Change public API to allow chaining of *one* TrustManager

The previous implementation was erroneous, it only did honor the first TrustManager parameter until a certificate was stored in MTMs keystore. After that, only the second parameter was used. If somebody should have demand for more than one chained TM, this warrants a new, correct, API.
eli-zh · Jul 22, 2014 · 084c079 · 084c079
1 parent 2538a85
commit 084c079
Showing 1 changed file with 6 additions and 7 deletions.
diff --git a/src/de/duenndns/ssl/MemorizingTrustManager.java b/src/de/duenndns/ssl/MemorizingTrustManager.java
@@ -92,7 +92,7 @@ public class MemorizingTrustManager implements X509TrustManager {
 	private X509TrustManager defaultTrustManager;
 	private X509TrustManager appTrustManager;
 
-	/** Creates an instance of the MemorizingTrustManager class.
+	/** Creates an instance of the MemorizingTrustManager class that falls back to a custom TrustManager.
 	 *
 	 * You need to supply the application context. This has to be one of:
 	 *    - Application
@@ -103,16 +103,15 @@ public class MemorizingTrustManager implements X509TrustManager {
 	 * notification and for obtaining translated strings.
 	 *
 	 * @param m Context for the application.
-	 * @param appTrustManager Delegate trust management to this TM first.
-	 * @param defaultTrustManager Delegate trust management to this TM second, if non-null.
+	 * @param defaultTrustManager Delegate trust management to this TM. If null, the user must accept every certificate.
 	 */
-	public MemorizingTrustManager(Context m, X509TrustManager appTrustManager, X509TrustManager defaultTrustManager) {
+	public MemorizingTrustManager(Context m, X509TrustManager defaultTrustManager) {
 		init(m);
-		this.appTrustManager = appTrustManager;
+		this.appTrustManager = getTrustManager(appKeyStore);
 		this.defaultTrustManager = defaultTrustManager;
 	}
 
-	/** Creates an instance of the MemorizingTrustManager class.
+	/** Creates an instance of the MemorizingTrustManager class using the system X509TrustManager.
 	 *
 	 * You need to supply the application context. This has to be one of:
 	 *    - Application
@@ -404,7 +403,7 @@ public void checkCertTrusted(X509Certificate[] chain, String authType, boolean i
 			}
 			try {
 				if (defaultTrustManager == null)
-					throw new CertificateException();
+					throw ae;
 				Log.d(TAG, "checkCertTrusted: trying defaultTrustManager");
 				if (isServer)
 					defaultTrustManager.checkServerTrusted(chain, authType);