summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--core/java/android/security/net/config/NetworkSecurityTrustManager.java4
-rw-r--r--core/java/android/security/net/config/RootTrustManager.java12
2 files changed, 11 insertions, 5 deletions
diff --git a/core/java/android/security/net/config/NetworkSecurityTrustManager.java b/core/java/android/security/net/config/NetworkSecurityTrustManager.java
index 7f5b3ca27bf4..2b860fac45c1 100644
--- a/core/java/android/security/net/config/NetworkSecurityTrustManager.java
+++ b/core/java/android/security/net/config/NetworkSecurityTrustManager.java
@@ -65,7 +65,7 @@ public class NetworkSecurityTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
- throw new CertificateException("Client authentication not supported");
+ mDelegate.checkClientTrusted(chain, authType);
}
@Override
@@ -149,6 +149,6 @@ public class NetworkSecurityTrustManager implements X509TrustManager {
@Override
public X509Certificate[] getAcceptedIssuers() {
- return new X509Certificate[0];
+ return mDelegate.getAcceptedIssuers();
}
}
diff --git a/core/java/android/security/net/config/RootTrustManager.java b/core/java/android/security/net/config/RootTrustManager.java
index b87bf1fe0695..e307ad00275e 100644
--- a/core/java/android/security/net/config/RootTrustManager.java
+++ b/core/java/android/security/net/config/RootTrustManager.java
@@ -35,7 +35,6 @@ import javax.net.ssl.X509TrustManager;
* @hide */
public class RootTrustManager implements X509TrustManager {
private final ApplicationConfig mConfig;
- private static final X509Certificate[] EMPTY_ISSUERS = new X509Certificate[0];
public RootTrustManager(ApplicationConfig config) {
if (config == null) {
@@ -47,7 +46,10 @@ public class RootTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
- throw new CertificateException("Client authentication not supported");
+ // Use the default configuration for all client authentication. Domain specific configs are
+ // only for use in checking server trust not client trust.
+ NetworkSecurityConfig config = mConfig.getConfigForHostname("");
+ config.getTrustManager().checkClientTrusted(chain, authType);
}
@Override
@@ -84,6 +86,10 @@ public class RootTrustManager implements X509TrustManager {
@Override
public X509Certificate[] getAcceptedIssuers() {
- return EMPTY_ISSUERS;
+ // getAcceptedIssuers is meant to be used to determine which trust anchors the server will
+ // accept when verifying clients. Domain specific configs are only for use in checking
+ // server trust not client trust so use the default config.
+ NetworkSecurityConfig config = mConfig.getConfigForHostname("");
+ return config.getTrustManager().getAcceptedIssuers();
}
}
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-10-27 08:06:21 +0000