| 405d4db50b3db1fc5e015475218e190d193332d4 |
|
14-Sep-2010 |
Brian Carlstrom <bdc@google.com> |
Rename internal SSLParameters to SSLParametersImpl to avoid collision with new javax.net.ssl.SSLParameters
Bug: 2672817
Change-Id: Ibe20830f024f76232f3628cfca922d49a5a06bef
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 2269d1572e5fcfb725ea55f5764d8c3280d69f6d |
|
25-Feb-2010 |
Dianne Hackborn <hackbod@google.com> |
Re-arrange android-common so framework no longer links with it.
This is the framework part, moving classes around so the framework
no longer needs to link to android-common. Makes some APIs public,
others that didn't need to be public are private in the framework,
some small things are copied.
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| c4e834dc47885c8dbd3a2911ce4b9fccde21c800 |
|
08-Jan-2010 |
Huahui Wu <hwu@google.com> |
Rebuild a cleaner certificates chain before validating it.
This change cleans the server certificates:
1. Use the end-entity certificate as found in the chain received from the server as the end-entity cert for the newly built chain.
2. Look at the last cert in the newly built chain, specifically it's "issuer" field. If there's a cert in the chain as received with this as the "subject", and this cert hasn't yet been moved into the newly built chain, move it there (as the new last cert). Repeat this step 2 until you can't continue (because there's no matching previously unused cert left).
3. If the last certificate in the new chain has expired (and it's not the end-entity cert), remember this fact, and remove it (so that we can try if we can validating the chain for a different root). If in this case it turns out that we still can't validate the chain, it's probably the cert expiry error that should be displayed.
This CL also cleans the redundant error detection code and reduces the error messages to two types, which are the only two make differences to the user:
a. SSL_IDMISMATCH for name mismatch,
b. SSL_UNTRUSTED for other reasons.
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 8f028a94fc533e75077485a7d11a04e4de820335 |
|
08-Jan-2010 |
Makoto Onuki <omakoto@google.com> |
Moved DomainNameChecker to android common.
- Moved DomainNameChecker from android.net.http to android common, and renamed to DomainNameValidator.
- Added a simplified version of DNParser, which DomainNameValidator uses instead of X509Name in order to extract Subject Name from a certificate.
- Added unit tests for DomainNameChecker and DNParser.
There's a suspicious comment in DomainNameChecker saying something like "X509Certificate fails to parse a certificate when a subject alt name begins with '*'". I think we should fix it if it's really the case -- otherwise certificates with the wildcard wouldn't work. I'll see if it's true after submitting this patch.
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| e97c2006bf7c391c933307e520a392e532aa5d6a |
|
21-Aug-2009 |
Bob Lee <crazybob@google.com> |
Updated Browser and MCS to use shared default trust manager instead of initializing their own copies.
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 886f3d69b79748fe937725e33b8bbb3d67ab82c7 |
|
25-Mar-2009 |
Bob Lee <> |
Automated import from //branches/donutburger/...@141355,141355
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 9066cfe9886ac131c34d59ed0e2d287b0e3c0087 |
|
04-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@135843
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| d83a98f4ce9cfa908f5c54bbd70f03eec07e7553 |
|
04-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@135843
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 076357b8567458d4b6dfdcf839ef751634cd2bfb |
|
03-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@132589
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 3dec7d563a2f3e1eb967ce2054a00b6620e3558c |
|
03-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@137055
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|
| 54b6cfa9a9e5b861a9930af873580d6dc20f773c |
|
21-Oct-2008 |
The Android Open Source Project <initial-contribution@android.com> |
Initial Contribution
/frameworks/base/core/java/android/net/http/CertificateChainValidator.java
|