Provides a certificate for SSL client authentication on NSS sockets.

GUI is still missing, so certificates and private keys have to be
stored manually, p.e.:
$ pk12util -d sql:$HOME/.pki/nssdb -i PKCS12_file.p12
Adds --auto-ssl-client-auth command-line option to enable this feature.

Patch contributed by Jaime Soriano <jsorianopastor@gmail.com>.
Original review URL: http://codereview.chromium.org/220009

R=wtc
BUG=16830
TEST=Try to connect to a web page that requires SSL authentication and
confirm that it connects if and only if a valid certificate is stored in
the ~/.pki/nssdb database.
Review URL: http://codereview.chromium.org/276037

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@29188 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 23 insertions, 0 deletions

diff --git a/chrome/browser/renderer_host/resource_dispatcher_host.cc b/chrome/browser/renderer_host/resource_dispatcher_host.cc
index e1d89fe..597c931 100644
--- a/chrome/browser/renderer_host/resource_dispatcher_host.cc
+++ b/chrome/browser/renderer_host/resource_dispatcher_host.cc
@@ -1052,6 +1052,14 @@ void ResourceDispatcherHost::OnCertificateRequested(
     net::SSLCertRequestInfo* cert_request_info) {
   DCHECK(request);
 
+#if defined(OS_LINUX)
+  bool select_first_cert = CommandLine::ForCurrentProcess()->HasSwitch(
+      switches::kAutoSSLClientAuth);
+  net::X509Certificate* cert =
+      select_first_cert && !cert_request_info->client_certs.empty() ?
+      cert_request_info->client_certs[0] : NULL;
+  request->ContinueWithCertificate(cert);
+#else
   if (cert_request_info->client_certs.empty()) {
     // No need to query the user if there are no certs to choose from.
     request->ContinueWithCertificate(NULL);
@@ -1064,6 +1072,7 @@ void ResourceDispatcherHost::OnCertificateRequested(
   info->set_ssl_client_auth_handler(
       new SSLClientAuthHandler(request, cert_request_info, io_loop_, ui_loop_));
   info->ssl_client_auth_handler()->SelectCertificate();
+#endif
 }
 
 void ResourceDispatcherHost::OnSSLCertificateError(
diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc
index bb11493..4003003 100644
--- a/chrome/common/chrome_switches.cc
+++ b/chrome/common/chrome_switches.cc
@@ -266,6 +266,16 @@ const char kWinHttpProxyResolver[]          = "winhttp-proxy-resolver";
 extern const char kDnsLogDetails[]          = "dns-log-details";
 extern const char kDnsPrefetchDisable[]     = "dns-prefetch-disable";
 
+#if defined(OS_LINUX)
+// A temporary switch before we implement the client certificate selection UI.
+// When an SSL server requests client authentication, select a client
+// certificate automatically.
+// WARNING: This switch has privacy issues because it reveals the user's
+// identity to any server that requests a client certificate without the
+// user's consent.
+const char kAutoSSLClientAuth[]             = "auto-ssl-client-auth";
+#endif
+
 // Enables support to debug printing subsystem.
 const char kDebugPrint[]                    = "debug-print";
 
diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h
index 48c9142..1b54673c 100644
--- a/chrome/common/chrome_switches.h
+++ b/chrome/common/chrome_switches.h
@@ -93,6 +93,10 @@ extern const char kPrint[];
 extern const char kDnsLogDetails[];
 extern const char kDnsPrefetchDisable[];
 
+#if defined(OS_LINUX)
+extern const char kAutoSSLClientAuth[];
+#endif
+
 extern const char kDisableDevTools[];
 extern const char kAlwaysEnableDevTools[];
 extern const char kEnableExtensionTimelineApi[];