| 00a4e299694ccf5edc07894ca46e38602e9b4a38 |
|
12-Apr-2016 |
Chad Brubaker <cbrubaker@google.com> |
Fix isUserAddedCertificate
Check if the CA is in the user store directly instead of delegating to
the TrustManager. This removes one more reflection dependency between
X509TrustManagerExtensions and the default X509TrustManager.
Bug: 28138736
Change-Id: I16c17bf6230becdc0a1948b1d184212f83ee25f0
/frameworks/base/core/java/android/security/net/config/NetworkSecurityTrustManager.java
|
| 0f5d386a769cafa3f4faf93f17acb22503b6fd3e |
|
27-Mar-2016 |
Chad Brubaker <cbrubaker@google.com> |
Use X509ExtendedTrustManagers
Move the X509TrustManagers for the Network Security Config from
X509TrustManagers to X509ExtendedTrustManagers.
Bug: 27271561
Change-Id: I084a6c6022fe69730192d2bdcbabaf58e8f92f04
/frameworks/base/core/java/android/security/net/config/NetworkSecurityTrustManager.java
|
| bf9a82a6433701aa2f02761f3a7c425ffef4fa09 |
|
25-Mar-2016 |
Chad Brubaker <cbrubaker@google.com> |
Add handleTrustStorageUpdate
This pruns all the stored trusted issuers so that changes to the system
or user CA store are detected. Currently this is only exposed as a
TestApi, but it can be hooked up to the trusted storage change event
in a future commit.
Bug: 27526668
Change-Id: Ic426254babab9a3177c968bc05b45e95eaac1fdd
/frameworks/base/core/java/android/security/net/config/NetworkSecurityTrustManager.java
|
| efb4f91bdbbd274a120f100337e802e39582fd80 |
|
16-Feb-2016 |
Chad Brubaker <cbrubaker@google.com> |
Fix getAcceptedIssuers
Delegating to the TrustManagerImpl doesn't work correctly with
getAcceptedIssuers, do it in NetworkSecurityTrustManager instead.
Bug: 27124116
Change-Id: Ie527d63aaa115e6137396e07c7d134b1c42bfe87
/frameworks/base/core/java/android/security/net/config/NetworkSecurityTrustManager.java
|
| 725fefb38a4cb0ab89de439f8131d6c46ccd8b17 |
|
25-Nov-2015 |
Chad Brubaker <cbrubaker@google.com> |
Use a custom TrustedCertificateStore
Providing a TrustedCertificateStore to TrustManagerImpl avoids loading
all of the trusted certificates into memory and indexing them. This
is mainly for the system certificate store where loading all of the
store into memory is wasteful for most applications.
Change-Id: I9e6057f6a13d38ea7762fcac2f62bd3ff475af39
/frameworks/base/core/java/android/security/net/config/NetworkSecurityTrustManager.java
|
| d3af9620817220d737fdb532c1ae1032bdd65e11 |
|
16-Nov-2015 |
Chad Brubaker <cbrubaker@google.com> |
Expose findTrustAnchorBySubjectAndPublicKey
This allows for faster lookups of TrustAnchors when checking pin
overrides without needing to iterate over all certificates.
Currently only the system and user trusted certificate store are
optimized to avoid reading the entire source before doing the trust
anchor lookup, improvements to the resource source will come in a later
commit.
This also refactors System/UserCertificateSource to avoid code
duplication.
Change-Id: Ice00c5e047140f3d102306937556b761faaf0d0e
/frameworks/base/core/java/android/security/net/config/NetworkSecurityTrustManager.java
|
| bdd13f02bcb6d8620b76eec18bfcce9250939734 |
|
25-Nov-2015 |
Chad Brubaker <cbrubaker@google.com> |
Implement checkClientTrusted
Bug: 25885029
Change-Id: I07ef11a556f1a1a65456ae5e3904c56902c6e82a
/frameworks/base/core/java/android/security/net/config/NetworkSecurityTrustManager.java
|
| 93962c2f0118bcda78ffde7e0b6be73da7ab2500 |
|
11-Nov-2015 |
Chad Brubaker <cbrubaker@google.com> |
Support X509TrustManagerExtensions methods
Change-Id: I14a405e90f139b8d73eb9f88597fac804a7c18f3
/frameworks/base/core/java/android/security/net/config/NetworkSecurityTrustManager.java
|
| 6bc1e3966c4890ee3d47b5e527b800f2700ed627 |
|
24-Oct-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add initial network security config implementation
Initial implementation of a unified application wide static
network security configuration.
This currently encompases:
* Trust decisions such as what trust anchors to use as well as static
certificate pinning.
* Policy on what to do with cleartext traffic.
In order to prevent issues due to interplay of various components in an
application and their potentially different security requirements
configuration can be specified at a per-domain granularity in addition
to application wide defaults.
This change contains the internal data structures and trust management
code, hooking these up in application startup will come in a future
commit.
Change-Id: I53ce5ba510a4221d58839e61713262a8f4c6699c
/frameworks/base/core/java/android/security/net/config/NetworkSecurityTrustManager.java
|