Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge changes If97c4d76,I1cd975b1

Browse Source 
* changes:
  Always update the WebView's SSL certificate, regardless of whether a WebViewClient has been set
  Remove superfluous synchronized modifier on SslCertLookupTable.getInstance()
This commit is contained in:
Steve Block
2011-09-27 10:52:50 -07:00
committed by Android (Google) Code Review
parent 53719fc4c5 9a0cd15eec
commit a3b06ff933
3 changed files with 27 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
core/java/android/webkit/BrowserFrame.java
View File

@@ -1159,51 +1159,49 @@ class BrowserFrame extends Handler {
} }
/** /**
* Called by JNI when the native HTTPS stack gets an invalid cert chain. * Called by JNI when the Chromium HTTP stack gets an invalid certificate chain.
* *
* We delegate the request to CallbackProxy, and route its response to * We delegate the request to CallbackProxy, and route its response to
* {@link #nativeSslCertErrorProceed(int)} or * {@link #nativeSslCertErrorProceed(int)} or
* {@link #nativeSslCertErrorCancel(int, int)}. * {@link #nativeSslCertErrorCancel(int, int)}.
*/ */
private void reportSslCertError( private void reportSslCertError(final int handle, final int certError, byte certDER[],
final int handle, final int cert_error, byte cert_der[], String url) { String url) {
final SslError ssl_error; final SslError sslError;
try { try {
X509Certificate cert = new X509CertImpl(cert_der); X509Certificate cert = new X509CertImpl(certDER);
SslCertificate sslCert = new SslCertificate(cert); SslCertificate sslCert = new SslCertificate(cert);
if (JniUtil.useChromiumHttpStack()) { if (JniUtil.useChromiumHttpStack()) {
ssl_error = SslError.SslErrorFromChromiumErrorCode(cert_error, sslCert, sslError = SslError.SslErrorFromChromiumErrorCode(certError, sslCert,
new URL(url).getHost()); new URL(url).getHost());
} else { } else {
ssl_error = new SslError(cert_error, cert, url); sslError = new SslError(certError, cert, url);
} }
} catch (IOException e) { } catch (IOException e) {
// Can't get the certificate, not much to do. // Can't get the certificate, not much to do.
Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling"); Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling");
nativeSslCertErrorCancel(handle, cert_error); nativeSslCertErrorCancel(handle, certError);
return;
}
if (SslCertLookupTable.getInstance().isAllowed(sslError)) {
nativeSslCertErrorProceed(handle);
return; return;
} }
SslErrorHandler handler = new SslErrorHandler() { SslErrorHandler handler = new SslErrorHandler() {
@Override @Override
public void proceed() { public void proceed() {
SslCertLookupTable.getInstance().Allow(ssl_error); SslCertLookupTable.getInstance().setIsAllowed(sslError, true);
nativeSslCertErrorProceed(handle); nativeSslCertErrorProceed(handle);
} }
@Override @Override
public void cancel() { public void cancel() {
SslCertLookupTable.getInstance().Deny(ssl_error); SslCertLookupTable.getInstance().setIsAllowed(sslError, false);
nativeSslCertErrorCancel(handle, cert_error); nativeSslCertErrorCancel(handle, certError);
} }
}; };
mCallbackProxy.onReceivedSslError(handler, sslError);
if (SslCertLookupTable.getInstance().IsAllowed(ssl_error)) {
nativeSslCertErrorProceed(handle);
} else {
mCallbackProxy.onReceivedSslError(handler, ssl_error);
}
} }
/** /**
@@ -1416,7 +1414,7 @@ class BrowserFrame extends Handler {
private native void nativeAuthenticationCancel(int handle); private native void nativeAuthenticationCancel(int handle);
private native void nativeSslCertErrorProceed(int handle); private native void nativeSslCertErrorProceed(int handle);
private native void nativeSslCertErrorCancel(int handle, int cert_error); private native void nativeSslCertErrorCancel(int handle, int certError);
native void nativeSslClientCert(int handle, native void nativeSslClientCert(int handle,
byte[] pkcs8EncodedPrivateKey, byte[] pkcs8EncodedPrivateKey,

