OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 package org.chromium.chrome.browser; | 5 package org.chromium.chrome.browser; |
6 | 6 |
7 import android.app.Activity; | 7 import android.app.Activity; |
8 import android.content.Context; | 8 import android.content.Context; |
9 import android.os.AsyncTask; | 9 import android.os.AsyncTask; |
10 import android.security.KeyChain; | 10 import android.security.KeyChain; |
11 import android.security.KeyChainAliasCallback; | 11 import android.security.KeyChainAliasCallback; |
12 import android.security.KeyChainException; | 12 import android.security.KeyChainException; |
13 import android.util.Log; | 13 import android.util.Log; |
14 | 14 |
15 import org.chromium.base.ActivityStatus; | 15 import org.chromium.base.ActivityStatus; |
16 import org.chromium.base.CalledByNative; | 16 import org.chromium.base.CalledByNative; |
17 import org.chromium.base.JNINamespace; | 17 import org.chromium.base.JNINamespace; |
18 import org.chromium.base.ThreadUtils; | 18 import org.chromium.base.ThreadUtils; |
| 19 import org.chromium.net.AndroidPrivateKey; |
| 20 import org.chromium.net.DefaultAndroidKeyStore; |
19 | 21 |
20 import java.security.Principal; | 22 import java.security.Principal; |
21 import java.security.PrivateKey; | |
22 import java.security.cert.CertificateEncodingException; | 23 import java.security.cert.CertificateEncodingException; |
23 import java.security.cert.X509Certificate; | 24 import java.security.cert.X509Certificate; |
24 | 25 |
25 import javax.security.auth.x500.X500Principal; | 26 import javax.security.auth.x500.X500Principal; |
26 | 27 |
27 /** | 28 /** |
28 * Handles selection of client certificate on the Java side. This class is respo
nsible for selection | 29 * Handles selection of client certificate on the Java side. This class is respo
nsible for selection |
29 * of the client certificate to be used for authentication and retrieval of the
private key and full | 30 * of the client certificate to be used for authentication and retrieval of the
private key and full |
30 * certificate chain. | 31 * certificate chain. |
31 * | 32 * |
32 * The entry point is selectClientCertificate() and it will be called on the UI
thread. Then the | 33 * The entry point is selectClientCertificate() and it will be called on the UI
thread. Then the |
33 * class will construct and run an appropriate CertAsyncTask, that will run in b
ackground, and | 34 * class will construct and run an appropriate CertAsyncTask, that will run in b
ackground, and |
34 * finally pass the results back to the UI thread, which will return to the nati
ve code. | 35 * finally pass the results back to the UI thread, which will return to the nati
ve code. |
35 */ | 36 */ |
36 @JNINamespace("chrome::android") | 37 @JNINamespace("chrome::android") |
37 class SSLClientCertificateRequest { | 38 public class SSLClientCertificateRequest { |
38 static final String TAG = "SSLClientCertificateRequest"; | 39 static final String TAG = "SSLClientCertificateRequest"; |
39 | 40 |
| 41 private static final DefaultAndroidKeyStore sLocalKeyStore = |
| 42 new DefaultAndroidKeyStore(); |
| 43 |
40 /** | 44 /** |
41 * Common implementation for anynchronous task of handling the certificate r
equest. This | 45 * Common implementation for anynchronous task of handling the certificate r
equest. This |
42 * AsyncTask uses the abstract methods to retrieve the authentication materi
al from a | 46 * AsyncTask uses the abstract methods to retrieve the authentication materi
al from a |
43 * generalized key store. The key store is accessed in background, as the AP
Is being exercised | 47 * generalized key store. The key store is accessed in background, as the AP
Is being exercised |
