A first implementation of the SSL client auth UI.This uses the Windows API that prompts the user for a cert.R=wtcBUG=http://crbug.com/318TEST=Visit a site that requires client auth. A dialog to select a certificate should be shown. Try selecting no cert. Try again this time select a cert.

Review URL: http://codereview.chromium.org/147233

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@19456 0039d316-1c4b-4281-b951-d872f2087c98

8 files changed, 192 insertions, 16 deletions

diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd
index cb03483..9f00cec 100644
--- a/chrome/app/generated_resources.grd
+++ b/chrome/app/generated_resources.grd
@@ -2819,6 +2819,15 @@ each locale. -->
         The page at <ph name="SECURE_PAGE_URL">$1<ex>https://www.google.com/</ex></ph> contains insecure content from <ph name="INSECURE_RESOURCE_URL">$2<ex>http://www.google.com/</ex></ph>.
       </message>
 
+      <!-- SSL client authentication certificate selection dialog -->
+      <message name="IDS_CLIENT_CERT_DIALOG_TITLE" desc="The title of the dialog that prompts for a certificate when doing SSL client authentication.">
+        Select a certificate
+      </message>
+
+      <message name="IDS_CLIENT_CERT_DIALOG_TEXT" desc="The text in the dialog that prompts for a certificate when doing SSL client authentication.">
+        Select a certificate to authenticate yourself to <ph name="HOST_NAME">$1<ex>www.google.com</ex></ph>
+      </message>
+
       <!-- Advanced Font/Language settings -->
       <message name="IDS_FONT_LANGUAGE_SETTING_WINDOWS_TITLE" desc="Title that appears in the dialogue title bar for advanced font/encoding settings">
         Fonts and Languages
diff --git a/chrome/browser/renderer_host/resource_dispatcher_host.cc b/chrome/browser/renderer_host/resource_dispatcher_host.cc
index 36ddf5d..8ffa2ca 100644
--- a/chrome/browser/renderer_host/resource_dispatcher_host.cc
+++ b/chrome/browser/renderer_host/resource_dispatcher_host.cc
@@ -34,6 +34,7 @@
 #include "chrome/browser/renderer_host/safe_browsing_resource_handler.h"
 #include "chrome/browser/renderer_host/save_file_resource_handler.h"
 #include "chrome/browser/renderer_host/sync_resource_handler.h"
+#include "chrome/browser/ssl/ssl_client_auth_handler.h"
 #include "chrome/browser/tab_contents/tab_util.h"
 #include "chrome/browser/tab_contents/tab_contents.h"
 #include "chrome/common/chrome_switches.h"
@@ -647,6 +648,10 @@ void ResourceDispatcherHost::CancelRequest(int process_id,
       info->login_handler->OnRequestCancelled();
       info->login_handler = NULL;
     }
+    if (info->ssl_client_auth_handler) {
+      info->ssl_client_auth_handler->OnRequestCancelled();
+      info->ssl_client_auth_handler = NULL;
+    }
     if (!i->second->is_pending() && allow_delete) {
       // No io is pending, canceling the request won't notify us of anything,
       // so we explicitly remove it.
@@ -881,12 +886,18 @@ void ResourceDispatcherHost::OnCertificateRequested(
       net::SSLCertRequestInfo* cert_request_info) {
   DCHECK(request);
 
-  bool select_first_cert = CommandLine::ForCurrentProcess()->HasSwitch(
-      switches::kAutoSSLClientAuth);
-  net::X509Certificate* cert =
-      select_first_cert && !cert_request_info->client_certs.empty() ?
-      cert_request_info->client_certs[0] : NULL;
-  request->ContinueWithCertificate(cert);
+  if (cert_request_info->client_certs.empty()) {
+    // No need to query the user if there are no certs to choose from.
+    request->ContinueWithCertificate(NULL);
+    return;
+  }
+
+  ExtraRequestInfo* info = ExtraInfoForRequest(request);
+  DCHECK(!info->ssl_client_auth_handler) <<
+      "OnCertificateRequested called with ssl_client_auth_handler pending";
+  info->ssl_client_auth_handler =
+      new SSLClientAuthHandler(request, cert_request_info, io_loop_, ui_loop_);
+  info->ssl_client_auth_handler->SelectCertificate();
 }
 
 void ResourceDispatcherHost::OnSSLCertificateError(
diff --git a/chrome/browser/renderer_host/resource_dispatcher_host.h b/chrome/browser/renderer_host/resource_dispatcher_host.h
index eaf6323..ee07f53 100644
--- a/chrome/browser/renderer_host/resource_dispatcher_host.h
+++ b/chrome/browser/renderer_host/resource_dispatcher_host.h
@@ -36,6 +36,7 @@ class MessageLoop;
 class PluginService;
 class SafeBrowsingService;
 class SaveFileManager;
+class SSLClientAuthHandler;
 class URLRequestContext;
 class WebKitThread;
 struct ViewHostMsg_Resource_Request;
@@ -85,6 +86,7 @@ class ResourceDispatcherHost : public URLRequest::Delegate {
         : resource_handler(handler),
           cross_site_handler(NULL),
           login_handler(NULL),
+          ssl_client_auth_handler(NULL),
           process_type(process_type),
           process_id(process_id),
           route_id(route_id),
@@ -116,6 +118,8 @@ class ResourceDispatcherHost : public URLRequest::Delegate {
 
