Upstream X509Util and AndroidNetworkLibrary refactoring.

BUG=142348

Review URL: https://chromiumcodereview.appspot.com/10824337

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@152636 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 123 insertions, 89 deletions

diff --git a/net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java b/net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java
index 6f271dd..ef8fa03 100644
--- a/net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java
+++ b/net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java
@@ -12,28 +12,24 @@ import android.util.Log;
 import org.chromium.base.CalledByNative;
 import org.chromium.base.CalledByNativeUnchecked;
 
-import java.io.ByteArrayInputStream;
 import java.net.NetworkInterface;
 import java.net.SocketException;
 import java.net.URLConnection;
-import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.concurrent.atomic.AtomicReference;
 import java.util.Enumeration;
 
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509TrustManager;
-
-// This class implements net utilities required by the net component.
+/**
+ * This class implements net utilities required by the net component.
+ */
 class AndroidNetworkLibrary {
-    private static final String TAG = "AndroidNetworkLibrary";
 
-    // Stores the key pair into the CertInstaller application.
+    private static final String TAG = AndroidNetworkLibrary.class.getName();
+
+    /**
+     * Stores the key pair into the CertInstaller application.
+     */
     @CalledByNative
     static public boolean storeKeyPair(Context context, byte[] public_key, byte[] private_key) {
         // This is based on android.security.Credentials.install()
@@ -54,16 +50,20 @@ class AndroidNetworkLibrary {
         return false;
     }
 
-    // Get the mime type (if any) that is associated with the file extension.
-    // Returns null if no corresponding mime type exists.
+    /**
+     * @return the mime type (if any) that is associated with the file
+     *         extension. Returns null if no corresponding mime type exists.
+     */
     @CalledByNative
     static public String getMimeTypeFromExtension(String extension) {
         return URLConnection.guessContentTypeFromName("foo." + extension);
     }
 
-    // Returns true if it can determine that only loopback addresses are configured.
-    // i.e. if only 127.0.0.1 and ::1 are routable.
-    // Also returns false if it cannot determine this.
+    /**
+     * @return true if it can determine that only loopback addresses are
+     *         configured. i.e. if only 127.0.0.1 and ::1 are routable. Also
+     *         returns false if it cannot determine this.
+     */
     @CalledByNative
     static public boolean haveOnlyLoopbackAddresses() {
         Enumeration<NetworkInterface> list = null;
@@ -88,85 +88,18 @@ class AndroidNetworkLibrary {
 
     /**
      * Validate the server's certificate chain is trusted.
+     *
      * @param certChain The ASN.1 DER encoded bytes for certificates.
      * @param authType The key exchange algorithm name (e.g. RSA)
      * @return true if the server is trusted
-     * @throws CertificateException,KeyStoreException,NoSuchAlgorithmException on error
-     * initializing the TrustManager or reading the certChain
+     * @throws CertificateException,KeyStoreException,NoSuchAlgorithmException
+     *             on error initializing the TrustManager or reading the
+     *             certChain
      */
     @CalledByNativeUnchecked
     public static boolean verifyServerCertificates(byte[][] certChain, String authType)
             throws CertificateException, KeyStoreException, NoSuchAlgorithmException {
-        if (certChain == null || certChain.length == 0 || certChain[0] == null) {
-            throw new IllegalArgumentException("Expected non-null and non-empty certificate " +
-                                               "chain passed as |certChain|. |certChain|=" +
-                                               certChain);
-        }
-
-        ensureInitialized();
-        X509Certificate[] serverCertificates = new X509Certificate[certChain.length];
-        for (int i = 0; i < certChain.length; ++i) {
-            serverCertificates[i] =
-                (X509Certificate) sCertificateFactory.get().generateCertificate(
-                        new ByteArrayInputStream(certChain[i]));
-        }
-
-        try {
-            sDefaultTrustManager.get().checkServerTrusted(serverCertificates, authType);
-            return true;
-        } catch (CertificateException e) {
-            Log.i(TAG, "failed to validate the certificate chain, error: " +
-                    e.getMessage());
-        }
-        return false;
+        return X509Util.verifyServerCertificates(certChain, authType);
     }
 
