Add a command-line flag to have URLFetcher ignore certificate requests

Because having individual URLFetchers ignore certificate
requests affects the URLRequestContext-wide socket pools,
the behaviour is marked as a command-line flag. This is
intended for development purposes when configuring alternate
service endpoints for various URLFetcher-based services that
may be configured to optionally request client auth, and for
which this behaviour cannot be easily turned off.

BUG=168602
TEST=Use --lso-host with a locally-defined service endpoint, ensure that attempts to sign in work.
TBR=thakis


Review URL: https://chromiumcodereview.appspot.com/12095075

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@179861 0039d316-1c4b-4281-b951-d872f2087c98

6 files changed, 40 insertions, 0 deletions

diff --git a/net/url_request/url_fetcher.cc b/net/url_request/url_fetcher.cc
index e0fd5d1..3cc75ad 100644
--- a/net/url_request/url_fetcher.cc
+++ b/net/url_request/url_fetcher.cc
@@ -40,4 +40,9 @@ void net::URLFetcher::SetEnableInterceptionForTests(bool enabled) {
   URLFetcherImpl::SetEnableInterceptionForTests(enabled);
 }
 
+// static
+void net::URLFetcher::SetIgnoreCertificateRequests(bool ignored) {
+  URLFetcherImpl::SetIgnoreCertificateRequests(ignored);
+}
+
 }  // namespace net
diff --git a/net/url_request/url_fetcher.h b/net/url_request/url_fetcher.h
index 211994d..815dac0 100644
--- a/net/url_request/url_fetcher.h
+++ b/net/url_request/url_fetcher.h
@@ -117,6 +117,13 @@ class NET_EXPORT URLFetcher {
   // of testing code that uses an URLFetcher.
   static void SetEnableInterceptionForTests(bool enabled);
 
+  // Normally, URLFetcher will abort loads that request SSL client certificate
+  // authentication, but this method may be used to cause URLFetchers to ignore
+  // requests for client certificates and continue anonymously. Because such
+  // behaviour affects the URLRequestContext's shared network state and socket
+  // pools, it should only be used for testing.
+  static void SetIgnoreCertificateRequests(bool ignored);
+
   // Sets data only needed by POSTs.  All callers making POST requests should
   // call one of the SetUploadData* methods before the request is started.
   // |upload_content_type| is the MIME type of the content, while
diff --git a/net/url_request/url_fetcher_core.cc b/net/url_request/url_fetcher_core.cc
index de00d9e..0f3f8e2 100644
--- a/net/url_request/url_fetcher_core.cc
+++ b/net/url_request/url_fetcher_core.cc
@@ -28,6 +28,7 @@ namespace {
 const int kBufferSize = 4096;
 const int kUploadProgressTimerInterval = 100;
 bool g_interception_enabled = false;
+bool g_ignore_certificate_requests = false;
 
 }  // namespace
 
@@ -572,6 +573,19 @@ void URLFetcherCore::OnResponseStarted(URLRequest* request) {
   ReadResponse();
 }
 
+void URLFetcherCore::OnCertificateRequested(
+    URLRequest* request,
+    SSLCertRequestInfo* cert_request_info) {
+  DCHECK_EQ(request, request_.get());
+  DCHECK(network_task_runner_->BelongsToCurrentThread());
+
+  if (g_ignore_certificate_requests) {
+    request->ContinueWithCertificate(NULL);
+  } else {
+    request->Cancel();
+  }
+}
+
 void URLFetcherCore::OnReadCompleted(URLRequest* request,
                                      int bytes_read) {
   DCHECK(request == request_);
@@ -637,6 +651,10 @@ void URLFetcherCore::SetEnableInterceptionForTests(bool enabled) {
   g_interception_enabled = enabled;
 }
 
+void URLFetcherCore::SetIgnoreCertificateRequests(bool ignored) {
+  g_ignore_certificate_requests = ignored;
+}
+
 URLFetcherCore::~URLFetcherCore() {
   // |request_| should be NULL.  If not, it's unsafe to delete it here since we
   // may not be on the IO thread.
diff --git a/net/url_request/url_fetcher_core.h b/net/url_request/url_fetcher_core.h
index 69beeb5..346a929 100644
--- a/net/url_request/url_fetcher_core.h
+++ b/net/url_request/url_fetcher_core.h
@@ -124,11 +124,15 @@ class URLFetcherCore
   virtual void OnResponseStarted(URLRequest* request) OVERRIDE;
   virtual void OnReadCompleted(URLRequest* request,
                                int bytes_read) OVERRIDE;
+  virtual void OnCertificateRequested(
+      URLRequest* request,
+      SSLCertRequestInfo* cert_request_info) OVERRIDE;
 
   URLFetcherDelegate* delegate() const { return delegate_; }
   static void CancelAll();
   static int GetNumFetcherCores();
   static void SetEnableInterceptionForTests(bool enabled);
+  static void SetIgnoreCertificateRequests(bool ignored);
 
  private:
   friend class base::RefCountedThreadSafe<URLFetcherCore>;
diff --git a/net/url_request/url_fetcher_impl.cc b/net/url_request/url_fetcher_impl.cc
index f7493de..5e4fbc3 100644
--- a/net/url_request/url_fetcher_impl.cc
+++ b/net/url_request/url_fetcher_impl.cc
@@ -191,6 +191,11 @@ void URLFetcherImpl::SetEnableInterceptionForTests(bool enabled) {
 }
 
 // static
+void URLFetcherImpl::SetIgnoreCertificateRequests(bool ignored) {
+  URLFetcherCore::SetIgnoreCertificateRequests(ignored);
+}
+
+// static
 int URLFetcherImpl::GetNumFetcherCores() {
   return URLFetcherCore::GetNumFetcherCores();
 }
diff --git a/net/url_request/url_fetcher_impl.h b/net/url_request/url_fetcher_impl.h
index c8d7418ff..72b944e 100644
--- a/net/url_request/url_fetcher_impl.h
+++ b/net/url_request/url_fetcher_impl.h
@@ -91,6 +91,7 @@ class NET_EXPORT_PRIVATE URLFetcherImpl : public URLFetcher {
   static void CancelAll();
 
   static void SetEnableInterceptionForTests(bool enabled);
+  static void SetIgnoreCertificateRequests(bool ignored);
 
   // TODO(akalin): Make these private again once URLFetcher::Create()
   // is in net/.