Move methods from NetworkServiceClient to NetworkContextClient.

The latter didn't originally exist, but most of these methods have a NetworkContext associated with them so we should route it there. Change-Id: I7d1bfbea4a36cc1b851725531c841ddd799797dd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1759297Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Clark DuVall <cduvall@chromium.org> Commit-Queue: John Abd-El-Malek <jam@chromium.org> Auto-Submit: John Abd-El-Malek <jam@chromium.org> Cr-Commit-Position: refs/heads/master@{#688559}

Move methods from NetworkServiceClient to NetworkContextClient.
The latter didn't originally exist, but most of these methods have a NetworkContext associated with them so we should route it there. Change-Id: I7d1bfbea4a36cc1b851725531c841ddd799797dd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1759297Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Clark DuVall <cduvall@chromium.org> Commit-Queue: John Abd-El-Malek <jam@chromium.org> Auto-Submit: John Abd-El-Malek <jam@chromium.org> Cr-Commit-Position: refs/heads/master@{#688559}
35bfaa57 · John Abd-El-Malek · Commit Bot · d755d033 · 35bfaa57 · 35bfaa57
Commit 35bfaa57 authored Aug 20, 2019 by John Abd-El-Malek Committed by Commit Bot Aug 20, 2019
16 changed files
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -399,6 +399,7 @@
 #include "chromeos/constants/chromeos_features.h"
 #include "chromeos/constants/chromeos_switches.h"
 #include "components/crash/content/app/breakpad_linux.h"
+#include "components/user_manager/user.h"
 #include "components/user_manager/user_manager.h"
 #include "services/service_manager/public/mojom/interface_provider_spec.mojom.h"
 #elif defined(OS_LINUX)
@@ -2563,8 +2564,17 @@ std::string ChromeContentBrowserClient::GetWebBluetoothBlocklist() {
 #if defined(OS_CHROMEOS)
 void ChromeContentBrowserClient::OnTrustAnchorUsed(
-    const std::string& username_hash) {
+    content::BrowserContext* browser_context) {
-  policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(username_hash);
+  user_manager::UserManager* user_manager = user_manager::UserManager::Get();
+  if (user_manager) {
+    const user_manager::User* user =
+        chromeos::ProfileHelper::Get()->GetUserByProfile(
+            Profile::FromBrowserContext(browser_context));
+    if (user && !user->username_hash().empty()) {
+      policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(
+          user->username_hash());
+    }
+  }
 }
 #endif

--- a/chrome/browser/chrome_content_browser_client.h
+++ b/chrome/browser/chrome_content_browser_client.h
@@ -255,7 +255,7 @@ class ChromeContentBrowserClient : public content::ContentBrowserClient {
      const url::Origin& embedding_origin) override;
  std::string GetWebBluetoothBlocklist() override;
 #if defined(OS_CHROMEOS)
-  void OnTrustAnchorUsed(const std::string& username_hash) override;
+  void OnTrustAnchorUsed(content::BrowserContext* browser_context) override;
 #endif
  scoped_refptr<network::SharedURLLoaderFactory>
  GetSystemSharedURLLoaderFactory() override;

--- a/content/browser/network_service_client.cc
+++ b/content/browser/network_service_client.cc
--- a/content/browser/network_service_client.h
+++ b/content/browser/network_service_client.h
@@ -42,33 +42,6 @@ class CONTENT_EXPORT NetworkServiceClient
  ~NetworkServiceClient() override;
  // network::mojom::NetworkServiceClient implementation:
-  void OnAuthRequired(const base::Optional<base::UnguessableToken>& window_id,
-                      uint32_t process_id,
-                      uint32_t routing_id,
-                      uint32_t request_id,
-                      const GURL& url,
-                      bool first_auth_attempt,
-                      const net::AuthChallengeInfo& auth_info,
-                      const base::Optional<network::ResourceResponseHead>& head,
-                      network::mojom::AuthChallengeResponderPtr
-                          auth_challenge_responder) override;
-  void OnCertificateRequested(
-      const base::Optional<base::UnguessableToken>& window_id,
-      uint32_t process_id,
-      uint32_t routing_id,
-      uint32_t request_id,
-      const scoped_refptr<net::SSLCertRequestInfo>& cert_info,
-      network::mojom::ClientCertificateResponderPtr cert_responder) override;
-  void OnSSLCertificateError(uint32_t process_id,
-                             uint32_t routing_id,
-                             const GURL& url,
-                             int net_error,
-                             const net::SSLInfo& ssl_info,
-                             bool fatal,
-                             OnSSLCertificateErrorCallback response) override;
-#if defined(OS_CHROMEOS)
-  void OnTrustAnchorUsed(const std::string& username_hash) override;
-#endif
  void OnFileUploadRequested(uint32_t process_id,
                             bool async,
                             const std::vector<base::FilePath>& file_paths,

