Chromium Code Reviews Chromium Code Reviews
Issue 859213006:
Cancel client auth requests when not promptable. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@client-auth-cancel-1| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/ssl/ssl_client_auth_handler.h" | 5 #include "content/browser/ssl/ssl_client_auth_handler.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "content/public/browser/browser_thread.h" | 9 #include "content/public/browser/browser_thread.h" |
| 10 #include "content/public/browser/client_certificate_delegate.h" | |
| 10 #include "content/public/browser/content_browser_client.h" | 11 #include "content/public/browser/content_browser_client.h" |
| 12 #include "content/public/browser/render_frame_host.h" | |
| 11 #include "content/public/browser/resource_request_info.h" | 13 #include "content/public/browser/resource_request_info.h" |
| 14 #include "content/public/browser/web_contents.h" | |
| 12 #include "net/cert/x509_certificate.h" | 15 #include "net/cert/x509_certificate.h" |
| 13 #include "net/ssl/client_cert_store.h" | 16 #include "net/ssl/client_cert_store.h" |
| 14 #include "net/url_request/url_request.h" | 17 #include "net/url_request/url_request.h" |
| 15 | 18 |
| 16 namespace content { | 19 namespace content { |
| 17 | 20 |
| 18 namespace { | 21 namespace { |
| 19 | 22 |
| 20 void CertificateSelectedOnUIThread( | 23 class ClientCertificateDelegateImpl : public ClientCertificateDelegate { |
| 21 const SSLClientAuthHandler::CertificateCallback& io_thread_callback, | 24 public: |
| 22 net::X509Certificate* cert) { | 25 explicit ClientCertificateDelegateImpl( |
| 23 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 26 const base::WeakPtr<SSLClientAuthHandler>& handler) |
| 27 : handler_(handler) {} | |
| 24 | 28 |
| 25 BrowserThread::PostTask( | 29 // ClientCertificateDelegate implementation: |
| 26 BrowserThread::IO, FROM_HERE, | 30 void ContinueWithCertificate(net::X509Certificate* cert) override { |
| 27 base::Bind(io_thread_callback, make_scoped_refptr(cert))); | 31 BrowserThread::PostTask( |
| 28 } | 32 BrowserThread::IO, FROM_HERE, |
| 33 base::Bind(&SSLClientAuthHandler::ContinueWithCertificate, handler_, | |
| 34 make_scoped_refptr(cert))); | |
| 35 } | |
| 36 | |
| 37 void CancelCertificateSelection() override { | |
| 38 BrowserThread::PostTask( | |
| 39 BrowserThread::IO, FROM_HERE, | |
| 40 base::Bind(&SSLClientAuthHandler::CancelCertificateSelection, | |
| 41 handler_)); | |
| 42 } | |
| 43 | |
| 44 private: | |
| 45 base::WeakPtr<SSLClientAuthHandler> handler_; | |
| 46 | |
| 47 DISALLOW_COPY_AND_ASSIGN(ClientCertificateDelegateImpl); | |
| 48 }; | |
| 29 | 49 |
| 30 void SelectCertificateOnUIThread( | 50 void SelectCertificateOnUIThread( |
| 31 int render_process_host_id, | 51 int render_process_host_id, |
| 32 int render_frame_host_id, | 52 int render_frame_host_id, |
| 33 net::SSLCertRequestInfo* cert_request_info, | 53 net::SSLCertRequestInfo* cert_request_info, |
| 34 const SSLClientAuthHandler::CertificateCallback& io_thread_callback) { | 54 const base::WeakPtr<SSLClientAuthHandler>& handler) { |
| 35 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 55 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 36 | 56 |
| 57 scoped_ptr<ClientCertificateDelegate> delegate( | |
| 58 new ClientCertificateDelegateImpl(handler)); | |
| 59 | |
| 60 RenderFrameHost* rfh = | |
| 61 RenderFrameHost::FromID(render_process_host_id, render_frame_host_id); | |
| 62 WebContents* web_contents = WebContents::FromRenderFrameHost(rfh); | |
| 63 if (!web_contents) { | |
| 64 delegate->CancelCertificateSelection(); | |
| 65 return; | |
| 66 } | |
| 67 | |
| 37 GetContentClient()->browser()->SelectClientCertificate( | 68 GetContentClient()->browser()->SelectClientCertificate( |
