| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromecast/browser/cast_content_browser_client.h" | 5 #include "chromecast/browser/cast_content_browser_client.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <string> | 9 #include <string> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 401 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 412 // Otherwise, any fatal certificate errors will cause an abort. | 412 // Otherwise, any fatal certificate errors will cause an abort. |
| 413 if (!callback.is_null()) { | 413 if (!callback.is_null()) { |
| 414 callback.Run(content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL); | 414 callback.Run(content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL); |
| 415 } | 415 } |
| 416 return; | 416 return; |
| 417 } | 417 } |
| 418 | 418 |
| 419 void CastContentBrowserClient::SelectClientCertificate( | 419 void CastContentBrowserClient::SelectClientCertificate( |
| 420 content::WebContents* web_contents, | 420 content::WebContents* web_contents, |
| 421 net::SSLCertRequestInfo* cert_request_info, | 421 net::SSLCertRequestInfo* cert_request_info, |
| 422 net::CertificateList client_certs, | 422 net::ClientCertIdentityList client_certs, |
| 423 std::unique_ptr<content::ClientCertificateDelegate> delegate) { | 423 std::unique_ptr<content::ClientCertificateDelegate> delegate) { |
| 424 GURL requesting_url("https://" + cert_request_info->host_and_port.ToString()); | 424 GURL requesting_url("https://" + cert_request_info->host_and_port.ToString()); |
| 425 | 425 |
| 426 if (!requesting_url.is_valid()) { | 426 if (!requesting_url.is_valid()) { |
| 427 LOG(ERROR) << "Invalid URL string: " | 427 LOG(ERROR) << "Invalid URL string: " |
| 428 << requesting_url.possibly_invalid_spec(); | 428 << requesting_url.possibly_invalid_spec(); |
| 429 delegate->ContinueWithCertificate(nullptr); | 429 delegate->ContinueWithCertificate(nullptr, nullptr); |
| 430 return; | 430 return; |
| 431 } | 431 } |
| 432 | 432 |
| 433 // In our case there are no relevant certs in |client_certs|. The cert | 433 // In our case there are no relevant certs in |client_certs|. The cert |
| 434 // we need to return (if permitted) is the Cast device cert, which we can | 434 // we need to return (if permitted) is the Cast device cert, which we can |
| 435 // access directly through the ClientAuthSigner instance. However, we need to | 435 // access directly through the ClientAuthSigner instance. However, we need to |
| 436 // be on the IO thread to determine whether the app is whitelisted to return | 436 // be on the IO thread to determine whether the app is whitelisted to return |
| 437 // it, because CastNetworkDelegate is bound to the IO thread. | 437 // it, because CastNetworkDelegate is bound to the IO thread. |
| 438 // Subsequently, the callback must then itself be performed back here | 438 // Subsequently, the callback must then itself be performed back here |
| 439 // on the UI thread. | 439 // on the UI thread. |
| 440 // | 440 // |
| 441 // TODO(davidben): Stop using child ID to identify an app. | 441 // TODO(davidben): Stop using child ID to identify an app. |
| 442 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | 442 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| 443 content::BrowserThread::PostTaskAndReplyWithResult( | 443 content::BrowserThread::PostTask( |
| 444 content::BrowserThread::IO, FROM_HERE, | 444 content::BrowserThread::IO, FROM_HERE, |
| 445 base::Bind(&CastContentBrowserClient::SelectClientCertificateOnIOThread, | 445 base::BindOnce( |
| 446 base::Unretained(this), requesting_url, | 446 &CastContentBrowserClient::SelectClientCertificateOnIOThread, |
| 447 web_contents->GetRenderProcessHost()->GetID()), | 447 base::Unretained(this), requesting_url, |
