Chromium Code Reviews Chromium Code Reviews
Issue 12374020:
Add Android support for SSL client authentication to the browser layer. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@client-cert-test| Index: chrome/browser/ui/android/ssl_client_certificate_request.h |
| diff --git a/chrome/browser/ui/android/ssl_client_certificate_request.h b/chrome/browser/ui/android/ssl_client_certificate_request.h |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..177fef671b552c8a4372fa9d48a31be22a16deb2 |
| --- /dev/null |
| +++ b/chrome/browser/ui/android/ssl_client_certificate_request.h |
| @@ -0,0 +1,93 @@ |
| +// Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#ifndef CHROME_BROWSER_UI_ANDROID_SSL_CLIENT_CERTIFICATE_REQUEST_H_ |
| +#define CHROME_BROWSER_UI_ANDROID_SSL_CLIENT_CERTIFICATE_REQUEST_H_ |
| + |
| +#include <jni.h> |
| + |
| +#include "base/basictypes.h" |
| +#include "base/callback.h" |
| +#include "base/memory/ref_counted.h" |
| +#include "chrome/browser/ssl/ssl_client_certificate_selector.h" |
| +#include "net/base/openssl_client_key_store.h" |
| + |
| +namespace net { |
| +class SSLCertRequestInfo; |
| +class X509Certificate; |
| +} // namespace net |
| + |
| +namespace browser { |
| +namespace android { |
| + |
| +// This class is the C++ equivalent for the Java class of the same |
| +// name defined in org.chromium.browser.SSLClientCertificateRequest.java. |
| +// See the comments in ssl_client_certificate_selector.cc for more details |
| +// on how this is used. |
| +class SSLClientCertificateRequest |
| + : public base::RefCountedThreadSafe<SSLClientCertificateRequest> { |
| + public: |
| + SSLClientCertificateRequest( |
| + net::SSLCertRequestInfo* cert_request_info, |
| + const chrome::SelectCertificateCallback& callback); |
|
Ryan Sleevi
2013/02/28 19:42:42
nit: indent to 4 spaces
digit1
2013/03/04 19:03:20
Done.
|
| + |
| + // Start an asynchronous request for a client certificate. |
| + // |
| + // This launches a system UI dialog to let the user select |
| + // an appropriate client certificate, if any, or even install one. |
| + // Once the user chooses a certificate (or cancels the dialog), |
| + // OnRequestCompletion() will later be called on the UI thread. |
| + // |
| + // Returns true on success. Note that failure only means that there |
| + // were problems to launch the system UI dialog, and isn't related |
| + // to user choice. |
| + bool Start(); |
| + |
| + // Called from Java through JNI when the request completes or was |
| + // cancelled by the user. The only reason this is public is to ensure |
| + // it can be called from Java through the auto-generated JNI wrapper. |
| + // |env| is the current threads' JNIEnv handle. |
| + // |obj| is a JNI reference to the Java object instance associated |
| + // with this request. |
| + // |private_key_alias| is a JNI string reference to the private key |
| + // unique name. |
| + // |encoded_chain_ref| is a JNI reference to an array of byte arrays |
| + // modelling the encoded client certificate chain. Will be null if |
| + // the request was cancelled or an error occured. |
| + // |private_key_ref| is a JNI reference to the PrivateKey object for |
| + // the client certificate. Will be null if the request was cancelled |
| + // or an error occured. |
| + // Note that this always destroys the C++ request object. |
| + void OnRequestCompletion(JNIEnv* env, |
| + jobject obj, |
| + jstring private_key_alias_ref, |
| + jobjectArray encoded_chain_ref, |
| + jobject private_key_ref); |
| + |
| + private: |
| + friend class base::RefCountedThreadSafe<SSLClientCertificateRequest>; |
| + |
| + ~SSLClientCertificateRequest(); |
| + |
| + // Must be called on the IO thread before DoSendClientCertificate |
| + // to ensure the private key is properly recorded in memory before |
| + // sending it to the request's initiator. |
| + void DoRecordClientCertificateKey(); |
| + |
| + // Must be called on the UI thread after DoRecordClientCertificate to |
| + // send the final client certificate. |
| + void DoSendClientCertificate(); |
| + |
| + net::SSLCertRequestInfo* cert_request_info_; |
| + scoped_refptr<net::X509Certificate> client_cert_; |
| + net::OpenSSLClientKeyStore::ScopedEVP_PKEY private_key_; |
| + chrome::SelectCertificateCallback callback_; |
| + |
| + DISALLOW_COPY_AND_ASSIGN(SSLClientCertificateRequest); |
| +}; |
| + |
| +} // namespace android |
| +} // namespace browser |
| + |
| +#endif // CHROME_BROWSER_UI_ANDROID_SSL_CLIENT_CERTIFICATE_REQUEST_H_ |
