Cancel client auth requests when not promptable.

chrome/browser/ui/cocoa/ssl_client_certificate_selector_cocoa.mm

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #import "chrome/browser/ui/cocoa/ssl_client_certificate_selector_cocoa.h"
 
 #import <SecurityInterface/SFChooseIdentityPanel.h>
 
 #include "base/logging.h"
 #include "base/mac/foundation_util.h"
 #include "base/strings/string_util.h"
 #include "base/strings/sys_string_conversions.h"
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/browser/ssl/ssl_client_auth_observer.h"
 #import "chrome/browser/ui/cocoa/constrained_window/constrained_window_mac.h"
 #include "chrome/grit/generated_resources.h"
+#include "components/web_modal/popup_manager.h"
 #include "content/public/browser/browser_thread.h"
+#include "content/public/browser/client_certificate_delegate.h"
 #include "content/public/browser/web_contents.h"
 #include "net/cert/x509_certificate.h"
 #include "net/cert/x509_util_mac.h"
 #include "net/ssl/ssl_cert_request_info.h"
 #include "ui/base/cocoa/window_size_constants.h"
 #include "ui/base/l10n/l10n_util_mac.h"
 
 using content::BrowserThread;
 
 @interface SFChooseIdentityPanel (SystemPrivate)
 // A system-private interface that dismisses a panel whose sheet was started by
 // -beginSheetForWindow:modalDelegate:didEndSelector:contextInfo:identities:message:
 // as though the user clicked the button identified by returnCode. Verified
 // present in 10.5 through 10.8.
 - (void)_dismissWithCode:(NSInteger)code;
 @end
 
 @interface SSLClientCertificateSelectorCocoa ()
 - (void)onConstrainedWindowClosed;
 @end
 
 class SSLClientAuthObserverCocoaBridge : public SSLClientAuthObserver,
                                          public ConstrainedWindowMacDelegate {
  public:
   SSLClientAuthObserverCocoaBridge(
       const content::BrowserContext* browser_context,
       net::SSLCertRequestInfo* cert_request_info,
-      const chrome::SelectCertificateCallback& callback,
+      scoped_ptr<content::ClientCertificateDelegate> delegate,
       SSLClientCertificateSelectorCocoa* controller)
-      : SSLClientAuthObserver(browser_context, cert_request_info, callback),
-        controller_(controller) {
-  }
+      : SSLClientAuthObserver(browser_context,
+                              cert_request_info,
+                              delegate.Pass()),
+        controller_(controller) {}
 
   // SSLClientAuthObserver implementation:
   void OnCertSelectedByNotification() override {
     [controller_ closeWebContentsModalDialog];
   }
 
   // ConstrainedWindowMacDelegate implementation:
   void OnConstrainedWindowClosed(ConstrainedWindowMac* window) override {
     // |onConstrainedWindowClosed| will delete the sheet which might be still
     // in use higher up the call stack. Wait for the next cycle of the event
     // loop to call this function.
     [controller_ performSelector:@selector(onConstrainedWindowClosed)
                       withObject:nil
                       afterDelay:0];
   }
 
  private:
   SSLClientCertificateSelectorCocoa* controller_;  // weak
 };
 
 namespace chrome {
 
 void ShowSSLClientCertificateSelector(
     content::WebContents* contents,
     net::SSLCertRequestInfo* cert_request_info,
-    const SelectCertificateCallback& callback) {
+    scoped_ptr<content::ClientCertificateDelegate> delegate) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
+
+  // Not all WebContentses can show modal dialogs.
+  //
+  // TODO(davidben): Move this hook to the WebContentsDelegate and only try to
+  // show a dialog in Browser's implementation. https://crbug.com/456255
+  if (web_modal::PopupManager::FromWebContents(contents) == nullptr)
+    return;
+
   // The dialog manages its own lifetime.
   SSLClientCertificateSelectorCocoa* selector =
       [[SSLClientCertificateSelectorCocoa alloc]
           initWithBrowserContext:contents->GetBrowserContext()
                  certRequestInfo:cert_request_info
-                        callback:callback];
+                        delegate:delegate.Pass()];
   [selector displayForWebContents:contents];
 }
 