19
core/java/android/webkit/CallbackProxy.java
View File

@@ -165,8 +165,6 @@ class CallbackProxy extends Handler {
/** /**
* Get the WebViewClient. * Get the WebViewClient.
* @return the current WebViewClient instance. * @return the current WebViewClient instance.
*
*@hide pending API council approval.
*/ */
public WebViewClient getWebViewClient() { public WebViewClient getWebViewClient() {
return mWebViewClient; return mWebViewClient;
@@ -1013,10 +1011,6 @@ class CallbackProxy extends Handler {
sendMessage(msg); sendMessage(msg);
} }
/**
* @hide - hide this because it contains a parameter of type SslError.
* SslError is located in a hidden package.
*/
public void onReceivedSslError(SslErrorHandler handler, SslError error) { public void onReceivedSslError(SslErrorHandler handler, SslError error) {
// Do an unsynchronized quick check to avoid posting if no callback has // Do an unsynchronized quick check to avoid posting if no callback has
// been set. // been set.
@@ -1031,9 +1025,7 @@ class CallbackProxy extends Handler {
msg.obj = map; msg.obj = map;
sendMessage(msg); sendMessage(msg);
} }
/**
* @hide
*/
public void onReceivedClientCertRequest(ClientCertRequestHandler handler, String host_and_port) { public void onReceivedClientCertRequest(ClientCertRequestHandler handler, String host_and_port) {
// Do an unsynchronized quick check to avoid posting if no callback has // Do an unsynchronized quick check to avoid posting if no callback has
// been set. // been set.
@@ -1048,17 +1040,8 @@ class CallbackProxy extends Handler {
msg.obj = map; msg.obj = map;
sendMessage(msg); sendMessage(msg);
} }
/**
* @hide - hide this because it contains a parameter of type SslCertificate,
* which is located in a hidden package.
*/
public void onReceivedCertificate(SslCertificate certificate) { public void onReceivedCertificate(SslCertificate certificate) {
// Do an unsynchronized quick check to avoid posting if no callback has
// been set.
if (mWebViewClient == null) {
return;
}
// here, certificate can be null (if the site is not secure) // here, certificate can be null (if the site is not secure)
sendMessage(obtainMessage(RECEIVED_CERTIFICATE, certificate)); sendMessage(obtainMessage(RECEIVED_CERTIFICATE, certificate));
} }

19
core/java/android/webkit/SslCertLookupTable.java
View File

@@ -20,14 +20,15 @@ import android.os.Bundle;
import android.net.http.SslError; import android.net.http.SslError;
/** /**
* A simple class to store the wrong certificates that user is aware but * Stores the user's decision of whether to allow or deny an invalid certificate.
* chose to proceed. *
* This class is not threadsafe. It is used only on the WebCore thread.
*/ */
final class SslCertLookupTable { final class SslCertLookupTable {
private static SslCertLookupTable sTable; private static SslCertLookupTable sTable;
private final Bundle table; private final Bundle table;
public static synchronized SslCertLookupTable getInstance() { public static SslCertLookupTable getInstance() {
if (sTable == null) { if (sTable == null) {
sTable = new SslCertLookupTable(); sTable = new SslCertLookupTable();
} }
@@ -38,15 +39,11 @@ final class SslCertLookupTable {
table = new Bundle(); table = new Bundle();
} }
public void Allow(SslError ssl_error) { public void setIsAllowed(SslError sslError, boolean allow) {
table.putBoolean(ssl_error.toString(), true); table.putBoolean(sslError.toString(), allow);
} }
public void Deny(SslError ssl_error) { public boolean isAllowed(SslError sslError) {
table.putBoolean(ssl_error.toString(), false); return table.getBoolean(sslError.toString());
}
public boolean IsAllowed(SslError ssl_error) {
return table.getBoolean(ssl_error.toString());
} }
} }