Fix certificate and keychain installation on Android.

This patch is necessary to allow Chrome on Android to properly
install CA certificates and PKCS#12 keychains. This feature is
not supported on other platforms, but necessary on mobile.

It does modify the content client API to deal with the new
file types, i.e. the AddNewCertificate() method is renamed
AddCryptoFile(), and its signature changed to receive the
file data directly (along with a file type enum).

It is now the reponsability of the browser / content embedder
to perform certificate verification.

More specifically:

- Modify net/base/mime_util.h to provide two new functions:

    * IsSupportedCertificateMimeType(), which returns true iff
      a mime type corresponds to a supported crypto file
      (only "application/x-x509-user-cert" is supported,
      except on Android, which adds ".../x-x509-ca-cert" and
      ".../x-pkcs12").

    * GetCertificateMimeTypeForMimeType() which translates a
      mime type string into an enum value that is also
      understood from Java (see below), describing the
      type of file.

  Note that "net/base/mime_util_certificate_list.h" is used to hold
  the list of certificate mime type constants, both for C++ and Java
  (i.e. it is used to auto-generate org.chromium.net.CertificateMimeType.java
  at build time, under out/$BUILDTYPE/gen/template/).

- Rename X509UserCertResourceHandler to CertificateResourceHandler
  under content/browser/loader/ in order to deal with
  all certificate mime types. Modify buffered_resource_handler.cc
  appropriately.

- Add net::android::StoreCertificate(), and the Java
  org.chromium.net.AndroidNetworkLibrary.storeCertificate()
  method to send the certificate data for installation through
  the system's CertInstaller activity.

- Add chrome::SSLAddCertificate() to implement the
   platform-specific code that used to be in
   content::ContentBrowserClient::AddNewCertificate().

- Rename content::ContentBrowserClient::AddNewCertificate()
  to ::AddCertificate(), and change its signature to accept
  resource file bytes directly and a net::CertificateMimeType
  (was an X509Certificate pointer).

This change shall not modify the behaviour of Chromium on other
platforms.

BUG=149306
TEST=Manual test with ChromiumTestShell, see internal b/6668254 for details.



Review URL: https://chromiumcodereview.appspot.com/11266008

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@172350 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 97 insertions, 0 deletions

diff --git a/content/browser/loader/certificate_resource_handler.h b/content/browser/loader/certificate_resource_handler.h
new file mode 100644
index 0000000..ba07bf5
--- /dev/null
+++ b/content/browser/loader/certificate_resource_handler.h
@@ -0,0 +1,97 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_BROWSER_LOADER_CERTIFICATE_RESOURCE_HANDLER_H_
+#define CONTENT_BROWSER_LOADER_CERTIFICATE_RESOURCE_HANDLER_H_
+
+#include <string>
+#include <utility>
+#include <vector>
+
+#include "base/compiler_specific.h"
+#include "base/memory/ref_counted.h"
+#include "base/memory/scoped_ptr.h"
+#include "content/browser/loader/resource_handler.h"
+#include "googleurl/src/gurl.h"
+#include "net/base/mime_util.h"
+
+namespace net {
+class IOBuffer;
+class URLRequest;
+class URLRequestStatus;
+}  // namespace net
+
+namespace content {
+
+// This class handles certificate mime types such as:
+// - "application/x-x509-user-cert"
+// - "application/x-x509-ca-cert"
+// - "application/x-pkcs12"
+//
+class CertificateResourceHandler : public ResourceHandler {
+ public:
+  CertificateResourceHandler(net::URLRequest* request,
+                             int render_process_host_id,
+                             int render_view_id);
+  virtual ~CertificateResourceHandler();
+
+  virtual bool OnUploadProgress(int request_id,
+                                uint64 position,
+                                uint64 size) OVERRIDE;
+
+  // Not needed, as this event handler ought to be the final resource.
+  virtual bool OnRequestRedirected(int request_id,
+                                   const GURL& url,
+                                   ResourceResponse* resp,
+                                   bool* defer) OVERRIDE;
+
+  // Check if this indeed an X509 cert.
+  virtual bool OnResponseStarted(int request_id,
+                                 ResourceResponse* resp,
+                                 bool* defer) OVERRIDE;
+
+  // Pass-through implementation.
+  virtual bool OnWillStart(int request_id,
+                           const GURL& url,
+                           bool* defer) OVERRIDE;
+
+  // Create a new buffer to store received data.
+  virtual bool OnWillRead(int request_id,
+                          net::IOBuffer** buf,
+                          int* buf_size,
+                          int min_size) OVERRIDE;
+
+  // A read was completed, maybe allocate a new buffer for further data.
+  virtual bool OnReadCompleted(int request_id,
+                               int bytes_read,
+                               bool* defer) OVERRIDE;
+
+  // Done downloading the certificate.
+  virtual bool OnResponseCompleted(int request_id,
+                                   const net::URLRequestStatus& urs,
+                                   const std::string& sec_info) OVERRIDE;
+
+ private:
+  typedef std::vector<std::pair<scoped_refptr<net::IOBuffer>,
+                                size_t> > ContentVector;
+
+  void AssembleResource();
+
+  GURL url_;
+  net::URLRequest* request_;
+  size_t content_length_;
+  ContentVector buffer_;
+  scoped_refptr<net::IOBuffer> read_buffer_;
+  scoped_refptr<net::IOBuffer> resource_buffer_;  // Downloaded certificate.
+  // The id of the |RenderProcessHost| which started the download.
+  int render_process_host_id_;
+  // The id of the |RenderView| which started the download.
+  int render_view_id_;
+  net::CertificateMimeType cert_type_;
+  DISALLOW_COPY_AND_ASSIGN(CertificateResourceHandler);
+};
+
+}  // namespace content
+
+#endif  // CONTENT_BROWSER_LOADER_CERTIFICATE_RESOURCE_HANDLER_H_