Refactor client cert private key handling.

android_webview/browser/aw_contents_client_bridge.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "android_webview/browser/aw_contents_client_bridge.h"
 
 #include <memory>
 #include <utility>
 
 #include "android_webview/browser/aw_contents.h"
 #include "android_webview/common/devtools_instrumentation.h"
 #include "android_webview/grit/components_strings.h"
 #include "base/android/jni_android.h"
 #include "base/android/jni_array.h"
 #include "base/android/jni_string.h"
 #include "base/callback_helpers.h"
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
 #include "base/memory/ref_counted.h"
 #include "base/message_loop/message_loop.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/client_certificate_delegate.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/web_contents.h"
 #include "jni/AwContentsClientBridge_jni.h"
 #include "net/cert/x509_certificate.h"
 #include "net/http/http_response_headers.h"
-#include "net/ssl/openssl_client_key_store.h"
 #include "net/ssl/ssl_cert_request_info.h"
 #include "net/ssl/ssl_client_cert_type.h"
 #include "net/ssl/ssl_platform_key_android.h"
 #include "net/ssl/ssl_private_key.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "url/gurl.h"
 
 using base::android::AttachCurrentThread;
 using base::android::ConvertJavaStringToUTF16;
 using base::android::ConvertUTF8ToJavaString;
 using base::android::ConvertUTF16ToJavaString;
 using base::android::HasException;
 using base::android::JavaRef;
 using base::android::ScopedJavaLocalRef;
 using base::android::ToJavaArrayOfStrings;
 using content::BrowserThread;
 using content::WebContents;
 using std::vector;
 
 namespace android_webview {
 
 namespace {
 
-// Must be called on the I/O thread to record a client certificate
-// and its private key in the OpenSSLClientKeyStore.
-void RecordClientCertificateKey(net::X509Certificate* client_cert,
-                                scoped_refptr<net::SSLPrivateKey> private_key) {
-  DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
-  net::OpenSSLClientKeyStore::GetInstance()->RecordClientCertPrivateKey(
-      client_cert, std::move(private_key));
-}
-
 const void* const kAwContentsClientBridge = &kAwContentsClientBridge;
 
 // This class is invented so that the UserData registry that we inject the
 // AwContentsClientBridge object does not own and destroy it.
 class UserData : public base::SupportsUserData::Data {
  public:
   static AwContentsClientBridge* GetContents(
       content::WebContents* web_contents) {
     if (!web_contents)
       return NULL;
@@ skipping 186 matching lines @@
 // This method is inspired by OnSystemRequestCompletion() in
 // chrome/browser/ui/android/ssl_client_certificate_request.cc
 void AwContentsClientBridge::ProvideClientCertificateResponse(
     JNIEnv* env,
     const JavaRef<jobject>& obj,
     int request_id,
     const JavaRef<jobjectArray>& encoded_chain_ref,
     const JavaRef<jobject>& private_key_ref) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
 
+  // TODO(mattm): make this a unique_ptr and get rid of the guard stuff.

[sgurun-gerrit only, 2017/06/13 22:48:34]

why not do it in this CL?

[mattm, 2017/06/13 23:40:59]

Done.

   content::ClientCertificateDelegate* delegate =
       pending_client_cert_request_delegates_.Lookup(request_id);
   DCHECK(delegate);
 
   if (encoded_chain_ref.is_null() || private_key_ref.is_null()) {
     LOG(ERROR) << "No client certificate selected";
     pending_client_cert_request_delegates_.Remove(request_id);
-    delegate->ContinueWithCertificate(nullptr);
+    delegate->ContinueWithCertificate(nullptr, nullptr);
     delete delegate;
     return;
   }
 
   // Make sure callback is run on error.
   base::ScopedClosureRunner guard(base::Bind(
       &AwContentsClientBridge::HandleErrorInClientCertificateResponse,
       base::Unretained(this), request_id));
 
   // Convert the encoded chain to a vector of strings.
@@ skipping 21 matching lines @@
   if (!private_key) {
     LOG(ERROR) << "Could not create OpenSSL wrapper for private key";
     return;
   }
 
   // Release the guard and |pending_client_cert_request_delegates_| references
   // to |delegate|.
   pending_client_cert_request_delegates_.Remove(request_id);
   ignore_result(guard.Release());
 
-  // RecordClientCertificateKey() must be called on the I/O thread,
-  // before the delegate is called with the selected certificate on
-  // the UI thread.
-  content::BrowserThread::PostTaskAndReply(
-      content::BrowserThread::IO, FROM_HERE,
-      base::Bind(&RecordClientCertificateKey, base::RetainedRef(client_cert),
-                 base::Passed(&private_key)),
-      base::Bind(&content::ClientCertificateDelegate::ContinueWithCertificate,
-                 base::Owned(delegate), base::RetainedRef(client_cert)));
+  delegate->ContinueWithCertificate(std::move(client_cert),
+                                    std::move(private_key));
+  delete delegate;
 }
 
 void AwContentsClientBridge::RunJavaScriptDialog(
     content::JavaScriptDialogType dialog_type,
     const GURL& origin_url,
     const base::string16& message_text,
     const base::string16& default_prompt_text,
     const content::JavaScriptDialogManager::DialogClosedCallback& callback) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
   JNIEnv* env = AttachCurrentThread();
@@ skipping 247 matching lines @@
   pending_client_cert_request_delegates_.Remove(request_id);
 
   delete delegate;
 }
 
 bool RegisterAwContentsClientBridge(JNIEnv* env) {
   return RegisterNativesImpl(env);
 }
 
 }  // namespace android_webview