SSLWebViewClient

public class SSLWebViewClient extends WebViewClient

Implementation of an android.webkit.WebViewClient which manages SSL client certificate request.

Current activity must have initialized SCM software components, using SCMHelper for instance or SCMActivity.

Since cryptographic operations are to be done with a physical token through Security class providers, Idopte JCA (Provider) is internally added to security providers at index 1.

SSL client request handling:

When a SSL client request is to be handled, the following steps are done:

  • The user will be asked to choose a client certificate from user registered certificates. To register certificates from token, user can use certificates registration process provided by Manager (using ManagerActivity)or SCMEnvironment.registerCertificates(Token). Only user certificates (non CA) and certificates with same issuer as defined in SSL client request are taken in account. If the user cancels to choose a certificate, request is canceled.
  • Login will be asked to allow signature with private key corresponding to the certificate. If login succeeds, request is proceeded. If PIN is blocked or login is canceled by the user, request is canceled.

Following these steps, SSL client certificate request is proceeded or canceled if a problem occurred. Note that user’s choice is remembered for future requests, even if token is removed. See WebView.clearClientCertPreferences(Runnable). Typically, you can call the previous method in ReaderEvents.onTokenRemoval(Reader) implemented method in your current activity.

Using SSLWebViewClient(FragmentActivity) constructor, default UI implementations will be used for user interaction. This can be changed using SSLWebViewClient(Activity,ChooseCertificate,EnterPin) constructor.

Usage:

This class can be used by setting the WebViewClient instance of a WebView object for instance, and use this WebView to load an URL with a SSL client certificate request. For example:

// create a web view and set its WebViewClient
WebView webView = new WebView(myContext);
webView.setWebViewClient(new SSLWebViewClient(myFragmentActivity));

// load url with SSL client certificate request
// certificate choice and login will be done indirectly in following line:
webView.loadUrl(my_url_with_SSL_request);

Constructors

SSLWebViewClient

public SSLWebViewClient(FragmentActivity activity)

Creates a SSLWebViewClient.

SSLWebViewClient instance will use ChooseCertificateDialog and EnterPinDialog implementations.

Parameters:
  • activity – current activity. Used to show several UI elements.

SSLWebViewClient

public SSLWebViewClient(Activity activity, ChooseCertificate chooseCertificate, EnterPin enterPin)

Creates a SSLWebViewClient using passed interfaces for user interaction.

Parameters:
  • activity – current activity. Used to show several UI elements.
  • chooseCertificate – object to use asking the user to choose a certificate.
  • enterPin – object to use asking the user to enter PIN code.

Methods

cleanUp

public void cleanUp()

Cleans up SSLWebViewClient instance by resetting its state.

This method must be called if SSLWebViewClient instance is no longer used, for instance, in current activity onDestroy method.

getSslEnabled

public boolean getSslEnabled()

Gets whether SSL client certificate requests are to be handled.

hasCanceledRequest

public static boolean hasCanceledRequest()

Returns if a request has been canceled since last call.

Further calls of this function will return false until new request is canceled.

hasProceededRequest

public static boolean hasProceededRequest()

Returns if a request has been proceeded since last call.

Further calls of this function will return false until new request is proceeded.

setSslEnabled

public void setSslEnabled(boolean enabled)

Sets whether SSL client certificate requests are to be handled or directly cancelled. The default value is true.

If set to false, hasCanceledRequest update is still updated.