Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(451)

Side by Side Diff: chrome/browser/chrome_content_browser_client.cc

Issue 859213006: Cancel client auth requests when not promptable. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@client-auth-cancel-1
Patch Set: extension test Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chrome_content_browser_client.h" 5 #include "chrome/browser/chrome_content_browser_client.h"
6 6
7 #include <set> 7 #include <set>
8 #include <utility> 8 #include <utility>
9 #include <vector> 9 #include <vector>
10 10
(...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after
104 #include "components/pref_registry/pref_registry_syncable.h" 104 #include "components/pref_registry/pref_registry_syncable.h"
105 #include "components/signin/core/common/profile_management_switches.h" 105 #include "components/signin/core/common/profile_management_switches.h"
106 #include "components/translate/core/common/translate_switches.h" 106 #include "components/translate/core/common/translate_switches.h"
107 #include "content/public/browser/browser_child_process_host.h" 107 #include "content/public/browser/browser_child_process_host.h"
108 #include "content/public/browser/browser_main_parts.h" 108 #include "content/public/browser/browser_main_parts.h"
109 #include "content/public/browser/browser_ppapi_host.h" 109 #include "content/public/browser/browser_ppapi_host.h"
110 #include "content/public/browser/browser_thread.h" 110 #include "content/public/browser/browser_thread.h"
111 #include "content/public/browser/browser_url_handler.h" 111 #include "content/public/browser/browser_url_handler.h"
112 #include "content/public/browser/child_process_data.h" 112 #include "content/public/browser/child_process_data.h"
113 #include "content/public/browser/child_process_security_policy.h" 113 #include "content/public/browser/child_process_security_policy.h"
114 #include "content/public/browser/client_certificate_delegate.h"
114 #include "content/public/browser/permission_type.h" 115 #include "content/public/browser/permission_type.h"
115 #include "content/public/browser/render_frame_host.h" 116 #include "content/public/browser/render_frame_host.h"
116 #include "content/public/browser/render_process_host.h" 117 #include "content/public/browser/render_process_host.h"
117 #include "content/public/browser/render_view_host.h" 118 #include "content/public/browser/render_view_host.h"
118 #include "content/public/browser/resource_context.h" 119 #include "content/public/browser/resource_context.h"
119 #include "content/public/browser/site_instance.h" 120 #include "content/public/browser/site_instance.h"
120 #include "content/public/browser/web_contents.h" 121 #include "content/public/browser/web_contents.h"
121 #include "content/public/common/child_process_host.h" 122 #include "content/public/common/child_process_host.h"
122 #include "content/public/common/content_descriptors.h" 123 #include "content/public/common/content_descriptors.h"
123 #include "content/public/common/url_utils.h" 124 #include "content/public/common/url_utils.h"
(...skipping 1686 matching lines...) Expand 10 before | Expand all | Expand 10 after
1810 if (strict_enforcement) 1811 if (strict_enforcement)
1811 options_mask |= SSLBlockingPage::STRICT_ENFORCEMENT; 1812 options_mask |= SSLBlockingPage::STRICT_ENFORCEMENT;
1812 if (expired_previous_decision) 1813 if (expired_previous_decision)
1813 options_mask |= SSLBlockingPage::EXPIRED_BUT_PREVIOUSLY_ALLOWED; 1814 options_mask |= SSLBlockingPage::EXPIRED_BUT_PREVIOUSLY_ALLOWED;
1814 1815
1815 SSLErrorHandler::HandleSSLError( 1816 SSLErrorHandler::HandleSSLError(
1816 tab, cert_error, ssl_info, request_url, options_mask, callback); 1817 tab, cert_error, ssl_info, request_url, options_mask, callback);
1817 } 1818 }
1818 1819
1819 void ChromeContentBrowserClient::SelectClientCertificate( 1820 void ChromeContentBrowserClient::SelectClientCertificate(
1820 int render_process_id, 1821 content::WebContents* web_contents,
1821 int render_frame_id,
1822 net::SSLCertRequestInfo* cert_request_info, 1822 net::SSLCertRequestInfo* cert_request_info,
1823 const base::Callback<void(net::X509Certificate*)>& callback) { 1823 scoped_ptr<content::ClientCertificateDelegate> delegate) {
1824 content::RenderFrameHost* rfh = content::RenderFrameHost::FromID( 1824 prerender::PrerenderContents* prerender_contents =
1825 render_process_id, render_frame_id); 1825 prerender::PrerenderContents::FromWebContents(web_contents);
1826 WebContents* tab = WebContents::FromRenderFrameHost(rfh); 1826 if (prerender_contents) {
