0ct0pu5
/
bromite


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169
							From: uazo <uazo@users.noreply.github.com>
Date: Mon, 26 Apr 2021 13:28:24 +0000
Subject: Add AllowUserCertificates flag

---
 .../src/org/chromium/chrome/browser/app/ChromeActivity.java  | 3 +++
 .../chromium/chrome/browser/app/flags/ChromeCachedFlags.java | 1 +
 chrome/browser/about_flags.cc                                | 4 ++++
 chrome/browser/flag_descriptions.cc                          | 5 +++++
 chrome/browser/flag_descriptions.h                           | 3 +++
 chrome/browser/flags/android/chrome_feature_list.cc          | 4 ++++
 chrome/browser/flags/android/chrome_feature_list.h           | 1 +
 .../chromium/chrome/browser/flags/CachedFeatureFlags.java    | 1 +
 .../org/chromium/chrome/browser/flags/ChromeFeatureList.java | 1 +
 net/android/java/src/org/chromium/net/X509Util.java          | 5 +++++
 10 files changed, 28 insertions(+)

diff --git a/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActivity.java b/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActivity.java
--- a/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActivity.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActivity.java
@@ -226,6 +226,7 @@ import org.chromium.content_public.browser.ScreenOrientationProvider;
 import org.chromium.content_public.browser.SelectionPopupController;
 import org.chromium.content_public.browser.WebContents;
 import org.chromium.content_public.common.ContentSwitches;
+import org.chromium.net.X509Util;
 import org.chromium.printing.PrintManagerDelegateImpl;
 import org.chromium.printing.PrintingController;
 import org.chromium.printing.PrintingControllerImpl;
@@ -981,6 +982,8 @@ public abstract class ChromeActivity<C extends ChromeActivityComponent>
         UpdateMenuItemHelper.getInstance().onStart();
         ChromeActivitySessionTracker.getInstance().onStartWithNative();
         ChromeCachedFlags.getInstance().cacheNativeFlags();
+        X509Util.AllowUserCertificates = ChromeFeatureList.isEnabled(
+                                            ChromeFeatureList.ALLOW_USER_CERTIFICATES);
         OfflineIndicatorController.initialize();
 
         // postDeferredStartupIfNeeded() is called in TabModelSelectorTabObsever#onLoadStopped(),
diff --git a/chrome/android/java/src/org/chromium/chrome/browser/app/flags/ChromeCachedFlags.java b/chrome/android/java/src/org/chromium/chrome/browser/app/flags/ChromeCachedFlags.java
--- a/chrome/android/java/src/org/chromium/chrome/browser/app/flags/ChromeCachedFlags.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/app/flags/ChromeCachedFlags.java
@@ -90,6 +90,7 @@ public class ChromeCachedFlags {
                 add(ChromeFeatureList
                                 .GIVE_JAVA_UI_THREAD_DEFAULT_TASK_TRAITS_USER_BLOCKING_PRIORITY);
                 add(ChromeFeatureList.IMMERSIVE_UI_MODE);
+                add(ChromeFeatureList.ALLOW_USER_CERTIFICATES);
                 add(ChromeFeatureList.INSTANT_START);
                 add(ChromeFeatureList.INSTANCE_SWITCHER);
                 add(ChromeFeatureList.INTEREST_FEED_V2);
diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc
--- a/chrome/browser/about_flags.cc
+++ b/chrome/browser/about_flags.cc
@@ -2874,6 +2874,10 @@ const FeatureEntry kFeatureEntries[] = {
      flag_descriptions::kCSSContainerQueriesDescription, kOsAll,
      FEATURE_VALUE_TYPE(blink::features::kCSSContainerQueries)},
 #if defined(OS_ANDROID)
+    {"allow-user-certificates",
+     flag_descriptions::kAllowUserCertificatesName,
+     flag_descriptions::kAllowUserCertificatesDescription, kOsAndroid,
+     FEATURE_VALUE_TYPE(chrome::android::kAllowUserCertificates)},
     {"contextual-search-debug", flag_descriptions::kContextualSearchDebugName,
      flag_descriptions::kContextualSearchDebugDescription, kOsAndroid,
      FEATURE_VALUE_TYPE(chrome::android::kContextualSearchDebug)},
diff --git a/chrome/browser/flag_descriptions.cc b/chrome/browser/flag_descriptions.cc
--- a/chrome/browser/flag_descriptions.cc
+++ b/chrome/browser/flag_descriptions.cc
@@ -11,6 +11,11 @@
 
 namespace flag_descriptions {
 
+const char kAllowUserCertificatesName[] = "Allow user certificates";
+const char kAllowUserCertificatesDescription[] =
+    "Allow user CA certificates during "
+    "validation of the certificate chain";
+
 const char kAccelerated2dCanvasName[] = "Accelerated 2D canvas";
 const char kAccelerated2dCanvasDescription[] =
     "Enables the use of the GPU to perform 2d canvas rendering instead of "
diff --git a/chrome/browser/flag_descriptions.h b/chrome/browser/flag_descriptions.h
--- a/chrome/browser/flag_descriptions.h
+++ b/chrome/browser/flag_descriptions.h
@@ -46,6 +46,9 @@ namespace flag_descriptions {
 
