• Home
• com.squareup.okhttp
• okhttp
• 2.7.5
• source code
• AndroidTrustRootIndex.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.squareup.okhttp.internal.tls.AndroidTrustRootIndex Maven / Gradle / Ivy

/*
 * Copyright (C) 2016 Square, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.squareup.okhttp.internal.tls;

import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;

/**
 * A index of trusted root certificates that exploits knowledge of Android implementation details.
 * This class is potentially much faster to initialize than {@link RealTrustRootIndex} because
 * it doesn't need to load and index trusted CA certificates.
 */
public final class AndroidTrustRootIndex implements TrustRootIndex {
  private final X509TrustManager trustManager;
  private final Method findByIssuerAndSignatureMethod;

  public AndroidTrustRootIndex(
      X509TrustManager trustManager, Method findByIssuerAndSignatureMethod) {
    this.findByIssuerAndSignatureMethod = findByIssuerAndSignatureMethod;
    this.trustManager = trustManager;
  }

  @Override public X509Certificate findByIssuerAndSignature(X509Certificate cert) {
    try {
      TrustAnchor trustAnchor = (TrustAnchor) findByIssuerAndSignatureMethod.invoke(
          trustManager, cert);
      return trustAnchor != null
          ? trustAnchor.getTrustedCert()
          : null;
    } catch (IllegalAccessException e) {
      throw new AssertionError();
    } catch (InvocationTargetException e) {
      return null;
    }
  }

  public static TrustRootIndex get(X509TrustManager trustManager) {
    // From org.conscrypt.TrustManagerImpl, we want the method with this signature:
    // private TrustAnchor findTrustAnchorByIssuerAndSignature(X509Certificate lastCert);
    try {
      Method method = trustManager.getClass().getDeclaredMethod(
          "findTrustAnchorByIssuerAndSignature", X509Certificate.class);
      method.setAccessible(true);
      return new AndroidTrustRootIndex(trustManager, method);
    } catch (NoSuchMethodException e) {
      return null;
    }
  }
}