-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Android's certificate verification JNI layer #2251
Commits on May 5, 2022
-
Cronvoy: preparation to unittest certificate verification JNI
Properly testing Android certificate verification logic requires calling into framework code. That cannot be done through Robolectric (framework APIs are faked). Hence, actual instrumentation tests are needed. Having said that, after some exploration on the state of Bazel/Android instrumentation tests, I've realized that the current state of things is non-optimal. As a stopgap solution (until the infrastructure improves), we've decided to test the JNI layer through unittests which fake X509Util. This should be a reasonable middle ground, as X509Util is mostly a compatibility layer on top of Android's API. This CL introduces FakeX509Util and adds allows tests to swap that in by adding a test-only API to AndroidNetworkLibrary. FakeX509Util is not particularly clever: from its perspective a certificate is just a string and for a verification to succeeds, all certificates in a chain must be root certificates (weird, but we don't really care about its logic). Signed-off-by: Stefano Duo <stefanoduo@google.com>
Configuration menu - View commit details
-
Copy full SHA for 51cf7ca - Browse repository at this point
Copy the full SHA 51cf7caView commit details -
Add utility functions to translate between C++ and Java std constructs
Add utility functions to translate between: - C++ strings and Java strings - C++ vector of bytes and Java array of bytes These utility functions will be used in the next commit to implement the JNI layer for certificate verifications (and its unit tests). Signed-off-by: Stefano Duo <stefanoduo@google.com>
Configuration menu - View commit details
-
Copy full SHA for 232f12c - Browse repository at this point
Copy the full SHA 232f12cView commit details -
Implement JNI layer for Android's certificate verification
Add native hooks for AndroidNetworkLibrary Java APIs. Write unittests that mimic calls from native to Java for these new hooks, by making use of a fake X509Util and additional test-only Java -> C++ JNI calls. Signed-off-by: Stefano Duo <stefanoduo@google.com>
Configuration menu - View commit details
-
Copy full SHA for d3ddc19 - Browse repository at this point
Copy the full SHA d3ddc19View commit details
Commits on May 6, 2022
-
Signed-off-by: Stefano Duo <stefanoduo@google.com>
Configuration menu - View commit details
-
Copy full SHA for fda54b8 - Browse repository at this point
Copy the full SHA fda54b8View commit details -
Configuration menu - View commit details
-
Copy full SHA for 4f12064 - Browse repository at this point
Copy the full SHA 4f12064View commit details -
Signed-off-by: Stefano Duo <stefanoduo@google.com>
Configuration menu - View commit details
-
Copy full SHA for 15d9bc7 - Browse repository at this point
Copy the full SHA 15d9bc7View commit details
Commits on May 9, 2022
-
* Extend FakeX509Util with host and authType checks * Add tests for host and authType * Refactor UTF conversion in its own library * Add unit tests for them Signed-off-by: Stefano Duo <stefanoduo@google.com>
Configuration menu - View commit details
-
Copy full SHA for 68f24df - Browse repository at this point
Copy the full SHA 68f24dfView commit details
Commits on May 11, 2022
-
Signed-off-by: Stefano Duo <stefanoduo@google.com>
Configuration menu - View commit details
-
Copy full SHA for f8a6a46 - Browse repository at this point
Copy the full SHA f8a6a46View commit details
Commits on May 16, 2022
-
Generalize cert verify result enum and delete local refs
Signed-off-by: Stefano Duo <stefanoduo@google.com>
Configuration menu - View commit details
-
Copy full SHA for aa0beee - Browse repository at this point
Copy the full SHA aa0beeeView commit details
Commits on May 18, 2022
-
JNI: pass strings as arrays through their UTF-8 encoding
Drop string conversion utilities since they're no longer needed. The conversion is now handled on the Java side. Document the expectation that strings passed to jvm_verify_x509_cert_chain and call_jvm_verify_x509_cert_chain must be UTF-8 encoded. Also add a missing DeleteLocalRef. Signed-off-by: Stefano Duo <stefanoduo@google.com>
Configuration menu - View commit details
-
Copy full SHA for 153320a - Browse repository at this point
Copy the full SHA 153320aView commit details -
Signed-off-by: Stefano Duo <stefanoduo@google.com>
Configuration menu - View commit details
-
Copy full SHA for 55dc250 - Browse repository at this point
Copy the full SHA 55dc250View commit details
Commits on May 19, 2022
-
Fix missing argument to call call_jvm_verify_x509_cert_chain
Signed-off-by: Stefano Duo <stefanoduo@google.com>
Configuration menu - View commit details
-
Copy full SHA for 5c461ed - Browse repository at this point
Copy the full SHA 5c461edView commit details