diff options
-rw-r--r-- | core/java/android/net/http/CertificateChainValidator.java | 16 | ||||
-rw-r--r-- | core/java/android/webkit/WebView.java | 37 | ||||
-rw-r--r-- | core/java/android/webkit/WebViewCore.java | 11 | ||||
-rw-r--r-- | keystore/java/android/security/KeyChain.java | 18 |
4 files changed, 80 insertions, 2 deletions
diff --git a/core/java/android/net/http/CertificateChainValidator.java b/core/java/android/net/http/CertificateChainValidator.java index f94d320..06c6c6e 100644 --- a/core/java/android/net/http/CertificateChainValidator.java +++ b/core/java/android/net/http/CertificateChainValidator.java @@ -25,15 +25,17 @@ import javax.net.ssl.DefaultHostnameVerifier; import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; +import javax.net.ssl.X509TrustManager; import org.apache.harmony.security.provider.cert.X509CertImpl; import org.apache.harmony.xnet.provider.jsse.SSLParametersImpl; +import org.apache.harmony.xnet.provider.jsse.TrustManagerImpl; /** * Class responsible for all server certificate validation functionality * * {@hide} */ -class CertificateChainValidator { +public class CertificateChainValidator { /** * The singleton instance of the certificate chain validator @@ -122,6 +124,18 @@ class CertificateChainValidator { } /** + * Handles updates to credential storage. + */ + public static void handleTrustStorageUpdate() { + + X509TrustManager x509TrustManager = SSLParametersImpl.getDefaultTrustManager(); + if( x509TrustManager instanceof TrustManagerImpl ) { + TrustManagerImpl trustManager = (TrustManagerImpl) x509TrustManager; + trustManager.handleTrustStorageUpdate(); + } + } + + /** * Common code of doHandshakeAndValidateServerCertificates and verifyServerCertificates. * Calls DomainNamevalidator to verify the domain, and TrustManager to verify the certs. * @param chain the cert chain in X509 cert format. diff --git a/core/java/android/webkit/WebView.java b/core/java/android/webkit/WebView.java index 9cd51d0..e0f4f59 100644 --- a/core/java/android/webkit/WebView.java +++ b/core/java/android/webkit/WebView.java @@ -59,6 +59,7 @@ import android.os.Message; import android.os.StrictMode; import android.os.SystemClock; import android.provider.Settings; +import android.security.KeyChain; import android.speech.tts.TextToSpeech; import android.text.Editable; import android.text.InputType; @@ -1303,6 +1304,7 @@ public class WebView extends AbsoluteLayout init(); setupPackageListener(context); setupProxyListener(context); + setupTrustStorageListener(context); updateMultiTouchSupport(context); if (privateBrowsing) { @@ -1312,6 +1314,41 @@ public class WebView extends AbsoluteLayout mAutoFillData = new WebViewCore.AutoFillData(); } + private static class TrustStorageListener extends BroadcastReceiver { + @Override + public void onReceive(Context context, Intent intent) { + if (intent.getAction().equals(KeyChain.ACTION_STORAGE_CHANGED)) { + handleCertTrustChanged(); + } + } + } + private static TrustStorageListener sTrustStorageListener; + + /** + * Handles update to the trust storage. + */ + private static void handleCertTrustChanged() { + // send a message for indicating trust storage change + WebViewCore.sendStaticMessage(EventHub.TRUST_STORAGE_UPDATED, null); + } + + /* + * @param context This method expects this to be a valid context. + */ + private static void setupTrustStorageListener(Context context) { + if (sTrustStorageListener != null ) { + return; + } + IntentFilter filter = new IntentFilter(); + filter.addAction(KeyChain.ACTION_STORAGE_CHANGED); + sTrustStorageListener = new TrustStorageListener(); + Intent current = + context.getApplicationContext().registerReceiver(sTrustStorageListener, filter); + if (current != null) { + handleCertTrustChanged(); + } + } + private static class ProxyReceiver extends BroadcastReceiver { @Override public void onReceive(Context context, Intent intent) { diff --git a/core/java/android/webkit/WebViewCore.java b/core/java/android/webkit/WebViewCore.java index 14ecfbd..b6c5612 100644 --- a/core/java/android/webkit/WebViewCore.java +++ b/core/java/android/webkit/WebViewCore.java @@ -26,6 +26,7 @@ import android.graphics.Region; import android.media.MediaFile; import android.net.ProxyProperties; import android.net.Uri; +import android.net.http.CertificateChainValidator; import android.os.Bundle; import android.os.Handler; import android.os.Looper; @@ -775,6 +776,11 @@ public final class WebViewCore { Message m = (Message)msg.obj; m.sendToTarget(); break; + case EventHub.TRUST_STORAGE_UPDATED: + // post a task to network thread for updating trust manager + nativeCertTrustChanged(); + CertificateChainValidator.handleTrustStorageUpdate(); + break; } } }; @@ -1133,6 +1139,9 @@ public final class WebViewCore { static final int SELECT_WORD_AT = 214; static final int SELECT_ALL = 215; + // for updating state on trust storage change + static final int TRUST_STORAGE_UPDATED = 220; + // Private handler for WebCore messages. private Handler mHandler; // Message queue for containing messages before the WebCore thread is @@ -3082,4 +3091,6 @@ public final class WebViewCore { private native void nativeClearTextSelection(int nativeClass); private native void nativeSelectWordAt(int nativeClass, int x, int y); private native void nativeSelectAll(int nativeClass); + + private static native void nativeCertTrustChanged(); } diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java index db6388a..0fe7bd8 100644 --- a/keystore/java/android/security/KeyChain.java +++ b/keystore/java/android/security/KeyChain.java @@ -124,7 +124,7 @@ public final class KeyChain { public static final String EXTRA_SENDER = "sender"; /** - * Action to bring up the CertInstaller + * Action to bring up the CertInstaller. */ private static final String ACTION_INSTALL = "android.credentials.INSTALL"; @@ -167,6 +167,22 @@ public final class KeyChain { // Compatible with old android.security.Credentials.PKCS12 public static final String EXTRA_PKCS12 = "PKCS12"; + + /** + * @hide TODO This is temporary and will be removed + * Broadcast Action: Indicates the trusted storage has changed. Sent when + * one of this happens: + * + * <ul> + * <li>a new CA is added, + * <li>an existing CA is removed or disabled, + * <li>a disabled CA is enabled, + * <li>trusted storage is reset (all user certs are cleared), + * <li>when permission to access a private key is changed. + * </ul> + */ + public static final String ACTION_STORAGE_CHANGED = "android.security.STORAGE_CHANGED"; + /** * Returns an {@code Intent} that can be used for credential * installation. The intent may be used without any extras, in |