Merge "Fix cleanup of voice sessions."
diff --git a/core/java/android/net/http/CertificateChainValidator.java b/core/java/android/net/http/CertificateChainValidator.java
index d06355d..bf3fe02 100644
--- a/core/java/android/net/http/CertificateChainValidator.java
+++ b/core/java/android/net/http/CertificateChainValidator.java
@@ -16,6 +16,9 @@
package android.net.http;
+import com.android.org.conscrypt.SSLParametersImpl;
+import com.android.org.conscrypt.TrustManagerImpl;
+
import android.util.Slog;
import java.io.ByteArrayInputStream;
@@ -37,7 +40,7 @@
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509ExtendedTrustManager;
+import javax.net.ssl.X509TrustManager;
/**
* Class responsible for all server certificate validation functionality
@@ -60,7 +63,7 @@
.getDefaultHostnameVerifier();
}
- private X509ExtendedTrustManager mTrustManager;
+ private X509TrustManager mTrustManager;
/**
* @return The singleton instance of the certificates chain validator
@@ -78,8 +81,8 @@
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X.509");
tmf.init((KeyStore) null);
for (TrustManager tm : tmf.getTrustManagers()) {
- if (tm instanceof X509ExtendedTrustManager) {
- mTrustManager = (X509ExtendedTrustManager) tm;
+ if (tm instanceof X509TrustManager) {
+ mTrustManager = (X509TrustManager) tm;
}
}
} catch (NoSuchAlgorithmException e) {
@@ -90,7 +93,7 @@
if (mTrustManager == null) {
throw new RuntimeException(
- "None of the X.509 TrustManagers are X509ExtendedTrustManager");
+ "None of the X.509 TrustManagers are X509TrustManager");
}
}
@@ -225,8 +228,13 @@
}
try {
- getInstance().getTrustManager().checkServerTrusted(chain, authType,
- new DelegatingSocketWrapper(domain));
+ X509TrustManager x509TrustManager = SSLParametersImpl.getDefaultX509TrustManager();
+ if (x509TrustManager instanceof TrustManagerImpl) {
+ TrustManagerImpl trustManager = (TrustManagerImpl) x509TrustManager;
+ trustManager.checkServerTrusted(chain, authType, domain);
+ } else {
+ x509TrustManager.checkServerTrusted(chain, authType);
+ }
return null; // No errors.
} catch (GeneralSecurityException e) {
if (HttpLog.LOGV) {
@@ -238,9 +246,9 @@
}
/**
- * Returns the platform default {@link X509ExtendedTrustManager}.
+ * Returns the platform default {@link X509TrustManager}.
*/
- private X509ExtendedTrustManager getTrustManager() {
+ private X509TrustManager getTrustManager() {
return mTrustManager;
}
@@ -268,4 +276,4 @@
throw new SSLHandshakeException(errorMessage);
}
-}
\ No newline at end of file
+}
diff --git a/core/java/android/net/http/DelegatingSSLSession.java b/core/java/android/net/http/DelegatingSSLSession.java
index ff75b24..98fbe21 100644
--- a/core/java/android/net/http/DelegatingSSLSession.java
+++ b/core/java/android/net/http/DelegatingSSLSession.java
@@ -24,12 +24,11 @@
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocket;
-import javax.net.ssl.X509ExtendedTrustManager;
+import javax.net.ssl.X509TrustManager;
/**
- * This is used when only a {@code hostname} is available but usage of the new API
- * {@link X509ExtendedTrustManager#checkServerTrusted(X509Certificate[], String, Socket)}
- * requires a {@link SSLSocket}.
+ * This is only used when a {@code certificate} is available but usage
+ * requires a {@link SSLSession}.
*
* @hide
*/
@@ -37,19 +36,6 @@
protected DelegatingSSLSession() {
}
- public static class HostnameWrap extends DelegatingSSLSession {
- private final String mHostname;
-
- public HostnameWrap(String hostname) {
- mHostname = hostname;
- }
-
- @Override
- public String getPeerHost() {
- return mHostname;
- }
- }
-
public static class CertificateWrap extends DelegatingSSLSession {
private final Certificate mCertificate;
@@ -169,4 +155,4 @@
public void removeValue(String name) {
throw new UnsupportedOperationException();
}
-}
\ No newline at end of file
+}
diff --git a/core/java/android/net/http/DelegatingSocketWrapper.java b/core/java/android/net/http/DelegatingSocketWrapper.java
deleted file mode 100644
index 230d017..0000000
--- a/core/java/android/net/http/DelegatingSocketWrapper.java
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Copyright 2014 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.http;
-
-import java.io.IOException;
-
-import javax.net.ssl.HandshakeCompletedListener;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.X509ExtendedTrustManager;
-
-/**
- * This is used when only a {@code hostname} is available for
- * {@link X509ExtendedTrustManager#checkServerTrusted(java.security.cert.X509Certificate[], String, Socket)}
- * but we want to use the new API that requires a {@link SSLSocket}.
- */
-class DelegatingSocketWrapper extends SSLSocket {
- private String hostname;
-
- public DelegatingSocketWrapper(String hostname) {
- this.hostname = hostname;
- }
-
- @Override
- public String[] getSupportedCipherSuites() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public String[] getEnabledCipherSuites() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void setEnabledCipherSuites(String[] suites) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public String[] getSupportedProtocols() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public String[] getEnabledProtocols() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void setEnabledProtocols(String[] protocols) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public SSLSession getSession() {
- return new DelegatingSSLSession.HostnameWrap(hostname);
- }
-
- @Override
- public void addHandshakeCompletedListener(HandshakeCompletedListener listener) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void removeHandshakeCompletedListener(HandshakeCompletedListener listener) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void startHandshake() throws IOException {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void setUseClientMode(boolean mode) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public boolean getUseClientMode() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void setNeedClientAuth(boolean need) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void setWantClientAuth(boolean want) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public boolean getNeedClientAuth() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public boolean getWantClientAuth() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void setEnableSessionCreation(boolean flag) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public boolean getEnableSessionCreation() {
- throw new UnsupportedOperationException();
- }
-}
\ No newline at end of file
diff --git a/core/java/android/net/http/X509TrustManagerExtensions.java b/core/java/android/net/http/X509TrustManagerExtensions.java
index 830ddce..6a63a0c 100644
--- a/core/java/android/net/http/X509TrustManagerExtensions.java
+++ b/core/java/android/net/http/X509TrustManagerExtensions.java
@@ -24,7 +24,6 @@
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
-import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
/**
@@ -34,13 +33,6 @@
* verification of certificate chains after they have been successfully verified
* by the platform.
* </p>
- * <p>
- * If the returned certificate list is not needed, see also
- * {@code X509ExtendedTrustManager#checkServerTrusted(X509Certificate[], String, java.net.Socket)}
- * where an {@link SSLSocket} can be used to verify the given hostname during
- * handshake using
- * {@code SSLParameters#setEndpointIdentificationAlgorithm(String)}.
- * </p>
*/
public class X509TrustManagerExtensions {
@@ -73,8 +65,7 @@
*/
public List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType,
String host) throws CertificateException {
- return mDelegate.checkServerTrusted(chain, authType,
- new DelegatingSSLSession.HostnameWrap(host));
+ return mDelegate.checkServerTrusted(chain, authType, host);
}
/**