package android.security.net.config;
-import java.util.Set;
import java.security.cert.X509Certificate;
+import java.util.Set;
/** @hide */
public interface CertificateSource {
Set<X509Certificate> getCertificates();
X509Certificate findBySubjectAndPublicKey(X509Certificate cert);
X509Certificate findByIssuerAndSignature(X509Certificate cert);
+ Set<X509Certificate> findAllByIssuerAndSignature(X509Certificate cert);
}
package android.security.net.config;
import android.util.ArraySet;
-import java.util.Set;
import java.security.cert.X509Certificate;
+import java.util.Set;
/** @hide */
public final class CertificatesEntryRef {
return new TrustAnchor(foundCert, mOverridesPins);
}
+
+ public Set<X509Certificate> findAllCertificatesByIssuerAndSignature(X509Certificate cert) {
+ return mSource.findAllByIssuerAndSignature(cert);
+ }
}
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
+import java.util.Collections;
import java.util.Set;
import libcore.io.IoUtils;
});
}
+ @Override
+ public Set<X509Certificate> findAllByIssuerAndSignature(final X509Certificate cert) {
+ return findCerts(cert.getIssuerX500Principal(), new CertSelector() {
+ @Override
+ public boolean match(X509Certificate ca) {
+ try {
+ cert.verify(ca.getPublicKey());
+ return true;
+ } catch (Exception e) {
+ return false;
+ }
+ }
+ });
+ }
+
private static interface CertSelector {
boolean match(X509Certificate cert);
}
+ private Set<X509Certificate> findCerts(X500Principal subj, CertSelector selector) {
+ String hash = getHash(subj);
+ Set<X509Certificate> certs = null;
+ for (int index = 0; index >= 0; index++) {
+ String fileName = hash + "." + index;
+ if (!new File(mDir, fileName).exists()) {
+ break;
+ }
+ if (isCertMarkedAsRemoved(fileName)) {
+ continue;
+ }
+ X509Certificate cert = readCertificate(fileName);
+ if (!subj.equals(cert.getSubjectX500Principal())) {
+ continue;
+ }
+ if (selector.match(cert)) {
+ if (certs == null) {
+ certs = new ArraySet<X509Certificate>();
+ }
+ certs.add(cert);
+ }
+ }
+ return certs != null ? certs : Collections.<X509Certificate>emptySet();
+ }
+
private X509Certificate findCert(X500Principal subj, CertSelector selector) {
String hash = getHash(subj);
for (int index = 0; index >= 0; index++) {
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
+import java.util.Collections;
import java.util.Enumeration;
import java.util.Set;
}
return anchor.getTrustedCert();
}
+
+ @Override
+ public Set<X509Certificate> findAllByIssuerAndSignature(X509Certificate cert) {
+ ensureInitialized();
+ Set<java.security.cert.TrustAnchor> anchors = mIndex.findAllByIssuerAndSignature(cert);
+ if (anchors.isEmpty()) {
+ return Collections.<X509Certificate>emptySet();
+ }
+ Set<X509Certificate> certs = new ArraySet<X509Certificate>(anchors.size());
+ for (java.security.cert.TrustAnchor anchor : anchors) {
+ certs.add(anchor.getTrustedCert());
+ }
+ return certs;
+ }
}
return null;
}
+ /** @hide */
+ public Set<X509Certificate> findAllCertificatesByIssuerAndSignature(X509Certificate cert) {
+ Set<X509Certificate> certs = new ArraySet<X509Certificate>();
+ for (CertificatesEntryRef ref : mCertificatesEntryRefs) {
+ certs.addAll(ref.findAllCertificatesByIssuerAndSignature(cert));
+ }
+ return certs;
+ }
+
/**
* Return a {@link Builder} for the default {@code NetworkSecurityConfig}.
*
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
+import java.util.Collections;
import java.util.Set;
import com.android.org.conscrypt.TrustedCertificateIndex;
}
return anchor.getTrustedCert();
}
+
+ @Override
+ public Set<X509Certificate> findAllByIssuerAndSignature(X509Certificate cert) {
+ ensureInitialized();
+ Set<java.security.cert.TrustAnchor> anchors = mIndex.findAllByIssuerAndSignature(cert);
+ if (anchors.isEmpty()) {
+ return Collections.<X509Certificate>emptySet();
+ }
+ Set<X509Certificate> certs = new ArraySet<X509Certificate>(anchors.size());
+ for (java.security.cert.TrustAnchor anchor : anchors) {
+ certs.add(anchor.getTrustedCert());
+ }
+ return certs;
+ }
}
}
@Override
+ public Set<X509Certificate> findAllIssuers(X509Certificate cert) {
+ return mConfig.findAllCertificatesByIssuerAndSignature(cert);
+ }
+
+ @Override
public X509Certificate getTrustAnchor(X509Certificate cert) {
TrustAnchor anchor = mConfig.findTrustAnchorBySubjectAndPublicKey(cert);
if (anchor == null) {
package android.security.net.config;
-import java.util.Set;
+import android.util.ArraySet;
import java.security.cert.X509Certificate;
+import java.util.Set;
import com.android.org.conscrypt.TrustedCertificateIndex;
}
}
+ @Override
public Set<X509Certificate> getCertificates() {
return mCertificates;
}
+ @Override
public X509Certificate findBySubjectAndPublicKey(X509Certificate cert) {
java.security.cert.TrustAnchor anchor = mIndex.findBySubjectAndPublicKey(cert);
if (anchor == null) {
return anchor.getTrustedCert();
}
+ @Override
public X509Certificate findByIssuerAndSignature(X509Certificate cert) {
java.security.cert.TrustAnchor anchor = mIndex.findByIssuerAndSignature(cert);
if (anchor == null) {
}
return anchor.getTrustedCert();
}
+
+ @Override
+ public Set<X509Certificate> findAllByIssuerAndSignature(X509Certificate cert) {
+ Set<X509Certificate> certs = new ArraySet<X509Certificate>();
+ for (java.security.cert.TrustAnchor anchor : mIndex.findAllByIssuerAndSignature(cert)) {
+ certs.add(anchor.getTrustedCert());
+ }
+ return certs;
+ }
}
OSDN Git Service
