search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert of Add button to add new FSP services to Files app. (patchset #8 id:140001...
[chromium-blink-merge.git] / chrome / browser / ui / android / ssl_client_certificate_request.cc
blobb09f483d3b51d75d0084a2da3997405e9dd5a2f1
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/ui/android/ssl_client_certificate_request.h"
6
7 #include "base/android/jni_array.h"
8 #include "base/android/jni_string.h"
9 #include "base/android/scoped_java_ref.h"
10 #include "base/basictypes.h"
11 #include "base/bind.h"
12 #include "base/compiler_specific.h"
13 #include "base/logging.h"
14 #include "chrome/browser/ssl/ssl_client_certificate_selector.h"
15 #include "chrome/browser/ui/android/window_android_helper.h"
16 #include "content/public/browser/browser_thread.h"
17 #include "content/public/browser/client_certificate_delegate.h"
18 #include "crypto/scoped_openssl_types.h"
19 #include "jni/SSLClientCertificateRequest_jni.h"
20 #include "net/android/keystore_openssl.h"
21 #include "net/base/host_port_pair.h"
22 #include "net/cert/cert_database.h"
23 #include "net/cert/x509_certificate.h"
24 #include "net/ssl/openssl_client_key_store.h"
25 #include "net/ssl/ssl_cert_request_info.h"
26 #include "net/ssl/ssl_client_cert_type.h"
27 #include "ui/android/window_android.h"
28
29 namespace chrome {
30
31 namespace {
32
33 // Must be called on the I/O thread to record a client certificate
34 // and its private key in the OpenSSLClientKeyStore.
35 void RecordClientCertificateKey(
36 const scoped_refptr<net::X509Certificate>& client_cert,
37 crypto::ScopedEVP_PKEY private_key) {
38 DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
39 net::OpenSSLClientKeyStore::GetInstance()->RecordClientCertPrivateKey(
40 client_cert.get(), private_key.get());
41 }
42
43 void StartClientCertificateRequest(
44 const net::SSLCertRequestInfo* cert_request_info,
45 ui::WindowAndroid* window,
46 scoped_ptr<content::ClientCertificateDelegate> delegate) {
47 DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
48
49 // Build the |key_types| JNI parameter, as a String[]
50 std::vector<std::string> key_types;
51 for (size_t n = 0; n < cert_request_info->cert_key_types.size(); ++n) {
52 switch (cert_request_info->cert_key_types[n]) {
53 case net::CLIENT_CERT_RSA_SIGN:
54 key_types.push_back("RSA");
55 break;
56 case net::CLIENT_CERT_DSS_SIGN:
57 key_types.push_back("DSA");
58 break;
59 case net::CLIENT_CERT_ECDSA_SIGN:
60 key_types.push_back("ECDSA");
61 break;
62 default:
63 // Ignore unknown types.
64 break;
65 }
66 }
67
68 JNIEnv* env = base::android::AttachCurrentThread();
69 ScopedJavaLocalRef<jobjectArray> key_types_ref =
70 base::android::ToJavaArrayOfStrings(env, key_types);
71 if (key_types_ref.is_null()) {
72 LOG(ERROR) << "Could not create key types array (String[])";
73 return;
74 }
75
76 // Build the |encoded_principals| JNI parameter, as a byte[][]
77 ScopedJavaLocalRef<jobjectArray> principals_ref =
78 base::android::ToJavaArrayOfByteArray(
79 env, cert_request_info->cert_authorities);
80 if (principals_ref.is_null()) {
81 LOG(ERROR) << "Could not create principals array (byte[][])";
82 return;
83 }
84
85 // Build the |host_name| and |port| JNI parameters, as a String and
86 // a jint.
87 ScopedJavaLocalRef<jstring> host_name_ref =
88 base::android::ConvertUTF8ToJavaString(
89 env, cert_request_info->host_and_port.host());
90
91 // Pass the address of the delegate through to Java.
92 jlong request_id = reinterpret_cast<intptr_t>(delegate.get());
93
94 if (!chrome::android::
95 Java_SSLClientCertificateRequest_selectClientCertificate(
96 env,
97 request_id,
98 window->GetJavaObject().obj(),
99 key_types_ref.obj(),
100 principals_ref.obj(),
101 host_name_ref.obj(),
102 cert_request_info->host_and_port.port())) {
103 return;
104 }
105
106 // Ownership was transferred to Java.
