Add client cert support to android_webview

android_webview/java/src/org/chromium/android_webview/ClientCertLookupTable.java

Index: android_webview/java/src/org/chromium/android_webview/ClientCertLookupTable.java
diff --git a/android_webview/java/src/org/chromium/android_webview/ClientCertLookupTable.java b/android_webview/java/src/org/chromium/android_webview/ClientCertLookupTable.java
new file mode 100644
index 0000000000000000000000000000000000000000..af04a60f21a4073fe6ad70214e9e74575bc64077
--- /dev/null
+++ b/android_webview/java/src/org/chromium/android_webview/ClientCertLookupTable.java
@@ -0,0 +1,80 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+package org.chromium.android_webview;
+
+import org.chromium.net.AndroidPrivateKey;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * Store user's client certificate decision for a host and port pair. Not
+ * thread-safe. All accesses are done on UI thread.
+ */
+final class ClientCertLookupTable {
+
+    public static class Cert {

[boliu, 2014/04/14 23:56:04]

can this be private?

[sgurun-gerrit only, 2014/04/15 23:40:03]

This is accessed from another class.
On 2014/04/14 23:56:04, boliu wrote:

+        AndroidPrivateKey privateKey;
+        byte[][] certChain;
+        public Cert(AndroidPrivateKey privateKey, byte[][] certChain) {
+            this.privateKey = privateKey;
+            byte[][] newChain = new byte[certChain.length][];
+            for (int i = 0; i < certChain.length; i++) {
+                newChain[i] = Arrays.copyOf(certChain[i], certChain[i].length);
+            }
+            this.certChain = newChain;
+        }
+    };
+
+    private static ClientCertLookupTable sLookupTable;
+    private final Map<String, Cert> mCerts;
+    private final Set<String> mDenieds;
+
+    public static ClientCertLookupTable getInstance() {

[boliu, 2014/04/14 23:56:04]

Let's avoid introducing more global singletons. Can you make AwBrowserContext
(which is a singleton) own this object?

[sgurun-gerrit only, 2014/04/15 23:40:03]

Done.

+        if (sLookupTable == null) {
+            sLookupTable = new ClientCertLookupTable();
+        }
+        return sLookupTable;
+    }
+
+    // Clear client certificate preferences
+    public static void clear() {
+        sLookupTable = null;

[boliu, 2014/04/14 23:56:04]

This breaks the assumption that it's a singleton.

But I guess it's ok if done in AwBrowserContext.

[sgurun-gerrit only, 2014/04/15 23:40:03]

Done.

+    }
+
+    private ClientCertLookupTable() {
+        mCerts = new HashMap<String, Cert>();
+        mDenieds = new HashSet<String>();
+    }
+
+    public void allow(String host, int port, AndroidPrivateKey privateKey, byte[][] chain) {
+        String host_and_port = hostAndPort(host, port);
+        mCerts.put(host_and_port, new Cert(privateKey, chain));
+        mDenieds.remove(host_and_port);
+    }
+
+    public void deny(String host, int port) {
+        String host_and_port = hostAndPort(host, port);
+        mCerts.remove(host_and_port);
+        mDenieds.add(host_and_port);
+    }
+
+    public Cert getCertData(String host, int port) {
+        return mCerts.get(hostAndPort(host, port));
+    }
+
+    public boolean isDenied(String host, int port) {
+        return mDenieds.contains(hostAndPort(host, port));
+    }
+
+    // TODO(sgurun) add a test for this. Not separating host and pair properly will be
+    // a security issue.
+    private String hostAndPort(String host, int port) {

[boliu, 2014/04/14 23:56:04]

static

[sgurun-gerrit only, 2014/04/15 23:40:03]

Done.

+        return host + ":" + port;
+    }
+}