1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.net.http;
18
19import org.apache.harmony.xnet.provider.jsse.TrustManagerImpl;
20
21import java.security.cert.CertificateException;
22import java.security.cert.X509Certificate;
23import java.util.List;
24
25import javax.net.ssl.X509TrustManager;
26
27/**
28 * X509TrustManager wrapper exposing Android-added features.
29 *
30 * <p> The checkServerTrusted method allows callers to perform additional
31 * verification of certificate chains after they have been successfully
32 * verified by the platform.</p>
33 */
34public class X509TrustManagerExtensions {
35
36    TrustManagerImpl mDelegate;
37
38    /**
39     * Constructs a new X509TrustManagerExtensions wrapper.
40     *
41     * @param tm A {@link X509TrustManager} as returned by TrustManagerFactory.getInstance();
42     * @throws IllegalArgumentException If tm is an unsupported TrustManager type.
43     */
44    public X509TrustManagerExtensions(X509TrustManager tm) throws IllegalArgumentException {
45        if (tm instanceof TrustManagerImpl) {
46            mDelegate = (TrustManagerImpl) tm;
47        } else {
48            throw new IllegalArgumentException("tm is not a supported type of X509TrustManager");
49        }
50    }
51
52    /**
53     * Verifies the given certificate chain.
54     *
55     * <p>See {@link X509TrustManager#checkServerTrusted(X509Certificate[], String)} for a
56     * description of the chain and authType parameters. The final parameter, host, should be the
57     * hostname of the server.</p>
58     *
59     * @throws CertificateException if the chain does not verify correctly.
60     * @return the properly ordered chain used for verification as a list of X509Certificates.
61     */
62    public List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType,
63                                                    String host) throws CertificateException {
64        return mDelegate.checkServerTrusted(chain, authType, host);
65    }
66}
67