Merge changes If97c4d76,I1cd975b1

    }

    /**

     * Called by JNI when the native HTTPS stack gets an invalid cert chain.

     * Called by JNI when the Chromium HTTP stack gets an invalid certificate chain.

     *

     * We delegate the request to CallbackProxy, and route its response to

     * {@link #nativeSslCertErrorProceed(int)} or

     * {@link #nativeSslCertErrorCancel(int, int)}.

     */

    private void reportSslCertError(

            final int handle, final int cert_error, byte cert_der[], String url) {

        final SslError ssl_error;

    private void reportSslCertError(final int handle, final int certError, byte certDER[],

            String url) {

        final SslError sslError;

        try {

            X509Certificate cert = new X509CertImpl(cert_der);

            X509Certificate cert = new X509CertImpl(certDER);

            SslCertificate sslCert = new SslCertificate(cert);

            if (JniUtil.useChromiumHttpStack()) {

                ssl_error = SslError.SslErrorFromChromiumErrorCode(cert_error, sslCert,

                sslError = SslError.SslErrorFromChromiumErrorCode(certError, sslCert,

                        new URL(url).getHost());

            } else {

                ssl_error = new SslError(cert_error, cert, url);

                sslError = new SslError(certError, cert, url);

            }

        } catch (IOException e) {

            // Can't get the certificate, not much to do.

            Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling");

            nativeSslCertErrorCancel(handle, cert_error);

            nativeSslCertErrorCancel(handle, certError);

            return;

        }

        SslErrorHandler handler = new SslErrorHandler() {

        if (SslCertLookupTable.getInstance().isAllowed(sslError)) {

            nativeSslCertErrorProceed(handle);

            return;

        }

        SslErrorHandler handler = new SslErrorHandler() {

            @Override

            public void proceed() {

                SslCertLookupTable.getInstance().Allow(ssl_error);

                SslCertLookupTable.getInstance().setIsAllowed(sslError, true);

                nativeSslCertErrorProceed(handle);

            }

            @Override

            public void cancel() {

                SslCertLookupTable.getInstance().Deny(ssl_error);

                nativeSslCertErrorCancel(handle, cert_error);

                SslCertLookupTable.getInstance().setIsAllowed(sslError, false);

                nativeSslCertErrorCancel(handle, certError);

            }

        };

        if (SslCertLookupTable.getInstance().IsAllowed(ssl_error)) {

            nativeSslCertErrorProceed(handle);

        } else {

            mCallbackProxy.onReceivedSslError(handler, ssl_error);

        }

        mCallbackProxy.onReceivedSslError(handler, sslError);

    }

    /**

    private native void nativeAuthenticationCancel(int handle);

    private native void nativeSslCertErrorProceed(int handle);

    private native void nativeSslCertErrorCancel(int handle, int cert_error);

    private native void nativeSslCertErrorCancel(int handle, int certError);

    native void nativeSslClientCert(int handle,

                                    byte[] pkcs8EncodedPrivateKey,

    /**

     * Get the WebViewClient.

     * @return the current WebViewClient instance.

     *

     *@hide pending API council approval.

     */

    public WebViewClient getWebViewClient() {

       return mWebViewClient;

        sendMessage(msg);

    }

    /**

     * @hide - hide this because it contains a parameter of type SslError.

     * SslError is located in a hidden package.

     */

    public void onReceivedSslError(SslErrorHandler handler, SslError error) {

        // Do an unsynchronized quick check to avoid posting if no callback has

        // been set.

        msg.obj = map;

        sendMessage(msg);

    }

    /**

     * @hide

     */

    public void onReceivedClientCertRequest(ClientCertRequestHandler handler, String host_and_port) {

        // Do an unsynchronized quick check to avoid posting if no callback has

        // been set.

        msg.obj = map;

        sendMessage(msg);

    }

    /**

     * @hide - hide this because it contains a parameter of type SslCertificate,

     * which is located in a hidden package.

     */

    public void onReceivedCertificate(SslCertificate certificate) {

        // Do an unsynchronized quick check to avoid posting if no callback has

        // been set.

        if (mWebViewClient == null) {

            return;

        }

        // here, certificate can be null (if the site is not secure)

        sendMessage(obtainMessage(RECEIVED_CERTIFICATE, certificate));

    }

import android.net.http.SslError;

/**

 * A simple class to store the wrong certificates that user is aware but

 * chose to proceed.

 * Stores the user's decision of whether to allow or deny an invalid certificate.

 *

 * This class is not threadsafe. It is used only on the WebCore thread.

 */

final class SslCertLookupTable {

    private static SslCertLookupTable sTable;

    private final Bundle table;

    public static synchronized SslCertLookupTable getInstance() {

    public static SslCertLookupTable getInstance() {

        if (sTable == null) {

            sTable = new SslCertLookupTable();

        }

        table = new Bundle();

    }

    public void Allow(SslError ssl_error) {

        table.putBoolean(ssl_error.toString(), true);

    }

    public void Deny(SslError ssl_error) {

        table.putBoolean(ssl_error.toString(), false);

    public void setIsAllowed(SslError sslError, boolean allow) {

        table.putBoolean(sslError.toString(), allow);

    }

    public boolean IsAllowed(SslError ssl_error) {

        return table.getBoolean(ssl_error.toString());

    public boolean isAllowed(SslError sslError) {

        return table.getBoolean(sslError.toString());

    }

}