Add a temporary command-line switch --auto-ssl-client-auth for

automatically selecting a client certificate when an SSL server
requests client authentication.

This switch will be removed when we implement client certificate
selection UI.

Also fix some cpplint.py nits.

R=jcampan
BUG=http://crbug.com/318
TEST=none
Review URL: http://codereview.chromium.org/131090

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@18819 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 34 insertions, 4 deletions

diff --git a/chrome/browser/renderer_host/resource_dispatcher_host.cc b/chrome/browser/renderer_host/resource_dispatcher_host.cc
index c690f98..32de83b 100644
--- a/chrome/browser/renderer_host/resource_dispatcher_host.cc
+++ b/chrome/browser/renderer_host/resource_dispatcher_host.cc
@@ -8,6 +8,7 @@
 
 #include <vector>
 
+#include "base/command_line.h"
 #include "base/message_loop.h"
 #include "base/scoped_ptr.h"
 #include "base/stl_util-inl.h"
@@ -33,6 +34,7 @@
 #include "chrome/browser/renderer_host/sync_resource_handler.h"
 #include "chrome/browser/tab_contents/tab_util.h"
 #include "chrome/browser/tab_contents/tab_contents.h"
+#include "chrome/common/chrome_switches.h"
 #include "chrome/common/notification_service.h"
 #include "chrome/common/render_messages.h"
 #include "net/base/auth.h"
@@ -40,6 +42,7 @@
 #include "net/base/load_flags.h"
 #include "net/base/mime_util.h"
 #include "net/base/net_errors.h"
+#include "net/base/ssl_cert_request_info.h"
 #include "net/url_request/url_request.h"
 #include "webkit/glue/webappcachecontext.h"
 
@@ -108,7 +111,8 @@ bool ShouldServiceRequest(ChildProcessInfo::ProcessType process_type,
   if (process_type == ChildProcessInfo::PLUGIN_PROCESS)
     return true;
 
-  ChildProcessSecurityPolicy* policy = ChildProcessSecurityPolicy::GetInstance();
+  ChildProcessSecurityPolicy* policy =
+      ChildProcessSecurityPolicy::GetInstance();
 
   // Check if the renderer is permitted to request the requested URL.
   if (!policy->CanRequestURL(process_id, request_data.url)) {
@@ -620,9 +624,9 @@ void ResourceDispatcherHost::CancelRequest(int process_id,
     if (!i->second->is_pending() && allow_delete) {
       // No io is pending, canceling the request won't notify us of anything,
       // so we explicitly remove it.
-      // TODO: removing the request in this manner means we're not notifying
-      // anyone. We need make sure the event handlers and others are notified
-      // so that everything is cleaned up properly.
+      // TODO(sky): removing the request in this manner means we're not
+      // notifying anyone. We need make sure the event handlers and others are
+      // notified so that everything is cleaned up properly.
       RemovePendingRequest(info->process_id, info->request_id);
     } else {
       i->second->Cancel();
@@ -846,6 +850,19 @@ void ResourceDispatcherHost::OnAuthRequired(
   info->login_handler = CreateLoginPrompt(auth_info, request, ui_loop_);
 }
 
+void ResourceDispatcherHost::OnCertificateRequested(
+      URLRequest* request,
+      net::SSLCertRequestInfo* cert_request_info) {
+  DCHECK(request);
+
+  bool select_first_cert = CommandLine::ForCurrentProcess()->HasSwitch(
+      switches::kAutoSSLClientAuth);
+  net::X509Certificate* cert =
+      select_first_cert && !cert_request_info->client_certs.empty() ?
+      cert_request_info->client_certs[0] : NULL;
+  request->ContinueWithCertificate(cert);
+}
+
 void ResourceDispatcherHost::OnSSLCertificateError(
     URLRequest* request,
     int cert_error,
diff --git a/chrome/browser/renderer_host/resource_dispatcher_host.h b/chrome/browser/renderer_host/resource_dispatcher_host.h
index ecabe59..685acdd 100644
--- a/chrome/browser/renderer_host/resource_dispatcher_host.h
+++ b/chrome/browser/renderer_host/resource_dispatcher_host.h
@@ -302,6 +302,9 @@ class ResourceDispatcherHost : public URLRequest::Delegate {
                                   const GURL& new_url);
   virtual void OnAuthRequired(URLRequest* request,
                               net::AuthChallengeInfo* auth_info);
+  virtual void OnCertificateRequested(
+      URLRequest* request,
+      net::SSLCertRequestInfo* cert_request_info);
   virtual void OnSSLCertificateError(URLRequest* request,
                                      int cert_error,
                                      net::X509Certificate* cert);
diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc
index 452b6ad..5e739d6 100644
--- a/chrome/common/chrome_switches.cc
+++ b/chrome/common/chrome_switches.cc
@@ -263,6 +263,14 @@ const wchar_t kWinHttpProxyResolver[]          = L"winhttp-proxy-resolver";
 extern const wchar_t kDnsLogDetails[]          = L"dns-log-details";
 extern const wchar_t kDnsPrefetchDisable[]     = L"dns-prefetch-disable";
 
+// A temporary switch before we implement the client certificate selection UI.
+// When an SSL server requests client authentication, select a client
+// certificate automatically.
+// WARNING: This switch has privacy issues because it reveals the user's
+// identity to any server that requests a client certificate without the
+// user's consent.
+extern const wchar_t kAutoSSLClientAuth[]      = L"auto-ssl-client-auth";
+
 // Enables support to debug printing subsystem.
 const wchar_t kDebugPrint[]                    = L"debug-print";
 
diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h
index e3d9135..cd479af 100644
--- a/chrome/common/chrome_switches.h
+++ b/chrome/common/chrome_switches.h
@@ -90,6 +90,8 @@ extern const wchar_t kPrint[];
 extern const wchar_t kDnsLogDetails[];
 extern const wchar_t kDnsPrefetchDisable[];
 
+extern const wchar_t kAutoSSLClientAuth[];
+
 extern const wchar_t kAllowAllActiveX[];
 
 extern const wchar_t kDisableDevTools[];