Add new Content settings type AUTO-SUBMIT-CERTIFICATE

chrome/browser/tab_contents/tab_contents_ssl_helper.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/tab_contents/tab_contents_ssl_helper.h"
 
+#include <string>
+
 #include "base/basictypes.h"
+#include "base/command_line.h"
 #include "base/string_number_conversions.h"
 #include "base/utf_string_conversions.h"
 #include "chrome/browser/certificate_viewer.h"
+#include "chrome/browser/content_settings/host_content_settings_map.h"
+#include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ssl/ssl_add_cert_handler.h"
 #include "chrome/browser/ssl_client_certificate_selector.h"
 #include "chrome/browser/tab_contents/confirm_infobar_delegate.h"
 #include "chrome/browser/tab_contents/infobar.h"
 #include "chrome/browser/tab_contents/simple_alert_infobar_delegate.h"
 #include "chrome/browser/ui/tab_contents/tab_contents_wrapper.h"
 #include "chrome/common/chrome_notification_types.h"
+#include "chrome/common/chrome_switches.h"
+#include "chrome/common/content_settings.h"
 #include "content/browser/ssl/ssl_client_auth_handler.h"
 #include "content/common/notification_details.h"
 #include "content/common/notification_source.h"
 #include "grit/generated_resources.h"
 #include "grit/theme_resources_standard.h"
 #include "net/base/net_errors.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "ui/base/resource/resource_bundle.h"
 
 namespace {
@@ skipping 143 matching lines @@
 
 // TabContentsSSLHelper -------------------------------------------------------
 
 TabContentsSSLHelper::TabContentsSSLHelper(TabContentsWrapper* tab_contents)
     : tab_contents_(tab_contents) {
 }
 
 TabContentsSSLHelper::~TabContentsSSLHelper() {
 }
 
+void TabContentsSSLHelper::SelectClientCertificate(
+    scoped_refptr<SSLClientAuthHandler> handler) {
+  // Hide the auto submit certificate feature behind a cmd line flag.

[wtc, 2011/08/11 18:33:55]

Nit: cmd => command

[markusheintz_, 2011/08/15 19:09:04]

Done.

+  if (!CommandLine::ForCurrentProcess()->HasSwitch(
+      switches::kEnableAutoSubmitCertificate)) {
+    ShowClientCertificateRequestDialog(handler);
+    return;
+  }
+
+  net::SSLCertRequestInfo* cert_request_info = handler->cert_request_info();
+  // TODO(markusheintz): What would be a proper scheme? I need a URL in order to
+  // query the HostContentSettingsMap.

[Mattias Nissler (ping if slow), 2011/08/09 15:37:25]

Maybe https:// ?

[markusheintz_, 2011/08/15 19:09:04]

Done.

+  GURL requesting_url("ssl://" + cert_request_info->host_and_port);
+  DCHECK(requesting_url.is_valid()) << " Invalid URL string: ssl://"
+                                    << cert_request_info->host_and_port;

[wtc, 2011/08/11 18:33:55]

Use https:// instead of ssl:// on lines 200 and 201.

[markusheintz_, 2011/08/15 19:09:04]

Done.

+  HostContentSettingsMap* map =
+      tab_contents_->profile()->GetHostContentSettingsMap();
+  ContentSetting setting = map->GetContentSetting(
+      requesting_url,
+      requesting_url,
+      CONTENT_SETTINGS_TYPE_AUTO_SUBMIT_CERTIFICATE,
+      std::string());
+  DCHECK(setting != CONTENT_SETTING_DEFAULT);
+
+  // TODO(markusheintz): Implement filter for matchig specific certificate
+  // criterias.

[wtc, 2011/08/11 18:33:55]

Nit: criterias => criteria

"criteria" is the plural form of "criterion".

[markusheintz_, 2011/08/15 19:09:04]

Done.

+  bool cert_matches_filter = true;
+
+  if (setting == CONTENT_SETTING_ALLOW &&
+      cert_request_info->client_certs.size() == 1 &&
+      cert_matches_filter) {
+    net::X509Certificate* cert = cert_request_info->client_certs[0].get();
+    handler->CertificateSelected(cert);
+  } else {
+    ShowClientCertificateRequestDialog(handler);
+  }

[wtc, 2011/08/11 18:33:55]

If the possible values of 'setting' are ALLOW and BLOCK/ASK
(two possible values), this code is correct.

If the possible values of 'setting' are ALLOW, BLOCK, and ASK
(three possible values), then BLOCK should be handled as
not submitting any certificate, probably as follows:
    handler->CertificateSelected(NULL);

[markusheintz_, 2011/08/15 19:09:04]

Only two values are possible in version #4 of this CL. Initially I thought about
only having two values ALLOW and BLOCK. But having ASK as third value would be
better.
I changed the CL to support the three values ALLOW, BLOCK, ASK. So now you can
also block client certificates from being sent.

+}
+
 void TabContentsSSLHelper::ShowClientCertificateRequestDialog(
     scoped_refptr<SSLClientAuthHandler> handler) {
   browser::ShowSSLClientCertificateSelector(
       tab_contents_->tab_contents(), handler->cert_request_info(), handler);
 }
 
 void TabContentsSSLHelper::OnVerifyClientCertificateError(
     scoped_refptr<SSLAddCertHandler> handler, int error_code) {
   SSLAddCertData* add_cert_data = GetAddCertData(handler);
   // Display an infobar with the error message.
@@ skipping 37 matching lines @@
 TabContentsSSLHelper::SSLAddCertData* TabContentsSSLHelper::GetAddCertData(
     SSLAddCertHandler* handler) {
   // Find/create the slot.
   linked_ptr<SSLAddCertData>& ptr_ref =
       request_id_to_add_cert_data_[handler->network_request_id()];
   // Fill it if necessary.
   if (!ptr_ref.get())
     ptr_ref.reset(new SSLAddCertData(tab_contents_));
   return ptr_ref.get();
 }