Don't select a client certs for TabContents with no TabContentsWrapper.

chrome/browser/chrome_content_browser_client.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chrome_content_browser_client.h"
 
 #include <set>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "chrome/app/breakpad_mac.h"
 #include "chrome/browser/browser_about_handler.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/browsing_data_remover.h"
 #include "chrome/browser/character_encoding.h"
 #include "chrome/browser/chrome_benchmarking_message_filter.h"
 #include "chrome/browser/chrome_plugin_message_filter.h"
 #include "chrome/browser/chrome_quota_permission_context.h"
 #include "chrome/browser/content_settings/content_settings_utils.h"
 #include "chrome/browser/content_settings/cookie_settings.h"
+#include "chrome/browser/content_settings/host_content_settings_map.h"
 #include "chrome/browser/content_settings/tab_specific_content_settings.h"
 #include "chrome/browser/download/download_util.h"
 #include "chrome/browser/extensions/extension_info_map.h"
 #include "chrome/browser/extensions/extension_message_handler.h"
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/extensions/extension_web_ui.h"
 #include "chrome/browser/extensions/extension_webrequest_api.h"
 #include "chrome/browser/geolocation/chrome_access_token_store.h"
 #include "chrome/browser/google/google_util.h"
 #include "chrome/browser/net/chrome_net_log.h"
@@ skipping 169 matching lines @@
   for (std::set<std::string>::iterator iter = extension_ids.begin();
        iter != extension_ids.end(); ++iter) {
     const Extension* extension = service->GetExtensionById(*iter, false);
     if (extension && extension->is_storage_isolated())
       return PRIV_ISOLATED;
   }
 
   return PRIV_EXTENSION;
 }
 
+bool CertMatchesFilter(const net::X509Certificate& cert,
+                       const base::DictionaryValue& filter) {
+  // TODO(markusheintz): This is the minimal required filter implementation.
+  // Implement a better matcher.
+
+  // An empty filter matches any client certificate since no requirements are
+  // specified at all.
+  if (filter.empty())
+    return true;
+
+  std::string common_name;
+  if (filter.GetString("ISSUER.CN", &common_name) &&
+      (cert.issuer().common_name == common_name)) {
+    return true;
+  }
+  return false;
+}
+
 }  // namespace
 
 namespace chrome {
 
 content::BrowserMainParts* ChromeContentBrowserClient::CreateBrowserMainParts(
     const content::MainFunctionParams& parameters) {
   ChromeBrowserMainParts* main_parts;
   // Construct the Main browser parts based on the OS type.
 #if defined(OS_WIN)
   main_parts = new ChromeBrowserMainPartsWin(parameters);
@@ skipping 627 matching lines @@
     int render_process_id,
     int render_view_id,
     SSLClientAuthHandler* handler) {
   TabContents* tab = tab_util::GetTabContentsByID(
       render_process_id, render_view_id);
   if (!tab) {
     NOTREACHED();
     return;
   }
 
+  net::SSLCertRequestInfo* cert_request_info = handler->cert_request_info();
+  GURL requesting_url("https://" + cert_request_info->host_and_port);
+  DCHECK(requesting_url.is_valid()) << "Invalid URL string: https://"
+                                    << cert_request_info->host_and_port;
+
+  Profile* profile = Profile::FromBrowserContext(tab->browser_context());
+  DCHECK(profile);
+  scoped_ptr<Value> filter(
+      profile->GetHostContentSettingsMap()->GetWebsiteSetting(
+          requesting_url,
+          requesting_url,
+          CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE,
+          std::string(), NULL));
+
+  if (filter.get()) {
+    // Try to automatically select a client certificate.
+    if (filter->IsType(Value::TYPE_DICTIONARY)) {
+      DictionaryValue* filter_dict =
+          static_cast<DictionaryValue*>(filter.get());
+
+      const std::vector<scoped_refptr<net::X509Certificate> >&
+          all_client_certs = cert_request_info->client_certs;
+      for (size_t i = 0; i < all_client_certs.size(); ++i) {
+        if (CertMatchesFilter(*all_client_certs[i], *filter_dict)) {
+          // Use the first certificate that is matched by the filter.
+          handler->CertificateSelected(all_client_certs[i]);
+          return;
+        }
+      }
+    } else {
+      NOTREACHED();
+    }
+  }
+
   TabContentsWrapper* wrapper =
       TabContentsWrapper::GetCurrentWrapperForContents(tab);
-  wrapper->ssl_helper()->SelectClientCertificate(handler);
+  if (!wrapper) {
+    LOG(ERROR) << " *** No TabcontentsWrapper for: " << tab->GetURL().spec();
+    // If there is no TabContentsWrapper for the given TabContents then we can't
+    // show the user a dialog to select a client certificate. So we simply
+    // cancel the request.

[wtc, 2011/12/06 00:22:47]

Nit: you should also change "cancel the request" to
"proceed with no client certificate".

+    handler->CertificateSelected(NULL);
+    return;
+  }
+  wrapper->ssl_helper()->ShowClientCertificateRequestDialog(handler);
 }
 
 void ChromeContentBrowserClient::AddNewCertificate(
     net::URLRequest* request,
     net::X509Certificate* cert,
     int render_process_id,
     int render_view_id) {
   // The handler will run the UI and delete itself when it's finished.
   new SSLAddCertHandler(request, cert, render_process_id, render_view_id);
 }
@@ skipping 241 matching lines @@
 #if defined(USE_NSS)
 crypto::CryptoModuleBlockingPasswordDelegate*
     ChromeContentBrowserClient::GetCryptoPasswordDelegate(
         const GURL& url) {
   return browser::NewCryptoModuleBlockingDialogDelegate(
       browser::kCryptoModulePasswordKeygen, url.host());
 }
 #endif
 
 }  // namespace chrome