diff options
author | Brian Carlstrom <bdc@google.com> | 2013-03-27 15:33:39 -0700 |
---|---|---|
committer | Brian Carlstrom <bdc@google.com> | 2013-04-16 16:05:20 -0700 |
commit | 608ba9e25b0b4c2611197e9ad4cbb58c9db3aa57 (patch) | |
tree | 82364d64ba1d462317f11747f4b13e559c743826 | |
parent | a0150a87e2a74399c8144e18efbcaf707606c80e (diff) | |
download | libcore-608ba9e25b0b4c2611197e9ad4cbb58c9db3aa57.tar.gz |
Do not include bogus certs in final chain output
(cherry-picked from 2cdf54071e7c62ceca7d40d7f6c704b91aad2a9f)
Bug: 8313312
Bug: https://code.google.com/p/android/issues/detail?id=52295
Change-Id: Ie9f58c1bdc676471eaaf3073a78b0b00c5d9a833
-rw-r--r-- | luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java | 2 | ||||
-rw-r--r-- | luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImplTest.java | 16 |
2 files changed, 17 insertions, 1 deletions
diff --git a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java index 93179662d15..a5a1978dda1 100644 --- a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java +++ b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java @@ -363,7 +363,7 @@ public final class TrustManagerImpl implements X509TrustManager { // 2. Find the trust anchor in the chain, if any int anchorIndex; - for (anchorIndex = 0; anchorIndex < chain.length; anchorIndex++) { + for (anchorIndex = 0; anchorIndex <= currIndex; anchorIndex++) { // If the current cert is a TrustAnchor, we can ignore the rest of the chain. // This avoids including "bridge" CA certs that added for legacy compatibility. TrustAnchor trustAnchor = findTrustAnchorBySubjectAndPublicKey(chain[anchorIndex]); diff --git a/luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImplTest.java b/luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImplTest.java index fe5f4f08136..9757bc5a358 100644 --- a/luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImplTest.java +++ b/luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImplTest.java @@ -98,6 +98,22 @@ public class TrustManagerImplTest extends TestCase { assertValid(chain1, tm); } + // We should ignore duplicate cruft in the certificate chain + // See https://code.google.com/p/android/issues/detail?id=52295 http://b/8313312 + public void testDuplicateInChain() throws Exception { + // chain3 should be server/intermediate/root + KeyStore.PrivateKeyEntry pke = TestKeyStore.getServer().getPrivateKey("RSA", "RSA"); + X509Certificate[] chain3 = (X509Certificate[])pke.getCertificateChain(); + X509Certificate root = chain3[2]; + X509Certificate intermediate = chain3[1]; + X509Certificate server = chain3[0]; + + X509Certificate[] chain4 = new X509Certificate[] { server, intermediate, + server, intermediate + }; + assertValid(chain4, trustManager(root)); + } + public void testGetFullChain() throws Exception { // build the trust manager KeyStore.PrivateKeyEntry pke = TestKeyStore.getServer().getPrivateKey("RSA", "RSA"); |