Implement Webviewclient.onReceivedSslError

android_webview/java/src/org/chromium/android_webview/AwContents.java

Index: android_webview/java/src/org/chromium/android_webview/AwContents.java
diff --git a/android_webview/java/src/org/chromium/android_webview/AwContents.java b/android_webview/java/src/org/chromium/android_webview/AwContents.java
index 4fed78c509bba30c3446391c368ff071bb58dd65..af5231dd78861f2971c3cf9e11548a6c12d1e22a 100644
--- a/android_webview/java/src/org/chromium/android_webview/AwContents.java
+++ b/android_webview/java/src/org/chromium/android_webview/AwContents.java
@@ -10,6 +10,7 @@ import android.graphics.Canvas;
 import android.graphics.Color;
 import android.graphics.Rect;
 import android.net.http.SslCertificate;
+import android.net.http.SslError;
 import android.os.AsyncTask;
 import android.os.Build;
 import android.os.Bundle;
@@ -20,6 +21,7 @@ import android.view.MotionEvent;
 import android.view.View;
 import android.view.ViewGroup;
 import android.webkit.GeolocationPermissions;
+import android.webkit.SslErrorHandler;
 import android.webkit.ValueCallback;
 
 import org.chromium.base.CalledByNative;
@@ -583,29 +585,7 @@ public class AwContents {
      */
     public SslCertificate getCertificate() {
         if (mNativeAwContents == 0) return null;
-        byte[] derBytes = nativeGetCertificate(mNativeAwContents);
-        if (derBytes == null) {
-            return null;
-        }
-
-        try {
-            X509Certificate x509Certificate =
-                    X509Util.createCertificateFromBytes(derBytes);
-            return new SslCertificate(x509Certificate);
-        } catch (CertificateException e) {
-            // Intentional fall through
-            // A SSL related exception must have occured.  This shouldn't happen.
-            Log.w(TAG, "Could not read certificate: " + e);
-        } catch (KeyStoreException e) {
-            // Intentional fall through
-            // A SSL related exception must have occured.  This shouldn't happen.
-            Log.w(TAG, "Could not read certificate: " + e);
-        } catch (NoSuchAlgorithmException e) {
-            // Intentional fall through
-            // A SSL related exception must have occured.  This shouldn't happen.
-            Log.w(TAG, "Could not read certificate: " + e);
-        }
-        return null;
+        return getCertificateFromDerBytes(nativeGetCertificate(mNativeAwContents));
     }
 
     /**
@@ -840,6 +820,52 @@ public class AwContents {
         mContentsClient.onReceivedHttpAuthRequest(handler, host, realm);
     }
 
+    // If returns true, the request is immediately canceled, and any call to proceedSslError
+    // has no effect. If returns false, the request should be canceled or proceeded using
+    // proceedSslError().
+    @CalledByNative
+    private boolean cancelCertificateError(int certError, byte[] derBytes, String url) {
+        SslCertificate cert = getCertificateFromDerBytes(derBytes);
+        if (cert == null) {
+            // if the certificate is null, cancel the request
+            return true;
+        }
+        final SslError sslError = SslError.SslErrorFromChromiumErrorCode(certError, cert, url);
+        if (SslCertLookupTable.getInstance().isAllowed(sslError)) {
+            proceedSslError(true);
+            return false;

[boliu, 2013/02/01 23:07:13]

so we are not doing this optimization?

[sgurun-gerrit only, 2013/02/02 01:01:10]

I think you mean why do we have to use the callback. We have to because
returning true is "no-op". :) see the method level comments. We cannot change
the semantics to mean such that returning false would mean "proceed".

On 2013/02/01 23:07:13, boliu wrote:

[boliu, 2013/02/02 01:10:42]

Can you just return true here without calling proceedSslError?

[sgurun-gerrit only, 2013/02/02 03:16:10]

Nop, it won't work (Please take a look at the place where AllowCertificateError
method call originates, we can chat later if you want to).

On 2013/02/02 01:10:42, boliu wrote:

+        }
+
+        SslErrorHandler handler = new SslErrorHandler() {
+            @Override
+            public void proceed() {
+                post(new Runnable() {
+                        @Override
+                        public void run() {
+                            SslCertLookupTable.getInstance().setIsAllowed(sslError);
+                            proceedSslError(true);
+                        }
+                    });
+            }
+            @Override
+            public void cancel() {
+                post(new Runnable() {
+                        @Override
+                        public void run() {
+                            proceedSslError(false);
+                        }
+                    });
+            }
+        };
+        mContentsClient.onReceivedSslError(handler, sslError);
+        return false;
+    }
+
+    private void proceedSslError(boolean proceed) {
+        if (mNativeAwContents == 0) return;
+        nativeProceedSslError(mNativeAwContents, proceed);
+    }
+
     private static class ChromiumGeolocationCallback implements GeolocationPermissions.Callback {
         final int mRenderProcessId;
         final int mRenderViewId;
@@ -947,6 +973,31 @@ public class AwContents {
         return null;
     }
 
+    private SslCertificate getCertificateFromDerBytes(byte[] derBytes) {
+        if (derBytes == null) {
+            return null;
+        }
+
+        try {
+            X509Certificate x509Certificate =
+                    X509Util.createCertificateFromBytes(derBytes);
+            return new SslCertificate(x509Certificate);
+        } catch (CertificateException e) {
+            // Intentional fall through
+            // A SSL related exception must have occured.  This shouldn't happen.
+            Log.w(TAG, "Could not read certificate: " + e);
+        } catch (KeyStoreException e) {
+            // Intentional fall through
+            // A SSL related exception must have occured.  This shouldn't happen.
+            Log.w(TAG, "Could not read certificate: " + e);
+        } catch (NoSuchAlgorithmException e) {
+            // Intentional fall through
+            // A SSL related exception must have occured.  This shouldn't happen.
+            Log.w(TAG, "Could not read certificate: " + e);
+        }
+        return null;
+    }
+
     @CalledByNative
     private void handleJsAlert(String url, String message, JsResultReceiver receiver) {
         mContentsClient.handleJsAlert(url, message, receiver);
@@ -1000,6 +1051,7 @@ public class AwContents {
     private native void nativeClearMatches(int nativeAwContents);
     private native void nativeClearCache(int nativeAwContents, boolean includeDiskFiles);
     private native byte[] nativeGetCertificate(int nativeAwContents);
+    private native void nativeProceedSslError(int nativeAwContents, boolean proceed);
     private native void nativeRequestNewHitTestDataAt(int nativeAwContents, int x, int y);
     private native void nativeUpdateLastHitTestData(int nativeAwContents);
     private native void nativeOnSizeChanged(int nativeAwContents, int w, int h, int ow, int oh);