diff options
| author | tsniatowski@opera.com <tsniatowski@opera.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-04-23 04:18:50 +0000 |
|---|---|---|
| committer | tsniatowski@opera.com <tsniatowski@opera.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-04-23 04:18:50 +0000 |
| commit | 8ce763fc72da82d43da6f76a9e8d872badea70ca (patch) | |
| tree | dda7d021fe9a548bf8c30fecba0aca57179cb52e /net/android | |
| parent | bf73dc4781c6c9186d9925ca754624f2a1bd4b03 (diff) | |
| download | chromium_src-8ce763fc72da82d43da6f76a9e8d872badea70ca.zip chromium_src-8ce763fc72da82d43da6f76a9e8d872badea70ca.tar.gz chromium_src-8ce763fc72da82d43da6f76a9e8d872badea70ca.tar.bz2 | |
Fix client certificate regressions on Android < 4.2
https://codereview.chromium.org/166143002 refactored the code to use the
AndroidPrivateKey wrapper class rather than Java's PrivateKey directly,
but this one line of code was not updated. As a result, the test will
always fail and client certificates won't work on Android versions prior
to 4.2 (this is a compatibility code path, which is probably why it
wasn't caught in testing or review).
In addition, while https://codereview.chromium.org/182933002 updated the
code to to fix 64-bit compilation issues, it missed the point that this
is compatibility code meant to run only on earlier versions of Android
that aren't 64-bit safe to begin with. As a result, a method called via
reflection will return an unexpected integer instead of a long, causing
the code to fail (even in 32-bit mode).
Fix by conservatively casting the return value through Number instead,
which will work with both int and long. (The earlier Android versions
that this code is targeting are still not 64-bit safe, but the
compatibility code should not cause any compile issues.)
Investigation credit goes out to kimn@opera.com.
BUG=360406
Review URL: https://codereview.chromium.org/246423004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@265531 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/android')
| -rw-r--r-- | net/android/java/src/org/chromium/net/DefaultAndroidKeyStore.java | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/net/android/java/src/org/chromium/net/DefaultAndroidKeyStore.java b/net/android/java/src/org/chromium/net/DefaultAndroidKeyStore.java index cc61657..2492da6 100644 --- a/net/android/java/src/org/chromium/net/DefaultAndroidKeyStore.java +++ b/net/android/java/src/org/chromium/net/DefaultAndroidKeyStore.java @@ -167,7 +167,7 @@ public class DefaultAndroidKeyStore implements AndroidKeyStore { Log.e(TAG, "Cannot find system OpenSSLRSAPrivateKey class: " + e); return 0; } - if (!superClass.isInstance(key)) { + if (!superClass.isInstance(javaKey)) { // This may happen if the PrivateKey was not created by the "AndroidOpenSSL" // provider, which should be the default. That could happen if an OEM decided // to implement a different default provider. Also highly unlikely. @@ -197,7 +197,11 @@ public class DefaultAndroidKeyStore implements AndroidKeyStore { // Use reflection to invoke the 'getPkeyContext' method on the // result of the getOpenSSLKey(). This is an 32-bit integer - // which is the address of an EVP_PKEY object. + // which is the address of an EVP_PKEY object. Note that this + // method these days returns a 64-bit long, but since this code + // path is used for older Android versions, it may still return + // a 32-bit int here. To be on the safe side, we cast the return + // value via Number rather than directly to Integer or Long. Method getPkeyContext; try { getPkeyContext = opensslKey.getClass().getDeclaredMethod("getPkeyContext"); @@ -209,7 +213,7 @@ public class DefaultAndroidKeyStore implements AndroidKeyStore { getPkeyContext.setAccessible(true); long evp_pkey = 0; try { - evp_pkey = (Long) getPkeyContext.invoke(opensslKey); + evp_pkey = ((Number) getPkeyContext.invoke(opensslKey)).longValue(); } finally { getPkeyContext.setAccessible(false); } |