Home | History | Annotate | Download | only in http 
      1 /*
      2  * Copyright (C) 2012 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 package android.net.http;
     18 
     19 import com.android.org.conscrypt.TrustManagerImpl;
     20 
     21 import java.security.cert.CertificateException;
     22 import java.security.cert.X509Certificate;
     23 import java.util.List;
     24 
     25 import javax.net.ssl.SSLParameters;
     26 import javax.net.ssl.SSLSocket;
     27 import javax.net.ssl.X509TrustManager;
     28 
     29 /**
     30  * X509TrustManager wrapper exposing Android-added features.
     31  * <p>
     32  * The checkServerTrusted method allows callers to perform additional
     33  * verification of certificate chains after they have been successfully verified
     34  * by the platform.
     35  * </p>
     36  */
     37 public class X509TrustManagerExtensions {
     38 
     39     TrustManagerImpl mDelegate;
     40 
     41     /**
     42      * Constructs a new X509TrustManagerExtensions wrapper.
     43      *
     44      * @param tm A {@link X509TrustManager} as returned by TrustManagerFactory.getInstance();
     45      * @throws IllegalArgumentException If tm is an unsupported TrustManager type.
     46      */
     47     public X509TrustManagerExtensions(X509TrustManager tm) throws IllegalArgumentException {
     48         if (tm instanceof TrustManagerImpl) {
     49             mDelegate = (TrustManagerImpl) tm;
     50         } else {
     51             throw new IllegalArgumentException("tm is an instance of " + tm.getClass().getName() +
     52                     " which is not a supported type of X509TrustManager");
     53         }
     54     }
     55 
     56     /**
     57      * Verifies the given certificate chain.
     58      *
     59      * <p>See {@link X509TrustManager#checkServerTrusted(X509Certificate[], String)} for a
     60      * description of the chain and authType parameters. The final parameter, host, should be the
     61      * hostname of the server.</p>
     62      *
     63      * @throws CertificateException if the chain does not verify correctly.
     64      * @return the properly ordered chain used for verification as a list of X509Certificates.
     65      */
     66     public List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType,
     67                                                     String host) throws CertificateException {
     68         return mDelegate.checkServerTrusted(chain, authType, host);
     69     }
     70 
     71     /**
     72      * Checks whether a CA certificate is added by an user.
     73      *
     74      * <p>Since {@link X509TrustManager#checkServerTrusted} allows its parameter {@code chain} to
     75      * chain up to user-added CA certificates, this method can be used to perform additional
     76      * policies for user-added CA certificates.
     77      *
     78      * @return {@code true} to indicate that the certificate was added by the user, {@code false}
     79      * otherwise.
     80      */
     81     public boolean isUserAddedCertificate(X509Certificate cert) {
     82         return mDelegate.isUserAddedCertificate(cert);
     83     }
     84 }
     85