summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Chad Brubaker <cbrubaker@google.com> 2015-11-17 18:57:06 +0000
committer android-build-merger <android-build-merger@google.com> 2015-11-17 18:57:06 +0000
commite2caaea951e62a21bb1d30450e8085f3286ea538 (patch)
tree71006988c1d63f19575c6132810c6960dc0a91af
parentbe1a3f8b66d69427ae801b4a56f872da3328ec51 (diff)
parent690b5f6c0a0820411d72235b11f75e1c87b24031 (diff)
Merge "Dedupe trust anchors"
am: 690b5f6c0a * commit '690b5f6c0a0820411d72235b11f75e1c87b24031': Dedupe trust anchors
Diffstat
-rw-r--r--core/java/android/security/net/config/NetworkSecurityConfig.java21
1 files changed, 18 insertions, 3 deletions
diff --git a/core/java/android/security/net/config/NetworkSecurityConfig.java b/core/java/android/security/net/config/NetworkSecurityConfig.java
index 8906f9b670d4..9eab80ca0771 100644
--- a/core/java/android/security/net/config/NetworkSecurityConfig.java
+++ b/core/java/android/security/net/config/NetworkSecurityConfig.java
@@ -16,11 +16,14 @@
package android.security.net.config;
+import android.util.ArrayMap;
import android.util.ArraySet;
+import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
+import java.util.Map;
import java.util.Set;
import javax.net.ssl.X509TrustManager;
@@ -57,12 +60,24 @@ public final class NetworkSecurityConfig {
if (mAnchors != null) {
return mAnchors;
}
- Set<TrustAnchor> anchors = new ArraySet<TrustAnchor>();
+ // Merge trust anchors based on the X509Certificate.
+ // If we see the same certificate in two TrustAnchors, one with overridesPins and one
+ // without, the one with overridesPins wins.
+ Map<X509Certificate, TrustAnchor> anchorMap = new ArrayMap<>();
for (CertificatesEntryRef ref : mCertificatesEntryRefs) {
- anchors.addAll(ref.getTrustAnchors());
+ Set<TrustAnchor> anchors = ref.getTrustAnchors();
+ for (TrustAnchor anchor : anchors) {
+ if (anchor.overridesPins) {
+ anchorMap.put(anchor.certificate, anchor);
+ } else if (!anchorMap.containsKey(anchor.certificate)) {
+ anchorMap.put(anchor.certificate, anchor);
+ }
+ }
}
+ ArraySet<TrustAnchor> anchors = new ArraySet<TrustAnchor>(anchorMap.size());
+ anchors.addAll(anchorMap.values());
mAnchors = anchors;
- return anchors;
+ return mAnchors;
}
}
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-11-01 23:40:14 +0000