| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/ssl/ssl_client_auth_handler.h" | 5 #include "content/browser/ssl/ssl_client_auth_handler.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "base/macros.h" | 11 #include "base/macros.h" |
| 12 #include "content/public/browser/browser_thread.h" | 12 #include "content/public/browser/browser_thread.h" |
| 13 #include "content/public/browser/client_certificate_delegate.h" | 13 #include "content/public/browser/client_certificate_delegate.h" |
| 14 #include "content/public/browser/content_browser_client.h" | 14 #include "content/public/browser/content_browser_client.h" |
| 15 #include "content/public/browser/resource_request_info.h" | 15 #include "content/public/browser/resource_request_info.h" |
| 16 #include "net/cert/x509_certificate.h" | |
| 17 #include "net/ssl/client_cert_store.h" | 16 #include "net/ssl/client_cert_store.h" |
| 18 #include "net/url_request/url_request.h" | 17 #include "net/url_request/url_request.h" |
| 19 | 18 |
| 20 namespace content { | 19 namespace content { |
| 21 | 20 |
| 22 namespace { | 21 namespace { |
| 23 | 22 |
| 24 class ClientCertificateDelegateImpl : public ClientCertificateDelegate { | 23 class ClientCertificateDelegateImpl : public ClientCertificateDelegate { |
| 25 public: | 24 public: |
| 26 explicit ClientCertificateDelegateImpl( | 25 explicit ClientCertificateDelegateImpl( |
| (...skipping 22 matching lines...) Expand all Loading... |
| 49 private: | 48 private: |
| 50 base::WeakPtr<SSLClientAuthHandler> handler_; | 49 base::WeakPtr<SSLClientAuthHandler> handler_; |
| 51 bool continue_called_; | 50 bool continue_called_; |
| 52 | 51 |
| 53 DISALLOW_COPY_AND_ASSIGN(ClientCertificateDelegateImpl); | 52 DISALLOW_COPY_AND_ASSIGN(ClientCertificateDelegateImpl); |
| 54 }; | 53 }; |
| 55 | 54 |
| 56 void SelectCertificateOnUIThread( | 55 void SelectCertificateOnUIThread( |
| 57 const ResourceRequestInfo::WebContentsGetter& wc_getter, | 56 const ResourceRequestInfo::WebContentsGetter& wc_getter, |
| 58 net::SSLCertRequestInfo* cert_request_info, | 57 net::SSLCertRequestInfo* cert_request_info, |
| 58 net::CertificateList client_certs, |
| 59 const base::WeakPtr<SSLClientAuthHandler>& handler) { | 59 const base::WeakPtr<SSLClientAuthHandler>& handler) { |
| 60 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 60 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 61 | 61 |
| 62 std::unique_ptr<ClientCertificateDelegate> delegate( | 62 std::unique_ptr<ClientCertificateDelegate> delegate( |
| 63 new ClientCertificateDelegateImpl(handler)); | 63 new ClientCertificateDelegateImpl(handler)); |
| 64 | 64 |
| 65 WebContents* web_contents = wc_getter.Run(); | 65 WebContents* web_contents = wc_getter.Run(); |
| 66 if (!web_contents) | 66 if (!web_contents) |
| 67 return; | 67 return; |
| 68 | 68 |
| 69 GetContentClient()->browser()->SelectClientCertificate( | 69 GetContentClient()->browser()->SelectClientCertificate( |
| 70 web_contents, cert_request_info, std::move(delegate)); | 70 web_contents, cert_request_info, std::move(client_certs), |
| 71 std::move(delegate)); |
| 71 } | 72 } |
| 72 | 73 |
| 73 } // namespace | 74 } // namespace |
| 74 | 75 |
| 75 // A reference-counted core to allow the ClientCertStore and SSLCertRequestInfo | 76 // A reference-counted core to allow the ClientCertStore and SSLCertRequestInfo |
| 76 // to outlive SSLClientAuthHandler if needbe. | 77 // to outlive SSLClientAuthHandler if needbe. |
