Use private key context when necessary

Bug: 6249185 Due to recent changes to keystore, we cannot rely on encoded key format anymore. Rather we receive the key context (a pointer to private key really) and pass it to native openssl. We also keep the original logic however. Change-Id: Iefe9f0336dd5f47eec4222fcb6fec58807e7cac0
author: Selim Gurun <sgurun@google.com> 2012-05-04 13:36:50 -0700
committer: Selim Gurun <sgurun@google.com> 2012-05-04 14:57:34 -0700
commit: 275fce8a2ca45e640abf451552dd1bdbbc0cb54c (patch)
tree: 362e1327b9669d3ec39360bdab98eca5e2424345 /core/java/android/webkit/ClientCertRequestHandler.java
parent: dd8412d4fb57fbf53b25460cda8458cdf9dfac07 (diff)
1 files changed, 39 insertions, 12 deletions
diff --git a/core/java/android/webkit/ClientCertRequestHandler.java b/core/java/android/webkit/ClientCertRequestHandler.java
index f86261305559..6570a9b8ad4c 100644
--- a/core/java/android/webkit/ClientCertRequestHandler.java
+++ b/core/java/android/webkit/ClientCertRequestHandler.java
@@ -21,6 +21,8 @@ import java.security.PrivateKey;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import org.apache.harmony.xnet.provider.jsse.NativeCrypto;
+import org.apache.harmony.xnet.provider.jsse.OpenSSLDSAPrivateKey;
+import org.apache.harmony.xnet.provider.jsse.OpenSSLRSAPrivateKey;
 
 /**
  * ClientCertRequestHandler: class responsible for handling client
@@ -50,20 +52,23 @@ public final class ClientCertRequestHandler extends Handler {
      * Proceed with the specified private key and client certificate chain.
      */
     public void proceed(PrivateKey privateKey, X509Certificate[] chain) {
-        final byte[] privateKeyBytes = privateKey.getEncoded();
-        final byte[][] chainBytes;
         try {
-            chainBytes = NativeCrypto.encodeCertificates(chain);
-            mTable.Allow(mHostAndPort, privateKeyBytes, chainBytes);
-            post(new Runnable() {
-                    public void run() {
-                        mBrowserFrame.nativeSslClientCert(mHandle, privateKeyBytes, chainBytes);
-                    }
-                });
+            byte[][] chainBytes = NativeCrypto.encodeCertificates(chain);
+            mTable.Allow(mHostAndPort, privateKey, chainBytes);
+
+            if (privateKey instanceof OpenSSLRSAPrivateKey) {
+                setSslClientCertFromCtx(((OpenSSLRSAPrivateKey)privateKey).getPkeyContext(),
+                           chainBytes);
+            } else if (privateKey instanceof OpenSSLDSAPrivateKey) {
+                setSslClientCertFromCtx(((OpenSSLDSAPrivateKey)privateKey).getPkeyContext(),
+                           chainBytes);
+            } else {
+                setSslClientCertFromPKCS8(privateKey.getEncoded(),chainBytes);
+            }
         } catch (CertificateEncodingException e) {
             post(new Runnable() {
                     public void run() {
-                        mBrowserFrame.nativeSslClientCert(mHandle, null, null);
+                        mBrowserFrame.nativeSslClientCert(mHandle, 0, null);
                         return;
                     }
                 });
@@ -71,12 +76,34 @@ public final class ClientCertRequestHandler extends Handler {
     }
 
     /**
+     * Proceed with the specified private key bytes and client certificate chain.
+     */
+    private void setSslClientCertFromCtx(final int ctx, final byte[][] chainBytes) {
+        post(new Runnable() {
+                public void run() {
+                    mBrowserFrame.nativeSslClientCert(mHandle, ctx, chainBytes);
+                }
+            });
+    }
+
+    /**
+     * Proceed with the specified private key context and client certificate chain.
+     */
+    private void setSslClientCertFromPKCS8(final byte[] key, final byte[][] chainBytes) {
+        post(new Runnable() {
+                public void run() {
+                    mBrowserFrame.nativeSslClientCert(mHandle, key, chainBytes);
+                }
+            });
+    }
+
+    /**
      * Igore the request for now, the user may be prompted again.
      */
     public void ignore() {
         post(new Runnable() {
                 public void run() {
-                    mBrowserFrame.nativeSslClientCert(mHandle, null, null);
+                    mBrowserFrame.nativeSslClientCert(mHandle, 0, null);
                 }
             });
     }
@@ -88,7 +115,7 @@ public final class ClientCertRequestHandler extends Handler {
         mTable.Deny(mHostAndPort);
         post(new Runnable() {
                 public void run() {
-                    mBrowserFrame.nativeSslClientCert(mHandle, null, null);
+                    mBrowserFrame.nativeSslClientCert(mHandle, 0, null);
                 }
             });
     }
author	Selim Gurun <sgurun@google.com>	2012-05-04 13:36:50 -0700
committer	Selim Gurun <sgurun@google.com>	2012-05-04 14:57:34 -0700
commit	275fce8a2ca45e640abf451552dd1bdbbc0cb54c (patch)
tree	362e1327b9669d3ec39360bdab98eca5e2424345 /core/java/android/webkit/ClientCertRequestHandler.java
parent	dd8412d4fb57fbf53b25460cda8458cdf9dfac07 (diff)