5 files changed, 111 insertions, 0 deletions

diff --git a/src/com/android/browser/KeyChainLookup.java b/src/com/android/browser/KeyChainLookup.java
new file mode 100644
index 0000000..7f236e5
--- /dev/null
+++ b/src/com/android/browser/KeyChainLookup.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 201 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.browser;
+
+import android.content.Context;
+import android.os.AsyncTask;
+import android.os.RemoteException;
+import android.security.KeyChain;
+import android.webkit.ClientCertRequestHandler;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+final class KeyChainLookup extends AsyncTask<Void, Void, Void> {
+    private final Context mContext;
+    private final ClientCertRequestHandler mHandler;
+    private final String mAlias;
+    KeyChainLookup(Context context, ClientCertRequestHandler handler, String alias) {
+        mContext = context;
+        mHandler = handler;
+        mAlias = alias;
+    }
+    @Override protected Void doInBackground(Void... params) {
+        PrivateKey privateKey;
+        X509Certificate[] certificateChain;
+        try {
+            privateKey = KeyChain.getPrivateKey(mContext, mAlias);
+            certificateChain = KeyChain.getCertificateChain(mContext, mAlias);
+        } catch (InterruptedException e) {
+            mHandler.ignore();
+            return null;
+        } catch (RemoteException e) {
+            mHandler.ignore();
+            return null;
+        }
+        mHandler.proceed(privateKey, certificateChain);
+        return null;
+    }
+}
diff --git a/src/com/android/browser/Tab.java b/src/com/android/browser/Tab.java
index 95c7850..e517d76 100644
--- a/src/com/android/browser/Tab.java
+++ b/src/com/android/browser/Tab.java
@@ -32,12 +32,15 @@ import android.net.http.SslError;
 import android.os.Bundle;
 import android.os.Message;
 import android.os.SystemClock;
+import android.security.KeyChain;
+import android.security.KeyChainAliasResponse;
 import android.speech.RecognizerResultsIntent;
 import android.util.Log;
 import android.view.KeyEvent;
 import android.view.LayoutInflater;
 import android.view.View;
 import android.view.ViewStub;
+import android.webkit.ClientCertRequestHandler;
 import android.webkit.ConsoleMessage;
 import android.webkit.DownloadListener;
 import android.webkit.GeolocationPermissions;
@@ -791,6 +794,27 @@ class Tab {
         }
 
         /**
+         * Displays client certificate request to the user.
+         */
+        @Override
+        public void onReceivedClientCertRequest(final WebView view,
+                final ClientCertRequestHandler handler, final String host_and_port) {
+            if (!mInForeground) {
+                handler.ignore();
+                return;
+            }
+            KeyChain.choosePrivateKeyAlias(mActivity, new KeyChainAliasResponse() {
+                @Override public void alias(String alias) {
+                    if (alias == null) {
+                        handler.cancel();
+                        return;
+                    }
+                    new KeyChainLookup(mActivity, handler, alias).execute();
+                }
+            });
+        }
+
+        /**
          * Handles an HTTP authentication request.
          *
          * @param handler The authentication handler
@@ -1232,6 +1256,11 @@ class Tab {
             mClient.onReceivedSslError(view, handler, error);
         }
         @Override
+        public void onReceivedClientCertRequest(WebView view,
+                ClientCertRequestHandler handler, String host_and_port) {
+            mClient.onReceivedClientCertRequest(view, handler, host_and_port);
+        }
+        @Override
         public void onReceivedHttpAuthRequest(WebView view,
                 HttpAuthHandler handler, String host, String realm) {
             mClient.onReceivedHttpAuthRequest(view, handler, host, realm);
diff --git a/tests/src/com/android/browser/JNIBindingsTestApp.java b/tests/src/com/android/browser/JNIBindingsTestApp.java
index f4efa2c..5d1fd0d 100644
--- a/tests/src/com/android/browser/JNIBindingsTestApp.java
+++ b/tests/src/com/android/browser/JNIBindingsTestApp.java
@@ -23,6 +23,7 @@ import android.os.Looper;
 import android.os.Message;
 import android.test.ActivityInstrumentationTestCase2;
 import android.util.Log;
+import android.webkit.ClientCertRequestHandler;
 import android.webkit.JsPromptResult;
 import android.webkit.JsResult;
 import android.webkit.SslErrorHandler;
@@ -220,6 +221,16 @@ public class JNIBindingsTestApp extends ActivityInstrumentationTestCase2<Browser
                 handler.proceed();
             }
 
+            /**
+             * Ignores and logs SSL client certificate requests.
+             */
+            @Override
+            public void onReceivedClientCertRequest(WebView view, ClientCertRequestHandler handler,
+                    String host_and_port) {
+                Log.w(TAG, "SSL client certificate request: " + host_and_port);
+                handler.cancel();
+            }
+
         });
     }
 
diff --git a/tests/src/com/android/browser/PopularUrlsTest.java b/tests/src/com/android/browser/PopularUrlsTest.java
index a635f0b..f1ab71b 100644
--- a/tests/src/com/android/browser/PopularUrlsTest.java
+++ b/tests/src/com/android/browser/PopularUrlsTest.java
@@ -24,6 +24,7 @@ import android.os.Environment;
 import android.test.ActivityInstrumentationTestCase2;
 import android.text.TextUtils;
 import android.util.Log;
+import android.webkit.ClientCertRequestHandler;
 import android.webkit.DownloadListener;
 import android.webkit.HttpAuthHandler;
 import android.webkit.JsPromptResult;
@@ -225,6 +226,16 @@ public class PopularUrlsTest extends ActivityInstrumentationTestCase2<BrowserAct
             }
 
             /**
+             * Ignores and logs SSL client certificate requests.
+             */
+            @Override
+            public void onReceivedClientCertRequest(WebView view, ClientCertRequestHandler handler,
+                    String host_and_port) {
+                Log.w(TAG, "SSL client certificate request: " + host_and_port);
+                handler.cancel();
+            }
+
+            /**
              * Ignores http auth with dummy username and password
              */
             @Override
diff --git a/tests/src/com/android/browser/TestWebViewClient.java b/tests/src/com/android/browser/TestWebViewClient.java
index 7159a7e..208a822 100644
--- a/tests/src/com/android/browser/TestWebViewClient.java
+++ b/tests/src/com/android/browser/TestWebViewClient.java
@@ -20,6 +20,7 @@ import android.graphics.Bitmap;
 import android.net.http.SslError;
 import android.os.Message;
 import android.view.KeyEvent;
+import android.webkit.ClientCertRequestHandler;
 import android.webkit.HttpAuthHandler;
 import android.webkit.SslErrorHandler;
 import android.webkit.WebView;
@@ -102,6 +103,13 @@ abstract class TestWebViewClient extends WebViewClient {
 
   /** {@inheritDoc} */
   @Override
+  public void onReceivedClientCertRequest(WebView view, ClientCertRequestHandler handler,
+          String host_and_port) {
+      mWrappedClient.onReceivedClientCertRequest(view, handler, host_and_port);
+  }
+
+  /** {@inheritDoc} */
+  @Override
   public void onReceivedHttpAuthRequest(WebView view,
           HttpAuthHandler handler, String host, String realm) {
       mWrappedClient.onReceivedHttpAuthRequest(view, handler, host, realm);