commit 1deca4b9eb224f704dc3ab4b17053ff94f49d6c5
author Yifan Hong <elsk@google.com> Fri Sep 10 16:16:44 2021 -0700
committer Yifan Hong <elsk@google.com> Mon Sep 13 16:22:18 2021 -0700
tree 5d861efa75334eeaf2b67fd32d26ae0bf6296f84
parent 2ec5688a56fcf7147e086962f544f01128291325

binder: implement simple TLS verification for testing

Implements RpcCertificateVerifierSimple with an algorithm
that treats all certificates as leaf certificates.

Fix existing tests to set certificates properly. Also
add a test that checks that bad certificates are rejected.

Also adds RpcCertificateUtils that includes function for
(de)serializing certificates. These util functions are useful
for implementing RpcCertificateVerifier.

Test: binderRpcTest
Bug: 195166979
Fixes: 196422181
Fixes: 198833574
Change-Id: I6c1f0f88fe5bc712f3890426d6da26c9ad046d79

libs/binder/RpcTransportTls.cpp

diff --git a/libs/binder/RpcTransportTls.cpp b/libs/binder/RpcTransportTls.cpp
index c42ea9a..2a1dffd 100644
--- a/libs/binder/RpcTransportTls.cpp
+++ b/libs/binder/RpcTransportTls.cpp
@@ -22,6 +22,7 @@
 #include <openssl/bn.h>
 #include <openssl/ssl.h>
 
+#include <binder/RpcCertificateUtils.h>
 #include <binder/RpcTransportTls.h>
 
 #include "FdTrigger.h"
@@ -459,9 +460,9 @@
     std::shared_ptr<RpcCertificateVerifier> mCertVerifier;
 };
 
-std::vector<uint8_t> RpcTransportCtxTls::getCertificate(CertificateFormat) const {
-    // TODO(b/195166979): return certificate here
-    return {};
+std::vector<uint8_t> RpcTransportCtxTls::getCertificate(CertificateFormat format) const {
+    X509* x509 = SSL_CTX_get0_certificate(mCtx.get()); // does not own
+    return serializeCertificate(x509, format);
 }
 
 // Verify by comparing the leaf of peer certificate with every certificate in