diff options
author | Alex Klyubin <klyubin@google.com> | 2015-03-30 17:14:00 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2015-03-30 17:14:00 +0000 |
commit | b0d403dddd05fb25d876b9dd48eb455d4edefc3f (patch) | |
tree | b519237fd8f1bd188d7eef9ad69f58cc2bfc94fc | |
parent | 30a19d9afc3a0dc99c8cce51c630939a2a76a743 (diff) | |
parent | aa83190cb650e9b714f2b980aa29ece8f86d587a (diff) | |
download | android_external_apache-http-b0d403dddd05fb25d876b9dd48eb455d4edefc3f.tar.gz android_external_apache-http-b0d403dddd05fb25d876b9dd48eb455d4edefc3f.tar.bz2 android_external_apache-http-b0d403dddd05fb25d876b9dd48eb455d4edefc3f.zip |
am aa83190c: Merge "Honor NetworkSecurityPolicy regarding cleartext traffic."
* commit 'aa83190cb650e9b714f2b980aa29ece8f86d587a':
Honor NetworkSecurityPolicy regarding cleartext traffic.
-rw-r--r-- | src/org/apache/http/impl/client/DefaultRequestDirector.java | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/src/org/apache/http/impl/client/DefaultRequestDirector.java b/src/org/apache/http/impl/client/DefaultRequestDirector.java index 9aafa85..6f9dcd0 100644 --- a/src/org/apache/http/impl/client/DefaultRequestDirector.java +++ b/src/org/apache/http/impl/client/DefaultRequestDirector.java @@ -33,6 +33,7 @@ package org.apache.http.impl.client; import java.io.IOException; import java.io.InterruptedIOException; +import java.lang.reflect.Method; import java.net.URI; import java.net.URISyntaxException; import java.util.Locale; @@ -430,6 +431,12 @@ public class DefaultRequestDirector implements RequestDirector { if (this.log.isDebugEnabled()) { this.log.debug("Attempt " + execCount + " to execute request"); } + // BEGIN android-added + if ((!route.isSecure()) && (!isCleartextTrafficPermitted())) { + throw new IOException( + "Cleartext traffic not permitted: " + route.getTargetHost()); + } + // END android-added response = requestExec.execute(wrapper, managedConn, context); retrying = false; @@ -1121,4 +1128,40 @@ public class DefaultRequestDirector implements RequestDirector { authState.setCredentials(creds); } + // BEGIN android-added + /** Cached instance of android.security.NetworkSecurityPolicy. */ + private static Object networkSecurityPolicy; + + /** Cached android.security.NetworkSecurityPolicy.isCleartextTrafficPermitted method. */ + private static Method cleartextTrafficPermittedMethod; + + private static boolean isCleartextTrafficPermitted() { + // TODO: Remove this method once NetworkSecurityPolicy can be accessed without Reflection. + // This method invokes NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted + // via Reflection API. + // Because of the way external/apache-http is built, in the near term it can't invoke new + // Android framework API directly. + try { + Object policy; + Method method; + synchronized (DefaultRequestDirector.class) { + if (cleartextTrafficPermittedMethod == null) { + Class<?> cls = Class.forName("android.security.NetworkSecurityPolicy"); + Method getInstanceMethod = cls.getMethod("getInstance"); + networkSecurityPolicy = getInstanceMethod.invoke(null); + cleartextTrafficPermittedMethod = cls.getMethod("isCleartextTrafficPermitted"); + } + policy = networkSecurityPolicy; + method = cleartextTrafficPermittedMethod; + } + return (Boolean) method.invoke(policy); + } catch (ReflectiveOperationException e) { + // Can't access the Android framework NetworkSecurityPolicy. To be backward compatible, + // assume that cleartext traffic is permitted. Android CTS will take care of ensuring + // this issue doesn't occur on new Android platforms. + return true; + } + } + // END android-added + } // class DefaultClientRequestDirector |