Plumbing SSLPrivateKey

chrome/browser/chrome_content_browser_client.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chrome_content_browser_client.h"
 
 #include <map>
 #include <set>
 #include <utility>
 #include <vector>
@@ skipping 122 matching lines @@
 #include "content/public/common/url_utils.h"
 #include "content/public/common/web_preferences.h"
 #include "device/devices_app/public/cpp/constants.h"
 #include "device/devices_app/public/cpp/devices_app_factory.h"
 #include "gin/v8_initializer.h"
 #include "mojo/application/public/cpp/application_delegate.h"
 #include "net/base/mime_util.h"
 #include "net/cookies/canonical_cookie.h"
 #include "net/cookies/cookie_options.h"
 #include "net/ssl/ssl_cert_request_info.h"
+#include "net/ssl/ssl_platform_key.h"
 #include "ppapi/host/ppapi_host.h"
 #include "storage/browser/fileapi/external_mount_points.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "ui/base/resource/resource_bundle.h"
 #include "ui/resources/grit/ui_resources.h"
 
 #if defined(OS_WIN)
 #include "base/win/windows_version.h"
 #include "chrome/browser/chrome_browser_main_win.h"
 #include "sandbox/win/src/sandbox_policy.h"
@@ skipping 275 matching lines @@
 
 // Reverse URL handler for Web UI. Maps "chrome://chrome/foo/" to
 // "chrome://foo/".
 bool HandleWebUIReverse(GURL* url, content::BrowserContext* browser_context) {
   if (!url->is_valid() || !url->SchemeIs(content::kChromeUIScheme))
     return false;
 
   return RemoveUberHost(url);
 }
 
+#if !defined(OS_ANDROID)
 bool CertMatchesFilter(const net::X509Certificate& cert,
                        const base::DictionaryValue& filter) {
   // TODO(markusheintz): This is the minimal required filter implementation.
   // Implement a better matcher.
 
   // An empty filter matches any client certificate since no requirements are
   // specified at all.
   if (filter.empty())
     return true;
 
   std::string common_name;
   if (filter.GetString("ISSUER.CN", &common_name) &&
       (cert.issuer().common_name == common_name)) {
     return true;
   }
   return false;
 }
+#endif
 
 #if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_MACOSX)
 breakpad::CrashHandlerHostLinux* CreateCrashHandlerHost(
     const std::string& process_type) {
   base::FilePath dumps_path;
   PathService::Get(chrome::DIR_CRASH_DUMPS, &dumps_path);
   {
     ANNOTATE_SCOPED_MEMORY_LEAK;
     bool upload = (getenv(env_vars::kHeadless) == NULL);
     breakpad::CrashHandlerHostLinux* crash_handler =
@@ skipping 1495 matching lines @@
 
   Profile* profile =
       Profile::FromBrowserContext(web_contents->GetBrowserContext());
   scoped_ptr<base::Value> filter =
       HostContentSettingsMapFactory::GetForProfile(profile)->GetWebsiteSetting(
           requesting_url,
           requesting_url,
           CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE,
           std::string(),
           NULL);
 

[davidben, 2015/10/13 20:32:15]

Probably add a comment to the #ifdef that Android can't support
CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE because the platform doesn't
provide the list of matching erts.

[svaldez, 2015/10/14 15:06:18]

Done.

+#if !defined(OS_ANDROID)

[davidben, 2015/10/13 20:32:15]

Nit: Move this up to line 1958 I think.

[svaldez, 2015/10/14 15:06:18]

Done.

   if (filter.get()) {
     // Try to automatically select a client certificate.
     if (filter->IsType(base::Value::TYPE_DICTIONARY)) {
       base::DictionaryValue* filter_dict =
           static_cast<base::DictionaryValue*>(filter.get());
 
       const std::vector<scoped_refptr<net::X509Certificate> >&
           all_client_certs = cert_request_info->client_certs;
       for (size_t i = 0; i < all_client_certs.size(); ++i) {
         if (CertMatchesFilter(*all_client_certs[i].get(), *filter_dict)) {
           // Use the first certificate that is matched by the filter.
-          delegate->ContinueWithCertificate(all_client_certs[i].get());
+          // The following is not supported on Android since the client_certs
+          // list
+          // won't be populated.
+          delegate->ContinueWithCertificate(
+              all_client_certs[i].get(),
+              FetchClientCertPrivateKey(all_client_certs[i].get()).get());

[davidben, 2015/10/13 20:32:15]

net:: prefix. Ugh, I bet this is compiling because of ADL.

[svaldez, 2015/10/14 15:06:18]

Done.

           return;
         }
       }
     } else {
       NOTREACHED();
     }
   }
+#endif
 
   chrome::ShowSSLClientCertificateSelector(web_contents, cert_request_info,
                                            delegate.Pass());
 }
 
 void ChromeContentBrowserClient::AddCertificate(
     net::CertificateMimeType cert_type,
     const void* cert_data,
     size_t cert_size,
     int render_process_id,
@@ skipping 669 matching lines @@
   if (channel <= kMaxDisableEncryptionChannel) {
     static const char* const kWebRtcDevSwitchNames[] = {
       switches::kDisableWebRtcEncryption,
     };
     to_command_line->CopySwitchesFrom(from_command_line,
                                       kWebRtcDevSwitchNames,
                                       arraysize(kWebRtcDevSwitchNames));
   }
 }
 #endif  // defined(ENABLE_WEBRTC)