diff options
22 files changed, 262 insertions, 32 deletions
diff --git a/chrome/app/policy/policy_templates.json b/chrome/app/policy/policy_templates.json index 5bad7e9..cb4bde4 100644 --- a/chrome/app/policy/policy_templates.json +++ b/chrome/app/policy/policy_templates.json @@ -94,7 +94,7 @@ # persistent IDs for all fields (but not for groups!) are needed. These are # specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs, # because doing so would break the deployed wire format! -# For your editing convenience: highest ID currently used: 101 +# For your editing convenience: highest ID currently used: 103 # # Placeholders: # The following placeholder strings are automatically substituted: @@ -1272,6 +1272,38 @@ 'desc': '''Allows you to set whether websites are allowed to track the users' physical location. Tracking the users' physical location can be allowed by default, denied by default or the user can be asked everytime a website requests the pysical location.''', }, { + 'name': 'DefaultAutoSelectCertificateSetting', + 'type': 'int-enum', + 'items': [ + { + 'name': 'AllowAutoSelectCertificate', + 'value': 1, + 'caption': '''Allows <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> to automatically select client certificates.''' + }, + { + 'name': 'AskAutoSelectCertificate', + 'value': 3, + 'caption': '''Asks the user to select a certificate whenever a site requests a client certificate.''', + }, + ], + 'supported_on': ['chrome.*:15-', 'chrome_os:0.15-'], + 'features': {'dynamic_refresh': 1}, + 'example_value': 1, + 'id': 102, + 'caption': '''Default setting for selecting client certificates''', + 'desc': '''Allows you to set whether a client certificate should be automatically selected by <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> (if possible), the user should be asked to select a client certificate or no certificates should be sent to sites requesting client certificates.''', + }, + { + 'name': 'AutoSelectCertificateForUrls', + 'type': 'list', + 'supported_on': ['chrome.*:15-', 'chrome_os:0.15-'], + 'features': {'dynamic_refresh': 1}, + 'example_value': ['https://www.example.com', '[*.]example.edu'], + 'id': 103, + 'caption': '''Automatically select client certificates for these sites''', + 'desc': '''Allows you to specify a list of url patterns that specify sites for which <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> should automatically select a client certificates, if the site requests a certificate.''', + }, + { 'name': 'CookiesAllowedForUrls', 'type': 'list', 'supported_on': ['chrome.*:11-', 'chrome_os:0.11-'], diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc index 40ecb76..6c330ac 100644 --- a/chrome/browser/chrome_content_browser_client.cc +++ b/chrome/browser/chrome_content_browser_client.cc @@ -478,7 +478,7 @@ void ChromeContentBrowserClient::AllowCertificateError( blocking_page->Show(); } -void ChromeContentBrowserClient::ShowClientCertificateRequestDialog( +void ChromeContentBrowserClient::SelectClientCertificate( int render_process_id, int render_view_id, SSLClientAuthHandler* handler) { @@ -491,7 +491,7 @@ void ChromeContentBrowserClient::ShowClientCertificateRequestDialog( TabContentsWrapper* wrapper = TabContentsWrapper::GetCurrentWrapperForContents(tab); - wrapper->ssl_helper()->ShowClientCertificateRequestDialog(handler); + wrapper->ssl_helper()->SelectClientCertificate(handler); } void ChromeContentBrowserClient::AddNewCertificate( diff --git a/chrome/browser/chrome_content_browser_client.h b/chrome/browser/chrome_content_browser_client.h index 1b207ea..73ca7ab 100644 --- a/chrome/browser/chrome_content_browser_client.h +++ b/chrome/browser/chrome_content_browser_client.h @@ -6,6 +6,8 @@ #define CHROME_BROWSER_CHROME_CONTENT_BROWSER_CLIENT_H_ #pragma once +#include <string> + #include "base/compiler_specific.h" #include "content/browser/content_browser_client.h" @@ -57,7 +59,7 @@ class ChromeContentBrowserClient : public content::ContentBrowserClient { SSLCertErrorHandler* handler, bool overridable, Callback2<SSLCertErrorHandler*, bool>::Type* callback) OVERRIDE; - virtual