertInstaller. */ */ private static final String ACTION_INSTALL = "android.credentials.INSTALL"; private static final String ACTION_INSTALL = "android.credentials.INSTALL"; Loading Loading @@ -167,6 +167,22 @@ public final class KeyChain { // Compatible with old android.security.Credentials.PKCS12 // Compatible with old android.security.Credentials.PKCS12 public static final String EXTRA_PKCS12 = "PKCS12"; public static final String EXTRA_PKCS12 = "PKCS12"; /** * @hide TODO This is temporary and will be removed * Broadcast Action: Indicates the trusted storage has changed. Sent when * one of this happens: * * <ul> * <li>a new CA is added, * <li>an existing CA is removed or disabled, * <li>a disabled CA is enabled, * <li>trusted storage is reset (all user certs are cleared), * <li>when permission to access a private key is changed. * </ul> */ public static final String ACTION_STORAGE_CHANGED = "android.security.STORAGE_CHANGED"; /** /** * Returns an {@code Intent} that can be used for credential * Returns an {@code Intent} that can be used for credential * installation. The intent may be used without any extras, in * installation. The intent may be used without any extras, in Loading
