diff options
author | Kenny Root <kroot@google.com> | 2013-04-23 22:33:18 -0700 |
---|---|---|
committer | Kenny Root <kroot@google.com> | 2013-04-29 13:27:39 -0700 |
commit | 28b1f0ee02e14241ffb81f431fc54053771c1c90 (patch) | |
tree | 258200099c2b81bc9c508a3be1b38d726fdd713a | |
parent | 0bb497b8d1bac2206df89a878ecb7e356d21fe99 (diff) | |
download | base-28b1f0ee02e14241ffb81f431fc54053771c1c90.tar.gz |
Don't use X509CertImpl directly
Change-Id: Ibabee35c90c2636c6f362e4d778d6795a0cef6c2
-rw-r--r-- | core/java/android/net/http/CertificateChainValidator.java | 13 | ||||
-rw-r--r-- | core/java/android/webkit/BrowserFrame.java | 17 |
2 files changed, 20 insertions, 10 deletions
diff --git a/core/java/android/net/http/CertificateChainValidator.java b/core/java/android/net/http/CertificateChainValidator.java index f66075d66b75..155ab93cd474 100644 --- a/core/java/android/net/http/CertificateChainValidator.java +++ b/core/java/android/net/http/CertificateChainValidator.java @@ -17,18 +17,19 @@ package android.net.http; +import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.KeyManagementException; import java.security.cert.Certificate; import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import javax.net.ssl.DefaultHostnameVerifier; import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; import javax.net.ssl.X509TrustManager; -import org.apache.harmony.security.provider.cert.X509CertImpl; import org.apache.harmony.xnet.provider.jsse.SSLParametersImpl; import org.apache.harmony.xnet.provider.jsse.TrustManagerImpl; @@ -118,8 +119,14 @@ public class CertificateChainValidator { X509Certificate[] serverCertificates = new X509Certificate[certChain.length]; - for (int i = 0; i < certChain.length; ++i) { - serverCertificates[i] = new X509CertImpl(certChain[i]); + try { + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + for (int i = 0; i < certChain.length; ++i) { + serverCertificates[i] = (X509Certificate) cf.generateCertificate( + new ByteArrayInputStream(certChain[i])); + } + } catch (CertificateException e) { + throw new IOException("can't read certificate", e); } return verifyServerDomainAndCertificates(serverCertificates, domain, authType); diff --git a/core/java/android/webkit/BrowserFrame.java b/core/java/android/webkit/BrowserFrame.java index 023dfa8dafe4..e627af15ffe3 100644 --- a/core/java/android/webkit/BrowserFrame.java +++ b/core/java/android/webkit/BrowserFrame.java @@ -40,13 +40,13 @@ import android.view.WindowManager; import junit.framework.Assert; +import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.lang.ref.WeakReference; import java.net.URLEncoder; -import java.nio.charset.Charsets; import java.security.PrivateKey; -import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.HashMap; @@ -55,7 +55,6 @@ import java.util.Iterator; import java.util.Map; import java.util.Set; -import org.apache.harmony.security.provider.cert.X509CertImpl; import org.apache.harmony.xnet.provider.jsse.OpenSSLKey; import org.apache.harmony.xnet.provider.jsse.OpenSSLKeyHolder; @@ -1079,10 +1078,12 @@ class BrowserFrame extends Handler { String url) { final SslError sslError; try { - X509Certificate cert = new X509CertImpl(certDER); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + X509Certificate cert = (X509Certificate) cf.generateCertificate( + new ByteArrayInputStream(certDER)); SslCertificate sslCert = new SslCertificate(cert); sslError = SslError.SslErrorFromChromiumErrorCode(certError, sslCert, url); - } catch (IOException e) { + } catch (Exception e) { // Can't get the certificate, not much to do. Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling"); nativeSslCertErrorCancel(handle, certError); @@ -1200,9 +1201,11 @@ class BrowserFrame extends Handler { */ private void setCertificate(byte cert_der[]) { try { - X509Certificate cert = new X509CertImpl(cert_der); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + X509Certificate cert = (X509Certificate) cf.generateCertificate( + new ByteArrayInputStream(cert_der)); mCallbackProxy.onReceivedCertificate(new SslCertificate(cert)); - } catch (IOException e) { + } catch (Exception e) { // Can't get the certificate, not much to do. Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling"); return; |