Cancel client auth requests when not promptable.

chrome/browser/chrome_content_browser_client.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chrome_content_browser_client.h"
 
 #include <set>
 #include <utility>
 #include <vector>
 
@@ skipping 95 matching lines @@
 #include "components/signin/core/common/profile_management_switches.h"
 #include "components/translate/core/common/translate_switches.h"
 #include "components/url_fixer/url_fixer.h"
 #include "content/public/browser/browser_child_process_host.h"
 #include "content/public/browser/browser_main_parts.h"
 #include "content/public/browser/browser_ppapi_host.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/browser_url_handler.h"
 #include "content/public/browser/child_process_data.h"
 #include "content/public/browser/child_process_security_policy.h"
+#include "content/public/browser/client_certificate_delegate.h"
 #include "content/public/browser/permission_type.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/resource_context.h"
 #include "content/public/browser/site_instance.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/child_process_host.h"
 #include "content/public/common/content_descriptors.h"
 #include "content/public/common/url_utils.h"
@@ skipping 1712 matching lines @@
   if (strict_enforcement)
     options_mask |= SSLBlockingPage::STRICT_ENFORCEMENT;
   if (expired_previous_decision)
     options_mask |= SSLBlockingPage::EXPIRED_BUT_PREVIOUSLY_ALLOWED;
 
   SSLErrorHandler::HandleSSLError(
       tab, cert_error, ssl_info, request_url, options_mask, callback);
 }
 
 void ChromeContentBrowserClient::SelectClientCertificate(
-    int render_process_id,
-    int render_frame_id,
+    content::WebContents* web_contents,
     net::SSLCertRequestInfo* cert_request_info,
-    const base::Callback<void(net::X509Certificate*)>& callback) {
-  content::RenderFrameHost* rfh = content::RenderFrameHost::FromID(
-      render_process_id, render_frame_id);
-  WebContents* tab = WebContents::FromRenderFrameHost(rfh);
-  if (!tab) {
-    // TODO(davidben): This makes the request hang, but returning no certificate
-    // also breaks. It should abort the request. See https://crbug.com/417092
+    scoped_ptr<content::ClientCertificateDelegate> delegate) {
+  prerender::PrerenderContents* prerender_contents =
+      prerender::PrerenderContents::FromWebContents(web_contents);
+  if (prerender_contents) {
+    prerender_contents->Destroy(
+        prerender::FINAL_STATUS_SSL_CLIENT_CERTIFICATE_REQUESTED);
+    delegate->CancelCertificateSelection();

[sky, 2015/02/20 21:32:29]

Since the delegate is going to be deleted in the return why does it need an
explicit cancel?

[davidben, 2015/02/24 22:38:40]

Switched the delegate to trigger cancel in the destructor. That's cleaner, yeah.

     return;
   }
 
-  prerender::PrerenderContents* prerender_contents =
-      prerender::PrerenderContents::FromWebContents(tab);
-  if (prerender_contents) {
-    prerender_contents->Destroy(
-        prerender::FINAL_STATUS_SSL_CLIENT_CERTIFICATE_REQUESTED);
-    return;
-  }
-
   GURL requesting_url("https://" + cert_request_info->host_and_port.ToString());
   DCHECK(requesting_url.is_valid())
       << "Invalid URL string: https://"
       << cert_request_info->host_and_port.ToString();
 
-  Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+  Profile* profile =
+      Profile::FromBrowserContext(web_contents->GetBrowserContext());
   scoped_ptr<base::Value> filter =
       profile->GetHostContentSettingsMap()->GetWebsiteSetting(
           requesting_url,
           requesting_url,
           CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE,
           std::string(),
           NULL);
 
   if (filter.get()) {
     // Try to automatically select a client certificate.
     if (filter->IsType(base::Value::TYPE_DICTIONARY)) {
       base::DictionaryValue* filter_dict =
           static_cast<base::DictionaryValue*>(filter.get());
 
       const std::vector<scoped_refptr<net::X509Certificate> >&
           all_client_certs = cert_request_info->client_certs;
       for (size_t i = 0; i < all_client_certs.size(); ++i) {
         if (CertMatchesFilter(*all_client_certs[i].get(), *filter_dict)) {
           // Use the first certificate that is matched by the filter.
-          callback.Run(all_client_certs[i].get());
+          delegate->ContinueWithCertificate(all_client_certs[i].get());
           return;
         }
       }
     } else {
       NOTREACHED();
     }
   }
 
-  chrome::ShowSSLClientCertificateSelector(tab, cert_request_info, callback);
+  chrome::ShowSSLClientCertificateSelector(web_contents, cert_request_info,
+                                           delegate.Pass());
 }
 
 void ChromeContentBrowserClient::AddCertificate(
     net::CertificateMimeType cert_type,
     const void* cert_data,
     size_t cert_size,
     int render_process_id,
     int render_frame_id) {
   chrome::SSLAddCertificate(cert_type, cert_data, cert_size,
                             render_process_id, render_frame_id);
@@ skipping 723 matching lines @@
       switches::kDisableWebRtcEncryption,
     };
     to_command_line->CopySwitchesFrom(from_command_line,
                                       kWebRtcDevSwitchNames,
                                       arraysize(kWebRtcDevSwitchNames));
   }
 }
 #endif  // defined(ENABLE_WEBRTC)
 
 }  // namespace chrome