Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 7dd9c237785fe3e904f0c018b517e66ef3e8b462 / . / core / java / android / net / http / X509TrustManagerExtensions.java
blob: db71279aaff55dd04bbe60c40857bfa62f5f661c [file] [log] [blame]
Geremy Condraed41a4e2012-09-14 18:11:29 -0700[diff] [blame]1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.net.http;
18
Kenny Root12e75222013-04-23 22:34:24 -0700[diff] [blame]19import com.android.org.conscrypt.TrustManagerImpl;
Andy Stadler80711242012-09-18 17:40:14 -0700[diff] [blame]20
Geremy Condraed41a4e2012-09-14 18:11:29 -0700[diff] [blame]21import java.security.cert.CertificateException;
22import java.security.cert.X509Certificate;
Geremy Condraed41a4e2012-09-14 18:11:29 -0700[diff] [blame]23import java.util.List;
24
25import javax.net.ssl.X509TrustManager;
26
Geremy Condraed41a4e2012-09-14 18:11:29 -0700[diff] [blame]27/**
28 * X509TrustManager wrapper exposing Android-added features.
29 *
30 * <p> The checkServerTrusted method allows callers to perform additional
31 * verification of certificate chains after they have been successfully
32 * verified by the platform.</p>
33 */
34public class X509TrustManagerExtensions {
35
36 TrustManagerImpl mDelegate;
37
38 /**
39 * Constructs a new X509TrustManagerExtensions wrapper.
40 *
41 * @param tm A {@link X509TrustManager} as returned by TrustManagerFactory.getInstance();
42 * @throws IllegalArgumentException If tm is an unsupported TrustManager type.
43 */
44 public X509TrustManagerExtensions(X509TrustManager tm) throws IllegalArgumentException {
Geremy Condracb4c5812012-09-18 13:35:29 -0700[diff] [blame]45 if (tm instanceof TrustManagerImpl) {
Geremy Condraed41a4e2012-09-14 18:11:29 -0700[diff] [blame]46 mDelegate = (TrustManagerImpl) tm;
47 } else {
48 throw new IllegalArgumentException("tm is not a supported type of X509TrustManager");
49 }
50 }
51
52 /**
53 * Verifies the given certificate chain.
54 *
55 * <p>See {@link X509TrustManager#checkServerTrusted(X509Certificate[], String)} for a
56 * description of the chain and authType parameters. The final parameter, host, should be the
57 * hostname of the server.</p>
58 *
59 * @throws CertificateException if the chain does not verify correctly.
60 * @return the properly ordered chain used for verification as a list of X509Certificates.
61 */
62 public List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType,
63 String host) throws CertificateException {
64 return mDelegate.checkServerTrusted(chain, authType, host);
65 }
William Luhd9637152013-11-19 10:45:25 -0800[diff] [blame]66
67 /**
68 * Checks whether a CA certificate is added by an user.
69 *
70 * <p>Since {@link X509TrustManager#checkServerTrusted} allows its parameter {@code chain} to
71 * chain up to user-added CA certificates, this method can be used to perform additional
72 * policies for user-added CA certificates.
73 *
74 * @return {@code true} to indicate that the certificate was added by the user, {@code false}
75 * otherwise.
76 */
77 public boolean isUserAddedCertificate(X509Certificate cert) {
78 return mDelegate.isUserAddedCertificate(cert);
79 }
Geremy Condraed41a4e2012-09-14 18:11:29 -0700[diff] [blame]80}