| OLD | NEW |
|---|
| 1 // Copyright 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 package org.chromium.net; | 5 package org.chromium.net; |
| 6 | 6 |
| 7 import android.annotation.SuppressLint; | 7 import android.annotation.SuppressLint; |
| 8 import android.content.BroadcastReceiver; | 8 import android.content.BroadcastReceiver; |
| 9 import android.content.Context; | 9 import android.content.Context; |
| 10 import android.content.Intent; | 10 import android.content.Intent; |
| (...skipping 354 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 365 | 365 |
| 366 if (!(anchor instanceof X509Certificate)) { | 366 if (!(anchor instanceof X509Certificate)) { |
| 367 // This should never happen. | 367 // This should never happen. |
| 368 String className = anchor.getClass().getName(); | 368 String className = anchor.getClass().getName(); |
| 369 Log.e(TAG, "Anchor " + alias + " not an X509Certificate: " + cla
ssName); | 369 Log.e(TAG, "Anchor " + alias + " not an X509Certificate: " + cla
ssName); |
| 370 continue; | 370 continue; |
| 371 } | 371 } |
| 372 | 372 |
| 373 // If the subject and public key match, this is a system root. | 373 // If the subject and public key match, this is a system root. |
| 374 X509Certificate anchorX509 = (X509Certificate) anchor; | 374 X509Certificate anchorX509 = (X509Certificate) anchor; |
| 375 if (root.getSubjectX500Principal().equals(anchorX509.getSubjectX500P
rincipal()) && | 375 if (root.getSubjectX500Principal().equals(anchorX509.getSubjectX500P
rincipal()) |
| 376 root.getPublicKey().equals(anchorX509.getPublicKey())) { | 376 && root.getPublicKey().equals(anchorX509.getPublicKey())) { |
| 377 sSystemTrustAnchorCache.add(key); | 377 sSystemTrustAnchorCache.add(key); |
| 378 return true; | 378 return true; |
| 379 } | 379 } |
| 380 } | 380 } |
| 381 | 381 |
| 382 return false; | 382 return false; |
| 383 } | 383 } |
| 384 | 384 |
| 385 /** | 385 /** |
| 386 * If an EKU extension is present in the end-entity certificate, it MUST con
tain either the | 386 * If an EKU extension is present in the end-entity certificate, it MUST con
tain either the |
| (...skipping 11 matching lines...) Expand all Loading... |
| 398 ekuOids = certificate.getExtendedKeyUsage(); | 398 ekuOids = certificate.getExtendedKeyUsage(); |
| 399 } catch (NullPointerException e) { | 399 } catch (NullPointerException e) { |
| 400 // getExtendedKeyUsage() can crash due to an Android platform bug. T
his probably | 400 // getExtendedKeyUsage() can crash due to an Android platform bug. T
his probably |
| 401 // happens when the EKU extension data is malformed so return false
here. | 401 // happens when the EKU extension data is malformed so return false
here. |
| 402 // See http://crbug.com/233610 | 402 // See http://crbug.com/233610 |
| 403 return false; | 403 return false; |
| 404 } | 404 } |
| 405 if (ekuOids == null) return true; | 405 if (ekuOids == null) return true; |
| 406 | 406 |
| 407 for (String ekuOid : ekuOids) { | 407 for (String ekuOid : ekuOids) { |
| 408 if (ekuOid.equals(OID_TLS_SERVER_AUTH) || | 408 if (ekuOid.equals(OID_TLS_SERVER_AUTH) |
| 409 ekuOid.equals(OID_ANY_EKU) || | 409 || ekuOid.equals(OID_ANY_EKU) |
| 410 ekuOid.equals(OID_SERVER_GATED_NETSCAPE) || | 410 || ekuOid.equals(OID_SERVER_GATED_NETSCAPE) |
| 411 ekuOid.equals(OID_SERVER_GATED_MICROSOFT)) { | 411 || ekuOid.equals(OID_SERVER_GATED_MICROSOFT)) { |
| 412 return true; | 412 return true; |
| 413 } | 413 } |
| 414 } | 414 } |
| 415 | 415 |
| 416 return false; | 416 return false; |
| 417 } | 417 } |
| 418 | 418 |
| 419 public static AndroidCertVerifyResult verifyServerCertificates(byte[][] cert
Chain, | 419 public static AndroidCertVerifyResult verifyServerCertificates(byte[][] cert
Chain, |
| 420 String authTy
pe, | 420 String authTy
pe, |
| 421 String host) | 421 String host) |