| 38 render_process_host_id, render_frame_host_id, cert_request_info, | 69 web_contents, cert_request_info, delegate.Pass()); |
| 39 base::Bind(&CertificateSelectedOnUIThread, io_thread_callback)); | |
| 40 } | 70 } |
| 41 | 71 |
| 42 } // namespace | 72 } // namespace |
| 43 | 73 |
| 44 // A reference-counted core to allow the ClientCertStore and SSLCertRequestInfo | 74 // A reference-counted core to allow the ClientCertStore and SSLCertRequestInfo |
| 45 // to outlive SSLClientAuthHandler if needbe. | 75 // to outlive SSLClientAuthHandler if needbe. |
| 46 class SSLClientAuthHandler::Core : public base::RefCountedThreadSafe<Core> { | 76 class SSLClientAuthHandler::Core : public base::RefCountedThreadSafe<Core> { |
| 47 public: | 77 public: |
| 48 Core(const base::WeakPtr<SSLClientAuthHandler>& handler, | 78 Core(const base::WeakPtr<SSLClientAuthHandler>& handler, |
| 49 scoped_ptr<net::ClientCertStore> client_cert_store, | 79 scoped_ptr<net::ClientCertStore> client_cert_store, |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 81 | 111 |
| 82 base::WeakPtr<SSLClientAuthHandler> handler_; | 112 base::WeakPtr<SSLClientAuthHandler> handler_; |
| 83 scoped_ptr<net::ClientCertStore> client_cert_store_; | 113 scoped_ptr<net::ClientCertStore> client_cert_store_; |
| 84 scoped_refptr<net::SSLCertRequestInfo> cert_request_info_; | 114 scoped_refptr<net::SSLCertRequestInfo> cert_request_info_; |
| 85 }; | 115 }; |
| 86 | 116 |
| 87 SSLClientAuthHandler::SSLClientAuthHandler( | 117 SSLClientAuthHandler::SSLClientAuthHandler( |
| 88 scoped_ptr<net::ClientCertStore> client_cert_store, | 118 scoped_ptr<net::ClientCertStore> client_cert_store, |
| 89 net::URLRequest* request, | 119 net::URLRequest* request, |
| 90 net::SSLCertRequestInfo* cert_request_info, | 120 net::SSLCertRequestInfo* cert_request_info, |
| 91 const SSLClientAuthHandler::CertificateCallback& callback) | 121 SSLClientAuthHandler::Delegate* delegate) |
| 92 : request_(request), | 122 : request_(request), |
| 93 cert_request_info_(cert_request_info), | 123 cert_request_info_(cert_request_info), |
| 94 callback_(callback), | 124 delegate_(delegate), |
| 95 weak_factory_(this) { | 125 weak_factory_(this) { |
| 96 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 126 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| 97 | 127 |
| 98 core_ = new Core(weak_factory_.GetWeakPtr(), client_cert_store.Pass(), | 128 core_ = new Core(weak_factory_.GetWeakPtr(), client_cert_store.Pass(), |
| 99 cert_request_info_.get()); | 129 cert_request_info_.get()); |
| 100 } | 130 } |
| 101 | 131 |
| 102 SSLClientAuthHandler::~SSLClientAuthHandler() { | 132 SSLClientAuthHandler::~SSLClientAuthHandler() { |
| 103 } | 133 } |
| 104 | 134 |
| 105 void SSLClientAuthHandler::SelectCertificate() { | 135 void SSLClientAuthHandler::SelectCertificate() { |
| 106 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 136 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| 107 | 137 |
| 108 // |core_| will call DidGetClientCerts when done. | 138 // |core_| will call DidGetClientCerts when done. |
| 109 core_->GetClientCerts(); | 139 core_->GetClientCerts(); |
| 110 } | 140 } |
| 111 | 141 |
| 142 // static | |
| 143 void SSLClientAuthHandler::ContinueWithCertificate( | |
| 144 const base::WeakPtr<SSLClientAuthHandler>& handler, | |
| 145 net::X509Certificate* cert) { | |
| 146 if (!handler) | |
| 147 return; | |
| 148 handler->delegate_->ContinueWithCertificate(cert); | |
| 149 } | |
| 150 | |
| 151 // static | |
| 152 void SSLClientAuthHandler::CancelCertificateSelection( | |
| 153 const base::WeakPtr<SSLClientAuthHandler>& handler) { | |
| 154 if (!handler) | |
| 155 return; | |
|
pneubeck (no reviews)
2015/02/14 10:53:02
optional nit:
if (handler)
handler-> ...