 // Cross-platform -------------------------------------------------------------
 
+extern const char kAllowUserCertificatesName[];
+extern const char kAllowUserCertificatesDescription[];
+
 extern const char kAccelerated2dCanvasName[];
 extern const char kAccelerated2dCanvasDescription[];
 
diff --git a/chrome/browser/flags/android/chrome_feature_list.cc b/chrome/browser/flags/android/chrome_feature_list.cc
--- a/chrome/browser/flags/android/chrome_feature_list.cc
+++ b/chrome/browser/flags/android/chrome_feature_list.cc
@@ -150,6 +150,7 @@ const base::Feature* const kFeaturesExposedToJava[] = {
     &feed::kFeedSignInPromoDismiss,
     &feed::kInterestFeedContentSuggestions,
     &feed::kInterestFeedSpinnerAlwaysAnimate,
+    &kAllowUserCertificates,
     &feed::kInterestFeedV1ClicksAndViewsConditionalUpload,
     &feed::kInterestFeedV2,
     &feed::kInterestFeedV2Autoplay,
@@ -387,6 +388,9 @@ const base::Feature kAdaptiveButtonInTopToolbarCustomizationV2{
     "AdaptiveButtonInTopToolbarCustomizationV2",
     base::FEATURE_DISABLED_BY_DEFAULT};
 
+const base::Feature kAllowUserCertificates = {
+    "AllowUserCertificates", base::FEATURE_DISABLED_BY_DEFAULT};
+
 const base::Feature kAddToHomescreenIPH{"AddToHomescreenIPH",
                                         base::FEATURE_DISABLED_BY_DEFAULT};
 
diff --git a/chrome/browser/flags/android/chrome_feature_list.h b/chrome/browser/flags/android/chrome_feature_list.h
--- a/chrome/browser/flags/android/chrome_feature_list.h
+++ b/chrome/browser/flags/android/chrome_feature_list.h
@@ -12,6 +12,7 @@
 namespace chrome {
 namespace android {
 
+extern const base::Feature kAllowUserCertificates;
 // Alphabetical:
 extern const base::Feature kAdaptiveButtonInTopToolbar;
 extern const base::Feature kAdaptiveButtonInTopToolbarCustomizationV2;
diff --git a/chrome/browser/flags/android/java/src/org/chromium/chrome/browser/flags/CachedFeatureFlags.java b/chrome/browser/flags/android/java/src/org/chromium/chrome/browser/flags/CachedFeatureFlags.java
--- a/chrome/browser/flags/android/java/src/org/chromium/chrome/browser/flags/CachedFeatureFlags.java
+++ b/chrome/browser/flags/android/java/src/org/chromium/chrome/browser/flags/CachedFeatureFlags.java
@@ -48,6 +48,7 @@ public class CachedFeatureFlags {
      */
     private static Map<String, Boolean> sDefaults =
             ImmutableMap.<String, Boolean>builder()
+                    .put(ChromeFeatureList.ALLOW_USER_CERTIFICATES, false)
                     .put(ChromeFeatureList.BOOKMARK_BOTTOM_SHEET, false)
                     .put(ChromeFeatureList.CONDITIONAL_TAB_STRIP_ANDROID, false)
                     .put(ChromeFeatureList.LENS_CAMERA_ASSISTED_SEARCH, false)
diff --git a/chrome/browser/flags/android/java/src/org/chromium/chrome/browser/flags/ChromeFeatureList.java b/chrome/browser/flags/android/java/src/org/chromium/chrome/browser/flags/ChromeFeatureList.java
--- a/chrome/browser/flags/android/java/src/org/chromium/chrome/browser/flags/ChromeFeatureList.java
+++ b/chrome/browser/flags/android/java/src/org/chromium/chrome/browser/flags/ChromeFeatureList.java
@@ -193,6 +193,7 @@ public abstract class ChromeFeatureList {
     }
 
     /* Alphabetical: */
+    public static final String ALLOW_USER_CERTIFICATES = "AllowUserCertificates";
     public static final String ADAPTIVE_BUTTON_IN_TOP_TOOLBAR = "AdaptiveButtonInTopToolbar";
     public static final String ADAPTIVE_BUTTON_IN_TOP_TOOLBAR_CUSTOMIZATION_V2 =
             "AdaptiveButtonInTopToolbarCustomizationV2";
diff --git a/net/android/java/src/org/chromium/net/X509Util.java b/net/android/java/src/org/chromium/net/X509Util.java
--- a/net/android/java/src/org/chromium/net/X509Util.java
+++ b/net/android/java/src/org/chromium/net/X509Util.java
@@ -488,6 +488,8 @@ public class X509Util {
         return false;
     }
 
+    public static boolean AllowUserCertificates = false;
+
     public static AndroidCertVerifyResult verifyServerCertificates(byte[][] certChain,
                                                                    String authType,
                                                                    String host)
@@ -568,6 +570,9 @@ public class X509Util {
                 isIssuedByKnownRoot = isKnownRoot(root);
             }
 
+            if (AllowUserCertificates == false && isIssuedByKnownRoot == false)
+                return new AndroidCertVerifyResult(CertVerifyStatusAndroid.NO_TRUSTED_ROOT);
+
             return new AndroidCertVerifyResult(CertVerifyStatusAndroid.OK,
                                                isIssuedByKnownRoot, verifiedChain);
         }
-- 
2.20.1