-    // Default sources of authentication trust decisions and certificate object creation.
-    private static AtomicReference<X509TrustManager> sDefaultTrustManager =
-        new AtomicReference<X509TrustManager>();
-    private static AtomicReference<CertificateFactory> sCertificateFactory =
-        new AtomicReference<CertificateFactory>();
-
-    /**
-     * Ensures that |sDefaultTrustManager| and |sCertificateFactory| are initialized.
-     *
-     * @throws CertificateException,KeyStoreException,NoSuchAlgorithmException on error initializing
-     * the TrustManager.
-     */
-    private static void ensureInitialized()
-            throws CertificateException, KeyStoreException, NoSuchAlgorithmException {
-        // There could be a begin race creating two instances of these objects, which
-        // is harmless save for a bit of wasted effort.
-        if (sDefaultTrustManager.get() == null) {
-            sDefaultTrustManager.compareAndSet(null, createDefaultTrustManager());
-        }
-        if (sCertificateFactory.get() == null) {
-            sCertificateFactory.compareAndSet(null, CertificateFactory.getInstance("X.509"));
-        }
-    }
-
-    /*
-     * Creates a TrustManagerFactory and returns the X509TrustManager instance if one can be found.
-     *
-     * @throws CertificateException,KeyStoreException,NoSuchAlgorithmException on error initializing
-     * the TrustManager.
-     */
-    private static X509TrustManager createDefaultTrustManager()
-            throws KeyStoreException, NoSuchAlgorithmException {
-        String algorithm = TrustManagerFactory.getDefaultAlgorithm();
-        TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
-        tmf.init((KeyStore) null);
-        TrustManager[] tms = tmf.getTrustManagers();
-        X509TrustManager trustManager = findX509TrustManager(tms);
-        return trustManager;
-    }
-
-    private static X509TrustManager findX509TrustManager(TrustManager[] tms) {
-        for (TrustManager tm : tms) {
-            if (tm instanceof X509TrustManager) {
-                return (X509TrustManager)tm;
-            }
-        }
-        return null;
-    }
 }
diff --git a/net/android/java/src/org/chromium/net/X509Util.java b/net/android/java/src/org/chromium/net/X509Util.java
new file mode 100644
index 0000000..0c43b29
--- /dev/null
+++ b/net/android/java/src/org/chromium/net/X509Util.java
@@ -0,0 +1,101 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+package org.chromium.net;
+
+import android.util.Log;
+
+import java.io.ByteArrayInputStream;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
+public class X509Util {
+
+    private static final String TAG = X509Util.class.getName();
+
+    private static CertificateFactory sCertificateFactory;
+
+    /**
+     * Default sources of authentication trust decisions and certificate object
+     * creation.
+     */
+    private static X509TrustManager sDefaultTrustManager;
+
+    /**
+     * Ensures that |sCertificateFactory| and |sDefaultTrustManager| are
+     * initialized.
+     */
+    private static synchronized void ensureInitialized() throws CertificateException,
+            KeyStoreException, NoSuchAlgorithmException {
+        if (sCertificateFactory == null) {
+            sCertificateFactory = CertificateFactory.getInstance("X.509");
+        }
+        if (sDefaultTrustManager == null) {
+            sDefaultTrustManager = X509Util.createDefaultTrustManager();
+        }
+    }
+
+    /**
+     * Creates a TrustManagerFactory and returns the X509TrustManager instance
+     * if one can be found.
+     *
+     * @throws CertificateException,KeyStoreException,NoSuchAlgorithmException
+     *             on error initializing the TrustManager.
+     */
+    private static X509TrustManager createDefaultTrustManager()
+            throws KeyStoreException, NoSuchAlgorithmException {
+        String algorithm = TrustManagerFactory.getDefaultAlgorithm();
+        TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
+        tmf.init((KeyStore) null);
+
+        for (TrustManager tm : tmf.getTrustManagers()) {
+            if (tm instanceof X509TrustManager) {
+                return (X509TrustManager) tm;
+            }
+        }
+        return null;
+    }
+
+    /**
+     * Convert a DER encoded certificate to an X509Certificate
+     */
+    public static X509Certificate createCertificateFromBytes(byte[] derBytes) throws
+            CertificateException, KeyStoreException, NoSuchAlgorithmException {
+        ensureInitialized();
+        return (X509Certificate) sCertificateFactory.generateCertificate(
+                new ByteArrayInputStream(derBytes));
+    }
+
+    public static boolean verifyServerCertificates(byte[][] certChain, String authType)
+            throws CertificateException, KeyStoreException, NoSuchAlgorithmException {
+        if (certChain == null || certChain.length == 0 || certChain[0] == null) {
+            throw new IllegalArgumentException("Expected non-null and non-empty certificate " +
+                    "chain passed as |certChain|. |certChain|=" + certChain);
+        }
+
+        ensureInitialized();
+        X509Certificate[] serverCertificates = new X509Certificate[certChain.length];
+        for (int i = 0; i < certChain.length; ++i) {
+            serverCertificates[i] = createCertificateFromBytes(certChain[i]);
+        }
+
+        try {
+            sDefaultTrustManager.checkServerTrusted(serverCertificates, authType);
+            return true;
+        } catch (CertificateException e) {
+            Log.i(TAG, "failed to validate the certificate chain, error: " +
+                    e.getMessage());
+        }
+        return false;
+    }
+
+}