Cancel client auth requests when not promptable.

content/browser/shared_worker/worker_browsertest.cc

Index: content/browser/shared_worker/worker_browsertest.cc
diff --git a/content/browser/shared_worker/worker_browsertest.cc b/content/browser/shared_worker/worker_browsertest.cc
index 14100b9d72f2cdc6b099bab02668c11e48abe014..1f79876025c9da11d3f06e787be258c558185523 100644
--- a/content/browser/shared_worker/worker_browsertest.cc
+++ b/content/browser/shared_worker/worker_browsertest.cc
@@ -11,6 +11,7 @@
 #include "base/sys_info.h"
 #include "base/test/test_timeouts.h"
 #include "content/public/browser/browser_thread.h"
+#include "content/public/browser/client_certificate_delegate.h"
 #include "content/public/common/content_paths.h"
 #include "content/public/test/browser_test_utils.h"
 #include "content/public/test/content_browser_test.h"
@@ -19,6 +20,7 @@
 #include "content/shell/browser/shell.h"
 #include "content/shell/browser/shell_content_browser_client.h"
 #include "content/shell/browser/shell_resource_dispatcher_host_delegate.h"
+#include "net/base/escape.h"
 #include "net/base/test_data_directory.h"
 #include "net/test/spawned_test_server/spawned_test_server.h"
 #include "url/gurl.h"
@@ -27,7 +29,20 @@ namespace content {
 
 class WorkerTest : public ContentBrowserTest {
  public:
-  WorkerTest() {}
+  WorkerTest() : select_certificate_count_(0) {}
+
+  void SetUpOnMainThread() override {
+    ShellContentBrowserClient::Get()->set_select_client_certificate_callback(
+        base::Bind(&WorkerTest::OnSelectClientCertificate,
+                   base::Unretained(this)));
+  }
+
+  void TearDownOnMainThread() override {
+    ShellContentBrowserClient::Get()->set_select_client_certificate_callback(
+        base::Callback<void()>());

[mmenke, 2015/03/09 18:30:27]

base::Closure?  Or could just use a WeakPtrFactory.

[davidben, 2015/03/10 02:07:57]

Done. (I think I prefer base::Closure. Setting it to the null callback is the
inverse of the SetUp operation.)

+  }
+
+  int select_certificate_count() const { return select_certificate_count_; }
 
   GURL GetTestURL(const std::string& test_case, const std::string& query) {
     base::FilePath test_file_path = GetTestFilePath(
@@ -64,6 +79,13 @@ class WorkerTest : public ContentBrowserTest {
     shell()->LoadURL(url);
     runner->Run();
   }
+
+ private:
+  void OnSelectClientCertificate() {
+    select_certificate_count_++;
+  }
+
+  int select_certificate_count_;
 };
 
 IN_PROC_BROWSER_TEST_F(WorkerTest, SingleWorker) {
@@ -102,14 +124,58 @@ IN_PROC_BROWSER_TEST_F(WorkerTest, WorkerHttpAuth) {
   NavigateAndWaitForAuth(url);
 }
 
-// Make sure that auth dialog is displayed from shared worker context.
+// Make sure that HTTP auth dialog is displayed from shared worker context.
 // http://crbug.com/33344
+//
+// TODO(davidben): HTTP auth dialogs are no longer displayed on shared workers,
+// but this test only tests that the delegate is called. Move handling the
+// WebContentsless case from chrome/ to content/ and adjust the test
+// accordingly.
 IN_PROC_BROWSER_TEST_F(WorkerTest, SharedWorkerHttpAuth) {
   ASSERT_TRUE(test_server()->Start());
   GURL url = test_server()->GetURL("files/workers/shared_worker_auth.html");
   NavigateAndWaitForAuth(url);
 }
 
+// Tests that TLS client auth prompts for normal workers.
+IN_PROC_BROWSER_TEST_F(WorkerTest, WorkerTlsClientAuth) {
+  // Launch HTTPS server.
+  net::SpawnedTestServer::SSLOptions ssl_options;
+  ssl_options.request_client_certificate = true;
+  net::SpawnedTestServer https_server(
+      net::SpawnedTestServer::TYPE_HTTPS, ssl_options,
+      base::FilePath(FILE_PATH_LITERAL("content/test/data")));
+  ASSERT_TRUE(https_server.Start());
+
+  RunTest("worker_tls_client_auth.html",
+          "url=" +
+              net::EscapeQueryParamValue(https_server.GetURL("").spec(), true));
+  EXPECT_EQ(1, select_certificate_count());
+}
+
+// Tests that TLS client auth does not prompt for a shared worker; shared
+// workers are not associated with a WebContents.
+#if defined(OS_ANDROID)
+// SharedWorkers are not enabled on Android. https://crbug.com/154571
+#define MAYBE_SharedWorkerTlsClientAuth DISABLED_SharedWorkerTlsClientAuth
+#else
+#define MAYBE_SharedWorkerTlsClientAuth SharedWorkerTlsClientAuth
+#endif

[mmenke, 2015/03/09 18:30:27]

Should this be disabled via the same mechanism as all the other SharedWorker
tests?  Seems weird to disable this one way, and everything else another.

[davidben, 2015/03/10 02:07:57]

So, I really don't like this out-of-band thing. :-) It wasn't clear the tests
were disabled. I just chatted with yusufo@ who said Chrome for Android has no
set rules and inline is probably better. My plan is to switch the remainder to
inline in a follow-up.

I switched it to a SupportsFooBar() check. That's less verbose when applied in
bulk than a bunch of MAYBE lines. Also added a TODO to transplant the others
over.

[mmenke, 2015/03/10 02:10:54]

SGTM.

+IN_PROC_BROWSER_TEST_F(WorkerTest, MAYBE_SharedWorkerTlsClientAuth) {
+  // Launch HTTPS server.
+  net::SpawnedTestServer::SSLOptions ssl_options;
+  ssl_options.request_client_certificate = true;
+  net::SpawnedTestServer https_server(
+      net::SpawnedTestServer::TYPE_HTTPS, ssl_options,
+      base::FilePath(FILE_PATH_LITERAL("content/test/data")));
+  ASSERT_TRUE(https_server.Start());
+
+  RunTest("worker_tls_client_auth.html",
+          "shared=true&url=" +
+              net::EscapeQueryParamValue(https_server.GetURL("").spec(), true));
+  EXPECT_EQ(0, select_certificate_count());
+}
+
 IN_PROC_BROWSER_TEST_F(WorkerTest, WebSocketSharedWorker) {
   // Launch WebSocket server.
   net::SpawnedTestServer ws_server(net::SpawnedTestServer::TYPE_WS,