Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge changes If97c4d76,I1cd975b1

Browse Source 
* changes:
  Always update the WebView's SSL certificate, regardless of whether a WebViewClient has been set
  Remove superfluous synchronized modifier on SslCertLookupTable.getInstance()
This commit is contained in:
Steve Block
2011-09-27 10:52:50 -07:00
committed by Android (Google) Code Review
parent 53719fc4c5 9a0cd15eec
commit a3b06ff933
3 changed files with 27 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
core/java/android/webkit/BrowserFrame.java
View File

@@ -1159,51 +1159,49 @@ class BrowserFrame extends Handler {
}
/**
* Called by JNI when the native HTTPS stack gets an invalid cert chain.
* Called by JNI when the Chromium HTTP stack gets an invalid certificate chain.
*
* We delegate the request to CallbackProxy, and route its response to
* {@link #nativeSslCertErrorProceed(int)} or
* {@link #nativeSslCertErrorCancel(int, int)}.
*/
private void reportSslCertError(
final int handle, final int cert_error, byte cert_der[], String url) {
final SslError ssl_error;
private void reportSslCertError(final int handle, final int certError, byte certDER[],
String url) {
final SslError sslError;
try {
X509Certificate cert = new X509CertImpl(cert_der);
X509Certificate cert = new X509CertImpl(certDER);
SslCertificate sslCert = new SslCertificate(cert);
if (JniUtil.useChromiumHttpStack()) {
ssl_error = SslError.SslErrorFromChromiumErrorCode(cert_error, sslCert,
sslError = SslError.SslErrorFromChromiumErrorCode(certError, sslCert,
new URL(url).getHost());
} else {
ssl_error = new SslError(cert_error, cert, url);
sslError = new SslError(certError, cert, url);
}
} catch (IOException e) {
// Can't get the certificate, not much to do.
Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling");
nativeSslCertErrorCancel(handle, cert_error);
nativeSslCertErrorCancel(handle, certError);
return;
}
if (SslCertLookupTable.getInstance().isAllowed(sslError)) {
nativeSslCertErrorProceed(handle);
return;
}
SslErrorHandler handler = new SslErrorHandler() {
@Override
public void proceed() {
SslCertLookupTable.getInstance().Allow(ssl_error);
SslCertLookupTable.getInstance().setIsAllowed(sslError, true);
nativeSslCertErrorProceed(handle);
}
@Override
public void cancel() {
SslCertLookupTable.getInstance().Deny(ssl_error);
nativeSslCertErrorCancel(handle, cert_error);
SslCertLookupTable.getInstance().setIsAllowed(sslError, false);
nativeSslCertErrorCancel(handle, certError);
}
};
if (SslCertLookupTable.getInstance().IsAllowed(ssl_error)) {
nativeSslCertErrorProceed(handle);
} else {
mCallbackProxy.onReceivedSslError(handler, ssl_error);
}
mCallbackProxy.onReceivedSslError(handler, sslError);
}
/**
@@ -1416,7 +1414,7 @@ class BrowserFrame extends Handler {
private native void nativeAuthenticationCancel(int handle);
private native void nativeSslCertErrorProceed(int handle);
private native void nativeSslCertErrorCancel(int handle, int cert_error);
private native void nativeSslCertErrorCancel(int handle, int certError);
native void nativeSslClientCert(int handle,
byte[] pkcs8EncodedPrivateKey,

19
core/java/android/webkit/CallbackProxy.java
View File

@@ -165,8 +165,6 @@ class CallbackProxy extends Handler {
/**
* Get the WebViewClient.
* @return the current WebViewClient instance.
*
*@hide pending API council approval.
*/
public WebViewClient getWebViewClient() {
return mWebViewClient;
@@ -1013,10 +1011,6 @@ class CallbackProxy extends Handler {
sendMessage(msg);
}
/**
* @hide - hide this because it contains a parameter of type SslError.
* SslError is located in a hidden package.
*/
public void onReceivedSslError(SslErrorHandler handler, SslError error) {
// Do an unsynchronized quick check to avoid posting if no callback has
// been set.
@@ -1031,9 +1025,7 @@ class CallbackProxy extends Handler {
msg.obj = map;
sendMessage(msg);
}
/**
* @hide
*/
public void onReceivedClientCertRequest(ClientCertRequestHandler handler, String host_and_port) {
// Do an unsynchronized quick check to avoid posting if no callback has
// been set.
@@ -1048,17 +1040,8 @@ class CallbackProxy extends Handler {
msg.obj = map;
sendMessage(msg);
}
/**
* @hide - hide this because it contains a parameter of type SslCertificate,
* which is located in a hidden package.
*/
public void onReceivedCertificate(SslCertificate certificate) {
// Do an unsynchronized quick check to avoid posting if no callback has
// been set.
if (mWebViewClient == null) {
return;
}
// here, certificate can be null (if the site is not secure)
sendMessage(obtainMessage(RECEIVED_CERTIFICATE, certificate));
}

19
core/java/android/webkit/SslCertLookupTable.java
View File

@@ -20,14 +20,15 @@ import android.os.Bundle;
import android.net.http.SslError;
/**
* A simple class to store the wrong certificates that user is aware but
* chose to proceed.
* Stores the user's decision of whether to allow or deny an invalid certificate.
*
* This class is not threadsafe. It is used only on the WebCore thread.
*/
final class SslCertLookupTable {
private static SslCertLookupTable sTable;
private final Bundle table;
public static synchronized SslCertLookupTable getInstance() {
public static SslCertLookupTable getInstance() {
if (sTable == null) {
sTable = new SslCertLookupTable();
}
@@ -38,15 +39,11 @@ final class SslCertLookupTable {
table = new Bundle();
}
public void Allow(SslError ssl_error) {
table.putBoolean(ssl_error.toString(), true);
public void setIsAllowed(SslError sslError, boolean allow) {
table.putBoolean(sslError.toString(), allow);
}
public void Deny(SslError ssl_error) {
table.putBoolean(ssl_error.toString(), false);
}
public boolean IsAllowed(SslError ssl_error) {
return table.getBoolean(ssl_error.toString());
public boolean isAllowed(SslError sslError) {
return table.getBoolean(sslError.toString());
}
}