Supervised user import: Listen for profile creation/deletion
[chromium-blink-merge.git] / content / browser / ssl / ssl_client_auth_handler.cc
blobe52864398b9f859f255f891f4507912ee74cb732
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "content/browser/ssl/ssl_client_auth_handler.h"
7 #include "base/bind.h"
8 #include "base/logging.h"
9 #include "content/public/browser/browser_thread.h"
10 #include "content/public/browser/client_certificate_delegate.h"
11 #include "content/public/browser/content_browser_client.h"
12 #include "content/public/browser/render_frame_host.h"
13 #include "content/public/browser/resource_request_info.h"
14 #include "content/public/browser/web_contents.h"
15 #include "net/cert/x509_certificate.h"
16 #include "net/ssl/client_cert_store.h"
17 #include "net/url_request/url_request.h"
19 namespace content {
21 namespace {
23 class ClientCertificateDelegateImpl : public ClientCertificateDelegate {
24 public:
25 explicit ClientCertificateDelegateImpl(
26 const base::WeakPtr<SSLClientAuthHandler>& handler)
27 : handler_(handler), continue_called_(false) {}
29 ~ClientCertificateDelegateImpl() override {
30 if (!continue_called_) {
31 BrowserThread::PostTask(
32 BrowserThread::IO, FROM_HERE,
33 base::Bind(&SSLClientAuthHandler::CancelCertificateSelection,
34 handler_));
38 // ClientCertificateDelegate implementation:
39 void ContinueWithCertificate(net::X509Certificate* cert) override {
40 DCHECK(!continue_called_);
41 continue_called_ = true;
42 BrowserThread::PostTask(
43 BrowserThread::IO, FROM_HERE,
44 base::Bind(&SSLClientAuthHandler::ContinueWithCertificate, handler_,
45 make_scoped_refptr(cert)));
48 private:
49 base::WeakPtr<SSLClientAuthHandler> handler_;
50 bool continue_called_;
52 DISALLOW_COPY_AND_ASSIGN(ClientCertificateDelegateImpl);
55 void SelectCertificateOnUIThread(
56 int render_process_host_id,
57 int render_frame_host_id,
58 net::SSLCertRequestInfo* cert_request_info,
59 const base::WeakPtr<SSLClientAuthHandler>& handler) {
60 DCHECK_CURRENTLY_ON(BrowserThread::UI);
62 scoped_ptr<ClientCertificateDelegate> delegate(
63 new ClientCertificateDelegateImpl(handler));
65 RenderFrameHost* rfh =
66 RenderFrameHost::FromID(render_process_host_id, render_frame_host_id);
67 WebContents* web_contents = WebContents::FromRenderFrameHost(rfh);
68 if (!web_contents)
69 return;
71 GetContentClient()->browser()->SelectClientCertificate(
72 web_contents, cert_request_info, delegate.Pass());
75 } // namespace
77 // A reference-counted core to allow the ClientCertStore and SSLCertRequestInfo
78 // to outlive SSLClientAuthHandler if needbe.
79 class SSLClientAuthHandler::Core : public base::RefCountedThreadSafe<Core> {
80 public:
81 Core(const base::WeakPtr<SSLClientAuthHandler>& handler,
82 scoped_ptr<net::ClientCertStore> client_cert_store,
83 net::SSLCertRequestInfo* cert_request_info)
84 : handler_(handler),
85 client_cert_store_(client_cert_store.Pass()),
86 cert_request_info_(cert_request_info) {}
88 bool has_client_cert_store() const { return client_cert_store_; }
90 void GetClientCerts() {
91 if (client_cert_store_) {
92 // TODO(davidben): This is still a cyclical ownership where
93 // GetClientCerts' requirement that |client_cert_store_| remains alive
94 // until the call completes is maintained by the reference held in the
95 // callback.
