Fix certificate and keychain installation on Android.

chrome/browser/chrome_content_browser_client.cc

Index: chrome/browser/chrome_content_browser_client.cc
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
index 677ab1f5bd7e5e336678ff0f004c181ea28d2404..61aa931f7639c41f49e408702509aba8dca08ede 100644
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -105,6 +105,7 @@
 #include "grit/generated_resources.h"
 #include "grit/ui_resources.h"
 #include "net/base/escape.h"
+#include "net/base/mime_util.h"
 #include "net/base/ssl_cert_request_info.h"
 #include "net/cookies/canonical_cookie.h"
 #include "net/cookies/cookie_options.h"
@@ -128,6 +129,7 @@
 #include "chrome/browser/android/crash_dump_manager.h"
 #include "chrome/browser/chrome_browser_main_android.h"
 #include "chrome/common/descriptors_android.h"
+#include "net/android/network_library.h"
 #elif defined(OS_POSIX)
 #include "chrome/browser/chrome_browser_main_posix.h"
 #endif
@@ -1311,14 +1313,62 @@ void ChromeContentBrowserClient::SelectClientCertificate(
       network_session, cert_request_info, callback);
 }
 
-void ChromeContentBrowserClient::AddNewCertificate(
+#if defined(OS_ANDROID)
+// Special case for Android here for several reasons:
+//
+// - The SSLAddCertHandler implementation currently only supports
+//   CERTIFICATE_TYPE_X509_USER_CERT, but not other types, like
+//   CERTIFICATE_TYPE_PKCS12_ARCHIVE which are required on this
+//   platform.
+//
+// - Besides, SSLAddCertHandler tries to parse the certificate
+//   by calling net::CertDatabase::CheckUserCert() which is not
+//   implemented on Android, mainly because there is no API
+//   provided by the system to do that properly.
+//
+// - The Android CertInstaller activity will check the certificate file
+//   and display a toast (small fading dialog) to the user if it is
+//   not valid, so the UI performed by SSLAddCertHandler would
+//   be redundant.
+void ChromeContentBrowserClient::AddCertificates(

[darin (slow to review), 2012/11/15 20:47:05]

nit: It seems like it would be good to move all of this code out into a helper
function somewhere, perhaps under chrome/browser/ssl/ that just provides a
AddCertificates function.  That way we avoid mucking up this file with platform
#ifdefs.

+    net::URLRequest* request,
+    net::CertificateType cert_type,
+    const void* cert_data,
+    size_t cert_size,
+    int /* render_process_id */,
+    int /* render_view_id */) {
+  if (cert_size > 0) {
+    // This launches a new activity which will run in a different process.
+    // It handles all user interaction, so no need to do anything in the
+    // browser UI thread here.
+    net::android::StoreCertificate(cert_type, cert_data, cert_size);
+  }
+}
+#else  // OS_ANDROID
+void ChromeContentBrowserClient::AddCertificates(
     net::URLRequest* request,
-    net::X509Certificate* cert,
+    net::CertificateType cert_type,
+    const void* cert_data,
+    size_t cert_size,
     int render_process_id,
     int render_view_id) {
-  // The handler will run the UI and delete itself when it's finished.
-  new SSLAddCertHandler(request, cert, render_process_id, render_view_id);
+  // Chromium only supports X.509 User certificates on other platforms.
+  // Note that this method should not be called for other certificate
+  // types. See net::GetCertificateTypeFromMimeType().
+  if (cert_type == net::CERTIFICATE_TYPE_X509_USER_CERT) {
+    scoped_refptr<net::X509Certificate> cert;
+    if (cert_data != NULL) {
+        cert = net::X509Certificate::CreateFromBytes(
+            reinterpret_cast<const char*>(cert_data), cert_size);
+    }
+    // NOTE: Passing a NULL cert pointer if |cert_data| was NULL is
+    // intentional here.
+
+    // The handler will run the UI and delete itself when it's finished.
+    new SSLAddCertHandler(request, cert, render_process_id, render_view_id);
+  }
 }
+#endif  // OS_ANDROID
 
 content::MediaObserver* ChromeContentBrowserClient::GetMediaObserver() {
   return MediaInternals::GetInstance();