| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/ssl/ssl_client_auth_handler.h" | 5 #include "content/browser/ssl/ssl_client_auth_handler.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "content/browser/loader/resource_dispatcher_host_impl.h" | 8 #include "base/logging.h" |
| 9 #include "content/browser/loader/resource_request_info_impl.h" | 9 #include "content/browser/loader/resource_request_info_impl.h" |
| 10 #include "content/public/browser/browser_thread.h" | 10 #include "content/public/browser/browser_thread.h" |
| 11 #include "content/public/browser/content_browser_client.h" | 11 #include "content/public/browser/content_browser_client.h" |
| 12 #include "net/cert/x509_certificate.h" | 12 #include "net/cert/x509_certificate.h" |
| 13 #include "net/http/http_transaction_factory.h" | |
| 14 #include "net/ssl/client_cert_store.h" | 13 #include "net/ssl/client_cert_store.h" |
| 15 #include "net/url_request/url_request.h" | 14 #include "net/url_request/url_request.h" |
| 16 #include "net/url_request/url_request_context.h" | |
| 17 | 15 |
| 18 namespace content { | 16 namespace content { |
| 19 | 17 |
| 18 namespace { |
| 19 |
| 20 typedef base::Callback<void(net::X509Certificate*)> CertificateCallback; |
| 21 |
| 22 void CertificateSelectedOnUIThread( |
| 23 const CertificateCallback& io_thread_callback, |
| 24 net::X509Certificate* cert) { |
| 25 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 26 |
| 27 BrowserThread::PostTask( |
| 28 BrowserThread::IO, FROM_HERE, |
| 29 base::Bind(io_thread_callback, make_scoped_refptr(cert))); |
| 30 } |
| 31 |
| 32 void SelectCertificateOnUIThread( |
| 33 int render_process_host_id, |
| 34 int render_frame_host_id, |
| 35 net::SSLCertRequestInfo* cert_request_info, |
| 36 const CertificateCallback& io_thread_callback) { |
| 37 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 38 |
| 39 GetContentClient()->browser()->SelectClientCertificate( |
| 40 render_process_host_id, render_frame_host_id, cert_request_info, |
| 41 base::Bind(&CertificateSelectedOnUIThread, io_thread_callback)); |
| 42 } |
| 43 |
| 44 } // namespace |
| 45 |
| 20 SSLClientAuthHandler::SSLClientAuthHandler( | 46 SSLClientAuthHandler::SSLClientAuthHandler( |
| 21 scoped_ptr<net::ClientCertStore> client_cert_store, | 47 scoped_ptr<net::ClientCertStore> client_cert_store, |
| 22 net::URLRequest* request, | 48 net::URLRequest* request, |
| 23 net::SSLCertRequestInfo* cert_request_info) | 49 net::SSLCertRequestInfo* cert_request_info, |
| 50 const SSLClientAuthHandler::CertificateCallback& callback) |
| 24 : request_(request), | 51 : request_(request), |
| 25 http_network_session_( | |
| 26 request_->context()->http_transaction_factory()->GetSession()), | |
| 27 cert_request_info_(cert_request_info), | 52 cert_request_info_(cert_request_info), |
| 28 client_cert_store_(client_cert_store.Pass()) { | 53 client_cert_store_(client_cert_store.Pass()), |
| 54 callback_(callback), |
| 55 weak_factory_(this) { |
| 29 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 56 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| 30 } | 57 } |
| 31 | 58 |
| 32 SSLClientAuthHandler::~SSLClientAuthHandler() { | 59 SSLClientAuthHandler::~SSLClientAuthHandler() { |
| 33 // If we were simply dropped, then act as if we selected no certificate. | |
| 34 DoCertificateSelected(NULL); | |
| 35 } | |
| 36 | |
| 37 void SSLClientAuthHandler::OnRequestCancelled() { | |
| 38 request_ = NULL; | |
| 39 } | 60 } |
| 40 | 61 |
| 41 void SSLClientAuthHandler::SelectCertificate() { | 62 void SSLClientAuthHandler::SelectCertificate() { |
| 42 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 63 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| 43 DCHECK(request_); | |
| 44 | 64 |
| 45 if (client_cert_store_) { | 65 if (client_cert_store_) { |
| 46 client_cert_store_->GetClientCerts( | 66 client_cert_store_->GetClientCerts( |
| 47 *cert_request_info_, | 67 *cert_request_info_, |
| 48 &cert_request_info_->client_certs, | 68 &cert_request_info_->client_certs, |
| 49 base::Bind(&SSLClientAuthHandler::DidGetClientCerts, this)); | 69 base::Bind(&SSLClientAuthHandler::DidGetClientCerts, |
| 70 weak_factory_.GetWeakPtr())); |
| 50 } else { | 71 } else { |
| 51 DidGetClientCerts(); | 72 DidGetClientCerts(); |
| 52 } | 73 } |
| 53 } | 74 } |
| 54 | 75 |
| 55 void SSLClientAuthHandler::CertificateSelected(net::X509Certificate* cert) { | |
| 56 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
| 57 | |
| 58 DVLOG(1) << this << " CertificateSelected " << cert; | |
