Refactoring AndroidKeyStore to support a KeyStore running in another process

chrome/android/java/src/org/chromium/chrome/browser/SSLClientCertificateRequest.java

Index: chrome/android/java/src/org/chromium/chrome/browser/SSLClientCertificateRequest.java
diff --git a/chrome/android/java/src/org/chromium/chrome/browser/SSLClientCertificateRequest.java b/chrome/android/java/src/org/chromium/chrome/browser/SSLClientCertificateRequest.java
index 31c41fd2f0d5c091931828e0b611e15b85da7d56..8941e11383ba4a4cb0e31b7d760e663009a86b13 100644
--- a/chrome/android/java/src/org/chromium/chrome/browser/SSLClientCertificateRequest.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/SSLClientCertificateRequest.java
@@ -16,9 +16,10 @@ import org.chromium.base.ActivityStatus;
 import org.chromium.base.CalledByNative;
 import org.chromium.base.JNINamespace;
 import org.chromium.base.ThreadUtils;
+import org.chromium.net.AndroidKeyStoreLocalImpl;
+import org.chromium.net.AndroidPrivateKey;
 
 import java.security.Principal;
-import java.security.PrivateKey;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 
@@ -34,9 +35,11 @@ import javax.security.auth.x500.X500Principal;
  * finally pass the results back to the UI thread, which will return to the native code.
  */
 @JNINamespace("chrome::android")
-class SSLClientCertificateRequest {
+public class SSLClientCertificateRequest {
     static final String TAG = "SSLClientCertificateRequest";
 
+    static final AndroidKeyStoreLocalImpl sLocalKeyStore = new AndroidKeyStoreLocalImpl();

[bulach, 2014/02/14 10:45:29]

nit: can this be private, and wrapped in a GetInstance() or some such?

[Yaron, 2014/02/14 19:36:56]

Done.

+
     /**
      * Common implementation for anynchronous task of handling the certificate request. This
      * AsyncTask uses the abstract methods to retrieve the authentication material from a
@@ -47,7 +50,7 @@ class SSLClientCertificateRequest {
         // These fields will store the results computed in doInBackground so that they can be posted
         // back in onPostExecute.
         private byte[][] mEncodedChain;
-        private PrivateKey mPrivateKey;
+        private AndroidPrivateKey mAndroidKey;

[bulach, 2014/02/14 10:45:29]

nit: mAndroidPrivateKey, just to avoid confusion..

[Yaron, 2014/02/14 19:36:56]

Done.

 
         // Pointer to the native certificate request needed to return the results.
         private final int mNativePtr;
@@ -58,7 +61,7 @@ class SSLClientCertificateRequest {
 
         // These overriden methods will be used to access the key store.
         abstract String getAlias();
-        abstract PrivateKey getPrivateKey(String alias);
+        abstract AndroidPrivateKey getPrivateKey(String alias);
         abstract X509Certificate[] getCertificateChain(String alias);
 
         @Override
@@ -66,8 +69,11 @@ class SSLClientCertificateRequest {
             String alias = getAlias();
             if (alias == null) return null;
 
-            PrivateKey key = getPrivateKey(alias);
+            AndroidPrivateKey key = getPrivateKey(alias);
+            Log.d(TAG, "got key " + key);
             X509Certificate[] chain = getCertificateChain(alias);
+             Log.d(TAG, "got chain " + chain);

[bulach, 2014/02/14 10:45:29]

nit: unindent

[Yaron, 2014/02/14 19:36:56]

Done.

+
             if (key == null || chain == null || chain.length == 0) {
                 Log.w(TAG, "Empty client certificate chain?");
                 return null;
@@ -85,14 +91,14 @@ class SSLClientCertificateRequest {
             }
 
             mEncodedChain = encodedChain;
-            mPrivateKey = key;
+            mAndroidKey = key;
             return null;
         }
 
         @Override
         protected void onPostExecute(Void result) {
             ThreadUtils.assertOnUiThread();
-            nativeOnSystemRequestCompletion(mNativePtr, mEncodedChain, mPrivateKey);
+            nativeOnSystemRequestCompletion(mNativePtr, mEncodedChain, mAndroidKey);
         }
     }
 
@@ -114,9 +120,9 @@ class SSLClientCertificateRequest {
         }
 
         @Override
-        PrivateKey getPrivateKey(String alias) {
+        AndroidPrivateKey getPrivateKey(String alias) {
             try {
-                return KeyChain.getPrivateKey(mContext, alias);
+                return sLocalKeyStore.createKey(KeyChain.getPrivateKey(mContext, alias));
             } catch (KeyChainException e) {
                 Log.w(TAG, "KeyChainException when looking for '" + alias + "' certificate");
                 return null;
@@ -160,7 +166,7 @@ class SSLClientCertificateRequest {
         }
 
         @Override
-        PrivateKey getPrivateKey(String alias) {
+        AndroidPrivateKey getPrivateKey(String alias) {
             return mPKCS11AuthManager.getPrivateKey(alias);
         }
 
@@ -290,5 +296,5 @@ class SSLClientCertificateRequest {
 
     // Called to pass request results to native side.
     private static native void nativeOnSystemRequestCompletion(
-            int requestPtr, byte[][] certChain, PrivateKey privateKey);
+            int requestPtr, byte[][] certChain, AndroidPrivateKey androidKey);
 }