1 /* 2 * Copyright (C) 2011 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.webkit; 18 19 import android.os.Handler; 20 import java.security.PrivateKey; 21 import java.security.cert.CertificateEncodingException; 22 import java.security.cert.X509Certificate; 23 import org.apache.harmony.xnet.provider.jsse.NativeCrypto; 24 import org.apache.harmony.xnet.provider.jsse.OpenSSLDSAPrivateKey; 25 import org.apache.harmony.xnet.provider.jsse.OpenSSLRSAPrivateKey; 26 27 /** 28 * ClientCertRequestHandler: class responsible for handling client 29 * certificate requests. This class is passed as a parameter to 30 * BrowserCallback.displayClientCertRequestDialog and is meant to 31 * receive the user's response. 32 * 33 * @hide 34 */ 35 public final class ClientCertRequestHandler extends Handler { 36 37 private final BrowserFrame mBrowserFrame; 38 private final int mHandle; 39 private final String mHostAndPort; 40 private final SslClientCertLookupTable mTable; 41 ClientCertRequestHandler(BrowserFrame browserFrame, 42 int handle, 43 String host_and_port, 44 SslClientCertLookupTable table) { 45 mBrowserFrame = browserFrame; 46 mHandle = handle; 47 mHostAndPort = host_and_port; 48 mTable = table; 49 } 50 51 /** 52 * Proceed with the specified private key and client certificate chain. 53 */ 54 public void proceed(PrivateKey privateKey, X509Certificate[] chain) { 55 try { 56 byte[][] chainBytes = NativeCrypto.encodeCertificates(chain); 57 mTable.Allow(mHostAndPort, privateKey, chainBytes); 58 59 if (privateKey instanceof OpenSSLRSAPrivateKey) { 60 setSslClientCertFromCtx(((OpenSSLRSAPrivateKey)privateKey).getPkeyContext(), 61 chainBytes); 62 } else if (privateKey instanceof OpenSSLDSAPrivateKey) { 63 setSslClientCertFromCtx(((OpenSSLDSAPrivateKey)privateKey).getPkeyContext(), 64 chainBytes); 65 } else { 66 setSslClientCertFromPKCS8(privateKey.getEncoded(),chainBytes); 67 } 68 } catch (CertificateEncodingException e) { 69 post(new Runnable() { 70 public void run() { 71 mBrowserFrame.nativeSslClientCert(mHandle, 0, null); 72 return; 73 } 74 }); 75 } 76 } 77 78 /** 79 * Proceed with the specified private key bytes and client certificate chain. 80 */ 81 private void setSslClientCertFromCtx(final int ctx, final byte[][] chainBytes) { 82 post(new Runnable() { 83 public void run() { 84 mBrowserFrame.nativeSslClientCert(mHandle, ctx, chainBytes); 85 } 86 }); 87 } 88 89 /** 90 * Proceed with the specified private key context and client certificate chain. 91 */ 92 private void setSslClientCertFromPKCS8(final byte[] key, final byte[][] chainBytes) { 93 post(new Runnable() { 94 public void run() { 95 mBrowserFrame.nativeSslClientCert(mHandle, key, chainBytes); 96 } 97 }); 98 } 99 100 /** 101 * Igore the request for now, the user may be prompted again. 102 */ 103 public void ignore() { 104 post(new Runnable() { 105 public void run() { 106 mBrowserFrame.nativeSslClientCert(mHandle, 0, null); 107 } 108 }); 109 } 110 111 /** 112 * Cancel this request, remember the users negative choice. 113 */ 114 public void cancel() { 115 mTable.Deny(mHostAndPort); 116 post(new Runnable() { 117 public void run() { 118 mBrowserFrame.nativeSslClientCert(mHandle, 0, null); 119 } 120 }); 121 } 122 } 123