1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package android.net.http; 18 19import com.android.org.conscrypt.TrustManagerImpl; 20 21import java.security.cert.CertificateException; 22import java.security.cert.X509Certificate; 23import java.util.List; 24 25import javax.net.ssl.SSLParameters; 26import javax.net.ssl.SSLSocket; 27import javax.net.ssl.X509TrustManager; 28 29/** 30 * X509TrustManager wrapper exposing Android-added features. 31 * <p> 32 * The checkServerTrusted method allows callers to perform additional 33 * verification of certificate chains after they have been successfully verified 34 * by the platform. 35 * </p> 36 */ 37public class X509TrustManagerExtensions { 38 39 TrustManagerImpl mDelegate; 40 41 /** 42 * Constructs a new X509TrustManagerExtensions wrapper. 43 * 44 * @param tm A {@link X509TrustManager} as returned by TrustManagerFactory.getInstance(); 45 * @throws IllegalArgumentException If tm is an unsupported TrustManager type. 46 */ 47 public X509TrustManagerExtensions(X509TrustManager tm) throws IllegalArgumentException { 48 if (tm instanceof TrustManagerImpl) { 49 mDelegate = (TrustManagerImpl) tm; 50 } else { 51 throw new IllegalArgumentException("tm is an instance of " + tm.getClass().getName() + 52 " which is not a supported type of X509TrustManager"); 53 } 54 } 55 56 /** 57 * Verifies the given certificate chain. 58 * 59 * <p>See {@link X509TrustManager#checkServerTrusted(X509Certificate[], String)} for a 60 * description of the chain and authType parameters. The final parameter, host, should be the 61 * hostname of the server.</p> 62 * 63 * @throws CertificateException if the chain does not verify correctly. 64 * @return the properly ordered chain used for verification as a list of X509Certificates. 65 */ 66 public List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType, 67 String host) throws CertificateException { 68 return mDelegate.checkServerTrusted(chain, authType, host); 69 } 70 71 /** 72 * Checks whether a CA certificate is added by an user. 73 * 74 * <p>Since {@link X509TrustManager#checkServerTrusted} allows its parameter {@code chain} to 75 * chain up to user-added CA certificates, this method can be used to perform additional 76 * policies for user-added CA certificates. 77 * 78 * @return {@code true} to indicate that the certificate was added by the user, {@code false} 79 * otherwise. 80 */ 81 public boolean isUserAddedCertificate(X509Certificate cert) { 82 return mDelegate.isUserAddedCertificate(cert); 83 } 84} 85