Geremy Condra | ed41a4e | 2012-09-14 18:11:29 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2012 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package android.net.http; |
| 18 | |
Kenny Root | 12e7522 | 2013-04-23 22:34:24 -0700 | [diff] [blame] | 19 | import com.android.org.conscrypt.TrustManagerImpl; |
Andy Stadler | 8071124 | 2012-09-18 17:40:14 -0700 | [diff] [blame] | 20 | |
Geremy Condra | ed41a4e | 2012-09-14 18:11:29 -0700 | [diff] [blame] | 21 | import java.security.cert.CertificateException; |
| 22 | import java.security.cert.X509Certificate; |
Geremy Condra | ed41a4e | 2012-09-14 18:11:29 -0700 | [diff] [blame] | 23 | import java.util.List; |
| 24 | |
| 25 | import javax.net.ssl.X509TrustManager; |
| 26 | |
Geremy Condra | ed41a4e | 2012-09-14 18:11:29 -0700 | [diff] [blame] | 27 | /** |
| 28 | * X509TrustManager wrapper exposing Android-added features. |
| 29 | * |
| 30 | * <p> The checkServerTrusted method allows callers to perform additional |
| 31 | * verification of certificate chains after they have been successfully |
| 32 | * verified by the platform.</p> |
| 33 | */ |
| 34 | public class X509TrustManagerExtensions { |
| 35 | |
| 36 | TrustManagerImpl mDelegate; |
| 37 | |
| 38 | /** |
| 39 | * Constructs a new X509TrustManagerExtensions wrapper. |
| 40 | * |
| 41 | * @param tm A {@link X509TrustManager} as returned by TrustManagerFactory.getInstance(); |
| 42 | * @throws IllegalArgumentException If tm is an unsupported TrustManager type. |
| 43 | */ |
| 44 | public X509TrustManagerExtensions(X509TrustManager tm) throws IllegalArgumentException { |
Geremy Condra | cb4c581 | 2012-09-18 13:35:29 -0700 | [diff] [blame] | 45 | if (tm instanceof TrustManagerImpl) { |
Geremy Condra | ed41a4e | 2012-09-14 18:11:29 -0700 | [diff] [blame] | 46 | mDelegate = (TrustManagerImpl) tm; |
| 47 | } else { |
| 48 | throw new IllegalArgumentException("tm is not a supported type of X509TrustManager"); |
| 49 | } |
| 50 | } |
| 51 | |
| 52 | /** |
| 53 | * Verifies the given certificate chain. |
| 54 | * |
| 55 | * <p>See {@link X509TrustManager#checkServerTrusted(X509Certificate[], String)} for a |
| 56 | * description of the chain and authType parameters. The final parameter, host, should be the |
| 57 | * hostname of the server.</p> |
| 58 | * |
| 59 | * @throws CertificateException if the chain does not verify correctly. |
| 60 | * @return the properly ordered chain used for verification as a list of X509Certificates. |
| 61 | */ |
| 62 | public List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType, |
| 63 | String host) throws CertificateException { |
| 64 | return mDelegate.checkServerTrusted(chain, authType, host); |
| 65 | } |
William Luh | d963715 | 2013-11-19 10:45:25 -0800 | [diff] [blame] | 66 | |
| 67 | /** |
| 68 | * Checks whether a CA certificate is added by an user. |
| 69 | * |
| 70 | * <p>Since {@link X509TrustManager#checkServerTrusted} allows its parameter {@code chain} to |
| 71 | * chain up to user-added CA certificates, this method can be used to perform additional |
| 72 | * policies for user-added CA certificates. |
| 73 | * |
| 74 | * @return {@code true} to indicate that the certificate was added by the user, {@code false} |
| 75 | * otherwise. |
| 76 | */ |
| 77 | public boolean isUserAddedCertificate(X509Certificate cert) { |
| 78 | return mDelegate.isUserAddedCertificate(cert); |
| 79 | } |
Geremy Condra | ed41a4e | 2012-09-14 18:11:29 -0700 | [diff] [blame] | 80 | } |