• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 package org.chromium.android_webview;
6 
7 import org.chromium.net.AndroidPrivateKey;
8 
9 import java.util.Arrays;
10 import java.util.HashMap;
11 import java.util.HashSet;
12 import java.util.Map;
13 import java.util.Set;
14 
15 /**
16  * Store user's client certificate decision for a host and port pair. Not
17  * thread-safe. All accesses are done on UI thread.
18  */
19 public class ClientCertLookupTable {
20 
21     /**
22      * A container for the certificate data.
23      */
24     public static class Cert {
25         AndroidPrivateKey privateKey;
26         byte[][] certChain;
Cert(AndroidPrivateKey privateKey, byte[][] certChain)27         public Cert(AndroidPrivateKey privateKey, byte[][] certChain) {
28             this.privateKey = privateKey;
29             byte[][] newChain = new byte[certChain.length][];
30             for (int i = 0; i < certChain.length; i++) {
31                 newChain[i] = Arrays.copyOf(certChain[i], certChain[i].length);
32             }
33             this.certChain = newChain;
34         }
35     };
36 
37     private final Map<String, Cert> mCerts;
38     private final Set<String> mDenieds;
39 
40     // Clear client certificate preferences
clear()41     public void clear() {
42         mCerts.clear();
43         mDenieds.clear();
44     }
45 
ClientCertLookupTable()46     public ClientCertLookupTable() {
47         mCerts = new HashMap<String, Cert>();
48         mDenieds = new HashSet<String>();
49     }
50 
allow(String host, int port, AndroidPrivateKey privateKey, byte[][] chain)51     public void allow(String host, int port, AndroidPrivateKey privateKey, byte[][] chain) {
52         String host_and_port = hostAndPort(host, port);
53         mCerts.put(host_and_port, new Cert(privateKey, chain));
54         mDenieds.remove(host_and_port);
55     }
56 
deny(String host, int port)57     public void deny(String host, int port) {
58         String host_and_port = hostAndPort(host, port);
59         mCerts.remove(host_and_port);
60         mDenieds.add(host_and_port);
61     }
62 
getCertData(String host, int port)63     public Cert getCertData(String host, int port) {
64         return mCerts.get(hostAndPort(host, port));
65     }
66 
isDenied(String host, int port)67     public boolean isDenied(String host, int port) {
68         return mDenieds.contains(hostAndPort(host, port));
69     }
70 
71     // TODO(sgurun) add a test for this. Not separating host and pair properly will be
72     // a security issue.
hostAndPort(String host, int port)73     private static String hostAndPort(String host, int port) {
74         return host + ":" + port;
75     }
76 }
77