OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ui/android/ssl_client_certificate_request.h" | 5 #include "chrome/browser/ui/android/ssl_client_certificate_request.h" |
6 | 6 |
7 #include "base/android/jni_array.h" | 7 #include "base/android/jni_array.h" |
8 #include "base/android/jni_string.h" | 8 #include "base/android/jni_string.h" |
9 #include "base/android/scoped_java_ref.h" | 9 #include "base/android/scoped_java_ref.h" |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
11 #include "base/bind.h" | 11 #include "base/bind.h" |
12 #include "base/callback_helpers.h" | |
13 #include "base/compiler_specific.h" | 12 #include "base/compiler_specific.h" |
14 #include "base/logging.h" | 13 #include "base/logging.h" |
15 #include "chrome/browser/ssl/ssl_client_certificate_selector.h" | 14 #include "chrome/browser/ssl/ssl_client_certificate_selector.h" |
16 #include "chrome/browser/ui/android/window_android_helper.h" | 15 #include "chrome/browser/ui/android/window_android_helper.h" |
17 #include "content/public/browser/browser_thread.h" | 16 #include "content/public/browser/browser_thread.h" |
| 17 #include "content/public/browser/client_certificate_delegate.h" |
18 #include "crypto/scoped_openssl_types.h" | 18 #include "crypto/scoped_openssl_types.h" |
19 #include "jni/SSLClientCertificateRequest_jni.h" | 19 #include "jni/SSLClientCertificateRequest_jni.h" |
20 #include "net/android/keystore_openssl.h" | 20 #include "net/android/keystore_openssl.h" |
21 #include "net/base/host_port_pair.h" | 21 #include "net/base/host_port_pair.h" |
22 #include "net/cert/cert_database.h" | 22 #include "net/cert/cert_database.h" |
23 #include "net/cert/x509_certificate.h" | 23 #include "net/cert/x509_certificate.h" |
24 #include "net/ssl/openssl_client_key_store.h" | 24 #include "net/ssl/openssl_client_key_store.h" |
25 #include "net/ssl/ssl_cert_request_info.h" | 25 #include "net/ssl/ssl_cert_request_info.h" |
26 #include "net/ssl/ssl_client_cert_type.h" | 26 #include "net/ssl/ssl_client_cert_type.h" |
27 #include "ui/android/window_android.h" | 27 #include "ui/android/window_android.h" |
28 | 28 |
29 namespace chrome { | 29 namespace chrome { |
30 | 30 |
31 namespace { | 31 namespace { |
32 | 32 |
33 // Must be called on the I/O thread to record a client certificate | 33 // Must be called on the I/O thread to record a client certificate |
34 // and its private key in the OpenSSLClientKeyStore. | 34 // and its private key in the OpenSSLClientKeyStore. |
35 void RecordClientCertificateKey( | 35 void RecordClientCertificateKey( |
36 const scoped_refptr<net::X509Certificate>& client_cert, | 36 const scoped_refptr<net::X509Certificate>& client_cert, |
37 crypto::ScopedEVP_PKEY private_key) { | 37 crypto::ScopedEVP_PKEY private_key) { |
38 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); | 38 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); |
39 net::OpenSSLClientKeyStore::GetInstance()->RecordClientCertPrivateKey( | 39 net::OpenSSLClientKeyStore::GetInstance()->RecordClientCertPrivateKey( |
40 client_cert.get(), private_key.get()); | 40 client_cert.get(), private_key.get()); |
41 } | 41 } |
42 | 42 |
43 void StartClientCertificateRequest( | 43 void StartClientCertificateRequest( |
44 const net::SSLCertRequestInfo* cert_request_info, | 44 const net::SSLCertRequestInfo* cert_request_info, |
45 ui::WindowAndroid* window, | 45 ui::WindowAndroid* window, |
46 const chrome::SelectCertificateCallback& callback) { | 46 scoped_ptr<content::ClientCertificateDelegate> delegate) { |
47 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | 47 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