| 77 class SSLClientAuthHandler::Core : public base::RefCountedThreadSafe<Core> { | 78 class SSLClientAuthHandler::Core : public base::RefCountedThreadSafe<Core> { |
| 78 public: | 79 public: |
| 79 Core(const base::WeakPtr<SSLClientAuthHandler>& handler, | 80 Core(const base::WeakPtr<SSLClientAuthHandler>& handler, |
| 80 std::unique_ptr<net::ClientCertStore> client_cert_store, | 81 std::unique_ptr<net::ClientCertStore> client_cert_store, |
| 81 net::SSLCertRequestInfo* cert_request_info) | 82 net::SSLCertRequestInfo* cert_request_info) |
| 82 : handler_(handler), | 83 : handler_(handler), |
| 83 client_cert_store_(std::move(client_cert_store)), | 84 client_cert_store_(std::move(client_cert_store)), |
| 84 cert_request_info_(cert_request_info) {} | 85 cert_request_info_(cert_request_info) {} |
| 85 | 86 |
| 86 bool has_client_cert_store() const { return !!client_cert_store_; } | 87 bool has_client_cert_store() const { return !!client_cert_store_; } |
| 87 | 88 |
| 88 void GetClientCerts() { | 89 void GetClientCerts() { |
| 89 if (client_cert_store_) { | 90 if (client_cert_store_) { |
| 90 // TODO(davidben): This is still a cyclical ownership where | 91 // TODO(davidben): This is still a cyclical ownership where |
| 91 // GetClientCerts' requirement that |client_cert_store_| remains alive | 92 // GetClientCerts' requirement that |client_cert_store_| remains alive |
| 92 // until the call completes is maintained by the reference held in the | 93 // until the call completes is maintained by the reference held in the |
| 93 // callback. | 94 // callback. |
| 94 client_cert_store_->GetClientCerts( | 95 client_cert_store_->GetClientCerts( |
| 95 *cert_request_info_, &cert_request_info_->client_certs, | 96 *cert_request_info_, |
| 96 base::Bind(&SSLClientAuthHandler::Core::DidGetClientCerts, this)); | 97 base::Bind(&SSLClientAuthHandler::Core::DidGetClientCerts, this)); |
| 97 } else { | 98 } else { |
| 98 DidGetClientCerts(); | 99 DidGetClientCerts(net::CertificateList()); |
| 99 } | 100 } |
| 100 } | 101 } |
| 101 | 102 |
| 102 private: | 103 private: |
| 103 friend class base::RefCountedThreadSafe<Core>; | 104 friend class base::RefCountedThreadSafe<Core>; |
| 104 | 105 |
| 105 ~Core() {} | 106 ~Core() {} |
| 106 | 107 |
| 107 // Called when |client_cert_store_| is done retrieving the cert list. | 108 // Called when |client_cert_store_| is done retrieving the cert list. |
| 108 void DidGetClientCerts() { | 109 void DidGetClientCerts(net::CertificateList client_certs) { |
| 109 if (handler_) | 110 if (handler_) |
| 110 handler_->DidGetClientCerts(); | 111 handler_->DidGetClientCerts(std::move(client_certs)); |
| 111 } | 112 } |
| 112 | 113 |
| 113 base::WeakPtr<SSLClientAuthHandler> handler_; | 114 base::WeakPtr<SSLClientAuthHandler> handler_; |
| 114 std::unique_ptr<net::ClientCertStore> client_cert_store_; | 115 std::unique_ptr<net::ClientCertStore> client_cert_store_; |
| 115 scoped_refptr<net::SSLCertRequestInfo> cert_request_info_; | 116 scoped_refptr<net::SSLCertRequestInfo> cert_request_info_; |
| 116 }; | 117 }; |
| 117 | 118 |
| 118 SSLClientAuthHandler::SSLClientAuthHandler( | 119 SSLClientAuthHandler::SSLClientAuthHandler( |
| 119 std::unique_ptr<net::ClientCertStore> client_cert_store, | 120 std::unique_ptr<net::ClientCertStore> client_cert_store, |
| 120 net::URLRequest* request, | 121 net::URLRequest* request, |
| (...skipping 27 matching lines...) Expand all Loading... |
| 148 handler->delegate_->ContinueWithCertificate(cert); | 149 handler->delegate_->ContinueWithCertificate(cert); |
| 149 } | 150 } |
| 150 | 151 |
