From 71f4b2782acf7b0608bb596f1d980afe26255254 Mon Sep 17 00:00:00 2001 From: "ppi@chromium.org" Date: Wed, 13 Feb 2013 19:13:49 +0000 Subject: Return specific cert verification errors on Android To implement CertVerifyProc on Android we refer to the Java side to query the platform trust managers. Currently the information we get from the platform is binary - each certificate chain is either identified as trusted or not, in which case we assume that this is due to not-trusted root. This patch provides better granularity distinguishing the following cases: expired, not yet valid, incorrect (could not be parsed), not trusted root. This allowed to reenable two net unittests: - CertVerifyProcTest.ExtraneousMD5RootCert - CertVerifyProcTest.IntermediateCARequireExplicitPolicy The following net unittest had to be disabled as it joins the club of CertVerifyProc tests failing on bots with incorrect time/date settings: - CertVerifyProcTest.InvalidKeyUsage BUG=169762 Review URL: https://chromiumcodereview.appspot.com/12212135 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@182280 0039d316-1c4b-4281-b951-d872f2087c98 --- net/android/network_library.cc | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'net/android/network_library.cc') diff --git a/net/android/network_library.cc b/net/android/network_library.cc index c1c4d5d..2407100 100644 --- a/net/android/network_library.cc +++ b/net/android/network_library.cc @@ -23,8 +23,9 @@ using base::android::ToJavaByteArray; namespace net { namespace android { -VerifyResult VerifyX509CertChain(const std::vector& cert_chain, - const std::string& auth_type) { +CertVerifyResultAndroid VerifyX509CertChain( + const std::vector& cert_chain, + const std::string& auth_type) { JNIEnv* env = AttachCurrentThread(); ScopedJavaLocalRef chain_byte_array = @@ -35,12 +36,10 @@ VerifyResult VerifyX509CertChain(const std::vector& cert_chain, ConvertUTF8ToJavaString(env, auth_type); DCHECK(!auth_string.is_null()); - jboolean trusted = Java_AndroidNetworkLibrary_verifyServerCertificates( + jint result = Java_AndroidNetworkLibrary_verifyServerCertificates( env, chain_byte_array.obj(), auth_string.obj()); - if (ClearException(env)) - return VERIFY_INVOCATION_ERROR; - return trusted ? VERIFY_OK : VERIFY_NO_TRUSTED_ROOT; + return static_cast(result); } void AddTestRootCertificate(const uint8* cert, size_t len) { -- cgit v1.1