https://source.android.com/ 
/*
 * Copyright (C) 2015 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package android.security.net.config;

import android.content.Context;
import android.util.ArraySet;
import libcore.io.IoUtils;
import java.io.InputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Set;

import com.android.org.conscrypt.TrustedCertificateIndex;


CertificateSource based on certificates contained in an application resource file. 
@hide
/**
 * {@link CertificateSource} based on certificates contained in an application resource file.
 * @hide
 */
public class ResourceCertificateSource implements CertificateSource {
    private final Object mLock = new Object();
    private final int  mResourceId;

    private Set<X509Certificate> mCertificates;
    private Context mContext;
    private TrustedCertificateIndex mIndex;

    public ResourceCertificateSource(int resourceId, Context context) {
        mResourceId = resourceId;
        mContext = context;
    }

    private void ensureInitialized() {
        synchronized (mLock) {
            if (mCertificates != null) {
                return;
            }
            Set<X509Certificate> certificates = new ArraySet<X509Certificate>();
            Collection<? extends Certificate> certs;
            InputStream in = null;
            try {
                CertificateFactory factory = CertificateFactory.getInstance("X.509");
                in = mContext.getResources().openRawResource(mResourceId);
                certs = factory.generateCertificates(in);
            } catch (CertificateException e) {
                throw new RuntimeException("Failed to load trust anchors from id " + mResourceId,
                        e);
            } finally {
                IoUtils.closeQuietly(in);
            }
            TrustedCertificateIndex indexLocal = new TrustedCertificateIndex();
            for (Certificate cert : certs) {
                certificates.add((X509Certificate) cert);
                indexLocal.index((X509Certificate) cert);
            }
            mCertificates = certificates;
            mIndex = indexLocal;
            mContext = null;
        }
    }

    @Override
    public Set<X509Certificate> getCertificates() {
        ensureInitialized();
        return mCertificates;
    }

    @Override
    public X509Certificate findBySubjectAndPublicKey(X509Certificate cert) {
        ensureInitialized();
        java.security.cert.TrustAnchor anchor = mIndex.findBySubjectAndPublicKey(cert);
        if (anchor == null) {
            return null;
        }
        return anchor.getTrustedCert();
    }

    @Override
    public X509Certificate findByIssuerAndSignature(X509Certificate cert) {
        ensureInitialized();
        java.security.cert.TrustAnchor anchor = mIndex.findByIssuerAndSignature(cert);
        if (anchor == null) {
            return null;
        }
        return anchor.getTrustedCert();
    }

    @Override
    public Set<X509Certificate> findAllByIssuerAndSignature(X509Certificate cert) {
        ensureInitialized();
        Set<java.security.cert.TrustAnchor> anchors = mIndex.findAllByIssuerAndSignature(cert);
        if (anchors.isEmpty()) {
            return Collections.<X509Certificate>emptySet();
        }
        Set<X509Certificate> certs = new ArraySet<X509Certificate>(anchors.size());
        for (java.security.cert.TrustAnchor anchor : anchors) {
            certs.add(anchor.getTrustedCert());
        }
        return certs;
    }

    @Override
    public void handleTrustStorageUpdate() {
        // Nothing to do, resource sources never change.
    }
}