Chromium Code Reviews Chromium Code Reviews
Issue 6487012:
Clear the SSL Client Auth cache when a new SSL Client Certificate is... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/renderer_host/x509_user_cert_resource_handler.h" | 5 #include "content/browser/renderer_host/x509_user_cert_resource_handler.h" |
| 6 | 6 |
| 7 #include "base/string_util.h" | 7 #include "base/string_util.h" |
| 8 #include "chrome/browser/download/download_types.h" | 8 #include "chrome/browser/download/download_types.h" |
| 9 #include "chrome/browser/ssl/ssl_add_cert_handler.h" | 9 #include "chrome/browser/ssl/ssl_add_cert_handler.h" |
| 10 #include "chrome/common/resource_response.h" | 10 #include "chrome/common/resource_response.h" |
| 11 #include "chrome/common/url_constants.h" | 11 #include "chrome/common/url_constants.h" |
| 12 #include "content/browser/renderer_host/resource_dispatcher_host.h" | 12 #include "content/browser/renderer_host/resource_dispatcher_host.h" |
| 13 #include "content/browser/renderer_host/resource_dispatcher_host_request_info.h" | 13 #include "content/browser/renderer_host/resource_dispatcher_host_request_info.h" |
| 14 #include "net/base/io_buffer.h" | 14 #include "net/base/io_buffer.h" |
| 15 #include "net/base/mime_sniffer.h" | 15 #include "net/base/mime_sniffer.h" |
| 16 #include "net/base/mime_util.h" | 16 #include "net/base/mime_util.h" |
| 17 #include "net/base/x509_certificate.h" | 17 #include "net/base/x509_certificate.h" |
| 18 #include "net/http/http_network_session.h" | |
| 18 #include "net/http/http_response_headers.h" | 19 #include "net/http/http_response_headers.h" |
| 20 #include "net/http/http_transaction_factory.h" | |
| 19 #include "net/url_request/url_request.h" | 21 #include "net/url_request/url_request.h" |
| 22 #include "net/url_request/url_request_context.h" | |
| 20 #include "net/url_request/url_request_status.h" | 23 #include "net/url_request/url_request_status.h" |
| 21 | 24 |
| 22 X509UserCertResourceHandler::X509UserCertResourceHandler( | 25 X509UserCertResourceHandler::X509UserCertResourceHandler( |
| 23 ResourceDispatcherHost* host, net::URLRequest* request, | 26 ResourceDispatcherHost* host, net::URLRequest* request, |
| 24 int render_process_host_id, int render_view_id) | 27 int render_process_host_id, int render_view_id) |
| 25 : host_(host), | 28 : host_(host), |
| 26 request_(request), | 29 request_(request), |
| 27 content_length_(0), | 30 content_length_(0), |
| 28 buffer_(new DownloadBuffer), | 31 buffer_(new DownloadBuffer), |
| 29 read_buffer_(NULL), | 32 read_buffer_(NULL), |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 100 | 103 |
| 101 // TODO(gauravsh): Verify that 'request_id' was actually a keygen form post | 104 // TODO(gauravsh): Verify that 'request_id' was actually a keygen form post |
| 102 // and only then import the certificate. | 105 // and only then import the certificate. |
| 103 AssembleResource(); | 106 AssembleResource(); |
| 104 scoped_refptr<net::X509Certificate> cert( | 107 scoped_refptr<net::X509Certificate> cert( |
| 105 net::X509Certificate::CreateFromBytes(resource_buffer_->data(), | 108 net::X509Certificate::CreateFromBytes(resource_buffer_->data(), |
| 106 content_length_)); | 109 content_length_)); |
| 107 // The handler will run the UI and delete itself when it's finished. | 110 // The handler will run the UI and delete itself when it's finished. |
| 108 new SSLAddCertHandler(request_, cert, render_process_host_id_, | 111 new SSLAddCertHandler(request_, cert, render_process_host_id_, |
| 109 render_view_id_); | 112 render_view_id_); |
| 113 // Force all new SSL connects to renegotiate, and hence use this new | |
| 114 // certificate if necessary. | |
| 115 if (request_->context()->http_transaction_factory()) { | |
| 116 net::HttpNetworkSession* session = | |
| 117 request_->context()->http_transaction_factory()->GetSession(); | |
| 118 session->ResetSSLState(); | |
|
wtc
2011/02/23 00:38:38
I think it's better to call session->ResetSSLState
| |
| 119 } | |
| 110 return true; | 120 return true; |
| 111 } | 121 } |
| 112 | 122 |
| 113 void X509UserCertResourceHandler::OnRequestClosed() { | 123 void X509UserCertResourceHandler::OnRequestClosed() { |
| 114 } | 124 } |
| 115 | 125 |
| 116 X509UserCertResourceHandler::~X509UserCertResourceHandler() { | 126 X509UserCertResourceHandler::~X509UserCertResourceHandler() { |
| 117 } | 127 } |
| 118 | 128 |
| 119 void X509UserCertResourceHandler::AssembleResource() { | 129 void X509UserCertResourceHandler::AssembleResource() { |
| 120 size_t bytes_copied = 0; | 130 size_t bytes_copied = 0; |
| 121 resource_buffer_ = new net::IOBuffer(content_length_); | 131 resource_buffer_ = new net::IOBuffer(content_length_); |
| 122 | 132 |
| 123 for (size_t i = 0; i < buffer_->contents.size(); ++i) { | 133 for (size_t i = 0; i < buffer_->contents.size(); ++i) { |
| 124 net::IOBuffer* data = buffer_->contents[i].first; | 134 net::IOBuffer* data = buffer_->contents[i].first; |
| 125 const int data_len = buffer_->contents[i].second; | 135 const int data_len = buffer_->contents[i].second; |
| 126 DCHECK(bytes_copied + data_len <= content_length_); | 136 DCHECK(bytes_copied + data_len <= content_length_); |
| 127 memcpy(resource_buffer_->data() + bytes_copied, data->data(), data_len); | 137 memcpy(resource_buffer_->data() + bytes_copied, data->data(), data_len); |
| 128 bytes_copied += data_len; | 138 bytes_copied += data_len; |
| 129 } | 139 } |
| 130 } | 140 } |
| OLD | NEW |
