Fix certificate and keychain installation on Android.

chrome/browser/chrome_content_browser_client.cc

Index: chrome/browser/chrome_content_browser_client.cc
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
index 5bd42719e839884bf46ee5381b43f25889619ec6..ed73cacdb3ac860e6b2c96503c36ae3d71d7f8aa 100644
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -100,6 +100,7 @@
 #include "content/public/common/content_descriptors.h"
 #include "grit/generated_resources.h"
 #include "grit/ui_resources.h"
+#include "net/base/mime_util.h"
 #include "net/base/ssl_cert_request_info.h"
 #include "net/cookies/canonical_cookie.h"
 #include "net/cookies/cookie_options.h"
@@ -122,6 +123,7 @@
 #elif defined(OS_ANDROID)
 #include "chrome/browser/chrome_browser_main_android.h"
 #include "chrome/common/descriptors_android.h"
+#include "net/android/network_library.h"
 #elif defined(OS_POSIX)
 #include "chrome/browser/chrome_browser_main_posix.h"
 #endif
@@ -1274,13 +1276,56 @@ void ChromeContentBrowserClient::SelectClientCertificate(
       network_session, cert_request_info, callback);
 }
 
-void ChromeContentBrowserClient::AddNewCertificate(
+void ChromeContentBrowserClient::AddCertificates(
     net::URLRequest* request,
-    net::X509Certificate* cert,
+    net::CertificateType cert_type,
+    const void* cert_data,
+    size_t cert_size,
     int render_process_id,
     int render_view_id) {
-  // The handler will run the UI and delete itself when it's finished.
-  new SSLAddCertHandler(request, cert, render_process_id, render_view_id);
+#ifdef OS_ANDROID

[Ryan Sleevi, 2012/11/13 19:37:50]

nit: #if defined(OS_ANDROID)

[digit1, 2012/11/15 17:42:14]

Done.

+  // Special case for Android here for several reasons:
+  //
+  // - The SSLAddCertHandler implementation currently only supports
+  //   CERTIFICATE_TYPE_X509_USER_CERT, but not other types, like
+  //   CERTIFICATE_TYPE_PKCS12_KEYCHAIN which are required on this
+  //   platform.
+  //
+  // - Besides, SSLAddCertHandler tries to parse the certificate
+  //   by calling net::CertDatabase::CheckUserCert() which is not
+  //   implemented on Android, mainly because there is no API
+  //   provided by the system to do that properly.
+  //
+  // - The Android CertInstaller activity will check the crypto files

[Ryan Sleevi, 2012/11/13 19:37:50]

nit: "crypto files"

[digit1, 2012/11/15 17:42:14]

Done.

+  //   and display a toast (small fading dialog) to the user if it is
+  //   not valid, so the UI stuff performed by SSLAddCertHandler would

[Ryan Sleevi, 2012/11/13 19:37:50]

nit: s/stuff//

[digit1, 2012/11/15 17:42:14]

Done.

+  //   be redundant.
+  if (cert_size > 0) {
+    // This launches a new activity which will run in a different process.
+    // It handles all user interaction, so no need to do anything in the
+    // browser UI thread here.
+    net::android::StoreCertificate(cert_type, cert_data, cert_size);
+  }
+  // Avoid compiler warnings.
+  (void)render_process_id;
+  (void)render_view_id;

[Ryan Sleevi, 2012/11/13 19:37:50]

I believe we have an ALLOW_UNUSED macro for this. FWIW

[digit1, 2012/11/15 17:42:14]

I believe it only works for local variable declarations. I've separated this in
two different function definitions instead.

+#else
+  // Chromium only supports X509 User certificates on other platforms.
+  // Note that this method should not be called for other certificate
+  // types. See net::GetCertificateTypeFromMimeType().
+  if (cert_type == net::CERTIFICATE_TYPE_X509_USER_CERT) {
+    scoped_refptr<net::X509Certificate> cert;
+    if (cert_data != NULL) {
+        cert = net::X509Certificate::CreateFromBytes(
+            reinterpret_cast<const char*>(cert_data), cert_size);
+    }
+    // NOTE: Passing a NULL cert pointer if |cert_data| was NULL is
+    // intentional here.
+
+    // The handler will run the UI and delete itself when it's finished.
+    new SSLAddCertHandler(request, cert, render_process_id, render_view_id);
+  }
+#endif
 }
 
 content::MediaObserver* ChromeContentBrowserClient::GetMediaObserver() {