     LoginHandler* login_handler;
 
+    SSLClientAuthHandler* ssl_client_auth_handler;
+
     ChildProcessInfo::ProcessType process_type;
 
     int process_id;
diff --git a/chrome/browser/ssl/ssl_client_auth_handler.cc b/chrome/browser/ssl/ssl_client_auth_handler.cc
new file mode 100644
index 0000000..c986885
--- /dev/null
+++ b/chrome/browser/ssl/ssl_client_auth_handler.cc
@@ -0,0 +1,100 @@
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/ssl/ssl_client_auth_handler.h"
+
+#if defined (OS_WIN)
+#include <cryptuiapi.h>
+#pragma comment(lib, "cryptui.lib")
+#endif
+
+#include "app/l10n_util.h"
+#include "base/message_loop.h"
+#include "base/string_util.h"
+#include "chrome/browser/browser_list.h"
+#include "chrome/browser/browser.h"
+#include "chrome/browser/browser_window.h"
+#include "grit/generated_resources.h"
+#include "net/url_request/url_request.h"
+
+SSLClientAuthHandler::SSLClientAuthHandler(
+    URLRequest* request,
+    net::SSLCertRequestInfo* cert_request_info,
+    MessageLoop* io_loop,
+    MessageLoop* ui_loop)
+    : request_(request),
+      cert_request_info_(cert_request_info),
+      io_loop_(io_loop),
+      ui_loop_(ui_loop) {
+  // Keep us alive until a cert is selected.
+  AddRef();
+}
+
+SSLClientAuthHandler::~SSLClientAuthHandler() {
+}
+
+void SSLClientAuthHandler::OnRequestCancelled() {
+  request_ = NULL;
+}
+
+void SSLClientAuthHandler::SelectCertificate() {
+  // Let's move the request to the UI thread.
+  ui_loop_->PostTask(FROM_HERE, NewRunnableMethod(this,
+      &SSLClientAuthHandler::DoSelectCertificate));
+}
+
+void SSLClientAuthHandler::DoSelectCertificate() {
+  net::X509Certificate* cert = NULL;
+#if defined(OS_WIN)
+  // TODO(jcampan): replace this with our own cert selection dialog.
+  // CryptUIDlgSelectCertificateFromStore is blocking (but still processes
+  // Windows messages), which is scary.
+  HCERTSTORE client_certs = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, NULL,
+                                          0, NULL);
+  BOOL ok;
+  for (size_t i = 0; i < cert_request_info_->client_certs.size(); ++i) {
+    PCCERT_CONTEXT cc = cert_request_info_->client_certs[i]->os_cert_handle();
+    ok = CertAddCertificateContextToStore(client_certs, cc,
+                                          CERT_STORE_ADD_ALWAYS, NULL);
+    DCHECK(ok);
+  }
+
+  HWND browser_hwnd = NULL;
+  Browser* browser = BrowserList::GetLastActive();
+  if (browser)
+    browser_hwnd = browser->window()->GetNativeHandle();
+
+  std::wstring title = l10n_util::GetString(IDS_CLIENT_CERT_DIALOG_TITLE);
+  std::wstring text = l10n_util::GetStringF(
+      IDS_CLIENT_CERT_DIALOG_TEXT,
+      ASCIIToWide(cert_request_info_->host_and_port));
+  PCCERT_CONTEXT cert_context = CryptUIDlgSelectCertificateFromStore(
+      client_certs, browser_hwnd, title.c_str(), text.c_str(), 0, 0, NULL);
+
+  if (cert_context) {
+    cert = net::X509Certificate::CreateFromHandle(
+        cert_context,
+        net::X509Certificate::SOURCE_LONE_CERT_IMPORT);
+  }
+
+  ok = CertCloseStore(client_certs, CERT_CLOSE_STORE_CHECK_FLAG);
+  DCHECK(ok);
+#else
+  NOTIMPLEMENTED();
+#endif
+
+  // Notify the IO thread that we have selected a cert.
+  io_loop_->PostTask(FROM_HERE, NewRunnableMethod(this,
+      &SSLClientAuthHandler::CertificateSelected, cert));
+}
+
+void SSLClientAuthHandler::CertificateSelected(net::X509Certificate* cert) {
+  // request_ could have been NULLed if the request was cancelled while the user
+  // was choosing a cert.
+  if (request_)
+    request_->ContinueWithCertificate(cert);
+
+  // We are done.
+  Release();
+}
diff --git a/chrome/browser/ssl/ssl_client_auth_handler.h b/chrome/browser/ssl/ssl_client_auth_handler.h
new file mode 100644
index 0000000..77b8aed
--- /dev/null
