diff options
| author | Pete Bentley <prb@google.com> | 2020-01-09 17:44:09 +0000 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2020-01-09 17:44:09 +0000 |
| commit | 3979b1a663c29c36c99b0d39564a855847f4150f (patch) | |
| tree | da2c39c64d1ccd8a1d49f5b50121da950d4ad596 | |
| parent | 594d10817ca86ebb5df2f3e409b4f0b7787b03db (diff) | |
| parent | 6f0f8c1cee6a629ded601c6ff08b8461d50acb1e (diff) | |
Merge "Add a Core Platform API to change the default hostname verifier."
| -rw-r--r-- | mmodules/core_platform_api/api/platform/current-api.txt | 8 | ||||
| -rw-r--r-- | ojluni/src/main/java/javax/net/ssl/HttpsURLConnection.java | 29 |
2 files changed, 36 insertions, 1 deletions
diff --git a/mmodules/core_platform_api/api/platform/current-api.txt b/mmodules/core_platform_api/api/platform/current-api.txt index 28231569cb..9d67dc6ab5 100644 --- a/mmodules/core_platform_api/api/platform/current-api.txt +++ b/mmodules/core_platform_api/api/platform/current-api.txt @@ -925,6 +925,14 @@ package javax.crypto { } +package javax.net.ssl { + + public abstract class HttpsURLConnection extends java.net.HttpURLConnection { + method public static javax.net.ssl.HostnameVerifier getStrictHostnameVerifier(); + } + +} + package libcore.content.type { public final class MimeMap { diff --git a/ojluni/src/main/java/javax/net/ssl/HttpsURLConnection.java b/ojluni/src/main/java/javax/net/ssl/HttpsURLConnection.java index b71d11a335..c3e3c304db 100644 --- a/ojluni/src/main/java/javax/net/ssl/HttpsURLConnection.java +++ b/ojluni/src/main/java/javax/net/ssl/HttpsURLConnection.java @@ -30,6 +30,7 @@ import java.net.URL; import java.net.HttpURLConnection; import java.security.Principal; import java.security.cert.X509Certificate; +import libcore.api.CorePlatformApi; /** * <code>HttpsURLConnection</code> extends <code>HttpURLConnection</code> @@ -186,6 +187,8 @@ class HttpsURLConnection extends HttpURLConnection * Holds the default instance so class preloading doesn't create an instance of * it. */ + private static final String OK_HOSTNAME_VERIFIER_CLASS + = "com.android.okhttp.internal.tls.OkHostnameVerifier"; private static class NoPreloadHolder { public static HostnameVerifier defaultHostnameVerifier; static { @@ -197,7 +200,7 @@ class HttpsURLConnection extends HttpURLConnection * the server name from the certificate mismatch. */ defaultHostnameVerifier = (HostnameVerifier) - Class.forName("com.android.okhttp.internal.tls.OkHostnameVerifier") + Class.forName(OK_HOSTNAME_VERIFIER_CLASS) .getField("INSTANCE").get(null); } catch (Exception e) { throw new AssertionError("Failed to obtain okhttp HostnameVerifier", e); @@ -319,6 +322,30 @@ class HttpsURLConnection extends HttpURLConnection hostnameVerifier = v; } + // BEGIN Android-added: Core platform API to obtain a strict hostname verifier + /** + * Obtains a stricter <code>HostnameVerifier</code>. + * + * The <code>HostnameVerifier</code> returned by this method will reject certificates + * with wildcards for top-level domains such "*.com". + * + * @see com.squareup.okhttp.internal.tls.OkHostnameVerifier + * + * @hide + */ + @CorePlatformApi + public static HostnameVerifier getStrictHostnameVerifier() { + try { + return (HostnameVerifier) Class + .forName(OK_HOSTNAME_VERIFIER_CLASS) + .getMethod("strictInstance") + .invoke(null); + } catch (Exception e) { + return null; + } + } + // END Android-added: Core platform API to obtain a strict hostname verifier + /** * Gets the <code>HostnameVerifier</code> in place on this instance. * |