diff options
| -rw-r--r-- | core/java/android/net/http/CertificateChainValidator.java | 23 | ||||
| -rw-r--r-- | core/java/android/net/http/HttpsConnection.java | 159 | ||||
| -rw-r--r-- | core/java/com/android/internal/logging/AndroidHandler.java | 16 | ||||
| -rw-r--r-- | preloaded-classes | 1 | 
4 files changed, 97 insertions, 102 deletions
| diff --git a/core/java/android/net/http/CertificateChainValidator.java b/core/java/android/net/http/CertificateChainValidator.java index 0edbe5b..91fa900 100644 --- a/core/java/android/net/http/CertificateChainValidator.java +++ b/core/java/android/net/http/CertificateChainValidator.java @@ -43,7 +43,8 @@ class CertificateChainValidator {      /**       * The singleton instance of the certificate chain validator       */ -    private static CertificateChainValidator sInstance; +    private static final CertificateChainValidator sInstance +            = new CertificateChainValidator();      /**       * Default trust manager (used to perform CA certificate validation) @@ -54,10 +55,6 @@ class CertificateChainValidator {       * @return The singleton instance of the certificator chain validator       */      public static CertificateChainValidator getInstance() { -        if (sInstance == null) { -            sInstance = new CertificateChainValidator(); -        } -          return sInstance;      } @@ -159,13 +156,11 @@ class CertificateChainValidator {          // report back to the user.          //          try { -            synchronized (mDefaultTrustManager) { -                mDefaultTrustManager.checkServerTrusted( -                    serverCertificates, "RSA"); +            mDefaultTrustManager.checkServerTrusted( +                serverCertificates, "RSA"); -                // no errors!!! -                return null; -            } +            // no errors!!! +            return null;          } catch (CertificateException e) {              if (HttpLog.LOGV) {                  HttpLog.v( @@ -191,10 +186,8 @@ class CertificateChainValidator {          // check if the last certificate in the chain (root) is trusted          X509Certificate[] rootCertificateChain = { currCertificate };          try { -            synchronized (mDefaultTrustManager) { -                mDefaultTrustManager.checkServerTrusted( -                    rootCertificateChain, "RSA"); -            } +            mDefaultTrustManager.checkServerTrusted( +                rootCertificateChain, "RSA");          } catch (CertificateExpiredException e) {              String errorMessage = e.getMessage();              if (errorMessage == null) { diff --git a/core/java/android/net/http/HttpsConnection.java b/core/java/android/net/http/HttpsConnection.java index fe02d3e..55b733f 100644 --- a/core/java/android/net/http/HttpsConnection.java +++ b/core/java/android/net/http/HttpsConnection.java @@ -17,61 +17,41 @@  package android.net.http;  import android.content.Context; - -import junit.framework.Assert; - -import java.io.IOException; - -import java.security.cert.X509Certificate; - -import java.net.Socket; -import java.net.InetSocketAddress; - -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLException; -import javax.net.ssl.SSLSocket; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; - +import android.util.Log; +import org.apache.harmony.xnet.provider.jsse.FileClientSessionCache; +import org.apache.harmony.xnet.provider.jsse.SSLClientSessionCache; +import org.apache.harmony.xnet.provider.jsse.SSLContextImpl;  import org.apache.http.Header; -import org.apache.http.HttpClientConnection;  import org.apache.http.HttpException;  import org.apache.http.HttpHost; -import org.apache.http.HttpRequest; -import org.apache.http.HttpResponse;  import org.apache.http.HttpStatus;  import org.apache.http.ParseException;  import org.apache.http.ProtocolVersion;  import org.apache.http.StatusLine; -import org.apache.http.impl.DefaultHttpClientConnection;  import org.apache.http.message.BasicHttpRequest;  import org.apache.http.params.BasicHttpParams; -import org.apache.http.params.HttpParams;  import org.apache.http.params.HttpConnectionParams; +import org.apache.http.params.HttpParams; -/** - * Simple exception we throw if the SSL connection is closed by the user. - *  - * {@hide} - */ -class SSLConnectionClosedByUserException extends SSLException { - -    public SSLConnectionClosedByUserException(String reason) { -        super(reason); -    } -} +import javax.net.ssl.SSLException; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import java.io.File; +import java.io.IOException; +import java.net.InetSocketAddress; +import java.net.Socket; +import java.security.KeyManagementException; +import java.security.cert.X509Certificate;  /**   * A Connection connecting to a secure http server or tunneling through   * a http proxy server to a https server. + * + * @hide   */ -class HttpsConnection extends Connection { - -    /** -     * SSL context -     */ -    private static SSLContext mSslContext = null; +public class HttpsConnection extends Connection {      /**       * SSL socket factory @@ -79,42 +59,59 @@ class HttpsConnection extends Connection {      private static SSLSocketFactory mSslSocketFactory = null;      static { -        // initialize the socket factory +        // This intiialization happens in the zygote. It triggers some +        // lazy initialization that can will benefit later invocations of +        // initializeEngine(). +        initializeEngine(null); +    } + +    /** +     * @hide +     * +     * @param sessionDir directory to cache SSL sessions +     */ +    public static void initializeEngine(File sessionDir) {          try { -            mSslContext = SSLContext.getInstance("TLS"); -            if (mSslContext != null) { -                // here, trust managers is a single trust-all manager -                TrustManager[] trustManagers = new TrustManager[] { -                    new X509TrustManager() { -                        public X509Certificate[] getAcceptedIssuers() { -                            return null; -                        } +            SSLClientSessionCache cache = null; +            if (sessionDir != null) { +                