Implement Webviewclient.onReceivedSslError

android_webview/java/src/org/chromium/android_webview/AwContents.java

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 package org.chromium.android_webview;
 
 import android.content.res.Configuration;
 import android.graphics.Bitmap;
 import android.graphics.Canvas;
 import android.graphics.Color;
 import android.graphics.Rect;
 import android.net.http.SslCertificate;
+import android.net.http.SslError;
 import android.os.AsyncTask;
 import android.os.Build;
 import android.os.Bundle;
 import android.os.Message;
 import android.text.TextUtils;
 import android.util.Log;
 import android.view.MotionEvent;
 import android.view.View;
 import android.view.ViewGroup;
 import android.webkit.GeolocationPermissions;
+import android.webkit.SslErrorHandler;
 import android.webkit.ValueCallback;
 
 import org.chromium.base.CalledByNative;
 import org.chromium.base.JNINamespace;
 import org.chromium.base.ThreadUtils;
 import org.chromium.content.browser.ContentSettings;
 import org.chromium.content.browser.ContentViewCore;
 import org.chromium.content.browser.LoadUrlParams;
 import org.chromium.content.browser.NavigationHistory;
 import org.chromium.content.browser.PageTransitionTypes;
@@ skipping 543 matching lines @@
             String password) {
         HttpAuthDatabase.getInstance(mContentViewCore.getContext())
                 .setHttpAuthUsernamePassword(host, realm, username, password);
     }
 
     /**
      * @see android.webkit.WebView#getCertificate()
      */
     public SslCertificate getCertificate() {
         if (mNativeAwContents == 0) return null;
-        byte[] derBytes = nativeGetCertificate(mNativeAwContents);
-        if (derBytes == null) {
-            return null;
-        }
-
-        try {
-            X509Certificate x509Certificate =
-                    X509Util.createCertificateFromBytes(derBytes);
-            return new SslCertificate(x509Certificate);
-        } catch (CertificateException e) {
-            // Intentional fall through
-            // A SSL related exception must have occured.  This shouldn't happen.
-            Log.w(TAG, "Could not read certificate: " + e);
-        } catch (KeyStoreException e) {
-            // Intentional fall through
-            // A SSL related exception must have occured.  This shouldn't happen.
-            Log.w(TAG, "Could not read certificate: " + e);
-        } catch (NoSuchAlgorithmException e) {
-            // Intentional fall through
-            // A SSL related exception must have occured.  This shouldn't happen.
-            Log.w(TAG, "Could not read certificate: " + e);
-        }
-        return null;
+        return getCertificateFromDerBytes(nativeGetCertificate(mNativeAwContents));
     }
 
     /**
      * Method to return all hit test values relevant to public WebView API.
      * Note that this expose more data than needed for WebView.getHitTestResult.
      * Unsafely returning reference to mutable internal object to avoid excessive
      * garbage allocation on repeated calls.
      */
     public HitTestData getLastHitTestResult() {
         if (mNativeAwContents == 0) return null;
@@ skipping 214 matching lines @@
             String path, long size, ValueCallback<String> callback) {
         if (callback == null) return;
         callback.onReceiveValue(size < 0 ? null : path);
     }
 
     @CalledByNative
     private void onReceivedHttpAuthRequest(AwHttpAuthHandler handler, String host, String realm) {
         mContentsClient.onReceivedHttpAuthRequest(handler, host, realm);
     }
 
+    // If returns true, the request is immediately canceled, and any call to proceedSslError
+    // has no effect. If returns false, the request should be canceled or proceeded using
+    // proceedSslError().
+    @CalledByNative
+    private boolean cancelCertificateError(int certError, byte[] derBytes, String url) {
+        SslCertificate cert = getCertificateFromDerBytes(derBytes);
+        if (cert == null) {
+            // if the certificate is null, cancel the request
+            return true;
+        }
+        final SslError sslError = SslError.SslErrorFromChromiumErrorCode(certError, cert, url);
+        if (SslCertLookupTable.getInstance().isAllowed(sslError)) {
+            proceedSslError(true);
+            return false;

[boliu, 2013/02/01 23:07:13]

so we are not doing this optimization?

[sgurun-gerrit only, 2013/02/02 01:01:10]

I think you mean why do we have to use the callback. We have to because
returning true is "no-op". :) see the method level comments. We cannot change
the semantics to mean such that returning false would mean "proceed".

On 2013/02/01 23:07:13, boliu wrote:

[boliu, 2013/02/02 01:10:42]

Can you just return true here without calling proceedSslError?

[sgurun-gerrit only, 2013/02/02 03:16:10]

Nop, it won't work (Please take a look at the place where AllowCertificateError
method call originates, we can chat later if you want to).