--- a/content/browser/storage_partition_impl.cc
+++ b/content/browser/storage_partition_impl.cc
--- a/content/browser/storage_partition_impl.h
+++ b/content/browser/storage_partition_impl.h
@@ -185,6 +185,30 @@ class CONTENT_EXPORT StoragePartitionImpl
      override;
  // network::mojom::NetworkContextClient interface.
+  void OnAuthRequired(const base::Optional<base::UnguessableToken>& window_id,
+                      uint32_t process_id,
+                      uint32_t routing_id,
+                      uint32_t request_id,
+                      const GURL& url,
+                      bool first_auth_attempt,
+                      const net::AuthChallengeInfo& auth_info,
+                      const base::Optional<network::ResourceResponseHead>& head,
+                      network::mojom::AuthChallengeResponderPtr
+                          auth_challenge_responder) override;
+  void OnCertificateRequested(
+      const base::Optional<base::UnguessableToken>& window_id,
+      uint32_t process_id,
+      uint32_t routing_id,
+      uint32_t request_id,
+      const scoped_refptr<net::SSLCertRequestInfo>& cert_info,
+      network::mojom::ClientCertificateResponderPtr cert_responder) override;
+  void OnSSLCertificateError(uint32_t process_id,
+                             uint32_t routing_id,
+                             const GURL& url,
+                             int net_error,
+                             const net::SSLInfo& ssl_info,
+                             bool fatal,
+                             OnSSLCertificateErrorCallback response) override;
  void OnCanSendReportingReports(
      const std::vector<url::Origin>& origins,
      OnCanSendReportingReportsCallback callback) override;
@@ -211,6 +235,9 @@ class CONTENT_EXPORT StoragePartitionImpl
      const GURL& url,
      const GURL& site_for_cookies,
      const std::vector<net::CookieWithStatus>& cookie_list) override;
+#if defined(OS_CHROMEOS)
+  void OnTrustAnchorUsed() override;
+#endif
  scoped_refptr<URLLoaderFactoryGetter> url_loader_factory_getter() {
    return url_loader_factory_getter_;

--- a/content/public/browser/content_browser_client.h
+++ b/content/public/browser/content_browser_client.h
@@ -632,7 +632,7 @@ class CONTENT_EXPORT ContentBrowserClient {
 #if defined(OS_CHROMEOS)
  // Notification that a trust anchor was used by the given user.
-  virtual void OnTrustAnchorUsed(const std::string& username_hash) {}
+  virtual void OnTrustAnchorUsed(BrowserContext* browser_context) {}
 #endif
  // Allows the embedder to override the LocationProvider implementation.

