aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBrian Carlstrom <bdc@google.com>2013-03-27 15:33:39 -0700
committerBrian Carlstrom <bdc@google.com>2013-04-16 16:05:20 -0700
commit608ba9e25b0b4c2611197e9ad4cbb58c9db3aa57 (patch)
tree82364d64ba1d462317f11747f4b13e559c743826
parenta0150a87e2a74399c8144e18efbcaf707606c80e (diff)
downloadlibcore-608ba9e25b0b4c2611197e9ad4cbb58c9db3aa57.tar.gz
Do not include bogus certs in final chain output
(cherry-picked from 2cdf54071e7c62ceca7d40d7f6c704b91aad2a9f) Bug: 8313312 Bug: https://code.google.com/p/android/issues/detail?id=52295 Change-Id: Ie9f58c1bdc676471eaaf3073a78b0b00c5d9a833
Diffstat
-rw-r--r--luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java2
-rw-r--r--luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImplTest.java16
2 files changed, 17 insertions, 1 deletions
diff --git a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
index 93179662d15..a5a1978dda1 100644
--- a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
+++ b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
@@ -363,7 +363,7 @@ public final class TrustManagerImpl implements X509TrustManager {
// 2. Find the trust anchor in the chain, if any
int anchorIndex;
- for (anchorIndex = 0; anchorIndex < chain.length; anchorIndex++) {
+ for (anchorIndex = 0; anchorIndex <= currIndex; anchorIndex++) {
// If the current cert is a TrustAnchor, we can ignore the rest of the chain.
// This avoids including "bridge" CA certs that added for legacy compatibility.
TrustAnchor trustAnchor = findTrustAnchorBySubjectAndPublicKey(chain[anchorIndex]);
diff --git a/luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImplTest.java b/luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImplTest.java
index fe5f4f08136..9757bc5a358 100644
--- a/luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImplTest.java
+++ b/luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImplTest.java
@@ -98,6 +98,22 @@ public class TrustManagerImplTest extends TestCase {
assertValid(chain1, tm);
}
+ // We should ignore duplicate cruft in the certificate chain
+ // See https://code.google.com/p/android/issues/detail?id=52295 http://b/8313312
+ public void testDuplicateInChain() throws Exception {
+ // chain3 should be server/intermediate/root
+ KeyStore.PrivateKeyEntry pke = TestKeyStore.getServer().getPrivateKey("RSA", "RSA");
+ X509Certificate[] chain3 = (X509Certificate[])pke.getCertificateChain();
+ X509Certificate root = chain3[2];
+ X509Certificate intermediate = chain3[1];
+ X509Certificate server = chain3[0];
+
+ X509Certificate[] chain4 = new X509Certificate[] { server, intermediate,
+ server, intermediate
+ };
+ assertValid(chain4, trustManager(root));
+ }
+
public void testGetFullChain() throws Exception {
// build the trust manager
KeyStore.PrivateKeyEntry pke = TestKeyStore.getServer().getPrivateKey("RSA", "RSA");
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 20:50:42 +0000