| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromecast/browser/cast_content_browser_client.h" | 5 #include "chromecast/browser/cast_content_browser_client.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <string> | 9 #include <string> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 404 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 415 // Otherwise, any fatal certificate errors will cause an abort. | 415 // Otherwise, any fatal certificate errors will cause an abort. |
| 416 if (!callback.is_null()) { | 416 if (!callback.is_null()) { |
| 417 callback.Run(content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL); | 417 callback.Run(content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL); |
| 418 } | 418 } |
| 419 return; | 419 return; |
| 420 } | 420 } |
| 421 | 421 |
| 422 void CastContentBrowserClient::SelectClientCertificate( | 422 void CastContentBrowserClient::SelectClientCertificate( |
| 423 content::WebContents* web_contents, | 423 content::WebContents* web_contents, |
| 424 net::SSLCertRequestInfo* cert_request_info, | 424 net::SSLCertRequestInfo* cert_request_info, |
| 425 net::CertificateList client_certs, | 425 net::ClientCertIdentityList client_certs, |
| 426 std::unique_ptr<content::ClientCertificateDelegate> delegate) { | 426 std::unique_ptr<content::ClientCertificateDelegate> delegate) { |
| 427 GURL requesting_url("https://" + cert_request_info->host_and_port.ToString()); | 427 GURL requesting_url("https://" + cert_request_info->host_and_port.ToString()); |
| 428 | 428 |
| 429 if (!requesting_url.is_valid()) { | 429 if (!requesting_url.is_valid()) { |
| 430 LOG(ERROR) << "Invalid URL string: " | 430 LOG(ERROR) << "Invalid URL string: " |
| 431 << requesting_url.possibly_invalid_spec(); | 431 << requesting_url.possibly_invalid_spec(); |
| 432 delegate->ContinueWithCertificate(nullptr); | 432 delegate->ContinueWithCertificate(nullptr, nullptr); |
| 433 return; | 433 return; |
| 434 } | 434 } |
| 435 | 435 |
| 436 // In our case there are no relevant certs in |client_certs|. The cert | 436 // In our case there are no relevant certs in |client_certs|. The cert |
| 437 // we need to return (if permitted) is the Cast device cert, which we can | 437 // we need to return (if permitted) is the Cast device cert, which we can |
| 438 // access directly through the ClientAuthSigner instance. However, we need to | 438 // access directly through the ClientAuthSigner instance. However, we need to |
| 439 // be on the IO thread to determine whether the app is whitelisted to return | 439 // be on the IO thread to determine whether the app is whitelisted to return |
| 440 // it, because CastNetworkDelegate is bound to the IO thread. | 440 // it, because CastNetworkDelegate is bound to the IO thread. |
| 441 // Subsequently, the callback must then itself be performed back here | 441 // Subsequently, the callback must then itself be performed back here |
| 442 // on the UI thread. | 442 // on the UI thread. |
| 443 // | 443 // |
| 444 // TODO(davidben): Stop using child ID to identify an app. | 444 // TODO(davidben): Stop using child ID to identify an app. |
| 445 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | 445 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| 446 content::BrowserThread::PostTaskAndReplyWithResult( | 446 content::BrowserThread::PostTask( |
| 447 content::BrowserThread::IO, FROM_HERE, | 447 content::BrowserThread::IO, FROM_HERE, |
| 448 base::Bind(&CastContentBrowserClient::SelectClientCertificateOnIOThread, | 448 base::BindOnce( |
| 449 base::Unretained(this), requesting_url, | 449 &CastContentBrowserClient::SelectClientCertificateOnIOThread, |
| 450 web_contents->GetRenderProcessHost()->GetID()), | 450 base::Unretained(this), requesting_url, |
