Merge "Don't use X509CertImpl directly"
diff --git a/core/java/android/net/http/CertificateChainValidator.java b/core/java/android/net/http/CertificateChainValidator.java
index f66075d..155ab93 100644
--- a/core/java/android/net/http/CertificateChainValidator.java
+++ b/core/java/android/net/http/CertificateChainValidator.java
@@ -17,18 +17,19 @@
package android.net.http;
+import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.DefaultHostnameVerifier;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509TrustManager;
-import org.apache.harmony.security.provider.cert.X509CertImpl;
import org.apache.harmony.xnet.provider.jsse.SSLParametersImpl;
import org.apache.harmony.xnet.provider.jsse.TrustManagerImpl;
@@ -118,8 +119,14 @@
X509Certificate[] serverCertificates = new X509Certificate[certChain.length];
- for (int i = 0; i < certChain.length; ++i) {
- serverCertificates[i] = new X509CertImpl(certChain[i]);
+ try {
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ for (int i = 0; i < certChain.length; ++i) {
+ serverCertificates[i] = (X509Certificate) cf.generateCertificate(
+ new ByteArrayInputStream(certChain[i]));
+ }
+ } catch (CertificateException e) {
+ throw new IOException("can't read certificate", e);
}
return verifyServerDomainAndCertificates(serverCertificates, domain, authType);
diff --git a/core/java/android/webkit/BrowserFrame.java b/core/java/android/webkit/BrowserFrame.java
index 023dfa8..e627af1 100644
--- a/core/java/android/webkit/BrowserFrame.java
+++ b/core/java/android/webkit/BrowserFrame.java
@@ -40,13 +40,13 @@
import junit.framework.Assert;
+import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.ref.WeakReference;
import java.net.URLEncoder;
-import java.nio.charset.Charsets;
import java.security.PrivateKey;
-import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
@@ -55,7 +55,6 @@
import java.util.Map;
import java.util.Set;
-import org.apache.harmony.security.provider.cert.X509CertImpl;
import org.apache.harmony.xnet.provider.jsse.OpenSSLKey;
import org.apache.harmony.xnet.provider.jsse.OpenSSLKeyHolder;
@@ -1079,10 +1078,12 @@
String url) {
final SslError sslError;
try {
- X509Certificate cert = new X509CertImpl(certDER);
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ X509Certificate cert = (X509Certificate) cf.generateCertificate(
+ new ByteArrayInputStream(certDER));
SslCertificate sslCert = new SslCertificate(cert);
sslError = SslError.SslErrorFromChromiumErrorCode(certError, sslCert, url);
- } catch (IOException e) {
+ } catch (Exception e) {
// Can't get the certificate, not much to do.
Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling");
nativeSslCertErrorCancel(handle, certError);
@@ -1200,9 +1201,11 @@
*/
private void setCertificate(byte cert_der[]) {
try {
- X509Certificate cert = new X509CertImpl(cert_der);
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ X509Certificate cert = (X509Certificate) cf.generateCertificate(
+ new ByteArrayInputStream(cert_der));
mCallbackProxy.onReceivedCertificate(new SslCertificate(cert));
- } catch (IOException e) {
+ } catch (Exception e) {
// Can't get the certificate, not much to do.
Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling");
return;