/**
* Called by JNI when the native HTTPS stack gets a client certificate request.
*
* <p>We delegate the request to CallbackProxy, and route its response to {@link
* #nativeSslClientCert(int, X509Certificate)}.
*/
private void requestClientCert(int handle, String hostAndPort) {
SslClientCertLookupTable table = SslClientCertLookupTable.getInstance();
if (table.IsAllowed(hostAndPort)) {
// previously allowed
PrivateKey pkey = table.PrivateKey(hostAndPort);
if (pkey instanceof OpenSSLKeyHolder) {
OpenSSLKey sslKey = ((OpenSSLKeyHolder) pkey).getOpenSSLKey();
nativeSslClientCert(handle, sslKey.getPkeyContext(), table.CertificateChain(hostAndPort));
} else {
nativeSslClientCert(handle, pkey.getEncoded(), table.CertificateChain(hostAndPort));
}
} else if (table.IsDenied(hostAndPort)) {
// previously denied
nativeSslClientCert(handle, 0, null);
} else {
// previously ignored or new
mCallbackProxy.onReceivedClientCertRequest(
new ClientCertRequestHandler(this, handle, hostAndPort, table), hostAndPort);
}
}
