Refactor client cert private key handling.

chromecast/browser/cast_content_browser_client.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chromecast/browser/cast_content_browser_client.h"
 
 #include <stddef.h>
 
 #include <string>
 #include <utility>
@@ skipping 387 matching lines @@
   // Otherwise, any fatal certificate errors will cause an abort.
   if (!callback.is_null()) {
     callback.Run(content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL);
   }
   return;
 }
 
 void CastContentBrowserClient::SelectClientCertificate(
     content::WebContents* web_contents,
     net::SSLCertRequestInfo* cert_request_info,
-    net::CertificateList client_certs,
+    net::ClientCertIdentityList client_certs,
     std::unique_ptr<content::ClientCertificateDelegate> delegate) {
   GURL requesting_url("https://" + cert_request_info->host_and_port.ToString());
 
   if (!requesting_url.is_valid()) {
     LOG(ERROR) << "Invalid URL string: "
                << requesting_url.possibly_invalid_spec();
-    delegate->ContinueWithCertificate(nullptr);
+    delegate->ContinueWithCertificate(nullptr, nullptr);
     return;
   }
 
   // In our case there are no relevant certs in |client_certs|. The cert
   // we need to return (if permitted) is the Cast device cert, which we can
   // access directly through the ClientAuthSigner instance. However, we need to
   // be on the IO thread to determine whether the app is whitelisted to return
   // it, because CastNetworkDelegate is bound to the IO thread.
   // Subsequently, the callback must then itself be performed back here
   // on the UI thread.
   //
   // TODO(davidben): Stop using child ID to identify an app.
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
-  content::BrowserThread::PostTaskAndReplyWithResult(
+  /*auto reply_callback = base::Bind(
+      &content::ClientCertificateDelegate::ContinueWithCertificate,
+      std::move(delegate));*/
+
+  content::BrowserThread::PostTask(
       content::BrowserThread::IO, FROM_HERE,
-      base::Bind(&CastContentBrowserClient::SelectClientCertificateOnIOThread,
-                 base::Unretained(this), requesting_url,
-                 web_contents->GetRenderProcessHost()->GetID()),
-      base::Bind(&content::ClientCertificateDelegate::ContinueWithCertificate,
-                 base::Owned(delegate.release())));
+      base::BindOnce(
+          &CastContentBrowserClient::SelectClientCertificateOnIOThread,
+          base::Unretained(this), requesting_url,
+          web_contents->GetRenderProcessHost()->GetID(),
+          base::SequencedTaskRunnerHandle::Get(),
+          // XXX maybe pass a callback already bound to ContinueWithCertificate?
+          std::move(delegate)));
 }
 
-net::X509Certificate*
-CastContentBrowserClient::SelectClientCertificateOnIOThread(
+void CastContentBrowserClient::SelectClientCertificateOnIOThread(
     GURL requesting_url,
-    int render_process_id) {
+    int render_process_id,
+    scoped_refptr<base::SequencedTaskRunner> original_runner,
+    std::unique_ptr<content::ClientCertificateDelegate> delegate) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
   CastNetworkDelegate* network_delegate =
       url_request_context_factory_->app_network_delegate();
   if (network_delegate->IsWhitelisted(requesting_url,
                                       render_process_id, false)) {
-    return CastNetworkDelegate::DeviceCert();
+    original_runner->PostTask(
+        FROM_HERE,
+        base::Bind(&content::ClientCertificateDelegate::ContinueWithCertificate,
+                   base::Owned(delegate.release()),
+                   make_scoped_refptr(CastNetworkDelegate::DeviceCert()),
+                   make_scoped_refptr(CastNetworkDelegate::DeviceKey())));
+    return;
   } else {
     LOG(ERROR) << "Invalid host for client certificate request: "
                << requesting_url.host()
                << " with render_process_id: "
                << render_process_id;
-    return NULL;
   }
+  original_runner->PostTask(
+      FROM_HERE,
+      base::Bind(&content::ClientCertificateDelegate::ContinueWithCertificate,
+                 base::Owned(delegate.release()), nullptr, nullptr));
 }
 
 bool CastContentBrowserClient::CanCreateWindow(
     content::RenderFrameHost* opener,
     const GURL& opener_url,
     const GURL& opener_top_level_frame_url,
     const GURL& source_origin,
     content::mojom::WindowContainerType container_type,
     const GURL& target_url,
     const content::Referrer& referrer,
@@ skipping 107 matching lines @@
         process_type, dumps_path, false /* upload */);
   // StartUploaderThread() even though upload is diferred.
   // Breakpad-related memory is freed in the uploader thread.
   crash_handler->StartUploaderThread();
   return crash_handler;
 }
 #endif  // !defined(OS_ANDROID)
 
 }  // namespace shell
 }  // namespace chromecast