| // Copyright 2013 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| package org.chromium.android_webview; |
| |
| import android.content.Context; |
| import android.net.http.SslCertificate; |
| import android.net.http.SslError; |
| import android.util.Log; |
| import android.webkit.ValueCallback; |
| |
| import org.chromium.base.ThreadUtils; |
| import org.chromium.base.annotations.CalledByNative; |
| import org.chromium.base.annotations.CalledByNativeUnchecked; |
| import org.chromium.base.annotations.JNINamespace; |
| import org.chromium.net.NetError; |
| |
| import java.security.Principal; |
| import java.security.PrivateKey; |
| import java.security.cert.CertificateEncodingException; |
| import java.security.cert.X509Certificate; |
| import java.util.HashMap; |
| import java.util.Map; |
| |
| import javax.security.auth.x500.X500Principal; |
| |
| /** |
| * This class handles the JNI communication logic for the the AwContentsClient class. |
| * Both the Java and the native peers of AwContentsClientBridge are owned by the |
| * corresponding AwContents instances. This class and its native peer are connected |
| * via weak references. The native AwContentsClientBridge sets up and clear these weak |
| * references. |
| */ |
| @JNINamespace("android_webview") |
| public class AwContentsClientBridge { |
| private static final String TAG = "AwContentsClientBridge"; |
| |
| private AwContentsClient mClient; |
| private Context mContext; |
| // The native peer of this object. |
| private long mNativeContentsClientBridge; |
| |
| private final ClientCertLookupTable mLookupTable; |
| |
| // Used for mocking this class in tests. |
| protected AwContentsClientBridge(ClientCertLookupTable table) { |
| mLookupTable = table; |
| } |
| |
| public AwContentsClientBridge(Context context, AwContentsClient client, |
| ClientCertLookupTable table) { |
| assert client != null; |
| mContext = context; |
| mClient = client; |
| mLookupTable = table; |
| } |
| |
| /** |
| * Callback to communicate clientcertificaterequest back to the AwContentsClientBridge. |
| * The public methods should be called on UI thread. |
| * A request can not be proceeded, ignored or canceled more than once. Doing this |
| * is a programming error and causes an exception. |
| */ |
| public class ClientCertificateRequestCallback { |
| |
| private final int mId; |
| private final String mHost; |
| private final int mPort; |
| private boolean mIsCalled; |
| |
| public ClientCertificateRequestCallback(int id, String host, int port) { |
| mId = id; |
| mHost = host; |
| mPort = port; |
| } |
| |
| public void proceed(final PrivateKey privateKey, final X509Certificate[] chain) { |
| ThreadUtils.runOnUiThread(new Runnable() { |
| @Override |
| public void run() { |
| proceedOnUiThread(privateKey, chain); |
| } |
| }); |
| } |
| |
| public void ignore() { |
| ThreadUtils.runOnUiThread(new Runnable() { |
| @Override |
| public void run() { |
| ignoreOnUiThread(); |
| } |
| }); |
| } |
| |
| public void cancel() { |
| ThreadUtils.runOnUiThread(new Runnable() { |
| @Override |
| public void run() { |
| cancelOnUiThread(); |
| } |
| |
| }); |
| } |
| |
| private void proceedOnUiThread(PrivateKey privateKey, X509Certificate[] chain) { |
| checkIfCalled(); |
| |
| if (privateKey == null || chain == null || chain.length == 0) { |
| Log.w(TAG, "Empty client certificate chain?"); |
| provideResponse(null, null); |
| return; |
| } |
| // Encode the certificate chain. |
| byte[][] encodedChain = new byte[chain.length][]; |
| try { |
| for (int i = 0; i < chain.length; ++i) { |
| encodedChain[i] = chain[i].getEncoded(); |
| } |
| } catch (CertificateEncodingException e) { |
| Log.w(TAG, "Could not retrieve encoded certificate chain: " + e); |
| provideResponse(null, null); |
| return; |
| } |
| mLookupTable.allow(mHost, mPort, privateKey, encodedChain); |
| provideResponse(privateKey, encodedChain); |
| } |
| |
| private void ignoreOnUiThread() { |
| checkIfCalled(); |
| provideResponse(null, null); |
| } |
| |
| private void cancelOnUiThread() { |
| checkIfCalled(); |
| mLookupTable.deny(mHost, mPort); |
| provideResponse(null, null); |
| } |
| |
| private void checkIfCalled() { |
| if (mIsCalled) { |
| throw new IllegalStateException("The callback was already called."); |
| } |
| mIsCalled = true; |
| } |
| |
| private void provideResponse(PrivateKey privateKey, byte[][] certChain) { |
| if (mNativeContentsClientBridge == 0) return; |
| nativeProvideClientCertificateResponse(mNativeContentsClientBridge, mId, |
| certChain, privateKey); |
| } |
| } |
| |
| // Used by the native peer to set/reset a weak ref to the native peer. |
| @CalledByNative |
| private void setNativeContentsClientBridge(long nativeContentsClientBridge) { |
