1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
|
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
package org.chromium.android_webview;
import android.content.Context;
import android.net.http.SslCertificate;
import android.net.http.SslError;
import android.util.Log;
import android.webkit.ValueCallback;
import org.chromium.base.ThreadUtils;
import org.chromium.base.annotations.CalledByNative;
import org.chromium.base.annotations.JNINamespace;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import javax.security.auth.x500.X500Principal;
/**
* This class handles the JNI communication logic for the the AwContentsClient class.
* Both the Java and the native peers of AwContentsClientBridge are owned by the
* corresponding AwContents instances. This class and its native peer are connected
* via weak references. The native AwContentsClientBridge sets up and clear these weak
* references.
*/
@JNINamespace("android_webview")
public class AwContentsClientBridge {
private static final String TAG = "AwContentsClientBridge";
private AwContentsClient mClient;
private Context mContext;
// The native peer of this object.
private long mNativeContentsClientBridge;
private final ClientCertLookupTable mLookupTable;
// Used for mocking this class in tests.
protected AwContentsClientBridge(ClientCertLookupTable table) {
mLookupTable = table;
}
public AwContentsClientBridge(Context context, AwContentsClient client,
ClientCertLookupTable table) {
assert client != null;
mContext = context;
mClient = client;
mLookupTable = table;
}
/**
* Callback to communicate clientcertificaterequest back to the AwContentsClientBridge.
* The public methods should be called on UI thread.
* A request can not be proceeded, ignored or canceled more than once. Doing this
* is a programming error and causes an exception.
*/
public class ClientCertificateRequestCallback {
private final int mId;
private final String mHost;
private final int mPort;
private boolean mIsCalled;
public ClientCertificateRequestCallback(int id, String host, int port) {
mId = id;
mHost = host;
mPort = port;
}
public void proceed(final PrivateKey privateKey, final X509Certificate[] chain) {
ThreadUtils.runOnUiThread(new Runnable() {
@Override
public void run() {
proceedOnUiThread(privateKey, chain);
}
});
}
public void ignore() {
ThreadUtils.runOnUiThread(new Runnable() {
@Override
public void run() {
ignoreOnUiThread();
}
});
}
public void cancel() {
ThreadUtils.runOnUiThread(new Runnable() {
@Override
public void run() {
cancelOnUiThread();
}
});
}
private void proceedOnUiThread(PrivateKey privateKey, X509Certificate[] chain) {
checkIfCalled();
if (privateKey == null || chain == null || chain.length == 0) {
Log.w(TAG, "Empty client certificate chain?");
provideResponse(null, null);
return;
}
// Encode the certificate chain.
byte[][] encodedChain = new byte[chain.length][];
try {
for (int i = 0; i < chain.length; ++i) {
encodedChain[i] = chain[i].getEncoded();
}
} catch (CertificateEncodingException e) {
Log.w(TAG, "Could not retrieve encoded certificate chain: " + e);
provideResponse(null, null);
return;
}
mLookupTable.allow(mHost, mPort, privateKey, encodedChain);
provideResponse(privateKey, encodedChain);
}
private void ignoreOnUiThread() {
checkIfCalled();
provideResponse(null, null);
}
private void cancelOnUiThread() {
checkIfCalled();
mLookupTable.deny(mHost, mPort);
provideResponse(null, null);
}
private void checkIfCalled() {
if (mIsCalled) {
throw new IllegalStateException("The callback was already called.");
}
mIsCalled = true;
}
private void provideResponse(PrivateKey privateKey, byte[][] certChain) {
if (mNativeContentsClientBridge == 0) return;
nativeProvideClientCertificateResponse(mNativeContentsClientBridge, mId,
certChain, privateKey);
}
}
// Used by the native peer to set/reset a weak ref to the native peer.
@CalledByNative
private void setNativeContentsClientBridge(long nativeContentsClientBridge) {
mNativeContentsClientBridge = nativeContentsClientBridge;
}
// If returns false, the request is immediately canceled, and any call to proceedSslError
// has no effect. If returns true, the request should be canceled or proceeded using
// proceedSslError().
