Google Git
Sign in
chromium / chromium / src / 71f4b2782acf7b0608bb596f1d980afe26255254^! / . / net / android / network_library.h
commit71f4b2782acf7b0608bb596f1d980afe26255254[log] [tgz]
author[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Wed Feb 13 19:13:49 2013
committer[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Wed Feb 13 19:13:49 2013
tree35859c98136212a257d70808ed11666082380396
parent3f83628a86e6be3dd2bf90a441477e9ab7fb2f9f [diff] [blame]
Return specific cert verification errors on Android

To implement CertVerifyProc on Android we refer to the Java 
side to query the platform trust managers. Currently the 
information we get from the platform is binary - each 
certificate chain is either identified as trusted or not, in 
which case we assume that this is due to not-trusted root.

This patch provides better granularity distinguishing the 
following cases: expired, not yet valid, incorrect (could not 
be parsed), not trusted root.

This allowed to reenable two net unittests:
- CertVerifyProcTest.ExtraneousMD5RootCert
- CertVerifyProcTest.IntermediateCARequireExplicitPolicy

The following net unittest had to be disabled as it joins 
the club of CertVerifyProc tests failing on bots with 
incorrect time/date settings:
- CertVerifyProcTest.InvalidKeyUsage

BUG=169762

Review URL: https://chromiumcodereview.appspot.com/12212135

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@182280 0039d316-1c4b-4281-b951-d872f2087c98

diff --git a/net/android/network_library.h b/net/android/network_library.h
index 9db3e0e..451834e 100644
--- a/net/android/network_library.h
+++ b/net/android/network_library.h

@@ -11,28 +11,19 @@
 #include <vector>
 
 #include "base/basictypes.h"
+#include "net/android/cert_verify_result_android.h"
 #include "net/base/mime_util.h"
 #include "net/base/net_export.h"
 
 namespace net {
 namespace android {
 
-enum VerifyResult {
-  // Certificate verification was successful.
-  VERIFY_OK,
-  // Certificate verification was failed. There is no detail error information
-  // given by Android API.
-  VERIFY_NO_TRUSTED_ROOT,
-  // Error occurs when invoke JNI methods.
-  VERIFY_INVOCATION_ERROR,
-};
-
 // |cert_chain| is DER encoded chain of certificates, with the server's own
 // certificate listed first.
 // |auth_type| is as per the Java X509Certificate.checkServerTrusted method.
-
-VerifyResult VerifyX509CertChain(const std::vector<std::string>& cert_chain,
-                                 const std::string& auth_type);
+CertVerifyResultAndroid VerifyX509CertChain(
+    const std::vector<std::string>& cert_chain,
+    const std::string& auth_type);
 
 // Adds a certificate as a root trust certificate to the trust manager.
 // |cert| is DER encoded certificate, |len| is its length in bytes.