diff options
11 files changed, 70 insertions, 6 deletions
diff --git a/api/test-current.txt b/api/test-current.txt index 264b5eb4186e..3ac60babcdff 100644 --- a/api/test-current.txt +++ b/api/test-current.txt @@ -34341,6 +34341,7 @@ package android.security { public class NetworkSecurityPolicy { method public static android.security.NetworkSecurityPolicy getInstance(); + method public void handleTrustStorageUpdate(); method public boolean isCleartextTrafficPermitted(); method public boolean isCleartextTrafficPermitted(java.lang.String); } diff --git a/core/java/android/security/NetworkSecurityPolicy.java b/core/java/android/security/NetworkSecurityPolicy.java index 733a09260ada..9530acaea064 100644 --- a/core/java/android/security/NetworkSecurityPolicy.java +++ b/core/java/android/security/NetworkSecurityPolicy.java @@ -16,6 +16,7 @@ package android.security; +import android.annotation.TestApi; import android.content.Context; import android.content.pm.PackageManager; import android.security.net.config.ApplicationConfig; @@ -104,4 +105,13 @@ public class NetworkSecurityPolicy { ManifestConfigSource source = new ManifestConfigSource(appContext); return new ApplicationConfig(source); } + + /** + * Handle an update to the system or user certificate stores. + * @hide + */ + @TestApi + public void handleTrustStorageUpdate() { + ApplicationConfig.getDefaultInstance().handleTrustStorageUpdate(); + } } diff --git a/core/java/android/security/net/config/ApplicationConfig.java b/core/java/android/security/net/config/ApplicationConfig.java index 4de36cd2c0a9..fadea5682cdb 100644 --- a/core/java/android/security/net/config/ApplicationConfig.java +++ b/core/java/android/security/net/config/ApplicationConfig.java @@ -17,6 +17,7 @@ package android.security.net.config; import android.util.Pair; +import java.util.HashSet; import java.util.Locale; import java.util.Set; import javax.net.ssl.X509TrustManager; @@ -146,6 +147,20 @@ public final class ApplicationConfig { return getConfigForHostname(hostname).isCleartextTrafficPermitted(); } + public void handleTrustStorageUpdate() { + ensureInitialized(); + mDefaultConfig.handleTrustStorageUpdate(); + if (mConfigs != null) { + Set<NetworkSecurityConfig> updatedConfigs = + new HashSet<NetworkSecurityConfig>(mConfigs.size()); + for (Pair<Domain, NetworkSecurityConfig> entry : mConfigs) { + if (updatedConfigs.add(entry.second)) { + entry.second.handleTrustStorageUpdate(); + } + } + } + } + private void ensureInitialized() { synchronized(mLock) { if (mInitialized) { diff --git a/core/java/android/security/net/config/CertificateSource.java b/core/java/android/security/net/config/CertificateSource.java index f3272e478665..4bcc4051b30c 100644 --- a/core/java/android/security/net/config/CertificateSource.java +++ b/core/java/android/security/net/config/CertificateSource.java @@ -25,4 +25,5 @@ public interface CertificateSource { X509Certificate findBySubjectAndPublicKey(X509Certificate cert); X509Certificate findByIssuerAndSignature(X509Certificate cert); Set<X509Certificate> findAllByIssuerAndSignature(X509Certificate cert); + void handleTrustStorageUpdate(); } diff --git a/core/java/android/security/net/config/CertificatesEntryRef.java b/core/java/android/security/net/config/CertificatesEntryRef.java index 742d430a4e78..45cd0f011299 100644 --- a/core/java/android/security/net/config/CertificatesEntryRef.java +++ b/core/java/android/security/net/config/CertificatesEntryRef.java @@ -64,4 +64,8 @@ public final class CertificatesEntryRef { public Set<X509Certificate> findAllCertificatesByIssuerAndSignature(X509Certificate cert) { return mSource.findAllByIssuerAndSignature(cert); } + + public void handleTrustStorageUpdate() { + mSource.handleTrustStorageUpdate(); + } } diff --git a/core/java/android/security/net/config/DirectoryCertificateSource.java b/core/java/android/security/net/config/DirectoryCertificateSource.java