From efb4f91bdbbd274a120f100337e802e39582fd80 Mon Sep 17 00:00:00 2001 From: Chad Brubaker Date: Tue, 16 Feb 2016 14:35:41 -0800 Subject: Fix getAcceptedIssuers Delegating to the TrustManagerImpl doesn't work correctly with getAcceptedIssuers, do it in NetworkSecurityTrustManager instead. Bug: 27124116 Change-Id: Ie527d63aaa115e6137396e07c7d134b1c42bfe87 --- .../net/config/NetworkSecurityTrustManager.java | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/core/java/android/security/net/config/NetworkSecurityTrustManager.java b/core/java/android/security/net/config/NetworkSecurityTrustManager.java index 982ed68f13da..81cad79bd05e 100644 --- a/core/java/android/security/net/config/NetworkSecurityTrustManager.java +++ b/core/java/android/security/net/config/NetworkSecurityTrustManager.java @@ -40,6 +40,9 @@ public class NetworkSecurityTrustManager implements X509TrustManager { // TODO: Replace this with a general X509TrustManager and use duck-typing. private final TrustManagerImpl mDelegate; private final NetworkSecurityConfig mNetworkSecurityConfig; + private final Object mIssuersLock = new Object(); + + private X509Certificate[] mIssuers; public NetworkSecurityTrustManager(NetworkSecurityConfig config) { if (config == null) { @@ -139,6 +142,19 @@ public class NetworkSecurityTrustManager implements X509TrustManager { @Override public X509Certificate[] getAcceptedIssuers() { - return mDelegate.getAcceptedIssuers(); + // TrustManagerImpl only looks at the provided KeyStore and not the TrustedCertificateStore + // for getAcceptedIssuers, so implement it here instead of delegating. + synchronized (mIssuersLock) { + if (mIssuers == null) { + Set anchors = mNetworkSecurityConfig.getTrustAnchors(); + X509Certificate[] issuers = new X509Certificate[anchors.size()]; + int i = 0; + for (TrustAnchor anchor : anchors) { + issuers[i++] = anchor.certificate; + } + mIssuers = issuers; + } + return mIssuers.clone(); + } } } -- cgit v1.2.3-59-g8ed1b