Chromium Code Reviews Chromium Code Reviews
Issue 2970003003:
customtabs: Extract a redirect endpoint, and maybe connect to it. (Closed)
| Index: chrome/android/java/src/org/chromium/chrome/browser/customtabs/OriginVerifier.java |
| diff --git a/chrome/android/java/src/org/chromium/chrome/browser/customtabs/OriginVerifier.java b/chrome/android/java/src/org/chromium/chrome/browser/customtabs/OriginVerifier.java |
| index b7c6ba4a3dbd0868bec566fd0e1b4674832cc9b6..d3ec9d46c69875a2335392d9735b1f234b3ec3c5 100644 |
| --- a/chrome/android/java/src/org/chromium/chrome/browser/customtabs/OriginVerifier.java |
| +++ b/chrome/android/java/src/org/chromium/chrome/browser/customtabs/OriginVerifier.java |
| @@ -30,8 +30,10 @@ import java.security.cert.CertificateException; |
| import java.security.cert.CertificateFactory; |
| import java.security.cert.X509Certificate; |
| import java.util.HashMap; |
| +import java.util.HashSet; |
| import java.util.Locale; |
| import java.util.Map; |
| +import java.util.Set; |
| /** |
| * Used to verify postMessage origin for a designated package name. |
| @@ -47,21 +49,25 @@ import java.util.Map; |
| class OriginVerifier { |
| private static final String TAG = "OriginVerifier"; |
| private static final char[] HEX_CHAR_LOOKUP = "0123456789ABCDEF".toCharArray(); |
| - private static Map<String, Uri> sCachedOriginMap; |
| + private static Map<String, Set<Uri>> sPackageToCachedOrigins; |
| private final OriginVerificationListener mListener; |
| private final String mPackageName; |
| private final String mSignatureFingerprint; |
| private long mNativeOriginVerifier = 0; |
| private Uri mOrigin; |
| - /** |
| - * To be used for prepopulating verified origin for testing functionality. |
| - * @param packageName The package name to prepopulate for. |
| - * @param origin The origin to add as verified. |
| - */ |
| - @VisibleForTesting |
| - static void prePopulateVerifiedOriginForTesting(String packageName, Uri origin) { |
| - cacheVerifiedOriginIfNeeded(packageName, origin); |
| + /** Small helper class to post a result of origin verification. */ |
| + private class VerifiedCallback implements Runnable { |
|
Yusuf
2017/07/06 06:34:42
Thanks!
|
| + private final boolean mResult; |
| + |
| + public VerifiedCallback(boolean result) { |
| + this.mResult = result; |
| + } |
| + |
| + @Override |
| + public void run() { |
| + originVerified(mResult); |
| + } |
| } |
| private static Uri getPostMessageOriginFromVerifiedOrigin( |
| @@ -70,11 +76,35 @@ class OriginVerifier { |
| + verifiedOrigin.getHost() + "/" + packageName); |
| } |
| - private static void cacheVerifiedOriginIfNeeded(String packageName, Uri origin) { |
| - if (sCachedOriginMap == null) sCachedOriginMap = new HashMap<>(); |
| - if (!sCachedOriginMap.containsKey(packageName)) { |
| - sCachedOriginMap.put(packageName, origin); |
| + /** Clears all known relations. */ |
| + @VisibleForTesting |
| + static void reset() { |
| + ThreadUtils.assertOnUiThread(); |
| + sPackageToCachedOrigins.clear(); |
| + } |
| + |
| + /** |
| + * Mark an origin as verified for a package. |
| + * @param packageName The package name to prepopulate for. |
| + * @param origin The origin to add as verified. |
| + */ |
| + static void addVerifiedOriginForPackage(String packageName, Uri origin) { |
| + ThreadUtils.assertOnUiThread(); |
| + if (sPackageToCachedOrigins == null) sPackageToCachedOrigins = new HashMap<>(); |
| + Set<Uri> cachedOrigins = sPackageToCachedOrigins.get(packageName); |
| + if (cachedOrigins == null) { |
| + cachedOrigins = new HashSet<Uri>(); |
| + sPackageToCachedOrigins.put(packageName, cachedOrigins); |
| } |
| + cachedOrigins.add(origin); |
| + } |
| + |
| + static boolean isValidOrigin(String packageName, Uri origin) { |
|
Yusuf
2017/07/06 06:34:42
javadoc
Maybe something around no async verificat
Benoit L
2017/07/07 11:30:56
Done.
|
| + ThreadUtils.assertOnUiThread(); |
| + if (sPackageToCachedOrigins == null) return false; |
| + Set<Uri> cachedOrigins = sPackageToCachedOrigins.get(packageName); |
| + if (cachedOrigins == null) return false; |
| + return cachedOrigins.contains(origin); |
| } |
| /** |
| @@ -112,24 +142,13 @@ class OriginVerifier { |
| ThreadUtils.assertOnUiThread(); |
| mOrigin = origin; |
| if (!UrlConstants.HTTPS_SCHEME.equals(mOrigin.getScheme().toLowerCase(Locale.US))) { |
| - ThreadUtils.postOnUiThread(new Runnable() { |
| - @Override |
| - public void run() { |
| - originVerified(false); |
| - } |
| - }); |
| + ThreadUtils.postOnUiThread(new VerifiedCallback(false)); |
| return; |
| } |
| // If this origin is cached as verified already, use that. |
| - Uri cachedOrigin = getCachedOriginIfExists(); |
| - if (cachedOrigin != null && cachedOrigin.equals(origin)) { |
| - ThreadUtils.postOnUiThread(new Runnable() { |
| - @Override |
| - public void run() { |
| - originVerified(true); |
| - } |
| - }); |
| + if (isValidOrigin(mPackageName, origin)) { |
| + ThreadUtils.postOnUiThread(new VerifiedCallback(true)); |
| return; |
| } |
| if (mNativeOriginVerifier != 0) cleanUp(); |
| @@ -142,14 +161,7 @@ class OriginVerifier { |
| assert mNativeOriginVerifier != 0; |
| boolean success = nativeVerifyOrigin( |
| mNativeOriginVerifier, mPackageName, mSignatureFingerprint, mOrigin.toString()); |
| - if (!success) { |
| - ThreadUtils.postOnUiThread(new Runnable() { |
| - @Override |
| - public void run() { |
| - originVerified(false); |
| - } |
| - }); |
| - } |
| + if (!success) ThreadUtils.postOnUiThread(new VerifiedCallback(false)); |
| } |
| /** |
| @@ -219,18 +231,13 @@ class OriginVerifier { |
| @CalledByNative |
| private void originVerified(boolean originVerified) { |
| if (originVerified) { |
| - cacheVerifiedOriginIfNeeded(mPackageName, mOrigin); |
| + addVerifiedOriginForPackage(mPackageName, mOrigin); |
| mOrigin = getPostMessageOriginFromVerifiedOrigin(mPackageName, mOrigin); |
| } |
| mListener.onOriginVerified(mPackageName, mOrigin, originVerified); |
| cleanUp(); |
| } |
| - private Uri getCachedOriginIfExists() { |
| - if (sCachedOriginMap == null) return null; |
| - return sCachedOriginMap.get(mPackageName); |
| - } |
| - |
| private native long nativeInit(Profile profile); |
| private native boolean nativeVerifyOrigin(long nativeOriginVerifier, String packageName, |
| String signatureFingerprint, String origin); |
