Chromecast: device identification for whitelisted apps and servers.

R=dougsteed@chromium.org,lcwu@chromium.org BUG=336640 Review URL: https://codereview.chromium.org/618863002 Cr-Commit-Position: refs/heads/master@{#297898}
author: gunsch <gunsch@chromium.org> 2014-10-02 13:54:11 -0700
committer: Commit bot <commit-bot@chromium.org> 2014-10-02 20:54:22 +0000
commit: b098afcdc9323e47baa8ad1f268f945a0b7120c3 (patch)
tree: 3d04496eabd04e86ec65a16bde362394829e034d /chromecast
parent: c9f8dbb5d34e0b92f4b9818c5ff1e37fc34768f8 (diff)
download: chromium_src-b098afcdc9323e47baa8ad1f268f945a0b7120c3.zip
chromium_src-b098afcdc9323e47baa8ad1f268f945a0b7120c3.tar.gz
chromium_src-b098afcdc9323e47baa8ad1f268f945a0b7120c3.tar.bz2
2 files changed, 59 insertions, 0 deletions
diff --git a/chromecast/shell/browser/cast_content_browser_client.cc b/chromecast/shell/browser/cast_content_browser_client.cc
index 18f86ad..fdab6f1 100644
--- a/chromecast/shell/browser/cast_content_browser_client.cc
+++ b/chromecast/shell/browser/cast_content_browser_client.cc
@@ -13,6 +13,7 @@
 #include "chromecast/shell/browser/cast_browser_context.h"
 #include "chromecast/shell/browser/cast_browser_main_parts.h"
 #include "chromecast/shell/browser/cast_browser_process.h"
+#include "chromecast/shell/browser/cast_network_delegate.h"
 #include "chromecast/shell/browser/devtools/cast_dev_tools_delegate.h"
 #include "chromecast/shell/browser/geolocation/cast_access_token_store.h"
 #include "chromecast/shell/browser/url_request_context_factory.h"
@@ -23,6 +24,7 @@
 #include "content/public/common/content_switches.h"
 #include "content/public/common/url_constants.h"
 #include "content/public/common/web_preferences.h"
+#include "net/ssl/ssl_cert_request_info.h"
 
 namespace chromecast {
 namespace shell {
@@ -134,6 +136,54 @@ void CastContentBrowserClient::AllowCertificateError(
   return;
 }
 
+void CastContentBrowserClient::SelectClientCertificate(
+    int render_process_id,
+    int render_view_id,
+    const net::HttpNetworkSession* network_session,
+    net::SSLCertRequestInfo* cert_request_info,
+    const base::Callback<void(net::X509Certificate*)>& callback) {
+  GURL requesting_url("https://" + cert_request_info->host_and_port.ToString());
+
+  if (!requesting_url.is_valid()) {
+    LOG(ERROR) << "Invalid URL string: "
+               << requesting_url.possibly_invalid_spec();
+    callback.Run(NULL);
+    return;
+  }
+
+  // In our case there are no relevant certs in the cert_request_info. The cert
+  // we need to return (if permitted) is the Cast device cert, which we can
+  // access directly through the ClientAuthSigner instance. However, we need to
+  // be on the IO thread to determine whether the app is whitelisted to return
+  // it, because CastNetworkDelegate is bound to the IO thread.
+  // Subsequently, the callback must then itself be performed back here
+  // on the UI thread.
+  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+  content::BrowserThread::PostTaskAndReplyWithResult(
+      content::BrowserThread::IO,
+      FROM_HERE,
+      base::Bind(
+          &CastContentBrowserClient::SelectClientCertificateOnIOThread,
+          base::Unretained(this),
+          requesting_url),
+      callback);
+}
+
+net::X509Certificate*
+CastContentBrowserClient::SelectClientCertificateOnIOThread(
+    GURL requesting_url) {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+  CastNetworkDelegate* network_delegate =
+      url_request_context_factory_->app_network_delegate();
+  if (network_delegate->IsWhitelisted(requesting_url, false)) {
+    return CastNetworkDelegate::DeviceCert();
+  } else {
+    LOG(ERROR) << "Invalid host for client certificate request: "
+               << requesting_url.host();
+    return NULL;
+  }
+}
+
 bool CastContentBrowserClient::CanCreateWindow(
     const GURL& opener_url,
     const GURL& opener_top_level_frame_url,
diff --git a/chromecast/shell/browser/cast_content_browser_client.h b/chromecast/shell/browser/cast_content_browser_client.h
index c0b6793..49c719c 100644
--- a/chromecast/shell/browser/cast_content_browser_client.h
+++ b/chromecast/shell/browser/cast_content_browser_client.h
@@ -50,6 +50,12 @@ class CastContentBrowserClient: public content::ContentBrowserClient {
       bool expired_previous_decision,
       const base::Callback<void(bool)>& callback,
       content::CertificateRequestResultType* result) OVERRIDE;
+  virtual void SelectClientCertificate(
+      int render_process_id,
+      int render_frame_id,
+      const net::HttpNetworkSession* network_session,
+      net::SSLCertRequestInfo* cert_request_info,
+      const base::Callback<void(net::X509Certificate*)>& callback) OVERRIDE;
   virtual bool CanCreateWindow(
       const GURL& opener_url,
       const GURL& opener_top_level_frame_url,
@@ -73,6 +79,9 @@ class CastContentBrowserClient: public content::ContentBrowserClient {
       content::FileDescriptorInfo* mappings) OVERRIDE;
 
  private:
+  net::X509Certificate* SelectClientCertificateOnIOThread(
+      GURL requesting_url);
+
   scoped_ptr<URLRequestContextFactory> url_request_context_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(CastContentBrowserClient);
author	gunsch <gunsch@chromium.org>	2014-10-02 13:54:11 -0700
committer	Commit bot <commit-bot@chromium.org>	2014-10-02 20:54:22 +0000
commit	b098afcdc9323e47baa8ad1f268f945a0b7120c3 (patch)
tree	3d04496eabd04e86ec65a16bde362394829e034d /chromecast
parent	c9f8dbb5d34e0b92f4b9818c5ff1e37fc34768f8 (diff)
download	chromium_src-b098afcdc9323e47baa8ad1f268f945a0b7120c3.zip chromium_src-b098afcdc9323e47baa8ad1f268f945a0b7120c3.tar.gz chromium_src-b098afcdc9323e47baa8ad1f268f945a0b7120c3.tar.bz2