| mNativeContentsClientBridge = nativeContentsClientBridge; |
| } |
| |
| // If returns false, the request is immediately canceled, and any call to proceedSslError |
| // has no effect. If returns true, the request should be canceled or proceeded using |
| // proceedSslError(). |
| // Unlike the webview classic, we do not keep keep a database of certificates that |
| // are allowed by the user, because this functionality is already handled via |
| // ssl_policy in native layers. |
| @CalledByNative |
| private boolean allowCertificateError(int certError, byte[] derBytes, final String url, |
| final int id) { |
| final SslCertificate cert = SslUtil.getCertificateFromDerBytes(derBytes); |
| if (cert == null) { |
| // if the certificate or the client is null, cancel the request |
| return false; |
| } |
| final SslError sslError = SslUtil.sslErrorFromNetErrorCode(certError, cert, url); |
| ValueCallback<Boolean> callback = new ValueCallback<Boolean>() { |
| @Override |
| public void onReceiveValue(final Boolean value) { |
| ThreadUtils.runOnUiThread(new Runnable() { |
| @Override |
| public void run() { |
| proceedSslError(value.booleanValue(), id); |
| } |
| }); |
| } |
| }; |
| mClient.onReceivedSslError(callback, sslError); |
| return true; |
| } |
| |
| private void proceedSslError(boolean proceed, int id) { |
| if (mNativeContentsClientBridge == 0) return; |
| nativeProceedSslError(mNativeContentsClientBridge, proceed, id); |
| } |
| |
| // Intentionally not private for testing the native peer of this class. |
| @CalledByNative |
| protected void selectClientCertificate(final int id, final String[] keyTypes, |
| byte[][] encodedPrincipals, final String host, final int port) { |
| assert mNativeContentsClientBridge != 0; |
| ClientCertLookupTable.Cert cert = mLookupTable.getCertData(host, port); |
| if (mLookupTable.isDenied(host, port)) { |
| nativeProvideClientCertificateResponse(mNativeContentsClientBridge, id, |
| null, null); |
| return; |
| } |
| if (cert != null) { |
| nativeProvideClientCertificateResponse(mNativeContentsClientBridge, id, |
| cert.mCertChain, cert.mPrivateKey); |
| return; |
| } |
| // Build the list of principals from encoded versions. |
| Principal[] principals = null; |
| if (encodedPrincipals.length > 0) { |
| principals = new X500Principal[encodedPrincipals.length]; |
| for (int n = 0; n < encodedPrincipals.length; n++) { |
| try { |
| principals[n] = new X500Principal(encodedPrincipals[n]); |
| } catch (IllegalArgumentException e) { |
| Log.w(TAG, "Exception while decoding issuers list: " + e); |
| nativeProvideClientCertificateResponse(mNativeContentsClientBridge, id, |
| null, null); |
| return; |
| } |
| } |
| |
| } |
| |
| final ClientCertificateRequestCallback callback = |
| new ClientCertificateRequestCallback(id, host, port); |
| mClient.onReceivedClientCertRequest(callback, keyTypes, principals, host, port); |
| } |
| |
| @CalledByNative |
| private void handleJsAlert(String url, String message, int id) { |
| JsResultHandler handler = new JsResultHandler(this, id); |
| mClient.handleJsAlert(url, message, handler); |
| } |
| |
| @CalledByNative |
| private void handleJsConfirm(String url, String message, int id) { |
| JsResultHandler handler = new JsResultHandler(this, id); |
| mClient.handleJsConfirm(url, message, handler); |
| } |
| |
| @CalledByNative |
| private void handleJsPrompt(String url, String message, String defaultValue, int id) { |
| JsResultHandler handler = new JsResultHandler(this, id); |
| mClient.handleJsPrompt(url, message, defaultValue, handler); |
| } |
| |
| @CalledByNative |
| private void handleJsBeforeUnload(String url, String message, int id) { |
| JsResultHandler handler = new JsResultHandler(this, id); |
| mClient.handleJsBeforeUnload(url, message, handler); |
| } |
| |
| @CalledByNative |
| private void newDownload(String url, String userAgent, String contentDisposition, |
| String mimeType, long contentLength) { |
| mClient.getCallbackHelper().postOnDownloadStart( |
| url, userAgent, contentDisposition, mimeType, contentLength); |
| } |
| |
| @CalledByNative |
| private void newLoginRequest(String realm, String account, String args) { |
| mClient.getCallbackHelper().postOnReceivedLoginRequest(realm, account, args); |
| } |
| |
| @CalledByNative |
| private void onReceivedError( |
| // WebResourceRequest |
| String url, boolean isMainFrame, boolean hasUserGesture, String method, |
| String[] requestHeaderNames, String[] requestHeaderValues, |
| // WebResourceError |
| int errorCode, String description) { |
| AwContentsClient.AwWebResourceRequest request = new AwContentsClient.AwWebResourceRequest(); |
| request.url = url; |
| request.isMainFrame = isMainFrame; |
