Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(64)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/android/java/src/org/chromium/chrome/browser/SSLClientCertificateRequest.java

Issue 164053004: Refactor AndroidKeyStore to allow remote key handling. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Switch to abstract AndroidPrivateKey. Created 6 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/android/java/src/org/chromium/chrome/browser/PKCS11AuthenticationManager.java ('k') | net/android/java/src/org/chromium/net/AndroidKeyStore.java » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/android/java/src/org/chromium/chrome/browser/SSLClientCertificateRequest.java
diff --git a/chrome/android/java/src/org/chromium/chrome/browser/SSLClientCertificateRequest.java b/chrome/android/java/src/org/chromium/chrome/browser/SSLClientCertificateRequest.java
index 31c41fd2f0d5c091931828e0b611e15b85da7d56..843d4431701d0b695cabe4499fe570ad5dd741fb 100644
--- a/chrome/android/java/src/org/chromium/chrome/browser/SSLClientCertificateRequest.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/SSLClientCertificateRequest.java
@@ -16,9 +16,11 @@ import org.chromium.base.ActivityStatus;
import org.chromium.base.CalledByNative;
import org.chromium.base.JNINamespace;
import org.chromium.base.ThreadUtils;
+import org.chromium.net.AndroidKeyStoreLocalImpl;
+import org.chromium.net.AndroidKeyStoreRemote;
+import org.chromium.net.AndroidPrivateKey;
import java.security.Principal;
-import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
@@ -34,9 +36,16 @@ import javax.security.auth.x500.X500Principal;
* finally pass the results back to the UI thread, which will return to the native code.
*/
@JNINamespace("chrome::android")
-class SSLClientCertificateRequest {
+public class SSLClientCertificateRequest {
static final String TAG = "SSLClientCertificateRequest";
+ static final AndroidKeyStoreLocalImpl sLocalKeyStore = new AndroidKeyStoreLocalImpl();
+ static AndroidKeyStoreRemote sRemoteKeyStore;
+
+ public static void setRemoteKeyStore(AndroidKeyStoreRemote remoteStore) {
+ sRemoteKeyStore = remoteStore;
+ }
+
/**
* Common implementation for anynchronous task of handling the certificate request. This
* AsyncTask uses the abstract methods to retrieve the authentication material from a
@@ -47,7 +56,7 @@ class SSLClientCertificateRequest {
// These fields will store the results computed in doInBackground so that they can be posted
// back in onPostExecute.
private byte[][] mEncodedChain;
- private PrivateKey mPrivateKey;
+ private AndroidPrivateKey mAndroidKey;
// Pointer to the native certificate request needed to return the results.
private final int mNativePtr;
@@ -58,7 +67,7 @@ class SSLClientCertificateRequest {
// These overriden methods will be used to access the key store.
abstract String getAlias();
- abstract PrivateKey getPrivateKey(String alias);
+ abstract AndroidPrivateKey getPrivateKey(String alias);
abstract X509Certificate[] getCertificateChain(String alias);
@Override
@@ -66,8 +75,11 @@ class SSLClientCertificateRequest {
String alias = getAlias();
if (alias == null) return null;
- PrivateKey key = getPrivateKey(alias);
+ AndroidPrivateKey key = getPrivateKey(alias);
+ Log.d(TAG, "got key " + key);
X509Certificate[] chain = getCertificateChain(alias);
+ Log.d(TAG, "got chain " + chain);
+
if (key == null || chain == null || chain.length == 0) {
Log.w(TAG, "Empty client certificate chain?");
return null;
@@ -85,14 +97,14 @@ class SSLClientCertificateRequest {
}
mEncodedChain = encodedChain;
- mPrivateKey = key;
+ mAndroidKey = key;
return null;
}
@Override
protected void onPostExecute(Void result) {
ThreadUtils.assertOnUiThread();
- nativeOnSystemRequestCompletion(mNativePtr, mEncodedChain, mPrivateKey);
+ nativeOnSystemRequestCompletion(mNativePtr, mEncodedChain, mAndroidKey);
}
}
@@ -114,9 +126,9 @@ class SSLClientCertificateRequest {
}
@Override
- PrivateKey getPrivateKey(String alias) {
+ AndroidPrivateKey getPrivateKey(String alias) {
try {
- return KeyChain.getPrivateKey(mContext, alias);
+ return sLocalKeyStore.createKey(KeyChain.getPrivateKey(mContext, alias));
} catch (KeyChainException e) {
Log.w(TAG, "KeyChainException when looking for '" + alias + "' certificate");
return null;
@@ -160,8 +172,10 @@ class SSLClientCertificateRequest {
}
@Override
- PrivateKey getPrivateKey(String alias) {
- return mPKCS11AuthManager.getPrivateKey(alias);
+ AndroidPrivateKey getPrivateKey(String alias) {
+ assert sRemoteKeyStore != null :
+ "PKCS11 certificate request issued with no remote key store set";
+ return sRemoteKeyStore.createKey(alias);
}
@Override
@@ -290,5 +304,5 @@ class SSLClientCertificateRequest {
// Called to pass request results to native side.
private static native void nativeOnSystemRequestCompletion(
- int requestPtr, byte[][] certChain, PrivateKey privateKey);
+ int requestPtr, byte[][] certChain, AndroidPrivateKey androidKey);
}
« no previous file with comments | « chrome/android/java/src/org/chromium/chrome/browser/PKCS11AuthenticationManager.java ('k') | net/android/java/src/org/chromium/net/AndroidKeyStore.java » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698