Plumbing SSLPrivateKey

chromecast/browser/cast_content_browser_client.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chromecast/browser/cast_content_browser_client.h"
 
 #include <stddef.h>
 #include <string>
 #include <utility>
 
@@ skipping 30 matching lines @@
 #include "content/public/browser/certificate_request_result_type.h"
 #include "content/public/browser/client_certificate_delegate.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/resource_dispatcher_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/content_descriptors.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/url_constants.h"
 #include "content/public/common/web_preferences.h"
 #include "net/ssl/ssl_cert_request_info.h"
+#include "net/ssl/ssl_platform_key.h"
 #include "net/url_request/url_request_context_getter.h"
 #include "ui/gl/gl_switches.h"
 
 #if defined(OS_ANDROID)
 #include "components/crash/content/browser/crash_dump_manager_android.h"
 #include "components/external_video_surface/browser/android/external_video_surface_container_impl.h"
 #else
 #include "chromecast/browser/media/cast_browser_cdm_factory.h"
 #endif  // defined(OS_ANDROID)
 
@@ skipping 216 matching lines @@
 
 void CastContentBrowserClient::SelectClientCertificate(
     content::WebContents* web_contents,
     net::SSLCertRequestInfo* cert_request_info,
     scoped_ptr<content::ClientCertificateDelegate> delegate) {
   GURL requesting_url("https://" + cert_request_info->host_and_port.ToString());
 
   if (!requesting_url.is_valid()) {
     LOG(ERROR) << "Invalid URL string: "
                << requesting_url.possibly_invalid_spec();
-    delegate->ContinueWithCertificate(nullptr);
+    delegate->ContinueWithCertificate(nullptr, nullptr);
     return;
   }
 
   // In our case there are no relevant certs in the cert_request_info. The cert
   // we need to return (if permitted) is the Cast device cert, which we can
   // access directly through the ClientAuthSigner instance. However, we need to
   // be on the IO thread to determine whether the app is whitelisted to return
   // it, because CastNetworkDelegate is bound to the IO thread.
   // Subsequently, the callback must then itself be performed back here
   // on the UI thread.
   //
   // TODO(davidben): Stop using child ID to identify an app.
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
-  content::BrowserThread::PostTaskAndReplyWithResult(
+  content::BrowserThread::PostTask(
       content::BrowserThread::IO, FROM_HERE,
       base::Bind(&CastContentBrowserClient::SelectClientCertificateOnIOThread,
-                 base::Unretained(this), requesting_url,
-                 web_contents->GetRenderProcessHost()->GetID()),
-      base::Bind(&content::ClientCertificateDelegate::ContinueWithCertificate,
-                 base::Owned(delegate.release())));
+                 base::Unretained(this), base::Passed(std::move(delegate)),
+                 requesting_url,
+                 web_contents->GetRenderProcessHost()->GetID()));
 }
 
-net::X509Certificate*
-CastContentBrowserClient::SelectClientCertificateOnIOThread(
+void CastContentBrowserClient::SelectClientCertificateOnIOThread(
+    scoped_ptr<content::ClientCertificateDelegate> delegate,
     GURL requesting_url,
     int render_process_id) {
+  net::X509Certificate* cert = nullptr;
+  net::SSLPrivateKey* private_key = nullptr;
+
   DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
   CastNetworkDelegate* network_delegate =
       url_request_context_factory_->app_network_delegate();
   if (network_delegate->IsWhitelisted(requesting_url,
                                       render_process_id, false)) {
-    return CastNetworkDelegate::DeviceCert();
+    cert = CastNetworkDelegate::DeviceCert();
+    private_key = CastNetworkDelegate::DeviceKey();
   } else {
     LOG(ERROR) << "Invalid host for client certificate request: "
                << requesting_url.host()
                << " with render_process_id: "
                << render_process_id;
-    return NULL;
   }
+
+  content::BrowserThread::PostTask(
+      content::BrowserThread::UI, FROM_HERE,
+      base::Bind(&content::ClientCertificateDelegate::ContinueWithCertificate,
+                 base::Owned(delegate.release()), make_scoped_refptr(cert),
+                 make_scoped_refptr(private_key)));
 }
 
 bool CastContentBrowserClient::CanCreateWindow(
     const GURL& opener_url,
     const GURL& opener_top_level_frame_url,
     const GURL& source_origin,
     WindowContainerType container_type,
     const GURL& target_url,
     const content::Referrer& referrer,
     WindowOpenDisposition disposition,
@@ skipping 116 matching lines @@
         process_type, dumps_path, false /* upload */);
   // StartUploaderThread() even though upload is diferred.
   // Breakpad-related memory is freed in the uploader thread.
   crash_handler->StartUploaderThread();
   return crash_handler;
 }
 #endif  // !defined(OS_ANDROID)
 
 }  // namespace shell
 }  // namespace chromecast