content/browser/ssl/ssl_client_auth_handler.cc - Issue 795773002: Un-refcount SSLClientAuthHandler.

Side by Side Diff: content/browser/ssl/ssl_client_auth_handler.cc

Issue 795773002: Un-refcount SSLClientAuthHandler. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 6 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/browser/ssl/ssl_client_auth_handler.h"	5 #include "content/browser/ssl/ssl_client_auth_handler.h"

6	6

7 #include "base/bind.h"	7 #include "base/bind.h"

8 #include "base/callback_helpers.h"	8 #include "base/logging.h"

9 #include "content/public/browser/browser_thread.h"	9 #include "content/public/browser/browser_thread.h"

10 #include "content/public/browser/content_browser_client.h"	10 #include "content/public/browser/content_browser_client.h"

11 #include "content/public/browser/resource_request_info.h"	11 #include "content/public/browser/resource_request_info.h"

	12 #include "net/cert/x509_certificate.h"

12 #include "net/ssl/client_cert_store.h"	13 #include "net/ssl/client_cert_store.h"

13 #include "net/url_request/url_request.h"	14 #include "net/url_request/url_request.h"

14	15

15 namespace content {	16 namespace content {

16	17

	18 namespace {

	19

	20 void CertificateSelectedOnUIThread(

	21 const SSLClientAuthHandler::CertificateCallback& io_thread_callback,

	22 net::X509Certificate* cert) {

	23 DCHECK_CURRENTLY_ON(BrowserThread::UI);

	24

	25 BrowserThread::PostTask(

	26 BrowserThread::IO, FROM_HERE,

	27 base::Bind(io_thread_callback, make_scoped_refptr(cert)));

	28 }

	29

	30 void SelectCertificateOnUIThread(

	31 int render_process_host_id,

	32 int render_frame_host_id,

	33 net::SSLCertRequestInfo* cert_request_info,

	34 const SSLClientAuthHandler::CertificateCallback& io_thread_callback) {

	35 DCHECK_CURRENTLY_ON(BrowserThread::UI);

	36

	37 GetContentClient()->browser()->SelectClientCertificate(

	38 render_process_host_id, render_frame_host_id, cert_request_info,

	39 base::Bind(&CertificateSelectedOnUIThread, io_thread_callback));

	40 }

	41

	42 } // namespace

	43

	44 class SSLClientAuthHandler::Core : public base::RefCountedThreadSafe<Core> {
	mmenke 2014/12/11 21:02:20 Should give a description of this class, and what Should give a description of this class, and what it's needed (To keep client_cert_store_ and cert_request_info_ until GetClientCerts completes asynchronously) davidben 2014/12/11 22:08:10 Done. Show quoted text On 2014/12/11 21:02:20, mmenke wrote: > Should give a description of this class, and what it's needed (To keep > client_cert_store_ and cert_request_info_ until GetClientCerts completes > asynchronously) Done.
	45 public:

	46 Core(SSLClientAuthHandler* handler,

	47 scoped_ptr<net::ClientCertStore> client_cert_store,

	48 net::SSLCertRequestInfo* cert_request_info)

	49 : handler_(handler),

	50 client_cert_store_(client_cert_store.Pass()),

	51 cert_request_info_(cert_request_info) {}

	52

	53 bool has_client_cert_store() const { return client_cert_store_; }

	54

	55 void Detach() { handler_ = nullptr; }
	mmenke 2014/12/11 21:02:20 Using a WeakPtr here seems more natural, and it al Using a WeakPtr here seems more natural, and it already has a weak factory, too, conveniently enough. davidben 2014/12/11 22:08:10 Done. Show quoted text On 2014/12/11 21:02:20, mmenke wrote: > Using a WeakPtr here seems more natural, and it already has a weak factory, too, > conveniently enough. Done.
	56

