Implement TestRootCerts for Android

net/android/java/src/org/chromium/net/X509Util.java

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 package org.chromium.net;
 
 import android.util.Log;
 
 import java.io.ByteArrayInputStream;
+import java.io.IOException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509TrustManager;
 
 public class X509Util {
 
     private static final String TAG = X509Util.class.getName();
 
     private static CertificateFactory sCertificateFactory;
 
     /**
-     * Default sources of authentication trust decisions and certificate object
-     * creation.
+     * Trust manager backed up by the read-only system certificate store.
      */
     private static X509TrustManager sDefaultTrustManager;
 
     /**
-     * Ensures that |sCertificateFactory| and |sDefaultTrustManager| are
-     * initialized.
+     * Trust manager backed up by a custom certificate store.
+     */
+    private static X509TrustManager sLocalTrustManager;
+    private static KeyStore sLocalKeyStore;
+
+    /**
+     * Ensures that the trust managers and certificate factory are initialized.
      */
     private static synchronized void ensureInitialized() throws CertificateException,
             KeyStoreException, NoSuchAlgorithmException {
         if (sCertificateFactory == null) {
             sCertificateFactory = CertificateFactory.getInstance("X.509");
         }
         if (sDefaultTrustManager == null) {
-            sDefaultTrustManager = X509Util.createDefaultTrustManager();
+            sDefaultTrustManager = X509Util.createTrustManager(null);
+        }
+        if (sLocalKeyStore == null) {
+            sLocalKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+            try {
+                sLocalKeyStore.load(null);
+            } catch(IOException e) {} // No IO operation is attempted.
+        }
+        if (sLocalTrustManager == null) {
+            sLocalTrustManager = X509Util.createTrustManager(sLocalKeyStore);
         }
     }
 
     /**
-     * Creates a TrustManagerFactory and returns the X509TrustManager instance
-     * if one can be found.
-     *
-     * @throws CertificateException,KeyStoreException,NoSuchAlgorithmException
-     *             on error initializing the TrustManager.
+     * Creates a X509TrustManager backed up by the given key store. When null
+     * is passed as a key store, system default trust store is used.
+     * @throws KeyStoreException, NoSuchAlgorithmException on error
+     * initializing the TrustManager.
      */
-    private static X509TrustManager createDefaultTrustManager()
+    private static X509TrustManager createTrustManager(KeyStore keyStore)
             throws KeyStoreException, NoSuchAlgorithmException {
         String algorithm = TrustManagerFactory.getDefaultAlgorithm();
         TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
-        tmf.init((KeyStore) null);
+        tmf.init(keyStore);
 
         for (TrustManager tm : tmf.getTrustManagers()) {
             if (tm instanceof X509TrustManager) {
                 return (X509TrustManager) tm;
             }
         }
         return null;
     }
 
     /**
-     * Convert a DER encoded certificate to an X509Certificate
+     * Convert a DER encoded certificate to an X509Certificate.
      */
     public static X509Certificate createCertificateFromBytes(byte[] derBytes) throws
             CertificateException, KeyStoreException, NoSuchAlgorithmException {
         ensureInitialized();
         return (X509Certificate) sCertificateFactory.generateCertificate(
                 new ByteArrayInputStream(derBytes));
     }
 
+    public static void addLocalRootCertificate(byte[] rootCertBytes)
+            throws CertificateException, KeyStoreException,
+            NoSuchAlgorithmException {
+        ensureInitialized();
+        X509Certificate rootCert = createCertificateFromBytes(rootCertBytes);
+        sLocalKeyStore.setCertificateEntry(
+                "root_cert_" + Integer.toString(sLocalKeyStore.size()),
+                rootCert);
+    }
+
+    public static void clearLocalRootCertificates()
+            throws NoSuchAlgorithmException, CertificateException, KeyStoreException {
+        ensureInitialized();
+        try {
+            sLocalKeyStore.load(null);
+        } catch(IOException e) {} // No IO operation is attempted.
+
+    }
+
     public static boolean verifyServerCertificates(byte[][] certChain, String authType)
             throws CertificateException, KeyStoreException, NoSuchAlgorithmException {
         if (certChain == null || certChain.length == 0 || certChain[0] == null) {
             throw new IllegalArgumentException("Expected non-null and non-empty certificate " +
                     "chain passed as |certChain|. |certChain|=" + certChain);
         }
 
         ensureInitialized();
         X509Certificate[] serverCertificates = new X509Certificate[certChain.length];
         for (int i = 0; i < certChain.length; ++i) {
             serverCertificates[i] = createCertificateFromBytes(certChain[i]);
         }
 
         try {
             sDefaultTrustManager.checkServerTrusted(serverCertificates, authType);
             return true;
         } catch (CertificateException e) {
-            Log.i(TAG, "failed to validate the certificate chain, error: " +
-                    e.getMessage());
+            try {

[digit1, 2012/11/28 10:42:34]

I think it'd be preferable to separate the usage of the default and local trust
manager. What I mean is that, during tests, we probably don't want to use the
default trust manager at all.

What about adding a static flag that is set when any of
AddLocal.../ClearAllLocal.. is being called, and test it here to select the
trust manager?

[ppi, 2012/11/28 13:37:31]

Sounds right, thanks.

In patch set 2 I use additional reference pointing either to the local or to the
system trust manager. Please let me know what do you think.

On 2012/11/28 10:42:34, digit1 wrote:

+                sLocalTrustManager.checkServerTrusted(serverCertificates, authType);
+                return true;
+            }
+            catch (CertificateException eInner) {
+                Log.i(TAG, "failed to validate the certificate chain, error: " +
+                    eInner.getMessage());

[digit1, 2012/11/28 10:42:34]

Doesn't this lose the exception message from the default trust manager? Is this
important?

[ppi, 2012/11/28 13:37:31]

Thanks, n/a in patch set 2.

On 2012/11/28 10:42:34, digit1 wrote:

+            }
         }
         return false;
     }
 
 }