Google Git
Sign in
android / platform / external / conscrypt / b1fc232^! / .
commitb1fc23213ee8cb2ee86dfb6e97fd34572c7b784c[log] [tgz]
authorKenny Root <kroot@google.com>Tue May 10 10:49:23 2016 -0700
committerKenny Root <kroot@google.com>Tue May 10 10:51:07 2016 -0700
tree8df1c560402ccc9828bf74a005a14d28b287f0a0
parent2ee5fb5be98566ba15dd56aad083b7a0637e6d52 [diff]
X509_get_pubkey should default to checked exception

An invalid certificate would cause a RuntimeException to crop up instead
of a checked exception. Instead throw an InvalidKeyException by default
which can be caught and handled.

Bug: 28574453
Change-Id: Ib9e92c96a35d2d330a4870175a4eb5fb24fc4026

diff --git a/src/main/java/org/conscrypt/NativeCrypto.java b/src/main/java/org/conscrypt/NativeCrypto.java
index 693d702..aea2815 100644
--- a/src/main/java/org/conscrypt/NativeCrypto.java
+++ b/src/main/java/org/conscrypt/NativeCrypto.java

@@ -440,7 +440,8 @@
 
     public static native boolean[] get_X509_subjectUID(long x509ctx);
 
-    public static native long X509_get_pubkey(long x509ctx) throws NoSuchAlgorithmException;
+    public static native long X509_get_pubkey(long x509ctx) throws NoSuchAlgorithmException,
+           InvalidKeyException;
 
     public static native String get_X509_pubkey_oid(long x509ctx);
 

diff --git a/src/main/java/org/conscrypt/OpenSSLX509Certificate.java b/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
index 9addc5e..a1f2db0 100644
--- a/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
+++ b/src/main/java/org/conscrypt/OpenSSLX509Certificate.java

@@ -413,7 +413,7 @@
         try {
             OpenSSLKey pkey = new OpenSSLKey(NativeCrypto.X509_get_pubkey(mContext));
             return pkey.getPublicKey();
-        } catch (NoSuchAlgorithmException ignored) {
+        } catch (NoSuchAlgorithmException | InvalidKeyException ignored) {
         }
 
         /* Try generating the key using other Java providers. */
@@ -422,8 +422,7 @@
         try {
             KeyFactory kf = KeyFactory.getInstance(oid);
             return kf.generatePublic(new X509EncodedKeySpec(encoded));
-        } catch (NoSuchAlgorithmException ignored) {
-        } catch (InvalidKeySpecException ignored) {
+        } catch (NoSuchAlgorithmException | InvalidKeySpecException ignored) {
         }
 
         /*

diff --git a/src/main/native/org_conscrypt_NativeCrypto.cpp b/src/main/native/org_conscrypt_NativeCrypto.cpp
index 52e02ad..2cee798 100644
--- a/src/main/native/org_conscrypt_NativeCrypto.cpp
+++ b/src/main/native/org_conscrypt_NativeCrypto.cpp

@@ -6945,7 +6945,7 @@
         }
 #endif
 
-        throwExceptionIfNecessary(env, "X509_get_pubkey");
+        throwExceptionIfNecessary(env, "X509_get_pubkey", throwInvalidKeyException);
         return 0;
     }