| 151 // static | 152 // static |
| 152 void SSLClientAuthHandler::CancelCertificateSelection( | 153 void SSLClientAuthHandler::CancelCertificateSelection( |
| 153 const base::WeakPtr<SSLClientAuthHandler>& handler) { | 154 const base::WeakPtr<SSLClientAuthHandler>& handler) { |
| 154 if (handler) | 155 if (handler) |
| 155 handler->delegate_->CancelCertificateSelection(); | 156 handler->delegate_->CancelCertificateSelection(); |
| 156 } | 157 } |
| 157 | 158 |
| 158 void SSLClientAuthHandler::DidGetClientCerts() { | 159 void SSLClientAuthHandler::DidGetClientCerts( |
| 160 net::CertificateList client_certs) { |
| 159 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 161 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| 160 | 162 |
| 161 // Note that if |client_cert_store_| is NULL, we intentionally fall through to | 163 // Note that if |client_cert_store_| is NULL, we intentionally fall through to |
| 162 // SelectCertificateOnUIThread. This is for platforms where the client cert | 164 // SelectCertificateOnUIThread. This is for platforms where the client cert |
| 163 // matching is not performed by Chrome. Those platforms handle the cert | 165 // matching is not performed by Chrome. Those platforms handle the cert |
| 164 // matching before showing the dialog. | 166 // matching before showing the dialog. |
| 165 if (core_->has_client_cert_store() && | 167 if (core_->has_client_cert_store() && client_certs.empty()) { |
| 166 cert_request_info_->client_certs.empty()) { | |
| 167 // No need to query the user if there are no certs to choose from. | 168 // No need to query the user if there are no certs to choose from. |
| 168 // | 169 // |
| 169 // TODO(davidben): The WebContents-less check on the UI thread should come | 170 // TODO(davidben): The WebContents-less check on the UI thread should come |
| 170 // before checking ClientCertStore; ClientCertStore itself should probably | 171 // before checking ClientCertStore; ClientCertStore itself should probably |
| 171 // be handled by the embedder (https://crbug.com/394131), especially since | 172 // be handled by the embedder (https://crbug.com/394131), especially since |
| 172 // this doesn't work on Android (https://crbug.com/345641). | 173 // this doesn't work on Android (https://crbug.com/345641). |
| 173 BrowserThread::PostTask( | 174 BrowserThread::PostTask( |
| 174 BrowserThread::IO, FROM_HERE, | 175 BrowserThread::IO, FROM_HERE, |
| 175 base::Bind(&SSLClientAuthHandler::ContinueWithCertificate, | 176 base::Bind(&SSLClientAuthHandler::ContinueWithCertificate, |
| 176 weak_factory_.GetWeakPtr(), nullptr)); | 177 weak_factory_.GetWeakPtr(), nullptr)); |
| 177 return; | 178 return; |
| 178 } | 179 } |
| 179 | 180 |
| 180 BrowserThread::PostTask( | 181 BrowserThread::PostTask( |
| 181 BrowserThread::UI, FROM_HERE, | 182 BrowserThread::UI, FROM_HERE, |
| 182 base::Bind(&SelectCertificateOnUIThread, | 183 base::Bind(&SelectCertificateOnUIThread, |
| 183 ResourceRequestInfo::ForRequest(request_)-> | 184 ResourceRequestInfo::ForRequest(request_) |
| 184 GetWebContentsGetterForRequest(), | 185 ->GetWebContentsGetterForRequest(), |
| 185 base::RetainedRef(cert_request_info_), | 186 base::RetainedRef(cert_request_info_), std::move(client_certs), |
| 186 weak_factory_.GetWeakPtr())); | 187 weak_factory_.GetWeakPtr())); |
| 187 } | 188 } |
| 188 | 189 |
| 189 } // namespace content | 190 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2838243002:
Remove client_certs from SSLCertRequestInfo. (Closed)
