diff options
| author | ppi@chromium.org <ppi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-02-13 19:13:49 +0000 |
|---|---|---|
| committer | ppi@chromium.org <ppi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-02-13 19:13:49 +0000 |
| commit | 71f4b2782acf7b0608bb596f1d980afe26255254 (patch) | |
| tree | 35859c98136212a257d70808ed11666082380396 /net/android/network_library.cc | |
| parent | 3f83628a86e6be3dd2bf90a441477e9ab7fb2f9f (diff) | |
| download | chromium_src-71f4b2782acf7b0608bb596f1d980afe26255254.zip chromium_src-71f4b2782acf7b0608bb596f1d980afe26255254.tar.gz chromium_src-71f4b2782acf7b0608bb596f1d980afe26255254.tar.bz2 | |
Return specific cert verification errors on Android
To implement CertVerifyProc on Android we refer to the Java
side to query the platform trust managers. Currently the
information we get from the platform is binary - each
certificate chain is either identified as trusted or not, in
which case we assume that this is due to not-trusted root.
This patch provides better granularity distinguishing the
following cases: expired, not yet valid, incorrect (could not
be parsed), not trusted root.
This allowed to reenable two net unittests:
- CertVerifyProcTest.ExtraneousMD5RootCert
- CertVerifyProcTest.IntermediateCARequireExplicitPolicy
The following net unittest had to be disabled as it joins
the club of CertVerifyProc tests failing on bots with
incorrect time/date settings:
- CertVerifyProcTest.InvalidKeyUsage
BUG=169762
Review URL: https://chromiumcodereview.appspot.com/12212135
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@182280 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/android/network_library.cc')
| -rw-r--r-- | net/android/network_library.cc | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/net/android/network_library.cc b/net/android/network_library.cc index c1c4d5d..2407100 100644 --- a/net/android/network_library.cc +++ b/net/android/network_library.cc @@ -23,8 +23,9 @@ using base::android::ToJavaByteArray; namespace net { namespace android { -VerifyResult VerifyX509CertChain(const std::vector<std::string>& cert_chain, - const std::string& auth_type) { +CertVerifyResultAndroid VerifyX509CertChain( + const std::vector<std::string>& cert_chain, + const std::string& auth_type) { JNIEnv* env = AttachCurrentThread(); ScopedJavaLocalRef<jobjectArray> chain_byte_array = @@ -35,12 +36,10 @@ VerifyResult VerifyX509CertChain(const std::vector<std::string>& cert_chain, ConvertUTF8ToJavaString(env, auth_type); DCHECK(!auth_string.is_null()); - jboolean trusted = Java_AndroidNetworkLibrary_verifyServerCertificates( + jint result = Java_AndroidNetworkLibrary_verifyServerCertificates( env, chain_byte_array.obj(), auth_string.obj()); - if (ClearException(env)) - return VERIFY_INVOCATION_ERROR; - return trusted ? VERIFY_OK : VERIFY_NO_TRUSTED_ROOT; + return static_cast<CertVerifyResultAndroid>(result); } void AddTestRootCertificate(const uint8* cert, size_t len) { |