--- a/services/network/network_context.cc
+++ b/services/network/network_context.cc
@@ -2255,7 +2255,7 @@ void NetworkContext::OnCertVerifyForSignedExchangeComplete(int cert_verify_id,
 #if defined(OS_CHROMEOS)
 void NetworkContext::TrustAnchorUsed() {
-  network_service_->client()->OnTrustAnchorUsed(params_->username_hash);
+  client_->OnTrustAnchorUsed();
 }
 scoped_refptr<net::CertVerifyProc> NetworkContext::CreateCertVerifyProcForUser(

--- a/services/network/public/mojom/network_context.mojom
+++ b/services/network/public/mojom/network_context.mojom
@@ -35,6 +35,7 @@ import "services/network/public/mojom/tcp_socket.mojom";
 import "services/network/public/mojom/udp_socket.mojom";
 import "services/network/public/mojom/url_loader.mojom";
 import "services/network/public/mojom/url_loader_factory.mojom";
+import "services/network/public/mojom/url_response_head.mojom";
 import "services/network/public/mojom/websocket.mojom";
 import "services/proxy_resolver/public/mojom/proxy_resolver.mojom";
 import "url/mojom/origin.mojom";
@@ -514,10 +515,106 @@ struct URLLoaderFactoryParams {
  bool is_trusted;
 };
+// The |credentials| output parameter is given to URLRequest::SetAuth()
+// through this mojo interface. It is not set when URLRequest::CancelAuth()
+// needs to be called.
+interface AuthChallengeResponder {
+   OnAuthCredentials(AuthCredentials? credentials);
+};
+// This interface enables the UI to send client certificate selections back to
+// the network service.
+//
+// Defining an interface for this purpose, rather than using a union in the
+// response of OnCertificateRequested, enables the NetworkServiceClient to learn
+// of the URLLoader destruction via the connection error handler.
+interface ClientCertificateResponder {
+  // Use the selected certificate and continue the URLRequest.
+  //
+  // - |provider_name| corresponds to the return value of
+  //   net::SSLPrivateKey::GetProviderName().
+  // - |algorithm_preferences| corresponds to the return value of
+  //   net::SSLPrivateKey::GetAlgorithmPreferences().
+  ContinueWithCertificate(network.mojom.X509Certificate x509_certificate,
+                          string provider_name,
+                          array<uint16> algorithm_preferences,
+                          SSLPrivateKey ssl_private_key);
+  // Affirmatively select no certificate (this is cached and can affect future
+  // URLRequests). Does not cancel the URLRequest.
+  //
+  // The connection is continued with no client cert.
+  // net::URLRequest::ContinueWithCertificate(nullptr, nullptr) needs to be
+  // called.
+  ContinueWithoutCertificate();
+  // Cancel the URLRequest. The request is aborted.
+  // net::URLRequest::CancelWithError() needs to be called.
+  CancelRequest();
+};
+// The content/browser implementation of this SSLPrivateKey interface wraps the
+// scoped_refptr<net::SSLPrivateKey> that is received from
+// SSLClientAuthDelegate::ContinueWithCertificate(), and this mojo interface is
+// sent from content/browser to services/network so that services/network can
+// have its own net::SSLPrivateKey implementation that internally uses this mojo
+// interface.
+// The |algorithm| and |input| parameters correspond to the |algorithm| and
+// |input| parameters in net::SSLPrivateKey::Sign().
+// The |net_error| and |signature| parameters correspond to the parameters in
+// net::SSLPrivateKey::SignCallback.
+interface SSLPrivateKey {
+  Sign(uint16 algorithm,
+       array<uint8> input) => (int32 net_error, array<uint8> signature);
+};
 // Callback interface for NetworkContext when routing identifiers aren't
 // available. Otherwise generally callbacks from the network service go on
 // NetworkServiceClient.
 interface NetworkContextClient {
+  // Called when we receive an authentication failure.
+  // The |auth_challenge_responder| will respond to auth challenge with
+  // credentials. |head| can provide response headers for the response
+  // which has elicited this auth request, if applicable.
+  //
+  // |window_id| or else |process_id| and |routing_id| indicates
+  // the frame making the request, see
+  // network::ResourceRequest::fetch_window_id.
+  OnAuthRequired(mojo_base.mojom.UnguessableToken? window_id,
+                 uint32 process_id,
+                 uint32 routing_id,
+                 uint32 request_id,
+                 url.mojom.Url url,
+                 bool first_auth_attempt,
+                 AuthChallengeInfo auth_info,
+                 URLResponseHead? head,
+                 AuthChallengeResponder auth_challenge_responder);
+  // Called when an SSL certificate requested message is received for client
+  // authentication.
+  //
+  // Rather than using one response for multiple purposes, the caller expects
+  // exactly one response (or disconnect) to be sent back via |cert_responder|.
+  //
+  // |window_id| or else |process_id| and |routing_id| indicates the frame
+  // making the request, see network::ResourceRequest::fetch_window_id.
+  OnCertificateRequested(mojo_base.mojom.UnguessableToken? window_id,
+                         uint32 process_id,
+                         uint32 routing_id,
+                         uint32 request_id,
+                         network.mojom.SSLCertRequestInfo cert_info,
+                         ClientCertificateResponder cert_responder);
+  // Called when an SSL certificate is encountered.
+  // The callback argument is a net::ERROR value. If it's net::OK, then the
+  // request is resumed. Otherwise it's cancelled with the given error.
+  OnSSLCertificateError(uint32 process_id,
+                        uint32 routing_id,
+                        url.mojom.Url url,
+                        int32 net_error,
+                        SSLInfo ssl_info,
+                        bool fatal) => (int32 net_error);
  // Checks if network error reports could be sent for the given origins.
  // Replies with the origins that are allowed.
  OnCanSendReportingReports(array<url.mojom.Origin> origins) =>
@@ -579,6 +676,10 @@ interface NetworkContextClient {
      bool is_service_worker, int32 process_id, int32 routing_id,
      url.mojom.Url url, url.mojom.Url site_for_cookies,
      array<CookieWithStatus> cookie_list);
+  // Notification that a trust anchor was used for the given user.
+  [EnableIf=is_chromeos]
+  OnTrustAnchorUsed();
 };
 // Represents a distinct context for making network requests, with its own

