| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/ssl/ssl_client_auth_handler.h" | 5 #include "content/browser/ssl/ssl_client_auth_handler.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "base/macros.h" | 11 #include "base/macros.h" |
| 12 #include "content/public/browser/browser_thread.h" | 12 #include "content/public/browser/browser_thread.h" |
| 13 #include "content/public/browser/client_certificate_delegate.h" | 13 #include "content/public/browser/client_certificate_delegate.h" |
| 14 #include "content/public/browser/content_browser_client.h" | 14 #include "content/public/browser/content_browser_client.h" |
| 15 #include "content/public/browser/resource_request_info.h" | 15 #include "content/public/browser/resource_request_info.h" |
| 16 #include "net/ssl/client_cert_store.h" | 16 #include "net/ssl/client_cert_store.h" |
| 17 #include "net/ssl/ssl_private_key.h" |
| 17 #include "net/url_request/url_request.h" | 18 #include "net/url_request/url_request.h" |
| 18 | 19 |
| 19 namespace content { | 20 namespace content { |
| 20 | 21 |
| 21 namespace { | 22 namespace { |
| 22 | 23 |
| 23 class ClientCertificateDelegateImpl : public ClientCertificateDelegate { | 24 class ClientCertificateDelegateImpl : public ClientCertificateDelegate { |
| 24 public: | 25 public: |
| 25 explicit ClientCertificateDelegateImpl( | 26 explicit ClientCertificateDelegateImpl( |
| 26 const base::WeakPtr<SSLClientAuthHandler>& handler) | 27 const base::WeakPtr<SSLClientAuthHandler>& handler) |
| 27 : handler_(handler), continue_called_(false) {} | 28 : handler_(handler), continue_called_(false) {} |
| 28 | 29 |
| 29 ~ClientCertificateDelegateImpl() override { | 30 ~ClientCertificateDelegateImpl() override { |
| 30 if (!continue_called_) { | 31 if (!continue_called_) { |
| 31 BrowserThread::PostTask( | 32 BrowserThread::PostTask( |
| 32 BrowserThread::IO, FROM_HERE, | 33 BrowserThread::IO, FROM_HERE, |
| 33 base::Bind(&SSLClientAuthHandler::CancelCertificateSelection, | 34 base::Bind(&SSLClientAuthHandler::CancelCertificateSelection, |
| 34 handler_)); | 35 handler_)); |
| 35 } | 36 } |
| 36 } | 37 } |
| 37 | 38 |
| 38 // ClientCertificateDelegate implementation: | 39 // ClientCertificateDelegate implementation: |
| 39 void ContinueWithCertificate(net::X509Certificate* cert) override { | 40 void ContinueWithCertificate(scoped_refptr<net::X509Certificate> cert, |
| 41 scoped_refptr<net::SSLPrivateKey> key) override { |
| 40 DCHECK(!continue_called_); | 42 DCHECK(!continue_called_); |
| 41 continue_called_ = true; | 43 continue_called_ = true; |
| 42 BrowserThread::PostTask( | 44 BrowserThread::PostTask( |
| 43 BrowserThread::IO, FROM_HERE, | 45 BrowserThread::IO, FROM_HERE, |
| 44 base::Bind(&SSLClientAuthHandler::ContinueWithCertificate, handler_, | 46 base::Bind(&SSLClientAuthHandler::ContinueWithCertificate, handler_, |
| 45 base::RetainedRef(cert))); | 47 std::move(cert), std::move(key))); |
| 46 } | 48 } |
| 47 | 49 |
| 48 private: | 50 private: |
| 49 base::WeakPtr<SSLClientAuthHandler> handler_; | 51 base::WeakPtr<SSLClientAuthHandler> handler_; |
| 50 bool continue_called_; | 52 bool continue_called_; |
| 51 | 53 |
| 52 DISALLOW_COPY_AND_ASSIGN(ClientCertificateDelegateImpl); | 54 DISALLOW_COPY_AND_ASSIGN(ClientCertificateDelegateImpl); |
| 53 }; | 55 }; |
| 54 | 56 |
| 55 void SelectCertificateOnUIThread( | 57 void SelectCertificateOnUIThread( |
| 56 const ResourceRequestInfo::WebContentsGetter& wc_getter, | 58 const ResourceRequestInfo::WebContentsGetter& wc_getter, |
| 57 net::SSLCertRequestInfo* cert_request_info, | 59 net::SSLCertRequestInfo* cert_request_info, |
| 58 net::CertificateList client_certs, | 60 net::ClientCertIdentityList client_certs, |
| 59 const base::WeakPtr<SSLClientAuthHandler>& handler) { | 61 const base::WeakPtr<SSLClientAuthHandler>& handler) { |