void ShowClientCertificateRequestDialog( + virtual void SelectClientCertificate( int render_process_id, int render_view_id, SSLClientAuthHandler* handler) OVERRIDE; diff --git a/chrome/browser/content_settings/content_settings_policy_provider.cc b/chrome/browser/content_settings/content_settings_policy_provider.cc index 3ee9395..22b2dae 100644 --- a/chrome/browser/content_settings/content_settings_policy_provider.cc +++ b/chrome/browser/content_settings/content_settings_policy_provider.cc @@ -37,6 +37,8 @@ const char* kPrefToManageType[CONTENT_SETTINGS_NUM_TYPES] = { prefs::kManagedDefaultPopupsSetting, prefs::kManagedDefaultGeolocationSetting, prefs::kManagedDefaultNotificationsSetting, + NULL, + prefs::kManagedDefaultAutoSelectCertificateSetting, }; struct PrefsForManagedContentSettingsMapEntry { @@ -48,6 +50,10 @@ struct PrefsForManagedContentSettingsMapEntry { const PrefsForManagedContentSettingsMapEntry kPrefsForManagedContentSettingsMap[] = { { + prefs::kManagedAutoSelectCertificateForUrls, + CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE, + CONTENT_SETTING_ALLOW + }, { prefs::kManagedCookiesAllowedForUrls, CONTENT_SETTINGS_TYPE_COOKIES, CONTENT_SETTING_ALLOW @@ -120,6 +126,8 @@ PolicyDefaultProvider::PolicyDefaultProvider(PrefService* prefs) pref_change_registrar_.Add(prefs::kManagedDefaultPopupsSetting, this); pref_change_registrar_.Add(prefs::kManagedDefaultGeolocationSetting, this); pref_change_registrar_.Add(prefs::kManagedDefaultNotificationsSetting, this); + pref_change_registrar_.Add( + prefs::kManagedDefaultAutoSelectCertificateSetting, this); } PolicyDefaultProvider::~PolicyDefaultProvider() { @@ -170,6 +178,9 @@ void PolicyDefaultProvider::Observe(int type, UpdateManagedDefaultSetting(CONTENT_SETTINGS_TYPE_GEOLOCATION); } else if (*name == prefs::kManagedDefaultNotificationsSetting) { UpdateManagedDefaultSetting(CONTENT_SETTINGS_TYPE_NOTIFICATIONS); + } else if (*name == prefs::kManagedDefaultAutoSelectCertificateSetting) { + UpdateManagedDefaultSetting( + CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE); } else { NOTREACHED() << "Unexpected preference observed"; return; @@ -241,6 +252,9 @@ void PolicyDefaultProvider::RegisterUserPrefs(PrefService* prefs) { prefs->RegisterIntegerPref(prefs::kManagedDefaultNotificationsSetting, CONTENT_SETTING_DEFAULT, PrefService::UNSYNCABLE_PREF); + prefs->RegisterIntegerPref(prefs::kManagedDefaultAutoSelectCertificateSetting, + CONTENT_SETTING_ASK, + PrefService::UNSYNCABLE_PREF); } // //////////////////////////////////////////////////////////////////////////// @@ -248,6 +262,8 @@ void PolicyDefaultProvider::RegisterUserPrefs(PrefService* prefs) { // static void PolicyProvider::RegisterUserPrefs(PrefService* prefs) { + prefs->RegisterListPref(prefs::kManagedAutoSelectCertificateForUrls, + PrefService::UNSYNCABLE_PREF); prefs->RegisterListPref(prefs::kManagedCookiesAllowedForUrls, PrefService::UNSYNCABLE_PREF); prefs->RegisterListPref(prefs::kManagedCookiesBlockedForUrls, @@ -279,6 +295,7 @@ PolicyProvider::PolicyProvider(PrefService* prefs, ReadManagedContentSettings(false); pref_change_registrar_.Init(prefs_); + pref_change_registrar_.Add(prefs::kManagedAutoSelectCertificateForUrls, this); pref_change_registrar_.Add(prefs::kManagedCookiesBlockedForUrls, this); pref_change_registrar_.Add(prefs::kManagedCookiesAllowedForUrls, this); pref_change_registrar_.Add(prefs::kManagedCookiesSessionOnlyForUrls, this); @@ -330,10 +347,12 @@ void PolicyProvider::GetContentSettingsFromPreferences( ContentSettingsType content_type = kPrefsForManagedContentSettingsMap[i].content_type; // If only one pattern was defined auto expand it to a pattern pair. + ContentSettingsPattern secondary_pattern = + !pattern_pair.second.IsValid() ? ContentSettingsPattern::Wildcard() + : pattern_pair.second; rules->push_back(MakeTuple( pattern_pair.first, - !pattern_pair.second.IsValid() ? ContentSettingsPattern::Wildcard() - : pattern_pair.second, + secondary_pattern, content_type, ResourceIdentifier(NO_RESOURCE_IDENTIFIER), kPrefsForManagedContentSettingsMap[i].setting)); @@ -436,7 +455,8 @@ void PolicyProvider::Observe(int type, if (type == chrome::NOTIFICATION_PREF_CHANGED) { DCHECK_EQ(prefs_, Source<PrefService>(source).ptr()); std::string* name = Details<std::string>(details).ptr(); - if (*name == prefs::kManagedCookiesAllowedForUrls || + if (*name == prefs::kManagedAutoSelectCertificateForUrls || + *name == prefs::kManagedCookiesAllowedForUrls || *name == prefs::kManagedCookiesBlockedForUrls || *name == prefs::kManagedCookiesSessionOnlyForUrls || *name == prefs::kManagedImagesAllowedForUrls || diff --git a/chrome/browser/content_settings/content_settings_policy_provider_unittest.cc b/chrome/browser/content_settings/content_settings_policy_provider_unittest.cc index 3e4ff2e..9a24e95 100644 --- a/chrome/browser/content_settings/content_settings_policy_provider_unittest.cc +++ b/chrome/browser/content_settings/content_settings_policy_provider_unittest.cc @@ -4,6 +4,8 @@ #include "chrome/browser/content_settings/content_settings_policy_provider.h" +#include <string> + #include "base/auto_reset.h" #include "base/command_line.h" #include "chrome/browser/content_settings/content_settings_mock_observer.h" @@ -127,6 +129,18 @@ TEST_F(PolicyDefaultProviderTest, ObserveManagedSettingsChange) { provider.ShutdownOnUIThread(); } +TEST_F(PolicyDefaultProviderTest, AutoSelectCertificate) { + TestingProfile profile; + TestingPrefService* prefs = profile.GetTestingPrefService(); + PolicyDefaultProvider provider(prefs); + + EXPECT_EQ(CONTENT_SETTING_ASK, + provider.ProvideDefaultSetting( + CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE)); + + provider.ShutdownOnUIThread(); +} + class PolicyProviderTest : public TestingBrowserProcessTest { public: PolicyProviderTest() @@ -223,4 +237,40 @@ TEST_F(PolicyProviderTest, ResourceIdentifier) { provider.ShutdownOnUIThread(); } +TEST_F(PolicyProviderTest, AutoSelectCertificateList) { + TestingProfile profile; + TestingPrefService* prefs = profile.GetTestingPrefService(); + + PolicyProvider provider(prefs, NULL); + GURL google_url("https://mail.google.com"); + // Tests the default setting for auto selecting certificates + EXPECT_EQ(CONTENT_SETTING_DEFAULT, + provider.GetContentSetting( + google_url, + google_url, + CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE, + std::string())); + + // Set the content settings pattern list for origins to auto select + // certificates. + ListValue* value = new ListValue(); + value->Append(Value::CreateStringValue("[*.]google.com")); + prefs->SetManagedPref(prefs::kManagedAutoSelectCertificateForUrls, + value); + GURL youtube_url("https://www.youtube.com"); + EXPECT_EQ(CONTENT_SETTING_DEFAULT, + provider.GetContentSetting( + youtube_url, + youtube_url, + CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE, + std::string())); + EXPECT_EQ(CONTENT_SETTING_ALLOW, + provider.GetContentSetting( + google_url, + google_url, + CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE, + std::string())); + + provider.ShutdownOnUIThread(); +} } // namespace content_settings diff --git a/chrome/browser/content_settings/content_settings_pref_provider.cc b/chrome/browser/content_settings/content_settings_pref_provider.cc index 4a896b3..fcc9f19 100644 --- a/chrome/browser/content_settings/content_settings_pref_provider.cc +++ b/chrome/browser/content_settings/content_settings_pref_provider.cc @@ -45,6 +45,7 @@ const char* kResourceTypeNames[] = { NULL, NULL, // Not used for Notifications NULL, // Not used for Intents. + NULL, }; COMPILE_ASSERT(arraysize(kResourceTypeNames) == CONTENT_SETTINGS_NUM_TYPES, resource_type_names_incorrect_size); @@ -59,6 +60,7 @@ const ContentSetting kDefaultSettings[] = { CONTENT_SETTING_ASK, // CONTENT_SETTINGS_TYPE_GEOLOCATION CONTENT_SETTING_ASK, // CONTENT_SETTINGS_TYPE_NOTIFICATIONS CONTENT_SETTING_ASK, // CONTENT_SETTINGS_TYPE_INTENTS + CONTENT_SETTING_ASK, // CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE }; COMPILE_ASSERT(arraysize(kDefaultSettings) == CONTENT_SETTINGS_NUM_TYPES, default_settings_incorrect_size); @@ -75,6 +77,7 @@ const char* kTypeNames[] = { // for notifications added next. "notifications", // Only used for default Notifications settings. "intents", + "auto-select-certificate" }; COMPILE_ASSERT(arraysize(kTypeNames) == CONTENT_SETTINGS_NUM_TYPES, type_names_incorrect_size); diff --git a/chrome/browser/content_settings/content_settings_pref_provider_unittest.cc b/chrome/browser/content_settings/content_settings_pref_provider_unittest.cc index 033b69b..c63632f 100644 --- a/chrome/browser/content_settings/content_settings_pref_provider_unittest.cc +++ b/chrome/browser/content_settings/content_settings_pref_provider_unittest.cc @@ -186,6 +186,23 @@ TEST_F(PrefDefaultProviderTest, MigrateDefaultGeolocationContentSetting) { provider.ShutdownOnUIThread(); } +TEST_F(PrefDefaultProviderTest, AutoSubmitCertificateContentSetting) { + TestingProfile profile; + TestingPrefService* prefs = profile.GetTestingPrefService(); + + PrefDefaultProvider provider(prefs, false); + + EXPECT_EQ(CONTENT_SETTING_ASK, + provider.ProvideDefaultSetting( + CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE)); + provider.UpdateDefaultSetting( + CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE, CONTENT_SETTING_ALLOW); + EXPECT_EQ(CONTENT_SETTING_ALLOW, + provider.ProvideDefaultSetting( + CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE)); + provider.ShutdownOnUIThread(); +} + // //////////////////////////////////////////////////////////////////////////// // PrefProviderTest // @@ -688,4 +705,34 @@ TEST_F(PrefProviderTest, SyncObsoleteGeolocationPref) { provider.ShutdownOnUIThread(); } +TEST_F(PrefProviderTest, AutoSubmitCertificateContentSetting) { + TestingProfile profile; + TestingPrefService* prefs = profile.GetTestingPrefService(); + GURL primary_url("https://www.example.com"); + GURL secondary_url("https://www.sample.com"); + + PrefProvider provider(prefs, false); + + EXPECT_EQ(CONTENT_SETTING_DEFAULT, + provider.GetContentSetting( + primary_url, + primary_url, + CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE, + std::string())); + + provider.SetContentSetting( + ContentSettingsPattern::FromURL(primary_url), + ContentSettingsPattern::Wildcard(), + CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE, + std::string(), + CONTENT_SETTING_ALLOW); + EXPECT_EQ(CONTENT_SETTING_ALLOW, + provider.GetContentSetting( + primary_url, + secondary_url, + CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE, + std::string())); + provider.ShutdownOnUIThread(); +} + } // namespace content_settings diff --git a/chrome/browser/content_settings/host_content_settings_map_unittest.cc b/chrome/browser/content_settings/host_content_settings_map_unittest.cc index 224d978..fb9aa25 100644 --- a/chrome/browser/content_settings/host_content_settings_map_unittest.cc +++ b/chrome/browser/content_settings/host_content_settings_map_unittest.cc @@ -28,8 +28,12 @@ namespace { bool SettingsEqual(const ContentSettings& settings1, const ContentSettings& settings2) { for (int i = 0; i < CONTENT_SETTINGS_NUM_TYPES; ++i) { - if (settings1.settings[i] != settings2.settings[i]) + if (settings1.settings[i] != settings2.settings[i]) { + LOG(ERROR) << "type: " << i + << " [expected: " << settings1.settings[i] + << " actual: " << settings2.settings[i] << "]"; return false; + } } return true; } @@ -154,6 +158,8 @@ TEST_F(HostContentSettingsMapTest, IndividualSettings) { CONTENT_SETTING_ASK; desired_settings.settings[CONTENT_SETTINGS_TYPE_INTENTS] = CONTENT_SETTING_ASK; + desired_settings.settings[CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE] = + CONTENT_SETTING_ASK; ContentSettings settings = host_content_settings_map->GetContentSettings(host, host); EXPECT_TRUE(SettingsEqual(desired_settings, settings)); @@ -602,6 +608,8 @@ TEST_F(HostContentSettingsMapTest, NestedSettings) { CONTENT_SETTING_ASK; desired_settings.settings[CONTENT_SETTINGS_TYPE_INTENTS] = CONTENT_SETTING_ASK; + desired_settings.settings[CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE] = + CONTENT_SETTING_ASK; ContentSettings settings = host_content_settings_map->GetContentSettings(host, host); EXPECT_TRUE(SettingsEqual(desired_settings, settings)); @@ -794,6 +802,8 @@ TEST_F(HostContentSettingsMapTest, NonDefaultSettings) { ContentSettingsPattern::FromString("[*.]example.com"); ContentSettings desired_settings(CONTENT_SETTING_DEFAULT); + desired_settings.settings[CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE] = + CONTENT_SETTING_ASK; ContentSettings settings = host_content_settings_map->GetNonDefaultContentSettings(host, host); EXPECT_TRUE(SettingsEqual(desired_settings, settings)); diff --git a/chrome/browser/policy/configuration_policy_pref_store.cc b/chrome/browser/policy/configuration_policy_pref_store.cc index 344d59c..9bf4451 100644 --- a/chrome/browser/policy/configuration_policy_pref_store.cc +++ b/chrome/browser/policy/configuration_policy_pref_store.cc @@ -229,6 +229,10 @@ const ConfigurationPolicyPrefKeeper::PolicyToPreferenceMapEntry prefs::kManagedDefaultPluginsSetting }, { Value::TYPE_INTEGER, kPolicyDefaultPopupsSetting, prefs::kManagedDefaultPopupsSetting }, + { Value::TYPE_INTEGER, kPolicyDefaultAutoSelectCertificateSetting, + prefs::kManagedDefaultAutoSelectCertificateSetting }, + { Value::TYPE_LIST, kPolicyAutoSelectCertificateForUrls, + prefs::kManagedAutoSelectCertificateForUrls}, { Value::TYPE_LIST, kPolicyCookiesAllowedForUrls, prefs::kManagedCookiesAllowedForUrls }, { Value::TYPE_LIST, kPolicyCookiesBlockedForUrls, @@ -1104,6 +1108,10 @@ ConfigurationPolicyPrefStore::GetChromePolicyDefinitionList() { key::kDefaultNotificationsSetting }, { kPolicyDefaultGeolocationSetting, Value::TYPE_INTEGER, key::kDefaultGeolocationSetting }, + { kPolicyDefaultAutoSelectCertificateSetting, Value::TYPE_INTEGER, + key::kDefaultAutoSelectCertificateSetting}, + { kPolicyAutoSelectCertificateForUrls, Value::TYPE_LIST, + key::kAutoSelectCertificateForUrls}, { kPolicyCookiesAllowedForUrls, Value::TYPE_LIST, key::kCookiesAllowedForUrls }, { kPolicyCookiesBlockedForUrls, Value::TYPE_LIST, diff --git a/chrome/browser/policy/configuration_policy_pref_store_unittest.cc b/chrome/browser/policy/configuration_policy_pref_store_unittest.cc index 3826994..bf51d55 100644 --- a/chrome/browser/policy/configuration_policy_pref_store_unittest.cc +++ b/chrome/browser/policy/configuration_policy_pref_store_unittest.cc @@ -86,7 +86,9 @@ INSTANTIATE_TEST_CASE_P( TypeAndName(kPolicyEnabledPlugins, prefs::kPluginsEnabledPlugins), TypeAndName(kPolicyDisabledSchemes, - prefs::kDisabledSchemes))); + prefs::kDisabledSchemes), + TypeAndName(kPolicyAutoSelectCertificateForUrls, + prefs::kManagedAutoSelectCertificateForUrls))); // Test cases for string-valued policy settings. class ConfigurationPolicyPrefStoreStringTest @@ -288,7 +290,9 @@ INSTANTIATE_TEST_CASE_P( TypeAndName(kPolicyPolicyRefreshRate, prefs::kUserPolicyRefreshRate), TypeAndName(kPolicyMaxConnectionsPerProxy, - prefs::kMaxConnectionsPerProxy))); + prefs::kMaxConnectionsPerProxy), + TypeAndName(kPolicyDefaultAutoSelectCertificateSetting, + prefs::kManagedDefaultAutoSelectCertificateSetting))); // Test cases for the proxy policy settings. class ConfigurationPolicyPrefStoreProxyTest : public testing::Test { diff --git a/chrome/browser/tab_contents/tab_contents_ssl_helper.cc b/chrome/browser/tab_contents/tab_contents_ssl_helper.cc index 3fd8f74..3ae8a2e 100644 --- a/chrome/browser/tab_contents/tab_contents_ssl_helper.cc +++ b/chrome/browser/tab_contents/tab_contents_ssl_helper.cc @@ -4,10 +4,15 @@ #include "chrome/browser/tab_contents/tab_contents_ssl_helper.h" +#include <string> + #include "base/basictypes.h" +#include "base/command_line.h" #include "base/string_number_conversions.h" #include "base/utf_string_conversions.h" #include "chrome/browser/certificate_viewer.h" +#include "chrome/browser/content_settings/host_content_settings_map.h" +#include "chrome/browser/profiles/profile.h" #include "chrome/browser/ssl/ssl_add_cert_handler.h" #include "chrome/browser/ssl_client_certificate_selector.h" #include "chrome/browser/tab_contents/confirm_infobar_delegate.h" @@ -15,6 +20,8 @@ #include "chrome/browser/tab_contents/simple_alert_infobar_delegate.h" #include "chrome/browser/ui/tab_contents/tab_contents_wrapper.h" #include "chrome/common/chrome_notification_types.h" +#include "chrome/common/chrome_switches.h" +#include "chrome/common/content_settings.h" #include "content/browser/ssl/ssl_client_auth_handler.h" #include "content/common/notification_details.h" #include "content/common/notification_source.h" @@ -178,6 +185,36 @@ TabContentsSSLHelper::TabContentsSSLHelper(TabContentsWrapper* tab_contents) TabContentsSSLHelper::~TabContentsSSLHelper() { } +void TabContentsSSLHelper::SelectClientCertificate( + scoped_refptr<SSLClientAuthHandler> handler) { + net::SSLCertRequestInfo* cert_request_info = handler->cert_request_info(); + GURL requesting_url("https://" + cert_request_info->host_and_port); + DCHECK(requesting_url.is_valid()) << "Invalid URL string: https://" + << cert_request_info->host_and_port; + + HostContentSettingsMap* map = + tab_contents_->profile()->GetHostContentSettingsMap(); + ContentSetting setting = map->GetContentSetting( + requesting_url, + requesting_url, + CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE, + std::string()); + DCHECK_NE(setting, CONTENT_SETTING_DEFAULT); + + // TODO(markusheintz): Implement filter for matching specific certificate + // criteria. + bool cert_matches_filter = true; + + if (setting == CONTENT_SETTING_ALLOW && + cert_request_info->client_certs.size() == 1 && + cert_matches_filter) { + net::X509Certificate* cert = cert_request_info->client_certs[0].get(); + handler->CertificateSelected(cert); + } else { + ShowClientCertificateRequestDialog(handler); + } +} + void TabContentsSSLHelper::ShowClientCertificateRequestDialog( scoped_refptr<SSLClientAuthHandler> handler) { browser::ShowSSLClientCertificateSelector( diff --git a/chrome/browser/tab_contents/tab_contents_ssl_helper.h b/chrome/browser/tab_contents/tab_contents_ssl_helper.h index 8ee4076..ba17e1b 100644 --- a/chrome/browser/tab_contents/tab_contents_ssl_helper.h +++ b/chrome/browser/tab_contents/tab_contents_ssl_helper.h @@ -20,10 +20,8 @@ class TabContentsSSLHelper { explicit TabContentsSSLHelper(TabContentsWrapper* tab_contents); virtual ~TabContentsSSLHelper(); - // Displays a dialog to select client certificates from |request_info|, - // returning them to |handler|. - void ShowClientCertificateRequestDialog( - scoped_refptr<SSLClientAuthHandler> handler); + // Selects the client certificate to submit and returns it to the |handler|. + void SelectClientCertificate(scoped_refptr<SSLClientAuthHandler> handler); // Called when |handler| encounters an error in verifying a received client // certificate. Note that, because CAs often will not send us intermediate @@ -52,6 +50,11 @@ class TabContentsSSLHelper { scoped_refptr<SSLAddCertHandler> handler); private: + // Displays a dialog for selecting a client certificate and returns it to + // the |handler|. + void ShowClientCertificateRequestDialog( + scoped_refptr<SSLClientAuthHandler> handler); + TabContentsWrapper* tab_contents_; class SSLAddCertData; diff --git a/chrome/browser/ui/cocoa/content_settings/content_setting_bubble_cocoa_unittest.mm b/chrome/browser/ui/cocoa/content_settings/content_setting_bubble_cocoa_unittest.mm index f69ece5..79eb058 100644 --- a/chrome/browser/ui/cocoa/content_settings/content_setting_bubble_cocoa_unittest.mm +++ b/chrome/browser/ui/cocoa/content_settings/content_setting_bubble_cocoa_unittest.mm @@ -56,8 +56,11 @@ ContentSettingBubbleControllerTest::~ContentSettingBubbleControllerTest() { TEST_F(ContentSettingBubbleControllerTest, Init) { for (int i = 0; i < CONTENT_SETTINGS_NUM_TYPES; ++i) { if (i == CONTENT_SETTINGS_TYPE_NOTIFICATIONS || - i == CONTENT_SETTINGS_TYPE_INTENTS) - continue; // Notifications and web intents have no bubble. + i == CONTENT_SETTINGS_TYPE_INTENTS || + i == CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE) { + // Notifications, web intents and auto select certificate have no bubble. + continue; + } ContentSettingsType settingsType = static_cast<ContentSettingsType>(i); diff --git