| 59 BrowserThread::PostTask( | |
| 60 BrowserThread::IO, FROM_HERE, | |
| 61 base::Bind( | |
| 62 &SSLClientAuthHandler::DoCertificateSelected, this, | |
| 63 make_scoped_refptr(cert))); | |
| 64 } | |
| 65 | |
| 66 void SSLClientAuthHandler::DidGetClientCerts() { | 76 void SSLClientAuthHandler::DidGetClientCerts() { |
| 67 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 77 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| 68 // Request may have cancelled while we were getting client certs. | |
| 69 if (!request_) | |
| 70 return; | |
| 71 | 78 |
| 72 // Note that if |client_cert_store_| is NULL, we intentionally fall through to | 79 // Note that if |client_cert_store_| is NULL, we intentionally fall through to |
| 73 // DoCertificateSelected. This is for platforms where the client cert matching | 80 // DoCertificateSelected. This is for platforms where the client cert matching |
| 74 // is not performed by Chrome, the platform can handle the cert matching | 81 // is not performed by Chrome. Those platforms handle the cert matching before |
| 75 // before showing the dialog. | 82 // showing the dialog. |
| 76 if (client_cert_store_ && cert_request_info_->client_certs.empty()) { | 83 if (client_cert_store_ && cert_request_info_->client_certs.empty()) { |
| 77 // No need to query the user if there are no certs to choose from. | 84 // No need to query the user if there are no certs to choose from. |
| 78 DoCertificateSelected(NULL); | 85 CertificateSelected(NULL); |
| 79 return; | 86 return; |
| 80 } | 87 } |
| 81 | 88 |
| 82 int render_process_host_id; | 89 int render_process_host_id; |
| 83 int render_frame_host_id; | 90 int render_frame_host_id; |
| 84 if (!ResourceRequestInfo::ForRequest(request_)->GetAssociatedRenderFrame( | 91 if (!ResourceRequestInfo::ForRequest(request_)->GetAssociatedRenderFrame( |
| 85 &render_process_host_id, | 92 &render_process_host_id, |
| 86 &render_frame_host_id)) | 93 &render_frame_host_id)) { |
| 87 NOTREACHED(); | 94 NOTREACHED(); |
| 95 CertificateSelected(NULL); |
| 96 return; |
| 97 } |
| 88 | 98 |
| 89 // If the RVH does not exist by the time this task gets run, then the task | |
| 90 // will be dropped and the scoped_refptr to SSLClientAuthHandler will go | |
| 91 // away, so we do not leak anything. The destructor takes care of ensuring | |
| 92 // the net::URLRequest always gets a response. | |
| 93 BrowserThread::PostTask( | 99 BrowserThread::PostTask( |
| 94 BrowserThread::UI, FROM_HERE, | 100 BrowserThread::UI, FROM_HERE, |
| 95 base::Bind( | 101 base::Bind(&SelectCertificateOnUIThread, |
| 96 &SSLClientAuthHandler::DoSelectCertificate, this, | 102 render_process_host_id, render_frame_host_id, |
| 97 render_process_host_id, render_frame_host_id)); | 103 cert_request_info_, |
| 104 base::Bind(&SSLClientAuthHandler::CertificateSelected, |
| 105 weak_factory_.GetWeakPtr()))); |
| 98 } | 106 } |
| 99 | 107 |
| 100 void SSLClientAuthHandler::DoCertificateSelected(net::X509Certificate* cert) { | 108 void SSLClientAuthHandler::CertificateSelected(net::X509Certificate* cert) { |
| 101 DVLOG(1) << this << " DoCertificateSelected " << cert; | 109 DVLOG(1) << this << " DoCertificateSelected " << cert; |
| 102 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 110 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| 103 // request_ could have been NULLed if the request was cancelled while the | |
| 104 // user was choosing a cert, or because we have already responded to the | |
| 105 // certificate. | |
| 106 if (request_) { | |
| 107 request_->ContinueWithCertificate(cert); | |
| 108 | 111 |
| 109 ResourceDispatcherHostImpl::Get()-> | 112 callback_.Run(cert); |
| 110 ClearSSLClientAuthHandlerForRequest(request_); | 113 // |this| may be deleted at this point. |
| 111 request_ = NULL; | |
| 112 } | |
| 113 } | |
| 114 | |
| 115 void SSLClientAuthHandler::DoSelectCertificate( | |
| 116 int render_process_host_id, int render_frame_host_id) { | |
| 117 GetContentClient()->browser()->SelectClientCertificate( | |
| 118 render_process_host_id, | |
| 119 render_frame_host_id, | |
| 120 http_network_session_, | |
| 121 cert_request_info_.get(), | |
| 122 base::Bind(&SSLClientAuthHandler::CertificateSelected, this)); | |
| 123 } | 114 } |
| 124 | 115 |
| 125 } // namespace content | 116 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 750633005:
Revert of Revert of "Remove SSLClientAuthHandler's RDH dependency." (https://codereview.chromium.org/59687300… (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master