// Unlike the webview classic, we do not keep keep a database of certificates that
// are allowed by the user, because this functionality is already handled via
// ssl_policy in native layers.
@CalledByNative
private boolean allowCertificateError(int certError, byte[] derBytes, final String url,
final int id) {
final SslCertificate cert = SslUtil.getCertificateFromDerBytes(derBytes);
if (cert == null) {
// if the certificate or the client is null, cancel the request
return false;
}
final SslError sslError = SslUtil.sslErrorFromNetErrorCode(certError, cert, url);
ValueCallback<Boolean> callback = new ValueCallback<Boolean>() {
@Override
public void onReceiveValue(final Boolean value) {
ThreadUtils.runOnUiThread(new Runnable() {
@Override
public void run() {
proceedSslError(value.booleanValue(), id);
}
});
}
};
mClient.onReceivedSslError(callback, sslError);
return true;
}
private void proceedSslError(boolean proceed, int id) {
if (mNativeContentsClientBridge == 0) return;
nativeProceedSslError(mNativeContentsClientBridge, proceed, id);
}
// Intentionally not private for testing the native peer of this class.
@CalledByNative
protected void selectClientCertificate(final int id, final String[] keyTypes,
byte[][] encodedPrincipals, final String host, final int port) {
assert mNativeContentsClientBridge != 0;
ClientCertLookupTable.Cert cert = mLookupTable.getCertData(host, port);
if (mLookupTable.isDenied(host, port)) {
nativeProvideClientCertificateResponse(mNativeContentsClientBridge, id,
null, null);
return;
}
if (cert != null) {
nativeProvideClientCertificateResponse(mNativeContentsClientBridge, id,
cert.mCertChain, cert.mPrivateKey);
return;
}
// Build the list of principals from encoded versions.
Principal[] principals = null;
if (encodedPrincipals.length > 0) {
principals = new X500Principal[encodedPrincipals.length];
for (int n = 0; n < encodedPrincipals.length; n++) {
try {
principals[n] = new X500Principal(encodedPrincipals[n]);
} catch (IllegalArgumentException e) {
Log.w(TAG, "Exception while decoding issuers list: " + e);
nativeProvideClientCertificateResponse(mNativeContentsClientBridge, id,
null, null);
return;
}
}
}
final ClientCertificateRequestCallback callback =
new ClientCertificateRequestCallback(id, host, port);
mClient.onReceivedClientCertRequest(callback, keyTypes, principals, host, port);
}
@CalledByNative
private void handleJsAlert(String url, String message, int id) {
JsResultHandler handler = new JsResultHandler(this, id);
mClient.handleJsAlert(url, message, handler);
}
@CalledByNative
private void handleJsConfirm(String url, String message, int id) {
JsResultHandler handler = new JsResultHandler(this, id);
mClient.handleJsConfirm(url, message, handler);
}
@CalledByNative
private void handleJsPrompt(String url, String message, String defaultValue, int id) {
JsResultHandler handler = new JsResultHandler(this, id);
mClient.handleJsPrompt(url, message, defaultValue, handler);
}
@CalledByNative
private void handleJsBeforeUnload(String url, String message, int id) {
JsResultHandler handler = new JsResultHandler(this, id);
mClient.handleJsBeforeUnload(url, message, handler);
}
void confirmJsResult(int id, String prompt) {
if (mNativeContentsClientBridge == 0) return;
nativeConfirmJsResult(mNativeContentsClientBridge, id, prompt);
}
void cancelJsResult(int id) {
if (mNativeContentsClientBridge == 0) return;
nativeCancelJsResult(mNativeContentsClientBridge, id);
}
//--------------------------------------------------------------------------------------------
// Native methods
//--------------------------------------------------------------------------------------------
private native void nativeProceedSslError(long nativeAwContentsClientBridge, boolean proceed,
int id);
private native void nativeProvideClientCertificateResponse(long nativeAwContentsClientBridge,
int id, byte[][] certChain, PrivateKey androidKey);
private native void nativeConfirmJsResult(long nativeAwContentsClientBridge, int id,
String prompt);
private native void nativeCancelJsResult(long nativeAwContentsClientBridge, int id);
}
|
