• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.security.net.config;
18 
19 import android.os.Environment;
20 import android.os.UserHandle;
21 
22 import com.android.internal.util.ArrayUtils;
23 
24 import java.io.File;
25 
26 /**
27  * {@link CertificateSource} based on the system trusted CA store.
28  * @hide
29  */
30 public final class SystemCertificateSource extends DirectoryCertificateSource {
31     private static class NoPreloadHolder {
32         private static final SystemCertificateSource INSTANCE = new SystemCertificateSource();
33     }
34 
35     private final File mUserRemovedCaDir;
36 
SystemCertificateSource()37     private SystemCertificateSource() {
38         super(getDirectory());
39         File configDir = Environment.getUserConfigDirectory(UserHandle.myUserId());
40         mUserRemovedCaDir = new File(configDir, "cacerts-removed");
41     }
42 
getDirectory()43     private static File getDirectory() {
44         if ((System.getProperty("system.certs.enabled") != null)
45                 && (System.getProperty("system.certs.enabled")).equals("true")) {
46             return new File(System.getenv("ANDROID_ROOT") + "/etc/security/cacerts");
47         }
48         File updatable_dir = new File("/apex/com.android.conscrypt/cacerts");
49         if (updatable_dir.exists()
50                 && !(ArrayUtils.isEmpty(updatable_dir.list()))) {
51             return updatable_dir;
52         }
53         return new File(System.getenv("ANDROID_ROOT") + "/etc/security/cacerts");
54     }
55 
getInstance()56     public static SystemCertificateSource getInstance() {
57         return NoPreloadHolder.INSTANCE;
58     }
59 
60     @Override
isCertMarkedAsRemoved(String caFile)61     protected boolean isCertMarkedAsRemoved(String caFile) {
62         return new File(mUserRemovedCaDir, caFile).exists();
63     }
64 }
65