summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--core/java/android/net/http/CertificateChainValidator.java23
-rw-r--r--core/java/android/net/http/HttpsConnection.java159
-rw-r--r--core/java/com/android/internal/logging/AndroidHandler.java16
-rw-r--r--preloaded-classes1
4 files changed, 97 insertions, 102 deletions
diff --git a/core/java/android/net/http/CertificateChainValidator.java b/core/java/android/net/http/CertificateChainValidator.java
index 0edbe5b..91fa900 100644
--- a/core/java/android/net/http/CertificateChainValidator.java
+++ b/core/java/android/net/http/CertificateChainValidator.java
@@ -43,7 +43,8 @@ class CertificateChainValidator {
/**
* The singleton instance of the certificate chain validator
*/
- private static CertificateChainValidator sInstance;
+ private static final CertificateChainValidator sInstance
+ = new CertificateChainValidator();
/**
* Default trust manager (used to perform CA certificate validation)
@@ -54,10 +55,6 @@ class CertificateChainValidator {
* @return The singleton instance of the certificator chain validator
*/
public static CertificateChainValidator getInstance() {
- if (sInstance == null) {
- sInstance = new CertificateChainValidator();
- }
-
return sInstance;
}
@@ -159,13 +156,11 @@ class CertificateChainValidator {
// report back to the user.
//
try {
- synchronized (mDefaultTrustManager) {
- mDefaultTrustManager.checkServerTrusted(
- serverCertificates, "RSA");
+ mDefaultTrustManager.checkServerTrusted(
+ serverCertificates, "RSA");
- // no errors!!!
- return null;
- }
+ // no errors!!!
+ return null;
} catch (CertificateException e) {
if (HttpLog.LOGV) {
HttpLog.v(
@@ -191,10 +186,8 @@ class CertificateChainValidator {
// check if the last certificate in the chain (root) is trusted
X509Certificate[] rootCertificateChain = { currCertificate };
try {
- synchronized (mDefaultTrustManager) {
- mDefaultTrustManager.checkServerTrusted(
- rootCertificateChain, "RSA");
- }
+ mDefaultTrustManager.checkServerTrusted(
+ rootCertificateChain, "RSA");
} catch (CertificateExpiredException e) {
String errorMessage = e.getMessage();
if (errorMessage == null) {
diff --git a/core/java/android/net/http/HttpsConnection.java b/core/java/android/net/http/HttpsConnection.java
index fe02d3e..55b733f 100644
--- a/core/java/android/net/http/HttpsConnection.java
+++ b/core/java/android/net/http/HttpsConnection.java
@@ -17,61 +17,41 @@
package android.net.http;
import android.content.Context;
-
-import junit.framework.Assert;
-
-import java.io.IOException;
-
-import java.security.cert.X509Certificate;
-
-import java.net.Socket;
-import java.net.InetSocketAddress;
-
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
-
+import android.util.Log;
+import org.apache.harmony.xnet.provider.jsse.FileClientSessionCache;
+import org.apache.harmony.xnet.provider.jsse.SSLClientSessionCache;
+import org.apache.harmony.xnet.provider.jsse.SSLContextImpl;
import org.apache.http.Header;
-import org.apache.http.HttpClientConnection;
import org.apache.http.HttpException;
import org.apache.http.HttpHost;
-import org.apache.http.HttpRequest;
-import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.ParseException;
import org.apache.http.ProtocolVersion;
import org.apache.http.StatusLine;
-import org.apache.http.impl.DefaultHttpClientConnection;
import org.apache.http.message.BasicHttpRequest;
import org.apache.http.params.BasicHttpParams;
-import org.apache.http.params.HttpParams;
import org.apache.http.params.HttpConnectionParams;
+import org.apache.http.params.HttpParams;
-/**
- * Simple exception we throw if the SSL connection is closed by the user.
- *
- * {@hide}
- */
-class SSLConnectionClosedByUserException extends SSLException {
-
- public SSLConnectionClosedByUserException(String reason) {
- super(reason);
- }
-}
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import java.io.File;
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.security.KeyManagementException;
+import java.security.cert.X509Certificate;
/**
* A Connection connecting to a secure http server or tunneling through
* a http proxy server to a https server.
+ *
+ * @hide
*/
-class HttpsConnection extends Connection {
-
- /**
- * SSL context
- */
- private static SSLContext mSslContext = null;
+public class HttpsConnection extends Connection {
/**
* SSL socket factory
@@ -79,42 +59,59 @@ class HttpsConnection extends Connection {
private static SSLSocketFactory mSslSocketFactory = null;
static {
- // initialize the socket factory
+ // This intiialization happens in the zygote. It triggers some
+ // lazy initialization that can will benefit later invocations of
+ // initializeEngine().