1827 if (!tab) { 1827 prerender_contents->Destroy(
1828 // TODO(davidben): This makes the request hang, but returning no certificate 1828 prerender::FINAL_STATUS_SSL_CLIENT_CERTIFICATE_REQUESTED);
1829 // also breaks. It should abort the request. See https://crbug.com/417092 1829 delegate->CancelCertificateSelection();
1830 return; 1830 return;
1831 } 1831 }
1832 1832
1833 prerender::PrerenderContents* prerender_contents =
1834 prerender::PrerenderContents::FromWebContents(tab);
1835 if (prerender_contents) {
1836 prerender_contents->Destroy(
1837 prerender::FINAL_STATUS_SSL_CLIENT_CERTIFICATE_REQUESTED);
1838 return;
1839 }
1840
1841 GURL requesting_url("https://" + cert_request_info->host_and_port.ToString()); 1833 GURL requesting_url("https://" + cert_request_info->host_and_port.ToString());
1842 DCHECK(requesting_url.is_valid()) 1834 DCHECK(requesting_url.is_valid())
1843 << "Invalid URL string: https://" 1835 << "Invalid URL string: https://"
1844 << cert_request_info->host_and_port.ToString(); 1836 << cert_request_info->host_and_port.ToString();
1845 1837
1846 Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext()); 1838 Profile* profile =
1839 Profile::FromBrowserContext(web_contents->GetBrowserContext());
1847 scoped_ptr<base::Value> filter = 1840 scoped_ptr<base::Value> filter =
1848 profile->GetHostContentSettingsMap()->GetWebsiteSetting( 1841 profile->GetHostContentSettingsMap()->GetWebsiteSetting(
1849 requesting_url, 1842 requesting_url,
1850 requesting_url, 1843 requesting_url,
1851 CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE, 1844 CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE,
1852 std::string(), 1845 std::string(),
1853 NULL); 1846 NULL);
1854 1847
1855 if (filter.get()) { 1848 if (filter.get()) {
1856 // Try to automatically select a client certificate. 1849 // Try to automatically select a client certificate.
1857 if (filter->IsType(base::Value::TYPE_DICTIONARY)) { 1850 if (filter->IsType(base::Value::TYPE_DICTIONARY)) {
1858 base::DictionaryValue* filter_dict = 1851 base::DictionaryValue* filter_dict =
1859 static_cast<base::DictionaryValue*>(filter.get()); 1852 static_cast<base::DictionaryValue*>(filter.get());
1860 1853
1861 const std::vector<scoped_refptr<net::X509Certificate> >& 1854 const std::vector<scoped_refptr<net::X509Certificate> >&
1862 all_client_certs = cert_request_info->client_certs; 1855 all_client_certs = cert_request_info->client_certs;
1863 for (size_t i = 0; i < all_client_certs.size(); ++i) { 1856 for (size_t i = 0; i < all_client_certs.size(); ++i) {
1864 if (CertMatchesFilter(*all_client_certs[i].get(), *filter_dict)) { 1857 if (CertMatchesFilter(*all_client_certs[i].get(), *filter_dict)) {
1865 // Use the first certificate that is matched by the filter. 1858 // Use the first certificate that is matched by the filter.
1866 callback.Run(all_client_certs[i].get()); 1859 delegate->ContinueWithCertificate(all_client_certs[i].get());
1867 return; 1860 return;
1868 } 1861 }
1869 } 1862 }
1870 } else { 1863 } else {
1871 NOTREACHED(); 1864 NOTREACHED();
1872 } 1865 }
1873 } 1866 }
1874 1867
1875 chrome::ShowSSLClientCertificateSelector(tab, cert_request_info, callback); 1868 chrome::ShowSSLClientCertificateSelector(web_contents, cert_request_info,
1869 delegate.Pass());
1876 } 1870 }
1877 1871
1878 void ChromeContentBrowserClient::AddCertificate( 1872 void ChromeContentBrowserClient::AddCertificate(
1879 net::CertificateMimeType cert_type, 1873 net::CertificateMimeType cert_type,
1880 const void* cert_data, 1874 const void* cert_data,
1881 size_t cert_size, 1875 size_t cert_size,
1882 int render_process_id, 1876 int render_process_id,
1883 int render_frame_id) { 1877 int render_frame_id) {
1884 chrome::SSLAddCertificate(cert_type, cert_data, cert_size, 1878 chrome::SSLAddCertificate(cert_type, cert_data, cert_size,
1885 render_process_id, render_frame_id); 1879 render_process_id, render_frame_id);
(...skipping 778 matching lines...) Expand 10 before | Expand all | Expand 10 after
2664 switches::kDisableWebRtcEncryption, 2658 switches::kDisableWebRtcEncryption,
2665 }; 2659 };
2666 to_command_line->CopySwitchesFrom(from_command_line, 2660 to_command_line->CopySwitchesFrom(from_command_line,
2667 kWebRtcDevSwitchNames, 2661 kWebRtcDevSwitchNames,
2668 arraysize(kWebRtcDevSwitchNames)); 2662 arraysize(kWebRtcDevSwitchNames));
2669 } 2663 }
2670 } 2664 }
2671 #endif // defined(ENABLE_WEBRTC) 2665 #endif // defined(ENABLE_WEBRTC)
2672 2666
2673 } // namespace chrome 2667 } // namespace chrome
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698