diff --git a/core/java/android/webkit/BrowserFrame.java b/core/java/android/webkit/BrowserFrame.java index 309857d033e08..28f54aa08e7ca 100644 --- a/core/java/android/webkit/BrowserFrame.java +++ b/core/java/android/webkit/BrowserFrame.java @@ -1159,51 +1159,49 @@ class BrowserFrame extends Handler { } /** - * Called by JNI when the native HTTPS stack gets an invalid cert chain. + * Called by JNI when the Chromium HTTP stack gets an invalid certificate chain. * * We delegate the request to CallbackProxy, and route its response to * {@link #nativeSslCertErrorProceed(int)} or * {@link #nativeSslCertErrorCancel(int, int)}. */ - private void reportSslCertError( - final int handle, final int cert_error, byte cert_der[], String url) { - final SslError ssl_error; + private void reportSslCertError(final int handle, final int certError, byte certDER[], + String url) { + final SslError sslError; try { - X509Certificate cert = new X509CertImpl(cert_der); + X509Certificate cert = new X509CertImpl(certDER); SslCertificate sslCert = new SslCertificate(cert); if (JniUtil.useChromiumHttpStack()) { - ssl_error = SslError.SslErrorFromChromiumErrorCode(cert_error, sslCert, + sslError = SslError.SslErrorFromChromiumErrorCode(certError, sslCert, new URL(url).getHost()); } else { - ssl_error = new SslError(cert_error, cert, url); + sslError = new SslError(certError, cert, url); } } catch (IOException e) { // Can't get the certificate, not much to do. Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling"); - nativeSslCertErrorCancel(handle, cert_error); + nativeSslCertErrorCancel(handle, certError); + return; + } + + if (SslCertLookupTable.getInstance().isAllowed(sslError)) { + nativeSslCertErrorProceed(handle); return; } SslErrorHandler handler = new SslErrorHandler() { - @Override public void proceed() { - SslCertLookupTable.getInstance().Allow(ssl_error); + SslCertLookupTable.getInstance().setIsAllowed(sslError, true); nativeSslCertErrorProceed(handle); } - @Override public void cancel() { - SslCertLookupTable.getInstance().Deny(ssl_error); - nativeSslCertErrorCancel(handle, cert_error); + SslCertLookupTable.getInstance().setIsAllowed(sslError, false); + nativeSslCertErrorCancel(handle, certError); } }; - - if (SslCertLookupTable.getInstance().IsAllowed(ssl_error)) { - nativeSslCertErrorProceed(handle); - } else { - mCallbackProxy.onReceivedSslError(handler, ssl_error); - } + mCallbackProxy.onReceivedSslError(handler, sslError); } /** @@ -1416,7 +1414,7 @@ class BrowserFrame extends Handler { private native void nativeAuthenticationCancel(int handle); private native void nativeSslCertErrorProceed(int handle); - private native void nativeSslCertErrorCancel(int handle, int cert_error); + private native void nativeSslCertErrorCancel(int handle, int certError); native void nativeSslClientCert(int handle, byte[] pkcs8EncodedPrivateKey, diff --git a/core/java/android/webkit/CallbackProxy.java b/core/java/android/webkit/CallbackProxy.java index 88583df47ce39..c9fcf0c278428 100644 --- a/core/java/android/webkit/CallbackProxy.java +++ b/core/java/android/webkit/CallbackProxy.java @@ -165,8 +165,6 @@ class CallbackProxy extends Handler { /** * Get the WebViewClient. * @return the current WebViewClient instance. - * - *@hide pending API council approval. */ public WebViewClient getWebViewClient() { return mWebViewClient; @@ -1013,10 +1011,6 @@ class CallbackProxy extends Handler { sendMessage(msg); } - /** - * @hide - hide this because it contains a parameter of type SslError. - * SslError is located in a hidden package. - */ public void onReceivedSslError(SslErrorHandler handler, SslError error) { // Do an unsynchronized quick check to avoid posting if no callback has // been set. @@ -1031,9 +1025,7 @@ class CallbackProxy extends Handler { msg.obj = map; sendMessage(msg); } - /** - * @hide - */ + public void onReceivedClientCertRequest(ClientCertRequestHandler handler, String host_and_port) { // Do an unsynchronized quick check to avoid posting if no callback has // been set. @@ -1048,17 +1040,8 @@ class CallbackProxy extends Handler { msg.obj = map; sendMessage(msg); } - /** - * @hide - hide this because it contains a parameter of type SslCertificate, - * which is located in a hidden package. - */ public void onReceivedCertificate(SslCertificate certificate) { - // Do an unsynchronized quick check to avoid posting if no callback has - // been set. - if (mWebViewClient == null) { - return; - } // here, certificate can be null (if the site is not secure) sendMessage(obtainMessage(RECEIVED_CERTIFICATE, certificate)); } diff --git a/core/java/android/webkit/SslCertLookupTable.java b/core/java/android/webkit/SslCertLookupTable.java index faff110aae8ae..048a3cfb0861f 100644 --- a/core/java/android/webkit/SslCertLookupTable.java +++ b/core/java/android/webkit/SslCertLookupTable.java @@ -20,14 +20,15 @@ import android.os.Bundle; import android.net.http.SslError; /** - * A simple class to store the wrong certificates that user is aware but - * chose to proceed. + * Stores the user's decision of whether to allow or deny an invalid certificate. + * + * This class is not threadsafe. It is used only on the WebCore thread. */ final class SslCertLookupTable { private static SslCertLookupTable sTable; private final Bundle table; - public static synchronized SslCertLookupTable getInstance() { + public static SslCertLookupTable getInstance() { if (sTable == null) { sTable = new SslCertLookupTable(); } @@ -38,15 +39,11 @@ final class SslCertLookupTable { table = new Bundle(); } - public void Allow(SslError ssl_error) { - table.putBoolean(ssl_error.toString(), true); + public void setIsAllowed(SslError sslError, boolean allow) { + table.putBoolean(sslError.toString(), allow); } - public void Deny(SslError ssl_error) { - table.putBoolean(ssl_error.toString(), false); - } - - public boolean IsAllowed(SslError ssl_error) { - return table.getBoolean(ssl_error.toString()); + public boolean isAllowed(SslError sslError) { + return table.getBoolean(sslError.toString()); } }