diff options
author | Brian Carlstrom <bdc@google.com> | 2014-07-07 20:48:48 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2014-07-07 17:50:18 +0000 |
commit | 52a154febb7c06b142116235c368417dd5e542ba (patch) | |
tree | 56824612a20ecacc58babcbe35fc9980c38571e5 | |
parent | ef2e76675a6c60a2a4764a2e19fdb2c4d9beb00e (diff) | |
parent | 87f597465cf4a94a38a7db494a4edac1e9fde97d (diff) | |
download | base-52a154febb7c06b142116235c368417dd5e542ba.tar.gz |
Merge "Remove"
4 files changed, 23 insertions, 165 deletions
diff --git a/core/java/android/net/http/CertificateChainValidator.java b/core/java/android/net/http/CertificateChainValidator.java index d06355d4f8a4..bf3fe0278245 100644 --- a/core/java/android/net/http/CertificateChainValidator.java +++ b/core/java/android/net/http/CertificateChainValidator.java @@ -16,6 +16,9 @@ package android.net.http; +import com.android.org.conscrypt.SSLParametersImpl; +import com.android.org.conscrypt.TrustManagerImpl; + import android.util.Slog; import java.io.ByteArrayInputStream; @@ -37,7 +40,7 @@ import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; -import javax.net.ssl.X509ExtendedTrustManager; +import javax.net.ssl.X509TrustManager; /** * Class responsible for all server certificate validation functionality @@ -60,7 +63,7 @@ public class CertificateChainValidator { .getDefaultHostnameVerifier(); } - private X509ExtendedTrustManager mTrustManager; + private X509TrustManager mTrustManager; /** * @return The singleton instance of the certificates chain validator @@ -78,8 +81,8 @@ public class CertificateChainValidator { TrustManagerFactory tmf = TrustManagerFactory.getInstance("X.509"); tmf.init((KeyStore) null); for (TrustManager tm : tmf.getTrustManagers()) { - if (tm instanceof X509ExtendedTrustManager) { - mTrustManager = (X509ExtendedTrustManager) tm; + if (tm instanceof X509TrustManager) { + mTrustManager = (X509TrustManager) tm; } } } catch (NoSuchAlgorithmException e) { @@ -90,7 +93,7 @@ public class CertificateChainValidator { if (mTrustManager == null) { throw new RuntimeException( - "None of the X.509 TrustManagers are X509ExtendedTrustManager"); + "None of the X.509 TrustManagers are X509TrustManager"); } } @@ -225,8 +228,13 @@ public class CertificateChainValidator { } try { - getInstance().getTrustManager().checkServerTrusted(chain, authType, - new DelegatingSocketWrapper(domain)); + X509TrustManager x509TrustManager = SSLParametersImpl.getDefaultX509TrustManager(); + if (x509TrustManager instanceof TrustManagerImpl) { + TrustManagerImpl trustManager = (TrustManagerImpl) x509TrustManager; + trustManager.checkServerTrusted(chain, authType, domain); + } else { + x509TrustManager.checkServerTrusted(chain, authType); + } return null; // No errors. } catch (GeneralSecurityException e) { if (HttpLog.LOGV) { @@ -238,9 +246,9 @@ public class CertificateChainValidator { } /** - * Returns the platform default {@link X509ExtendedTrustManager}. + * Returns the platform default {@link X509TrustManager}. */ - private X509ExtendedTrustManager getTrustManager() { + private X509TrustManager getTrustManager() { return mTrustManager; } @@ -268,4 +276,4 @@ public class CertificateChainValidator { throw new SSLHandshakeException(errorMessage); } -}
\ No newline at end of file +} diff --git a/core/java/android/net/http/DelegatingSSLSession.java b/core/java/android/net/http/DelegatingSSLSession.java index ff75b243229d..98fbe21e7af2 100644 --- a/core/java/android/net/http/DelegatingSSLSession.java +++ b/core/java/android/net/http/DelegatingSSLSession.java @@ -24,12 +24,11 @@ import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSessionContext; import javax.net.ssl.SSLSocket; -import javax.net.ssl.X509ExtendedTrustManager; +import javax.net.ssl.X509TrustManager; /** - * This is used when only a {@code hostname} is available but usage of the new API - * {@link X509ExtendedTrustManager#checkServerTrusted(X509Certificate[], String, Socket)} - * requires a {@link SSLSocket}. + * This is only used when a {@code certificate} is available but usage + * requires a {@link SSLSession}. * * @hide */ @@ -37,19 +36,6 @@ public class DelegatingSSLSession implements SSLSession { protected DelegatingSSLSession() { } - public static class HostnameWrap extends DelegatingSSLSession { - private final String mHostname; - - public HostnameWrap(String hostname) { - mHostname = hostname; - } - - @Override - public String getPeerHost() { - return mHostname; - } - } - public static class CertificateWrap extends DelegatingSSLSession { private final Certificate mCertificate; @@ -169,4 +155,4 @@ public class DelegatingSSLSession implements SSLSession { public void removeValue(String name) { throw new UnsupportedOperationException(); } -}