On 2013/02/02 01:10:42, boliu wrote:

+        }
+
+        SslErrorHandler handler = new SslErrorHandler() {
+            @Override
+            public void proceed() {
+                post(new Runnable() {
+                        @Override
+                        public void run() {
+                            SslCertLookupTable.getInstance().setIsAllowed(sslError);
+                            proceedSslError(true);
+                        }
+                    });
+            }
+            @Override
+            public void cancel() {
+                post(new Runnable() {
+                        @Override
+                        public void run() {
+                            proceedSslError(false);
+                        }
+                    });
+            }
+        };
+        mContentsClient.onReceivedSslError(handler, sslError);
+        return false;
+    }
+
+    private void proceedSslError(boolean proceed) {
+        if (mNativeAwContents == 0) return;
+        nativeProceedSslError(mNativeAwContents, proceed);
+    }
+
     private static class ChromiumGeolocationCallback implements GeolocationPermissions.Callback {
         final int mRenderProcessId;
         final int mRenderViewId;
         final int mBridgeId;
         final String mRequestingFrame;
 
         private ChromiumGeolocationCallback(int renderProcessId, int renderViewId, int bridgeId,
                 String requestingFrame) {
             mRenderProcessId = renderProcessId;
             mRenderViewId = renderViewId;
@@ skipping 87 matching lines @@
 
         for (int i = 1; i < 100; i++) {
             testName = baseName + name + "-" + i + WEB_ARCHIVE_EXTENSION;
             if (!new File(testName).exists()) return testName;
         }
 
         Log.e(TAG, "Unable to auto generate archive name for path: " + baseName);
         return null;
     }
 
+    private SslCertificate getCertificateFromDerBytes(byte[] derBytes) {
+        if (derBytes == null) {
+            return null;
+        }
+
+        try {
+            X509Certificate x509Certificate =
+                    X509Util.createCertificateFromBytes(derBytes);
+            return new SslCertificate(x509Certificate);
+        } catch (CertificateException e) {
+            // Intentional fall through
+            // A SSL related exception must have occured.  This shouldn't happen.
+            Log.w(TAG, "Could not read certificate: " + e);
+        } catch (KeyStoreException e) {
+            // Intentional fall through
+            // A SSL related exception must have occured.  This shouldn't happen.
+            Log.w(TAG, "Could not read certificate: " + e);
+        } catch (NoSuchAlgorithmException e) {
+            // Intentional fall through
+            // A SSL related exception must have occured.  This shouldn't happen.
+            Log.w(TAG, "Could not read certificate: " + e);
+        }
+        return null;
+    }
+
     @CalledByNative
     private void handleJsAlert(String url, String message, JsResultReceiver receiver) {
         mContentsClient.handleJsAlert(url, message, receiver);
     }
 
     @CalledByNative
     private void handleJsBeforeUnload(String url, String message, JsResultReceiver receiver) {
         mContentsClient.handleJsBeforeUnload(url, message, receiver);
     }
 
@@ skipping 33 matching lines @@
     private native void nativeAddVisitedLinks(int nativeAwContents, String[] visitedLinks);
 
     private native boolean nativeDrawSW(int nativeAwContents, Canvas canvas);
     private native void nativeSetScrollForHWFrame(int nativeAwContents, int scrollX, int scrollY);
     private native int nativeFindAllSync(int nativeAwContents, String searchString);
     private native void nativeFindAllAsync(int nativeAwContents, String searchString);
     private native void nativeFindNext(int nativeAwContents, boolean forward);
     private native void nativeClearMatches(int nativeAwContents);
     private native void nativeClearCache(int nativeAwContents, boolean includeDiskFiles);
     private native byte[] nativeGetCertificate(int nativeAwContents);
+    private native void nativeProceedSslError(int nativeAwContents, boolean proceed);
     private native void nativeRequestNewHitTestDataAt(int nativeAwContents, int x, int y);
     private native void nativeUpdateLastHitTestData(int nativeAwContents);
     private native void nativeOnSizeChanged(int nativeAwContents, int w, int h, int ow, int oh);
     private native void nativeSetWindowViewVisibility(int nativeAwContents, boolean windowVisible,
             boolean viewVisible);
     private native void nativeOnAttachedToWindow(int nativeAwContents, int w, int h);
     private native void nativeOnDetachedFromWindow(int nativeAwContents);
 
     // Returns null if save state fails.
     private native byte[] nativeGetOpaqueState(int nativeAwContents);
 
     // Returns false if restore state fails.
     private native boolean nativeRestoreFromOpaqueState(int nativeAwContents, byte[] state);
 
     private native int nativeReleasePopupWebContents(int nativeAwContents);
     private native void nativeSetWebContents(int nativeAwContents, int nativeNewWebContents);
     private native void nativeFocusFirstNode(int nativeAwContents);
 }