Merge "Use private key context when necessary" into jb-dev

Selim Gurun · Android (Google) Code Review · commit ee00b31a54cc · 2012-05-07T10:54:24.000-07:00
diff --git a/core/java/android/webkit/BrowserFrame.java b/core/java/android/webkit/BrowserFrame.java
@@ -56,6 +56,8 @@
 import java.util.Set;
 
 import org.apache.harmony.security.provider.cert.X509CertImpl;
+import org.apache.harmony.xnet.provider.jsse.OpenSSLDSAPrivateKey;
+import org.apache.harmony.xnet.provider.jsse.OpenSSLRSAPrivateKey;
 
 class BrowserFrame extends Handler {
 
@@ -1104,12 +1106,23 @@ private void requestClientCert(int handle, String hostAndPort) {
         SslClientCertLookupTable table = SslClientCertLookupTable.getInstance();
         if (table.IsAllowed(hostAndPort)) {
             // previously allowed
-            nativeSslClientCert(handle,
-                                table.PrivateKey(hostAndPort),
-                                table.CertificateChain(hostAndPort));
+            PrivateKey pkey = table.PrivateKey(hostAndPort);
+            if (pkey instanceof OpenSSLRSAPrivateKey) {
+                nativeSslClientCert(handle,
+                                    ((OpenSSLRSAPrivateKey)pkey).getPkeyContext(),
+                                    table.CertificateChain(hostAndPort));
+            } else if (pkey instanceof OpenSSLDSAPrivateKey) {
+                nativeSslClientCert(handle,
+                                    ((OpenSSLDSAPrivateKey)pkey).getPkeyContext(),
+                                    table.CertificateChain(hostAndPort));
+            } else {
+                nativeSslClientCert(handle,
+                                    pkey.getEncoded(),
+                                    table.CertificateChain(hostAndPort));
+            }
         } else if (table.IsDenied(hostAndPort)) {
             // previously denied
-            nativeSslClientCert(handle, null, null);
+            nativeSslClientCert(handle, 0, null);
         } else {
             // previously ignored or new
             mCallbackProxy.onReceivedClientCertRequest(
@@ -1296,7 +1309,11 @@ public void stopLoading() {
     private native void nativeSslCertErrorCancel(int handle, int certError);
 
     native void nativeSslClientCert(int handle,
-                                    byte[] pkcs8EncodedPrivateKey,
+                                    int ctx,
+                                    byte[][] asn1DerEncodedCertificateChain);
+
+    native void nativeSslClientCert(int handle,
+                                    byte[] pkey,
                                     byte[][] asn1DerEncodedCertificateChain);
 
     /**
diff --git a/core/java/android/webkit/ClientCertRequestHandler.java b/core/java/android/webkit/ClientCertRequestHandler.java
@@ -21,6 +21,8 @@
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import org.apache.harmony.xnet.provider.jsse.NativeCrypto;
+import org.apache.harmony.xnet.provider.jsse.OpenSSLDSAPrivateKey;
+import org.apache.harmony.xnet.provider.jsse.OpenSSLRSAPrivateKey;
 
