4 files changed, 103 insertions, 32 deletions

diff --git a/core/java/android/webkit/BrowserFrame.java b/core/java/android/webkit/BrowserFrame.java
index 465eef885189..dbddb2efba30 100644
--- a/core/java/android/webkit/BrowserFrame.java
+++ b/core/java/android/webkit/BrowserFrame.java
@@ -103,7 +103,7 @@ class BrowserFrame extends Handler {
         // Create a global JWebCoreJavaBridge to handle timers and
         // cookies in the WebCore thread.
         if (sJavaBridge == null) {
-            sJavaBridge = new JWebCoreJavaBridge();
+            sJavaBridge = new JWebCoreJavaBridge(context);
             // set WebCore native cache size
             sJavaBridge.setCacheSize(4 * 1024 * 1024);
             // initialize CacheManager
diff --git a/core/java/android/webkit/CertTool.java b/core/java/android/webkit/CertTool.java
new file mode 100644
index 000000000000..e5540df41ef6
--- /dev/null
+++ b/core/java/android/webkit/CertTool.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright (C) 2009 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.webkit;
+
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.jce.netscape.NetscapeCertRequest;
+import org.bouncycastle.util.encoders.Base64;
+
+import android.content.ActivityNotFoundException;
+import android.content.Context;
+import android.content.Intent;
+import android.security.Credentials;
+import android.util.Log;
+
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+
+class CertTool {
+    private static final String LOGTAG = "CertTool";
+
+    private static final AlgorithmIdentifier MD5_WITH_RSA =
+            new AlgorithmIdentifier(PKCSObjectIdentifiers.md5WithRSAEncryption);
+
+    static final String[] KEY_STRENGTH_LIST = {"High Grade", "Medium Grade"};
+
+    static final String CERT = Credentials.CERTIFICATE;
+    static final String PKCS12 = Credentials.PKCS12;
+
+    static String getSignedPublicKey(Context context, int index, String challenge) {
+        try {
+            KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
+            generator.initialize((index == 0) ? 2048 : 1024);
+            KeyPair pair = generator.genKeyPair();
+
+            NetscapeCertRequest request = new NetscapeCertRequest(challenge,
+                    MD5_WITH_RSA, pair.getPublic());
+            request.sign(pair.getPrivate());
+            byte[] signed = request.toASN1Object().getDEREncoded();
+
+            Credentials.getInstance().install(context, pair);
+            return new String(Base64.encode(signed));
+        } catch (Exception e) {
+            Log.w(LOGTAG, e);
+        }
+        return null;
+    }
+
+    static void addCertificate(Context context, String type, byte[] value) {
+        Credentials.getInstance().install(context, type, value);
+    }
+
+    private CertTool() {}
+}
diff --git a/core/java/android/webkit/JWebCoreJavaBridge.java b/core/java/android/webkit/JWebCoreJavaBridge.java
index ddc2da1f3938..508409808a8d 100644
--- a/core/java/android/webkit/JWebCoreJavaBridge.java
+++ b/core/java/android/webkit/JWebCoreJavaBridge.java
@@ -16,9 +16,9 @@
 
 package android.webkit;
 
+import android.content.Context;
 import android.os.Handler;
 import android.os.Message;
-import android.security.CertTool;
 import android.util.Log;
 
 final class JWebCoreJavaBridge extends Handler {
@@ -41,6 +41,8 @@ final class JWebCoreJavaBridge extends Handler {
     private boolean mTimerPaused;
     private boolean mHasDeferredTimers;
 
+    private Context mContext;
+
     /* package */
     static final int REFRESH_PLUGINS = 100;
 
@@ -48,7 +50,8 @@ final class JWebCoreJavaBridge extends Handler {
      * Construct a new JWebCoreJavaBridge to interface with
      * WebCore timers and cookies.
      */
-    public JWebCoreJavaBridge() {
+    public JWebCoreJavaBridge(Context context) {
+        mContext = context;
         nativeConstructor();
     }
 
