From 587a9455ded22165127e1a91cba5057f7c59a6fc Mon Sep 17 00:00:00 2001
From: Kenny Root <kroot@google.com>
Date: Wed, 26 Mar 2014 08:40:43 -0700
Subject: [PATCH] CertificateChainValidator: initialize TrustManagerFactory

Need to call TrustManagerFactory#init before use. I suspect this class
isn't used anywhere since this hasn't caused a problem yet.

Change-Id: I17425d0bba4795d71960062361a755830abba7de
---
 core/java/android/net/http/CertificateChainValidator.java | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/core/java/android/net/http/CertificateChainValidator.java b/core/java/android/net/http/CertificateChainValidator.java
index a28b5a7cca2a..d06355d4f8a4 100644
--- a/core/java/android/net/http/CertificateChainValidator.java
+++ b/core/java/android/net/http/CertificateChainValidator.java
@@ -22,6 +22,8 @@ import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.lang.reflect.Method;
 import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
@@ -74,13 +76,16 @@ public class CertificateChainValidator {
     private CertificateChainValidator() {
         try {
             TrustManagerFactory tmf = TrustManagerFactory.getInstance("X.509");
+            tmf.init((KeyStore) null);
             for (TrustManager tm : tmf.getTrustManagers()) {
                 if (tm instanceof X509ExtendedTrustManager) {
                     mTrustManager = (X509ExtendedTrustManager) tm;
                 }
             }
         } catch (NoSuchAlgorithmException e) {
-            throw new RuntimeException("X.509 TrustManager factory must be available", e);
+            throw new RuntimeException("X.509 TrustManagerFactory must be available", e);
+        } catch (KeyStoreException e) {
+            throw new RuntimeException("X.509 TrustManagerFactory cannot be initialized", e);
         }
 
         if (mTrustManager == null) {
@@ -166,9 +171,13 @@ public class CertificateChainValidator {
         TrustManagerFactory tmf;
         try {
             tmf = TrustManagerFactory.getInstance("X.509");
+            tmf.init((KeyStore) null);
         } catch (NoSuchAlgorithmException e) {
             Slog.w(TAG, "Couldn't find default X.509 TrustManagerFactory");
             return;
+        } catch (KeyStoreException e) {
+            Slog.w(TAG, "Couldn't initialize default X.509 TrustManagerFactory", e);
+            return;
         }
 
         TrustManager[] tms = tmf.getTrustManagers();
-- 
2.11.0