diff options
| -rw-r--r-- | api/current.txt | 5 | ||||
| -rw-r--r-- | core/java/android/net/X509TrustManagerExtensions.java | 67 |
2 files changed, 72 insertions, 0 deletions
diff --git a/api/current.txt b/api/current.txt index 4abcaee..8f77e23 100644 --- a/api/current.txt +++ b/api/current.txt @@ -13024,6 +13024,11 @@ package android.net.http { field public static final int SSL_UNTRUSTED = 3; // 0x3 } + public class X509TrustManagerExtensions { + ctor public X509TrustManagerExtensions(javax.net.ssl.X509TrustManager) throws java.lang.IllegalArgumentException; + method public java.util.List<java.security.cert.X509Certificate> checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String, java.lang.String) throws java.security.cert.CertificateException; + } + } package android.net.nsd { diff --git a/core/java/android/net/X509TrustManagerExtensions.java b/core/java/android/net/X509TrustManagerExtensions.java new file mode 100644 index 0000000..4026a1d --- /dev/null +++ b/core/java/android/net/X509TrustManagerExtensions.java @@ -0,0 +1,67 @@ +/* + * Copyright (C) 2012 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.net.http; + +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.security.KeyManagementException; +import java.util.List; + +import javax.net.ssl.X509TrustManager; + +import org.apache.harmony.xnet.provider.jsse.TrustManagerImpl; + +/** + * X509TrustManager wrapper exposing Android-added features. + * + * <p> The checkServerTrusted method allows callers to perform additional + * verification of certificate chains after they have been successfully + * verified by the platform.</p> + */ +public class X509TrustManagerExtensions { + + TrustManagerImpl mDelegate; + + /** + * Constructs a new X509TrustManagerExtensions wrapper. + * + * @param tm A {@link X509TrustManager} as returned by TrustManagerFactory.getInstance(); + * @throws IllegalArgumentException If tm is an unsupported TrustManager type. + */ + public X509TrustManagerExtensions(X509TrustManager tm) throws IllegalArgumentException { + if (mDelegate instanceof TrustManagerImpl) { + mDelegate = (TrustManagerImpl) tm; + } else { + throw new IllegalArgumentException("tm is not a supported type of X509TrustManager"); + } + } + + /** + * Verifies the given certificate chain. + * + * <p>See {@link X509TrustManager#checkServerTrusted(X509Certificate[], String)} for a + * description of the chain and authType parameters. The final parameter, host, should be the + * hostname of the server.</p> + * + * @throws CertificateException if the chain does not verify correctly. + * @return the properly ordered chain used for verification as a list of X509Certificates. + */ + public List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType, + String host) throws CertificateException { + return mDelegate.checkServerTrusted(chain, authType, host); + } +} |