-
Notifications
You must be signed in to change notification settings - Fork 197
feat(moq-native): add platform TLS verifier selection #1960
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| package dev.moq | ||
|
|
||
| import android.content.Context | ||
|
|
||
| object PlatformTLS { | ||
| init { | ||
| System.loadLibrary("moq_ffi") | ||
| } | ||
|
|
||
| @JvmStatic | ||
| fun initialize(context: Context) { | ||
| initializeNative(context.applicationContext) | ||
| } | ||
|
|
||
| @JvmStatic | ||
| private external fun initializeNative(context: Context) | ||
| } |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| use jni::EnvUnowned; | ||
| use jni::errors::ThrowRuntimeExAndDefault; | ||
| use jni::objects::{JClass, JObject}; | ||
|
|
||
| #[unsafe(no_mangle)] | ||
| pub extern "system" fn Java_dev_moq_PlatformTLS_initializeNative<'local>( | ||
| mut env: EnvUnowned<'local>, | ||
| _class: JClass<'local>, | ||
| context: JObject<'local>, | ||
| ) { | ||
| env.with_env(|env| -> jni::errors::Result<()> { | ||
| rustls_platform_verifier::android::init_with_env(env, context)?; | ||
| Ok(()) | ||
| }) | ||
| .resolve::<ThrowRuntimeExAndDefault>(); | ||
| } |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -178,8 +178,15 @@ impl QuicheClient { | |
| Verification::Fingerprints(hashes) => { | ||
| builder = builder.with_server_certificate_hashes(hashes); | ||
| } | ||
| Verification::Roots(roots) => { | ||
| builder = builder.with_root_certificates(roots); | ||
| Verification::Roots { certs, .. } => { | ||
| if !certs.is_empty() { | ||
| builder = builder.with_root_certificates(certs); | ||
| } | ||
|
Comment on lines
+181
to
+184
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🎯 Functional Correctness | 🟠 Major | 🏗️ Heavy lift Do not silently drop
🤖 Prompt for AI Agents |
||
| } | ||
| Verification::Platform => { | ||
| return Err(Error::Tls(crate::tls::Error::PlatformVerifierUnsupported( | ||
| "quiche backend", | ||
| ))); | ||
| } | ||
| } | ||
|
|
||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
Repository: moq-dev/moq
Length of output: 149
🏁 Script executed:
Repository: moq-dev/moq
Length of output: 21397
🏁 Script executed:
Repository: moq-dev/moq
Length of output: 2135
🏁 Script executed:
Repository: moq-dev/moq
Length of output: 8887
🌐 Web query:
rustls-platform-verifier-android Maven Central published rustls-platform-verifier 0.1.1💡 Result:
The crate rustls-platform-verifier-android version 0.1.1 is published on crates.io [1], not Maven Central [2][3]. It serves as an internal implementation detail for the rustls-platform-verifier Rust crate to provide necessary Kotlin/JVM components for Android certificate validation [4][1]. Because it is not available on Maven Central, the project uses a mechanism where the Android components are bundled within the Rust crate [5][4]. To integrate this in an Android project, developers typically use a provided Gradle script helper [2][6]. This script works by locating the downloaded crate on the local file system (where Cargo stores it), identifying the internal Maven-compatible directory structure contained within that crate, and registering it as a local Maven repository for the Gradle build [2][5][6]. This allows the build system to treat the local files as a Maven dependency without the need for the artifact to be hosted on a public repository like Maven Central [4][6].
Citations:
🏁 Script executed:
Repository: moq-dev/moq
Length of output: 8654
🏁 Script executed:
Repository: moq-dev/moq
Length of output: 7118
🏁 Script executed:
Repository: moq-dev/moq
Length of output: 1786
Add the rustls Android repository for this dependency.
mavenCentral()/google()don’t providerustls:rustls-platform-verifier:0.1.1, so thisimplementation(...)needs the custom on-disk repo wired in somewhere in the Gradle setup.🤖 Prompt for AI Agents