NativeCrypto: adjust BasicConstraints check

OpenSSL checks KeyUsage for "Certificate Signing" when checking for a
CA, but Java just specifies that the getBasicConstraints call only looks
at the BasicConstraints itself.

Bug: 8488314
Change-Id: I072cd2e9f1a9295a717f7587817149200113c65f

3 files changed, 3 insertions, 19 deletions

diff --git a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
index dfc512f..9991af4 100644
--- a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
+++ b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
@@ -419,8 +419,6 @@ public final class NativeCrypto {
 
     public static native String[] get_X509_ex_xkusage(long x509ctx);
 
-    public static native int X509_check_ca(long x509ctx);
-
     public static native int get_X509_ex_pathlen(long x509ctx);
 
     public static native long X509_get_notBefore(long x509ctx);
@@ -441,6 +439,8 @@ public final class NativeCrypto {
 
     // --- X509 EXFLAG ---------------------------------------------------------
 
+    public static final int EXFLAG_CA = 0x10;
+
     public static final int EXFLAG_CRITICAL = 0x200;
 
     // --- PKCS7 ---------------------------------------------------------------
diff --git a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLX509Certificate.java b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLX509Certificate.java
index af960d5..1f48001 100644
--- a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLX509Certificate.java
+++ b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLX509Certificate.java
@@ -309,7 +309,7 @@ public class OpenSSLX509Certificate extends X509Certificate {
 
     @Override
     public int getBasicConstraints() {
-        if (NativeCrypto.X509_check_ca(mContext) != 1) {
+        if ((NativeCrypto.get_X509_ex_flags(mContext) & NativeCrypto.EXFLAG_CA) == 0) {
             return -1;
         }
 
diff --git a/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp b/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
index 0921d8b..d9b7675 100644
--- a/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
+++ b/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
@@ -5170,21 +5170,6 @@ static jobjectArray NativeCrypto_get_X509_ex_xkusage(JNIEnv* env, jclass, jlong
     return exKeyUsage.release();
 }
 
-static jint NativeCrypto_X509_check_ca(JNIEnv* env, jclass, jlong x509Ref) {
-    X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref));
-    JNI_TRACE("X509_check_ca(%p)", x509);
-
-    if (x509 == NULL) {
-        jniThrowNullPointerException(env, "x509 == null");
-        JNI_TRACE("X509_check_ca(%p) => x509 == null", x509);
-        return 0;
-    }
-
-    int ret = X509_check_ca(x509);
-    JNI_TRACE("X509_check_ca(%p) => %d", x509, ret);
-    return ret;
-}
-
 static jint NativeCrypto_get_X509_ex_pathlen(JNIEnv* env, jclass, jlong x509Ref) {
     X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref));
     JNI_TRACE("get_X509_ex_pathlen(%p)", x509);
@@ -7919,7 +7904,6 @@ static JNINativeMethod sNativeCryptoMethods[] = {
     NATIVE_METHOD(NativeCrypto, get_X509_subjectUID, "(J)[Z"),
     NATIVE_METHOD(NativeCrypto, get_X509_ex_kusage, "(J)[Z"),
     NATIVE_METHOD(NativeCrypto, get_X509_ex_xkusage, "(J)[Ljava/lang/String;"),
-    NATIVE_METHOD(NativeCrypto, X509_check_ca, "(J)I"),
     NATIVE_METHOD(NativeCrypto, get_X509_ex_pathlen, "(J)I"),
     NATIVE_METHOD(NativeCrypto, X509_get_ext_oid, "(JLjava/lang/String;)[B"),
     NATIVE_METHOD(NativeCrypto, X509_CRL_get_ext_oid, "(JLjava/lang/String;)[B"),