Merge "Provide a way to supply different algorithms for token binding key"

2 files changed, 35 insertions, 5 deletions

diff --git a/api/system-current.txt b/api/system-current.txt
index 6b84f5672608..a21dc272388e 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -46620,12 +46620,18 @@ package android.webkit {
     method public abstract void deleteKey(android.net.Uri, android.webkit.ValueCallback<java.lang.Boolean>);
     method public abstract void enableTokenBinding();
     method public static android.webkit.TokenBindingService getInstance();
-    method public abstract void getKey(android.net.Uri, java.lang.String, android.webkit.ValueCallback<java.security.KeyPair>);
+    method public abstract void getKey(android.net.Uri, java.lang.String[], android.webkit.ValueCallback<android.webkit.TokenBindingService.TokenBindingKey>);
     field public static final java.lang.String KEY_ALGORITHM_ECDSAP256 = "ECDSAP256";
     field public static final java.lang.String KEY_ALGORITHM_RSA2048_PKCS_1_5 = "RSA2048_PKCS_1.5";
     field public static final java.lang.String KEY_ALGORITHM_RSA2048_PSS = "RSA2048PSS";
   }
 
+  public static abstract class TokenBindingService.TokenBindingKey {
+    ctor public TokenBindingService.TokenBindingKey();
+    method public abstract java.lang.String getAlgorithm();
+    method public abstract java.security.KeyPair getKeyPair();
+  }
+
   public final class URLUtil {
     ctor public URLUtil();
     method public static java.lang.String composeSearchUrl(java.lang.String, java.lang.String, java.lang.String);
diff --git a/core/java/android/webkit/TokenBindingService.java b/core/java/android/webkit/TokenBindingService.java
index f11ce51184d5..f7caac7d5254 100644
--- a/core/java/android/webkit/TokenBindingService.java
+++ b/core/java/android/webkit/TokenBindingService.java
@@ -38,6 +38,21 @@ public abstract class TokenBindingService {
     public static final String KEY_ALGORITHM_ECDSAP256 = "ECDSAP256";
 
     /**
+     * Provides the KeyPair information.
+     */
+    public static abstract class TokenBindingKey {
+        /**
+         * The public, private key pair.
+         */
+        public abstract KeyPair getKeyPair();
+
+        /**
+         * The algorithm that is used to generate the key pair.
+         */
+        public abstract String getAlgorithm();
+    }
+
+    /**
      * Returns the default TokenBinding service instance. At present there is
      * only one token binding service instance for all WebView instances,
      * however this restriction may be relaxed in the future.
@@ -59,16 +74,25 @@ public abstract class TokenBindingService {
     /**
      * Retrieves the key pair for a given origin from the internal
      * TokenBinding key store asynchronously.
-     * Will create a key pair if one does not exist.
+     *
+     * The user can provide a list of acceptable algorithms for the retrieved
+     * key pair. If a key pair exists and it is in the list of algorithms, then
+     * the key is returned. If it is not in the list, no key is returned.
+     *
+     * If no key pair exists, WebView chooses an algorithm from the list, in
+     * the order given, to generate a key.
+     *
+     * The user can pass a null if any algorithm is acceptable.
      *
      * @param origin The origin for the server.
-     * @param algorithm The algorithm for generating the token binding key.
+     * @param algorithm The list of algorithms. Can be null. An
+     *        IllegalArgumentException is thrown if array is empty.
      * @param callback The callback that will be called when key is available.
      *        Cannot be null.
      */
     public abstract void getKey(Uri origin,
-                                String algorithm,
-                                ValueCallback<KeyPair> callback);
+                                String[] algorithm,
+                                ValueCallback<TokenBindingKey> callback);
     /**
      * Deletes specified key (for use when associated cookie is cleared).
      *