Project import generated by Copybara.

PiperOrigin-RevId: 885576965

Author: miguelaranda0

README.md

@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2025 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.conscrypt;
+
+import org.conscrypt.metrics.CertificateTransparencyVerificationReason;
+
+/**
+ * A default NetworkSecurityPolicy for unbundled Android.
+ */
+@Internal
+public class ConscryptNetworkSecurityPolicy implements NetworkSecurityPolicy {
+    public static ConscryptNetworkSecurityPolicy getDefault() {
+        return new ConscryptNetworkSecurityPolicy();
+    }
+
+    @Override
+    public boolean isCertificateTransparencyVerificationRequired(String hostname) {
+        return false;
+    }
+
+    @Override
+    public CertificateTransparencyVerificationReason getCertificateTransparencyVerificationReason(
+            String hostname) {
+        return CertificateTransparencyVerificationReason.UNKNOWN;
+    }
+
+    @Override
+    public DomainEncryptionMode getDomainEncryptionMode(String hostname) {
+        return DomainEncryptionMode.UNKNOWN;
+    }
+}

android/src/main/java/org/conscrypt/ConscryptNetworkSecurityPolicy.java

@@ -59,11 +59,13 @@
 import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
+import java.util.function.Supplier;
 
 import javax.net.ssl.SNIHostName;
 import javax.net.ssl.SNIMatcher;
 import javax.net.ssl.SNIServerName;
 import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocketFactory;
@@ -859,59 +861,8 @@ static boolean supportsX509ExtendedTrustManager() {
         return Build.VERSION.SDK_INT > 23;
     }
 
-    /**
-     * Check if SCT verification is required for a given hostname.
-     *
-     * SCT Verification is enabled using {@code Security} properties.
-     * The "conscrypt.ct.enable" property must be true, as well as a per domain property.
-     * The reverse notation of the domain name, prefixed with "conscrypt.ct.enforce."
-     * is used as the property name.
-     * Basic globbing is also supported.
-     *
-     * For example, for the domain foo.bar.com, the following properties will be
-     * looked up, in order of precedence.
-     * - conscrypt.ct.enforce.com.bar.foo
-     * - conscrypt.ct.enforce.com.bar.*
-     * - conscrypt.ct.enforce.com.*
-     * - conscrypt.ct.enforce.*
-     */
-    public static boolean isCTVerificationRequired(String hostname) {
-        if (hostname == null) {
-            return false;
-        }
-        // TODO: Use the platform version on platforms that support it
-
-        String property = Security.getProperty("conscrypt.ct.enable");
-        if (property == null || !Boolean.parseBoolean(property)) {
-            return false;
-        }
-
-        List<String> parts = Arrays.asList(hostname.split("\\."));
-        Collections.reverse(parts);
-
-        boolean enable = false;
-        String propertyName = "conscrypt.ct.enforce";
-        // The loop keeps going on even once we've found a match
-        // This allows for finer grained settings on subdomains
-        for (String part : parts) {
-            property = Security.getProperty(propertyName + ".*");
-            if (property != null) {
-                enable = Boolean.parseBoolean(property);
-            }
-
-            propertyName = propertyName + "." + part;
-        }
-
-        property = Security.getProperty(propertyName);
-        if (property != null) {
-            enable = Boolean.parseBoolean(property);
-        }
-        return enable;
-    }
-
-    public static CertificateTransparencyVerificationReason reasonCTVerificationRequired(
-            String hostname) {
-        return CertificateTransparencyVerificationReason.UNKNOWN;
+    static SSLException wrapInvalidEchDataException(SSLException e) {
+        return e;
     }
 
     static boolean supportsConscryptCertStore() {
@@ -940,7 +891,8 @@ static CertBlocklist newDefaultBlocklist() {
         return null;
     }
 
-    static CertificateTransparency newDefaultCertificateTransparency() {
+    static CertificateTransparency newDefaultCertificateTransparency(
+            Supplier<NetworkSecurityPolicy> policySupplier) {
         return null;
     }
 

android/src/main/java/org/conscrypt/Platform.java

@@ -43,7 +43,8 @@ void CompatibilityCloseMonitor::init() {
         return;
     }
 #ifdef CONSCRYPT_UNBUNDLED
-    // Only attempt to initialise the legacy C++ API if the C API symbols were not found.
+    // Only attempt to initialise the legacy C++ API if the C API symbols were not
+    // found.
     lib = dlopen("libjavacore.so", RTLD_NOW);
     if (lib != nullptr) {
         if (asyncCloseMonitorCreate == nullptr) {

common/src/jni/main/cpp/conscrypt/compatibility_close_monitor.cc

@@ -0,0 +1,28 @@
+#include <conscrypt/jni_init.h>
+#include <conscrypt/compatibility_close_monitor.h>
+#include <conscrypt/jniutil.h>
+#include <conscrypt/logging.h>
+#include <conscrypt/native_crypto.h>
+
+namespace conscrypt {
+
+jint JniInit(JavaVM* vm, void*, jint jni_version) {
+    JNIEnv* env;
+    if (vm->GetEnv(reinterpret_cast<void**>(&env), jni_version) != JNI_OK) {
+        CONSCRYPT_LOG_ERROR("Could not get JNIEnv");
+        return JNI_ERR;
+    }
+
+    // Initialize the JNI constants.
+    jniutil::init(vm, env);
+
+    // Register all of the native JNI methods.
+    NativeCrypto::registerNativeMethods(env);
+
+    // Perform static initialization of the close monitor (if required on this platform).
+    CompatibilityCloseMonitor::init();
+
+    return jni_version;
+}
+
+}  // namespace conscrypt