| bf9a82a6433701aa2f02761f3a7c425ffef4fa09 |
25-Mar-2016 |
Chad Brubaker <cbrubaker@google.com> |
Add handleTrustStorageUpdate
This pruns all the stored trusted issuers so that changes to the system
or user CA store are detected. Currently this is only exposed as a
TestApi, but it can be hooked up to the trusted storage change event
in a future commit.
Bug: 27526668
Change-Id: Ic426254babab9a3177c968bc05b45e95eaac1fdd
estCertificateSource.java
|
| 7cc736da82b814b383daaa59609372917fd004cd |
23-Mar-2016 |
Chad Brubaker <cbrubaker@google.com> |
Properly handle whitespace in domain entries
Domain entries can contain whitespace (or newlines) which should be
ignored to avoid unexpectedly failing to match a domain.
Bug: 27816377
Change-Id: I3691aa4abd409e7be97ad0cf1eb0195725e1b0ab
mlConfigTests.java
|
| 567f6f24747c80b4ab362a22985576c4f8a418fd |
29-Feb-2016 |
Chad Brubaker <cbrubaker@google.com> |
Allow debug-overrides to be specified in an extra resource
An application can specify its debug-overrides in an extra resource with
the same name suffixed with "_debug" (e.g. res/xml/security_config.xml and
res/xml/security_config_debug.xml).
By specifying the debug-overrides in an extra file release builds can
strip out the file (and any certificate resources that the
debug-overrides depend on) to prevent including testing configuration
information in the release build of an application.
Bug: 27418003
Change-Id: Ibfebc376360ca474fc0f9f2fd565faa0cffd9549
mlConfigTests.java
|
| 32d2a1024f75f7e917f2aca18d34322a46d36bcb |
24-Feb-2016 |
Chad Brubaker <cbrubaker@google.com> |
Dont trust the user added CA store by default for apps targeting N
Android's security model is such that the applications data is secure by
default unless the application specifically grants access to it.
Application data in transit should have similar security properties.
Bug: 27301579
Change-Id: I72f106aefecccd6edfcc1d3ae10131ad2f69a559
etworkSecurityConfigTests.java
|
| aa6c3c3e252252b80c3900bd4c1ff27d37265c6d |
18-Dec-2015 |
Chad Brubaker <cbrubaker@google.com> |
Support TrustedCertificateStore.findAllIssuers
Change-Id: I176ec42c9907e50ee218e4fb352b530ca797be46
estCertificateSource.java
|
| 49ce7dc2baa9ee867fc7b78301c65fab2168a9b2 |
14-Dec-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Check for null hostnames in RootTrustManager"
|
| dd586a46c9ce5f9790ae097f491b088300603452 |
11-Dec-2015 |
Chad Brubaker <cbrubaker@google.com> |
Check for null hostnames in RootTrustManager
Even if the hostname aware method is called if the hostname is null then
the destination is unknown and the configuration can be ambiguous.
Change-Id: I7cacbd57a42604933fdc882371f143dc0a20902d
mlConfigTests.java
|
| fa9beebb83abe38fa04c14dc628bc5c1b4b068cd |
25-Nov-2015 |
Chad Brubaker <cbrubaker@google.com> |
Expose findByIssuerAndSignature
This will be used to create a custom conscrypt TrustedCertificateStore
to avoid loading all of the trusted certificates into memory in a
keystore.
Change-Id: Iaf54b691393ecadae6c7ff56b8adc6a2a2923d29
estCertificateSource.java
|
| d3af9620817220d737fdb532c1ae1032bdd65e11 |
16-Nov-2015 |
Chad Brubaker <cbrubaker@google.com> |
Expose findTrustAnchorBySubjectAndPublicKey
This allows for faster lookups of TrustAnchors when checking pin
overrides without needing to iterate over all certificates.
Currently only the system and user trusted certificate store are
optimized to avoid reading the entire source before doing the trust
anchor lookup, improvements to the resource source will come in a later
commit.
This also refactors System/UserCertificateSource to avoid code
duplication.
