[x509] Use openssl to parse x509 certificate chain
Removes the usages of x509-parser in virtualizationservice.
Test: atest virtualizationservice_test
Change-Id: Icf4ac4f54b1980254f74f6f3490afe39b07adb3e
diff --git a/virtualizationservice/Android.bp b/virtualizationservice/Android.bp
index 3f8d193..fa460ff 100644
--- a/virtualizationservice/Android.bp
+++ b/virtualizationservice/Android.bp
@@ -35,6 +35,7 @@
"liblibc",
"liblog_rust",
"libnix",
+ "libopenssl",
"librkpd_client",
"librustutils",
"libvmclient",
@@ -45,7 +46,6 @@
"libserde_xml_rs",
"libservice_vm_comm",
"libservice_vm_manager",
- "libx509_parser",
],
apex_available: ["com.android.virt"],
}
diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index 3ac1e60..e2b221e 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs
@@ -52,7 +52,7 @@
use tombstoned_client::{DebuggerdDumpType, TombstonedConnection};
use vsock::{VsockListener, VsockStream};
use nix::unistd::{chown, Uid};
-use x509_parser::{traits::FromDer, certificate::X509Certificate};
+use openssl::x509::X509;
/// The unique ID of a VM used (together with a port number) for vsock communication.
pub type Cid = u32;
@@ -303,10 +303,10 @@
fn split_x509_certificate_chain(mut cert_chain: &[u8]) -> Result<Vec<Certificate>> {
let mut out = Vec::new();
while !cert_chain.is_empty() {
- let (remaining, _) = X509Certificate::from_der(cert_chain)?;
- let end = cert_chain.len() - remaining.len();
+ let cert = X509::from_der(cert_chain)?;
+ let end = cert.to_der()?.len();
out.push(Certificate { encodedCertificate: cert_chain[..end].to_vec() });
- cert_chain = remaining;
+ cert_chain = &cert_chain[end..];
}
Ok(out)
}
@@ -599,8 +599,8 @@
assert_eq!(4, cert_chain.len());
for cert in cert_chain {
- let (remaining, _) = X509Certificate::from_der(&cert.encodedCertificate)?;
- assert!(remaining.is_empty());
+ let x509_cert = X509::from_der(&cert.encodedCertificate)?;
+ assert_eq!(x509_cert.to_der()?.len(), cert.encodedCertificate.len());
}
Ok(())
}