BWWebViewClient.java

package kr.kdev.dg1s.biowiki.util;

import android.graphics.Bitmap;
import android.net.http.SslError;
import android.webkit.HttpAuthHandler;
import android.webkit.SslErrorHandler;
import android.webkit.WebView;
import android.webkit.WebViewClient;

import kr.kdev.dg1s.biowiki.models.Blog;
//import kr.kdev.dg1s.biowiki.networking.SelfSignedSSLCertsManager;

/**
 * WebViewClient that is capable of handling HTTP authentication requests using the HTTP
 * username and password of the blog configured for this activity.
 */
public class BWWebViewClient extends WebViewClient {
    private final Blog mBlog;
    private String mCurrentUrl;

    public BWWebViewClient(Blog blog) {
        super();
        this.mBlog = blog;
    }

    @Override
    public boolean shouldOverrideUrlLoading(WebView view, String url) {
        // Found a bug on some pages where there is an incorrect
        // auto-redirect to file:///android_asset/webkit/.
        if (!url.equals("file:///android_asset/webkit/")) {
            view.loadUrl(url);
        }
        return true;
    }

    @Override
    public void onPageFinished(WebView view, String url) {

    }

    @Override
    public void onPageStarted(WebView view, String url, Bitmap favicon) {
        super.onPageStarted(view, url, favicon);
        mCurrentUrl = url;
    }

    @Override
    public void onReceivedHttpAuthRequest(WebView view, HttpAuthHandler handler, String host, String realm) {
        if (mBlog != null && mBlog.hasValidHTTPAuthCredentials()) {
            //Check that the HTTP AUth protected domain is the same of the blog. Do not send current blog's HTTP AUTH credentials to external site.
            //NOTE: There is still a small security hole here, since the realm is not considered when getting the password. 
            //Unfortunately the real is not stored when setting up the blog, and we cannot compare it at this point.
            String domainFromHttpAuthRequest = UrlUtils.getDomainFromUrl(UrlUtils.addHttpProcolIfNeeded(host, false));
            String currentBlogDomain = UrlUtils.getDomainFromUrl(mBlog.getUrl());
            if (domainFromHttpAuthRequest.equals(currentBlogDomain)) {
                handler.proceed(mBlog.getHttpuser(), mBlog.getHttppassword());
                return;
            }
        }
        //TODO: If there is no match show the HTTP Auth dialog here. Like a normal browser usually does...
        super.onReceivedHttpAuthRequest(view, handler, host, realm);
    }

    @Override
    public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
        /*
        try {
            if (SelfSignedSSLCertsManager.getInstance(view.getContext()).isCertificateTrusted(error.getCertificate())) {
                handler.proceed();
                return;
            }
        } catch (GeneralSecurityException e) {
        } catch (IOException e) {
        }
        */
        super.onReceivedSslError(view, handler, error);
    }
}