Merge "Implement checkClientTrusted"

am: 8e19803a6a * commit '8e19803a6a10ac44ca59cf15a2ae1f2eedb13cf8': Implement checkClientTrusted
author: Chad Brubaker <cbrubaker@google.com> 2015-11-25 20:41:03 +0000
committer: android-build-merger <android-build-merger@google.com> 2015-11-25 20:41:03 +0000
commit: a4a6cf9b51e903087e2c7f77f2dcb814a0b43fb8 (patch)
tree: 12852d3f9a5f3aa4b3d177196dc6d994653c329b
parent: 4bc1904119875dd0e8c63f87106e8ab293cc9a7a (diff)
parent: 8e19803a6a10ac44ca59cf15a2ae1f2eedb13cf8 (diff)
2 files changed, 11 insertions, 5 deletions
diff --git a/core/java/android/security/net/config/NetworkSecurityTrustManager.java b/core/java/android/security/net/config/NetworkSecurityTrustManager.java
index 7f5b3ca27bf4..2b860fac45c1 100644
--- a/core/java/android/security/net/config/NetworkSecurityTrustManager.java
+++ b/core/java/android/security/net/config/NetworkSecurityTrustManager.java
@@ -65,7 +65,7 @@ public class NetworkSecurityTrustManager implements X509TrustManager {
     @Override
     public void checkClientTrusted(X509Certificate[] chain, String authType)
             throws CertificateException {
-        throw new CertificateException("Client authentication not supported");
+        mDelegate.checkClientTrusted(chain, authType);
     }
 
     @Override
@@ -149,6 +149,6 @@ public class NetworkSecurityTrustManager implements X509TrustManager {
 
     @Override
     public X509Certificate[] getAcceptedIssuers() {
-        return new X509Certificate[0];
+        return mDelegate.getAcceptedIssuers();
     }
 }
diff --git a/core/java/android/security/net/config/RootTrustManager.java b/core/java/android/security/net/config/RootTrustManager.java
index b87bf1fe0695..e307ad00275e 100644
--- a/core/java/android/security/net/config/RootTrustManager.java
+++ b/core/java/android/security/net/config/RootTrustManager.java
@@ -35,7 +35,6 @@ import javax.net.ssl.X509TrustManager;
  * @hide */
 public class RootTrustManager implements X509TrustManager {
     private final ApplicationConfig mConfig;
-    private static final X509Certificate[] EMPTY_ISSUERS = new X509Certificate[0];
 
     public RootTrustManager(ApplicationConfig config) {
         if (config == null) {
@@ -47,7 +46,10 @@ public class RootTrustManager implements X509TrustManager {
     @Override
     public void checkClientTrusted(X509Certificate[] chain, String authType)
             throws CertificateException {
-        throw new CertificateException("Client authentication not supported");
+        // Use the default configuration for all client authentication. Domain specific configs are
+        // only for use in checking server trust not client trust.
+        NetworkSecurityConfig config = mConfig.getConfigForHostname("");
+        config.getTrustManager().checkClientTrusted(chain, authType);
     }
 
     @Override
@@ -84,6 +86,10 @@ public class RootTrustManager implements X509TrustManager {
 
     @Override
     public X509Certificate[] getAcceptedIssuers() {
-        return EMPTY_ISSUERS;
+        // getAcceptedIssuers is meant to be used to determine which trust anchors the server will
+        // accept when verifying clients. Domain specific configs are only for use in checking
+        // server trust not client trust so use the default config.
+        NetworkSecurityConfig config = mConfig.getConfigForHostname("");
+        return config.getTrustManager().getAcceptedIssuers();
     }
 }
author	Chad Brubaker <cbrubaker@google.com>	2015-11-25 20:41:03 +0000
committer	android-build-merger <android-build-merger@google.com>	2015-11-25 20:41:03 +0000
commit	a4a6cf9b51e903087e2c7f77f2dcb814a0b43fb8 (patch)
tree	12852d3f9a5f3aa4b3d177196dc6d994653c329b
parent	4bc1904119875dd0e8c63f87106e8ab293cc9a7a (diff)
parent	8e19803a6a10ac44ca59cf15a2ae1f2eedb13cf8 (diff)