| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromecast/browser/cast_content_browser_client.h" | 5 #include "chromecast/browser/cast_content_browser_client.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <string> | 9 #include <string> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 387 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 398 // Otherwise, any fatal certificate errors will cause an abort. | 398 // Otherwise, any fatal certificate errors will cause an abort. |
| 399 if (!callback.is_null()) { | 399 if (!callback.is_null()) { |
| 400 callback.Run(content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL); | 400 callback.Run(content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL); |
| 401 } | 401 } |
| 402 return; | 402 return; |
| 403 } | 403 } |
| 404 | 404 |
| 405 void CastContentBrowserClient::SelectClientCertificate( | 405 void CastContentBrowserClient::SelectClientCertificate( |
| 406 content::WebContents* web_contents, | 406 content::WebContents* web_contents, |
| 407 net::SSLCertRequestInfo* cert_request_info, | 407 net::SSLCertRequestInfo* cert_request_info, |
| 408 net::CertificateList client_certs, | 408 net::ClientCertIdentityList client_certs, |
| 409 std::unique_ptr<content::ClientCertificateDelegate> delegate) { | 409 std::unique_ptr<content::ClientCertificateDelegate> delegate) { |
| 410 GURL requesting_url("https://" + cert_request_info->host_and_port.ToString()); | 410 GURL requesting_url("https://" + cert_request_info->host_and_port.ToString()); |
| 411 | 411 |
| 412 if (!requesting_url.is_valid()) { | 412 if (!requesting_url.is_valid()) { |
| 413 LOG(ERROR) << "Invalid URL string: " | 413 LOG(ERROR) << "Invalid URL string: " |
| 414 << requesting_url.possibly_invalid_spec(); | 414 << requesting_url.possibly_invalid_spec(); |
| 415 delegate->ContinueWithCertificate(nullptr); | 415 delegate->ContinueWithCertificate(nullptr, nullptr); |
| 416 return; | 416 return; |
| 417 } | 417 } |
| 418 | 418 |
| 419 // In our case there are no relevant certs in |client_certs|. The cert | 419 // In our case there are no relevant certs in |client_certs|. The cert |
| 420 // we need to return (if permitted) is the Cast device cert, which we can | 420 // we need to return (if permitted) is the Cast device cert, which we can |
| 421 // access directly through the ClientAuthSigner instance. However, we need to | 421 // access directly through the ClientAuthSigner instance. However, we need to |
| 422 // be on the IO thread to determine whether the app is whitelisted to return | 422 // be on the IO thread to determine whether the app is whitelisted to return |
| 423 // it, because CastNetworkDelegate is bound to the IO thread. | 423 // it, because CastNetworkDelegate is bound to the IO thread. |
| 424 // Subsequently, the callback must then itself be performed back here | 424 // Subsequently, the callback must then itself be performed back here |
| 425 // on the UI thread. | 425 // on the UI thread. |
| 426 // | 426 // |
| 427 // TODO(davidben): Stop using child ID to identify an app. | 427 // TODO(davidben): Stop using child ID to identify an app. |
| 428 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | 428 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| 429 content::BrowserThread::PostTaskAndReplyWithResult( | 429 content::BrowserThread::PostTask( |
| 430 content::BrowserThread::IO, FROM_HERE, | 430 content::BrowserThread::IO, FROM_HERE, |
| 431 base::Bind(&CastContentBrowserClient::SelectClientCertificateOnIOThread, | 431 base::BindOnce( |
| 432 base::Unretained(this), requesting_url, | 432 &CastContentBrowserClient::SelectClientCertificateOnIOThread, |
| 433 web_contents->GetRenderProcessHost()->GetID()), | 433 base::Unretained(this), requesting_url, |
