content/browser/ssl/ssl_client_auth_handler.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "content/browser/ssl/ssl_client_auth_handler.h"
   6
   7 #include "base/bind.h"
   8 #include "base/logging.h"
   9 #include "content/public/browser/browser_thread.h"
  10 #include "content/public/browser/content_browser_client.h"
  11 #include "content/public/browser/resource_request_info.h"
  12 #include "net/cert/x509_certificate.h"
  13 #include "net/ssl/client_cert_store.h"
  14 #include "net/url_request/url_request.h"
  15
  16 namespace content {
  17
  18 namespace {
  19
  20 void CertificateSelectedOnUIThread(
  21     const SSLClientAuthHandler::CertificateCallback& io_thread_callback,
  22     net::X509Certificate* cert) {
  23   DCHECK_CURRENTLY_ON(BrowserThread::UI);
  24
  25   BrowserThread::PostTask(
  26       BrowserThread::IO, FROM_HERE,
  27       base::Bind(io_thread_callback, make_scoped_refptr(cert)));
  28 }
  29
  30 void SelectCertificateOnUIThread(
  31     int render_process_host_id,
  32     int render_frame_host_id,
  33     net::SSLCertRequestInfo* cert_request_info,
  34     const SSLClientAuthHandler::CertificateCallback& io_thread_callback) {
  35   DCHECK_CURRENTLY_ON(BrowserThread::UI);
  36
  37   GetContentClient()->browser()->SelectClientCertificate(
  38       render_process_host_id, render_frame_host_id, cert_request_info,
  39       base::Bind(&CertificateSelectedOnUIThread, io_thread_callback));
  40 }
  41
  42 }  // namespace
  43
  44 // A reference-counted core to allow the ClientCertStore and SSLCertRequestInfo
  45 // to outlive SSLClientAuthHandler if needbe.
  46 class SSLClientAuthHandler::Core : public base::RefCountedThreadSafe<Core> {
  47  public:
  48   Core(const base::WeakPtr<SSLClientAuthHandler>& handler,
  49        scoped_ptr<net::ClientCertStore> client_cert_store,
  50        net::SSLCertRequestInfo* cert_request_info)
  51       : handler_(handler),
  52         client_cert_store_(client_cert_store.Pass()),
  53         cert_request_info_(cert_request_info) {}
  54
  55   bool has_client_cert_store() const { return client_cert_store_; }
  56
  57   void GetClientCerts() {
  58     if (client_cert_store_) {
  59       // TODO(davidben): This is still a cyclical ownership where
  60       // GetClientCerts' requirement that |client_cert_store_| remains alive
  61       // until the call completes is maintained by the reference held in the
  62       // callback.
  63       client_cert_store_->GetClientCerts(
  64           *cert_request_info_, &cert_request_info_->client_certs,
  65           base::Bind(&SSLClientAuthHandler::Core::DidGetClientCerts, this));
  66     } else {
  67       DidGetClientCerts();
  68     }
  69   }
  70
  71  private:
  72   friend class base::RefCountedThreadSafe<Core>;
  73
  74   ~Core() {}
  75
  76   // Called when |client_cert_store_| is done retrieving the cert list.
  77   void DidGetClientCerts() {
  78     if (handler_)
  79       handler_->DidGetClientCerts();
  80   }
  81
  82   base::WeakPtr<SSLClientAuthHandler> handler_;
  83   scoped_ptr<net::ClientCertStore> client_cert_store_;
  84   scoped_refptr<net::SSLCertRequestInfo> cert_request_info_;
  85 };
  86
  87 SSLClientAuthHandler::SSLClientAuthHandler(
  88     scoped_ptr<net::ClientCertStore> client_cert_store,
  89     net::URLRequest* request,
  90     net::SSLCertRequestInfo* cert_request_info,
  91     const SSLClientAuthHandler::CertificateCallback& callback)
  92     : request_(request),
  93       cert_request_info_(cert_request_info),
  94       callback_(callback),
  95       weak_factory_(this) {
  96   DCHECK_CURRENTLY_ON(BrowserThread::IO);
  97
  98   core_ = new Core(weak_factory_.GetWeakPtr(), client_cert_store.Pass(),
  99                    cert_request_info_.get());
 100 }
 101
 102 SSLClientAuthHandler::~SSLClientAuthHandler() {
 103 }
 104
 105 void SSLClientAuthHandler::SelectCertificate() {
 106   DCHECK_CURRENTLY_ON(BrowserThread::IO);
 107
 108   // |core_| will call DidGetClientCerts when done.
 109   core_->GetClientCerts();
 110 }
 111
 112 void SSLClientAuthHandler::DidGetClientCerts() {
 113   DCHECK_CURRENTLY_ON(BrowserThread::IO);
 114
 115   // Note that if |client_cert_store_| is NULL, we intentionally fall through to
 116   // DoCertificateSelected. This is for platforms where the client cert matching
 117   // is not performed by Chrome. Those platforms handle the cert matching before
 118   // showing the dialog.
 119   if (core_->has_client_cert_store() &&
 120       cert_request_info_->client_certs.empty()) {
 121     // No need to query the user if there are no certs to choose from.
 122     CertificateSelected(NULL);
 123     return;
 124   }
 125
 126   int render_process_host_id;
 127   int render_frame_host_id;
 128   if (!ResourceRequestInfo::ForRequest(request_)->GetAssociatedRenderFrame(
 129           &render_process_host_id, &render_frame_host_id)) {
 130     NOTREACHED();
 131     CertificateSelected(NULL);
 132     return;
 133   }
 134
 135   BrowserThread::PostTask(
 136       BrowserThread::UI, FROM_HERE,
 137       base::Bind(&SelectCertificateOnUIThread, render_process_host_id,
 138                  render_frame_host_id, cert_request_info_,
 139                  base::Bind(&SSLClientAuthHandler::CertificateSelected,
 140                             weak_factory_.GetWeakPtr())));
 141 }
 142
 143 void SSLClientAuthHandler::CertificateSelected(net::X509Certificate* cert) {
 144   DVLOG(1) << this << " DoCertificateSelected " << cert;
 145   DCHECK_CURRENTLY_ON(BrowserThread::IO);
 146
 147   callback_.Run(cert);
 148   // |this| may be deleted at this point.
 149 }
 150
 151 }  // namespace content