16bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker/* 26bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker * Copyright (C) 2015 The Android Open Source Project 36bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker * 46bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker * Licensed under the Apache License, Version 2.0 (the "License"); 56bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker * you may not use this file except in compliance with the License. 66bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker * You may obtain a copy of the License at 76bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker * 86bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker * http://www.apache.org/licenses/LICENSE-2.0 96bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker * 106bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker * Unless required by applicable law or agreed to in writing, software 116bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker * distributed under the License is distributed on an "AS IS" BASIS, 126bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 136bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker * See the License for the specific language governing permissions and 146bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker * limitations under the License. 156bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker */ 166bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker 176bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubakerpackage android.security.net.config; 186bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker 196bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubakerimport android.util.ArraySet; 206bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubakerimport java.security.cert.X509Certificate; 21aa6c3c3e252252b80c3900bd4c1ff27d37265c6dChad Brubakerimport java.util.Set; 226bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker 236bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker/** @hide */ 246bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubakerpublic final class CertificatesEntryRef { 256bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker private final CertificateSource mSource; 266bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker private final boolean mOverridesPins; 276bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker 286bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker public CertificatesEntryRef(CertificateSource source, boolean overridesPins) { 296bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker mSource = source; 306bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker mOverridesPins = overridesPins; 316bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker } 326bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker 33d3af9620817220d737fdb532c1ae1032bdd65e11Chad Brubaker boolean overridesPins() { 34d3af9620817220d737fdb532c1ae1032bdd65e11Chad Brubaker return mOverridesPins; 35d3af9620817220d737fdb532c1ae1032bdd65e11Chad Brubaker } 36d3af9620817220d737fdb532c1ae1032bdd65e11Chad Brubaker 376bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker public Set<TrustAnchor> getTrustAnchors() { 386bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker // TODO: cache this [but handle mutable sources] 396bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker Set<TrustAnchor> anchors = new ArraySet<TrustAnchor>(); 406bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker for (X509Certificate cert : mSource.getCertificates()) { 416bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker anchors.add(new TrustAnchor(cert, mOverridesPins)); 426bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker } 436bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker return anchors; 446bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker } 45d3af9620817220d737fdb532c1ae1032bdd65e11Chad Brubaker 46d3af9620817220d737fdb532c1ae1032bdd65e11Chad Brubaker public TrustAnchor findBySubjectAndPublicKey(X509Certificate cert) { 47d3af9620817220d737fdb532c1ae1032bdd65e11Chad Brubaker X509Certificate foundCert = mSource.findBySubjectAndPublicKey(cert); 48d3af9620817220d737fdb532c1ae1032bdd65e11Chad Brubaker if (foundCert == null) { 49d3af9620817220d737fdb532c1ae1032bdd65e11Chad Brubaker return null; 50d3af9620817220d737fdb532c1ae1032bdd65e11Chad Brubaker } 51d3af9620817220d737fdb532c1ae1032bdd65e11Chad Brubaker 52d3af9620817220d737fdb532c1ae1032bdd65e11Chad Brubaker return new TrustAnchor(foundCert, mOverridesPins); 53d3af9620817220d737fdb532c1ae1032bdd65e11Chad Brubaker } 54fa9beebb83abe38fa04c14dc628bc5c1b4b068cdChad Brubaker 55fa9beebb83abe38fa04c14dc628bc5c1b4b068cdChad Brubaker public TrustAnchor findByIssuerAndSignature(X509Certificate cert) { 56fa9beebb83abe38fa04c14dc628bc5c1b4b068cdChad Brubaker X509Certificate foundCert = mSource.findByIssuerAndSignature(cert); 57fa9beebb83abe38fa04c14dc628bc5c1b4b068cdChad Brubaker if (foundCert == null) { 58fa9beebb83abe38fa04c14dc628bc5c1b4b068cdChad Brubaker return null; 59fa9beebb83abe38fa04c14dc628bc5c1b4b068cdChad Brubaker } 60fa9beebb83abe38fa04c14dc628bc5c1b4b068cdChad Brubaker 61fa9beebb83abe38fa04c14dc628bc5c1b4b068cdChad Brubaker return new TrustAnchor(foundCert, mOverridesPins); 62fa9beebb83abe38fa04c14dc628bc5c1b4b068cdChad Brubaker } 63aa6c3c3e252252b80c3900bd4c1ff27d37265c6dChad Brubaker 64aa6c3c3e252252b80c3900bd4c1ff27d37265c6dChad Brubaker public Set<X509Certificate> findAllCertificatesByIssuerAndSignature(X509Certificate cert) { 65aa6c3c3e252252b80c3900bd4c1ff27d37265c6dChad Brubaker return mSource.findAllByIssuerAndSignature(cert); 66aa6c3c3e252252b80c3900bd4c1ff27d37265c6dChad Brubaker } 67bf9a82a6433701aa2f02761f3a7c425ffef4fa09Chad Brubaker 68bf9a82a6433701aa2f02761f3a7c425ffef4fa09Chad Brubaker public void handleTrustStorageUpdate() { 69bf9a82a6433701aa2f02761f3a7c425ffef4fa09Chad Brubaker mSource.handleTrustStorageUpdate(); 70bf9a82a6433701aa2f02761f3a7c425ffef4fa09Chad Brubaker } 716bc1e3966c4890ee3d47b5e527b800f2700ed627Chad Brubaker} 72