Merge "Implement checkClientTrusted" am: 8e19803a6a am: a4a6cf9b51
am: 52ae900a29
* commit '52ae900a291844b6454fdb5f9edf65abb95c6fa9':
Implement checkClientTrusted
diff --git a/core/java/android/security/net/config/NetworkSecurityTrustManager.java b/core/java/android/security/net/config/NetworkSecurityTrustManager.java
index 7f5b3ca..2b860fa 100644
--- a/core/java/android/security/net/config/NetworkSecurityTrustManager.java
+++ b/core/java/android/security/net/config/NetworkSecurityTrustManager.java
@@ -65,7 +65,7 @@
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
- throw new CertificateException("Client authentication not supported");
+ mDelegate.checkClientTrusted(chain, authType);
}
@Override
@@ -149,6 +149,6 @@
@Override
public X509Certificate[] getAcceptedIssuers() {
- return new X509Certificate[0];
+ return mDelegate.getAcceptedIssuers();
}
}
diff --git a/core/java/android/security/net/config/RootTrustManager.java b/core/java/android/security/net/config/RootTrustManager.java
index b87bf1f..e307ad0 100644
--- a/core/java/android/security/net/config/RootTrustManager.java
+++ b/core/java/android/security/net/config/RootTrustManager.java
@@ -35,7 +35,6 @@
* @hide */
public class RootTrustManager implements X509TrustManager {
private final ApplicationConfig mConfig;
- private static final X509Certificate[] EMPTY_ISSUERS = new X509Certificate[0];
public RootTrustManager(ApplicationConfig config) {
if (config == null) {
@@ -47,7 +46,10 @@
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
- throw new CertificateException("Client authentication not supported");
+ // Use the default configuration for all client authentication. Domain specific configs are
+ // only for use in checking server trust not client trust.
+ NetworkSecurityConfig config = mConfig.getConfigForHostname("");
+ config.getTrustManager().checkClientTrusted(chain, authType);
}
@Override
@@ -84,6 +86,10 @@
@Override
public X509Certificate[] getAcceptedIssuers() {
- return EMPTY_ISSUERS;
+ // getAcceptedIssuers is meant to be used to determine which trust anchors the server will
+ // accept when verifying clients. Domain specific configs are only for use in checking
+ // server trust not client trust so use the default config.
+ NetworkSecurityConfig config = mConfig.getConfigForHostname("");
+ return config.getTrustManager().getAcceptedIssuers();
}
}