diff options
| author | 2011-09-27 10:52:50 -0700 | |
|---|---|---|
| committer | 2011-09-27 10:52:50 -0700 | |
| commit | a3b06ff933132f149be18035f4f8e14ba6355b07 (patch) | |
| tree | 377fe101c4f58ab095362444a03d79efb6abb8df | |
| parent | 53719fc4c5c441e8696f26bbfb9166b0bd19ef29 (diff) | |
| parent | 9a0cd15eec572e1322c2c328b2e5acea9f2d9210 (diff) | |
Merge changes If97c4d76,I1cd975b1
* changes:
Always update the WebView's SSL certificate, regardless of whether a WebViewClient has been set
Remove superfluous synchronized modifier on SslCertLookupTable.getInstance()
| -rw-r--r-- | core/java/android/webkit/BrowserFrame.java | 38 | ||||
| -rw-r--r-- | core/java/android/webkit/CallbackProxy.java | 19 | ||||
| -rw-r--r-- | core/java/android/webkit/SslCertLookupTable.java | 19 |
3 files changed, 27 insertions, 49 deletions
diff --git a/core/java/android/webkit/BrowserFrame.java b/core/java/android/webkit/BrowserFrame.java index 309857d033e0..28f54aa08e7c 100644 --- a/core/java/android/webkit/BrowserFrame.java +++ b/core/java/android/webkit/BrowserFrame.java @@ -1159,51 +1159,49 @@ class BrowserFrame extends Handler { } /** - * Called by JNI when the native HTTPS stack gets an invalid cert chain. + * Called by JNI when the Chromium HTTP stack gets an invalid certificate chain. * * We delegate the request to CallbackProxy, and route its response to * {@link #nativeSslCertErrorProceed(int)} or * {@link #nativeSslCertErrorCancel(int, int)}. */ - private void reportSslCertError( - final int handle, final int cert_error, byte cert_der[], String url) { - final SslError ssl_error; + private void reportSslCertError(final int handle, final int certError, byte certDER[], + String url) { + final SslError sslError; try { - X509Certificate cert = new X509CertImpl(cert_der); + X509Certificate cert = new X509CertImpl(certDER); SslCertificate sslCert = new SslCertificate(cert); if (JniUtil.useChromiumHttpStack()) { - ssl_error = SslError.SslErrorFromChromiumErrorCode(cert_error, sslCert, + sslError = SslError.SslErrorFromChromiumErrorCode(certError, sslCert, new URL(url).getHost()); } else { - ssl_error = new SslError(cert_error, cert, url); + sslError = new SslError(certError, cert, url); } } catch (IOException e) { // Can't get the certificate, not much to do. Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling"); - nativeSslCertErrorCancel(handle, cert_error); + nativeSslCertErrorCancel(handle, certError); return; } - SslErrorHandler handler = new SslErrorHandler() { + if (SslCertLookupTable.getInstance().isAllowed(sslError)) { + nativeSslCertErrorProceed(handle); + return; + } + SslErrorHandler handler = new SslErrorHandler() { @Override public void proceed() { - SslCertLookupTable.getInstance().Allow(ssl_error); + SslCertLookupTable.getInstance().setIsAllowed(sslError, true); nativeSslCertErrorProceed(handle); } - @Override public void cancel() { - SslCertLookupTable.getInstance().Deny(ssl_error); - nativeSslCertErrorCancel(handle, cert_error); + SslCertLookupTable.getInstance().setIsAllowed(sslError, false); + nativeSslCertErrorCancel(handle, certError); } }; - - if (SslCertLookupTable.getInstance().IsAllowed(ssl_error)) { - nativeSslCertErrorProceed(handle); - } else { - mCallbackProxy.onReceivedSslError(handler, ssl_error); - } + mCallbackProxy.onReceivedSslError(handler, sslError); } /** @@ -1416,7 +1414,7 @@ class BrowserFrame extends Handler { private native void nativeAuthenticationCancel(int handle); private native void nativeSslCertErrorProceed(int handle); - private native void nativeSslCertErrorCancel(int handle, int cert_error); + private native void nativeSslCertErrorCancel(int handle, int certError); native void nativeSslClientCert(int handle, byte[] pkcs8EncodedPrivateKey, diff --git a/core/java/android/webkit/CallbackProxy.java b/core/java/android/webkit/CallbackProxy.java index 88583df47ce3..c9fcf0c27842 100644 --- a/core/java/android/webkit/CallbackProxy.java +++ b/core/java/android/webkit/CallbackProxy.java @@ -165,8 +165,6 @@ class CallbackProxy extends Handler { /** * Get the WebViewClient. * @return the current WebViewClient instance. - * - *@hide pending API council approval. */ public WebViewClient getWebViewClient() { return mWebViewClient; @@ -1013,10 +1011,6 @@ class CallbackProxy extends Handler { sendMessage(msg); } - /** - * @hide - hide this because it contains a parameter of type SslError. - * SslError is located in a hidden package. - */ public void onReceivedSslError(SslErrorHandler handler, SslError error) { // Do an unsynchronized quick check to avoid posting if no callback has // been set. @@ -1031,9 +1025,7 @@ class CallbackProxy extends Handler { msg.obj = map; sendMessage(msg); } - /** - * @hide - */ + public void onReceivedClientCertRequest(ClientCertRequestHandler handler, String host_and_port) { // Do an unsynchronized quick check to avoid posting if no callback has // been set. @@ -1048,17 +1040,8 @@ class CallbackProxy extends Handler { msg.obj = map; sendMessage(msg); } - /** - * @hide - hide this because it contains a parameter of type SslCertificate, - * which is located in a hidden package. - */ public void onReceivedCertificate(SslCertificate certificate) { - // Do an unsynchronized quick check to avoid posting if no callback has - // been set. - if (mWebViewClient == null) { - return; - } // here, certificate can be null (if the site is not secure) sendMessage(obtainMessage(RECEIVED_CERTIFICATE, certificate)); } diff --git a/core/java/android/webkit/SslCertLookupTable.java b/core/java/android/webkit/SslCertLookupTable.java index faff110aae8a..048a3cfb0861 100644 --- a/core/java/android/webkit/SslCertLookupTable.java +++ b/core/java/android/webkit/SslCertLookupTable.java @@ -20,14 +20,15 @@ import android.os.Bundle; import android.net.http.SslError; /** - * A simple class to store the wrong certificates that user is aware but - * chose to proceed. + * Stores the user's decision of whether to allow or deny an invalid certificate. + * + * This class is not threadsafe. It is used only on the WebCore thread. */ final class SslCertLookupTable { private static SslCertLookupTable sTable; private final Bundle table; - public static synchronized SslCertLookupTable getInstance() { + public static SslCertLookupTable getInstance() { if (sTable == null) { sTable = new SslCertLookupTable(); } @@ -38,15 +39,11 @@ final class SslCertLookupTable { table = new Bundle(); } - public void Allow(SslError ssl_error) { - table.putBoolean(ssl_error.toString(), true); - } - - public void Deny(SslError ssl_error) { - table.putBoolean(ssl_error.toString(), false); + public void setIsAllowed(SslError sslError, boolean allow) { + table.putBoolean(sslError.toString(), allow); } - public boolean IsAllowed(SslError ssl_error) { - return table.getBoolean(ssl_error.toString()); + public boolean isAllowed(SslError sslError) { + return table.getBoolean(sslError.toString()); } } |