Add Android support for SSL client authentication to the browser layer.

chrome/browser/ui/android/ssl_client_certificate_request.h

+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_UI_ANDROID_SSL_CLIENT_CERTIFICATE_REQUEST_H_
+#define CHROME_BROWSER_UI_ANDROID_SSL_CLIENT_CERTIFICATE_REQUEST_H_
+
+#include <jni.h>
+
+#include "base/basictypes.h"
+#include "base/callback.h"
+#include "base/memory/ref_counted.h"
+#include "chrome/browser/ssl/ssl_client_certificate_selector.h"
+#include "net/base/openssl_client_key_store.h"
+
+namespace net {
+class SSLCertRequestInfo;
+class X509Certificate;
+}  // namespace net
+
+namespace browser {
+namespace android {
+
+// This class is the C++ equivalent for the Java class of the same
+// name defined in org.chromium.browser.SSLClientCertificateRequest.java.
+// See the comments in ssl_client_certificate_selector.cc for more details
+// on how this is used.
+class SSLClientCertificateRequest
+    : public base::RefCountedThreadSafe<SSLClientCertificateRequest> {
+ public:
+  SSLClientCertificateRequest(
+    net::SSLCertRequestInfo* cert_request_info,
+    const chrome::SelectCertificateCallback& callback);

[Ryan Sleevi, 2013/02/28 19:42:42]

nit: indent to 4 spaces

[digit1, 2013/03/04 19:03:20]

Done.

+
+  // Start an asynchronous request for a client certificate.
+  //
+  // This launches a system UI dialog to let the user select
+  // an appropriate client certificate, if any, or even install one.
+  // Once the user chooses a certificate (or cancels the dialog),
+  // OnRequestCompletion() will later be called on the UI thread.
+  //
+  // Returns true on success. Note that failure only means that there
+  // were problems to launch the system UI dialog, and isn't related
+  // to user choice.
+  bool Start();
+
+  // Called from Java through JNI when the request completes or was
+  // cancelled by the user. The only reason this is public is to ensure
+  // it can be called from Java through the auto-generated JNI wrapper.
+  // |env| is the current threads' JNIEnv handle.
+  // |obj| is a JNI reference to the Java object instance associated
+  // with this request.
+  // |private_key_alias| is a JNI string reference to the private key
+  // unique name.
+  // |encoded_chain_ref| is a JNI reference to an array of byte arrays
+  // modelling the encoded client certificate chain. Will be null if
+  // the request was cancelled or an error occured.
+  // |private_key_ref| is a JNI reference to the PrivateKey object for
+  // the client certificate. Will be null if the request was cancelled
+  // or an error occured.
+  // Note that this always destroys the C++ request object.
+  void OnRequestCompletion(JNIEnv* env,
+                           jobject obj,
+                           jstring private_key_alias_ref,
+                           jobjectArray encoded_chain_ref,
+                           jobject private_key_ref);
+
+ private:
+  friend class base::RefCountedThreadSafe<SSLClientCertificateRequest>;
+
+  ~SSLClientCertificateRequest();
+
+  // Must be called on the IO thread before DoSendClientCertificate
+  // to ensure the private key is properly recorded in memory before
+  // sending it to the request's initiator.
+  void DoRecordClientCertificateKey();
+
+  // Must be called on the UI thread after DoRecordClientCertificate to
+  // send the final client certificate.
+  void DoSendClientCertificate();
+
+  net::SSLCertRequestInfo* cert_request_info_;
+  scoped_refptr<net::X509Certificate> client_cert_;
+  net::OpenSSLClientKeyStore::ScopedEVP_PKEY private_key_;
+  chrome::SelectCertificateCallback callback_;
+
+  DISALLOW_COPY_AND_ASSIGN(SSLClientCertificateRequest);
+};
+
+}  // namespace android
+}  // namespace browser
+
+#endif  // CHROME_BROWSER_UI_ANDROID_SSL_CLIENT_CERTIFICATE_REQUEST_H_