diff options
-rw-r--r-- | core/java/android/net/http/CertificateChainValidator.java | 23 | ||||
-rw-r--r-- | core/java/android/net/http/HttpsConnection.java | 159 | ||||
-rw-r--r-- | core/java/com/android/internal/logging/AndroidHandler.java | 16 | ||||
-rw-r--r-- | preloaded-classes | 1 |
4 files changed, 97 insertions, 102 deletions
diff --git a/core/java/android/net/http/CertificateChainValidator.java b/core/java/android/net/http/CertificateChainValidator.java index 0edbe5b..91fa900 100644 --- a/core/java/android/net/http/CertificateChainValidator.java +++ b/core/java/android/net/http/CertificateChainValidator.java @@ -43,7 +43,8 @@ class CertificateChainValidator { /** * The singleton instance of the certificate chain validator */ - private static CertificateChainValidator sInstance; + private static final CertificateChainValidator sInstance + = new CertificateChainValidator(); /** * Default trust manager (used to perform CA certificate validation) @@ -54,10 +55,6 @@ class CertificateChainValidator { * @return The singleton instance of the certificator chain validator */ public static CertificateChainValidator getInstance() { - if (sInstance == null) { - sInstance = new CertificateChainValidator(); - } - return sInstance; } @@ -159,13 +156,11 @@ class CertificateChainValidator { // report back to the user. // try { - synchronized (mDefaultTrustManager) { - mDefaultTrustManager.checkServerTrusted( - serverCertificates, "RSA"); + mDefaultTrustManager.checkServerTrusted( + serverCertificates, "RSA"); - // no errors!!! - return null; - } + // no errors!!! + return null; } catch (CertificateException e) { if (HttpLog.LOGV) { HttpLog.v( @@ -191,10 +186,8 @@ class CertificateChainValidator { // check if the last certificate in the chain (root) is trusted X509Certificate[] rootCertificateChain = { currCertificate }; try { - synchronized (mDefaultTrustManager) { - mDefaultTrustManager.checkServerTrusted( - rootCertificateChain, "RSA"); - } + mDefaultTrustManager.checkServerTrusted( + rootCertificateChain, "RSA"); } catch (CertificateExpiredException e) { String errorMessage = e.getMessage(); if (errorMessage == null) { diff --git a/core/java/android/net/http/HttpsConnection.java b/core/java/android/net/http/HttpsConnection.java index fe02d3e..55b733f 100644 --- a/core/java/android/net/http/HttpsConnection.java +++ b/core/java/android/net/http/HttpsConnection.java @@ -17,61 +17,41 @@ package android.net.http; import android.content.Context; - -import junit.framework.Assert; - -import java.io.IOException; - -import java.security.cert.X509Certificate; - -import java.net.Socket; -import java.net.InetSocketAddress; - -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLException; -import javax.net.ssl.SSLSocket; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; - +import android.util.Log; +import org.apache.harmony.xnet.provider.jsse.FileClientSessionCache; +import org.apache.harmony.xnet.provider.jsse.SSLClientSessionCache; +import org.apache.harmony.xnet.provider.jsse.SSLContextImpl; import org.apache.http.Header; -import org.apache.http.HttpClientConnection; import org.apache.http.HttpException; import org.apache.http.HttpHost; -import org.apache.http.HttpRequest; -import org.apache.http.HttpResponse; import org.apache.http.HttpStatus; import org.apache.http.ParseException; import org.apache.http.ProtocolVersion; import org.apache.http.StatusLine; -import org.apache.http.impl.DefaultHttpClientConnection; import org.apache.http.message.BasicHttpRequest; import org.apache.http.params.BasicHttpParams; -import org.apache.http.params.HttpParams; import org.apache.http.params.HttpConnectionParams; +import org.apache.http.params.HttpParams; -/** - * Simple exception we throw if the SSL connection is closed by the user. - * - * {@hide} - */ -class SSLConnectionClosedByUserException extends SSLException { - - public SSLConnectionClosedByUserException(String reason) { - super(reason); - } -} +import javax.net.ssl.SSLException; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import java.io.File; +import java.io.IOException; +import java.net.InetSocketAddress; +import java.net.Socket; +import java.security.KeyManagementException; +import java.security.cert.X509Certificate; /** * A Connection connecting to a secure http server or tunneling through * a http proxy server to a https server. + * + * @hide */ -class HttpsConnection extends Connection { - - /** - * SSL context - */ - private static SSLContext mSslContext = null; +public class HttpsConnection extends Connection { /** * SSL socket factory @@ -79,42 +59,59 @@ class HttpsConnection extends Connection { private static SSLSocketFactory mSslSocketFactory = null; static { - // initialize the socket factory + // This intiialization happens in the zygote. It triggers some + // lazy initialization that can will benefit later invocations of + // initializeEngine(). + initializeEngine(null); + } + + /** + * @hide + * + * @param sessionDir directory to cache SSL sessions + */ + public static void initializeEngine(File