| 434 base::Bind(&content::ClientCertificateDelegate::ContinueWithCertificate, | 434 web_contents->GetRenderProcessHost()->GetID(), |
| 435 base::Owned(delegate.release()))); | 435 base::SequencedTaskRunnerHandle::Get(), |
| 436 base::Bind( |
| 437 &content::ClientCertificateDelegate::ContinueWithCertificate, |
| 438 base::Owned(delegate.release())))); |
| 436 } | 439 } |
| 437 | 440 |
| 438 net::X509Certificate* | 441 void CastContentBrowserClient::SelectClientCertificateOnIOThread( |
| 439 CastContentBrowserClient::SelectClientCertificateOnIOThread( | |
| 440 GURL requesting_url, | 442 GURL requesting_url, |
| 441 int render_process_id) { | 443 int render_process_id, |
| 444 scoped_refptr<base::SequencedTaskRunner> original_runner, |
| 445 const base::Callback<void(scoped_refptr<net::X509Certificate>, |
| 446 scoped_refptr<net::SSLPrivateKey>)>& |
| 447 continue_callback) { |
| 442 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); | 448 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); |
| 443 CastNetworkDelegate* network_delegate = | 449 CastNetworkDelegate* network_delegate = |
| 444 url_request_context_factory_->app_network_delegate(); | 450 url_request_context_factory_->app_network_delegate(); |
| 445 if (network_delegate->IsWhitelisted(requesting_url, | 451 if (network_delegate->IsWhitelisted(requesting_url, |
| 446 render_process_id, false)) { | 452 render_process_id, false)) { |
| 447 return CastNetworkDelegate::DeviceCert(); | 453 original_runner->PostTask( |
| 454 FROM_HERE, |
| 455 base::Bind(continue_callback, |
| 456 make_scoped_refptr(CastNetworkDelegate::DeviceCert()), |
| 457 make_scoped_refptr(CastNetworkDelegate::DeviceKey()))); |
| 458 return; |
| 448 } else { | 459 } else { |
| 449 LOG(ERROR) << "Invalid host for client certificate request: " | 460 LOG(ERROR) << "Invalid host for client certificate request: " |
| 450 << requesting_url.host() | 461 << requesting_url.host() |
| 451 << " with render_process_id: " | 462 << " with render_process_id: " |
| 452 << render_process_id; | 463 << render_process_id; |
| 453 return NULL; | |
| 454 } | 464 } |
| 465 original_runner->PostTask(FROM_HERE, |
| 466 base::Bind(continue_callback, nullptr, nullptr)); |
| 455 } | 467 } |
| 456 | 468 |
| 457 bool CastContentBrowserClient::CanCreateWindow( | 469 bool CastContentBrowserClient::CanCreateWindow( |
| 458 content::RenderFrameHost* opener, | 470 content::RenderFrameHost* opener, |
| 459 const GURL& opener_url, | 471 const GURL& opener_url, |
| 460 const GURL& opener_top_level_frame_url, | 472 const GURL& opener_top_level_frame_url, |
| 461 const GURL& source_origin, | 473 const GURL& source_origin, |
| 462 content::mojom::WindowContainerType container_type, | 474 content::mojom::WindowContainerType container_type, |
| 463 const GURL& target_url, | 475 const GURL& target_url, |
| 464 const content::Referrer& referrer, | 476 const content::Referrer& referrer, |
| (...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 572 process_type, dumps_path, false /* upload */); | 584 process_type, dumps_path, false /* upload */); |
| 573 // StartUploaderThread() even though upload is diferred. | 585 // StartUploaderThread() even though upload is diferred. |
| 574 // Breakpad-related memory is freed in the uploader thread. | 586 // Breakpad-related memory is freed in the uploader thread. |
| 575 crash_handler->StartUploaderThread(); | 587 crash_handler->StartUploaderThread(); |
| 576 return crash_handler; | 588 return crash_handler; |
| 577 } | 589 } |
| 578 #endif // !defined(OS_ANDROID) | 590 #endif // !defined(OS_ANDROID) |
| 579 | 591 |
| 580 } // namespace shell | 592 } // namespace shell |
| 581 } // namespace chromecast | 593 } // namespace chromecast |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2898573002:
Refactor client cert private key handling. (Closed)
