From 275fce8a2ca45e640abf451552dd1bdbbc0cb54c Mon Sep 17 00:00:00 2001 From: Selim Gurun Date: Fri, 4 May 2012 13:36:50 -0700 Subject: Use private key context when necessary Bug: 6249185 Due to recent changes to keystore, we cannot rely on encoded key format anymore. Rather we receive the key context (a pointer to private key really) and pass it to native openssl. We also keep the original logic however. Change-Id: Iefe9f0336dd5f47eec4222fcb6fec58807e7cac0 --- .../android/webkit/ClientCertRequestHandler.java | 51 +++++++++++++++++----- 1 file changed, 39 insertions(+), 12 deletions(-) (limited to 'core/java/android/webkit/ClientCertRequestHandler.java') diff --git a/core/java/android/webkit/ClientCertRequestHandler.java b/core/java/android/webkit/ClientCertRequestHandler.java index f86261305559..6570a9b8ad4c 100644 --- a/core/java/android/webkit/ClientCertRequestHandler.java +++ b/core/java/android/webkit/ClientCertRequestHandler.java @@ -21,6 +21,8 @@ import java.security.PrivateKey; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import org.apache.harmony.xnet.provider.jsse.NativeCrypto; +import org.apache.harmony.xnet.provider.jsse.OpenSSLDSAPrivateKey; +import org.apache.harmony.xnet.provider.jsse.OpenSSLRSAPrivateKey; /** * ClientCertRequestHandler: class responsible for handling client @@ -50,33 +52,58 @@ public final class ClientCertRequestHandler extends Handler { * Proceed with the specified private key and client certificate chain. */ public void proceed(PrivateKey privateKey, X509Certificate[] chain) { - final byte[] privateKeyBytes = privateKey.getEncoded(); - final byte[][] chainBytes; try { - chainBytes = NativeCrypto.encodeCertificates(chain); - mTable.Allow(mHostAndPort, privateKeyBytes, chainBytes); - post(new Runnable() { - public void run() { - mBrowserFrame.nativeSslClientCert(mHandle, privateKeyBytes, chainBytes); - } - }); + byte[][] chainBytes = NativeCrypto.encodeCertificates(chain); + mTable.Allow(mHostAndPort, privateKey, chainBytes); + + if (privateKey instanceof OpenSSLRSAPrivateKey) { + setSslClientCertFromCtx(((OpenSSLRSAPrivateKey)privateKey).getPkeyContext(), + chainBytes); + } else if (privateKey instanceof OpenSSLDSAPrivateKey) { + setSslClientCertFromCtx(((OpenSSLDSAPrivateKey)privateKey).getPkeyContext(), + chainBytes); + } else { + setSslClientCertFromPKCS8(privateKey.getEncoded(),chainBytes); + } } catch (CertificateEncodingException e) { post(new Runnable() { public void run() { - mBrowserFrame.nativeSslClientCert(mHandle, null, null); + mBrowserFrame.nativeSslClientCert(mHandle, 0, null); return; } }); } } + /** + * Proceed with the specified private key bytes and client certificate chain. + */ + private void setSslClientCertFromCtx(final int ctx, final byte[][] chainBytes) { + post(new Runnable() { + public void run() { + mBrowserFrame.nativeSslClientCert(mHandle, ctx, chainBytes); + } + }); + } + + /** + * Proceed with the specified private key context and client certificate chain. + */ + private void setSslClientCertFromPKCS8(final byte[] key, final byte[][] chainBytes) { + post(new Runnable() { + public void run() { + mBrowserFrame.nativeSslClientCert(mHandle, key, chainBytes); + } + }); + } + /** * Igore the request for now, the user may be prompted again. */ public void ignore() { post(new Runnable() { public void run() { - mBrowserFrame.nativeSslClientCert(mHandle, null, null); + mBrowserFrame.nativeSslClientCert(mHandle, 0, null); } }); } @@ -88,7 +115,7 @@ public final class ClientCertRequestHandler extends Handler { mTable.Deny(mHostAndPort); post(new Runnable() { public void run() { - mBrowserFrame.nativeSslClientCert(mHandle, null, null); + mBrowserFrame.nativeSslClientCert(mHandle, 0, null); } }); } -- cgit v1.2.3