Add Android support for SSL client authentication to the browser layer.

chrome/browser/ui/android/ssl_client_certificate_request.h

Index: chrome/browser/ui/android/ssl_client_certificate_request.h
diff --git a/chrome/browser/ui/android/ssl_client_certificate_request.h b/chrome/browser/ui/android/ssl_client_certificate_request.h
new file mode 100644
index 0000000000000000000000000000000000000000..de71c77918993d844162ad75d229b1639c9246fc
--- /dev/null
+++ b/chrome/browser/ui/android/ssl_client_certificate_request.h
@@ -0,0 +1,107 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_UI_ANDROID_SSL_CLIENT_CERTIFICATE_REQUEST_H_
+#define CHROME_BROWSER_UI_ANDROID_SSL_CLIENT_CERTIFICATE_REQUEST_H_
+
+#include <jni.h>
+
+#include "base/android/scoped_java_ref.h"
+#include "base/basictypes.h"
+#include "base/memory/ref_counted.h"
+#include "base/string_piece.h"
+
+namespace net {
+class SSLCertRequestInfo;
+}  // namespace net
+
+namespace chrome {
+namespace android {
+
+// This is the C++ counterpart of the Java SSLClientCertificateRequest
+// class. Usage example:
+//
+//   1/ Create your own subclass and override the OnCertificateSelected()
+//      method.
+//
+//    class MyRequest : public SSLClientCertificateRequest {
+//      ...
+//      virtual void OnCertificateSelection(....) OVERRIDE;
+//      ...
+//    };
+//
+//   2/ Start an asynchronous client certificate on the UI thread with:
+//
+//     scoped_refptr<MyRequest> my_request(new MyRequest());
+//     if (!my_request->Start(cert_request_info)) {
+//       LOG(ERROR) << "Could not start client certificate selection";
+//       ...
+//     }
+//
+//   3/ Later, the UI thread will call back your request's
+//      OnCertificateSelected() method with the results.
+//
+// Note the following limitations, coming from the platform APIS:
+//
+//   - It's not possible to cancel a request once it has been started.
+//
+//   - Each request will launch a system activity which pauses the UI
+//     thread.
+//
+//   - If the user fails to select a certificate, fails to unlock access
+//     to the credential storage, or another error occurs, the
+//     OnCertificateSelected method is called with NULL parameters. There
+//     is no way to know exactly what happened though.
+//
+// This class must only be used on the UI thread.
+class SSLClientCertificateRequest
+    : public base::RefCounted<SSLClientCertificateRequest> {

[Ryan Sleevi, 2013/03/05 18:02:41]

It's still not clear to me at all that you need RefCounting to protect the
lifetime of this class. It's much clearer, and harder to misuse (since deriving
from RefCounting makes it part of the *public* interface), to simply have the
object clean up after itself (eg: "delete this")

[digit1, 2013/03/06 01:48:33]

I've experimented a little and could get rid of the refcounting entirely. I also
got rid of the SSLClientCertificateRequest class. See latest patch for details.

+ public:
+  SSLClientCertificateRequest() { }
+
+  // Launch an asynchronous client certificate system activity.
+  // |cert_request_info| holds the client certificate request details.
+  // Returns true on success, false otherwise. Note that failure only
+  // means that the system activity could not be launched.
+  // On success, this increments the delegate's reference count.
+  bool Start(const net::SSLCertRequestInfo* cert_request_info);
+
+  // Called to pass the result of client certificate selection.
+  // |encoded_chain| is the encoded selected client certificate chain,
+  // where each item is a DER-encoded X.509 certificate.
+  // |private_key| is local JNI reference to the platform's
+  // PrivateKey object for this certificate.
+  // Note: both parameters will be NULL to indicate the user didn't
+  // select a certificate.
+  virtual void OnCertificateSelected(
+      std::vector<base::StringPiece>* encoded_chain,
+      jobject private_key) = 0;
+
+  // INTERNAL USE ONLY: The only reason this method is public is to be
+  // called from the auto-generated JNI wrapper code. Do not use it.
+  // This is called by the system on the UI thread to pass the
+  // selected certificate. This function ends up calling
+  // OnCertificateSelected() after extracting the encoded chain from
+  // the corresponding JNI reference.
+  void OnSystemRequestCompletion(JNIEnv* env,
+                                 jobject object,
+                                 jobjectArray encoded_chain_ref,
+                                 jobject private_key_ref);
+
+ protected:
+  virtual ~SSLClientCertificateRequest() { }
+
+ private:
+  friend class base::RefCounted<SSLClientCertificateRequest>;
+
+  DISALLOW_COPY_AND_ASSIGN(SSLClientCertificateRequest);
+};
+
+// Register JNI methods.
+bool RegisterSSLClientCertificateRequestAndroid(JNIEnv* env);
+
+}  // namespace android
+}  // namespace chrome
+
+#endif  // CHROME_BROWSER_UI_ANDROID_SSL_CLIENT_CERTIFICATE_REQUEST_H_