Implement android.webkit.BrowserFrame.requestClientCert

Following the example of reportSslCertError, implement requestClientCert

ERROR CASE                                              CLIENT CERT CASE
<... From external/webkit ...>                          <... From external/webkit ...>
android.webkit.BrowserFrame.reportSslCertError          android.webkit.BrowserFrame.requestClientCert
CallbackProxy.onReceivedSslError                        CallbackProxy.onReceivedClientCertRequest
WebViewClient.onReceivedSslError                        WebViewClient.onReceivedClientCertRequest
<... See packages/apps/Browser ...>                     <... See packages/apps/Browser ...>
SslErrorHandler.proceed (with SslCertLookupTable)       ClientCertRequestHandler.proceed (with SslClientCertLookupTable)
android.webkit.BrowserFrame.nativeSslCertErrorProceed   android.webkit.BrowserFrame.nativeSslClientCert
<... To external/webkit ...>                            <... To external/webkit ...>

Change-Id: I2ba6007ad9b2ee520a0a6b17f3a767679b1664de

1 files changed, 34 insertions, 1 deletions

diff --git a/core/java/android/webkit/BrowserFrame.java b/core/java/android/webkit/BrowserFrame.java
index 9f2fd12c99ca..2f4774f61e17 100644
--- a/core/java/android/webkit/BrowserFrame.java
+++ b/core/java/android/webkit/BrowserFrame.java
@@ -44,6 +44,9 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.lang.ref.WeakReference;
 import java.net.URLEncoder;
+import java.nio.charset.Charsets;
+import java.security.PrivateKey;
+import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -1141,7 +1144,7 @@ class BrowserFrame extends Handler {
     }
 
     /**
-     * Called by JNI when the native HTTP(S) stack gets an invalid cert chain.
+     * Called by JNI when the native HTTPS stack gets an invalid cert chain.
      *
      * We delegate the request to CallbackProxy, and route its response to
      * {@link #nativeSslCertErrorProceed(int)} or
@@ -1182,6 +1185,32 @@ class BrowserFrame extends Handler {
     }
 
     /**
+     * Called by JNI when the native HTTPS stack gets a client
+     * certificate request.
+     *
+     * We delegate the request to CallbackProxy, and route its response to
+     * {@link #nativeSslClientCert(int, X509Certificate)}.
+     */
+    private void requestClientCert(int handle, byte[] host_and_port_bytes) {
+        String host_and_port = new String(host_and_port_bytes, Charsets.UTF_8);
+        SslClientCertLookupTable table = SslClientCertLookupTable.getInstance();
+        if (table.IsAllowed(host_and_port)) {
+            // previously allowed
+            nativeSslClientCert(handle,
+                                table.PrivateKey(host_and_port),
+                                table.CertificateChain(host_and_port));
+        } else if (table.IsDenied(host_and_port)) {
+            // previously denied
+            nativeSslClientCert(handle, null, null);
+        } else {
+            // previously ignored or new
+            mCallbackProxy.onReceivedClientCertRequest(
+                    new ClientCertRequestHandler(this, handle, host_and_port, table),
+                    host_and_port);
+        }
+    }
+
+    /**
      * Called by JNI when the native HTTP stack needs to download a file.
      *
      * We delegate the request to CallbackProxy, which owns the current app's
@@ -1366,4 +1395,8 @@ class BrowserFrame extends Handler {
 
     private native void nativeSslCertErrorProceed(int handle);
     private native void nativeSslCertErrorCancel(int handle, int cert_error);
+
+    native void nativeSslClientCert(int handle,
+                                    byte[] pkcs8EncodedPrivateKey,
+                                    byte[][] asn1DerEncodedCertificateChain);
 }