diff options
| author | Huahui Wu <hwu@google.com> | 2010-11-09 09:42:03 -0800 |
|---|---|---|
| committer | Huahui Wu <hwu@google.com> | 2010-11-09 09:42:03 -0800 |
| commit | 8234bdb36a951c1265b2bc702c06bab09509a615 (patch) | |
| tree | 0dcd8974b72e68ba080b034329ced702acac5ee4 /core | |
| parent | 85ffa26f67efad30912e1561b5123b6f8f5827ee (diff) | |
| download | frameworks_base-8234bdb36a951c1265b2bc702c06bab09509a615.zip frameworks_base-8234bdb36a951c1265b2bc702c06bab09509a615.tar.gz frameworks_base-8234bdb36a951c1265b2bc702c06bab09509a615.tar.bz2 | |
b/2864818 use authType for cert verification.
Change-Id: I2a3cb963165a7e2e4e72a1d398205b31f769cafa
Diffstat (limited to 'core')
| -rw-r--r-- | core/java/android/net/http/CertificateChainValidator.java | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/core/java/android/net/http/CertificateChainValidator.java b/core/java/android/net/http/CertificateChainValidator.java index 363a311..92be373 100644 --- a/core/java/android/net/http/CertificateChainValidator.java +++ b/core/java/android/net/http/CertificateChainValidator.java @@ -102,14 +102,15 @@ class CertificateChainValidator { } } - return verifyServerDomainAndCertificates((X509Certificate[]) peerCertificates, domain); + return verifyServerDomainAndCertificates((X509Certificate[]) peerCertificates, domain, "RSA"); } /** * Similar to doHandshakeAndValidateServerCertificates but exposed to JNI for use * by Chromium HTTPS stack to validate the cert chain. - * @param certChain The bytes for certificates in ASN.1 DER encoded certficates format. + * @param certChain The bytes for certificates in ASN.1 DER encoded certificates format. * @param domain The full website hostname and domain + * @param authType The authentication type for the cert chain * @return An SSL error object if there is an error and null otherwise */ public static SslError verifyServerCertificates( @@ -126,18 +127,19 @@ class CertificateChainValidator { serverCertificates[i] = new X509CertImpl(certChain[i]); } - return verifyServerDomainAndCertificates(serverCertificates, domain); + return verifyServerDomainAndCertificates(serverCertificates, domain, authType); } /** * Common code of doHandshakeAndValidateServerCertificates and verifyServerCertificates. - * Calls DomainNamevalidator to valide the domain, and TrustManager to valide the certs. + * Calls DomainNamevalidator to verify the domain, and TrustManager to verify the certs. * @param chain the cert chain in X509 cert format. * @param domain The full website hostname and domain + * @param authType The authentication type for the cert chain * @return An SSL error object if there is an error and null otherwise */ private static SslError verifyServerDomainAndCertificates( - X509Certificate[] chain, String domain) + X509Certificate[] chain, String domain, String authType) throws IOException { // check if the first certificate in the chain is for this site X509Certificate currCertificate = chain[0]; @@ -153,7 +155,7 @@ class CertificateChainValidator { } try { - SSLParametersImpl.getDefaultTrustManager().checkServerTrusted(chain, "RSA"); + SSLParametersImpl.getDefaultTrustManager().checkServerTrusted(chain, authType); return null; // No errors. } catch (CertificateException e) { if (HttpLog.LOGV) { |