Expose new API for querying whether a certificate was user added.
Bug: 11257762
Change-Id: Icb23ac4f452528751988db708f7588ef45d23c26
diff --git a/api/current.txt b/api/current.txt
index 745b33d93..e32b255 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -14663,6 +14663,7 @@
public class X509TrustManagerExtensions {
ctor public X509TrustManagerExtensions(javax.net.ssl.X509TrustManager) throws java.lang.IllegalArgumentException;
method public java.util.List<java.security.cert.X509Certificate> checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String, java.lang.String) throws java.security.cert.CertificateException;
+ method public boolean isUserAddedCertificate(java.security.cert.X509Certificate);
}
}
diff --git a/core/java/android/net/http/X509TrustManagerExtensions.java b/core/java/android/net/http/X509TrustManagerExtensions.java
index cfe5f27..025b3c4 100644
--- a/core/java/android/net/http/X509TrustManagerExtensions.java
+++ b/core/java/android/net/http/X509TrustManagerExtensions.java
@@ -63,4 +63,17 @@
String host) throws CertificateException {
return mDelegate.checkServerTrusted(chain, authType, host);
}
+
+ /**
+ * Checks whether a CA certificate is added by an user.
+ *
+ * <p>Since {@link checkServerTrusted} allows its parameter {@link chain} to chain up to user-
+ * added CA certificates, this method can be used to perform additional policies for user-added
+ * CA certificates.
+ *
+ * @return true to indicate that the certificate was added by the user, false otherwise.
+ */
+ public boolean isUserAddedCertificate(X509Certificate cert) {
+ return mDelegate.isUserAddedCertificate(cert);
+ }
}