CTVerifier.smali
.class public Lorg/conscrypt/ct/CTVerifier;
.super Ljava/lang/Object;
.source ""
# instance fields
.field private final store:Lorg/conscrypt/ct/CTLogStore;
# direct methods
.method public constructor <init>(Lorg/conscrypt/ct/CTLogStore;)V
.registers 2
invoke-direct {p0}, Ljava/lang/Object;-><init>()V
iput-object p1, p0, Lorg/conscrypt/ct/CTVerifier;->store:Lorg/conscrypt/ct/CTLogStore;
return-void
.end method
.method private getSCTsFromOCSPResponse([B[Lorg/conscrypt/OpenSSLX509Certificate;)Ljava/util/List;
.registers 13
.annotation system Ldalvik/annotation/Signature;
value = {
"([B[",
"Lorg/conscrypt/OpenSSLX509Certificate;",
")",
"Ljava/util/List<",
"Lorg/conscrypt/ct/SignedCertificateTimestamp;",
">;"
}
.end annotation
if-eqz p1, :cond_3b
array-length v0, p2
const/4 v1, 0x2
if-ge v0, v1, :cond_7
goto :goto_3b
:cond_7
const/4 v0, 0x0
aget-object v1, p2, v0
invoke-virtual {v1}, Lorg/conscrypt/OpenSSLX509Certificate;->getContext()J
move-result-wide v4
aget-object v6, p2, v0
const/4 v0, 0x1
aget-object v1, p2, v0
invoke-virtual {v1}, Lorg/conscrypt/OpenSSLX509Certificate;->getContext()J
move-result-wide v7
aget-object v9, p2, v0
const-string v3, "1.3.6.1.4.1.11129.2.4.5"
move-object v2, p1
invoke-static/range {v2 .. v9}, Lorg/conscrypt/NativeCrypto;->get_ocsp_single_extension([BLjava/lang/String;JLorg/conscrypt/OpenSSLX509Certificate;JLorg/conscrypt/OpenSSLX509Certificate;)[B
move-result-object p1
if-nez p1, :cond_27
invoke-static {}, Ljava/util/Collections;->emptyList()Ljava/util/List;
move-result-object p1
return-object p1
:cond_27
:try_start_27
invoke-static {p1}, Lorg/conscrypt/ct/Serialization;->readDEROctetString([B)[B
move-result-object p1
invoke-static {p1}, Lorg/conscrypt/ct/Serialization;->readDEROctetString([B)[B
move-result-object p1
sget-object p2, Lorg/conscrypt/ct/SignedCertificateTimestamp$Origin;->OCSP_RESPONSE:Lorg/conscrypt/ct/SignedCertificateTimestamp$Origin;
invoke-static {p1, p2}, Lorg/conscrypt/ct/CTVerifier;->getSCTsFromSCTList([BLorg/conscrypt/ct/SignedCertificateTimestamp$Origin;)Ljava/util/List;
move-result-object p1
:try_end_35
.catch Lorg/conscrypt/ct/SerializationException; {:try_start_27 .. :try_end_35} :catch_36
return-object p1
:catch_36
invoke-static {}, Ljava/util/Collections;->emptyList()Ljava/util/List;
move-result-object p1
return-object p1
:cond_3b
:goto_3b
invoke-static {}, Ljava/util/Collections;->emptyList()Ljava/util/List;
move-result-object p1
return-object p1
.end method
.method private static getSCTsFromSCTList([BLorg/conscrypt/ct/SignedCertificateTimestamp$Origin;)Ljava/util/List;
.registers 6
.annotation system Ldalvik/annotation/Signature;
value = {
"([B",
"Lorg/conscrypt/ct/SignedCertificateTimestamp$Origin;",
")",
"Ljava/util/List<",
"Lorg/conscrypt/ct/SignedCertificateTimestamp;",
">;"
}
.end annotation
if-nez p0, :cond_7
invoke-static {}, Ljava/util/Collections;->emptyList()Ljava/util/List;
move-result-object p0
return-object p0
:cond_7
