Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / ec95c407b43a03890d3b42b86571110ee90d283d^! / .
commitec95c407b43a03890d3b42b86571110ee90d283d[log] [tgz]
authorChad Brubaker <cbrubaker@google.com>Wed Oct 28 14:06:43 2015 -0700
committerChad Brubaker <cbrubaker@google.com>Wed Oct 28 14:25:06 2015 -0700
tree8afd9a838864d0b1814e35561b69ffc328b4d7d1
parent3398abb25b6a8614f80f79efcf428a07185fe50f [diff]
Add stub isSameTrustConfiguration API

This API will be used in WebView to help determine whether secure
connections to hostname A can be used for secure communication to
hostname B (e.g., HTTP/2 connection pooling).

This is needed because with the new network security configuration a
completely different trust configuration may be used for
foo.com and bar.foo.com, so even if the foo.com certificate contains a
SAN for bar.foo.com it may not be valid for bar.foo.com given the
applications trust configuration.

Change-Id: I87184d392b9a7eca53a9c837996ca7ab5cd5bf12

diff --git a/api/system-current.txt b/api/system-current.txt
index 3554e0f..e185a00 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt

@@ -20514,6 +20514,7 @@
   public class X509TrustManagerExtensions {
     ctor public X509TrustManagerExtensions(javax.net.ssl.X509TrustManager) throws java.lang.IllegalArgumentException;
     method public java.util.List<java.security.cert.X509Certificate> checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String, java.lang.String) throws java.security.cert.CertificateException;
+    method public boolean isSameTrustConfiguration(java.lang.String, java.lang.String);
     method public boolean isUserAddedCertificate(java.security.cert.X509Certificate);
   }
 

diff --git a/core/java/android/net/http/X509TrustManagerExtensions.java b/core/java/android/net/http/X509TrustManagerExtensions.java
index eb4ceda..25ef8b5 100644
--- a/core/java/android/net/http/X509TrustManagerExtensions.java
+++ b/core/java/android/net/http/X509TrustManagerExtensions.java

@@ -16,6 +16,8 @@
 
 package android.net.http;
 
+import android.annotation.SystemApi;
+
 import com.android.org.conscrypt.TrustManagerImpl;
 
 import java.security.cert.CertificateException;
@@ -80,4 +82,15 @@
     public boolean isUserAddedCertificate(X509Certificate cert) {
         return mDelegate.isUserAddedCertificate(cert);
     }
+
+    /**
+     * Returns {@code true} if the TrustManager uses the same trust configuration for the provided
+     * hostnames.
+     *
+     * @hide
+     */
+    @SystemApi
+    public boolean isSameTrustConfiguration(String hostname1, String hostname2) {
+        return true;
+    }
 }