Merge "Implement checkClientTrusted" am: 8e19803a6a am: a4a6cf9b51 am: 52ae900a29 * commit '52ae900a291844b6454fdb5f9edf65abb95c6fa9': Implement checkClientTrusted

commit: 4148b1af0c69137604bd777dfce22226b02eb3e7 [log] [tgz]
author: Chad Brubaker <cbrubaker@google.com> Wed Nov 25 20:55:01 2015 +0000
committer: android-build-merger <android-build-merger@google.com> Wed Nov 25 20:55:01 2015 +0000
tree: 57a1653fcc4884c8a700ac8b62c8052f68ec22fd
parent: e60d5cc3be203c2578613353b6dccb05c7a7299f [diff]
parent: 52ae900a291844b6454fdb5f9edf65abb95c6fa9 [diff]
diff --git a/core/java/android/security/net/config/NetworkSecurityTrustManager.java b/core/java/android/security/net/config/NetworkSecurityTrustManager.java
index 7f5b3ca..2b860fa 100644
--- a/core/java/android/security/net/config/NetworkSecurityTrustManager.java
+++ b/core/java/android/security/net/config/NetworkSecurityTrustManager.java

@@ -65,7 +65,7 @@
     @Override
     public void checkClientTrusted(X509Certificate[] chain, String authType)
             throws CertificateException {
-        throw new CertificateException("Client authentication not supported");
+        mDelegate.checkClientTrusted(chain, authType);
     }
 
     @Override
@@ -149,6 +149,6 @@
 
     @Override
     public X509Certificate[] getAcceptedIssuers() {
-        return new X509Certificate[0];
+        return mDelegate.getAcceptedIssuers();
     }
 }

diff --git a/core/java/android/security/net/config/RootTrustManager.java b/core/java/android/security/net/config/RootTrustManager.java
index b87bf1f..e307ad0 100644
--- a/core/java/android/security/net/config/RootTrustManager.java
+++ b/core/java/android/security/net/config/RootTrustManager.java

@@ -35,7 +35,6 @@
  * @hide */
 public class RootTrustManager implements X509TrustManager {
     private final ApplicationConfig mConfig;
-    private static final X509Certificate[] EMPTY_ISSUERS = new X509Certificate[0];
 
     public RootTrustManager(ApplicationConfig config) {
         if (config == null) {
@@ -47,7 +46,10 @@
     @Override
     public void checkClientTrusted(X509Certificate[] chain, String authType)
             throws CertificateException {
-        throw new CertificateException("Client authentication not supported");
+        // Use the default configuration for all client authentication. Domain specific configs are
+        // only for use in checking server trust not client trust.
+        NetworkSecurityConfig config = mConfig.getConfigForHostname("");
+        config.getTrustManager().checkClientTrusted(chain, authType);
     }
 
     @Override
@@ -84,6 +86,10 @@
 
     @Override
     public X509Certificate[] getAcceptedIssuers() {
-        return EMPTY_ISSUERS;
+        // getAcceptedIssuers is meant to be used to determine which trust anchors the server will
+        // accept when verifying clients. Domain specific configs are only for use in checking
+        // server trust not client trust so use the default config.
+        NetworkSecurityConfig config = mConfig.getConfigForHostname("");
+        return config.getTrustManager().getAcceptedIssuers();
     }
 }
commit	4148b1af0c69137604bd777dfce22226b02eb3e7	[log] [tgz]
author	Chad Brubaker <cbrubaker@google.com>	Wed Nov 25 20:55:01 2015 +0000
committer	android-build-merger <android-build-merger@google.com>	Wed Nov 25 20:55:01 2015 +0000
tree	57a1653fcc4884c8a700ac8b62c8052f68ec22fd
parent	e60d5cc3be203c2578613353b6dccb05c7a7299f [diff]
parent	52ae900a291844b6454fdb5f9edf65abb95c6fa9 [diff]