const/4 v0, 0x2
:try_start_8
invoke-static {p0, v0, v0}, Lorg/conscrypt/ct/Serialization;->readList([BII)[[B
move-result-object p0
:try_end_c
.catch Lorg/conscrypt/ct/SerializationException; {:try_start_8 .. :try_end_c} :catch_22
new-instance v0, Ljava/util/ArrayList;
invoke-direct {v0}, Ljava/util/ArrayList;-><init>()V
array-length v1, p0
const/4 v2, 0x0
:goto_13
if-ge v2, v1, :cond_21
aget-object v3, p0, v2
:try_start_17
invoke-static {v3, p1}, Lorg/conscrypt/ct/SignedCertificateTimestamp;->decode([BLorg/conscrypt/ct/SignedCertificateTimestamp$Origin;)Lorg/conscrypt/ct/SignedCertificateTimestamp;
move-result-object v3
invoke-interface {v0, v3}, Ljava/util/List;->add(Ljava/lang/Object;)Z
:try_end_1e
.catch Lorg/conscrypt/ct/SerializationException; {:try_start_17 .. :try_end_1e} :catch_1e
:catch_1e
add-int/lit8 v2, v2, 0x1
goto :goto_13
:cond_21
return-object v0
:catch_22
invoke-static {}, Ljava/util/Collections;->emptyList()Ljava/util/List;
move-result-object p0
return-object p0
.end method
.method private getSCTsFromTLSExtension([B)Ljava/util/List;
.registers 3
.annotation system Ldalvik/annotation/Signature;
value = {
"([B)",
"Ljava/util/List<",
"Lorg/conscrypt/ct/SignedCertificateTimestamp;",
">;"
}
.end annotation
sget-object v0, Lorg/conscrypt/ct/SignedCertificateTimestamp$Origin;->TLS_EXTENSION:Lorg/conscrypt/ct/SignedCertificateTimestamp$Origin;
invoke-static {p1, v0}, Lorg/conscrypt/ct/CTVerifier;->getSCTsFromSCTList([BLorg/conscrypt/ct/SignedCertificateTimestamp$Origin;)Ljava/util/List;
move-result-object p1
return-object p1
.end method
.method private getSCTsFromX509Extension(Lorg/conscrypt/OpenSSLX509Certificate;)Ljava/util/List;
.registers 3
.annotation system Ldalvik/annotation/Signature;
value = {
"(",
"Lorg/conscrypt/OpenSSLX509Certificate;",
")",
"Ljava/util/List<",
"Lorg/conscrypt/ct/SignedCertificateTimestamp;",
">;"
}
.end annotation
const-string v0, "1.3.6.1.4.1.11129.2.4.2"
invoke-virtual {p1, v0}, Lorg/conscrypt/OpenSSLX509Certificate;->getExtensionValue(Ljava/lang/String;)[B
move-result-object p1
if-nez p1, :cond_d
invoke-static {}, Ljava/util/Collections;->emptyList()Ljava/util/List;
move-result-object p1
return-object p1
:cond_d
:try_start_d
invoke-static {p1}, Lorg/conscrypt/ct/Serialization;->readDEROctetString([B)[B
move-result-object p1
invoke-static {p1}, Lorg/conscrypt/ct/Serialization;->readDEROctetString([B)[B
move-result-object p1
sget-object v0, Lorg/conscrypt/ct/SignedCertificateTimestamp$Origin;->EMBEDDED:Lorg/conscrypt/ct/SignedCertificateTimestamp$Origin;
invoke-static {p1, v0}, Lorg/conscrypt/ct/CTVerifier;->getSCTsFromSCTList([BLorg/conscrypt/ct/SignedCertificateTimestamp$Origin;)Ljava/util/List;
move-result-object p1
:try_end_1b
.catch Lorg/conscrypt/ct/SerializationException; {:try_start_d .. :try_end_1b} :catch_1c
return-object p1
:catch_1c
invoke-static {}, Ljava/util/Collections;->emptyList()Ljava/util/List;
move-result-object p1
return-object p1