Change-Id: Ice00c5e047140f3d102306937556b761faaf0d0e
estCertificateSource.java
mlConfigTests.java
|
| 5a1078f40dd511901c33ccf78be6e2d5081d6637 |
10-Nov-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add NetworkSecurityConfigProvider
Change-Id: I321e3ca94cc2a8d5e0e5d82a83b255ff5b8a71d2
estUtils.java
mlConfigTests.java
|
| 08d36202daeb3e668911c9902edb61b6894f822e |
09-Nov-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add support for debug-overrides configuration
Debug overrides are only used if the application is debuggable in
order to help local debugging and development by trusting additional
CAs. In a non-debuggable version of the application the debug-overrides
are ignored.
Trust anchors in the debug override configuration have two key
differences from those in base-config and domain-config:
1) trust anchors in the debug-overrides are trusted for all connections
in addition to any trust anchors included in the relevant base/domain
configs.
2) By default trust anchors in the debug config override pins, as their
purpose is for connecting to non-standard servers for debugging and
testing and those servers should not be pinned in the production
configuration.
Change-Id: I15ee98eae182be0ffaa49b06bc5e1c6c3d22baee
mlConfigTests.java
|
| bd173c28fcded629da722c6669f1b6478cdcd94f |
07-Nov-2015 |
Chad Brubaker <cbrubaker@google.com> |
Support nested domain-config elements
Nested domain-config inherit unset parameters from the domain-config
they are nested in. This helps avoid copy and pasted configs that are
almost the same except a few minor differences for a domain with
slightly different requirements.
For example: Consider a domain-config for example.com that, among other
settings, does not enforce hsts. Now if you want the rules for
example.com to apply to secure.example.com except that hsts _is_
enforced you can make a nested domain-config for secure.example.com
under example.com that sets hstsEnforced="true" and nothing else.
Change-Id: I9e33f7e62127fd7f4f15c3560fff2f2626477bd4
mlConfigTests.java
|
| 5f96702f582050c1598136ed2a748f76b981c94e |
05-Nov-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add xml source for network security configuration
XmlConfigSource parses an ApplicationConfig from an xml resource.
Currently this supports app-wide default configuration via the
base-config element, per domain via the domain-config element and
inheritance of unset properties at parse time.
Inheritance of unset properties is currently only:
domain-config -> base-config -> platform default configuration
Where the most specific value is used.
For example: If the base-config specifies trust anchors, all connections
will use those anchors except for connections to a domain which has a
domain-config that specifies trust anchors, in which case the
domain-config's trust anchors will be used. If the domain-config or
base-config don't set trust anchors, or don't exist, then the platform
default trust anchors will be used.
Nested domain-config entries, debug-overrides, and thorough
documentation of the xml format will follow in later commits.
Change-Id: I1232ff1e8079a81b340bc12e142f0889f6947aa0
etworkSecurityConfigTests.java
estUtils.java
mlConfigTests.java
|
| 80a73f5939364a07d8e83d3a90de6dc789e1b334 |
05-Nov-2015 |
Chad Brubaker <cbrubaker@google.com> |
Use a builder for NetworkSecurityConfig
The builder supports all the standard builder set* methods as well as
setting a parent builder to use when values are not set (recursively).
This allows us to have a level of inheretence in configurations without
complicating the lookup and trust checking logic by doing inheretence
when building the configs.
Change-Id: I054af83451e52761227479eadf9cb9803437505f
etworkSecurityConfigTests.java
|
| 6bc1e3966c4890ee3d47b5e527b800f2700ed627 |
24-Oct-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add initial network security config implementation
Initial implementation of a unified application wide static
network security configuration.
This currently encompases:
* Trust decisions such as what trust anchors to use as well as static
certificate pinning.
* Policy on what to do with cleartext traffic.
In order to prevent issues due to interplay of various components in an
application and their potentially different security requirements
configuration can be specified at a per-domain granularity in addition
to application wide defaults.
This change contains the internal data structures and trust management
code, hooking these up in application startup will come in a future
commit.
Change-Id: I53ce5ba510a4221d58839e61713262a8f4c6699c
etworkSecurityConfigTests.java
estCertificateSource.java
estConfigSource.java
|