Add stub isSameTrustConfiguration API
This API will be used in WebView to help determine whether secure
connections to hostname A can be used for secure communication to
hostname B (e.g., HTTP/2 connection pooling).
This is needed because with the new network security configuration a
completely different trust configuration may be used for
foo.com and bar.foo.com, so even if the foo.com certificate contains a
SAN for bar.foo.com it may not be valid for bar.foo.com given the
applications trust configuration.
Change-Id: I87184d392b9a7eca53a9c837996ca7ab5cd5bf12
diff --git a/api/system-current.txt b/api/system-current.txt
index 3554e0f..e185a00 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -20514,6 +20514,7 @@
public class X509TrustManagerExtensions {
ctor public X509TrustManagerExtensions(javax.net.ssl.X509TrustManager) throws java.lang.IllegalArgumentException;
method public java.util.List<java.security.cert.X509Certificate> checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String, java.lang.String) throws java.security.cert.CertificateException;
+ method public boolean isSameTrustConfiguration(java.lang.String, java.lang.String);
method public boolean isUserAddedCertificate(java.security.cert.X509Certificate);
}
diff --git a/core/java/android/net/http/X509TrustManagerExtensions.java b/core/java/android/net/http/X509TrustManagerExtensions.java
index eb4ceda..25ef8b5 100644
--- a/core/java/android/net/http/X509TrustManagerExtensions.java
+++ b/core/java/android/net/http/X509TrustManagerExtensions.java
@@ -16,6 +16,8 @@
package android.net.http;
+import android.annotation.SystemApi;
+
import com.android.org.conscrypt.TrustManagerImpl;
import java.security.cert.CertificateException;
@@ -80,4 +82,15 @@
public boolean isUserAddedCertificate(X509Certificate cert) {
return mDelegate.isUserAddedCertificate(cert);
}
+
+ /**
+ * Returns {@code true} if the TrustManager uses the same trust configuration for the provided
+ * hostnames.
+ *
+ * @hide
+ */
+ @SystemApi
+ public boolean isSameTrustConfiguration(String hostname1, String hostname2) {
+ return true;
+ }
}