.end method
.method private markSCTsAsInvalid(Ljava/util/List;Lorg/conscrypt/ct/CTVerificationResult;)V
.registers 6
.annotation system Ldalvik/annotation/Signature;
value = {
"(",
"Ljava/util/List<",
"Lorg/conscrypt/ct/SignedCertificateTimestamp;",
">;",
"Lorg/conscrypt/ct/CTVerificationResult;",
")V"
}
.end annotation
invoke-interface {p1}, Ljava/util/List;->iterator()Ljava/util/Iterator;
move-result-object p1
:goto_4
invoke-interface {p1}, Ljava/util/Iterator;->hasNext()Z
move-result v0
if-eqz v0, :cond_1b
invoke-interface {p1}, Ljava/util/Iterator;->next()Ljava/lang/Object;
move-result-object v0
check-cast v0, Lorg/conscrypt/ct/SignedCertificateTimestamp;
new-instance v1, Lorg/conscrypt/ct/VerifiedSCT;
sget-object v2, Lorg/conscrypt/ct/VerifiedSCT$Status;->INVALID_SCT:Lorg/conscrypt/ct/VerifiedSCT$Status;
invoke-direct {v1, v0, v2}, Lorg/conscrypt/ct/VerifiedSCT;-><init>(Lorg/conscrypt/ct/SignedCertificateTimestamp;Lorg/conscrypt/ct/VerifiedSCT$Status;)V
invoke-virtual {p2, v1}, Lorg/conscrypt/ct/CTVerificationResult;->add(Lorg/conscrypt/ct/VerifiedSCT;)V
goto :goto_4
:cond_1b
return-void
.end method
.method private verifyEmbeddedSCTs(Ljava/util/List;[Lorg/conscrypt/OpenSSLX509Certificate;Lorg/conscrypt/ct/CTVerificationResult;)V
.registers 7
.annotation system Ldalvik/annotation/Signature;
value = {
"(",
"Ljava/util/List<",
"Lorg/conscrypt/ct/SignedCertificateTimestamp;",
">;[",
"Lorg/conscrypt/OpenSSLX509Certificate;",
"Lorg/conscrypt/ct/CTVerificationResult;",
")V"
}
.end annotation
invoke-interface {p1}, Ljava/util/List;->isEmpty()Z
move-result v0
if-eqz v0, :cond_7
return-void
:cond_7
const/4 v0, 0x0
array-length v1, p2
const/4 v2, 0x2
if-lt v1, v2, :cond_18
const/4 v1, 0x0
aget-object v1, p2, v1
const/4 v2, 0x1
aget-object p2, p2, v2
:try_start_12
invoke-static {v1, p2}, Lorg/conscrypt/ct/CertificateEntry;->createForPrecertificate(Lorg/conscrypt/OpenSSLX509Certificate;Lorg/conscrypt/OpenSSLX509Certificate;)Lorg/conscrypt/ct/CertificateEntry;
move-result-object v0
:try_end_16
.catch Ljava/security/cert/CertificateException; {:try_start_12 .. :try_end_16} :catch_17
goto :goto_18
:catch_17
nop
:cond_18
:goto_18
if-nez v0, :cond_1e
invoke-direct {p0, p1, p3}, Lorg/conscrypt/ct/CTVerifier;->markSCTsAsInvalid(Ljava/util/List;Lorg/conscrypt/ct/CTVerificationResult;)V
return-void
:cond_1e
invoke-interface {p1}, Ljava/util/List;->iterator()Ljava/util/Iterator;
move-result-object p1
:goto_22
invoke-interface {p1}, Ljava/util/Iterator;->hasNext()Z
move-result p2
if-eqz p2, :cond_3b
invoke-interface {p1}, Ljava/util/Iterator;->next()Ljava/lang/Object;
move-result-object p2
check-cast p2, Lorg/conscrypt/ct/SignedCertificateTimestamp;
invoke-direct {p0, p2, v0}, Lorg/conscrypt/ct/CTVerifier;->verifySingleSCT(Lorg/conscrypt/ct/SignedCertificateTimestamp;Lorg/conscrypt/ct/CertificateEntry;)Lorg/conscrypt/ct/VerifiedSCT$Status;
move-result-object v1
new-instance v2, Lorg/conscrypt/ct/VerifiedSCT;
