search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Disable TabDragController tests that fail with a real compositor.
[chromium-blink-merge.git] / chrome / browser / ui / android / ssl_client_certificate_request.cc
blob468b53b21b3661e4ce8b0083ef20307604b4773d
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/ui/android/ssl_client_certificate_request.h"
6
7 #include "base/android/jni_array.h"
8 #include "base/android/jni_string.h"
9 #include "base/android/scoped_java_ref.h"
10 #include "base/basictypes.h"
11 #include "base/bind.h"
12 #include "base/callback_helpers.h"
13 #include "base/compiler_specific.h"
14 #include "base/logging.h"
15 #include "chrome/browser/ssl/ssl_client_certificate_selector.h"
16 #include "content/public/browser/browser_thread.h"
17 #include "jni/SSLClientCertificateRequest_jni.h"
18 #include "net/android/keystore_openssl.h"
19 #include "net/base/host_port_pair.h"
20 #include "net/cert/x509_certificate.h"
21 #include "net/ssl/openssl_client_key_store.h"
22 #include "net/ssl/ssl_cert_request_info.h"
23 #include "net/ssl/ssl_client_cert_type.h"
24
25 namespace chrome {
26
27 namespace {
28
29 typedef net::OpenSSLClientKeyStore::ScopedEVP_PKEY ScopedEVP_PKEY;
30
31 // Must be called on the I/O thread to record a client certificate
32 // and its private key in the OpenSSLClientKeyStore.
33 void RecordClientCertificateKey(
34 const scoped_refptr<net::X509Certificate>& client_cert,
35 ScopedEVP_PKEY private_key) {
36 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
37 net::OpenSSLClientKeyStore::GetInstance()->RecordClientCertPrivateKey(
38 client_cert.get(), private_key.get());
39 }
40
41 void StartClientCertificateRequest(
42 const net::SSLCertRequestInfo* cert_request_info,
43 const chrome::SelectCertificateCallback& callback) {
44 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
45
46 // Ensure that callback(NULL) is posted as a task on the UI thread
47 // in case of an error.
48 base::Closure post_task_closure = base::Bind(
49 base::IgnoreResult(&content::BrowserThread::PostTask),
50 content::BrowserThread::UI,
51 FROM_HERE,
52 base::Bind(callback, scoped_refptr<net::X509Certificate>()));
53
54 base::ScopedClosureRunner guard(post_task_closure);
55
56 // Build the |key_types| JNI parameter, as a String[]
57 std::vector<std::string> key_types;
58 for (size_t n = 0; n < cert_request_info->cert_key_types.size(); ++n) {
59 switch (cert_request_info->cert_key_types[n]) {
60 case net::CLIENT_CERT_RSA_SIGN:
61 key_types.push_back("RSA");
62 break;
63 case net::CLIENT_CERT_DSS_SIGN:
64 key_types.push_back("DSA");
65 break;
66 case net::CLIENT_CERT_ECDSA_SIGN:
67 key_types.push_back("ECDSA");
68 break;
69 default:
70 // Ignore unknown types.
71 break;
72 }
73 }
74
75 JNIEnv* env = base::android::AttachCurrentThread();
76 ScopedJavaLocalRef<jobjectArray> key_types_ref =
77 base::android::ToJavaArrayOfStrings(env, key_types);
78 if (key_types_ref.is_null()) {
79 LOG(ERROR) << "Could not create key types array (String[])";
80 return;
81 }
82
83 // Build the |encoded_principals| JNI parameter, as a byte[][]
84 ScopedJavaLocalRef<jobjectArray> principals_ref =
85 base::android::ToJavaArrayOfByteArray(
86 env, cert_request_info->cert_authorities);
87 if (principals_ref.is_null()) {
88 LOG(ERROR) << "Could not create principals array (byte[][])";
89 return;
90 }
91
92 // Build the |host_name| and |port| JNI parameters, as a String and
93 // a jint.
94 ScopedJavaLocalRef<jstring> host_name_ref =
95 base::android::ConvertUTF8ToJavaString(
96 env, cert_request_info->host_and_port.host());
97
98 // Create a copy of the callback on the heap so that its address
99 // and ownership can be passed through and returned from Java via JNI.