| 451 base::Bind(&content::ClientCertificateDelegate::ContinueWithCertificate, | 451 web_contents->GetRenderProcessHost()->GetID(), |
| 452 base::Owned(delegate.release()))); | 452 base::SequencedTaskRunnerHandle::Get(), |
| 453 base::Bind( |
| 454 &content::ClientCertificateDelegate::ContinueWithCertificate, |
| 455 base::Owned(delegate.release())))); |
| 453 } | 456 } |
| 454 | 457 |
| 455 net::X509Certificate* | 458 void CastContentBrowserClient::SelectClientCertificateOnIOThread( |
| 456 CastContentBrowserClient::SelectClientCertificateOnIOThread( | |
| 457 GURL requesting_url, | 459 GURL requesting_url, |
| 458 int render_process_id) { | 460 int render_process_id, |
| 461 scoped_refptr<base::SequencedTaskRunner> original_runner, |
| 462 const base::Callback<void(scoped_refptr<net::X509Certificate>, |
| 463 scoped_refptr<net::SSLPrivateKey>)>& |
| 464 continue_callback) { |
| 459 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); | 465 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); |
| 460 CastNetworkDelegate* network_delegate = | 466 CastNetworkDelegate* network_delegate = |
| 461 url_request_context_factory_->app_network_delegate(); | 467 url_request_context_factory_->app_network_delegate(); |
| 462 if (network_delegate->IsWhitelisted(requesting_url, | 468 if (network_delegate->IsWhitelisted(requesting_url, |
| 463 render_process_id, false)) { | 469 render_process_id, false)) { |
| 464 return CastNetworkDelegate::DeviceCert(); | 470 original_runner->PostTask( |
| 471 FROM_HERE, |
| 472 base::Bind(continue_callback, |
| 473 make_scoped_refptr(CastNetworkDelegate::DeviceCert()), |
| 474 make_scoped_refptr(CastNetworkDelegate::DeviceKey()))); |
| 475 return; |
| 465 } else { | 476 } else { |
| 466 LOG(ERROR) << "Invalid host for client certificate request: " | 477 LOG(ERROR) << "Invalid host for client certificate request: " |
| 467 << requesting_url.host() | 478 << requesting_url.host() |
| 468 << " with render_process_id: " | 479 << " with render_process_id: " |
| 469 << render_process_id; | 480 << render_process_id; |
| 470 return NULL; | |
| 471 } | 481 } |
| 482 original_runner->PostTask(FROM_HERE, |
| 483 base::Bind(continue_callback, nullptr, nullptr)); |
| 472 } | 484 } |
| 473 | 485 |
| 474 bool CastContentBrowserClient::CanCreateWindow( | 486 bool CastContentBrowserClient::CanCreateWindow( |
| 475 content::RenderFrameHost* opener, | 487 content::RenderFrameHost* opener, |
| 476 const GURL& opener_url, | 488 const GURL& opener_url, |
| 477 const GURL& opener_top_level_frame_url, | 489 const GURL& opener_top_level_frame_url, |
| 478 const GURL& source_origin, | 490 const GURL& source_origin, |
| 479 content::mojom::WindowContainerType container_type, | 491 content::mojom::WindowContainerType container_type, |
| 480 const GURL& target_url, | 492 const GURL& target_url, |
| 481 const content::Referrer& referrer, | 493 const content::Referrer& referrer, |
| (...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 589 process_type, dumps_path, false /* upload */); | 601 process_type, dumps_path, false /* upload */); |
| 590 // StartUploaderThread() even though upload is diferred. | 602 // StartUploaderThread() even though upload is diferred. |
| 591 // Breakpad-related memory is freed in the uploader thread. | 603 // Breakpad-related memory is freed in the uploader thread. |
| 592 crash_handler->StartUploaderThread(); | 604 crash_handler->StartUploaderThread(); |
| 593 return crash_handler; | 605 return crash_handler; |
| 594 } | 606 } |
| 595 #endif // !defined(OS_ANDROID) | 607 #endif // !defined(OS_ANDROID) |
| 596 | 608 |
| 597 } // namespace shell | 609 } // namespace shell |
| 598 } // namespace chromecast | 610 } // namespace chromecast |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2898573002:
Refactor client cert private key handling. (Closed)