| request.hasUserGesture = hasUserGesture; |
| request.method = method; |
| request.requestHeaders = new HashMap<String, String>(requestHeaderNames.length); |
| for (int i = 0; i < requestHeaderNames.length; ++i) { |
| request.requestHeaders.put(requestHeaderNames[i], requestHeaderValues[i]); |
| } |
| AwContentsClient.AwWebResourceError error = new AwContentsClient.AwWebResourceError(); |
| error.errorCode = errorCode; |
| error.description = description; |
| |
| String unreachableWebDataUrl = AwContentsStatics.getUnreachableWebDataUrl(); |
| boolean isErrorUrl = |
| unreachableWebDataUrl != null && unreachableWebDataUrl.equals(request.url); |
| |
| if (!isErrorUrl && error.errorCode != NetError.ERR_ABORTED) { |
| // NetError.ERR_ABORTED error code is generated for the following reasons: |
| // - WebView.stopLoading is called; |
| // - the navigation is intercepted by the embedder via shouldOverrideUrlLoading; |
| // - server returned 204 status (no content). |
| // |
| // Android WebView does not notify the embedder of these situations using |
| // this error code with the WebViewClient.onReceivedError callback. |
| error.errorCode = ErrorCodeConversionHelper.convertErrorCode(error.errorCode); |
| mClient.getCallbackHelper().postOnReceivedError(request, error); |
| if (request.isMainFrame) { |
| // Need to call onPageFinished after onReceivedError for backwards compatibility |
| // with the classic webview. See also AwWebContentsObserver.didFailLoad which is |
| // used when we want to send onPageFinished alone. |
| mClient.getCallbackHelper().postOnPageFinished(request.url); |
| } |
| } |
| } |
| |
| @CalledByNative |
| private void onReceivedHttpError( |
| // WebResourceRequest |
| String url, boolean isMainFrame, boolean hasUserGesture, String method, |
| String[] requestHeaderNames, String[] requestHeaderValues, |
| // WebResourceResponse |
| String mimeType, String encoding, int statusCode, String reasonPhrase, |
| String[] responseHeaderNames, String[] responseHeaderValues) { |
| AwContentsClient.AwWebResourceRequest request = new AwContentsClient.AwWebResourceRequest(); |
| request.url = url; |
| request.isMainFrame = isMainFrame; |
| request.hasUserGesture = hasUserGesture; |
| request.method = method; |
| request.requestHeaders = new HashMap<String, String>(requestHeaderNames.length); |
| for (int i = 0; i < requestHeaderNames.length; ++i) { |
| request.requestHeaders.put(requestHeaderNames[i], requestHeaderValues[i]); |
| } |
| Map<String, String> responseHeaders = |
| new HashMap<String, String>(responseHeaderNames.length); |
| // Note that we receive un-coalesced response header lines, thus we need to combine |
| // values for the same header. |
| for (int i = 0; i < responseHeaderNames.length; ++i) { |
| if (!responseHeaders.containsKey(responseHeaderNames[i])) { |
| responseHeaders.put(responseHeaderNames[i], responseHeaderValues[i]); |
| } else if (!responseHeaderValues[i].isEmpty()) { |
| String currentValue = responseHeaders.get(responseHeaderNames[i]); |
| if (!currentValue.isEmpty()) { |
| currentValue += ", "; |
| } |
| responseHeaders.put(responseHeaderNames[i], currentValue + responseHeaderValues[i]); |
| } |
| } |
| AwWebResourceResponse response = new AwWebResourceResponse( |
| mimeType, encoding, null, statusCode, reasonPhrase, responseHeaders); |
| mClient.getCallbackHelper().postOnReceivedHttpError(request, response); |
| } |
| |
| @CalledByNativeUnchecked |
| private boolean shouldOverrideUrlLoading( |
| String url, boolean hasUserGesture, boolean isRedirect, boolean isMainFrame) { |
| return mClient.shouldIgnoreNavigation( |
| mContext, url, isMainFrame, hasUserGesture, isRedirect); |
| } |
| |
| void confirmJsResult(int id, String prompt) { |
| if (mNativeContentsClientBridge == 0) return; |
| nativeConfirmJsResult(mNativeContentsClientBridge, id, prompt); |
| } |
| |
| void cancelJsResult(int id) { |
| if (mNativeContentsClientBridge == 0) return; |
| nativeCancelJsResult(mNativeContentsClientBridge, id); |
| } |
| |
| //-------------------------------------------------------------------------------------------- |
| // Native methods |
| //-------------------------------------------------------------------------------------------- |
| private native void nativeProceedSslError(long nativeAwContentsClientBridge, boolean proceed, |
| int id); |
| private native void nativeProvideClientCertificateResponse(long nativeAwContentsClientBridge, |
| int id, byte[][] certChain, PrivateKey androidKey); |
| |
| private native void nativeConfirmJsResult(long nativeAwContentsClientBridge, int id, |
| String prompt); |
| private native void nativeCancelJsResult(long nativeAwContentsClientBridge, int id); |
| } |
