Add function to support clearing SSL/certificate store.

When smartcard auth is disabled we need to wipe the store and any open sockets. By issuing a NULL cert being added this happens. BUG=341500 Review URL: https://codereview.chromium.org/161653002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@251033 0039d316-1c4b-4281-b951-d872f2087c98

Add function to support clearing SSL/certificate store.
When smartcard auth is disabled we need to wipe the store and any open sockets. By issuing a NULL cert being added this happens. BUG=341500 Review URL: https://codereview.chromium.org/161653002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@251033 0039d316-1c4b-4281-b951-d872f2087c98
1d74c68a · yfriedman@chromium.org · 26930594 · 1d74c68a · 1d74c68a · 1d74c68a
Commit 1d74c68a authored Feb 13, 2014 by yfriedman@chromium.org
4 changed files
--- a/net/android/java/src/org/chromium/net/X509Util.java
+++ b/net/android/java/src/org/chromium/net/X509Util.java
@@ -291,6 +291,11 @@ public class X509Util {
        ensureInitialized();
    }
+    public static void notifyClientCertificatesChanged() {
+        Log.d(TAG, "ClientCertificatesChanged!");
+        nativeNotifyClientCertificatesChanged();
+    }
    /**
     * Convert a DER encoded certificate to an X509Certificate.
     */
@@ -438,6 +443,9 @@ public class X509Util {
    public static void setDisableNativeCodeForTest(boolean disabled) {
        sDisableNativeCodeForTest = disabled;
    }
+    private static native void nativeNotifyClientCertificatesChanged();
    /**
     * Notify the native net::CertDatabase instance that the system database has been updated.
     */

--- a/net/cert/cert_database.h
+++ b/net/cert/cert_database.h
@@ -82,7 +82,13 @@ class NET_EXPORT CertDatabase {
 #endif
 #if defined(OS_ANDROID)
-  // On android, the system database is used. When the system notifies the
+  // On Android, the system key store may be replaced with a device-specific
+  // KeyStore used for storing client certificates. When the Java side replaces
+  // the KeyStore used for client certificates, notifies the observers as if a
+  // new client certificate was added.
+  void OnAndroidKeyStoreChanged();
+  // On Android, the system database is used. When the system notifies the
  // application that the certificates changed, the observers must be notified.
  void OnAndroidKeyChainChanged();
 #endif

--- a/net/cert/cert_database_android.cc
+++ b/net/cert/cert_database_android.cc
@@ -36,6 +36,10 @@ int CertDatabase::AddUserCert(X509Certificate* cert) {
  return ERR_NOT_IMPLEMENTED;
 }
+void CertDatabase::OnAndroidKeyStoreChanged() {
+  NotifyObserversOfCertAdded(NULL);
+}
 void CertDatabase::OnAndroidKeyChainChanged() {
  observer_list_->Notify(&Observer::OnCACertChanged,
                         scoped_refptr<X509Certificate>());

--- a/net/cert/x509_util_android.cc
+++ b/net/cert/x509_util_android.cc
@@ -16,6 +16,10 @@ void NotifyKeyChainChanged(JNIEnv* env, jclass clazz) {
  CertDatabase::GetInstance()->OnAndroidKeyChainChanged();
 }
+void NotifyClientCertificatesChanged(JNIEnv* env, jclass clazz) {
+  CertDatabase::GetInstance()->OnAndroidKeyStoreChanged();
+}
 void RecordCertVerifyCapabilitiesHistogram(JNIEnv* env,
                                           jclass clazz,
                                           jboolean found_system_trust_roots) {