index b2c068cb4516..e3c9d659c91b 100644 --- a/core/java/android/security/net/config/DirectoryCertificateSource.java +++ b/core/java/android/security/net/config/DirectoryCertificateSource.java @@ -126,6 +126,13 @@ abstract class DirectoryCertificateSource implements CertificateSource { }); } + @Override + public void handleTrustStorageUpdate() { + synchronized (mLock) { + mCertificates = null; + } + } + private static interface CertSelector { boolean match(X509Certificate cert); } diff --git a/core/java/android/security/net/config/KeyStoreCertificateSource.java b/core/java/android/security/net/config/KeyStoreCertificateSource.java index ba5dd8396024..c68f3850e8f4 100644 --- a/core/java/android/security/net/config/KeyStoreCertificateSource.java +++ b/core/java/android/security/net/config/KeyStoreCertificateSource.java @@ -105,4 +105,9 @@ class KeyStoreCertificateSource implements CertificateSource { } return certs; } + + @Override + public void handleTrustStorageUpdate() { + // Nothing to do. + } } diff --git a/core/java/android/security/net/config/NetworkSecurityConfig.java b/core/java/android/security/net/config/NetworkSecurityConfig.java index 6d6a92a5b308..b3a37d04c3e5 100644 --- a/core/java/android/security/net/config/NetworkSecurityConfig.java +++ b/core/java/android/security/net/config/NetworkSecurityConfig.java @@ -117,12 +117,6 @@ public final class NetworkSecurityConfig { } } - void onTrustStoreChange() { - synchronized (mAnchorsLock) { - mAnchors = null; - } - } - /** @hide */ public TrustAnchor findTrustAnchorBySubjectAndPublicKey(X509Certificate cert) { for (CertificatesEntryRef ref : mCertificatesEntryRefs) { @@ -154,6 +148,16 @@ public final class NetworkSecurityConfig { return certs; } + public void handleTrustStorageUpdate() { + synchronized (mAnchorsLock) { + mAnchors = null; + for (CertificatesEntryRef ref : mCertificatesEntryRefs) { + ref.handleTrustStorageUpdate(); + } + } + getTrustManager().handleTrustStorageUpdate(); + } + /** * Return a {@link Builder} for the default {@code NetworkSecurityConfig}. * diff --git a/core/java/android/security/net/config/NetworkSecurityTrustManager.java b/core/java/android/security/net/config/NetworkSecurityTrustManager.java index 81cad79bd05e..f2c718cde1b1 100644 --- a/core/java/android/security/net/config/NetworkSecurityTrustManager.java +++ b/core/java/android/security/net/config/NetworkSecurityTrustManager.java @@ -157,4 +157,11 @@ public class NetworkSecurityTrustManager implements X509TrustManager { return mIssuers.clone(); } } + + public void handleTrustStorageUpdate() { + synchronized (mIssuersLock) { + mIssuers = null; + mDelegate.handleTrustStorageUpdate(); + } + } } diff --git a/core/java/android/security/net/config/ResourceCertificateSource.java b/core/java/android/security/net/config/ResourceCertificateSource.java index 22fbee2feab3..78669c51f76c 100644 --- a/core/java/android/security/net/config/ResourceCertificateSource.java +++ b/core/java/android/security/net/config/ResourceCertificateSource.java @@ -115,4 +115,9 @@ public class ResourceCertificateSource implements CertificateSource { } return certs; } + + @Override + public void handleTrustStorageUpdate() { + // Nothing to do, resource sources never change. + } } diff --git a/tests/NetworkSecurityConfigTest/src/android/security/net/config/TestCertificateSource.java b/tests/NetworkSecurityConfigTest/src/android/security/net/config/TestCertificateSource.java index 4c12c2d5da7c..0412bc74df6e 100644 --- a/tests/NetworkSecurityConfigTest/src/android/security/net/config/TestCertificateSource.java +++ b/tests/NetworkSecurityConfigTest/src/android/security/net/config/TestCertificateSource.java @@ -65,4 +65,9 @@ public class TestCertificateSource implements CertificateSource { } return certs; } + + @Override + public void handleTrustStorageUpdate() { + // Nothing to do. + } } |