Merge "Check for null hostnames in RootTrustManager"
am: 49ce7dc2ba
* commit '49ce7dc2baa9ee867fc7b78301c65fab2168a9b2':
Check for null hostnames in RootTrustManager
diff --git a/core/java/android/security/net/config/RootTrustManager.java b/core/java/android/security/net/config/RootTrustManager.java
index e307ad0..b4e58e6 100644
--- a/core/java/android/security/net/config/RootTrustManager.java
+++ b/core/java/android/security/net/config/RootTrustManager.java
@@ -71,6 +71,10 @@
*/
public List<X509Certificate> checkServerTrusted(X509Certificate[] certs, String authType,
String hostname) throws CertificateException {
+ if (hostname == null && mConfig.hasPerDomainConfigs()) {
+ throw new CertificateException(
+ "Domain specific configurations require that the hostname be provided");
+ }
NetworkSecurityConfig config = mConfig.getConfigForHostname(hostname);
return config.getTrustManager().checkServerTrusted(certs, authType, hostname);
}
diff --git a/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java b/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java
index 998bb68..35e3ef4 100644
--- a/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java
+++ b/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java
@@ -22,6 +22,7 @@
import android.util.ArraySet;
import android.util.Pair;
import java.io.IOException;
+import java.net.InetAddress;
import java.net.Socket;
import java.net.URL;
import java.security.KeyStore;
@@ -34,6 +35,7 @@
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
+import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
@@ -103,6 +105,15 @@
TestUtils.assertConnectionFails(context, "developer.android.com", 443);
TestUtils.assertUrlConnectionFails(context, "google.com", 443);
TestUtils.assertUrlConnectionSucceeds(context, "android.com", 443);
+ // Check that sockets created without the hostname fail with per-domain configs
+ SSLSocket socket = (SSLSocket) context.getSocketFactory()
+ .createSocket(InetAddress.getByName("android.com"), 443);
+ try {
+ socket.startHandshake();
+ socket.getInputStream();
+ fail();
+ } catch (IOException expected) {
+ }
}
public void testBasicPinning() throws Exception {