1 /*
2  * Copyright (C) 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.security.net.config;
18 
19 import android.os.Environment;
20 import android.os.UserHandle;
21 
22 import java.io.File;
23 
24 /**
25  * {@link CertificateSource} based on the system trusted CA store.
26  * @hide
27  */
28 public final class SystemCertificateSource extends DirectoryCertificateSource {
29     private static class NoPreloadHolder {
30         private static final SystemCertificateSource INSTANCE = new SystemCertificateSource();
31     }
32 
33     private final File mUserRemovedCaDir;
34 
SystemCertificateSource()35     private SystemCertificateSource() {
36         super(getDirectory());
37         File configDir = Environment.getUserConfigDirectory(UserHandle.myUserId());
38         mUserRemovedCaDir = new File(configDir, "cacerts-removed");
39     }
40 
getDirectory()41     private static File getDirectory() {
42         if ((System.getProperty("system.certs.enabled") != null)
43                 && (System.getProperty("system.certs.enabled")).equals("true")) {
44             return new File(System.getenv("ANDROID_ROOT") + "/etc/security/cacerts");
45         }
46         File updatable_dir = new File("/apex/com.android.conscrypt/cacerts");
47         if (updatable_dir.exists()
48                 && !(updatable_dir.list().length == 0)) {
49             return updatable_dir;
50         }
51         return new File(System.getenv("ANDROID_ROOT") + "/etc/security/cacerts");
52     }
53 
getInstance()54     public static SystemCertificateSource getInstance() {
55         return NoPreloadHolder.INSTANCE;
56     }
57 
58     @Override
isCertMarkedAsRemoved(String caFile)59     protected boolean isCertMarkedAsRemoved(String caFile) {
60         return new File(mUserRemovedCaDir, caFile).exists();
61     }
62 }
63