Specify new methods for supporting SSL client authentication.

See the changes to url_request.h and ssl_cert_request_info.h. They are similar to the methods for handling SSL certificate errors and HTTP authentication. The handling of servers that request but don't require SSL client authentication is reimplemented using the new methods. R=rvargas,eroman BUG=http://crbug.com/318 TEST=none Review URL: http://codereview.chromium.org/118039 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@18322 0039d316-1c4b-4281-b951-d872f2087c98
author: wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-06-12 21:45:11 +0000
committer: wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-06-12 21:45:11 +0000
commit: 0b45559b42825a157d3f468e1a5ee102cc67d9a8 (patch)
tree: 00d25404d9803f5e905eab058cd175dca9fb68e0 /net/url_request
parent: 37a24e0d9e75a916c13900cf34d7c6b54acc2001 (diff)
download: chromium_src-0b45559b42825a157d3f468e1a5ee102cc67d9a8.zip
chromium_src-0b45559b42825a157d3f468e1a5ee102cc67d9a8.tar.gz
chromium_src-0b45559b42825a157d3f468e1a5ee102cc67d9a8.tar.bz2
6 files changed, 63 insertions, 6 deletions
diff --git a/net/url_request/url_request.cc b/net/url_request/url_request.cc
index ebfc376..b80ebe0 100644
--- a/net/url_request/url_request.cc
+++ b/net/url_request/url_request.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -367,6 +367,12 @@ void URLRequest::CancelAuth() {
   job_->CancelAuth();
 }
 
+void URLRequest::ContinueWithCertificate(net::X509Certificate* client_cert) {
+  DCHECK(job_);
+
+  job_->ContinueWithCertificate(client_cert);
+}
+
 void URLRequest::ContinueDespiteLastError() {
   DCHECK(job_);
 
diff --git a/net/url_request/url_request.h b/net/url_request/url_request.h
index 4f65f14..ed38cd7 100644
--- a/net/url_request/url_request.h
+++ b/net/url_request/url_request.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -24,6 +24,7 @@ class Time;
 
 namespace net {
 class IOBuffer;
+class SSLCertRequestInfo;
 class UploadData;
 class X509Certificate;
 }  // namespace net
@@ -145,6 +146,17 @@ class URLRequest {
       request->CancelAuth();
     }
 
+    // Called when we receive an SSL CertificateRequest message for client
+    // authentication.  The delegate should call
+    // request->ContinueWithCertificate() with the client certificate the user
+    // selected, or request->ContinueWithCertificate(NULL) to continue the SSL
+    // handshake without a client certificate.
+    virtual void OnCertificateRequested(
+        URLRequest* request,
+        net::SSLCertRequestInfo* cert_request_info) {
+      request->ContinueWithCertificate(NULL);
+    }
+
     // Called when using SSL and the server responds with a certificate with
     // an error, for example, whose common name does not match the common name
     // we were expecting for that host.  The delegate should either do the
@@ -423,6 +435,11 @@ class URLRequest {
   void SetAuth(const std::wstring& username, const std::wstring& password);
   void CancelAuth();
 
+  // This method can be called after the user selects a client certificate to
+  // instruct this URLRequest to continue with the request with the
+  // certificate.  Pass NULL if the user doesn't have a client certificate.
+  void ContinueWithCertificate(net::X509Certificate* client_cert);
+
   // This method can be called after some error notifications to instruct this
   // URLRequest to ignore the current error and continue with the request.  To
   // cancel the request instead, call Cancel().
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index 6ad2dc5..da56c8b 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -20,6 +20,7 @@
 #include "net/base/net_errors.h"
 #include "net/base/net_util.h"
 #include "net/base/sdch_manager.h"
+#include "net/base/ssl_cert_request_info.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_response_info.h"
 #include "net/http/http_transaction.h"
@@ -384,6 +385,26 @@ void URLRequestHttpJob::CancelAuth() {
       this, &URLRequestHttpJob::OnStartCompleted, net::OK));
 }
 