44 * may be blocking. The results are posted back to native on the UI thread. | 48 * may be blocking. The results are posted back to native on the UI thread. |
45 */ | 49 */ |
46 abstract static class CertAsyncTask extends AsyncTask<Void, Void, Void> { | 50 abstract static class CertAsyncTask extends AsyncTask<Void, Void, Void> { |
47 // These fields will store the results computed in doInBackground so tha
t they can be posted | 51 // These fields will store the results computed in doInBackground so tha
t they can be posted |
48 // back in onPostExecute. | 52 // back in onPostExecute. |
49 private byte[][] mEncodedChain; | 53 private byte[][] mEncodedChain; |
50 private PrivateKey mPrivateKey; | 54 private AndroidPrivateKey mAndroidPrivateKey; |
51 | 55 |
52 // Pointer to the native certificate request needed to return the result
s. | 56 // Pointer to the native certificate request needed to return the result
s. |
53 private final int mNativePtr; | 57 private final int mNativePtr; |
54 | 58 |
55 CertAsyncTask(int nativePtr) { | 59 CertAsyncTask(int nativePtr) { |
56 mNativePtr = nativePtr; | 60 mNativePtr = nativePtr; |
57 } | 61 } |
58 | 62 |
59 // These overriden methods will be used to access the key store. | 63 // These overriden methods will be used to access the key store. |
60 abstract String getAlias(); | 64 abstract String getAlias(); |
61 abstract PrivateKey getPrivateKey(String alias); | 65 abstract AndroidPrivateKey getPrivateKey(String alias); |
62 abstract X509Certificate[] getCertificateChain(String alias); | 66 abstract X509Certificate[] getCertificateChain(String alias); |
63 | 67 |
64 @Override | 68 @Override |
65 protected Void doInBackground(Void... params) { | 69 protected Void doInBackground(Void... params) { |
66 String alias = getAlias(); | 70 String alias = getAlias(); |
67 if (alias == null) return null; | 71 if (alias == null) return null; |
68 | 72 |
69 PrivateKey key = getPrivateKey(alias); | 73 AndroidPrivateKey key = getPrivateKey(alias); |
70 X509Certificate[] chain = getCertificateChain(alias); | 74 X509Certificate[] chain = getCertificateChain(alias); |
| 75 |
71 if (key == null || chain == null || chain.length == 0) { | 76 if (key == null || chain == null || chain.length == 0) { |
72 Log.w(TAG, "Empty client certificate chain?"); | 77 Log.w(TAG, "Empty client certificate chain?"); |
73 return null; | 78 return null; |
74 } | 79 } |
75 | 80 |
76 // Encode the certificate chain. | 81 // Encode the certificate chain. |
77 byte[][] encodedChain = new byte[chain.length][]; | 82 byte[][] encodedChain = new byte[chain.length][]; |
78 try { | 83 try { |
79 for (int i = 0; i < chain.length; ++i) { | 84 for (int i = 0; i < chain.length; ++i) { |
80 encodedChain[i] = chain[i].getEncoded(); | 85 encodedChain[i] = chain[i].getEncoded(); |
81 } | 86 } |
82 } catch (CertificateEncodingException e) { | 87 } catch (CertificateEncodingException e) { |
83 Log.w(TAG, "Could not retrieve encoded certificate chain: " + e)
; | 88 Log.w(TAG, "Could not retrieve encoded certificate chain: " + e)
; |
84 return null; | 89 return null; |
85 } | 90 } |
86 | 91 |
87 mEncodedChain = encodedChain; | 92 mEncodedChain = encodedChain; |
88 mPrivateKey = key; | 93 mAndroidPrivateKey = key; |
89 return null; | 94 return null; |
90 } | 95 } |
91 | 96 |
92 @Override | 97 @Override |
93 protected void onPostExecute(Void result) { | 98 protected void onPostExecute(Void result) { |
94 ThreadUtils.assertOnUiThread(); | 99 ThreadUtils.assertOnUiThread(); |
95 nativeOnSystemRequestCompletion(mNativePtr, mEncodedChain, mPrivateK
ey); | 100 nativeOnSystemRequestCompletion(mNativePtr, mEncodedChain, mAndroidP
rivateKey); |
96 } | 101 } |
97 } | 102 } |
98 | 103 |
99 /** Implementation of CertAsyncTask for the system KeyChain API. */ | 104 /** Implementation of CertAsyncTask for the system KeyChain API. */ |
