Upstream certificate and mime Android implementation.

BUG=
TEST=

Review URL: http://codereview.chromium.org/7538029

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@96401 0039d316-1c4b-4281-b951-d872f2087c98

5 files changed, 161 insertions, 0 deletions

diff --git a/net/base/openssl_private_key_store_android.cc b/net/base/openssl_private_key_store_android.cc
new file mode 100644
index 0000000..6349ecc
--- /dev/null
+++ b/net/base/openssl_private_key_store_android.cc
@@ -0,0 +1,71 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/base/openssl_private_key_store.h"
+
+#include <openssl/evp.h>
+
+#include "base/logging.h"
+#include "base/memory/singleton.h"
+#include "crypto/openssl_util.h"
+#include "net/android/network_library.h"
+
+namespace net {
+
+namespace {
+
+class OpenSSLKeyStoreAndroid : public OpenSSLPrivateKeyStore {
+ public:
+  ~OpenSSLKeyStoreAndroid() {}
+
+  // TODO(joth): Use the |url| to help identify this key to the user.
+  // Currently Android has no UI to list these stored private keys (and no
+  // API to associate a name with them), so this is a non-issue.
+  virtual bool StorePrivateKey(const GURL& url, EVP_PKEY* pkey) {
+    uint8* public_key = NULL;
+    int public_len = i2d_PublicKey(pkey, &public_key);
+    uint8* private_key = NULL;
+    int private_len = i2d_PrivateKey(pkey, &private_key);
+
+    bool ret = false;
+    if (public_len && private_len) {
+      ret = net::android::StoreKeyPair(public_key, public_len, private_key,
+                                       private_len);
+    }
+    LOG_IF(ERROR, !ret) << "StorePrivateKey failed. pub len = " << public_len
+                        << " priv len = " << private_len;
+    OPENSSL_free(public_key);
+    OPENSSL_free(private_key);
+    return ret;
+  }
+
+  virtual EVP_PKEY* FetchPrivateKey(EVP_PKEY* pkey) {
+    // TODO(joth): Implement when client authentication is required.
+    NOTIMPLEMENTED();
+    return NULL;
+  }
+
+  static OpenSSLKeyStoreAndroid* GetInstance();
+
+ private:
+  OpenSSLKeyStoreAndroid() {}
+  friend struct DefaultSingletonTraits<OpenSSLKeyStoreAndroid>;
+
+  DISALLOW_COPY_AND_ASSIGN(OpenSSLKeyStoreAndroid);
+};
+
+}  // namespace
+
+// static
+OpenSSLKeyStoreAndroid* OpenSSLKeyStoreAndroid::GetInstance() {
+  return Singleton<OpenSSLKeyStoreAndroid>::get();
+}
+
+#if 0
+// TODO(MERGE): Conflict with openssl_memory_private_key_store.cc
+OpenSSLPrivateKeyStore* OpenSSLPrivateKeyStore::GetInstance() {
+  return OpenSSLKeyStoreAndroid::GetInstance();
+}
+#endif
+}  // namespace net
diff --git a/net/base/platform_mime_util_linux.cc b/net/base/platform_mime_util_linux.cc
index 8892668..19b315c 100644
--- a/net/base/platform_mime_util_linux.cc
+++ b/net/base/platform_mime_util_linux.cc
@@ -6,10 +6,25 @@
 
 #include <string>
 
+#include "build/build_config.h"
+
+#if defined(OS_ANDROID)
+#include "net/android/network_library.h"
+#else
 #include "base/mime_util.h"
+#endif
 
 namespace net {
 
+#if defined(OS_ANDROID)
+
+bool PlatformMimeUtil::GetPlatformMimeTypeFromExtension(
+    const FilePath::StringType& ext, std::string* result) const {
+  return android::GetMimeTypeFromExtension(ext, result);
+}
+
+#else
+
 bool PlatformMimeUtil::GetPlatformMimeTypeFromExtension(
     const FilePath::StringType& ext, std::string* result) const {
   // TODO(thestig) This is a temporary hack until we can fix this
@@ -39,6 +54,8 @@ bool PlatformMimeUtil::GetPlatformMimeTypeFromExtension(
   return true;
 }
 