Log.d("HttpsConnection", "Caching SSL sessions in " +                        + sessionDir + "."); +                cache = FileClientSessionCache.usingDirectory(sessionDir); +            } -                        public void checkClientTrusted( -                            X509Certificate[] certs, String authType) { -                        } +            SSLContextImpl sslContext = new SSLContextImpl(); -                        public void checkServerTrusted( -                            X509Certificate[] certs, String authType) { -                        } +            // here, trust managers is a single trust-all manager +            TrustManager[] trustManagers = new TrustManager[] { +                new X509TrustManager() { +                    public X509Certificate[] getAcceptedIssuers() { +                        return null;                      } -                }; -                mSslContext.init(null, trustManagers, null); -                mSslSocketFactory = mSslContext.getSocketFactory(); -            } -        } catch (Exception t) { -            if (HttpLog.LOGV) { -                HttpLog.v("HttpsConnection: failed to initialize the socket factory"); +                    public void checkClientTrusted( +                        X509Certificate[] certs, String authType) { +                    } + +                    public void checkServerTrusted( +                        X509Certificate[] certs, String authType) { +                    } +                } +            }; + +            sslContext.engineInit(null, trustManagers, null, cache, null); + +            synchronized (HttpsConnection.class) { +                mSslSocketFactory = sslContext.engineGetSocketFactory();              } +        } catch (KeyManagementException e) { +            throw new RuntimeException(e); +        } catch (IOException e) { +            throw new RuntimeException(e);          }      } -    /** -     * @return The shared SSL context. -     */ -    /*package*/ static SSLContext getContext() { -        return mSslContext; +    private synchronized static SSLSocketFactory getSocketFactory() { +        return mSslSocketFactory;      }      /** @@ -252,10 +249,8 @@ class HttpsConnection extends Connection {              if (statusCode == HttpStatus.SC_OK) {                  try { -                    synchronized (mSslSocketFactory) { -                        sslSock = (SSLSocket) mSslSocketFactory.createSocket( +                    sslSock = (SSLSocket) getSocketFactory().createSocket(                              proxySock, mHost.getHostName(), mHost.getPort(), true); -                    }                  } catch(IOException e) {                      if (sslSock != null) {                          sslSock.close(); @@ -288,14 +283,11 @@ class HttpsConnection extends Connection {          } else {              // if we do not have a proxy, we simply connect to the host              try { -                synchronized (mSslSocketFactory) { -                    sslSock = (SSLSocket) mSslSocketFactory.createSocket(); -                     -                    sslSock.setSoTimeout(SOCKET_TIMEOUT); -                    sslSock.connect(new InetSocketAddress(mHost.getHostName(), -                            mHost.getPort())); -                     -                } +                sslSock = (SSLSocket) getSocketFactory().createSocket(); + +                sslSock.setSoTimeout(SOCKET_TIMEOUT); +                sslSock.connect(new InetSocketAddress(mHost.getHostName(), +                        mHost.getPort()));              } catch(IOException e) {                  if (sslSock != null) {                      sslSock.close(); @@ -371,6 +363,7 @@ class HttpsConnection extends Connection {          BasicHttpParams params = new BasicHttpParams();          params.setIntParameter(HttpConnectionParams.SOCKET_BUFFER_SIZE, 8192);          conn.bind(sslSock, params); +          return conn;      } @@ -425,3 +418,15 @@ class HttpsConnection extends Connection {          return "https";      }  } + +/** + * Simple exception we throw if the SSL connection is closed by the user. + * + * {@hide} + */ +class SSLConnectionClosedByUserException extends SSLException { + +    public SSLConnectionClosedByUserException(String reason) { +        super(reason); +    } +} diff --git a/core/java/com/android/internal/logging/AndroidHandler.java b/core/java/com/android/internal/logging/AndroidHandler.java index d9fcf60..c4a1479 100644 --- a/core/java/com/android/internal/logging/AndroidHandler.java +++ b/core/java/com/android/internal/logging/AndroidHandler.java @@ -151,7 +151,7 @@ public class AndroidHandler extends Handler {              Log.e("AndroidHandler", "Error logging message.", e);          }      } -     +      /**       * Converts a {@link java.util.logging.Logger} logging level into an Android one.       *  @@ -159,20 +159,16 @@ public class AndroidHandler extends Handler {       *        * @return The resulting Android logging level.        */ -    static int getAndroidLevel(Level level) -    { +    static int getAndroidLevel(Level level) {          int value = level.intValue(); -         -        if (value >= Level.SEVERE.intValue()) { +        if (value >= 1000) { // SEVERE              return Log.ERROR; -        } else if (value >= Level.WARNING.intValue()) { +        } else if (value >= 900) { // WARNING              return Log.WARN; -        } else if (value >= Level.INFO.intValue()) { +        } else if (value >= 800) { // INFO              return Log.INFO; -        } else if (value >= Level.CONFIG.intValue()) { +        } else {              return Log.DEBUG; -        }  else { -            return Log.VERBOSE;          }      } diff --git a/preloaded-classes b/preloaded-classes index ffcdc87..e3197b41 100644 --- a/preloaded-classes +++ b/preloaded-classes @@ -241,6 +241,7 @@ android.net.http.AndroidHttpClient$1  android.net.http.AndroidHttpClient$2  android.net.http.AndroidHttpClient$CurlLogger  android.net.http.DomainNameChecker +android.net.http.CertificateChainValidator  android.net.http.EventHandler  android.net.http.HttpsConnection  android.net.http.RequestQueue | 