96 client_cert_store_->GetClientCerts(
97 *cert_request_info_, &cert_request_info_->client_certs,
98 base::Bind(&SSLClientAuthHandler::Core::DidGetClientCerts, this));
99 } else {
100 DidGetClientCerts();
104 private:
105 friend class base::RefCountedThreadSafe<Core>;
107 ~Core() {}
109 // Called when |client_cert_store_| is done retrieving the cert list.
110 void DidGetClientCerts() {
111 if (handler_)
112 handler_->DidGetClientCerts();
115 base::WeakPtr<SSLClientAuthHandler> handler_;
116 scoped_ptr<net::ClientCertStore> client_cert_store_;
117 scoped_refptr<net::SSLCertRequestInfo> cert_request_info_;
120 SSLClientAuthHandler::SSLClientAuthHandler(
121 scoped_ptr<net::ClientCertStore> client_cert_store,
122 net::URLRequest* request,
123 net::SSLCertRequestInfo* cert_request_info,
124 SSLClientAuthHandler::Delegate* delegate)
125 : request_(request),
126 cert_request_info_(cert_request_info),
127 delegate_(delegate),
128 weak_factory_(this) {
129 DCHECK_CURRENTLY_ON(BrowserThread::IO);
131 core_ = new Core(weak_factory_.GetWeakPtr(), client_cert_store.Pass(),
132 cert_request_info_.get());
135 SSLClientAuthHandler::~SSLClientAuthHandler() {
138 void SSLClientAuthHandler::SelectCertificate() {
139 DCHECK_CURRENTLY_ON(BrowserThread::IO);
141 // |core_| will call DidGetClientCerts when done.
142 core_->GetClientCerts();
145 // static
146 void SSLClientAuthHandler::ContinueWithCertificate(
147 const base::WeakPtr<SSLClientAuthHandler>& handler,
148 net::X509Certificate* cert) {
149 if (handler)
150 handler->delegate_->ContinueWithCertificate(cert);
153 // static
154 void SSLClientAuthHandler::CancelCertificateSelection(
155 const base::WeakPtr<SSLClientAuthHandler>& handler) {
156 if (handler)
157 handler->delegate_->CancelCertificateSelection();
160 void SSLClientAuthHandler::DidGetClientCerts() {
161 DCHECK_CURRENTLY_ON(BrowserThread::IO);
163 // Note that if |client_cert_store_| is NULL, we intentionally fall through to
164 // SelectCertificateOnUIThread. This is for platforms where the client cert
165 // matching is not performed by Chrome. Those platforms handle the cert
166 // matching before showing the dialog.
167 if (core_->has_client_cert_store() &&
168 cert_request_info_->client_certs.empty()) {
169 // No need to query the user if there are no certs to choose from.
171 // TODO(davidben): The WebContents-less check on the UI thread should come
172 // before checking ClientCertStore; ClientCertStore itself should probably
173 // be handled by the embedder (https://crbug.com/394131), especially since
174 // this doesn't work on Android (https://crbug.com/345641).
175 BrowserThread::PostTask(
176 BrowserThread::IO, FROM_HERE,
177 base::Bind(&SSLClientAuthHandler::ContinueWithCertificate,
178 weak_factory_.GetWeakPtr(),
179 scoped_refptr<net::X509Certificate>()));
180 return;
183 int render_process_host_id;
184 int render_frame_host_id;
185 if (!ResourceRequestInfo::ForRequest(request_)->GetAssociatedRenderFrame(
186 &render_process_host_id, &render_frame_host_id)) {
187 NOTREACHED();
188 BrowserThread::PostTask(
189 BrowserThread::IO, FROM_HERE,
190 base::Bind(&SSLClientAuthHandler::CancelCertificateSelection,
191 weak_factory_.GetWeakPtr()));
192 return;
195 BrowserThread::PostTask(
196 BrowserThread::UI, FROM_HERE,
197 base::Bind(&SelectCertificateOnUIThread, render_process_host_id,
198 render_frame_host_id, cert_request_info_,
199 weak_factory_.GetWeakPtr()));
202 } // namespace content