Cleanly return VERIFY_FAILED if no suitable X509TrustManager is found.

Certificate verification still won't be functional and VERIFY_FAILED will NOTREACHED() on a debug build, but this is probably better-behaved than a NullPointerException, and we try to handle other initialization failures. BUG=376660 Review URL: https://codereview.chromium.org/316613002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@274595 0039d316-1c4b-4281-b951-d872f2087c98

Cleanly return VERIFY_FAILED if no suitable X509TrustManager is found.
Certificate verification still won't be functional and VERIFY_FAILED will NOTREACHED() on a debug build, but this is probably better-behaved than a NullPointerException, and we try to handle other initialization failures. BUG=376660 Review URL: https://codereview.chromium.org/316613002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@274595 0039d316-1c4b-4281-b951-d872f2087c98
a0412516 · davidben@chromium.org · b2120be8 · a0412516
Commit a0412516 authored Jun 03, 2014 by davidben@chromium.org
Show whitespace changes
Inline Side-by-side

Showing with 8 additions and 2 deletions

net/android/java/src/org/chromium/net/X509Util.java net/android/java/src/org/chromium/net/X509Util.java +8 -2

No files found.
--- a/net/android/java/src/org/chromium/net/X509Util.java
+++ b/net/android/java/src/org/chromium/net/X509Util.java
@@ -235,7 +235,7 @@ public class X509Util {
    /**
     * Creates a X509TrustManagerImplementation backed up by the given key
     * store. When null is passed as a key store, system default trust store is
-     * used.
+     * used. Returns null if no created TrustManager was suitable.
     * @throws KeyStoreException, NoSuchAlgorithmException on error initializing the TrustManager.
     */
    private static X509TrustManagerImplementation createTrustManager(KeyStore keyStore) throws
@@ -253,10 +253,12 @@ public class X509Util {
                        return new X509TrustManagerIceCreamSandwich((X509TrustManager) tm);
                    }
                } catch (IllegalArgumentException e) {
-                    Log.e(TAG, "Error creating trust manager: " + e);
+                    String className = tm.getClass().getName();
+                    Log.e(TAG, "Error creating trust manager (" + className + "): " + e);
                }
            }
        }
+        Log.e(TAG, "Could not find suitable trust manager");
        return null;
    }

@@ -465,6 +467,10 @@ public class X509Util {
        }

        synchronized (sLock) {
+            // If no trust manager was found, fail without crashing on the null pointer.
+            if (sDefaultTrustManager == null)
+                return new AndroidCertVerifyResult(CertVerifyStatusAndroid.VERIFY_FAILED);
+
            List<X509Certificate> verifiedChain;
            try {
                verifiedChain = sDefaultTrustManager.checkServerTrusted(serverCertificates,