100 scoped_ptr<chrome::SelectCertificateCallback> request(
101 new chrome::SelectCertificateCallback(callback));
102
103 jint request_id = reinterpret_cast<jint>(request.get());
104
105 if (!chrome::android::
106 Java_SSLClientCertificateRequest_selectClientCertificate(
107 env, request_id, key_types_ref.obj(), principals_ref.obj(),
108 host_name_ref.obj(), cert_request_info->host_and_port.port())) {
109 return;
110 }
111
112 ignore_result(guard.Release());
113
114 // Ownership was transferred to Java.
115 chrome::SelectCertificateCallback* ALLOW_UNUSED dummy =
116 request.release();
117 }
118
119 } // namespace
120
121 namespace android {
122
123 // Called from JNI on request completion/result.
124 // |env| is the current thread's JNIEnv.
125 // |clazz| is the SSLClientCertificateRequest JNI class reference.
126 // |request_id| is the id passed to
127 // Java_SSLClientCertificateRequest_selectClientCertificate() in Start().
128 // |encoded_chain_ref| is a JNI reference to a Java array of byte arrays,
129 // each item holding a DER-encoded X.509 certificate.
130 // |private_key_ref| is the platform PrivateKey object JNI reference for
131 // the client certificate.
132 // Note: both |encoded_chain_ref| and |private_key_ref| will be NULL if
133 // the user didn't select a certificate.
134 static void OnSystemRequestCompletion(
135 JNIEnv* env,
136 jclass clazz,
137 jint request_id,
138 jobjectArray encoded_chain_ref,
139 jobject private_key_ref) {
140 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
141
142 // Take back ownership of the request object.
143 scoped_ptr<chrome::SelectCertificateCallback> callback(
144 reinterpret_cast<chrome::SelectCertificateCallback*>(request_id));
145
146 // Ensure that callback(NULL) is called in case of an error.
147 base::Closure null_closure =
148 base::Bind(*callback, scoped_refptr<net::X509Certificate>());
149
150 base::ScopedClosureRunner guard(null_closure);
151
152 if (encoded_chain_ref == NULL || private_key_ref == NULL) {
153 LOG(ERROR) << "Client certificate request cancelled";
154 return;
155 }
156
157 // Convert the encoded chain to a vector of strings.
158 std::vector<std::string> encoded_chain_strings;
159 if (encoded_chain_ref) {
160 base::android::JavaArrayOfByteArrayToStringVector(
161 env, encoded_chain_ref, &encoded_chain_strings);
162 }
163
164 std::vector<base::StringPiece> encoded_chain;
165 for (size_t n = 0; n < encoded_chain_strings.size(); ++n)
166 encoded_chain.push_back(encoded_chain_strings[n]);
167
168 // Create the X509Certificate object from the encoded chain.
169 scoped_refptr<net::X509Certificate> client_cert(
170 net::X509Certificate::CreateFromDERCertChain(encoded_chain));
171 if (!client_cert.get()) {
172 LOG(ERROR) << "Could not decode client certificate chain";
173 return;
174 }
175
176 // Create an EVP_PKEY wrapper for the private key JNI reference.
177 ScopedEVP_PKEY private_key(
178 net::android::GetOpenSSLPrivateKeyWrapper(private_key_ref));
179 if (!private_key.get()) {
180 LOG(ERROR) << "Could not create OpenSSL wrapper for private key";
181 return;
182 }
183
184 ignore_result(guard.Release());
185
186 // RecordClientCertificateKey() must be called on the I/O thread,
187 // before the callback is called with the selected certificate on
188 // the UI thread.
189 content::BrowserThread::PostTaskAndReply(
190 content::BrowserThread::IO,
191 FROM_HERE,
192 base::Bind(&RecordClientCertificateKey,
193 client_cert,
194 base::Passed(&private_key)),
195 base::Bind(*callback, client_cert));
196 }
197
198 bool RegisterSSLClientCertificateRequestAndroid(JNIEnv* env) {
199 return RegisterNativesImpl(env);
200 }
201
202 } // namespace android
203
204 void ShowSSLClientCertificateSelector(
205 content::WebContents* contents,
206 const net::HttpNetworkSession* network_session,
207 net::SSLCertRequestInfo* cert_request_info,
208 const chrome::SelectCertificateCallback& callback) {
209 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
210 StartClientCertificateRequest(cert_request_info, callback);
211 }
212
213 } // namespace chrome