| 60 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 62 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 61 | 63 |
| 62 std::unique_ptr<ClientCertificateDelegate> delegate( | 64 std::unique_ptr<ClientCertificateDelegate> delegate( |
| 63 new ClientCertificateDelegateImpl(handler)); | 65 new ClientCertificateDelegateImpl(handler)); |
| 64 | 66 |
| 65 WebContents* web_contents = wc_getter.Run(); | 67 WebContents* web_contents = wc_getter.Run(); |
| 66 if (!web_contents) | 68 if (!web_contents) |
| 67 return; | 69 return; |
| 68 | 70 |
| (...skipping 20 matching lines...) Expand all Loading... |
| 89 void GetClientCerts() { | 91 void GetClientCerts() { |
| 90 if (client_cert_store_) { | 92 if (client_cert_store_) { |
| 91 // TODO(davidben): This is still a cyclical ownership where | 93 // TODO(davidben): This is still a cyclical ownership where |
| 92 // GetClientCerts' requirement that |client_cert_store_| remains alive | 94 // GetClientCerts' requirement that |client_cert_store_| remains alive |
| 93 // until the call completes is maintained by the reference held in the | 95 // until the call completes is maintained by the reference held in the |
| 94 // callback. | 96 // callback. |
| 95 client_cert_store_->GetClientCerts( | 97 client_cert_store_->GetClientCerts( |
| 96 *cert_request_info_, | 98 *cert_request_info_, |
| 97 base::Bind(&SSLClientAuthHandler::Core::DidGetClientCerts, this)); | 99 base::Bind(&SSLClientAuthHandler::Core::DidGetClientCerts, this)); |
| 98 } else { | 100 } else { |
| 99 DidGetClientCerts(net::CertificateList()); | 101 DidGetClientCerts(net::ClientCertIdentityList()); |
| 100 } | 102 } |
| 101 } | 103 } |
| 102 | 104 |
| 103 private: | 105 private: |
| 104 friend class base::RefCountedThreadSafe<Core>; | 106 friend class base::RefCountedThreadSafe<Core>; |
| 105 | 107 |
| 106 ~Core() {} | 108 ~Core() {} |
| 107 | 109 |
| 108 // Called when |client_cert_store_| is done retrieving the cert list. | 110 // Called when |client_cert_store_| is done retrieving the cert list. |
| 109 void DidGetClientCerts(net::CertificateList client_certs) { | 111 void DidGetClientCerts(net::ClientCertIdentityList client_certs) { |
| 110 if (handler_) | 112 if (handler_) |
| 111 handler_->DidGetClientCerts(std::move(client_certs)); | 113 handler_->DidGetClientCerts(std::move(client_certs)); |
| 112 } | 114 } |
| 113 | 115 |
| 114 base::WeakPtr<SSLClientAuthHandler> handler_; | 116 base::WeakPtr<SSLClientAuthHandler> handler_; |
| 115 std::unique_ptr<net::ClientCertStore> client_cert_store_; | 117 std::unique_ptr<net::ClientCertStore> client_cert_store_; |
| 116 scoped_refptr<net::SSLCertRequestInfo> cert_request_info_; | 118 scoped_refptr<net::SSLCertRequestInfo> cert_request_info_; |
| 117 }; | 119 }; |
| 118 | 120 |
| 119 SSLClientAuthHandler::SSLClientAuthHandler( | 121 SSLClientAuthHandler::SSLClientAuthHandler( |
| (...skipping 17 matching lines...) Expand all Loading... |
| 137 void SSLClientAuthHandler::SelectCertificate() { | 139 void SSLClientAuthHandler::SelectCertificate() { |
| 138 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 140 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| 139 | 141 |
| 140 // |core_| will call DidGetClientCerts when done. | 142 // |core_| will call DidGetClientCerts when done. |
| 141 core_->GetClientCerts(); | 143 core_->GetClientCerts(); |
| 142 } | 144 } |
| 143 | 145 |
| 144 // static | 146 // static |
| 145 void SSLClientAuthHandler::ContinueWithCertificate( | 147 void SSLClientAuthHandler::ContinueWithCertificate( |
| 146 const base::WeakPtr<SSLClientAuthHandler>& handler, | 148 const base::WeakPtr<SSLClientAuthHandler>& handler, |
| 147 net::X509Certificate* cert) { | 149 scoped_refptr<net::X509Certificate> cert, |
| 150 scoped_refptr<net::SSLPrivateKey> key) { |