48 | 48 |
49 // Ensure that callback(NULL) is posted as a task on the UI thread | |
50 // in case of an error. | |
51 base::Closure post_task_closure = base::Bind( | |
52 base::IgnoreResult(&content::BrowserThread::PostTask), | |
53 content::BrowserThread::UI, | |
54 FROM_HERE, | |
55 base::Bind(callback, scoped_refptr<net::X509Certificate>())); | |
56 | |
57 base::ScopedClosureRunner guard(post_task_closure); | |
58 | |
59 // Build the |key_types| JNI parameter, as a String[] | 49 // Build the |key_types| JNI parameter, as a String[] |
60 std::vector<std::string> key_types; | 50 std::vector<std::string> key_types; |
61 for (size_t n = 0; n < cert_request_info->cert_key_types.size(); ++n) { | 51 for (size_t n = 0; n < cert_request_info->cert_key_types.size(); ++n) { |
62 switch (cert_request_info->cert_key_types[n]) { | 52 switch (cert_request_info->cert_key_types[n]) { |
63 case net::CLIENT_CERT_RSA_SIGN: | 53 case net::CLIENT_CERT_RSA_SIGN: |
64 key_types.push_back("RSA"); | 54 key_types.push_back("RSA"); |
65 break; | 55 break; |
66 case net::CLIENT_CERT_DSS_SIGN: | 56 case net::CLIENT_CERT_DSS_SIGN: |
67 key_types.push_back("DSA"); | 57 key_types.push_back("DSA"); |
68 break; | 58 break; |
(...skipping 22 matching lines...) Expand all Loading... |
91 LOG(ERROR) << "Could not create principals array (byte[][])"; | 81 LOG(ERROR) << "Could not create principals array (byte[][])"; |
92 return; | 82 return; |
93 } | 83 } |
94 | 84 |
95 // Build the |host_name| and |port| JNI parameters, as a String and | 85 // Build the |host_name| and |port| JNI parameters, as a String and |
96 // a jint. | 86 // a jint. |
97 ScopedJavaLocalRef<jstring> host_name_ref = | 87 ScopedJavaLocalRef<jstring> host_name_ref = |
98 base::android::ConvertUTF8ToJavaString( | 88 base::android::ConvertUTF8ToJavaString( |
99 env, cert_request_info->host_and_port.host()); | 89 env, cert_request_info->host_and_port.host()); |
100 | 90 |
101 // Create a copy of the callback on the heap so that its address | 91 // Pass the address of the delegate through to Java. |
102 // and ownership can be passed through and returned from Java via JNI. | 92 jlong request_id = reinterpret_cast<intptr_t>(delegate.get()); |
103 scoped_ptr<chrome::SelectCertificateCallback> request( | |
104 new chrome::SelectCertificateCallback(callback)); | |
105 | |
106 jlong request_id = reinterpret_cast<intptr_t>(request.get()); | |
107 | 93 |
108 if (!chrome::android:: | 94 if (!chrome::android:: |
109 Java_SSLClientCertificateRequest_selectClientCertificate( | 95 Java_SSLClientCertificateRequest_selectClientCertificate( |
110 env, | 96 env, |
111 request_id, | 97 request_id, |
112 window->GetJavaObject().obj(), | 98 window->GetJavaObject().obj(), |
113 key_types_ref.obj(), | 99 key_types_ref.obj(), |
114 principals_ref.obj(), | 100 principals_ref.obj(), |
115 host_name_ref.obj(), | 101 host_name_ref.obj(), |
116 cert_request_info->host_and_port.port())) { | 102 cert_request_info->host_and_port.port())) { |
117 return; | 103 return; |
118 } | 104 } |
119 | 105 |
120 ignore_result(guard.Release()); | |
121 | |
122 // Ownership was transferred to Java. | 106 // Ownership was transferred to Java. |
123 ignore_result(request.release()); | 107 ignore_result(delegate.release()); |
124 } | 108 } |
125 | 109 |
126 } // namespace | 110 } // namespace |
127 | 111 |
128 namespace android { | 112 namespace android { |
129 | 113 |
130 // Called from JNI on request completion/result. | 114 // Called from JNI on request completion/result. |
131 // |env| is the current thread's JNIEnv. | 115 // |env| is the current thread's JNIEnv. |
