Merge changes If97c4d76,I1cd975b1
* changes:
Always update the WebView's SSL certificate, regardless of whether a WebViewClient has been set
Remove superfluous synchronized modifier on SslCertLookupTable.getInstance()
diff --git a/core/java/android/webkit/BrowserFrame.java b/core/java/android/webkit/BrowserFrame.java
index 309857d..28f54aa 100644
--- a/core/java/android/webkit/BrowserFrame.java
+++ b/core/java/android/webkit/BrowserFrame.java
@@ -1159,51 +1159,49 @@
}
/**
- * Called by JNI when the native HTTPS stack gets an invalid cert chain.
+ * Called by JNI when the Chromium HTTP stack gets an invalid certificate chain.
*
* We delegate the request to CallbackProxy, and route its response to
* {@link #nativeSslCertErrorProceed(int)} or
* {@link #nativeSslCertErrorCancel(int, int)}.
*/
- private void reportSslCertError(
- final int handle, final int cert_error, byte cert_der[], String url) {
- final SslError ssl_error;
+ private void reportSslCertError(final int handle, final int certError, byte certDER[],
+ String url) {
+ final SslError sslError;
try {
- X509Certificate cert = new X509CertImpl(cert_der);
+ X509Certificate cert = new X509CertImpl(certDER);
SslCertificate sslCert = new SslCertificate(cert);
if (JniUtil.useChromiumHttpStack()) {
- ssl_error = SslError.SslErrorFromChromiumErrorCode(cert_error, sslCert,
+ sslError = SslError.SslErrorFromChromiumErrorCode(certError, sslCert,
new URL(url).getHost());
} else {
- ssl_error = new SslError(cert_error, cert, url);
+ sslError = new SslError(certError, cert, url);
}
} catch (IOException e) {
// Can't get the certificate, not much to do.
Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling");
- nativeSslCertErrorCancel(handle, cert_error);
+ nativeSslCertErrorCancel(handle, certError);
+ return;
+ }
+
+ if (SslCertLookupTable.getInstance().isAllowed(sslError)) {
+ nativeSslCertErrorProceed(handle);
return;
}
SslErrorHandler handler = new SslErrorHandler() {
-
@Override
public void proceed() {
- SslCertLookupTable.getInstance().Allow(ssl_error);
+ SslCertLookupTable.getInstance().setIsAllowed(sslError, true);
nativeSslCertErrorProceed(handle);
}
-
@Override
public void cancel() {
- SslCertLookupTable.getInstance().Deny(ssl_error);
- nativeSslCertErrorCancel(handle, cert_error);
+ SslCertLookupTable.getInstance().setIsAllowed(sslError, false);
+ nativeSslCertErrorCancel(handle, certError);
}
};
-
- if (SslCertLookupTable.getInstance().IsAllowed(ssl_error)) {
- nativeSslCertErrorProceed(handle);
- } else {
- mCallbackProxy.onReceivedSslError(handler, ssl_error);
- }
+ mCallbackProxy.onReceivedSslError(handler, sslError);
}
/**
@@ -1416,7 +1414,7 @@
private native void nativeAuthenticationCancel(int handle);
private native void nativeSslCertErrorProceed(int handle);
- private native void nativeSslCertErrorCancel(int handle, int cert_error);
+ private native void nativeSslCertErrorCancel(int handle, int certError);
native void nativeSslClientCert(int handle,
byte[] pkcs8EncodedPrivateKey,
diff --git a/core/java/android/webkit/CallbackProxy.java b/core/java/android/webkit/CallbackProxy.java
index 88583df..c9fcf0c 100644
--- a/core/java/android/webkit/CallbackProxy.java
+++ b/core/java/android/webkit/CallbackProxy.java
@@ -165,8 +165,6 @@
/**
* Get the WebViewClient.
* @return the current WebViewClient instance.
- *
- *@hide pending API council approval.
*/
public WebViewClient getWebViewClient() {
return mWebViewClient;
@@ -1013,10 +1011,6 @@
sendMessage(msg);
}
- /**
- * @hide - hide this because it contains a parameter of type SslError.
- * SslError is located in a hidden package.
- */
public void onReceivedSslError(SslErrorHandler handler, SslError error) {
// Do an unsynchronized quick check to avoid posting if no callback has
// been set.
@@ -1031,9 +1025,7 @@
msg.obj = map;
sendMessage(msg);
}
- /**
- * @hide
- */
+
public void onReceivedClientCertRequest(ClientCertRequestHandler handler, String host_and_port) {
// Do an unsynchronized quick check to avoid posting if no callback has
// been set.
@@ -1048,17 +1040,8 @@
msg.obj = map;
sendMessage(msg);
}
- /**
- * @hide - hide this because it contains a parameter of type SslCertificate,
- * which is located in a hidden package.
- */
public void onReceivedCertificate(SslCertificate certificate) {
- // Do an unsynchronized quick check to avoid posting if no callback has
- // been set.
- if (mWebViewClient == null) {
- return;
- }
// here, certificate can be null (if the site is not secure)
sendMessage(obtainMessage(RECEIVED_CERTIFICATE, certificate));
}
diff --git a/core/java/android/webkit/SslCertLookupTable.java b/core/java/android/webkit/SslCertLookupTable.java
index faff110..048a3cf 100644
--- a/core/java/android/webkit/SslCertLookupTable.java
+++ b/core/java/android/webkit/SslCertLookupTable.java
@@ -20,14 +20,15 @@
import android.net.http.SslError;
/**
- * A simple class to store the wrong certificates that user is aware but
- * chose to proceed.
+ * Stores the user's decision of whether to allow or deny an invalid certificate.
+ *
+ * This class is not threadsafe. It is used only on the WebCore thread.
*/
final class SslCertLookupTable {
private static SslCertLookupTable sTable;
private final Bundle table;
- public static synchronized SslCertLookupTable getInstance() {
+ public static SslCertLookupTable getInstance() {
if (sTable == null) {
sTable = new SslCertLookupTable();
}
@@ -38,15 +39,11 @@
table = new Bundle();
}
- public void Allow(SslError ssl_error) {
- table.putBoolean(ssl_error.toString(), true);
+ public void setIsAllowed(SslError sslError, boolean allow) {
+ table.putBoolean(sslError.toString(), allow);
}
- public void Deny(SslError ssl_error) {
- table.putBoolean(ssl_error.toString(), false);
- }
-
- public boolean IsAllowed(SslError ssl_error) {
- return table.getBoolean(ssl_error.toString());
+ public boolean isAllowed(SslError sslError) {
+ return table.getBoolean(sslError.toString());
}
}