107 ignore_result(delegate.release());
108 }
109
110 } // namespace
111
112 namespace android {
113
114 // Called from JNI on request completion/result.
115 // |env| is the current thread's JNIEnv.
116 // |clazz| is the SSLClientCertificateRequest JNI class reference.
117 // |request_id| is the id passed to
118 // Java_SSLClientCertificateRequest_selectClientCertificate() in Start().
119 // |encoded_chain_ref| is a JNI reference to a Java array of byte arrays,
120 // each item holding a DER-encoded X.509 certificate.
121 // |private_key_ref| is the platform PrivateKey object JNI reference for
122 // the client certificate.
123 // Note: both |encoded_chain_ref| and |private_key_ref| will be NULL if
124 // the user didn't select a certificate.
125 static void OnSystemRequestCompletion(
126 JNIEnv* env,
127 jclass clazz,
128 jlong request_id,
129 jobjectArray encoded_chain_ref,
130 jobject private_key_ref) {
131 DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
132
133 // Take back ownership of the delegate object.
134 scoped_ptr<content::ClientCertificateDelegate> delegate(
135 reinterpret_cast<content::ClientCertificateDelegate*>(request_id));
136
137 if (encoded_chain_ref == NULL || private_key_ref == NULL) {
138 LOG(ERROR) << "No client certificate selected";
139 delegate->ContinueWithCertificate(nullptr);
140 return;
141 }
142
143 // Convert the encoded chain to a vector of strings.
144 std::vector<std::string> encoded_chain_strings;
145 if (encoded_chain_ref) {
146 base::android::JavaArrayOfByteArrayToStringVector(
147 env, encoded_chain_ref, &encoded_chain_strings);
148 }
149
150 std::vector<base::StringPiece> encoded_chain;
151 for (size_t n = 0; n < encoded_chain_strings.size(); ++n)
152 encoded_chain.push_back(encoded_chain_strings[n]);
153
154 // Create the X509Certificate object from the encoded chain.
155 scoped_refptr<net::X509Certificate> client_cert(
156 net::X509Certificate::CreateFromDERCertChain(encoded_chain));
157 if (!client_cert.get()) {
158 LOG(ERROR) << "Could not decode client certificate chain";
159 return;
160 }
161
162 // Create an EVP_PKEY wrapper for the private key JNI reference.
163 crypto::ScopedEVP_PKEY private_key(
164 net::android::GetOpenSSLPrivateKeyWrapper(private_key_ref));
165 if (!private_key.get()) {
166 LOG(ERROR) << "Could not create OpenSSL wrapper for private key";
167 return;
168 }
169
170 // RecordClientCertificateKey() must be called on the I/O thread,
171 // before the callback is called with the selected certificate on
172 // the UI thread.
173 content::BrowserThread::PostTaskAndReply(
174 content::BrowserThread::IO, FROM_HERE,
175 base::Bind(&RecordClientCertificateKey, client_cert,
176 base::Passed(&private_key)),
177 base::Bind(&content::ClientCertificateDelegate::ContinueWithCertificate,
178 base::Owned(delegate.release()), client_cert));
179 }
180
181 static void NotifyClientCertificatesChanged() {
182 net::CertDatabase::GetInstance()->OnAndroidKeyStoreChanged();
183 }
184
185 static void NotifyClientCertificatesChangedOnIOThread(JNIEnv* env, jclass) {
186 if (content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)) {
187 NotifyClientCertificatesChanged();
188 } else {
189 content::BrowserThread::PostTask(
190 content::BrowserThread::IO,
191 FROM_HERE,
192 base::Bind(&NotifyClientCertificatesChanged));
193 }
194 }
195
196 bool RegisterSSLClientCertificateRequestAndroid(JNIEnv* env) {
197 return RegisterNativesImpl(env);
198 }
199
200 } // namespace android
201
202 void ShowSSLClientCertificateSelector(
203 content::WebContents* contents,
204 net::SSLCertRequestInfo* cert_request_info,
205 scoped_ptr<content::ClientCertificateDelegate> delegate) {
206 ui::WindowAndroid* window =
207 WindowAndroidHelper::FromWebContents(contents)->GetWindowAndroid();
208 DCHECK(window);
209 DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
210 StartClientCertificateRequest(cert_request_info, window, delegate.Pass());
211 }
212
213 } // namespace chrome