Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(197)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/tab_contents/tab_contents_ssl_helper.cc

Issue 8745020: Don't select a client certs for TabContents with no TabContentsWrapper. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Remove bad rebase change Created 9 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« chrome/browser/chrome_content_browser_client.cc ('K') | « chrome/browser/tab_contents/tab_contents_ssl_helper.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/tab_contents/tab_contents_ssl_helper.h" 5 #include "chrome/browser/tab_contents/tab_contents_ssl_helper.h"
6 6
7 #include <string> 7 #include <string>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/basictypes.h" 10 #include "base/basictypes.h"
(...skipping 23 matching lines...) Expand all
34 #include "ui/base/resource/resource_bundle.h" 34 #include "ui/base/resource/resource_bundle.h"
35 35
36 namespace { 36 namespace {
37 37
38 gfx::Image* GetCertIcon() { 38 gfx::Image* GetCertIcon() {
39 // TODO(davidben): use a more appropriate icon. 39 // TODO(davidben): use a more appropriate icon.
40 return &ResourceBundle::GetSharedInstance().GetNativeImageNamed( 40 return &ResourceBundle::GetSharedInstance().GetNativeImageNamed(
41 IDR_INFOBAR_SAVE_PASSWORD); 41 IDR_INFOBAR_SAVE_PASSWORD);
42 } 42 }
43 43
44 bool CertMatchesFilter(const net::X509Certificate& cert,
45 const base::DictionaryValue& filter) {
46 // TODO(markusheintz): This is the minimal required filter implementation.
47 // Implement a better matcher.
48
49 // An empty filter matches any client certificate since no requirements are
50 // specified at all.
51 if (filter.empty())
52 return true;
53
54 std::string common_name;
55 if (filter.GetString("ISSUER.CN", &common_name) &&
56 (cert.issuer().common_name == common_name)) {
57 return true;
58 }
59 return false;
60 }
61
62 // SSLCertAddedInfoBarDelegate ------------------------------------------------ 44 // SSLCertAddedInfoBarDelegate ------------------------------------------------
63 45
64 class SSLCertAddedInfoBarDelegate : public ConfirmInfoBarDelegate { 46 class SSLCertAddedInfoBarDelegate : public ConfirmInfoBarDelegate {
65 public: 47 public:
66 SSLCertAddedInfoBarDelegate(InfoBarTabHelper* infobar_helper, 48 SSLCertAddedInfoBarDelegate(InfoBarTabHelper* infobar_helper,
67 net::X509Certificate* cert); 49 net::X509Certificate* cert);
68 50
69 private: 51 private:
70 virtual ~SSLCertAddedInfoBarDelegate(); 52 virtual ~SSLCertAddedInfoBarDelegate();
71 53
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after
197 179
198 // TabContentsSSLHelper ------------------------------------------------------- 180 // TabContentsSSLHelper -------------------------------------------------------
199 181
200 TabContentsSSLHelper::TabContentsSSLHelper(TabContentsWrapper* tab_contents) 182 TabContentsSSLHelper::TabContentsSSLHelper(TabContentsWrapper* tab_contents)
201 : tab_contents_(tab_contents) { 183 : tab_contents_(tab_contents) {
202 } 184 }
203 185
204 TabContentsSSLHelper::~TabContentsSSLHelper() { 186 TabContentsSSLHelper::~TabContentsSSLHelper() {
205 } 187 }
206 188
207 void TabContentsSSLHelper::SelectClientCertificate(
208 scoped_refptr<SSLClientAuthHandler> handler) {
209 net::SSLCertRequestInfo* cert_request_info = handler->cert_request_info();
210 GURL requesting_url("https://" + cert_request_info->host_and_port);
211 DCHECK(requesting_url.is_valid()) << "Invalid URL string: https://"
212 << cert_request_info->host_and_port;
213
214 HostContentSettingsMap* map =
215 tab_contents_->profile()->GetHostContentSettingsMap();
216 scoped_ptr<Value> filter(map->GetWebsiteSetting(
217 requesting_url, requesting_url,
218 CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE,
219 std::string(), NULL));
220
221 scoped_refptr<net::X509Certificate> selected_cert;
222 if (filter.get()) {
223 // Try to automatically select a client certificate.
224 if (filter->IsType(Value::TYPE_DICTIONARY)) {
225 DictionaryValue* filter_dict =
226 static_cast<DictionaryValue*>(filter.get());
227
228 const std::vector<scoped_refptr<net::X509Certificate> >&
229 all_client_certs = cert_request_info->client_certs;
230 for (size_t i = 0; i < all_client_certs.size(); ++i) {
231 if (CertMatchesFilter(*all_client_certs[i], *filter_dict)) {
232 selected_cert = all_client_certs[i];
233 // Use the first certificate that is matched by the filter.
234 break;
235 }
236 }
237 } else {
238 NOTREACHED();
239 }
240 }
241
242 if (selected_cert) {
243 handler->CertificateSelected(selected_cert);
244 } else {
245 ShowClientCertificateRequestDialog(handler);
246 }
247 }
248
249 void TabContentsSSLHelper::ShowClientCertificateRequestDialog( 189 void TabContentsSSLHelper::ShowClientCertificateRequestDialog(
250 scoped_refptr<SSLClientAuthHandler> handler) { 190 scoped_refptr<SSLClientAuthHandler> handler) {
251 browser::ShowSSLClientCertificateSelector( 191 browser::ShowSSLClientCertificateSelector(
252 tab_contents_, handler->cert_request_info(), handler); 192 tab_contents_, handler->cert_request_info(), handler);
253 } 193 }
254 194
255 void TabContentsSSLHelper::OnVerifyClientCertificateError( 195 void TabContentsSSLHelper::OnVerifyClientCertificateError(
256 scoped_refptr<SSLAddCertHandler> handler, int error_code) { 196 scoped_refptr<SSLAddCertHandler> handler, int error_code) {
257 SSLAddCertData* add_cert_data = GetAddCertData(handler); 197 SSLAddCertData* add_cert_data = GetAddCertData(handler);
258 // Display an infobar with the error message. 198 // Display an infobar with the error message.
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
296 TabContentsSSLHelper::SSLAddCertData* TabContentsSSLHelper::GetAddCertData( 236 TabContentsSSLHelper::SSLAddCertData* TabContentsSSLHelper::GetAddCertData(
297 SSLAddCertHandler* handler) { 237 SSLAddCertHandler* handler) {
298 // Find/create the slot. 238 // Find/create the slot.
299 linked_ptr<SSLAddCertData>& ptr_ref = 239 linked_ptr<SSLAddCertData>& ptr_ref =
300 request_id_to_add_cert_data_[handler->network_request_id()]; 240 request_id_to_add_cert_data_[handler->network_request_id()];
301 // Fill it if necessary. 241 // Fill it if necessary.
302 if (!ptr_ref.get()) 242 if (!ptr_ref.get())
303 ptr_ref.reset(new SSLAddCertData(tab_contents_)); 243 ptr_ref.reset(new SSLAddCertData(tab_contents_));
304 return ptr_ref.get(); 244 return ptr_ref.get();
305 } 245 }
OLDNEW
« chrome/browser/chrome_content_browser_client.cc ('K') | « chrome/browser/tab_contents/tab_contents_ssl_helper.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698