132 // |clazz| is the SSLClientCertificateRequest JNI class reference. | 116 // |clazz| is the SSLClientCertificateRequest JNI class reference. |
133 // |request_id| is the id passed to | 117 // |request_id| is the id passed to |
134 // Java_SSLClientCertificateRequest_selectClientCertificate() in Start(). | 118 // Java_SSLClientCertificateRequest_selectClientCertificate() in Start(). |
135 // |encoded_chain_ref| is a JNI reference to a Java array of byte arrays, | 119 // |encoded_chain_ref| is a JNI reference to a Java array of byte arrays, |
136 // each item holding a DER-encoded X.509 certificate. | 120 // each item holding a DER-encoded X.509 certificate. |
137 // |private_key_ref| is the platform PrivateKey object JNI reference for | 121 // |private_key_ref| is the platform PrivateKey object JNI reference for |
138 // the client certificate. | 122 // the client certificate. |
139 // Note: both |encoded_chain_ref| and |private_key_ref| will be NULL if | 123 // Note: both |encoded_chain_ref| and |private_key_ref| will be NULL if |
140 // the user didn't select a certificate. | 124 // the user didn't select a certificate. |
141 static void OnSystemRequestCompletion( | 125 static void OnSystemRequestCompletion( |
142 JNIEnv* env, | 126 JNIEnv* env, |
143 jclass clazz, | 127 jclass clazz, |
144 jlong request_id, | 128 jlong request_id, |
145 jobjectArray encoded_chain_ref, | 129 jobjectArray encoded_chain_ref, |
146 jobject private_key_ref) { | 130 jobject private_key_ref) { |
147 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | 131 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
148 | 132 |
149 // Take back ownership of the request object. | 133 // Take back ownership of the delegate object. |
150 scoped_ptr<chrome::SelectCertificateCallback> callback( | 134 scoped_ptr<content::ClientCertificateDelegate> delegate( |
151 reinterpret_cast<chrome::SelectCertificateCallback*>(request_id)); | 135 reinterpret_cast<content::ClientCertificateDelegate*>(request_id)); |
152 | |
153 // Ensure that callback(NULL) is called in case of an error. | |
154 base::Closure null_closure = | |
155 base::Bind(*callback, scoped_refptr<net::X509Certificate>()); | |
156 | |
157 base::ScopedClosureRunner guard(null_closure); | |
158 | 136 |
159 if (encoded_chain_ref == NULL || private_key_ref == NULL) { | 137 if (encoded_chain_ref == NULL || private_key_ref == NULL) { |
160 LOG(ERROR) << "Client certificate request cancelled"; | 138 LOG(ERROR) << "No client certificate selected"; |
| 139 delegate->ContinueWithCertificate(nullptr); |
161 return; | 140 return; |
162 } | 141 } |
163 | 142 |
164 // Convert the encoded chain to a vector of strings. | 143 // Convert the encoded chain to a vector of strings. |
165 std::vector<std::string> encoded_chain_strings; | 144 std::vector<std::string> encoded_chain_strings; |
166 if (encoded_chain_ref) { | 145 if (encoded_chain_ref) { |
167 base::android::JavaArrayOfByteArrayToStringVector( | 146 base::android::JavaArrayOfByteArrayToStringVector( |
168 env, encoded_chain_ref, &encoded_chain_strings); | 147 env, encoded_chain_ref, &encoded_chain_strings); |
169 } | 148 } |
170 | 149 |
(...skipping 10 matching lines...) Expand all Loading... |
181 } | 160 } |
182 | 161 |
183 // Create an EVP_PKEY wrapper for the private key JNI reference. | 162 // Create an EVP_PKEY wrapper for the private key JNI reference. |
184 crypto::ScopedEVP_PKEY private_key( | 163 crypto::ScopedEVP_PKEY private_key( |
185 net::android::GetOpenSSLPrivateKeyWrapper(private_key_ref)); | 164 net::android::GetOpenSSLPrivateKeyWrapper(private_key_ref)); |
