Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / a2edc4bbe7bd88c5da09f7a89fe25c5bc680b342^2..a2edc4bbe7bd88c5da09f7a89fe25c5bc680b342 / .
commita2edc4bbe7bd88c5da09f7a89fe25c5bc680b342[log] [tgz]
authorAlice Wang <aliceywang@google.com>Thu Dec 21 18:49:45 2023 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Thu Dec 21 18:49:45 2023 +0000
tree94492e26e2f14401f107bac1c3aa2d7e44e2df43
parent0c69426d5da2596d5d7a264116db9e4729da0385 [diff]
parent6a504efe653519364332e84ab936b8296bdaee3e [diff]
Merge "[test][refactoring] Use libx509_cert_nostd in rialto_test" into main
diff --git a/virtualizationservice/Android.bp b/virtualizationservice/Android.bp
index e89ce44..e0bb97f 100644
--- a/virtualizationservice/Android.bp
+++ b/virtualizationservice/Android.bp

@@ -36,6 +36,7 @@
         "liblibc",
         "liblog_rust",
         "libnix",
+        "libopenssl",
         "librkpd_client",
         "librustutils",
         "libvmclient",
@@ -46,7 +47,6 @@
         "libserde_xml_rs",
         "libservice_vm_comm",
         "libservice_vm_manager",
-        "libx509_parser",
     ],
     apex_available: ["com.android.virt"],
 }

diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index 80d4725..a1a1fb9 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs

@@ -54,7 +54,7 @@
 use tombstoned_client::{DebuggerdDumpType, TombstonedConnection};
 use vsock::{VsockListener, VsockStream};
 use nix::unistd::{chown, Uid};
-use x509_parser::{traits::FromDer, certificate::X509Certificate};
+use openssl::x509::X509;
 
 /// The unique ID of a VM used (together with a port number) for vsock communication.
 pub type Cid = u32;
@@ -313,10 +313,10 @@
 fn split_x509_certificate_chain(mut cert_chain: &[u8]) -> Result<Vec<Certificate>> {
     let mut out = Vec::new();
     while !cert_chain.is_empty() {
-        let (remaining, _) = X509Certificate::from_der(cert_chain)?;
-        let end = cert_chain.len() - remaining.len();
+        let cert = X509::from_der(cert_chain)?;
+        let end = cert.to_der()?.len();
         out.push(Certificate { encodedCertificate: cert_chain[..end].to_vec() });
-        cert_chain = remaining;
+        cert_chain = &cert_chain[end..];
     }
     Ok(out)
 }
@@ -606,8 +606,8 @@
 
         assert_eq!(4, cert_chain.len());
         for cert in cert_chain {
-            let (remaining, _) = X509Certificate::from_der(&cert.encodedCertificate)?;
-            assert!(remaining.is_empty());
+            let x509_cert = X509::from_der(&cert.encodedCertificate)?;
+            assert_eq!(x509_cert.to_der()?.len(), cert.encodedCertificate.len());
         }
         Ok(())
     }