+ initializeEngine(null);
+ }
+
+ /**
+ * @hide
+ *
+ * @param sessionDir directory to cache SSL sessions
+ */
+ public static void initializeEngine(File sessionDir) {
try {
- mSslContext = SSLContext.getInstance("TLS");
- if (mSslContext != null) {
- // here, trust managers is a single trust-all manager
- TrustManager[] trustManagers = new TrustManager[] {
- new X509TrustManager() {
- public X509Certificate[] getAcceptedIssuers() {
- return null;
- }
+ SSLClientSessionCache cache = null;
+ if (sessionDir != null) {
+ Log.d("HttpsConnection", "Caching SSL sessions in "
+ + sessionDir + ".");
+ cache = FileClientSessionCache.usingDirectory(sessionDir);
+ }
- public void checkClientTrusted(
- X509Certificate[] certs, String authType) {
- }
+ SSLContextImpl sslContext = new SSLContextImpl();
- public void checkServerTrusted(
- X509Certificate[] certs, String authType) {
- }
+ // here, trust managers is a single trust-all manager
+ TrustManager[] trustManagers = new TrustManager[] {
+ new X509TrustManager() {
+ public X509Certificate[] getAcceptedIssuers() {
+ return null;
}
- };
- mSslContext.init(null, trustManagers, null);
- mSslSocketFactory = mSslContext.getSocketFactory();
- }
- } catch (Exception t) {
- if (HttpLog.LOGV) {
- HttpLog.v("HttpsConnection: failed to initialize the socket factory");
+ public void checkClientTrusted(
+ X509Certificate[] certs, String authType) {
+ }
+
+ public void checkServerTrusted(
+ X509Certificate[] certs, String authType) {
+ }
+ }
+ };
+
+ sslContext.engineInit(null, trustManagers, null, cache, null);
+
+ synchronized (HttpsConnection.class) {
+ mSslSocketFactory = sslContext.engineGetSocketFactory();
}
+ } catch (KeyManagementException e) {
+ throw new RuntimeException(e);
+ } catch (IOException e) {
+ throw new RuntimeException(e);
}
}
- /**
- * @return The shared SSL context.
- */
- /*package*/ static SSLContext getContext() {
- return mSslContext;
+ private synchronized static SSLSocketFactory getSocketFactory() {
+ return mSslSocketFactory;
}
/**
@@ -252,10 +249,8 @@ class HttpsConnection extends Connection {
if (statusCode == HttpStatus.SC_OK) {
try {
- synchronized (mSslSocketFactory) {
- sslSock = (SSLSocket) mSslSocketFactory.createSocket(
+ sslSock = (SSLSocket) getSocketFactory().createSocket(
proxySock, mHost.getHostName(), mHost.getPort(), true);
- }
} catch(IOException e) {
if (sslSock != null) {
sslSock.close();
@@ -288,14 +283,11 @@ class HttpsConnection extends Connection {
} else {
// if we do not have a proxy, we simply connect to the host
try {
- synchronized (mSslSocketFactory) {
- sslSock = (SSLSocket) mSslSocketFactory.createSocket();
-
- sslSock.setSoTimeout(SOCKET_TIMEOUT);
- sslSock.connect(new InetSocketAddress(mHost.getHostName(),
- mHost.getPort()));
-
- }
+ sslSock = (SSLSocket) getSocketFactory().createSocket();
+
+ sslSock.setSoTimeout(SOCKET_TIMEOUT);
+ sslSock.connect(new InetSocketAddress(mHost.getHostName(),
+ mHost.getPort()));
} catch(IOException e) {
if (sslSock != null) {
sslSock.close();
@@ -371,6 +363,7 @@ class HttpsConnection extends Connection {
BasicHttpParams params = new BasicHttpParams();
params.setIntParameter(HttpConnectionParams.SOCKET_BUFFER_SIZE, 8192);
conn.bind(sslSock, params);
+
return conn;
}
@@ -425,3 +418,15 @@ class HttpsConnection extends Connection {
return "https";
}
}
+
+/**
+ * Simple exception we throw if the SSL connection is closed by the user.
+ *
+ * {@hide}
+ */
+class SSLConnectionClosedByUserException extends SSLException {
+
+ public SSLConnectionClosedByUserException(String reason) {
+ super(reason);
+ }
+}
diff --git a/core/java/com/android/internal/logging/AndroidHandler.java b/core/java/com/android/internal/logging/AndroidHandler.java
index d9fcf60..c4a1479 100644
--- a/core/java/com/android/internal/logging/AndroidHandler.java
+++ b/core/java/com/android/internal/logging/AndroidHandler.java
@@ -151,7 +151,7 @@ public class AndroidHandler extends Handler {
Log.e("AndroidHandler", "Error logging message.", e);
}
}
-
+
/**
* Converts a {@link java.util.logging.Logger} logging level into an Android one.
*
@@ -159,20 +159,16 @@ public class AndroidHandler extends Handler {
*
* @return The resulting Android logging level.
*/
- static int getAndroidLevel(Level level)
- {
+ static int getAndroidLevel(Level level) {
int value = level.intValue();
-
- if (value >= Level.SEVERE.intValue()) {
+ if (value >= 1000) { // SEVERE
return Log.ERROR;
- } else if (value >= Level.WARNING.intValue()) {
+ } else if (value >= 900) { // WARNING
return Log.WARN;
- } else if (value >= Level.INFO.intValue()) {
+ } else if (value >= 800) { // INFO
return Log.INFO;
- } else if (value >= Level.CONFIG.intValue()) {
+ } else {
return Log.DEBUG;
- } else {
- return Log.VERBOSE;
}
}
diff --git a/preloaded-classes b/preloaded-classes
index ffcdc87..e3197b41 100644
--- a/preloaded-classes
+++ b/preloaded-classes
@@ -241,6 +241,7 @@ android.net.http.AndroidHttpClient$1
android.net.http.AndroidHttpClient$2
android.net.http.AndroidHttpClient$CurlLogger
android.net.http.DomainNameChecker
+android.net.http.CertificateChainValidator
android.net.http.EventHandler
android.net.http.HttpsConnection
android.net.http.RequestQueue