\ No newline at end of file +} diff --git a/core/java/android/net/http/DelegatingSocketWrapper.java b/core/java/android/net/http/DelegatingSocketWrapper.java deleted file mode 100644 index 230d017d82a3..000000000000 --- a/core/java/android/net/http/DelegatingSocketWrapper.java +++ /dev/null @@ -1,127 +0,0 @@ -/* - * Copyright 2014 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.net.http; - -import java.io.IOException; - -import javax.net.ssl.HandshakeCompletedListener; -import javax.net.ssl.SSLSession; -import javax.net.ssl.SSLSocket; -import javax.net.ssl.X509ExtendedTrustManager; - -/** - * This is used when only a {@code hostname} is available for - * {@link X509ExtendedTrustManager#checkServerTrusted(java.security.cert.X509Certificate[], String, Socket)} - * but we want to use the new API that requires a {@link SSLSocket}. - */ -class DelegatingSocketWrapper extends SSLSocket { - private String hostname; - - public DelegatingSocketWrapper(String hostname) { - this.hostname = hostname; - } - - @Override - public String[] getSupportedCipherSuites() { - throw new UnsupportedOperationException(); - } - - @Override - public String[] getEnabledCipherSuites() { - throw new UnsupportedOperationException(); - } - - @Override - public void setEnabledCipherSuites(String[] suites) { - throw new UnsupportedOperationException(); - } - - @Override - public String[] getSupportedProtocols() { - throw new UnsupportedOperationException(); - } - - @Override - public String[] getEnabledProtocols() { - throw new UnsupportedOperationException(); - } - - @Override - public void setEnabledProtocols(String[] protocols) { - throw new UnsupportedOperationException(); - } - - @Override - public SSLSession getSession() { - return new DelegatingSSLSession.HostnameWrap(hostname); - } - - @Override - public void addHandshakeCompletedListener(HandshakeCompletedListener listener) { - throw new UnsupportedOperationException(); - } - - @Override - public void removeHandshakeCompletedListener(HandshakeCompletedListener listener) { - throw new UnsupportedOperationException(); - } - - @Override - public void startHandshake() throws IOException { - throw new UnsupportedOperationException(); - } - - @Override - public void setUseClientMode(boolean mode) { - throw new UnsupportedOperationException(); - } - - @Override - public boolean getUseClientMode() { - throw new UnsupportedOperationException(); - } - - @Override - public void setNeedClientAuth(boolean need) { - throw new UnsupportedOperationException(); - } - - @Override - public void setWantClientAuth(boolean want) { - throw new UnsupportedOperationException(); - } - - @Override - public boolean getNeedClientAuth() { - throw new UnsupportedOperationException(); - } - - @Override - public boolean getWantClientAuth() { - throw new UnsupportedOperationException(); - } - - @Override - public void setEnableSessionCreation(boolean flag) { - throw new UnsupportedOperationException(); - } - - @Override - public boolean getEnableSessionCreation() { - throw new UnsupportedOperationException(); - } -}
\ No newline at end of file diff --git a/core/java/android/net/http/X509TrustManagerExtensions.java b/core/java/android/net/http/X509TrustManagerExtensions.java index d730a7ba0558..e8ccc2bae4d0 100644 --- a/core/java/android/net/http/X509TrustManagerExtensions.java +++ b/core/java/android/net/http/X509TrustManagerExtensions.java @@ -24,7 +24,6 @@ import java.util.List; import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLSocket; -import javax.net.ssl.X509ExtendedTrustManager; import javax.net.ssl.X509TrustManager; /** @@ -34,13 +33,6 @@ import javax.net.ssl.X509TrustManager; * verification of certificate chains after they have been successfully verified * by the platform. * </p> - * <p> - * If the returned certificate list is not needed, see also - * {@code X509ExtendedTrustManager#checkServerTrusted(X509Certificate[], String, java.net.Socket)} - * where an {@link SSLSocket} can be used to verify the given hostname during - * handshake using - * {@code SSLParameters#setEndpointIdentificationAlgorithm(String)}. - * </p> */ public class X509TrustManagerExtensions { @@ -73,7 +65,6 @@ public class X509TrustManagerExtensions { */ public List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType, String host) throws CertificateException { - return mDelegate.checkServerTrusted(chain, authType, - new DelegatingSSLSession.HostnameWrap(host)); + return mDelegate.checkServerTrusted(chain, authType, host); } } |