Merge "Initial commit for X509TrustManagerExtensions." into jb-mr1-dev
diff --git a/api/current.txt b/api/current.txt
index 4abcaee..8f77e23 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -13024,6 +13024,11 @@
field public static final int SSL_UNTRUSTED = 3; // 0x3
}
+ public class X509TrustManagerExtensions {
+ ctor public X509TrustManagerExtensions(javax.net.ssl.X509TrustManager) throws java.lang.IllegalArgumentException;
+ method public java.util.List<java.security.cert.X509Certificate> checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String, java.lang.String) throws java.security.cert.CertificateException;
+ }
+
}
package android.net.nsd {
diff --git a/core/java/android/net/X509TrustManagerExtensions.java b/core/java/android/net/X509TrustManagerExtensions.java
new file mode 100644
index 0000000..4026a1d
--- /dev/null
+++ b/core/java/android/net/X509TrustManagerExtensions.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2012 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.net.http;
+
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.security.KeyManagementException;
+import java.util.List;
+
+import javax.net.ssl.X509TrustManager;
+
+import org.apache.harmony.xnet.provider.jsse.TrustManagerImpl;
+
+/**
+ * X509TrustManager wrapper exposing Android-added features.
+ *
+ * <p> The checkServerTrusted method allows callers to perform additional
+ * verification of certificate chains after they have been successfully
+ * verified by the platform.</p>
+ */
+public class X509TrustManagerExtensions {
+
+ TrustManagerImpl mDelegate;
+
+ /**
+ * Constructs a new X509TrustManagerExtensions wrapper.
+ *
+ * @param tm A {@link X509TrustManager} as returned by TrustManagerFactory.getInstance();
+ * @throws IllegalArgumentException If tm is an unsupported TrustManager type.
+ */
+ public X509TrustManagerExtensions(X509TrustManager tm) throws IllegalArgumentException {
+ if (mDelegate instanceof TrustManagerImpl) {
+ mDelegate = (TrustManagerImpl) tm;
+ } else {
+ throw new IllegalArgumentException("tm is not a supported type of X509TrustManager");
+ }
+ }
+
+ /**
+ * Verifies the given certificate chain.
+ *
+ * <p>See {@link X509TrustManager#checkServerTrusted(X509Certificate[], String)} for a
+ * description of the chain and authType parameters. The final parameter, host, should be the
+ * hostname of the server.</p>
+ *
+ * @throws CertificateException if the chain does not verify correctly.
+ * @return the properly ordered chain used for verification as a list of X509Certificates.
+ */
+ public List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType,
+ String host) throws CertificateException {
+ return mDelegate.checkServerTrusted(chain, authType, host);
+ }
+}