invoke-direct {v2, p2, v1}, Lorg/conscrypt/ct/VerifiedSCT;-><init>(Lorg/conscrypt/ct/SignedCertificateTimestamp;Lorg/conscrypt/ct/VerifiedSCT$Status;)V
invoke-virtual {p3, v2}, Lorg/conscrypt/ct/CTVerificationResult;->add(Lorg/conscrypt/ct/VerifiedSCT;)V
goto :goto_22
:cond_3b
return-void
.end method
.method private verifyExternalSCTs(Ljava/util/List;Lorg/conscrypt/OpenSSLX509Certificate;Lorg/conscrypt/ct/CTVerificationResult;)V
.registers 7
.annotation system Ldalvik/annotation/Signature;
value = {
"(",
"Ljava/util/List<",
"Lorg/conscrypt/ct/SignedCertificateTimestamp;",
">;",
"Lorg/conscrypt/OpenSSLX509Certificate;",
"Lorg/conscrypt/ct/CTVerificationResult;",
")V"
}
.end annotation
invoke-interface {p1}, Ljava/util/List;->isEmpty()Z
move-result v0
if-eqz v0, :cond_7
return-void
:cond_7
:try_start_7
invoke-static {p2}, Lorg/conscrypt/ct/CertificateEntry;->createForX509Certificate(Ljava/security/cert/X509Certificate;)Lorg/conscrypt/ct/CertificateEntry;
move-result-object p2
:try_end_b
.catch Ljava/security/cert/CertificateException; {:try_start_7 .. :try_end_b} :catch_29
invoke-interface {p1}, Ljava/util/List;->iterator()Ljava/util/Iterator;
move-result-object p1
:goto_f
invoke-interface {p1}, Ljava/util/Iterator;->hasNext()Z
move-result v0
if-eqz v0, :cond_28
invoke-interface {p1}, Ljava/util/Iterator;->next()Ljava/lang/Object;
move-result-object v0
check-cast v0, Lorg/conscrypt/ct/SignedCertificateTimestamp;
invoke-direct {p0, v0, p2}, Lorg/conscrypt/ct/CTVerifier;->verifySingleSCT(Lorg/conscrypt/ct/SignedCertificateTimestamp;Lorg/conscrypt/ct/CertificateEntry;)Lorg/conscrypt/ct/VerifiedSCT$Status;
move-result-object v1
new-instance v2, Lorg/conscrypt/ct/VerifiedSCT;
invoke-direct {v2, v0, v1}, Lorg/conscrypt/ct/VerifiedSCT;-><init>(Lorg/conscrypt/ct/SignedCertificateTimestamp;Lorg/conscrypt/ct/VerifiedSCT$Status;)V
invoke-virtual {p3, v2}, Lorg/conscrypt/ct/CTVerificationResult;->add(Lorg/conscrypt/ct/VerifiedSCT;)V
goto :goto_f
:cond_28
return-void
:catch_29
invoke-direct {p0, p1, p3}, Lorg/conscrypt/ct/CTVerifier;->markSCTsAsInvalid(Ljava/util/List;Lorg/conscrypt/ct/CTVerificationResult;)V
return-void
.end method
.method private verifySingleSCT(Lorg/conscrypt/ct/SignedCertificateTimestamp;Lorg/conscrypt/ct/CertificateEntry;)Lorg/conscrypt/ct/VerifiedSCT$Status;
.registers 5
iget-object v0, p0, Lorg/conscrypt/ct/CTVerifier;->store:Lorg/conscrypt/ct/CTLogStore;
invoke-virtual {p1}, Lorg/conscrypt/ct/SignedCertificateTimestamp;->getLogID()[B
move-result-object v1
invoke-interface {v0, v1}, Lorg/conscrypt/ct/CTLogStore;->getKnownLog([B)Lorg/conscrypt/ct/CTLogInfo;
move-result-object v0
if-nez v0, :cond_f
sget-object p1, Lorg/conscrypt/ct/VerifiedSCT$Status;->UNKNOWN_LOG:Lorg/conscrypt/ct/VerifiedSCT$Status;
return-object p1
:cond_f
invoke-virtual {v0, p1, p2}, Lorg/conscrypt/ct/CTLogInfo;->verifySingleSCT(Lorg/conscrypt/ct/SignedCertificateTimestamp;Lorg/conscrypt/ct/CertificateEntry;)Lorg/conscrypt/ct/VerifiedSCT$Status;