	57 void GetClientCerts() {

	58 if (client_cert_store_) {

	59 client_cert_store_->GetClientCerts(

	60 *cert_request_info_, &cert_request_info_->client_certs,
	mmenke 2014/12/11 21:02:20 Eeee...This is ugly. It takes a const SSLCertRequ Eeee...This is ugly. It takes a const SSLCertRequestInfo&, and then a non-const member of that same const object. Beyond the scope of this CL, but this makes me sad. davidben 2014/12/11 22:08:10 Completely agreed. This is crazy. Even making this Show quoted text On 2014/12/11 21:02:20, mmenke wrote: > Eeee...This is ugly. It takes a const SSLCertRequestInfo&, and then a non-const > member of that same const object. > > Beyond the scope of this CL, but this makes me sad. Completely agreed. This is crazy. Even making this part of SSLClientAuthHandler at all is weird. We may as well farm that out to the chrome/ layer, thread ownership of various pieces aside. It's already the case that ClientCertStore is not used on one platform because the Android platform API we happen to call out to in chrome/ happens to work differently... ...except that everyone down to net/ needs to know about that platform API because the consumer only passes the certificate down and net/ digs up the key from some platform global which is one of the reasons it's impossible to unit test... I started trying to fix this but that ought to be for another CL. :-) There's a lot of stuff to tease out of this codepath.
	61 base::Bind(&SSLClientAuthHandler::Core::DidGetClientCerts, this));

	62 } else {

	63 DidGetClientCerts();

	64 }

	65 }

	66

	67 private:

	68 friend class base::RefCountedThreadSafe<Core>;

	69

	70 ~Core() {}

	71

	72 // Called when \|client_cert_store_\| is done retrieving the cert list.

	73 void DidGetClientCerts() {

	74 if (handler_)

	75 handler_->DidGetClientCerts();

	76 }

	77

	78 SSLClientAuthHandler* handler_;

	79 scoped_ptr<net::ClientCertStore> client_cert_store_;

	80 scoped_refptr<net::SSLCertRequestInfo> cert_request_info_;

	81 };

	82

17 SSLClientAuthHandler::SSLClientAuthHandler(	83 SSLClientAuthHandler::SSLClientAuthHandler(

18 scoped_ptr<net::ClientCertStore> client_cert_store,	84 scoped_ptr<net::ClientCertStore> client_cert_store,

19 net::URLRequest* request,	85 net::URLRequest* request,

20 net::SSLCertRequestInfo* cert_request_info,	86 net::SSLCertRequestInfo* cert_request_info,

21 const SSLClientAuthHandler::CertificateCallback& callback)	87 const SSLClientAuthHandler::CertificateCallback& callback)

22 : request_(request),	88 : core_(new Core(this, client_cert_store.Pass(), cert_request_info)),

	89 request_(request),

23 cert_request_info_(cert_request_info),	90 cert_request_info_(cert_request_info),

24 client_cert_store_(client_cert_store.Pass()),	91 callback_(callback),

25 callback_(callback) {	92 weak_factory_(this) {

26 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));	93 DCHECK_CURRENTLY_ON(BrowserThread::IO);

27 }	94 }

28	95

29 SSLClientAuthHandler::~SSLClientAuthHandler() {	96 SSLClientAuthHandler::~SSLClientAuthHandler() {

30 // If we were simply dropped, then act as if we selected no certificate.	97 core_->Detach();

31 DoCertificateSelected(NULL);

32 }

33

34 void SSLClientAuthHandler::OnRequestCancelled() {

35 request_ = NULL;

36 callback_.Reset();

37 }	98 }

38	99

39 void SSLClientAuthHandler::SelectCertificate() {	100 void SSLClientAuthHandler::SelectCertificate() {

40 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));	101 DCHECK_CURRENTLY_ON(BrowserThread::IO);

41 DCHECK(request_);

42	102

43 if (client_cert_store_) {	103 // \|core_\| will call DidGetClientCerts when done.

44 client_cert_store_->GetClientCerts(	104 core_->GetClientCerts();

45 *cert_request_info_,

46 &cert_request_info_->client_certs,

47 base::Bind(&SSLClientAuthHandler::DidGetClientCerts, this));

48 } else {

49 DidGetClientCerts();

50 }

51 }

52

53 void SSLClientAuthHandler::CertificateSelected(net::X509Certificate* cert) {

54 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

55

56 DVLOG(1) << this << " CertificateSelected " << cert;

57 BrowserThread::PostTask(

58 BrowserThread::IO, FROM_HERE,

59 base::Bind(

60 &SSLClientAuthHandler::DoCertificateSelected, this,

61 make_scoped_refptr(cert)));

62 }	105 }

63	106

64 void SSLClientAuthHandler::DidGetClientCerts() {	107 void SSLClientAuthHandler::DidGetClientCerts() {

65 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));	108 DCHECK_CURRENTLY_ON(BrowserThread::IO);

66 // Request may have cancelled while we were getting client certs.