186 if (!private_key.get()) { | 165 if (!private_key.get()) { |
187 LOG(ERROR) << "Could not create OpenSSL wrapper for private key"; | 166 LOG(ERROR) << "Could not create OpenSSL wrapper for private key"; |
188 return; | 167 return; |
189 } | 168 } |
190 | 169 |
191 ignore_result(guard.Release()); | |
192 | |
193 // RecordClientCertificateKey() must be called on the I/O thread, | 170 // RecordClientCertificateKey() must be called on the I/O thread, |
194 // before the callback is called with the selected certificate on | 171 // before the callback is called with the selected certificate on |
195 // the UI thread. | 172 // the UI thread. |
196 content::BrowserThread::PostTaskAndReply( | 173 content::BrowserThread::PostTaskAndReply( |
197 content::BrowserThread::IO, | 174 content::BrowserThread::IO, FROM_HERE, |
198 FROM_HERE, | 175 base::Bind(&RecordClientCertificateKey, client_cert, |
199 base::Bind(&RecordClientCertificateKey, | |
200 client_cert, | |
201 base::Passed(&private_key)), | 176 base::Passed(&private_key)), |
202 base::Bind(*callback, client_cert)); | 177 base::Bind(&content::ClientCertificateDelegate::ContinueWithCertificate, |
| 178 base::Owned(delegate.release()), client_cert)); |
203 } | 179 } |
204 | 180 |
205 static void NotifyClientCertificatesChanged() { | 181 static void NotifyClientCertificatesChanged() { |
206 net::CertDatabase::GetInstance()->OnAndroidKeyStoreChanged(); | 182 net::CertDatabase::GetInstance()->OnAndroidKeyStoreChanged(); |
207 } | 183 } |
208 | 184 |
209 static void NotifyClientCertificatesChangedOnIOThread(JNIEnv* env, jclass) { | 185 static void NotifyClientCertificatesChangedOnIOThread(JNIEnv* env, jclass) { |
210 if (content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)) { | 186 if (content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)) { |
211 NotifyClientCertificatesChanged(); | 187 NotifyClientCertificatesChanged(); |
212 } else { | 188 } else { |
213 content::BrowserThread::PostTask( | 189 content::BrowserThread::PostTask( |
214 content::BrowserThread::IO, | 190 content::BrowserThread::IO, |
215 FROM_HERE, | 191 FROM_HERE, |
216 base::Bind(&NotifyClientCertificatesChanged)); | 192 base::Bind(&NotifyClientCertificatesChanged)); |
217 } | 193 } |
218 } | 194 } |
219 | 195 |
220 bool RegisterSSLClientCertificateRequestAndroid(JNIEnv* env) { | 196 bool RegisterSSLClientCertificateRequestAndroid(JNIEnv* env) { |
221 return RegisterNativesImpl(env); | 197 return RegisterNativesImpl(env); |
222 } | 198 } |
223 | 199 |
224 } // namespace android | 200 } // namespace android |
225 | 201 |
226 void ShowSSLClientCertificateSelector( | 202 void ShowSSLClientCertificateSelector( |
227 content::WebContents* contents, | 203 content::WebContents* contents, |
228 net::SSLCertRequestInfo* cert_request_info, | 204 net::SSLCertRequestInfo* cert_request_info, |
229 const chrome::SelectCertificateCallback& callback) { | 205 scoped_ptr<content::ClientCertificateDelegate> delegate) { |
230 ui::WindowAndroid* window = | 206 ui::WindowAndroid* window = |
231 WindowAndroidHelper::FromWebContents(contents)->GetWindowAndroid(); | 207 WindowAndroidHelper::FromWebContents(contents)->GetWindowAndroid(); |
232 DCHECK(window); | 208 DCHECK(window); |
233 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | 209 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
234 StartClientCertificateRequest(cert_request_info, window, callback); | 210 StartClientCertificateRequest(cert_request_info, window, delegate.Pass()); |
235 } | 211 } |
236 | 212 |
237 } // namespace chrome | 213 } // namespace chrome |
OLD | NEW |