would
davidben
2015/02/18 22:31:44
Done.
| |
| 156 handler->delegate_->CancelCertificateSelection(); | |
| 157 } | |
| 158 | |
| 112 void SSLClientAuthHandler::DidGetClientCerts() { | 159 void SSLClientAuthHandler::DidGetClientCerts() { |
| 113 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 160 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| 114 | 161 |
| 115 // Note that if |client_cert_store_| is NULL, we intentionally fall through to | 162 // Note that if |client_cert_store_| is NULL, we intentionally fall through to |
| 116 // DoCertificateSelected. This is for platforms where the client cert matching | 163 // SelectCertificateOnUIThread. This is for platforms where the client cert |
| 117 // is not performed by Chrome. Those platforms handle the cert matching before | 164 // matching is not performed by Chrome. Those platforms handle the cert |
| 118 // showing the dialog. | 165 // matching before showing the dialog. |
| 119 if (core_->has_client_cert_store() && | 166 if (core_->has_client_cert_store() && |
| 120 cert_request_info_->client_certs.empty()) { | 167 cert_request_info_->client_certs.empty()) { |
| 121 // No need to query the user if there are no certs to choose from. | 168 // No need to query the user if there are no certs to choose from. |
| 122 CertificateSelected(NULL); | 169 // |
| 170 // TODO(davidben): The WebContents-less check on the UI thread should come | |
| 171 // before checking ClientCertStore; ClientCertStore itself should probably | |
| 172 // be handled by the embedder (https://crbug.com/394131), especially since | |
| 173 // this doesn't work on Android (https://crbug.com/345641). | |
| 174 BrowserThread::PostTask( | |
| 175 BrowserThread::IO, FROM_HERE, | |
| 176 base::Bind(&SSLClientAuthHandler::ContinueWithCertificate, | |
| 177 weak_factory_.GetWeakPtr(), | |
| 178 scoped_refptr<net::X509Certificate>())); | |
| 123 return; | 179 return; |
| 124 } | 180 } |
| 125 | 181 |
| 126 int render_process_host_id; | 182 int render_process_host_id; |
| 127 int render_frame_host_id; | 183 int render_frame_host_id; |
| 128 if (!ResourceRequestInfo::ForRequest(request_)->GetAssociatedRenderFrame( | 184 if (!ResourceRequestInfo::ForRequest(request_)->GetAssociatedRenderFrame( |
| 129 &render_process_host_id, &render_frame_host_id)) { | 185 &render_process_host_id, &render_frame_host_id)) { |
| 130 NOTREACHED(); | 186 NOTREACHED(); |
| 131 CertificateSelected(NULL); | 187 BrowserThread::PostTask( |
| 188 BrowserThread::IO, FROM_HERE, | |
| 189 base::Bind(&SSLClientAuthHandler::CancelCertificateSelection, | |
| 190 weak_factory_.GetWeakPtr())); | |
| 132 return; | 191 return; |
| 133 } | 192 } |
| 134 | 193 |
| 135 BrowserThread::PostTask( | 194 BrowserThread::PostTask( |
| 136 BrowserThread::UI, FROM_HERE, | 195 BrowserThread::UI, FROM_HERE, |
| 137 base::Bind(&SelectCertificateOnUIThread, render_process_host_id, | 196 base::Bind(&SelectCertificateOnUIThread, render_process_host_id, |
| 138 render_frame_host_id, cert_request_info_, | 197 render_frame_host_id, cert_request_info_, |
| 139 base::Bind(&SSLClientAuthHandler::CertificateSelected, | 198 weak_factory_.GetWeakPtr())); |
| 140 weak_factory_.GetWeakPtr()))); | |
| 141 } | |
| 142 | |
| 143 void SSLClientAuthHandler::CertificateSelected(net::X509Certificate* cert) { | |
| 144 DVLOG(1) << this << " DoCertificateSelected " << cert; | |
| 145 DCHECK_CURRENTLY_ON(BrowserThread::IO); | |
| 146 | |
| 147 callback_.Run(cert); | |
| 148 // |this| may be deleted at this point. | |
| 149 } | 199 } |
| 150 | 200 |
| 151 } // namespace content | 201 } // namespace content |
| OLD | NEW |
