| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/ui/android/ssl_client_certificate_request.h" |
| 6 |
| 7 #include "base/android/jni_array.h" |
| 8 #include "base/android/jni_string.h" |
| 9 #include "base/android/scoped_java_ref.h" |
| 10 #include "base/logging.h" |
| 11 #include "content/public/browser/browser_thread.h" |
| 12 #include "jni/SSLClientCertificateRequest_jni.h" |
| 13 #include "net/base/host_port_pair.h" |
| 14 #include "net/base/ssl_cert_request_info.h" |
| 15 #include "net/base/ssl_client_cert_type.h" |
| 16 |
| 17 namespace chrome { |
| 18 namespace android { |
| 19 |
| 20 bool SSLClientCertificateRequest::Start( |
| 21 const net::SSLCertRequestInfo* cert_request_info) { |
| 22 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 23 JNIEnv* env = base::android::AttachCurrentThread(); |
| 24 |
| 25 // Build the |key_types| JNI parameter, as a String[] |
| 26 std::vector<std::string> key_types; |
| 27 for (size_t n = 0; n < cert_request_info->cert_key_types.size(); ++n) { |
| 28 switch (cert_request_info->cert_key_types[n]) { |
| 29 case net::CLIENT_CERT_RSA_SIGN: |
| 30 key_types.push_back("RSA"); |
| 31 break; |
| 32 case net::CLIENT_CERT_DSS_SIGN: |
| 33 key_types.push_back("DSA"); |
| 34 break; |
| 35 case net::CLIENT_CERT_ECDSA_SIGN: |
| 36 key_types.push_back("ECDSA"); |
| 37 break; |
| 38 default: |
| 39 // Ignore unknown types. |
| 40 break; |
| 41 } |
| 42 } |
| 43 ScopedJavaLocalRef<jobjectArray> key_types_ref = |
| 44 base::android::ToJavaArrayOfStrings(env, key_types); |
| 45 if (key_types_ref.is_null()) { |
| 46 LOG(ERROR) << "Could not create key types array (String[])"; |
| 47 return false; |
| 48 } |
| 49 |
| 50 // Build the |encoded_principals| JNI parameter, as a byte[][] |
| 51 ScopedJavaLocalRef<jobjectArray> principals_ref = |
| 52 base::android::ToJavaArrayOfByteArray( |
| 53 env, cert_request_info->cert_authorities); |
| 54 if (principals_ref.is_null()) { |
| 55 LOG(ERROR) << "Could not create principals array (byte[][])"; |
| 56 return false; |
| 57 } |
| 58 |
| 59 // Build the |host_name| and |port| JNI parameters, as a String and |
| 60 // a jint. |
| 61 net::HostPortPair host_and_port = |
| 62 net::HostPortPair::FromString(cert_request_info->host_and_port); |
| 63 |
| 64 ScopedJavaLocalRef<jstring> host_name_ref = |
| 65 base::android::ConvertUTF8ToJavaString(env, host_and_port.host()); |
| 66 if (host_name_ref.is_null()) { |
| 67 LOG(ERROR) << "Could not extract host name from: '" |
| 68 << cert_request_info->host_and_port << "'"; |
| 69 return false; |
| 70 } |
| 71 |
| 72 jint port = host_and_port.port(); |
| 73 if (port <= 0 || port > 65535) { |
| 74 LOG(ERROR) << "Invalid port number in: " |
| 75 << cert_request_info->host_and_port << "'"; |
| 76 return false; |
| 77 } |
| 78 |
| 79 // Convert the request's address into a pointer that will be passed |
| 80 // to the Java method through JNI. |
| 81 jint request_id = reinterpret_cast<jint>(this); |
| 82 |
| 83 if (!Java_SSLClientCertificateRequest_selectClientCertificate( |
| 84 env, request_id, key_types_ref.obj(), principals_ref.obj(), |
| 85 host_name_ref.obj(), port)) { |
| 86 return false; |
| 87 } |
| 88 |
| 89 // Ensure the request won't be destroyed until OnRequestCompletion is |
| 90 // called later in the future. |
| 91 this->AddRef(); |
| 92 return true; |
| 93 } |
| 94 |
| 95 // Called from JNI on request completion/result. |
| 96 // |env| is the current thread's JNIEnv. |
| 97 // |object| is the SSLClientCertificateRequest Java class reference. |
| 98 // |delegate_id| is the id passed to |
| 99 // Java_SSLClientCertificateRequest_selectClientCertificate() in Start(). |
| 100 // |encoded_chain_ref| is a JNI reference to a Java array of byte arrays, |
| 101 // each item holding a DER-encoded X.509 certificate. |
| 102 // |private_key_ref| is the platform PrivateKey object JNI reference for |
| 103 // the client certificate. |
| 104 // Note: both |encoded_chain_ref| and |private_key_ref| will be NULL if |
| 105 // the user didn't select a certificate. |
| 106 void SSLClientCertificateRequest::OnSystemRequestCompletion( |
| 107 JNIEnv* env, |
| 108 jobject object, |
| 109 jobjectArray encoded_chain_ref, |
| 110 jobject private_key_ref) { |
| 111 |
| 112 // Ensure that the request is released when the |
| 113 // function exits. Note that this also undoes the AddRef |
| 114 // from ::Start(). |
| 115 scoped_refptr<SSLClientCertificateRequest> guard(this); |
| 116 this->Release(); |
| 117 |
| 118 // When the request is cancelled by the user, just send NULL |
| 119 // to the callback immediately. |
| 120 if (private_key_ref == NULL || private_key_ref == NULL) { |
| 121 LOG(ERROR) << "Client certificate request cancelled"; |
| 122 OnCertificateSelected(NULL, NULL); |
| 123 return; |
| 124 } |
| 125 |
| 126 // Convert the encoded chain to a vector of strings. |
| 127 std::vector<std::string> encoded_chain_strings; |
| 128 if (encoded_chain_ref) { |
| 129 base::android::JavaArrayOfByteArrayToStringVector( |
| 130 env, encoded_chain_ref, &encoded_chain_strings); |
| 131 } |
| 132 |
| 133 std::vector<base::StringPiece> encoded_chain; |
| 134 for (size_t n = 0; n < encoded_chain_strings.size(); ++n) |
| 135 encoded_chain.push_back(encoded_chain_strings[n]); |
| 136 |
| 137 // Pass the results to the subclass. |
| 138 OnCertificateSelected(&encoded_chain, private_key_ref); |
| 139 } |
| 140 |
| 141 bool RegisterSSLClientCertificateRequestAndroid(JNIEnv* env) { |
| 142 return RegisterNativesImpl(env); |
| 143 } |
| 144 |
| 145 } // namespace android |
| 146 } // namespace chrome |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12374020:
Add Android support for SSL client authentication to the browser layer. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@client-cert-test