Home | History | Annotate | Download | only in ssl 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "content/browser/ssl/ssl_client_auth_handler.h"
      6 
      7 #include "base/bind.h"
      8 #include "content/browser/loader/resource_dispatcher_host_impl.h"
      9 #include "content/browser/loader/resource_request_info_impl.h"
     10 #include "content/public/browser/browser_thread.h"
     11 #include "content/public/browser/content_browser_client.h"
     12 #include "net/cert/x509_certificate.h"
     13 #include "net/http/http_transaction_factory.h"
     14 #include "net/ssl/client_cert_store.h"
     15 #include "net/url_request/url_request.h"
     16 #include "net/url_request/url_request_context.h"
     17 
     18 namespace content {
     19 
     20 SSLClientAuthHandler::SSLClientAuthHandler(
     21     scoped_ptr<net::ClientCertStore> client_cert_store,
     22     net::URLRequest* request,
     23     net::SSLCertRequestInfo* cert_request_info)
     24     : request_(request),
     25       http_network_session_(
     26           request_->context()->http_transaction_factory()->GetSession()),
     27       cert_request_info_(cert_request_info),
     28       client_cert_store_(client_cert_store.Pass()) {
     29   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
     30 }
     31 
     32 SSLClientAuthHandler::~SSLClientAuthHandler() {
     33   // If we were simply dropped, then act as if we selected no certificate.
     34   DoCertificateSelected(NULL);
     35 }
     36 
     37 void SSLClientAuthHandler::OnRequestCancelled() {
     38   request_ = NULL;
     39 }
     40 
     41 void SSLClientAuthHandler::SelectCertificate() {
     42   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
     43   DCHECK(request_);
     44 
     45   if (client_cert_store_) {
     46     client_cert_store_->GetClientCerts(
     47         *cert_request_info_,
     48         &cert_request_info_->client_certs,
     49         base::Bind(&SSLClientAuthHandler::DidGetClientCerts, this));
     50   } else {
     51     DidGetClientCerts();
     52   }
     53 }
     54 
     55 void SSLClientAuthHandler::CertificateSelected(net::X509Certificate* cert) {
     56   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
     57 
     58   VLOG(1) << this << " CertificateSelected " << cert;
     59   BrowserThread::PostTask(
     60       BrowserThread::IO, FROM_HERE,
     61       base::Bind(
     62           &SSLClientAuthHandler::DoCertificateSelected, this,
     63           make_scoped_refptr(cert)));
     64 }
     65 
     66 void SSLClientAuthHandler::DidGetClientCerts() {
     67   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
     68   // Request may have cancelled while we were getting client certs.
     69   if (!request_)
     70     return;
     71 
     72   // Note that if |client_cert_store_| is NULL, we intentionally fall through to
     73   // DoCertificateSelected. This is for platforms where the client cert matching
     74   // is not performed by Chrome, the platform can handle the cert matching
     75   // before showing the dialog.
     76   if (client_cert_store_ && cert_request_info_->client_certs.empty()) {
     77     // No need to query the user if there are no certs to choose from.
     78     DoCertificateSelected(NULL);
     79     return;
     80   }
     81 
     82   int render_process_host_id;
     83   int render_frame_host_id;
     84   if (!ResourceRequestInfo::ForRequest(request_)->GetAssociatedRenderFrame(
     85           &render_process_host_id,
     86           &render_frame_host_id))
     87     NOTREACHED();
     88 
     89   // If the RVH does not exist by the time this task gets run, then the task
     90   // will be dropped and the scoped_refptr to SSLClientAuthHandler will go
     91   // away, so we do not leak anything. The destructor takes care of ensuring
     92   // the net::URLRequest always gets a response.
     93   BrowserThread::PostTask(
     94       BrowserThread::UI, FROM_HERE,
     95       base::Bind(
     96           &SSLClientAuthHandler::DoSelectCertificate, this,
     97           render_process_host_id, render_frame_host_id));
     98 }
     99 
    100 void SSLClientAuthHandler::DoCertificateSelected(net::X509Certificate* cert) {
    101   VLOG(1) << this << " DoCertificateSelected " << cert;
    102   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
    103   // request_ could have been NULLed if the request was cancelled while the
    104   // user was choosing a cert, or because we have already responded to the
    105   // certificate.
    106   if (request_) {
    107     request_->ContinueWithCertificate(cert);
    108 
    109     ResourceDispatcherHostImpl::Get()->
    110         ClearSSLClientAuthHandlerForRequest(request_);
    111     request_ = NULL;
    112   }
    113 }
    114 
    115 void SSLClientAuthHandler::DoSelectCertificate(
    116     int render_process_host_id, int render_frame_host_id) {
    117   GetContentClient()->browser()->SelectClientCertificate(
    118       render_process_host_id,
    119       render_frame_host_id,
    120       http_network_session_,
    121       cert_request_info_.get(),
    122       base::Bind(&SSLClientAuthHandler::CertificateSelected, this));
    123 }
    124 
    125 }  // namespace content
    126