a/chrome/browser/ui/webui/options/content_settings_handler.cc b/chrome/browser/ui/webui/options/content_settings_handler.cc index 6ef0239..02d485d 100644 --- a/chrome/browser/ui/webui/options/content_settings_handler.cc +++ b/chrome/browser/ui/webui/options/content_settings_handler.cc @@ -399,6 +399,11 @@ void ContentSettingsHandler::UpdateHandlersEnabledRadios() { void ContentSettingsHandler::UpdateAllExceptionsViewsFromModel() { for (int type = CONTENT_SETTINGS_TYPE_DEFAULT + 1; type < CONTENT_SETTINGS_NUM_TYPES; ++type) { + // The content settings type CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE + // is supposed to be set by policy only. Hence there is no user facing UI + // for this content type and we skip it here. + if (type == CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE) + continue; UpdateExceptionsViewFromModel(static_cast<ContentSettingsType>(type)); } } @@ -628,7 +633,7 @@ void ContentSettingsHandler::RemoveException(const ListValue* args) { rv = args->GetString(arg_i++, &embedding_origin); DCHECK(rv); - profile->GetHostContentSettingsMap()-> + profile->GetHostContentSettingsMap()-> SetContentSetting(ContentSettingsPattern::FromString(origin), ContentSettingsPattern::FromString(embedding_origin), CONTENT_SETTINGS_TYPE_GEOLOCATION, diff --git a/chrome/common/content_settings_types.h b/chrome/common/content_settings_types.h index 4c450ea..cebbc29 100644 --- a/chrome/common/content_settings_types.h +++ b/chrome/common/content_settings_types.h @@ -20,6 +20,7 @@ enum ContentSettingsType { CONTENT_SETTINGS_TYPE_GEOLOCATION, CONTENT_SETTINGS_TYPE_NOTIFICATIONS, CONTENT_SETTINGS_TYPE_INTENTS, + CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE, CONTENT_SETTINGS_NUM_TYPES }; diff --git a/chrome/common/pref_names.cc b/chrome/common/pref_names.cc index 4d361cc..58ac478 100644 --- a/chrome/common/pref_names.cc +++ b/chrome/common/pref_names.cc @@ -1516,6 +1516,8 @@ const char kManagedDefaultGeolocationSetting[] = "profile.managed_default_content_settings.geolocation"; const char kManagedDefaultNotificationsSetting[] = "profile.managed_default_content_settings.notifications"; +const char kManagedDefaultAutoSelectCertificateSetting[] = + "profile.managed_default_content_settings.auto_select_certificate"; // Preferences that are exclusively used to store managed // content settings patterns. @@ -1541,6 +1543,8 @@ const char kManagedPopupsAllowedForUrls[] = "profile.managed_popups_allowed_for_urls"; const char kManagedPopupsBlockedForUrls[] = "profile.managed_popups_blocked_for_urls"; +const char kManagedAutoSelectCertificateForUrls[] = + "profile.managed_auto_select_certificate_for_urls"; // Set to true if the user created a login item so we should not modify it when // uninstalling background apps. diff --git a/chrome/common/pref_names.h b/chrome/common/pref_names.h index cffa5f8..da13658 100644 --- a/chrome/common/pref_names.h +++ b/chrome/common/pref_names.h @@ -540,6 +540,7 @@ extern const char kManagedDefaultPluginsSetting[]; extern const char kManagedDefaultPopupsSetting[]; extern const char kManagedDefaultGeolocationSetting[]; extern const char kManagedDefaultNotificationsSetting[]; +extern const char kManagedDefaultAutoSelectCertificateSetting[]; extern const char kManagedCookiesAllowedForUrls[]; extern const char kManagedCookiesBlockedForUrls[]; @@ -552,6 +553,7 @@ extern const char kManagedPluginsAllowedForUrls[]; extern const char kManagedPluginsBlockedForUrls[]; extern const char kManagedPopupsAllowedForUrls[]; extern const char kManagedPopupsBlockedForUrls[]; +extern const char kManagedAutoSelectCertificateForUrls[]; #if defined(OS_CHROMEOS) extern const char kSignedSettingsTempStorage[]; diff --git a/content/browser/content_browser_client.h b/content/browser/content_browser_client.h index 4f0a53c..1547028 100644 --- a/content/browser/content_browser_client.h +++ b/content/browser/content_browser_client.h @@ -176,11 +176,9 @@ class ContentBrowserClient { bool overridable, Callback2<SSLCertErrorHandler*, bool>::Type* callback) = 0; - // Shows the user a SSL client