Fix BrowserFrame to construct SslError using the full URL, rather than the host

Steve Block · Steve Block · commit fa03f9a3460a · 2011-10-05T13:16:17.000+01:00
https://android-git.corp.google.com/g/#/c/133348 changed BrowserFrame to construct the SslError using only the host. This was done so that we match on just the host component of the URL when re-using previous decisions in case of an SSL error. It also means that the browser displays only the host when it shows the SSL error dialog. This change fixes BrowserFrame to pass the full URL to SslError. We modify SslCertLookupTable to keep the existing behaviour regarding matching on only the host component. There's no need to change Browser to continue displaying only the host as I think this change was an unintentional side-effect. Also remove dead code-path in BrowserFrame.reportSslCertError(). This method is used only with the Chromium HTTP stack. This code was added in https://android-git.corp.google.com/g/#/c/121023. No functional change. Bug: 5410252 Change-Id: Ief2dbf4558095fb6fa7ab0caac7d37fa4f640b66
diff --git a/core/java/android/net/http/SslError.java b/core/java/android/net/http/SslError.java
@@ -163,10 +163,6 @@ public SslCertificate getCertificate() {
      * Gets the URL associated with this object.
      * @return The URL, non-null.
      */
-    // TODO: When the WebView constructs an instance of this object, we
-    // actually provide only the hostname, not the full URL. We should consider
-    // deprecating this method, adding a new getHost() method and updating the
-    // constructor arguments. See http://b/5410252.
     public String getUrl() {
         return mUrl;
     }
diff --git a/core/java/android/webkit/BrowserFrame.java b/core/java/android/webkit/BrowserFrame.java
@@ -43,7 +43,6 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.lang.ref.WeakReference;
-import java.net.URL;
 import java.net.URLEncoder;
 import java.nio.charset.Charsets;
 import java.security.PrivateKey;
@@ -1171,12 +1170,7 @@ private void reportSslCertError(final int handle, final int certError, byte cert
         try {
             X509Certificate cert = new X509CertImpl(certDER);
             SslCertificate sslCert = new SslCertificate(cert);
-            if (JniUtil.useChromiumHttpStack()) {
-                sslError = SslError.SslErrorFromChromiumErrorCode(certError, sslCert,
-                        new URL(url).getHost());
-            } else {
-                sslError = new SslError(certError, cert, url);
-            }
+            sslError = SslError.SslErrorFromChromiumErrorCode(certError, sslCert, url);
         } catch (IOException e) {
             // Can't get the certificate, not much to do.
             Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling");
diff --git a/core/java/android/webkit/SslCertLookupTable.java b/core/java/android/webkit/SslCertLookupTable.java
@@ -19,6 +19,9 @@
 import android.os.Bundle;
 import android.net.http.SslError;
 
+import java.net.MalformedURLException;
+import java.net.URL;
+
 /**
  * Stores the user's decision of whether to allow or deny an invalid certificate.
  *
@@ -40,14 +43,32 @@ private SslCertLookupTable() {
     }
 
     public void setIsAllowed(SslError sslError, boolean allow) {
-        table.putBoolean(sslError.toString(), allow);
+        // TODO: We should key on just the host. See http://b/5409251.
+        String errorString = sslErrorToString(sslError);
+        if (errorString != null) {
+            table.putBoolean(errorString, allow);
+        }
     }
 
     public boolean isAllowed(SslError sslError) {
-        return table.getBoolean(sslError.toString());
+        // TODO: We should key on just the host. See http://b/5409251.
+        String errorString = sslErrorToString(sslError);
+        return errorString == null ? false : table.getBoolean(errorString);
     }
 
     public void clear() {
         table.clear();
     }
+
+    private static String sslErrorToString(SslError error) {
+        String host;
+        try {
+            host = new URL(error.getUrl()).getHost();
+        } catch(MalformedURLException e) {
+            return null;
+        }
+        return "primary error: " + error.getPrimaryError() +
+                " certificate: " + error.getCertificate() +
+                " on host: " + host;
+    }
 }
