Add reason to VerificationResult.PathValidationFailure

PiperOrigin-RevId: 800162358

Author: suzannajiwani

src/main/kotlin/Verifier.kt

@@ -45,7 +45,7 @@ sealed interface VerificationResult {
 
   data object ChallengeMismatch : VerificationResult
 
-  data object PathValidationFailure : VerificationResult
+  data class PathValidationFailure(val cause: CertPathValidatorException) : VerificationResult
 
   data object ChainParsingFailure : VerificationResult
 
@@ -118,7 +118,7 @@ open class Verifier(
       try {
         certPathValidator.validate(certPath, certPathParameters) as PKIXCertPathValidatorResult
       } catch (e: CertPathValidatorException) {
-        return VerificationResult.PathValidationFailure
+        return VerificationResult.PathValidationFailure(e)
       }
 
     val keyDescription =

src/test/kotlin/VerifierTest.kt

@@ -22,6 +22,7 @@ import com.android.keyattestation.verifier.testing.TestUtils.prodAnchors
 import com.android.keyattestation.verifier.testing.TestUtils.readCertPath
 import com.google.common.truth.Truth.assertThat
 import com.google.protobuf.ByteString
+import java.security.cert.PKIXReason
 import java.time.Instant
 import kotlin.test.assertIs
 import org.junit.Test
@@ -93,11 +94,13 @@ class VerifierTest {
 
   @Test
   fun verify_unexpectedRootKey_returnsPathValidationFailure() {
-    assertIs<VerificationResult.PathValidationFailure>(
-      verifier.verify(
-        CertLists.wrongTrustAnchor,
-        ChallengeMatcher(ByteString.copyFromUtf8("challenge")),
+    val result =
+      assertIs<VerificationResult.PathValidationFailure>(
+        verifier.verify(
+          CertLists.wrongTrustAnchor,
+          ChallengeMatcher(ByteString.copyFromUtf8("challenge")),
+        )
       )
-    )
+    assertThat(result.cause.reason).isEqualTo(PKIXReason.NO_TRUST_ANCHOR)
   }
 }