From 275fce8a2ca45e640abf451552dd1bdbbc0cb54c Mon Sep 17 00:00:00 2001
From: Selim Gurun <sgurun@google.com>
Date: Fri, 4 May 2012 13:36:50 -0700
Subject: Use private key context when necessary

Bug: 6249185

Due to recent changes to keystore, we cannot rely on encoded key
format anymore. Rather we receive the key context (a pointer to
private key really) and pass it to native openssl. We also keep
the original logic however.

Change-Id: Iefe9f0336dd5f47eec4222fcb6fec58807e7cac0
---
 core/java/android/webkit/BrowserFrame.java | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

(limited to 'core/java/android/webkit/BrowserFrame.java')

diff --git a/core/java/android/webkit/BrowserFrame.java b/core/java/android/webkit/BrowserFrame.java
index c169de4cd69a..fe812af3f451 100644
--- a/core/java/android/webkit/BrowserFrame.java
+++ b/core/java/android/webkit/BrowserFrame.java
@@ -56,6 +56,8 @@ import java.util.Map;
 import java.util.Set;
 
 import org.apache.harmony.security.provider.cert.X509CertImpl;
+import org.apache.harmony.xnet.provider.jsse.OpenSSLDSAPrivateKey;
+import org.apache.harmony.xnet.provider.jsse.OpenSSLRSAPrivateKey;
 
 class BrowserFrame extends Handler {
 
@@ -1104,12 +1106,23 @@ class BrowserFrame extends Handler {
         SslClientCertLookupTable table = SslClientCertLookupTable.getInstance();
         if (table.IsAllowed(hostAndPort)) {
             // previously allowed
-            nativeSslClientCert(handle,
-                                table.PrivateKey(hostAndPort),
-                                table.CertificateChain(hostAndPort));
+            PrivateKey pkey = table.PrivateKey(hostAndPort);
+            if (pkey instanceof OpenSSLRSAPrivateKey) {
+                nativeSslClientCert(handle,
+                                    ((OpenSSLRSAPrivateKey)pkey).getPkeyContext(),
+                                    table.CertificateChain(hostAndPort));
+            } else if (pkey instanceof OpenSSLDSAPrivateKey) {
+                nativeSslClientCert(handle,
+                                    ((OpenSSLDSAPrivateKey)pkey).getPkeyContext(),
+                                    table.CertificateChain(hostAndPort));
+            } else {
+                nativeSslClientCert(handle,
+                                    pkey.getEncoded(),
+                                    table.CertificateChain(hostAndPort));
+            }
         } else if (table.IsDenied(hostAndPort)) {
             // previously denied
-            nativeSslClientCert(handle, null, null);
+            nativeSslClientCert(handle, 0, null);
         } else {
             // previously ignored or new
             mCallbackProxy.onReceivedClientCertRequest(
@@ -1296,7 +1309,11 @@ class BrowserFrame extends Handler {
     private native void nativeSslCertErrorCancel(int handle, int certError);
 
     native void nativeSslClientCert(int handle,
-                                    byte[] pkcs8EncodedPrivateKey,
+                                    int ctx,
+                                    byte[][] asn1DerEncodedCertificateChain);
+
+    native void nativeSslClientCert(int handle,
+                                    byte[] pkey,
                                     byte[][] asn1DerEncodedCertificateChain);
 
     /**
-- 
cgit v1.2.3