diff options
| author | davidben@chromium.org <davidben@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-01-17 22:52:17 +0000 |
|---|---|---|
| committer | davidben@chromium.org <davidben@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-01-17 22:52:17 +0000 |
| commit | 23073f97dbd9aceb329f9994ee312650efe797af (patch) | |
| tree | 42d076e2277c730d208a6cfd8924a2ff7fc2e266 /net/android/network_library.cc | |
| parent | 56aca707d0ad5ace8c5513dae5e31f964ad8f8be (diff) | |
| download | chromium_src-23073f97dbd9aceb329f9994ee312650efe797af.zip chromium_src-23073f97dbd9aceb329f9994ee312650efe797af.tar.gz chromium_src-23073f97dbd9aceb329f9994ee312650efe797af.tar.bz2 | |
Export verified_cert and public_key_hashes on Android.
On API level 17 and up, X509TrustManager can export the verified chain. Use it
to populate some of the fields in CertVerifyResult. Also correctly populate
is_issued_by_known_root and enable intranet host checking.
Add a test to make sure non-standard roots get flagged as such. If the APIs
are not available, is_issued_by_known_root is always false.
BUG=116838,147945
TEST=CertVerifyProcTest.PublicKeyHashes
CertVerifyProcTest.VerifyReturnChainBasic
CertVerifyProcTest.VerifyReturnChainFiltersUnrelatedCerts
CertVerifyProcTest.VerifyReturnChainProperlyOrdered
CertVerifyProcTest.IntranetHostsRejected
CertVerifyProcTest.IsIssuedByKnownRootIgnoresTestRoots
CertVerifyProcTest.ExtraneousMD5RootCert
CertVerifyProcTest.NameConstraintsFailure
Review URL: https://codereview.chromium.org/108653013
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@245649 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/android/network_library.cc')
| -rw-r--r-- | net/android/network_library.cc | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/net/android/network_library.cc b/net/android/network_library.cc index 2407100..37ab18e 100644 --- a/net/android/network_library.cc +++ b/net/android/network_library.cc @@ -23,9 +23,12 @@ using base::android::ToJavaByteArray; namespace net { namespace android { -CertVerifyResultAndroid VerifyX509CertChain( - const std::vector<std::string>& cert_chain, - const std::string& auth_type) { +void VerifyX509CertChain(const std::vector<std::string>& cert_chain, + const std::string& auth_type, + const std::string& host, + CertVerifyStatusAndroid* status, + bool* is_issued_by_known_root, + std::vector<std::string>* verified_chain) { JNIEnv* env = AttachCurrentThread(); ScopedJavaLocalRef<jobjectArray> chain_byte_array = @@ -36,10 +39,20 @@ CertVerifyResultAndroid VerifyX509CertChain( ConvertUTF8ToJavaString(env, auth_type); DCHECK(!auth_string.is_null()); - jint result = Java_AndroidNetworkLibrary_verifyServerCertificates( - env, chain_byte_array.obj(), auth_string.obj()); + ScopedJavaLocalRef<jstring> host_string = + ConvertUTF8ToJavaString(env, host); + DCHECK(!host_string.is_null()); - return static_cast<CertVerifyResultAndroid>(result); + ScopedJavaLocalRef<jobject> result = + Java_AndroidNetworkLibrary_verifyServerCertificates( + env, chain_byte_array.obj(), auth_string.obj(), host_string.obj()); + if (ClearException(env)) { + *status = android::VERIFY_FAILED; + return; + } + + ExtractCertVerifyResult(result.obj(), + status, is_issued_by_known_root, verified_chain); } void AddTestRootCertificate(const uint8* cert, size_t len) { |