+void URLRequestHttpJob::ContinueWithCertificate(
+    net::X509Certificate* client_cert) {
+  DCHECK(transaction_.get());
+
+  DCHECK(!response_info_) << "should not have a response yet";
+
+  // No matter what, we want to report our status as IO pending since we will
+  // be notifying our consumer asynchronously via OnStartCompleted.
+  SetStatus(URLRequestStatus(URLRequestStatus::IO_PENDING, 0));
+
+  int rv = transaction_->RestartWithCertificate(client_cert, &start_callback_);
+  if (rv == net::ERR_IO_PENDING)
+    return;
+
+  // The transaction started synchronously, but we need to notify the
+  // URLRequest delegate via the message loop.
+  MessageLoop::current()->PostTask(FROM_HERE, NewRunnableMethod(
+      this, &URLRequestHttpJob::OnStartCompleted, rv));
+}
+
 void URLRequestHttpJob::ContinueDespiteLastError() {
   // If the transaction was destroyed, then the job was cancelled.
   if (!transaction_.get())
@@ -453,6 +474,9 @@ void URLRequestHttpJob::OnStartCompleted(int result) {
     // ssl_info.
     request_->delegate()->OnSSLCertificateError(
         request_, result, transaction_->GetResponseInfo()->ssl_info.cert);
+  } else if (result == net::ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
+    request_->delegate()->OnCertificateRequested(
+        request_, transaction_->GetResponseInfo()->cert_request_info);
   } else {
     NotifyStartError(URLRequestStatus(URLRequestStatus::FAILED, result));
   }
diff --git a/net/url_request/url_request_http_job.h b/net/url_request/url_request_http_job.h
index 7853f83..46078d4 100644
--- a/net/url_request/url_request_http_job.h
+++ b/net/url_request/url_request_http_job.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -54,6 +54,7 @@ class URLRequestHttpJob : public URLRequestJob {
   virtual void SetAuth(const std::wstring& username,
                        const std::wstring& password);
   virtual void CancelAuth();
+  virtual void ContinueWithCertificate(net::X509Certificate* client_cert);
   virtual void ContinueDespiteLastError();
   virtual bool GetMoreData();
   virtual bool ReadRawData(net::IOBuffer* buf, int buf_size, int *bytes_read);
diff --git a/net/url_request/url_request_job.cc b/net/url_request/url_request_job.cc
index 3d7df3e..8f4429d 100644
--- a/net/url_request/url_request_job.cc
+++ b/net/url_request/url_request_job.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -90,6 +90,12 @@ void URLRequestJob::CancelAuth() {
   NOTREACHED();
 }
 
+void URLRequestJob::ContinueWithCertificate(
+    net::X509Certificate* client_cert) {
+  // The derived class should implement this!
+  NOTREACHED();
+}
+
 void URLRequestJob::ContinueDespiteLastError() {
   // Implementations should know how to recover from errors they generate.
   // If this code was reached, we are trying to recover from an error that
diff --git a/net/url_request/url_request_job.h b/net/url_request/url_request_job.h
index 301bb3b..558d9ad 100644
--- a/net/url_request/url_request_job.h
+++ b/net/url_request/url_request_job.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -19,6 +19,7 @@ class AuthChallengeInfo;
 class HttpResponseInfo;
 class IOBuffer;
 class UploadData;
+class X509Certificate;
 }
 
 class GURL;
@@ -176,6 +177,8 @@ class URLRequestJob : public base::RefCountedThreadSafe<URLRequestJob>,
   // Display the error page without asking for credentials again.
   virtual void CancelAuth();
 
+  virtual void ContinueWithCertificate(net::X509Certificate* client_cert);
+
   // Continue processing the request ignoring the last error.
   virtual void ContinueDespiteLastError();
author	wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-06-12 21:45:11 +0000
committer	wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-06-12 21:45:11 +0000
commit	0b45559b42825a157d3f468e1a5ee102cc67d9a8 (patch)
tree	00d25404d9803f5e905eab058cd175dca9fb68e0 /net/url_request
parent	37a24e0d9e75a916c13900cf34d7c6b54acc2001 (diff)
download	chromium_src-0b45559b42825a157d3f468e1a5ee102cc67d9a8.zip chromium_src-0b45559b42825a157d3f468e1a5ee102cc67d9a8.tar.gz chromium_src-0b45559b42825a157d3f468e1a5ee102cc67d9a8.tar.bz2