1725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker/* 2725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker * Copyright (C) 2015 The Android Open Source Project 3725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker * 4725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker * Licensed under the Apache License, Version 2.0 (the "License"); 5725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker * you may not use this file except in compliance with the License. 6725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker * You may obtain a copy of the License at 7725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker * 8725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker * http://www.apache.org/licenses/LICENSE-2.0 9725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker * 10725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker * Unless required by applicable law or agreed to in writing, software 11725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker * distributed under the License is distributed on an "AS IS" BASIS, 12725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker * See the License for the specific language governing permissions and 14725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker * limitations under the License. 15725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker */ 16725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker 17725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubakerpackage android.security.net.config; 18725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker 19725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubakerimport java.io.File; 20725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubakerimport java.security.cert.Certificate; 21725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubakerimport java.security.cert.X509Certificate; 22725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubakerimport java.util.Date; 23725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubakerimport java.util.Set; 24725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker 25725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubakerimport com.android.org.conscrypt.TrustedCertificateStore; 26725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker 27725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker/** @hide */ 28725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubakerpublic class TrustedCertificateStoreAdapter extends TrustedCertificateStore { 29725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker private final NetworkSecurityConfig mConfig; 30725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker 31725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker public TrustedCertificateStoreAdapter(NetworkSecurityConfig config) { 32725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker mConfig = config; 33725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker } 34725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker 35725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker @Override 36725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker public X509Certificate findIssuer(X509Certificate cert) { 37725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker TrustAnchor anchor = mConfig.findTrustAnchorByIssuerAndSignature(cert); 38725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker if (anchor == null) { 39725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker return null; 40725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker } 41725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker return anchor.certificate; 42725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker } 43725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker 44725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker @Override 45aa6c3c3e252252b80c3900bd4c1ff27d37265c6dChad Brubaker public Set<X509Certificate> findAllIssuers(X509Certificate cert) { 46aa6c3c3e252252b80c3900bd4c1ff27d37265c6dChad Brubaker return mConfig.findAllCertificatesByIssuerAndSignature(cert); 47aa6c3c3e252252b80c3900bd4c1ff27d37265c6dChad Brubaker } 48aa6c3c3e252252b80c3900bd4c1ff27d37265c6dChad Brubaker 49aa6c3c3e252252b80c3900bd4c1ff27d37265c6dChad Brubaker @Override 50725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker public X509Certificate getTrustAnchor(X509Certificate cert) { 51725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker TrustAnchor anchor = mConfig.findTrustAnchorBySubjectAndPublicKey(cert); 52725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker if (anchor == null) { 53725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker return null; 54725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker } 55725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker return anchor.certificate; 56725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker } 57725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker 58725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker @Override 59725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker public boolean isUserAddedCertificate(X509Certificate cert) { 60725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker // isUserAddedCertificate is used only for pinning overrides, so use overridesPins here. 61725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker TrustAnchor anchor = mConfig.findTrustAnchorBySubjectAndPublicKey(cert); 62725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker if (anchor == null) { 63725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker return false; 64725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker } 65725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker return anchor.overridesPins; 66725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker } 67725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker 68725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker @Override 69725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker public File getCertificateFile(File dir, X509Certificate x) { 70725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker // getCertificateFile is only used for tests, do not support it here. 71725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker throw new UnsupportedOperationException(); 72725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker } 73725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker 74725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker // The methods below are exposed in TrustedCertificateStore but not used by conscrypt, do not 75725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker // support them. 76725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker 77725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker @Override 78725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker public Certificate getCertificate(String alias) { 79725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker throw new UnsupportedOperationException(); 80725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker } 81725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker 82725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker @Override 83725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker public Certificate getCertificate(String alias, boolean includeDeletedSystem) { 84725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker throw new UnsupportedOperationException(); 85725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker } 86725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker 87725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker @Override 88725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker public Date getCreationDate(String alias) { 89725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker throw new UnsupportedOperationException(); 90725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker } 91725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker 92725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker @Override 93725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker public Set<String> aliases() { 94725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker throw new UnsupportedOperationException(); 95725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker } 96725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker 97725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker @Override 98725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker public Set<String> userAliases() { 99725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker throw new UnsupportedOperationException(); 100725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker } 101725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker 102725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker @Override 103725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker public Set<String> allSystemAliases() { 104725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker throw new UnsupportedOperationException(); 105725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker } 106725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker 107725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker @Override 108725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker public boolean containsAlias(String alias) { 109725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker throw new UnsupportedOperationException(); 110725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker } 111725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker 112725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker @Override 113725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker public String getCertificateAlias(Certificate c) { 114725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker throw new UnsupportedOperationException(); 115725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker } 116725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker 117725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker @Override 118725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker public String getCertificateAlias(Certificate c, boolean includeDeletedSystem) { 119725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker throw new UnsupportedOperationException(); 120725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker } 121725fefb38a4cb0ab89de439f8131d6c46ccd8b17Chad Brubaker} 122