Add Android support for SSL client authentication to the browser layer.

chrome/browser/ui/android/ssl_client_certificate_request.h

Index: chrome/browser/ui/android/ssl_client_certificate_request.h
diff --git a/chrome/browser/ui/android/ssl_client_certificate_request.h b/chrome/browser/ui/android/ssl_client_certificate_request.h
new file mode 100644
index 0000000000000000000000000000000000000000..dee8e110185d80e307fcee04f790363089d83a6e
--- /dev/null
+++ b/chrome/browser/ui/android/ssl_client_certificate_request.h
@@ -0,0 +1,103 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_UI_ANDROID_SSL_CLIENT_CERTIFICATE_REQUEST_H_
+#define CHROME_BROWSER_UI_ANDROID_SSL_CLIENT_CERTIFICATE_REQUEST_H_
+
+#include <jni.h>
+
+#include "base/android/scoped_java_ref.h"
+#include "base/basictypes.h"
+#include "base/memory/ref_counted.h"
+#include "base/string_piece.h"
+
+namespace net {
+class SSLCertRequestInfo;
+}  // namespace net
+
+namespace browser {
+namespace android {
+
+// This is the C++ counterpart of the Java SSLClientCertificateRequest
+// class. Usage example:
+//
+//   1/ Create your own subclass and override the OnCompletion() method.
+//
+//    class MyRequest : public SSLClientCertificateRequest {
+//      ...
+//      virtual void OnCompletion(....) OVERRIDE;
+//      ...
+//    };
+//
+//   2/ Start an asynchronous client certificate on the UI thread with:
+//
+//     scoped_refptr<MyRequest> my_request(new MyRequest());
+//     if (!my_request->Start(cert_request_info)) {
+//       LOG(ERROR) << "Could not start client certificate selection";
+//       ...
+//     }
+//
+//   3/ Later, the UI thread will call back your request's OnCompletion()
+//      method with the results.
+//
+// Note the following limitations, coming from the platform APIS:
+//
+//   - It's not possible to cancel a request once it has been started.
+//
+//   - Each request will launch a system activity which pauses the UI
+//     thread.
+//
+//   - If the user fails to select a certificate, fails to unlock access
+//     to the credential storage, or another error occurs, the
+//     OnCompletion method is called with NULL parameters. There is no
+//     way to know exactly what happened though.
+//
+// This class must only be used on the UI thread.
+class SSLClientCertificateRequest
+    : public base::RefCounted<SSLClientCertificateRequest> {
+ public:
+  SSLClientCertificateRequest() { }
+
+  // Launch an asynchronous client certificate system activity.
+  // |cert_request_info| holds the client certificate request details.
+  // Returns true on success, false otherwise. Note that failure only
+  // means that the system activity could not be launched.
+  // On success, this increments the delegate's reference count.
+  bool Start(const net::SSLCertRequestInfo* cert_request_info);
+
+  // Called to pass the result of client certificate selection.
+  // |encoded_chain| is the encoded selected client certificate chain,
+  // where each item is a DER-encoded X.509 certificate.
+  // |private_key| is local JNI reference to the platform's
+  // PrivateKey object for this certificate.
+  // Note: both parameters will be NULL to indicate the user didn't
+  // select a certificate.
+  virtual void OnCompletion(
+      std::vector<base::StringPiece>* encoded_chain,
+      jobject private_key) = 0;
+
+  // Called from JNI to pass the client certificate selection result.
+  // Note: this method is only public to be called from the auto-generated
+  // JNI wrapper code. Internal use only.
+  void OnRequestCompletion(JNIEnv* env,
+                           jobject object,
+                           jobjectArray encoded_chain_ref,
+                           jobject private_key_ref);

[Ryan Sleevi, 2013/03/04 23:47:21]

Method naming: It's not at all clear how
SSLClientCertificateRequest::OnCompletion differs from
SSLClientCertificateRequest::OnRequestCompletion - can you find better names
here?

OnCertificateSelected? OnPrivateKeyLocated? I honestly don't know the better
names, but it hopefully there's something clearer here.

+
+ protected:
+  virtual ~SSLClientCertificateRequest() { }
+
+ private:
+  friend class base::RefCounted<SSLClientCertificateRequest>;
+
+  DISALLOW_COPY_AND_ASSIGN(SSLClientCertificateRequest);
+};
+
+}  // namespace android
+}  // namespace browser
+
+// Register JNI methods.
+bool RegisterSSLClientCertificateRequestAndroid(JNIEnv* env);

[Ryan Sleevi, 2013/03/04 23:47:21]

why does this have to be in the global namespace?

[digit1, 2013/03/05 16:54:00]

Most of similar functions that are called from
chrome/browser/android/chrome_jni_registrar.cc are in the global namespace. I'll
move this to something different. 

+
+#endif  // CHROME_BROWSER_UI_ANDROID_SSL_CLIENT_CERTIFICATE_REQUEST_H_