summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Chad Brubaker <cbrubaker@google.com> 2015-12-14 11:55:05 -0800
committer android-build-merger <android-build-merger@google.com> 2015-12-14 11:55:05 -0800
commit15ea45c848fbf9e70bbfe6afbfb25d39ce406c80 (patch)
tree4d1935a5c29538536e44e775692c0231c8d43745
parent3dee9db6516fd97d7db3641fc81533cc3553fde8 (diff)
parent49ce7dc2baa9ee867fc7b78301c65fab2168a9b2 (diff)
Merge "Check for null hostnames in RootTrustManager"
am: 49ce7dc2ba * commit '49ce7dc2baa9ee867fc7b78301c65fab2168a9b2': Check for null hostnames in RootTrustManager
Diffstat
-rw-r--r--core/java/android/security/net/config/RootTrustManager.java4
-rw-r--r--tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java11
2 files changed, 15 insertions, 0 deletions
diff --git a/core/java/android/security/net/config/RootTrustManager.java b/core/java/android/security/net/config/RootTrustManager.java
index e307ad00275e..b4e58e6e9da6 100644
--- a/core/java/android/security/net/config/RootTrustManager.java
+++ b/core/java/android/security/net/config/RootTrustManager.java
@@ -71,6 +71,10 @@ public class RootTrustManager implements X509TrustManager {
*/
public List<X509Certificate> checkServerTrusted(X509Certificate[] certs, String authType,
String hostname) throws CertificateException {
+ if (hostname == null && mConfig.hasPerDomainConfigs()) {
+ throw new CertificateException(
+ "Domain specific configurations require that the hostname be provided");
+ }
NetworkSecurityConfig config = mConfig.getConfigForHostname(hostname);
return config.getTrustManager().checkServerTrusted(certs, authType, hostname);
}
diff --git a/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java b/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java
index 998bb681dd24..35e3ef4c38cc 100644
--- a/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java
+++ b/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java
@@ -22,6 +22,7 @@ import android.test.MoreAsserts;
import android.util.ArraySet;
import android.util.Pair;
import java.io.IOException;
+import java.net.InetAddress;
import java.net.Socket;
import java.net.URL;
import java.security.KeyStore;
@@ -34,6 +35,7 @@ import java.util.Set;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
+import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
@@ -103,6 +105,15 @@ public class XmlConfigTests extends AndroidTestCase {
TestUtils.assertConnectionFails(context, "developer.android.com", 443);
TestUtils.assertUrlConnectionFails(context, "google.com", 443);
TestUtils.assertUrlConnectionSucceeds(context, "android.com", 443);
+ // Check that sockets created without the hostname fail with per-domain configs
+ SSLSocket socket = (SSLSocket) context.getSocketFactory()
+ .createSocket(InetAddress.getByName("android.com"), 443);
+ try {
+ socket.startHandshake();
+ socket.getInputStream();
+ fail();
+ } catch (IOException expected) {
+ }
}
public void testBasicPinning() throws Exception {
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-10-22 05:49:18 +0000