100 private static class CertAsyncTaskKeyChain extends CertAsyncTask { | 105 private static class CertAsyncTaskKeyChain extends CertAsyncTask { |
101 final Context mContext; | 106 final Context mContext; |
102 final String mAlias; | 107 final String mAlias; |
103 | 108 |
104 CertAsyncTaskKeyChain(Context context, int nativePtr, String alias) { | 109 CertAsyncTaskKeyChain(Context context, int nativePtr, String alias) { |
105 super(nativePtr); | 110 super(nativePtr); |
106 mContext = context; | 111 mContext = context; |
107 assert alias != null; | 112 assert alias != null; |
108 mAlias = alias; | 113 mAlias = alias; |
109 } | 114 } |
110 | 115 |
111 @Override | 116 @Override |
112 String getAlias() { | 117 String getAlias() { |
113 return mAlias; | 118 return mAlias; |
114 } | 119 } |
115 | 120 |
116 @Override | 121 @Override |
117 PrivateKey getPrivateKey(String alias) { | 122 AndroidPrivateKey getPrivateKey(String alias) { |
118 try { | 123 try { |
119 return KeyChain.getPrivateKey(mContext, alias); | 124 return sLocalKeyStore.createKey(KeyChain.getPrivateKey(mContext,
alias)); |
120 } catch (KeyChainException e) { | 125 } catch (KeyChainException e) { |
121 Log.w(TAG, "KeyChainException when looking for '" + alias + "' c
ertificate"); | 126 Log.w(TAG, "KeyChainException when looking for '" + alias + "' c
ertificate"); |
122 return null; | 127 return null; |
123 } catch (InterruptedException e) { | 128 } catch (InterruptedException e) { |
124 Log.w(TAG, "InterruptedException when looking for '" + alias + "
'certificate"); | 129 Log.w(TAG, "InterruptedException when looking for '" + alias + "
'certificate"); |
125 return null; | 130 return null; |
126 } | 131 } |
127 } | 132 } |
128 | 133 |
129 @Override | 134 @Override |
(...skipping 23 matching lines...) Expand all Loading... |
153 mPort = port; | 158 mPort = port; |
154 mPKCS11AuthManager = pkcs11CardAuthManager; | 159 mPKCS11AuthManager = pkcs11CardAuthManager; |
155 } | 160 } |
156 | 161 |
157 @Override | 162 @Override |
158 String getAlias() { | 163 String getAlias() { |
159 return mPKCS11AuthManager.getClientCertificateAlias(mHostName, mPort
); | 164 return mPKCS11AuthManager.getClientCertificateAlias(mHostName, mPort
); |
160 } | 165 } |
161 | 166 |
162 @Override | 167 @Override |
163 PrivateKey getPrivateKey(String alias) { | 168 AndroidPrivateKey getPrivateKey(String alias) { |
164 return mPKCS11AuthManager.getPrivateKey(alias); | 169 return mPKCS11AuthManager.getPrivateKey(alias); |
165 } | 170 } |
166 | 171 |
167 @Override | 172 @Override |
168 X509Certificate[] getCertificateChain(String alias) { | 173 X509Certificate[] getCertificateChain(String alias) { |
169 return mPKCS11AuthManager.getCertificateChain(alias); | 174 return mPKCS11AuthManager.getCertificateChain(alias); |
170 } | 175 } |
171 } | 176 } |
172 | 177 |
173 /** | 178 /** |
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
283 // Smart card support is not available, use the system store uncondi
tionally. | 288 // Smart card support is not available, use the system store uncondi
tionally. |
284 useSystemStore.run(); | 289 useSystemStore.run(); |
285 } | 290 } |
286 | 291 |
287 // We've taken ownership of the native ssl request object. | 292 // We've taken ownership of the native ssl request object. |
288 return true; | 293 return true; |
289 } | 294 } |
290 | 295 |
291 // Called to pass request results to native side. | 296 // Called to pass request results to native side. |
292 private static native void nativeOnSystemRequestCompletion( | 297 private static native void nativeOnSystemRequestCompletion( |
293 int requestPtr, byte[][] certChain, PrivateKey privateKey); | 298 int requestPtr, byte[][] certChain, AndroidPrivateKey androidKey); |
294 } | 299 } |
OLD | NEW |