Merge "Don't use X509CertImpl directly"

author: Kenny Root <kroot@google.com> 2013-04-29 20:54:48 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2013-04-29 20:54:49 +0000
commit: d152f7ec1ae43d77ff8e2206724ce71da3da9913 (patch)
tree: 258200099c2b81bc9c508a3be1b38d726fdd713a
parent: 0bb497b8d1bac2206df89a878ecb7e356d21fe99 (diff)
parent: 28b1f0ee02e14241ffb81f431fc54053771c1c90 (diff)
download: base-d152f7ec1ae43d77ff8e2206724ce71da3da9913.tar.gz
2 files changed, 20 insertions, 10 deletions
diff --git a/core/java/android/net/http/CertificateChainValidator.java b/core/java/android/net/http/CertificateChainValidator.java
index f66075d66b75..155ab93cd474 100644
--- a/core/java/android/net/http/CertificateChainValidator.java
+++ b/core/java/android/net/http/CertificateChainValidator.java
@@ -17,18 +17,19 @@
 package android.net.http;
 
 
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.security.KeyManagementException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import javax.net.ssl.DefaultHostnameVerifier;
 import javax.net.ssl.SSLHandshakeException;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.X509TrustManager;
-import org.apache.harmony.security.provider.cert.X509CertImpl;
 import org.apache.harmony.xnet.provider.jsse.SSLParametersImpl;
 import org.apache.harmony.xnet.provider.jsse.TrustManagerImpl;
 
@@ -118,8 +119,14 @@ public class CertificateChainValidator {
 
         X509Certificate[] serverCertificates = new X509Certificate[certChain.length];
 
-        for (int i = 0; i < certChain.length; ++i) {
-            serverCertificates[i] = new X509CertImpl(certChain[i]);
+        try {
+            CertificateFactory cf = CertificateFactory.getInstance("X.509");
+            for (int i = 0; i < certChain.length; ++i) {
+                serverCertificates[i] = (X509Certificate) cf.generateCertificate(
+                        new ByteArrayInputStream(certChain[i]));
+            }
+        } catch (CertificateException e) {
+            throw new IOException("can't read certificate", e);
         }
 
         return verifyServerDomainAndCertificates(serverCertificates, domain, authType);
diff --git a/core/java/android/webkit/BrowserFrame.java b/core/java/android/webkit/BrowserFrame.java
index 023dfa8dafe4..e627af15ffe3 100644
--- a/core/java/android/webkit/BrowserFrame.java
+++ b/core/java/android/webkit/BrowserFrame.java
@@ -40,13 +40,13 @@ import android.view.WindowManager;
 
 import junit.framework.Assert;
 
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.lang.ref.WeakReference;
 import java.net.URLEncoder;
-import java.nio.charset.Charsets;
 import java.security.PrivateKey;
-import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -55,7 +55,6 @@ import java.util.Iterator;
 import java.util.Map;
 import java.util.Set;
 
-import org.apache.harmony.security.provider.cert.X509CertImpl;
 import org.apache.harmony.xnet.provider.jsse.OpenSSLKey;
 import org.apache.harmony.xnet.provider.jsse.OpenSSLKeyHolder;
 
@@ -1079,10 +1078,12 @@ class BrowserFrame extends Handler {
             String url) {
         final SslError sslError;
         try {
-            X509Certificate cert = new X509CertImpl(certDER);
+            CertificateFactory cf = CertificateFactory.getInstance("X.509");
+            X509Certificate cert = (X509Certificate) cf.generateCertificate(
+                    new ByteArrayInputStream(certDER));
             SslCertificate sslCert = new SslCertificate(cert);
             sslError = SslError.SslErrorFromChromiumErrorCode(certError, sslCert, url);
-        } catch (IOException e) {
+        } catch (Exception e) {
             // Can't get the certificate, not much to do.
             Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling");
             nativeSslCertErrorCancel(handle, certError);
@@ -1200,9 +1201,11 @@ class BrowserFrame extends Handler {
      */
     private void setCertificate(byte cert_der[]) {
         try {
-            X509Certificate cert = new X509CertImpl(cert_der);
+            CertificateFactory cf = CertificateFactory.getInstance("X.509");
+            X509Certificate cert = (X509Certificate) cf.generateCertificate(
+                    new ByteArrayInputStream(cert_der));
             mCallbackProxy.onReceivedCertificate(new SslCertificate(cert));
-        } catch (IOException e) {
+        } catch (Exception e) {
             // Can't get the certificate, not much to do.
             Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling");
             return;
author	Kenny Root <kroot@google.com>	2013-04-29 20:54:48 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2013-04-29 20:54:49 +0000
commit	d152f7ec1ae43d77ff8e2206724ce71da3da9913 (patch)
tree	258200099c2b81bc9c508a3be1b38d726fdd713a
parent	0bb497b8d1bac2206df89a878ecb7e356d21fe99 (diff)
parent	28b1f0ee02e14241ffb81f431fc54053771c1c90 (diff)
download	base-d152f7ec1ae43d77ff8e2206724ce71da3da9913.tar.gz