resolved conflicts for merge of 534f3e94 to jb-mr1-dev
Change-Id: I48ef81bc77d5ececbe9b0cf7d5e905512ca16394
diff --git a/media/java/android/media/AudioService.java b/media/java/android/media/AudioService.java
index 315196e..f0fdfc1 100644
--- a/media/java/android/media/AudioService.java
+++ b/media/java/android/media/AudioService.java
@@ -45,6 +45,8 @@
import android.database.ContentObserver;
import android.media.MediaPlayer.OnCompletionListener;
import android.media.MediaPlayer.OnErrorListener;
+import android.net.http.CertificateChainValidator;
+import android.net.http.SslError;
import android.os.Binder;
import android.os.Bundle;
import android.os.Environment;
@@ -72,9 +74,11 @@
import com.android.internal.telephony.ITelephony;
+import java.io.ByteArrayInputStream;
import java.io.FileDescriptor;
import java.io.IOException;
import java.io.PrintWriter;
+import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.concurrent.ConcurrentHashMap;
import java.util.HashMap;
@@ -105,6 +109,8 @@
protected static final boolean DEBUG_RC = false;
/** Debug volumes */
protected static final boolean DEBUG_VOL = false;
+ /** Debug cert verification */
+ private static final boolean DEBUG_CERTS = false;
/** How long to delay before persisting a change in volume/ringer mode. */
private static final int PERSIST_DELAY = 500;
@@ -5967,6 +5973,43 @@
pw.println(Integer.toHexString(mRingerModeMutedStreams));
}
+ public int verifyX509CertChain(int numcerts, byte [] chain, String domain, String authType) {
+
+ if (DEBUG_CERTS) {
+ Log.v(TAG, "java side verify for "
+ + numcerts + " certificates (" + chain.length + " bytes"
+ + ")for "+ domain + "/" + authType);
+ }
+
+ byte[][] certChain = new byte[numcerts][];
+
+ ByteBuffer buf = ByteBuffer.wrap(chain);
+ for (int i = 0; i < numcerts; i++) {
+ int certlen = buf.getInt();
+ if (DEBUG_CERTS) {
+ Log.i(TAG, "cert " + i +": " + certlen);
+ }
+ certChain[i] = new byte[certlen];
+ buf.get(certChain[i]);
+ }
+
+ try {
+ SslError err = CertificateChainValidator.verifyServerCertificates(certChain,
+ domain, authType);
+ if (DEBUG_CERTS) {
+ Log.i(TAG, "verified: " + err);
+ }
+ if (err == null) {
+ return -1;
+ } else {
+ return err.getPrimaryError();
+ }
+ } catch (Exception e) {
+ Log.e(TAG, "failed to verify chain: " + e);
+ }
+ return SslError.SSL_INVALID;
+ }
+
@Override
protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG);
diff --git a/media/java/android/media/IAudioService.aidl b/media/java/android/media/IAudioService.aidl
index ea99069..d723cd4 100644
--- a/media/java/android/media/IAudioService.aidl
+++ b/media/java/android/media/IAudioService.aidl
@@ -34,6 +34,8 @@
*/
interface IAudioService {
+ int verifyX509CertChain(int chainsize, in byte[] chain, String host, String authtype);
+
void adjustVolume(int direction, int flags);
oneway void adjustLocalOrRemoteStreamVolume(int streamType, int direction);