Merge "Fix isUserAddedCertificate" into nyc-dev
diff --git a/core/java/android/net/http/X509TrustManagerExtensions.java b/core/java/android/net/http/X509TrustManagerExtensions.java
index 87a0b70..e0fa63a 100644
--- a/core/java/android/net/http/X509TrustManagerExtensions.java
+++ b/core/java/android/net/http/X509TrustManagerExtensions.java
@@ -17,6 +17,7 @@
package android.net.http;
import android.annotation.SystemApi;
+import android.security.net.config.UserCertificateSource;
import com.android.org.conscrypt.TrustManagerImpl;
@@ -43,7 +44,6 @@
// Methods to use when mDelegate is not a TrustManagerImpl and duck typing is being used.
private final X509TrustManager mTrustManager;
private final Method mCheckServerTrusted;
- private final Method mIsUserAddedCertificate;
private final Method mIsSameTrustConfiguration;
/**
@@ -57,7 +57,6 @@
mDelegate = (TrustManagerImpl) tm;
mTrustManager = null;
mCheckServerTrusted = null;
- mIsUserAddedCertificate = null;
mIsSameTrustConfiguration = null;
return;
}
@@ -74,14 +73,6 @@
throw new IllegalArgumentException("Required method"
+ " checkServerTrusted(X509Certificate[], String, String, String) missing");
}
- // Check that isUserAddedCertificate is present.
- try {
- mIsUserAddedCertificate = tm.getClass().getMethod("isUserAddedCertificate",
- X509Certificate.class);
- } catch (NoSuchMethodException e) {
- throw new IllegalArgumentException(
- "Required method isUserAddedCertificate(X509Certificate) missing");
- }
// Get the option isSameTrustConfiguration method.
Method isSameTrustConfiguration = null;
try {
@@ -128,29 +119,15 @@
/**
* Checks whether a CA certificate is added by an user.
*
- * <p>Since {@link X509TrustManager#checkServerTrusted} allows its parameter {@code chain} to
+ * <p>Since {@link X509TrustManager#checkServerTrusted} may allow its parameter {@code chain} to
* chain up to user-added CA certificates, this method can be used to perform additional
* policies for user-added CA certificates.
*
- * @return {@code true} to indicate that the certificate was added by the user, {@code false}
- * otherwise.
+ * @return {@code true} to indicate that the certificate authority exists in the user added
+ * certificate store, {@code false} otherwise.
*/
public boolean isUserAddedCertificate(X509Certificate cert) {
- if (mDelegate != null) {
- return mDelegate.isUserAddedCertificate(cert);
- } else {
- try {
- return (Boolean) mIsUserAddedCertificate.invoke(mTrustManager, cert);
- } catch (IllegalAccessException e) {
- throw new RuntimeException("Failed to call isUserAddedCertificate", e);
- } catch (InvocationTargetException e) {
- if (e.getCause() instanceof RuntimeException) {
- throw (RuntimeException) e.getCause();
- } else {
- throw new RuntimeException("isUserAddedCertificate failed", e.getCause());
- }
- }
- }
+ return UserCertificateSource.getInstance().findBySubjectAndPublicKey(cert) != null;
}
/**
diff --git a/core/java/android/security/net/config/NetworkSecurityTrustManager.java b/core/java/android/security/net/config/NetworkSecurityTrustManager.java
index 3c292ca..d9cc82a 100644
--- a/core/java/android/security/net/config/NetworkSecurityTrustManager.java
+++ b/core/java/android/security/net/config/NetworkSecurityTrustManager.java
@@ -115,15 +115,6 @@
return trustedChain;
}
- /**
- * Check if the provided certificate is a user added certificate authority.
- * This is required by android.net.http.X509TrustManagerExtensions.
- */
- public boolean isUserAddedCertificate(X509Certificate cert) {
- // TODO: Figure out the right way to handle this, and if it is still even used.
- return false;
- }
-
private void checkPins(List<X509Certificate> chain) throws CertificateException {
PinSet pinSet = mNetworkSecurityConfig.getPins();
if (pinSet.pins.isEmpty()
diff --git a/core/java/android/security/net/config/RootTrustManager.java b/core/java/android/security/net/config/RootTrustManager.java
index 859e022..2a30f11 100644
--- a/core/java/android/security/net/config/RootTrustManager.java
+++ b/core/java/android/security/net/config/RootTrustManager.java
@@ -131,15 +131,6 @@
return config.getTrustManager().checkServerTrusted(certs, authType, hostname);
}
- /**
- * Check if the provided certificate is a user added certificate authority.
- * This is required by android.net.http.X509TrustManagerExtensions.
- */
- public boolean isUserAddedCertificate(X509Certificate cert) {
- // TODO: Figure out the right way to handle this, and if it is still even used.
- return false;
- }
-
@Override
public X509Certificate[] getAcceptedIssuers() {
// getAcceptedIssuers is meant to be used to determine which trust anchors the server will