| 422 throws KeyStoreException, NoSuchAlgorithmException { | 422 throws KeyStoreException, NoSuchAlgorithmException { |
| 423 if (certChain == null || certChain.length == 0 || certChain[0] == null)
{ | 423 if (certChain == null || certChain.length == 0 || certChain[0] == null)
{ |
| 424 throw new IllegalArgumentException("Expected non-null and non-empty
certificate " + | 424 throw new IllegalArgumentException("Expected non-null and non-empty
certificate " |
| 425 "chain passed as |certChain|. |certChain|=" + Arrays.deepToS
tring(certChain)); | 425 + "chain passed as |certChain|. |certChain|=" + Arrays.deepT
oString(certChain)); |
| 426 } | 426 } |
| 427 | 427 |
| 428 | 428 |
| 429 try { | 429 try { |
| 430 ensureInitialized(); | 430 ensureInitialized(); |
| 431 } catch (CertificateException e) { | 431 } catch (CertificateException e) { |
| 432 return new AndroidCertVerifyResult(CertVerifyStatusAndroid.FAILED); | 432 return new AndroidCertVerifyResult(CertVerifyStatusAndroid.FAILED); |
| 433 } | 433 } |
| 434 | 434 |
| 435 X509Certificate[] serverCertificates = new X509Certificate[certChain.len
gth]; | 435 X509Certificate[] serverCertificates = new X509Certificate[certChain.len
gth]; |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 468 try { | 468 try { |
| 469 verifiedChain = sDefaultTrustManager.checkServerTrusted(serverCe
rtificates, | 469 verifiedChain = sDefaultTrustManager.checkServerTrusted(serverCe
rtificates, |
| 470 authType
, host); | 470 authType
, host); |
| 471 } catch (CertificateException eDefaultManager) { | 471 } catch (CertificateException eDefaultManager) { |
| 472 try { | 472 try { |
| 473 verifiedChain = sTestTrustManager.checkServerTrusted(serverC
ertificates, | 473 verifiedChain = sTestTrustManager.checkServerTrusted(serverC
ertificates, |
| 474 authTyp
e, host); | 474 authTyp
e, host); |
| 475 } catch (CertificateException eTestManager) { | 475 } catch (CertificateException eTestManager) { |
| 476 // Neither of the trust managers confirms the validity of th
e certificate chain, | 476 // Neither of the trust managers confirms the validity of th
e certificate chain, |
| 477 // log the error message returned by the system trust manage
r. | 477 // log the error message returned by the system trust manage
r. |
| 478 Log.i(TAG, "Failed to validate the certificate chain, error:
" + | 478 Log.i(TAG, "Failed to validate the certificate chain, error:
" |
| 479 eDefaultManager.getMessage()); | 479 + eDefaultManager.getMessage()); |
| 480 return new AndroidCertVerifyResult( | 480 return new AndroidCertVerifyResult( |
| 481 CertVerifyStatusAndroid.NO_TRUSTED_ROOT); | 481 CertVerifyStatusAndroid.NO_TRUSTED_ROOT); |
| 482 } | 482 } |
| 483 } | 483 } |
| 484 | 484 |
| 485 boolean isIssuedByKnownRoot = false; | 485 boolean isIssuedByKnownRoot = false; |
| 486 if (verifiedChain.size() > 0) { | 486 if (verifiedChain.size() > 0) { |
| 487 X509Certificate root = verifiedChain.get(verifiedChain.size() -
1); | 487 X509Certificate root = verifiedChain.get(verifiedChain.size() -
1); |
| 488 isIssuedByKnownRoot = isKnownRoot(root); | 488 isIssuedByKnownRoot = isKnownRoot(root); |
| 489 } | 489 } |
| (...skipping 16 matching lines...) Expand all Loading... |
| 506 */ | 506 */ |
| 507 private static native void nativeRecordCertVerifyCapabilitiesHistogram( | 507 private static native void nativeRecordCertVerifyCapabilitiesHistogram( |
| 508 boolean foundSystemTrustRoots); | 508 boolean foundSystemTrustRoots); |
| 509 | 509 |
| 510 /** | 510 /** |
| 511 * Returns the application context. | 511 * Returns the application context. |
| 512 */ | 512 */ |
| 513 private static native Context nativeGetApplicationContext(); | 513 private static native Context nativeGetApplicationContext(); |
| 514 | 514 |
| 515 } | 515 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 744453002:
Fix a bunch of Java Checkstyle issues. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master