OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/ssl/ssl_client_auth_handler.h" | 5 #include "content/browser/ssl/ssl_client_auth_handler.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
11 #include "base/macros.h" | 11 #include "base/macros.h" |
12 #include "content/public/browser/browser_thread.h" | 12 #include "content/public/browser/browser_thread.h" |
13 #include "content/public/browser/client_certificate_delegate.h" | 13 #include "content/public/browser/client_certificate_delegate.h" |
14 #include "content/public/browser/content_browser_client.h" | 14 #include "content/public/browser/content_browser_client.h" |
15 #include "content/public/browser/resource_request_info.h" | 15 #include "content/public/browser/resource_request_info.h" |
| 16 #include "net/cert/x509_certificate.h" |
16 #include "net/ssl/client_cert_store.h" | 17 #include "net/ssl/client_cert_store.h" |
17 #include "net/url_request/url_request.h" | 18 #include "net/url_request/url_request.h" |
18 | 19 |
19 namespace content { | 20 namespace content { |
20 | 21 |
21 namespace { | 22 namespace { |
22 | 23 |
23 class ClientCertificateDelegateImpl : public ClientCertificateDelegate { | 24 class ClientCertificateDelegateImpl : public ClientCertificateDelegate { |
24 public: | 25 public: |
25 explicit ClientCertificateDelegateImpl( | 26 explicit ClientCertificateDelegateImpl( |
(...skipping 22 matching lines...) Expand all Loading... |
48 private: | 49 private: |
49 base::WeakPtr<SSLClientAuthHandler> handler_; | 50 base::WeakPtr<SSLClientAuthHandler> handler_; |
50 bool continue_called_; | 51 bool continue_called_; |
51 | 52 |
52 DISALLOW_COPY_AND_ASSIGN(ClientCertificateDelegateImpl); | 53 DISALLOW_COPY_AND_ASSIGN(ClientCertificateDelegateImpl); |
53 }; | 54 }; |
54 | 55 |
55 void SelectCertificateOnUIThread( | 56 void SelectCertificateOnUIThread( |
56 const ResourceRequestInfo::WebContentsGetter& wc_getter, | 57 const ResourceRequestInfo::WebContentsGetter& wc_getter, |
57 net::SSLCertRequestInfo* cert_request_info, | 58 net::SSLCertRequestInfo* cert_request_info, |
58 net::CertificateList client_certs, | |
59 const base::WeakPtr<SSLClientAuthHandler>& handler) { | 59 const base::WeakPtr<SSLClientAuthHandler>& handler) { |
60 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 60 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
61 | 61 |
62 std::unique_ptr<ClientCertificateDelegate> delegate( | 62 std::unique_ptr<ClientCertificateDelegate> delegate( |
63 new ClientCertificateDelegateImpl(handler)); | 63 new ClientCertificateDelegateImpl(handler)); |
64 | 64 |
65 WebContents* web_contents = wc_getter.Run(); | 65 WebContents* web_contents = wc_getter.Run(); |
66 if (!web_contents) | 66 if (!web_contents) |
67 return; | 67 return; |
68 | 68 |
69 GetContentClient()->browser()->SelectClientCertificate( | 69 GetContentClient()->browser()->SelectClientCertificate( |
70 web_contents, cert_request_info, std::move(client_certs), | 70 web_contents, cert_request_info, std::move(delegate)); |
71 std::move(delegate)); | |
72 } | 71 } |
73 | 72 |
74 } // namespace | 73 } // namespace |
75 | 74 |
76 // A reference-counted core to allow the ClientCertStore and SSLCertRequestInfo | 75 // A reference-counted core to allow the ClientCertStore and SSLCertRequestInfo |
77 // to outlive SSLClientAuthHandler if needbe. | 76 // to outlive SSLClientAuthHandler if needbe. |
78 class SSLClientAuthHandler::Core : public base::RefCountedThreadSafe<Core> { | 77 class SSLClientAuthHandler::Core : public base::RefCountedThreadSafe<Core> { |
79 public: | 78 public: |
80 Core(const base::WeakPtr<SSLClientAuthHandler>& handler, | 79 Core(const base::WeakPtr<SSLClientAuthHandler>& handler, |
81 std::unique_ptr<net::ClientCertStore> client_cert_store, | 80 std::unique_ptr<net::ClientCertStore> client_cert_store, |
82 net::SSLCertRequestInfo* cert_request_info) | 81 net::SSLCertRequestInfo* cert_request_info) |
83 : handler_(handler), | 82 : handler_(handler), |
84 client_cert_store_(std::move(client_cert_store)), | 83 client_cert_store_(std::move(client_cert_store)), |
85 cert_request_info_(cert_request_info) {} | 84 cert_request_info_(cert_request_info) {} |
86 | 85 |
87 bool has_client_cert_store() const { return !!client_cert_store_; } | 86 bool has_client_cert_store() const { return !!client_cert_store_; } |
88 | 87 |
89 void GetClientCerts() { | 88 void GetClientCerts() { |
90 if (client_cert_store_) { | 89 if (client_cert_store_) { |
91 // TODO(davidben): This is still a cyclical ownership where | 90 // TODO(davidben): This is still a cyclical ownership where |
92 // GetClientCerts' requirement that |client_cert_store_| remains alive | 91 // GetClientCerts' requirement that |client_cert_store_| remains alive |
93 // until the call completes is maintained by the reference held in the | 92 // until the call completes is maintained by the reference held in the |
94 // callback. | 93 // callback. |
95 client_cert_store_->GetClientCerts( | 94 client_cert_store_->GetClientCerts( |
96 *cert_request_info_, | 95 *cert_request_info_, &cert_request_info_->client_certs, |
