Updated Browser and MCS to use shared default trust manager instead of initializing their own copies.

2 files changed, 8 insertions, 60 deletions

diff --git a/core/java/android/net/SSLCertificateSocketFactory.java b/core/java/android/net/SSLCertificateSocketFactory.java
index deaa3c3..a97b9e5 100644
--- a/core/java/android/net/SSLCertificateSocketFactory.java
+++ b/core/java/android/net/SSLCertificateSocketFactory.java
@@ -41,6 +41,7 @@ import javax.net.ssl.X509TrustManager;
 
 import org.apache.harmony.xnet.provider.jsse.SSLClientSessionCache;
 import org.apache.harmony.xnet.provider.jsse.SSLContextImpl;
+import org.apache.harmony.xnet.provider.jsse.SSLParameters;
 
 /**
  * SSLSocketFactory that provides optional (on debug devices, only) skipping of ssl certificfate
@@ -54,28 +55,6 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory {
 
     private static final String LOG_TAG = "SSLCertificateSocketFactory";
 
-    private static X509TrustManager sDefaultTrustManager;
-
-    static {
-        try {
-            TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
-            tmf.init((KeyStore)null);
-            TrustManager[] tms = tmf.getTrustManagers();
-            if (tms != null) {
-                for (TrustManager tm : tms) {
-                    if (tm instanceof X509TrustManager) {
-                        sDefaultTrustManager = (X509TrustManager)tm;
-                        break;
-                    }
-                }
-            }
-        } catch (NoSuchAlgorithmException e) {
-            Log.e(LOG_TAG, "Unable to get X509 Trust Manager ", e);
-        } catch (KeyStoreException e) {
-            Log.e(LOG_TAG, "Key Store exception while initializing TrustManagerFactory ", e);
-        }
-    }
-
     private static final TrustManager[] TRUST_MANAGER = new TrustManager[] {
         new X509TrustManager() {
             public X509Certificate[] getAcceptedIssuers() {
@@ -155,20 +134,13 @@ public class SSLCertificateSocketFactory extends SSLSocketFactory {
 
     private boolean hasValidCertificateChain(Certificate[] certs) 
             throws IOException {
-        if (sDefaultTrustManager == null) {
-            if (Config.LOGD) {
-                Log.d(LOG_TAG,"hasValidCertificateChain():" +
-                          " null default trust manager!");
-            }
-            throw new IOException("null default trust manager");
-        }
-
         boolean trusted = (certs != null && (certs.length > 0));
 
         if (trusted) {
             try {
                 // the authtype we pass in doesn't actually matter
-                sDefaultTrustManager.checkServerTrusted((X509Certificate[]) certs, "RSA");
+                SSLParameters.getDefaultTrustManager()
+                        .checkServerTrusted((X509Certificate[]) certs, "RSA");
             } catch (GeneralSecurityException e) { 
                 String exceptionMessage = e != null ? e.getMessage() : "none";
                 if (Config.LOGD) {
diff --git a/core/java/android/net/http/CertificateChainValidator.java b/core/java/android/net/http/CertificateChainValidator.java
index 91fa900..ed6b4c2 100644
--- a/core/java/android/net/http/CertificateChainValidator.java
+++ b/core/java/android/net/http/CertificateChainValidator.java
@@ -16,6 +16,8 @@
 
 package android.net.http;
 
+import org.apache.harmony.xnet.provider.jsse.SSLParameters;
+
 import java.io.IOException;
 
 import java.security.cert.Certificate;
@@ -47,11 +49,6 @@ class CertificateChainValidator {
             = new CertificateChainValidator();
 
     /**
-     * Default trust manager (used to perform CA certificate validation)
-     */
-    private X509TrustManager mDefaultTrustManager;
-
-    /**
      * @return The singleton instance of the certificator chain validator
      */
     public static CertificateChainValidator getInstance() {
@@ -62,28 +59,7 @@ class CertificateChainValidator {
      * Creates a new certificate chain validator. This is a pivate constructor.
      * If you need a Certificate chain validator, call getInstance().
      */
-    private CertificateChainValidator() {
-        try {
-            TrustManagerFactory trustManagerFactory
-                = TrustManagerFactory.getInstance("X509");
-            trustManagerFactory.init((KeyStore)null);
-            TrustManager[] trustManagers =
-                trustManagerFactory.getTrustManagers();
-            if (trustManagers != null && trustManagers.length > 0) {
-                for (TrustManager trustManager : trustManagers) {
-                    if (trustManager instanceof X509TrustManager) {
-                        mDefaultTrustManager = (X509TrustManager)(trustManager);
-                        break;
-                    }
-                }
-            }
-        } catch (Exception exc) {
-            if (HttpLog.LOGV) {
-                HttpLog.v("CertificateChainValidator():" +
-                          " failed to initialize the trust manager");
-            }
-        }
-    }
+    private CertificateChainValidator() {}
 
     /**
      * Performs the handshake and server certificates validation
@@ -156,7 +132,7 @@ class CertificateChainValidator {
         // report back to the user.
         //
         try {
-            mDefaultTrustManager.checkServerTrusted(
+            SSLParameters.getDefaultTrustManager().checkServerTrusted(
                 serverCertificates, "RSA");
 
             // no errors!!!
@@ -186,7 +162,7 @@ class CertificateChainValidator {
         // check if the last certificate in the chain (root) is trusted
         X509Certificate[] rootCertificateChain = { currCertificate };
         try {
-            mDefaultTrustManager.checkServerTrusted(
+            SSLParameters.getDefaultTrustManager().checkServerTrusted(
                 rootCertificateChain, "RSA");
         } catch (CertificateExpiredException e) {
             String errorMessage = e.getMessage();