Add new Content settings type AUTO-SUBMIT-CERTIFICATE

chrome/browser/tab_contents/tab_contents_ssl_helper.cc

Index: chrome/browser/tab_contents/tab_contents_ssl_helper.cc
diff --git a/chrome/browser/tab_contents/tab_contents_ssl_helper.cc b/chrome/browser/tab_contents/tab_contents_ssl_helper.cc
index 3fd8f7493380449f75ec316ae763a3c8a4ec097e..958924e9a88f78b04f6ec2ad229366fd62bea86b 100644
--- a/chrome/browser/tab_contents/tab_contents_ssl_helper.cc
+++ b/chrome/browser/tab_contents/tab_contents_ssl_helper.cc
@@ -4,10 +4,15 @@
 
 #include "chrome/browser/tab_contents/tab_contents_ssl_helper.h"
 
+#include <string>
+
 #include "base/basictypes.h"
+#include "base/command_line.h"
 #include "base/string_number_conversions.h"
 #include "base/utf_string_conversions.h"
 #include "chrome/browser/certificate_viewer.h"
+#include "chrome/browser/content_settings/host_content_settings_map.h"
+#include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ssl/ssl_add_cert_handler.h"
 #include "chrome/browser/ssl_client_certificate_selector.h"
 #include "chrome/browser/tab_contents/confirm_infobar_delegate.h"
@@ -15,6 +20,8 @@
 #include "chrome/browser/tab_contents/simple_alert_infobar_delegate.h"
 #include "chrome/browser/ui/tab_contents/tab_contents_wrapper.h"
 #include "chrome/common/chrome_notification_types.h"
+#include "chrome/common/chrome_switches.h"
+#include "chrome/common/content_settings.h"
 #include "content/browser/ssl/ssl_client_auth_handler.h"
 #include "content/common/notification_details.h"
 #include "content/common/notification_source.h"
@@ -178,6 +185,44 @@ TabContentsSSLHelper::TabContentsSSLHelper(TabContentsWrapper* tab_contents)
 TabContentsSSLHelper::~TabContentsSSLHelper() {
 }
 
+void TabContentsSSLHelper::SelectClientCertificate(
+    scoped_refptr<SSLClientAuthHandler> handler) {
+  // Hide the auto submit certificate feature behind a cmd line flag.

[wtc, 2011/08/11 18:33:55]

Nit: cmd => command

[markusheintz_, 2011/08/15 19:09:04]

Done.

+  if (!CommandLine::ForCurrentProcess()->HasSwitch(
+      switches::kEnableAutoSubmitCertificate)) {
+    ShowClientCertificateRequestDialog(handler);
+    return;
+  }
+
+  net::SSLCertRequestInfo* cert_request_info = handler->cert_request_info();
+  // TODO(markusheintz): What would be a proper scheme? I need a URL in order to
+  // query the HostContentSettingsMap.

[Mattias Nissler (ping if slow), 2011/08/09 15:37:25]

Maybe https:// ?

[markusheintz_, 2011/08/15 19:09:04]

Done.

+  GURL requesting_url("ssl://" + cert_request_info->host_and_port);
+  DCHECK(requesting_url.is_valid()) << " Invalid URL string: ssl://"
+                                    << cert_request_info->host_and_port;

[wtc, 2011/08/11 18:33:55]

Use https:// instead of ssl:// on lines 200 and 201.

[markusheintz_, 2011/08/15 19:09:04]

Done.

+  HostContentSettingsMap* map =
+      tab_contents_->profile()->GetHostContentSettingsMap();
+  ContentSetting setting = map->GetContentSetting(
+      requesting_url,
+      requesting_url,
+      CONTENT_SETTINGS_TYPE_AUTO_SUBMIT_CERTIFICATE,
+      std::string());
+  DCHECK(setting != CONTENT_SETTING_DEFAULT);
+
+  // TODO(markusheintz): Implement filter for matchig specific certificate
+  // criterias.

[wtc, 2011/08/11 18:33:55]

Nit: criterias => criteria

"criteria" is the plural form of "criterion".

[markusheintz_, 2011/08/15 19:09:04]

Done.

+  bool cert_matches_filter = true;
+
+  if (setting == CONTENT_SETTING_ALLOW &&
+      cert_request_info->client_certs.size() == 1 &&
+      cert_matches_filter) {
+    net::X509Certificate* cert = cert_request_info->client_certs[0].get();
+    handler->CertificateSelected(cert);
+  } else {
+    ShowClientCertificateRequestDialog(handler);
+  }

[wtc, 2011/08/11 18:33:55]

If the possible values of 'setting' are ALLOW and BLOCK/ASK
(two possible values), this code is correct.

If the possible values of 'setting' are ALLOW, BLOCK, and ASK
(three possible values), then BLOCK should be handled as
not submitting any certificate, probably as follows:
    handler->CertificateSelected(NULL);

[markusheintz_, 2011/08/15 19:09:04]

Only two values are possible in version #4 of this CL. Initially I thought about
only having two values ALLOW and BLOCK. But having ASK as third value would be
better.
I changed the CL to support the three values ALLOW, BLOCK, ASK. So now you can
also block client certificates from being sent.

+}
+
 void TabContentsSSLHelper::ShowClientCertificateRequestDialog(
     scoped_refptr<SSLClientAuthHandler> handler) {
   browser::ShowSSLClientCertificateSelector(