Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fa03f9a3 authored by Steve Block's avatar Steve Block
Browse files

Fix BrowserFrame to construct SslError using the full URL, rather than the host 

https://android-git.corp.google.com/g/#/c/133348 changed BrowserFrame to
construct the SslError using only the host. This was done so that we match on
just the host component of the URL when re-using previous decisions in case of
an SSL error. It also means that the browser displays only the host when it
shows the SSL error dialog.

This change fixes BrowserFrame to pass the full URL to SslError. We modify
SslCertLookupTable to keep the existing behaviour regarding matching on only the
host component. There's no need to change Browser to continue displaying only
the host as I think this change was an unintentional side-effect.

Also remove dead code-path in BrowserFrame.reportSslCertError(). This
method is used only with the Chromium HTTP stack. This code was added
in https://android-git.corp.google.com/g/#/c/121023.

No functional change.

Bug: 5410252
Change-Id: Ief2dbf4558095fb6fa7ab0caac7d37fa4f640b66
parent ea54b170

core/java/android/net/http/SslError.java

+0 −4
Original line number Diff line number Diff line
@@ -163,10 +163,6 @@ public class SslError { 
     * Gets the URL associated with this object.

     * @return The URL, non-null.

     */

    // TODO: When the WebView constructs an instance of this object, we

    // actually provide only the hostname, not the full URL. We should consider

    // deprecating this method, adding a new getHost() method and updating the

    // constructor arguments. See http://b/5410252.

    public String getUrl() {

        return mUrl;

    }

core/java/android/webkit/BrowserFrame.java

+1 −7
Original line number Diff line number Diff line
@@ -43,7 +43,6 @@ import junit.framework.Assert; 
import java.io.IOException;

import java.io.InputStream;

import java.lang.ref.WeakReference;

import java.net.URL;

import java.net.URLEncoder;

import java.nio.charset.Charsets;

import java.security.PrivateKey;
@@ -1171,12 +1170,7 @@ class BrowserFrame extends Handler { 
        try {

            X509Certificate cert = new X509CertImpl(certDER);

            SslCertificate sslCert = new SslCertificate(cert);

            if (JniUtil.useChromiumHttpStack()) {

                sslError = SslError.SslErrorFromChromiumErrorCode(certError, sslCert,

                        new URL(url).getHost());

            } else {

                sslError = new SslError(certError, cert, url);

            }

            sslError = SslError.SslErrorFromChromiumErrorCode(certError, sslCert, url);

        } catch (IOException e) {

            // Can't get the certificate, not much to do.

            Log.e(LOGTAG, "Can't get the certificate from WebKit, canceling");

core/java/android/webkit/SslCertLookupTable.java

+23 −2
Original line number Diff line number Diff line
@@ -19,6 +19,9 @@ package android.webkit; 
import android.os.Bundle;

import android.net.http.SslError;



import java.net.MalformedURLException;

import java.net.URL;



/**

 * Stores the user's decision of whether to allow or deny an invalid certificate.

 *
@@ -40,14 +43,32 @@ final class SslCertLookupTable { 
    }



    public void setIsAllowed(SslError sslError, boolean allow) {

        table.putBoolean(sslError.toString(), allow);

        // TODO: We should key on just the host. See http://b/5409251.

        String errorString = sslErrorToString(sslError);

        if (errorString != null) {

            table.putBoolean(errorString, allow);

        }

    }



    public boolean isAllowed(SslError sslError) {

        return table.getBoolean(sslError.toString());

        // TODO: We should key on just the host. See http://b/5409251.

        String errorString = sslErrorToString(sslError);

        return errorString == null ? false : table.getBoolean(errorString);

    }



    public void clear() {

        table.clear();

    }



    private static String sslErrorToString(SslError error) {

        String host;

        try {

            host = new URL(error.getUrl()).getHost();

        } catch(MalformedURLException e) {

            return null;

        }

        return "primary error: " + error.getPrimaryError() +

                " certificate: " + error.getCertificate() +

                " on host: " + host;

    }

}