+++ b/chrome/browser/ssl/ssl_client_auth_handler.h
@@ -0,0 +1,60 @@
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_SSL_SSL_CLIENT_AUTH_HANDLER_H
+#define CHROME_BROWSER_SSL_SSL_CLIENT_AUTH_HANDLER_H
+
+#include "base/basictypes.h"
+#include "base/ref_counted.h"
+#include "net/base/ssl_cert_request_info.h"
+
+namespace net {
+class X509Certificate;
+}
+class MessageLoop;
+class URLRequest;
+
+// This class handles the approval and selection of a certificate for SSL client
+// authentication by the user.
+// It is self-owned and deletes itself when the UI reports the user selection or
+// when the URLRequest is cancelled.
+class SSLClientAuthHandler : public base::RefCounted<SSLClientAuthHandler> {
+ public:
+  SSLClientAuthHandler(URLRequest* request,
+                       net::SSLCertRequestInfo* cert_request_info,
+                       MessageLoop* io_loop,
+                       MessageLoop* ui_loop);
+  ~SSLClientAuthHandler();
+
+  // Asks the user to select a certificate and resumes the URL request with that
+  // certificate.
+  // Should only be called on the IO thread.
+  void SelectCertificate();
+
+  // Invoked when the request associated with this handler is cancelled.
+  // Should only be called on the IO thread.
+  void OnRequestCancelled();
+
+ private:
+  // Asks the user for a cert.
+  // Called on the UI thread.
+  void DoSelectCertificate();
+
+  // Notifies that the user has selected a cert.
+  // Called on the IO thread.
+  void CertificateSelected(net::X509Certificate* cert);
+
+  // The URLRequest that triggered this client auth.
+  URLRequest* request_;
+
+  // The certs to choose from.
+  scoped_refptr<net::SSLCertRequestInfo> cert_request_info_;
+
+  MessageLoop* io_loop_;
+  MessageLoop* ui_loop_;
+
+  DISALLOW_COPY_AND_ASSIGN(SSLClientAuthHandler);
+};
+
+#endif  // CHROME_BROWSER_SSL_SSL_CLIENT_AUTH_HANDLER_H
diff --git a/chrome/chrome.gyp b/chrome/chrome.gyp
index 3329313..c4965a8 100644
--- a/chrome/chrome.gyp
+++ b/chrome/chrome.gyp
@@ -1401,6 +1401,8 @@
         'browser/ssl/ssl_blocking_page.h',
         'browser/ssl/ssl_cert_error_handler.cc',
         'browser/ssl/ssl_cert_error_handler.h',
+        'browser/ssl/ssl_client_auth_handler.cc',
+        'browser/ssl/ssl_client_auth_handler.h',
         'browser/ssl/ssl_error_handler.cc',
         'browser/ssl/ssl_error_handler.h',
         'browser/ssl/ssl_error_info.cc',
diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc
index f45ca34..8f99057 100644
--- a/chrome/common/chrome_switches.cc
+++ b/chrome/common/chrome_switches.cc
@@ -269,14 +269,6 @@ const wchar_t kWinHttpProxyResolver[]          = L"winhttp-proxy-resolver";
 extern const wchar_t kDnsLogDetails[]          = L"dns-log-details";
 extern const wchar_t kDnsPrefetchDisable[]     = L"dns-prefetch-disable";
 
-// A temporary switch before we implement the client certificate selection UI.
-// When an SSL server requests client authentication, select a client
-// certificate automatically.
-// WARNING: This switch has privacy issues because it reveals the user's
-// identity to any server that requests a client certificate without the
-// user's consent.
-extern const wchar_t kAutoSSLClientAuth[]      = L"auto-ssl-client-auth";
-
 // Enables support to debug printing subsystem.
 const wchar_t kDebugPrint[]                    = L"debug-print";
 
diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h
index f18e56b..5663946 100644
--- a/chrome/common/chrome_switches.h
+++ b/chrome/common/chrome_switches.h
@@ -92,8 +92,6 @@ extern const wchar_t kPrint[];
 extern const wchar_t kDnsLogDetails[];
 extern const wchar_t kDnsPrefetchDisable[];
 
-extern const wchar_t kAutoSSLClientAuth[];
-
 extern const wchar_t kAllowAllActiveX[];
 
 extern const wchar_t kDisableDevTools[];