67 if (!request_)

68 return;

69	109

70 // Note that if \|client_cert_store_\| is NULL, we intentionally fall through to	110 // Note that if \|client_cert_store_\| is NULL, we intentionally fall through to

71 // DoCertificateSelected. This is for platforms where the client cert matching	111 // DoCertificateSelected. This is for platforms where the client cert matching

72 // is not performed by Chrome, the platform can handle the cert matching	112 // is not performed by Chrome. Those platforms handle the cert matching before

73 // before showing the dialog.	113 // showing the dialog.

74 if (client_cert_store_ && cert_request_info_->client_certs.empty()) {	114 if (core_->has_client_cert_store() &&

	115 cert_request_info_->client_certs.empty()) {

75 // No need to query the user if there are no certs to choose from.	116 // No need to query the user if there are no certs to choose from.

76 DoCertificateSelected(NULL);	117 CertificateSelected(NULL);

77 return;	118 return;

78 }	119 }

79	120

80 int render_process_host_id;	121 int render_process_host_id;

81 int render_frame_host_id;	122 int render_frame_host_id;

82 if (!ResourceRequestInfo::ForRequest(request_)->GetAssociatedRenderFrame(	123 if (!ResourceRequestInfo::ForRequest(request_)->GetAssociatedRenderFrame(

83 &render_process_host_id,	124 &render_process_host_id, &render_frame_host_id)) {

84 &render_frame_host_id))

85 NOTREACHED();	125 NOTREACHED();

	126 CertificateSelected(NULL);

	127 return;

	128 }

86	129

87 // If the RVH does not exist by the time this task gets run, then the task

88 // will be dropped and the scoped_refptr to SSLClientAuthHandler will go

89 // away, so we do not leak anything. The destructor takes care of ensuring

90 // the net::URLRequest always gets a response.

91 BrowserThread::PostTask(	130 BrowserThread::PostTask(

92 BrowserThread::UI, FROM_HERE,	131 BrowserThread::UI, FROM_HERE,

93 base::Bind(	132 base::Bind(&SelectCertificateOnUIThread, render_process_host_id,

94 &SSLClientAuthHandler::DoSelectCertificate, this,	133 render_frame_host_id, cert_request_info_,

95 render_process_host_id, render_frame_host_id));	134 base::Bind(&SSLClientAuthHandler::CertificateSelected,

	135 weak_factory_.GetWeakPtr())));

96 }	136 }

97	137

98 void SSLClientAuthHandler::DoCertificateSelected(net::X509Certificate* cert) {	138 void SSLClientAuthHandler::CertificateSelected(net::X509Certificate* cert) {

99 DVLOG(1) << this << " DoCertificateSelected " << cert;	139 DVLOG(1) << this << " DoCertificateSelected " << cert;

100 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));	140 DCHECK_CURRENTLY_ON(BrowserThread::IO);

101 // request_ could have been NULLed if the request was cancelled while the

102 // user was choosing a cert, or because we have already responded to the

103 // certificate.

104 if (request_) {

105 request_ = NULL;

106 DCHECK(!callback_.is_null());

107 base::ResetAndReturn(&callback_).Run(cert);

108 }

109 }

110	141

111 void SSLClientAuthHandler::DoSelectCertificate(	142 callback_.Run(cert);

112 int render_process_host_id, int render_frame_host_id) {	143 // \|this\| may be deleted at this point.

113 GetContentClient()->browser()->SelectClientCertificate(

114 render_process_host_id,

115 render_frame_host_id,

116 cert_request_info_.get(),

117 base::Bind(&SSLClientAuthHandler::CertificateSelected, this));

118 }	144 }

119	145

120 } // namespace content	146 } // namespace content

OLD	NEW