Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e97c2006 authored by Bob Lee's avatar Bob Lee
Browse files

Updated Browser and MCS to use shared default trust manager instead of... 

Updated Browser and MCS to use shared default trust manager instead of initializing their own copies.
parent b7aec912

core/java/android/net/SSLCertificateSocketFactory.java

+3 −31
Original line number Diff line number Diff line
@@ -41,6 +41,7 @@ import javax.net.ssl.X509TrustManager; 


import org.apache.harmony.xnet.provider.jsse.SSLClientSessionCache;

import org.apache.harmony.xnet.provider.jsse.SSLContextImpl;

import org.apache.harmony.xnet.provider.jsse.SSLParameters;



/**

 * SSLSocketFactory that provides optional (on debug devices, only) skipping of ssl certificfate
@@ -54,28 +55,6 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { 


    private static final String LOG_TAG = "SSLCertificateSocketFactory";



    private static X509TrustManager sDefaultTrustManager;



    static {

        try {

            TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");

            tmf.init((KeyStore)null);

            TrustManager[] tms = tmf.getTrustManagers();

            if (tms != null) {

                for (TrustManager tm : tms) {

                    if (tm instanceof X509TrustManager) {

                        sDefaultTrustManager = (X509TrustManager)tm;

                        break;

                    }

                }

            }

        } catch (NoSuchAlgorithmException e) {

            Log.e(LOG_TAG, "Unable to get X509 Trust Manager ", e);

        } catch (KeyStoreException e) {

            Log.e(LOG_TAG, "Key Store exception while initializing TrustManagerFactory ", e);

        }

    }



    private static final TrustManager[] TRUST_MANAGER = new TrustManager[] {

        new X509TrustManager() {

            public X509Certificate[] getAcceptedIssuers() {
@@ -155,20 +134,13 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory { 


    private boolean hasValidCertificateChain(Certificate[] certs) 

            throws IOException {

        if (sDefaultTrustManager == null) {

            if (Config.LOGD) {

                Log.d(LOG_TAG,"hasValidCertificateChain():" +

                          " null default trust manager!");

            }

            throw new IOException("null default trust manager");

        }



        boolean trusted = (certs != null && (certs.length > 0));



        if (trusted) {

            try {

                // the authtype we pass in doesn't actually matter

                sDefaultTrustManager.checkServerTrusted((X509Certificate[]) certs, "RSA");

                SSLParameters.getDefaultTrustManager()

                        .checkServerTrusted((X509Certificate[]) certs, "RSA");

            } catch (GeneralSecurityException e) { 

                String exceptionMessage = e != null ? e.getMessage() : "none";

                if (Config.LOGD) {

core/java/android/net/http/CertificateChainValidator.java

+5 −29
Original line number Diff line number Diff line
@@ -16,6 +16,8 @@ 


package android.net.http;



import org.apache.harmony.xnet.provider.jsse.SSLParameters;



import java.io.IOException;



import java.security.cert.Certificate;
@@ -46,11 +48,6 @@ class CertificateChainValidator { 
    private static final CertificateChainValidator sInstance

            = new CertificateChainValidator();



    /**

     * Default trust manager (used to perform CA certificate validation)

     */

    private X509TrustManager mDefaultTrustManager;



    /**

     * @return The singleton instance of the certificator chain validator

     */
@@ -62,28 +59,7 @@ class CertificateChainValidator { 
     * Creates a new certificate chain validator. This is a pivate constructor.

     * If you need a Certificate chain validator, call getInstance().

     */

    private CertificateChainValidator() {

        try {

            TrustManagerFactory trustManagerFactory

                = TrustManagerFactory.getInstance("X509");

            trustManagerFactory.init((KeyStore)null);

            TrustManager[] trustManagers =

                trustManagerFactory.getTrustManagers();

            if (trustManagers != null && trustManagers.length > 0) {

                for (TrustManager trustManager : trustManagers) {

                    if (trustManager instanceof X509TrustManager) {

                        mDefaultTrustManager = (X509TrustManager)(trustManager);

                        break;

                    }

                }

            }

        } catch (Exception exc) {

            if (HttpLog.LOGV) {

                HttpLog.v("CertificateChainValidator():" +

                          " failed to initialize the trust manager");

            }

        }

    }

    private CertificateChainValidator() {}



    /**

     * Performs the handshake and server certificates validation
@@ -156,7 +132,7 @@ class CertificateChainValidator { 
        // report back to the user.

        //

        try {

            mDefaultTrustManager.checkServerTrusted(

            SSLParameters.getDefaultTrustManager().checkServerTrusted(

                serverCertificates, "RSA");



            // no errors!!!
@@ -186,7 +162,7 @@ class CertificateChainValidator { 
        // check if the last certificate in the chain (root) is trusted

        X509Certificate[] rootCertificateChain = { currCertificate };

        try {

            mDefaultTrustManager.checkServerTrusted(

            SSLParameters.getDefaultTrustManager().checkServerTrusted(

                rootCertificateChain, "RSA");

        } catch (CertificateExpiredException e) {

            String errorMessage = e.getMessage();