 }  // namespace chrome
 
 @implementation SSLClientCertificateSelectorCocoa
 
 - (id)initWithBrowserContext:(const content::BrowserContext*)browserContext
-    certRequestInfo:(net::SSLCertRequestInfo*)certRequestInfo
-           callback:(const chrome::SelectCertificateCallback&)callback {
+             certRequestInfo:(net::SSLCertRequestInfo*)certRequestInfo
+                    delegate:(scoped_ptr<content::ClientCertificateDelegate>)
+                                 delegate {
   DCHECK(browserContext);
   DCHECK(certRequestInfo);
   if ((self = [super init])) {
     observer_.reset(new SSLClientAuthObserverCocoaBridge(
-        browserContext, certRequestInfo, callback, self));
+        browserContext, certRequestInfo, delegate.Pass(), self));
   }
   return self;
 }
 
 - (void)sheetDidEnd:(NSWindow*)parent
          returnCode:(NSInteger)returnCode
             context:(void*)context {
   net::X509Certificate* cert = NULL;
   if (returnCode == NSFileHandlingPanelOKButton) {
     CFRange range = CFRangeMake(0, CFArrayGetCount(identities_));
     CFIndex index =
         CFArrayGetFirstIndexOfValue(identities_, range, [panel_ identity]);
     if (index != -1)
       cert = certificates_[index].get();
     else
       NOTREACHED();
   }
 
-  // Finally, tell the backend which identity (or none) the user selected.
-  observer_->StopObserving();
-  observer_->CertificateSelected(cert);
+  if (!closePending_) {
+    // If |closePending_| is already set, |closeSheetWithAnimation:| was called
+    // already to cancel the selection rather than continue with no
+    // certificate. Otherwise, tell the backend which identity (or none) the
+    // user selected.
+    userResponded_ = YES;
+    observer_->CertificateSelected(cert);
 
-  if (!closePending_)
     constrainedWindow_->CloseWebContentsModalDialog();
+  }
 }
 
 - (void)displayForWebContents:(content::WebContents*)webContents {
   // Create an array of CFIdentityRefs for the certificates:
   size_t numCerts = observer_->cert_request_info()->client_certs.size();
   identities_.reset(CFArrayCreateMutable(
       kCFAllocatorDefault, numCerts, &kCFTypeArrayCallBacks));
   for (size_t i = 0; i < numCerts; ++i) {
     SecCertificateRef cert =
         observer_->cert_request_info()->client_certs[i]->os_cert_handle();
@@ skipping 45 matching lines @@
   overlayWindow_.reset([window retain]);
   [panel_ beginSheetForWindow:window
                 modalDelegate:self
                didEndSelector:@selector(sheetDidEnd:returnCode:context:)
                   contextInfo:NULL
                    identities:base::mac::CFToNSCast(identities_)
                       message:title];
 }
 
 - (void)closeSheetWithAnimation:(BOOL)withAnimation {
+  if (!userResponded_) {
+    // If the sheet is closed by closing the tab rather than the user explicitly
+    // hitting Cancel, |closeSheetWithAnimation:| gets called before
+    // |sheetDidEnd:|. In this case, the selection should be canceled rather
+    // than continue with no certificate. The |returnCode| parameter to
+    // |sheetDidEnd:| is the same in both cases.
+    observer_->CancelCertificateSelection();
+  }
   closePending_ = YES;
   overlayWindow_.reset();
   // Closing the sheet using -[NSApp endSheet:] doesn't work so use the private
   // method.
   [panel_ _dismissWithCode:NSFileHandlingPanelCancelButton];
 }
 
 - (void)hideSheet {
   NSWindow* sheetWindow = [overlayWindow_ attachedSheet];
   [sheetWindow setAlphaValue:0.0];
@@ skipping 35 matching lines @@
 }
 
 - (void)onConstrainedWindowClosed {
   observer_->StopObserving();
   panel_.reset();
   constrainedWindow_.reset();
   [self release];
 }
 
 @end