certificate selection dialog. When the user has - // made a selection, the dialog will report back to |delegate|. |delegate| is - // notified when the dialog closes in call cases; if the user cancels the - // dialog, we call with a NULL certificate. - virtual void ShowClientCertificateRequestDialog( + // Selects a SSL client certificate and returns it to the |handler|. If no + // certificate was selected NULL is returned to the |handler|. + virtual void SelectClientCertificate( int render_process_id, int render_view_id, SSLClientAuthHandler* handler) = 0; diff --git a/content/browser/mock_content_browser_client.cc b/content/browser/mock_content_browser_client.cc index 20fb578..7d01354 100644 --- a/content/browser/mock_content_browser_client.cc +++ b/content/browser/mock_content_browser_client.cc @@ -128,7 +128,7 @@ void MockContentBrowserClient::AllowCertificateError( Callback2<SSLCertErrorHandler*, bool>::Type* callback) { } -void MockContentBrowserClient::ShowClientCertificateRequestDialog( +void MockContentBrowserClient::SelectClientCertificate( int render_process_id, int render_view_id, SSLClientAuthHandler* handler) { diff --git a/content/browser/mock_content_browser_client.h b/content/browser/mock_content_browser_client.h index 50f57d3..9411910 100644 --- a/content/browser/mock_content_browser_client.h +++ b/content/browser/mock_content_browser_client.h @@ -6,6 +6,8 @@ #define CONTENT_BROWSER_MOCK_CONTENT_BROWSER_CLIENT_H_ #pragma once +#include <string> + #include "base/compiler_specific.h" #include "content/browser/content_browser_client.h" @@ -61,7 +63,7 @@ class MockContentBrowserClient : public ContentBrowserClient { SSLCertErrorHandler* handler, bool overridable, Callback2<SSLCertErrorHandler*, bool>::Type* callback) OVERRIDE; - virtual void ShowClientCertificateRequestDialog( + virtual void SelectClientCertificate( int render_process_id, int render_view_id, SSLClientAuthHandler* handler) OVERRIDE; diff --git a/content/browser/ssl/ssl_client_auth_handler.cc b/content/browser/ssl/ssl_client_auth_handler.cc index e179f9a..be78e77 100644 --- a/content/browser/ssl/ssl_client_auth_handler.cc +++ b/content/browser/ssl/ssl_client_auth_handler.cc @@ -46,7 +46,7 @@ void SSLClientAuthHandler::SelectCertificate() { BrowserThread::PostTask( BrowserThread::UI, FROM_HERE, NewRunnableMethod( - this, &SSLClientAuthHandler::ShowClientCertificateRequestDialog, + this, &SSLClientAuthHandler::DoSelectCertificate, render_process_host_id, render_view_host_id)); } @@ -94,9 +94,9 @@ void SSLClientAuthHandler::DoCertificateSelected(net::X509Certificate* cert) { } } -void SSLClientAuthHandler::ShowClientCertificateRequestDialog( +void SSLClientAuthHandler::DoSelectCertificate( int render_process_host_id, int render_view_host_id) { - content::GetContentClient()->browser()->ShowClientCertificateRequestDialog( + content::GetContentClient()->browser()->SelectClientCertificate( render_process_host_id, render_view_host_id, this); } diff --git a/content/browser/ssl/ssl_client_auth_handler.h b/content/browser/ssl/ssl_client_auth_handler.h index 4dbcaa7..4657c84 100644 --- a/content/browser/ssl/ssl_client_auth_handler.h +++ b/content/browser/ssl/ssl_client_auth_handler.h @@ -29,8 +29,7 @@ class SSLClientAuthHandler SSLClientAuthHandler(net::URLRequest* request, net::SSLCertRequestInfo* cert_request_info); - // Asks the user to select a certificate and resumes the URL request with that - // certificate. + // Selects a certificate and resumes the URL request with that certificate. // Should only be called on the IO thread. void SelectCertificate(); @@ -62,9 +61,9 @@ class SSLClientAuthHandler // Called on the IO thread. void DoCertificateSelected(net::X509Certificate* cert); - // Calls the SSL helper on the UI thread. - void ShowClientCertificateRequestDialog(int render_process_host_id, - int render_view_host_id); + // Selects a client certificate on the UI thread. + void DoSelectCertificate(int render_process_host_id, + int render_view_host_id); // The net::URLRequest that triggered this client auth. net::URLRequest* request_; |