move-result-object p1
return-object p1
.end method
# virtual methods
.method public verifySignedCertificateTimestamps(Ljava/util/List;[B[B)Lorg/conscrypt/ct/CTVerificationResult;
.registers 8
.annotation system Ldalvik/annotation/Signature;
value = {
"(",
"Ljava/util/List<",
"Ljava/security/cert/X509Certificate;",
">;[B[B)",
"Lorg/conscrypt/ct/CTVerificationResult;"
}
.end annotation
invoke-interface {p1}, Ljava/util/List;->size()I
move-result v0
new-array v0, v0, [Lorg/conscrypt/OpenSSLX509Certificate;
invoke-interface {p1}, Ljava/util/List;->iterator()Ljava/util/Iterator;
move-result-object p1
const/4 v1, 0x0
:goto_b
invoke-interface {p1}, Ljava/util/Iterator;->hasNext()Z
move-result v2
if-eqz v2, :cond_21
invoke-interface {p1}, Ljava/util/Iterator;->next()Ljava/lang/Object;
move-result-object v2
check-cast v2, Ljava/security/cert/X509Certificate;
add-int/lit8 v3, v1, 0x1
invoke-static {v2}, Lorg/conscrypt/OpenSSLX509Certificate;->fromCertificate(Ljava/security/cert/Certificate;)Lorg/conscrypt/OpenSSLX509Certificate;
move-result-object v2
aput-object v2, v0, v1
move v1, v3
goto :goto_b
:cond_21
invoke-virtual {p0, v0, p2, p3}, Lorg/conscrypt/ct/CTVerifier;->verifySignedCertificateTimestamps([Lorg/conscrypt/OpenSSLX509Certificate;[B[B)Lorg/conscrypt/ct/CTVerificationResult;
move-result-object p1
return-object p1
.end method
.method public verifySignedCertificateTimestamps([Lorg/conscrypt/OpenSSLX509Certificate;[B[B)Lorg/conscrypt/ct/CTVerificationResult;
.registers 7
array-length v0, p1
if-eqz v0, :cond_23
const/4 v0, 0x0
aget-object v1, p1, v0
new-instance v2, Lorg/conscrypt/ct/CTVerificationResult;
invoke-direct {v2}, Lorg/conscrypt/ct/CTVerificationResult;-><init>()V
invoke-direct {p0, p2}, Lorg/conscrypt/ct/CTVerifier;->getSCTsFromTLSExtension([B)Ljava/util/List;
move-result-object p2
invoke-direct {p0, p2, v1, v2}, Lorg/conscrypt/ct/CTVerifier;->verifyExternalSCTs(Ljava/util/List;Lorg/conscrypt/OpenSSLX509Certificate;Lorg/conscrypt/ct/CTVerificationResult;)V
invoke-direct {p0, p3, p1}, Lorg/conscrypt/ct/CTVerifier;->getSCTsFromOCSPResponse([B[Lorg/conscrypt/OpenSSLX509Certificate;)Ljava/util/List;
move-result-object p2
invoke-direct {p0, p2, v1, v2}, Lorg/conscrypt/ct/CTVerifier;->verifyExternalSCTs(Ljava/util/List;Lorg/conscrypt/OpenSSLX509Certificate;Lorg/conscrypt/ct/CTVerificationResult;)V
aget-object p2, p1, v0
invoke-direct {p0, p2}, Lorg/conscrypt/ct/CTVerifier;->getSCTsFromX509Extension(Lorg/conscrypt/OpenSSLX509Certificate;)Ljava/util/List;
move-result-object p2
invoke-direct {p0, p2, p1, v2}, Lorg/conscrypt/ct/CTVerifier;->verifyEmbeddedSCTs(Ljava/util/List;[Lorg/conscrypt/OpenSSLX509Certificate;Lorg/conscrypt/ct/CTVerificationResult;)V
return-object v2
:cond_23
new-instance p1, Ljava/lang/IllegalArgumentException;
const-string p2, "Chain of certificates mustn\'t be empty."
invoke-direct {p1, p2}, Ljava/lang/IllegalArgumentException;-><init>(Ljava/lang/String;)V
throw p1
.end method