| 448 base::Bind(&content::ClientCertificateDelegate::ContinueWithCertificate, | 448 web_contents->GetRenderProcessHost()->GetID(), |
| 449 base::Owned(delegate.release()))); | 449 base::SequencedTaskRunnerHandle::Get(), |
| 450 base::Bind( |
| 451 &content::ClientCertificateDelegate::ContinueWithCertificate, |
| 452 base::Owned(delegate.release())))); |
| 450 } | 453 } |
| 451 | 454 |
| 452 net::X509Certificate* | 455 void CastContentBrowserClient::SelectClientCertificateOnIOThread( |
| 453 CastContentBrowserClient::SelectClientCertificateOnIOThread( | |
| 454 GURL requesting_url, | 456 GURL requesting_url, |
| 455 int render_process_id) { | 457 int render_process_id, |
| 458 scoped_refptr<base::SequencedTaskRunner> original_runner, |
| 459 const base::Callback<void(scoped_refptr<net::X509Certificate>, |
| 460 scoped_refptr<net::SSLPrivateKey>)>& |
| 461 continue_callback) { |
| 456 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); | 462 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); |
| 457 CastNetworkDelegate* network_delegate = | 463 CastNetworkDelegate* network_delegate = |
| 458 url_request_context_factory_->app_network_delegate(); | 464 url_request_context_factory_->app_network_delegate(); |
| 459 if (network_delegate->IsWhitelisted(requesting_url, | 465 if (network_delegate->IsWhitelisted(requesting_url, |
| 460 render_process_id, false)) { | 466 render_process_id, false)) { |
| 461 return CastNetworkDelegate::DeviceCert(); | 467 original_runner->PostTask( |
| 468 FROM_HERE, |
| 469 base::Bind(continue_callback, |
| 470 make_scoped_refptr(CastNetworkDelegate::DeviceCert()), |
| 471 make_scoped_refptr(CastNetworkDelegate::DeviceKey()))); |
| 472 return; |
| 462 } else { | 473 } else { |
| 463 LOG(ERROR) << "Invalid host for client certificate request: " | 474 LOG(ERROR) << "Invalid host for client certificate request: " |
| 464 << requesting_url.host() | 475 << requesting_url.host() |
| 465 << " with render_process_id: " | 476 << " with render_process_id: " |
| 466 << render_process_id; | 477 << render_process_id; |
| 467 return NULL; | |
| 468 } | 478 } |
| 479 original_runner->PostTask(FROM_HERE, |
| 480 base::Bind(continue_callback, nullptr, nullptr)); |
| 469 } | 481 } |
| 470 | 482 |
| 471 bool CastContentBrowserClient::CanCreateWindow( | 483 bool CastContentBrowserClient::CanCreateWindow( |
| 472 content::RenderFrameHost* opener, | 484 content::RenderFrameHost* opener, |
| 473 const GURL& opener_url, | 485 const GURL& opener_url, |
| 474 const GURL& opener_top_level_frame_url, | 486 const GURL& opener_top_level_frame_url, |
| 475 const GURL& source_origin, | 487 const GURL& source_origin, |
| 476 content::mojom::WindowContainerType container_type, | 488 content::mojom::WindowContainerType container_type, |
| 477 const GURL& target_url, | 489 const GURL& target_url, |
| 478 const content::Referrer& referrer, | 490 const content::Referrer& referrer, |
| (...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 586 process_type, dumps_path, false /* upload */); | 598 process_type, dumps_path, false /* upload */); |
| 587 // StartUploaderThread() even though upload is diferred. | 599 // StartUploaderThread() even though upload is diferred. |
| 588 // Breakpad-related memory is freed in the uploader thread. | 600 // Breakpad-related memory is freed in the uploader thread. |
| 589 crash_handler->StartUploaderThread(); | 601 crash_handler->StartUploaderThread(); |
| 590 return crash_handler; | 602 return crash_handler; |
| 591 } | 603 } |
| 592 #endif // !defined(OS_ANDROID) | 604 #endif // !defined(OS_ANDROID) |
| 593 | 605 |
| 594 } // namespace shell | 606 } // namespace shell |
| 595 } // namespace chromecast | 607 } // namespace chromecast |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2898573002:
Refactor client cert private key handling. (Closed)