@@ -230,12 +233,12 @@ final class JWebCoreJavaBridge extends Handler {
     }
 
     private String[] getKeyStrengthList() {
-        return CertTool.getInstance().getSupportedKeyStrenghs();
+        return CertTool.KEY_STRENGTH_LIST;
     }
 
     private String getSignedPublicKey(int index, String challenge, String url) {
         // generateKeyPair expects organizations which we don't have. Ignore url.
-        return CertTool.getInstance().generateKeyPair(index, challenge, null);
+        return CertTool.getSignedPublicKey(mContext, index, challenge);
     }
 
     private native void nativeConstructor();
diff --git a/core/java/android/webkit/LoadListener.java b/core/java/android/webkit/LoadListener.java
index aee8a6dbd110..5995121bb955 100644
--- a/core/java/android/webkit/LoadListener.java
+++ b/core/java/android/webkit/LoadListener.java
@@ -28,7 +28,6 @@ import android.net.http.SslError;
 
 import android.os.Handler;
 import android.os.Message;
-import android.security.CertTool;
 import android.util.Log;
 import android.webkit.CacheManager.CacheResult;
 
@@ -37,7 +36,6 @@ import com.android.internal.R;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.HashMap;
-import java.util.HashSet;
 import java.util.Map;
 import java.util.Vector;
 import java.util.regex.Pattern;
@@ -70,12 +68,12 @@ class LoadListener extends Handler implements EventHandler {
     private static final int HTTP_NOT_FOUND = 404;
     private static final int HTTP_PROXY_AUTH = 407;
 
-    private static HashSet<String> sCertificateMimeTypeMap;
+    private static HashMap<String, String> sCertificateTypeMap;
     static {
-        sCertificateMimeTypeMap = new HashSet<String>();
-        sCertificateMimeTypeMap.add("application/x-x509-ca-cert");
-        sCertificateMimeTypeMap.add("application/x-x509-user-cert");
-        sCertificateMimeTypeMap.add("application/x-pkcs12");
+        sCertificateTypeMap = new HashMap<String, String>();
+        sCertificateTypeMap.put("application/x-x509-ca-cert", CertTool.CERT);
+        sCertificateTypeMap.put("application/x-x509-user-cert", CertTool.CERT);
+        sCertificateTypeMap.put("application/x-pkcs12", CertTool.PKCS12);
     }
 
     private static int sNativeLoaderCount;
@@ -964,9 +962,9 @@ class LoadListener extends Handler implements EventHandler {
 
     // This commits the headers without checking the response status code.
     private void commitHeaders() {
-        if (mIsMainPageLoader && sCertificateMimeTypeMap.contains(mMimeType)) {
+        if (mIsMainPageLoader && sCertificateTypeMap.containsKey(mMimeType)) {
             // In the case of downloading certificate, we will save it to the
-            // Keystore in commitLoad. Do not call webcore.
+            // KeyStore in commitLoad. Do not call webcore.
             return;
         }
 
@@ -1009,26 +1007,28 @@ class LoadListener extends Handler implements EventHandler {
     private void commitLoad() {
         if (mCancelled) return;
 
-        if (mIsMainPageLoader && sCertificateMimeTypeMap.contains(mMimeType)) {
-            // In the case of downloading certificate, we will save it to the
-            // Keystore and stop the current loading so that it will not
-            // generate a new history page
-            byte[] cert = new byte[mDataBuilder.getByteSize()];
-            int position = 0;
-            ByteArrayBuilder.Chunk c;
-            while (true) {
-                c = mDataBuilder.getFirstChunk();
-                if (c == null) break;
-
-                if (c.mLength != 0) {
-                    System.arraycopy(c.mArray, 0, cert, position, c.mLength);
-                    position += c.mLength;
+        if (mIsMainPageLoader) {
+            String type = sCertificateTypeMap.get(mMimeType);
+            if (type != null) {
+                // In the case of downloading certificate, we will save it to
+                // the KeyStore and stop the current loading so that it will not
+                // generate a new history page
+                byte[] cert = new byte[mDataBuilder.getByteSize()];
+                int offset = 0;
+                while (true) {
+                    ByteArrayBuilder.Chunk c = mDataBuilder.getFirstChunk();
+                    if (c == null) break;
+
+                    if (c.mLength != 0) {
+                        System.arraycopy(c.mArray, 0, cert, offset, c.mLength);
+                        offset += c.mLength;
+                    }
+                    mDataBuilder.releaseChunk(c);
                 }
-                mDataBuilder.releaseChunk(c);
+                CertTool.addCertificate(mContext, type, cert);
+                mBrowserFrame.stopLoading();
+                return;
             }
-            CertTool.getInstance().addCertificate(cert, mContext);
-            mBrowserFrame.stopLoading();
-            return;
         }
 
         // Give the data to WebKit now