sessionDir) { try { - mSslContext = SSLContext.getInstance("TLS"); - if (mSslContext != null) { - // here, trust managers is a single trust-all manager - TrustManager[] trustManagers = new TrustManager[] { - new X509TrustManager() { - public X509Certificate[] getAcceptedIssuers() { - return null; - } + SSLClientSessionCache cache = null; + if (sessionDir != null) { + Log.d("HttpsConnection", "Caching SSL sessions in " + + sessionDir + "."); + cache = FileClientSessionCache.usingDirectory(sessionDir); + } - public void checkClientTrusted( - X509Certificate[] certs, String authType) { - } + SSLContextImpl sslContext = new SSLContextImpl(); - public void checkServerTrusted( - X509Certificate[] certs, String authType) { - } + // here, trust managers is a single trust-all manager + TrustManager[] trustManagers = new TrustManager[] { + new X509TrustManager() { + public X509Certificate[] getAcceptedIssuers() { + return null; } - }; - mSslContext.init(null, trustManagers, null); - mSslSocketFactory = mSslContext.getSocketFactory(); - } - } catch (Exception t) { - if (HttpLog.LOGV) { - HttpLog.v("HttpsConnection: failed to initialize the socket factory"); + public void checkClientTrusted( + X509Certificate[] certs, String authType) { + } + + public void checkServerTrusted( + X509Certificate[] certs, String authType) { + } + } + }; + + sslContext.engineInit(null, trustManagers, null, cache, null); + + synchronized (HttpsConnection.class) { + mSslSocketFactory = sslContext.engineGetSocketFactory(); } + } catch (KeyManagementException e) { + throw new RuntimeException(e); + } catch (IOException e) { + throw new RuntimeException(e); } } - /** - * @return The shared SSL context. - */ - /*package*/ static SSLContext getContext() { - return mSslContext; + private synchronized static SSLSocketFactory getSocketFactory() { + return mSslSocketFactory; } /** @@ -252,10 +249,8 @@ class HttpsConnection extends Connection { if (statusCode == HttpStatus.SC_OK) { try { - synchronized (mSslSocketFactory) { - sslSock = (SSLSocket) mSslSocketFactory.createSocket( + sslSock = (SSLSocket) getSocketFactory().createSocket( proxySock, mHost.getHostName(), mHost.getPort(), true); - } } catch(IOException e) { if (sslSock != null) { sslSock.close(); @@ -288,14 +283,11 @@ class HttpsConnection extends Connection { } else { // if we do not have a proxy, we simply connect to the host try { - synchronized (mSslSocketFactory) { - sslSock = (SSLSocket) mSslSocketFactory.createSocket(); - - sslSock.setSoTimeout(SOCKET_TIMEOUT); - sslSock.connect(new InetSocketAddress(mHost.getHostName(), - mHost.getPort())); - - } + sslSock = (SSLSocket) getSocketFactory().createSocket(); + + sslSock.setSoTimeout(SOCKET_TIMEOUT); + sslSock.connect(new InetSocketAddress(mHost.getHostName(), + mHost.getPort())); } catch(IOException e) { if (sslSock != null) { sslSock.close(); @@ -371,6 +363,7 @@ class HttpsConnection extends Connection { BasicHttpParams params = new BasicHttpParams(); params.setIntParameter(HttpConnectionParams.SOCKET_BUFFER_SIZE, 8192); conn.bind(sslSock, params); + return conn; } @@ -425,3 +418,15 @@ class HttpsConnection extends Connection { return "https"; } } + +/** + * Simple exception we throw if the SSL connection is closed by the user. + * + * {@hide} + */ +class SSLConnectionClosedByUserException extends SSLException { + + public SSLConnectionClosedByUserException(String reason) { + super(reason); + } +} diff --git a/core/java/com/android/internal/logging/AndroidHandler.java b/core/java/com/android/internal/logging/AndroidHandler.java index d9fcf60..c4a1479 100644 --- a/core/java/com/android/internal/logging/AndroidHandler.java +++ b/core/java/com/android/internal/logging/AndroidHandler.java @@ -151,7 +151,7 @@ public class AndroidHandler extends Handler { Log.e("AndroidHandler", "Error logging message.", e); } } - + /** * Converts a {@link java.util.logging.Logger} logging level into an Android one. * @@ -159,20 +159,16 @@ public class AndroidHandler extends Handler { * * @return The resulting Android logging level. */ - static int getAndroidLevel(Level level) - { + static int getAndroidLevel(Level level) { int value = level.intValue(); - - if (value >= Level.SEVERE.intValue()) { + if (value >= 1000) { // SEVERE return Log.ERROR; - } else if (value >= Level.WARNING.intValue()) { + } else if (value >= 900) { // WARNING return Log.WARN; - } else if (value >= Level.INFO.intValue()) { + } else if (value >= 800) { // INFO return Log.INFO; - } else if (value >= Level.CONFIG.intValue()) { + } else { return Log.DEBUG; - } else { - return Log.VERBOSE; } } diff --git a/preloaded-classes b/preloaded-classes index ffcdc87..e3197b41 100644 --- a/preloaded-classes +++ b/preloaded-classes @@ -241,6 +241,7 @@ android.net.http.AndroidHttpClient$1 android.net.http.AndroidHttpClient$2 android.net.http.AndroidHttpClient$CurlLogger android.net.http.DomainNameChecker +android.net.http.CertificateChainValidator android.net.http.EventHandler android.net.http.HttpsConnection android.net.http.RequestQueue |