| 148 if (handler) | 151 if (handler) |
| 149 handler->delegate_->ContinueWithCertificate(cert); | 152 handler->delegate_->ContinueWithCertificate(std::move(cert), |
| 153 std::move(key)); |
| 150 } | 154 } |
| 151 | 155 |
| 152 // static | 156 // static |
| 153 void SSLClientAuthHandler::CancelCertificateSelection( | 157 void SSLClientAuthHandler::CancelCertificateSelection( |
| 154 const base::WeakPtr<SSLClientAuthHandler>& handler) { | 158 const base::WeakPtr<SSLClientAuthHandler>& handler) { |
| 155 if (handler) | 159 if (handler) |
| 156 handler->delegate_->CancelCertificateSelection(); | 160 handler->delegate_->CancelCertificateSelection(); |
| 157 } | 161 } |
| 158 | 162 |
| 159 void SSLClientAuthHandler::DidGetClientCerts( | 163 void SSLClientAuthHandler::DidGetClientCerts( |
| 160 net::CertificateList client_certs) { | 164 net::ClientCertIdentityList client_certs) { |
| 161 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 165 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| 162 | 166 |
| 163 // Note that if |client_cert_store_| is NULL, we intentionally fall through to | 167 // Note that if |client_cert_store_| is NULL, we intentionally fall through to |
| 164 // SelectCertificateOnUIThread. This is for platforms where the client cert | 168 // SelectCertificateOnUIThread. This is for platforms where the client cert |
| 165 // matching is not performed by Chrome. Those platforms handle the cert | 169 // matching is not performed by Chrome. Those platforms handle the cert |
| 166 // matching before showing the dialog. | 170 // matching before showing the dialog. |
| 167 if (core_->has_client_cert_store() && client_certs.empty()) { | 171 if (core_->has_client_cert_store() && client_certs.empty()) { |
| 168 // No need to query the user if there are no certs to choose from. | 172 // No need to query the user if there are no certs to choose from. |
| 169 // | 173 // |
| 170 // TODO(davidben): The WebContents-less check on the UI thread should come | 174 // TODO(davidben): The WebContents-less check on the UI thread should come |
| 171 // before checking ClientCertStore; ClientCertStore itself should probably | 175 // before checking ClientCertStore; ClientCertStore itself should probably |
| 172 // be handled by the embedder (https://crbug.com/394131), especially since | 176 // be handled by the embedder (https://crbug.com/394131), especially since |
| 173 // this doesn't work on Android (https://crbug.com/345641). | 177 // this doesn't work on Android (https://crbug.com/345641). |
| 174 BrowserThread::PostTask( | 178 BrowserThread::PostTask( |
| 175 BrowserThread::IO, FROM_HERE, | 179 BrowserThread::IO, FROM_HERE, |
| 176 base::Bind(&SSLClientAuthHandler::ContinueWithCertificate, | 180 base::Bind(&SSLClientAuthHandler::ContinueWithCertificate, |
| 177 weak_factory_.GetWeakPtr(), nullptr)); | 181 weak_factory_.GetWeakPtr(), nullptr, nullptr)); |
| 178 return; | 182 return; |
| 179 } | 183 } |
| 180 | 184 |
| 181 BrowserThread::PostTask( | 185 BrowserThread::PostTask( |
| 182 BrowserThread::UI, FROM_HERE, | 186 BrowserThread::UI, FROM_HERE, |
| 183 base::Bind(&SelectCertificateOnUIThread, | 187 base::BindOnce(&SelectCertificateOnUIThread, |
| 184 ResourceRequestInfo::ForRequest(request_) | 188 ResourceRequestInfo::ForRequest(request_) |
| 185 ->GetWebContentsGetterForRequest(), | 189 ->GetWebContentsGetterForRequest(), |
| 186 base::RetainedRef(cert_request_info_), std::move(client_certs), | 190 base::RetainedRef(cert_request_info_), |
| 187 weak_factory_.GetWeakPtr())); | 191 std::move(client_certs), weak_factory_.GetWeakPtr())); |
| 188 } | 192 } |
| 189 | 193 |
| 190 } // namespace content | 194 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2898573002:
Refactor client cert private key handling. (Closed)
