diff options
Diffstat (limited to 'core/java/android')
| -rw-r--r-- | core/java/android/webkit/BrowserFrame.java | 27 | ||||
| -rw-r--r-- | core/java/android/webkit/ClientCertRequestHandler.java | 51 | ||||
| -rw-r--r-- | core/java/android/webkit/SslClientCertLookupTable.java | 9 |
3 files changed, 66 insertions, 21 deletions
diff --git a/core/java/android/webkit/BrowserFrame.java b/core/java/android/webkit/BrowserFrame.java index c169de4cd69a..fe812af3f451 100644 --- a/core/java/android/webkit/BrowserFrame.java +++ b/core/java/android/webkit/BrowserFrame.java @@ -56,6 +56,8 @@ import java.util.Map; import java.util.Set; import org.apache.harmony.security.provider.cert.X509CertImpl; +import org.apache.harmony.xnet.provider.jsse.OpenSSLDSAPrivateKey; +import org.apache.harmony.xnet.provider.jsse.OpenSSLRSAPrivateKey; class BrowserFrame extends Handler { @@ -1104,12 +1106,23 @@ class BrowserFrame extends Handler { SslClientCertLookupTable table = SslClientCertLookupTable.getInstance(); if (table.IsAllowed(hostAndPort)) { // previously allowed - nativeSslClientCert(handle, - table.PrivateKey(hostAndPort), - table.CertificateChain(hostAndPort)); + PrivateKey pkey = table.PrivateKey(hostAndPort); + if (pkey instanceof OpenSSLRSAPrivateKey) { + nativeSslClientCert(handle, + ((OpenSSLRSAPrivateKey)pkey).getPkeyContext(), + table.CertificateChain(hostAndPort)); + } else if (pkey instanceof OpenSSLDSAPrivateKey) { + nativeSslClientCert(handle, + ((OpenSSLDSAPrivateKey)pkey).getPkeyContext(), + table.CertificateChain(hostAndPort)); + } else { + nativeSslClientCert(handle, + pkey.getEncoded(), + table.CertificateChain(hostAndPort)); + } } else if (table.IsDenied(hostAndPort)) { // previously denied - nativeSslClientCert(handle, null, null); + nativeSslClientCert(handle, 0, null); } else { // previously ignored or new mCallbackProxy.onReceivedClientCertRequest( @@ -1296,7 +1309,11 @@ class BrowserFrame extends Handler { private native void nativeSslCertErrorCancel(int handle, int certError); native void nativeSslClientCert(int handle, - byte[] pkcs8EncodedPrivateKey, + int ctx, + byte[][] asn1DerEncodedCertificateChain); + + native void nativeSslClientCert(int handle, + byte[] pkey, byte[][] asn1DerEncodedCertificateChain); /** diff --git a/core/java/android/webkit/ClientCertRequestHandler.java b/core/java/android/webkit/ClientCertRequestHandler.java index f86261305559..6570a9b8ad4c 100644 --- a/core/java/android/webkit/ClientCertRequestHandler.java +++ b/core/java/android/webkit/ClientCertRequestHandler.java @@ -21,6 +21,8 @@ import java.security.PrivateKey; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import org.apache.harmony.xnet.provider.jsse.NativeCrypto; +import org.apache.harmony.xnet.provider.jsse.OpenSSLDSAPrivateKey; +import org.apache.harmony.xnet.provider.jsse.OpenSSLRSAPrivateKey; /** * ClientCertRequestHandler: class responsible for handling client @@ -50,20 +52,23 @@ public final class ClientCertRequestHandler extends Handler { * Proceed with the specified private key and client certificate chain. */ public void proceed(PrivateKey privateKey, X509Certificate[] chain) { - final byte[] privateKeyBytes = privateKey.getEncoded(); - final byte[][] chainBytes; try { - chainBytes = NativeCrypto.encodeCertificates(chain); - mTable.Allow(mHostAndPort, privateKeyBytes, chainBytes); - post(new Runnable() { - public void run() { - mBrowserFrame.nativeSslClientCert(mHandle, privateKeyBytes, chainBytes); - } - }); + byte[][] chainBytes = NativeCrypto.encodeCertificates(chain); + mTable.Allow(mHostAndPort, privateKey, chainBytes); + + if (privateKey instanceof OpenSSLRSAPrivateKey) { + setSslClientCertFromCtx(((OpenSSLRSAPrivateKey)privateKey).getPkeyContext(), + chainBytes); + } else if (privateKey instanceof OpenSSLDSAPrivateKey) { + setSslClientCertFromCtx(((OpenSSLDSAPrivateKey)privateKey).getPkeyContext(), + chainBytes); + } else { + setSslClientCertFromPKCS8(privateKey.getEncoded(),chainBytes); + } } catch (CertificateEncodingException e) { post(new Runnable() { public void run() { - mBrowserFrame.nativeSslClientCert(mHandle, null, null); + mBrowserFrame.nativeSslClientCert(mHandle, 0, null); return; } }); @@ -71,12 +76,34 @@ public final class ClientCertRequestHandler extends Handler { } /** + * Proceed with the specified private key bytes and client certificate chain. + */ + private void setSslClientCertFromCtx(final int ctx, final byte[][] chainBytes) { + post(new Runnable() { + public void run() { + mBrowserFrame.nativeSslClientCert(mHandle, ctx, chainBytes); + } + }); + } + + /** + * Proceed with the specified private key context and client certificate chain. + */ + private void setSslClientCertFromPKCS8(final byte[] key, final byte[][] chainBytes) { + post(new Runnable() { + public void run() { + mBrowserFrame.nativeSslClientCert(mHandle, key, chainBytes); + } + }); + } + + /** * Igore the request for now, the user may be prompted again. */ public void ignore() { post(new Runnable() { public void run() { - mBrowserFrame.nativeSslClientCert(mHandle, null, null); + mBrowserFrame.nativeSslClientCert(mHandle, 0, null); } }); } @@ -88,7 +115,7 @@ public final class ClientCertRequestHandler extends Handler { mTable.Deny(mHostAndPort); post(new Runnable() { public void run() { - mBrowserFrame.nativeSslClientCert(mHandle, null, null); + mBrowserFrame.nativeSslClientCert(mHandle, 0, null); } }); } diff --git a/core/java/android/webkit/SslClientCertLookupTable.java b/core/java/android/webkit/SslClientCertLookupTable.java index 630debd9cace..c52b7e867bc9 100644 --- a/core/java/android/webkit/SslClientCertLookupTable.java +++ b/core/java/android/webkit/SslClientCertLookupTable.java @@ -16,6 +16,7 @@ package android.webkit; +import java.security.PrivateKey; import java.util.HashMap; import java.util.HashSet; import java.util.Map; @@ -26,7 +27,7 @@ import java.util.Set; */ final class SslClientCertLookupTable { private static SslClientCertLookupTable sTable; - private final Map<String, byte[]> privateKeys; + private final Map<String, PrivateKey> privateKeys; private final Map<String, byte[][]> certificateChains; private final Set<String> denied; @@ -38,12 +39,12 @@ final class SslClientCertLookupTable { } private SslClientCertLookupTable() { - privateKeys = new HashMap<String, byte[]>(); + privateKeys = new HashMap<String, PrivateKey>(); certificateChains = new HashMap<String, byte[][]>(); denied = new HashSet<String>(); } - public void Allow(String host_and_port, byte[] privateKey, byte[][] chain) { + public void Allow(String host_and_port, PrivateKey privateKey, byte[][] chain) { privateKeys.put(host_and_port, privateKey); certificateChains.put(host_and_port, chain); denied.remove(host_and_port); @@ -63,7 +64,7 @@ final class SslClientCertLookupTable { return denied.contains(host_and_port); } - public byte[] PrivateKey(String host_and_port) { + public PrivateKey PrivateKey(String host_and_port) { return privateKeys.get(host_and_port); } |