+#endif  // defined(OS_ANDROID)
+
 struct MimeToExt {
   const char* mime_type;
   const char* ext;
diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h
index ca2abec..4ef8003 100644
--- a/net/base/x509_certificate.h
+++ b/net/base/x509_certificate.h
@@ -295,6 +295,12 @@ class NET_API X509Certificate
   static HCERTSTORE cert_store();
 #endif
 
+#if defined(OS_ANDROID)
+  // |chain_bytes| will contain the chain (including this certificate) encoded
+  // using GetChainDEREncodedBytes below.
+  void GetChainDEREncodedBytes(std::vector<std::string>* chain_bytes) const;
+#endif
+
 #if defined(USE_OPENSSL)
   // Returns a handle to a global, in-memory certificate store. We
   // use it for test code, e.g. importing the test server's certificate.
diff --git a/net/base/x509_certificate_openssl.cc b/net/base/x509_certificate_openssl.cc
index 68fcf91..f23ede9 100644
--- a/net/base/x509_certificate_openssl.cc
+++ b/net/base/x509_certificate_openssl.cc
@@ -425,6 +425,8 @@ X509_STORE* X509Certificate::cert_store() {
   return X509InitSingleton::GetInstance()->store();
 }
 
+#if !defined(OS_ANDROID)
+
 int X509Certificate::VerifyInternal(const std::string& hostname,
                                     int flags,
                                     CertVerifyResult* verify_result) const {
@@ -504,6 +506,8 @@ int X509Certificate::VerifyInternal(const std::string& hostname,
   return OK;
 }
 
+#endif  // !defined(OS_ANDROID)
+
 bool X509Certificate::GetDEREncoded(std::string* encoded) {
   DERCache der_cache;
   if (!GetDERAndCacheIfNeeded(cert_handle_, &der_cache))
diff --git a/net/base/x509_certificate_openssl_android.cc b/net/base/x509_certificate_openssl_android.cc
new file mode 100644
index 0000000..4e1bbd2
--- /dev/null
+++ b/net/base/x509_certificate_openssl_android.cc
@@ -0,0 +1,63 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/base/x509_certificate.h"
+
+#include "base/logging.h"
+#include "net/android/network_library.h"
+#include "net/base/cert_status_flags.h"
+#include "net/base/cert_verify_result.h"
+#include "net/base/net_errors.h"
+
+namespace net {
+
+int X509Certificate::VerifyInternal(const std::string& hostname,
+                                    int flags,
+                                    CertVerifyResult* verify_result) const {
+  if (!VerifyNameMatch(hostname))
+    verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;
+
+  std::vector<std::string> cert_bytes;
+  GetChainDEREncodedBytes(&cert_bytes);
+
+  // TODO(joth): Fetch the authentication type from SSL rather than hardcode.
+  android::VerifyResult result =
+      android::VerifyX509CertChain(cert_bytes, hostname, "RSA");
+  switch (result) {
+    case android::VERIFY_OK:
+      return OK;
+    case android::VERIFY_BAD_HOSTNAME:
+      verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;
+      break;
+    case android::VERIFY_NO_TRUSTED_ROOT:
+      verify_result->cert_status |= CERT_STATUS_AUTHORITY_INVALID;
+      break;
+    case android::VERIFY_INVOCATION_ERROR:
+    default:
+      verify_result->cert_status |= ERR_CERT_INVALID;
+      break;
+  }
+  return MapCertStatusToNetError(verify_result->cert_status);
+}
+
+void X509Certificate::GetChainDEREncodedBytes(
+    std::vector<std::string>* chain_bytes) const {
+  OSCertHandles cert_handles(intermediate_ca_certs_);
+  // Make sure the peer's own cert is the first in the chain, if it's not
+  // already there.
+  if (cert_handles.empty())
+    cert_handles.insert(cert_handles.begin(), cert_handle_);
+
+  chain_bytes->reserve(cert_handles.size());
+  for (OSCertHandles::const_iterator it = cert_handles.begin();
+       it != cert_handles.end(); ++it) {
+    DERCache der_cache = {0};
+    GetDERAndCacheIfNeeded(*it, &der_cache);
+    std::string cert_bytes (
+        reinterpret_cast<const char*>(der_cache.data), der_cache.data_length);
+    chain_bytes->push_back(cert_bytes);
+  }
+}
+
+}  // namespace net