97 base::Bind(&SSLClientAuthHandler::Core::DidGetClientCerts, this)); | 96 base::Bind(&SSLClientAuthHandler::Core::DidGetClientCerts, this)); |
98 } else { | 97 } else { |
99 DidGetClientCerts(net::CertificateList()); | 98 DidGetClientCerts(); |
100 } | 99 } |
101 } | 100 } |
102 | 101 |
103 private: | 102 private: |
104 friend class base::RefCountedThreadSafe<Core>; | 103 friend class base::RefCountedThreadSafe<Core>; |
105 | 104 |
106 ~Core() {} | 105 ~Core() {} |
107 | 106 |
108 // Called when |client_cert_store_| is done retrieving the cert list. | 107 // Called when |client_cert_store_| is done retrieving the cert list. |
109 void DidGetClientCerts(net::CertificateList client_certs) { | 108 void DidGetClientCerts() { |
110 if (handler_) | 109 if (handler_) |
111 handler_->DidGetClientCerts(std::move(client_certs)); | 110 handler_->DidGetClientCerts(); |
112 } | 111 } |
113 | 112 |
114 base::WeakPtr<SSLClientAuthHandler> handler_; | 113 base::WeakPtr<SSLClientAuthHandler> handler_; |
115 std::unique_ptr<net::ClientCertStore> client_cert_store_; | 114 std::unique_ptr<net::ClientCertStore> client_cert_store_; |
116 scoped_refptr<net::SSLCertRequestInfo> cert_request_info_; | 115 scoped_refptr<net::SSLCertRequestInfo> cert_request_info_; |
117 }; | 116 }; |
118 | 117 |
119 SSLClientAuthHandler::SSLClientAuthHandler( | 118 SSLClientAuthHandler::SSLClientAuthHandler( |
120 std::unique_ptr<net::ClientCertStore> client_cert_store, | 119 std::unique_ptr<net::ClientCertStore> client_cert_store, |
121 net::URLRequest* request, | 120 net::URLRequest* request, |
(...skipping 27 matching lines...) Expand all Loading... |
149 handler->delegate_->ContinueWithCertificate(cert); | 148 handler->delegate_->ContinueWithCertificate(cert); |
150 } | 149 } |
151 | 150 |
152 // static | 151 // static |
153 void SSLClientAuthHandler::CancelCertificateSelection( | 152 void SSLClientAuthHandler::CancelCertificateSelection( |
154 const base::WeakPtr<SSLClientAuthHandler>& handler) { | 153 const base::WeakPtr<SSLClientAuthHandler>& handler) { |
155 if (handler) | 154 if (handler) |
156 handler->delegate_->CancelCertificateSelection(); | 155 handler->delegate_->CancelCertificateSelection(); |
157 } | 156 } |
158 | 157 |
159 void SSLClientAuthHandler::DidGetClientCerts( | 158 void SSLClientAuthHandler::DidGetClientCerts() { |
160 net::CertificateList client_certs) { | |
161 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 159 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
162 | 160 |
163 // Note that if |client_cert_store_| is NULL, we intentionally fall through to | 161 // Note that if |client_cert_store_| is NULL, we intentionally fall through to |
164 // SelectCertificateOnUIThread. This is for platforms where the client cert | 162 // SelectCertificateOnUIThread. This is for platforms where the client cert |
165 // matching is not performed by Chrome. Those platforms handle the cert | 163 // matching is not performed by Chrome. Those platforms handle the cert |
166 // matching before showing the dialog. | 164 // matching before showing the dialog. |
167 if (core_->has_client_cert_store() && client_certs.empty()) { | 165 if (core_->has_client_cert_store() && |
| 166 cert_request_info_->client_certs.empty()) { |
168 // No need to query the user if there are no certs to choose from. | 167 // No need to query the user if there are no certs to choose from. |
169 // | 168 // |
170 // TODO(davidben): The WebContents-less check on the UI thread should come | 169 // TODO(davidben): The WebContents-less check on the UI thread should come |
171 // before checking ClientCertStore; ClientCertStore itself should probably | 170 // before checking ClientCertStore; ClientCertStore itself should probably |
172 // be handled by the embedder (https://crbug.com/394131), especially since | 171 // be handled by the embedder (https://crbug.com/394131), especially since |
173 // this doesn't work on Android (https://crbug.com/345641). | 172 // this doesn't work on Android (https://crbug.com/345641). |
174 BrowserThread::PostTask( | 173 BrowserThread::PostTask( |
175 BrowserThread::IO, FROM_HERE, | 174 BrowserThread::IO, FROM_HERE, |
176 base::Bind(&SSLClientAuthHandler::ContinueWithCertificate, | 175 base::Bind(&SSLClientAuthHandler::ContinueWithCertificate, |
177 weak_factory_.GetWeakPtr(), nullptr)); | 176 weak_factory_.GetWeakPtr(), nullptr)); |
178 return; | 177 return; |
179 } | 178 } |
180 | 179 |
181 BrowserThread::PostTask( | 180 BrowserThread::PostTask( |
182 BrowserThread::UI, FROM_HERE, | 181 BrowserThread::UI, FROM_HERE, |
183 base::Bind(&SelectCertificateOnUIThread, | 182 base::Bind(&SelectCertificateOnUIThread, |
184 ResourceRequestInfo::ForRequest(request_) | 183 ResourceRequestInfo::ForRequest(request_)-> |
185 ->GetWebContentsGetterForRequest(), | 184 GetWebContentsGetterForRequest(), |
186 base::RetainedRef(cert_request_info_), std::move(client_certs), | 185 base::RetainedRef(cert_request_info_), |
187 weak_factory_.GetWeakPtr())); | 186 weak_factory_.GetWeakPtr())); |
188 } | 187 } |
189 | 188 |
190 } // namespace content | 189 } // namespace content |
OLD | NEW |