 /**
  * ClientCertRequestHandler: class responsible for handling client
@@ -50,33 +52,58 @@ public final class ClientCertRequestHandler extends Handler {
      * Proceed with the specified private key and client certificate chain.
      */
     public void proceed(PrivateKey privateKey, X509Certificate[] chain) {
-        final byte[] privateKeyBytes = privateKey.getEncoded();
-        final byte[][] chainBytes;
         try {
-            chainBytes = NativeCrypto.encodeCertificates(chain);
-            mTable.Allow(mHostAndPort, privateKeyBytes, chainBytes);
-            post(new Runnable() {
-                    public void run() {
-                        mBrowserFrame.nativeSslClientCert(mHandle, privateKeyBytes, chainBytes);
-                    }
-                });
+            byte[][] chainBytes = NativeCrypto.encodeCertificates(chain);
+            mTable.Allow(mHostAndPort, privateKey, chainBytes);
+
+            if (privateKey instanceof OpenSSLRSAPrivateKey) {
+                setSslClientCertFromCtx(((OpenSSLRSAPrivateKey)privateKey).getPkeyContext(),
+                           chainBytes);
+            } else if (privateKey instanceof OpenSSLDSAPrivateKey) {
+                setSslClientCertFromCtx(((OpenSSLDSAPrivateKey)privateKey).getPkeyContext(),
+                           chainBytes);
+            } else {
+                setSslClientCertFromPKCS8(privateKey.getEncoded(),chainBytes);
+            }
         } catch (CertificateEncodingException e) {
             post(new Runnable() {
                     public void run() {
-                        mBrowserFrame.nativeSslClientCert(mHandle, null, null);
+                        mBrowserFrame.nativeSslClientCert(mHandle, 0, null);
                         return;
                     }
                 });
         }
     }
 
+    /**
+     * Proceed with the specified private key bytes and client certificate chain.
+     */
+    private void setSslClientCertFromCtx(final int ctx, final byte[][] chainBytes) {
+        post(new Runnable() {
+                public void run() {
+                    mBrowserFrame.nativeSslClientCert(mHandle, ctx, chainBytes);
+                }
+            });
+    }
+
+    /**
+     * Proceed with the specified private key context and client certificate chain.
+     */
+    private void setSslClientCertFromPKCS8(final byte[] key, final byte[][] chainBytes) {
+        post(new Runnable() {
+                public void run() {
+                    mBrowserFrame.nativeSslClientCert(mHandle, key, chainBytes);
+                }
+            });
+    }
+
     /**
      * Igore the request for now, the user may be prompted again.
      */
     public void ignore() {
         post(new Runnable() {
                 public void run() {
-                    mBrowserFrame.nativeSslClientCert(mHandle, null, null);
+                    mBrowserFrame.nativeSslClientCert(mHandle, 0, null);
                 }
             });
     }
@@ -88,7 +115,7 @@ public void cancel() {
         mTable.Deny(mHostAndPort);
         post(new Runnable() {
                 public void run() {
-                    mBrowserFrame.nativeSslClientCert(mHandle, null, null);
+                    mBrowserFrame.nativeSslClientCert(mHandle, 0, null);
                 }
             });
     }
diff --git a/core/java/android/webkit/SslClientCertLookupTable.java b/core/java/android/webkit/SslClientCertLookupTable.java
@@ -16,6 +16,7 @@
 
 package android.webkit;
 
+import java.security.PrivateKey;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
@@ -26,7 +27,7 @@
  */
 final class SslClientCertLookupTable {
     private static SslClientCertLookupTable sTable;
-    private final Map<String, byte[]> privateKeys;
+    private final Map<String, PrivateKey> privateKeys;
     private final Map<String, byte[][]> certificateChains;
     private final Set<String> denied;
 
@@ -38,12 +39,12 @@ public static synchronized SslClientCertLookupTable getInstance() {
     }
 
     private SslClientCertLookupTable() {
-        privateKeys = new HashMap<String, byte[]>();
+        privateKeys = new HashMap<String, PrivateKey>();
         certificateChains = new HashMap<String, byte[][]>();
         denied = new HashSet<String>();
     }
 
-    public void Allow(String host_and_port, byte[] privateKey, byte[][] chain) {
+    public void Allow(String host_and_port, PrivateKey privateKey, byte[][] chain) {
         privateKeys.put(host_and_port, privateKey);
         certificateChains.put(host_and_port, chain);
         denied.remove(host_and_port);
@@ -63,7 +64,7 @@ public boolean IsDenied(String host_and_port) {
         return denied.contains(host_and_port);
     }
 
-    public byte[] PrivateKey(String host_and_port) {
+    public PrivateKey PrivateKey(String host_and_port) {
         return privateKeys.get(host_and_port);
     }
 
