root/content/browser/ssl/ssl_client_auth_handler.cc

DEFINITIONS

1. client_cert_store_
2. OnRequestCancelled
3. SelectCertificate
4. CertificateSelected
5. DidGetClientCerts
6. DoCertificateSelected
7. DoSelectCertificate

// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "content/browser/ssl/ssl_client_auth_handler.h"

#include "base/bind.h"
#include "content/browser/loader/resource_dispatcher_host_impl.h"
#include "content/browser/loader/resource_request_info_impl.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/content_browser_client.h"
#include "net/cert/x509_certificate.h"
#include "net/http/http_transaction_factory.h"
#include "net/ssl/client_cert_store.h"
#include "net/url_request/url_request.h"
#include "net/url_request/url_request_context.h"

namespace content {

SSLClientAuthHandler::SSLClientAuthHandler(
    scoped_ptr<net::ClientCertStore> client_cert_store,
    net::URLRequest* request,
    net::SSLCertRequestInfo* cert_request_info)
    : request_(request),
      http_network_session_(
          request_->context()->http_transaction_factory()->GetSession()),
      cert_request_info_(cert_request_info),
      client_cert_store_(client_cert_store.Pass()) {
  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
}

SSLClientAuthHandler::~SSLClientAuthHandler() {
  // If we were simply dropped, then act as if we selected no certificate.
  DoCertificateSelected(NULL);
}

void SSLClientAuthHandler::OnRequestCancelled() {
  request_ = NULL;
}

void SSLClientAuthHandler::SelectCertificate() {
  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
  DCHECK(request_);

  if (client_cert_store_) {
    client_cert_store_->GetClientCerts(
        *cert_request_info_,
        &cert_request_info_->client_certs,
        base::Bind(&SSLClientAuthHandler::DidGetClientCerts, this));
  } else {
    DidGetClientCerts();
  }
}

void SSLClientAuthHandler::CertificateSelected(net::X509Certificate* cert) {
  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

  VLOG(1) << this << " CertificateSelected " << cert;
  BrowserThread::PostTask(
      BrowserThread::IO, FROM_HERE,
      base::Bind(
          &SSLClientAuthHandler::DoCertificateSelected, this,
          make_scoped_refptr(cert)));
}

void SSLClientAuthHandler::DidGetClientCerts() {
  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
  // Request may have cancelled while we were getting client certs.
  if (!request_)
    return;

  // Note that if |client_cert_store_| is NULL, we intentionally fall through to
  // DoCertificateSelected. This is for platforms where the client cert matching
  // is not performed by Chrome, the platform can handle the cert matching
  // before showing the dialog.
  if (client_cert_store_ && cert_request_info_->client_certs.empty()) {
    // No need to query the user if there are no certs to choose from.
    DoCertificateSelected(NULL);
    return;
  }

  int render_process_host_id;
  int render_frame_host_id;
  if (!ResourceRequestInfo::ForRequest(request_)->GetAssociatedRenderFrame(
          &render_process_host_id,
          &render_frame_host_id))
    NOTREACHED();

  // If the RVH does not exist by the time this task gets run, then the task
  // will be dropped and the scoped_refptr to SSLClientAuthHandler will go
  // away, so we do not leak anything. The destructor takes care of ensuring
  // the net::URLRequest always gets a response.
  BrowserThread::PostTask(
      BrowserThread::UI, FROM_HERE,
      base::Bind(
          &SSLClientAuthHandler::DoSelectCertificate, this,
          render_process_host_id, render_frame_host_id));
}

void SSLClientAuthHandler::DoCertificateSelected(net::X509Certificate* cert) {
  VLOG(1) << this << " DoCertificateSelected " << cert;
  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
  // request_ could have been NULLed if the request was cancelled while the
  // user was choosing a cert, or because we have already responded to the
  // certificate.
  if (request_) {
    request_->ContinueWithCertificate(cert);

    ResourceDispatcherHostImpl::Get()->
        ClearSSLClientAuthHandlerForRequest(request_);
    request_ = NULL;
  }
}

void SSLClientAuthHandler::DoSelectCertificate(
    int render_process_host_id, int render_frame_host_id) {
  GetContentClient()->browser()->SelectClientCertificate(
      render_process_host_id,
      render_frame_host_id,
      http_network_session_,
      cert_request_info_.get(),
      base::Bind(&SSLClientAuthHandler::CertificateSelected, this));
}

}  // namespace content