content/browser/ssl/ssl_client_auth_handler.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "content/browser/ssl/ssl_client_auth_handler.h"
   6
   7 #include "base/bind.h"
   8 #include "base/logging.h"
   9 #include "content/public/browser/browser_thread.h"
  10 #include "content/public/browser/content_browser_client.h"
  11 #include "content/public/browser/resource_request_info.h"
  12 #include "net/cert/x509_certificate.h"
  13 #include "net/ssl/client_cert_store.h"
  14 #include "net/url_request/url_request.h"
  15
  16 namespace content {
  17
  18 namespace {
  19
  20 void CertificateSelectedOnUIThread(
  21     const SSLClientAuthHandler::CertificateCallback& io_thread_callback,
  22     net::X509Certificate* cert) {
  23   DCHECK_CURRENTLY_ON(BrowserThread::UI);
  24
  25   BrowserThread::PostTask(
  26       BrowserThread::IO, FROM_HERE,
  27       base::Bind(io_thread_callback, make_scoped_refptr(cert)));
  28 }
  29
  30 void SelectCertificateOnUIThread(
  31     int render_process_host_id,
  32     int render_frame_host_id,
  33     net::SSLCertRequestInfo* cert_request_info,
  34     const SSLClientAuthHandler::CertificateCallback& io_thread_callback) {
  35   DCHECK_CURRENTLY_ON(BrowserThread::UI);
  36
  37   GetContentClient()->browser()->SelectClientCertificate(
  38       render_process_host_id, render_frame_host_id, cert_request_info,
  39       base::Bind(&CertificateSelectedOnUIThread, io_thread_callback));
  40 }
  41
  42 }  // namespace
  43
  44 // A reference-counted core to allow the ClientCertStore and SSLCertRequestInfo
  45 // to outlive SSLClientAuthHandler if needbe.
  46 class SSLClientAuthHandler::Core : public base::RefCountedThreadSafe<Core> {
  47  public:
  48   Core(const base::WeakPtr<SSLClientAuthHandler>& handler,
  49        scoped_ptr<net::ClientCertStore> client_cert_store,
  50        net::SSLCertRequestInfo* cert_request_info)
  51       : handler_(handler),
  52         client_cert_store_(client_cert_store.Pass()),
  53         cert_request_info_(cert_request_info) {}
  54
  55   bool has_client_cert_store() const { return client_cert_store_; }
  56
  57   void GetClientCerts() {
  58     if (client_cert_store_) {
  59       client_cert_store_->GetClientCerts(
  60           *cert_request_info_, &cert_request_info_->client_certs,
  61           base::Bind(&SSLClientAuthHandler::Core::DidGetClientCerts, this));
  62     } else {
  63       DidGetClientCerts();
  64     }
  65   }
  66
  67  private:
  68   friend class base::RefCountedThreadSafe<Core>;
  69
  70   ~Core() {}
  71
  72   // Called when |client_cert_store_| is done retrieving the cert list.
  73   void DidGetClientCerts() {
  74     if (handler_)
  75       handler_->DidGetClientCerts();
  76   }
  77
  78   base::WeakPtr<SSLClientAuthHandler> handler_;
  79   scoped_ptr<net::ClientCertStore> client_cert_store_;
  80   scoped_refptr<net::SSLCertRequestInfo> cert_request_info_;
  81 };
  82
  83 SSLClientAuthHandler::SSLClientAuthHandler(
  84     scoped_ptr<net::ClientCertStore> client_cert_store,
  85     net::URLRequest* request,
  86     net::SSLCertRequestInfo* cert_request_info,
  87     const SSLClientAuthHandler::CertificateCallback& callback)
  88     : core_(nullptr),
  89       request_(request),
  90       cert_request_info_(cert_request_info),
  91       callback_(callback),
  92       weak_factory_(this) {
  93   DCHECK_CURRENTLY_ON(BrowserThread::IO);
  94
  95   core_ = new Core(weak_factory_.GetWeakPtr(), client_cert_store.Pass(),
  96                    cert_request_info_.get());
  97 }
  98
  99 SSLClientAuthHandler::~SSLClientAuthHandler() {
 100 }
 101
 102 void SSLClientAuthHandler::SelectCertificate() {
 103   DCHECK_CURRENTLY_ON(BrowserThread::IO);
 104
 105   // |core_| will call DidGetClientCerts when done.
 106   core_->GetClientCerts();
 107 }
 108
 109 void SSLClientAuthHandler::DidGetClientCerts() {
 110   DCHECK_CURRENTLY_ON(BrowserThread::IO);
 111
 112   // Note that if |client_cert_store_| is NULL, we intentionally fall through to
 113   // DoCertificateSelected. This is for platforms where the client cert matching
 114   // is not performed by Chrome. Those platforms handle the cert matching before
 115   // showing the dialog.
 116   if (core_->has_client_cert_store() &&
 117       cert_request_info_->client_certs.empty()) {
 118     // No need to query the user if there are no certs to choose from.
 119     CertificateSelected(NULL);
 120     return;
 121   }
 122
 123   int render_process_host_id;
 124   int render_frame_host_id;
 125   if (!ResourceRequestInfo::ForRequest(request_)->GetAssociatedRenderFrame(
 126           &render_process_host_id, &render_frame_host_id)) {
 127     NOTREACHED();
 128     CertificateSelected(NULL);
 129     return;
 130   }
 131
 132   BrowserThread::PostTask(
 133       BrowserThread::UI, FROM_HERE,
 134       base::Bind(&SelectCertificateOnUIThread, render_process_host_id,
 135                  render_frame_host_id, cert_request_info_,
 136                  base::Bind(&SSLClientAuthHandler::CertificateSelected,
 137                             weak_factory_.GetWeakPtr())));
 138 }
 139
 140 void SSLClientAuthHandler::CertificateSelected(net::X509Certificate* cert) {
 141   DVLOG(1) << this << " DoCertificateSelected " << cert;
 142   DCHECK_CURRENTLY_ON(BrowserThread::IO);
 143
 144   callback_.Run(cert);
 145   // |this| may be deleted at this point.
 146 }
 147
 148 }  // namespace content