--- a/services/network/public/mojom/network_service.mojom
+++ b/services/network/public/mojom/network_service.mojom
@@ -21,7 +21,6 @@ import "services/network/public/mojom/network_context.mojom";
 import "services/network/public/mojom/network_interface.mojom";
 import "services/network/public/mojom/network_param.mojom";
 import "services/network/public/mojom/network_quality_estimator_manager.mojom";
-import "services/network/public/mojom/url_response_head.mojom";
 import "services/network/public/mojom/url_loader.mojom";
 import "services/network/public/mojom/url_loader_factory.mojom";
 import "url/mojom/origin.mojom";
@@ -30,59 +29,6 @@ import "url/mojom/url.mojom";
 [EnableIf=is_android]
 import "mojo/public/mojom/base/application_state.mojom";
-// The content/browser implementation of this SSLPrivateKey interface wraps the
-// scoped_refptr<net::SSLPrivateKey> that is received from
-// SSLClientAuthDelegate::ContinueWithCertificate(), and this mojo interface is
-// sent from content/browser to services/network so that services/network can
-// have its own net::SSLPrivateKey implementation that internally uses this mojo
-// interface.
-// The |algorithm| and |input| parameters correspond to the |algorithm| and
-// |input| parameters in net::SSLPrivateKey::Sign().
-// The |net_error| and |signature| parameters correspond to the parameters in
-// net::SSLPrivateKey::SignCallback.
-interface SSLPrivateKey {
-  Sign(uint16 algorithm,
-       array<uint8> input) => (int32 net_error, array<uint8> signature);
-};
-// The |credentials| output parameter is given to URLRequest::SetAuth()
-// through this mojo interface. It is not set when URLRequest::CancelAuth()
-// needs to be called.
-interface AuthChallengeResponder {
-   OnAuthCredentials(AuthCredentials? credentials);
-};
-// This interface enables the UI to send client certificate selections back to
-// the network service.
-//
-// Defining an interface for this purpose, rather than using a union in the
-// response of OnCertificateRequested, enables the NetworkServiceClient to learn
-// of the URLLoader destruction via the connection error handler.
-interface ClientCertificateResponder {
-  // Use the selected certificate and continue the URLRequest.
-  //
-  // - |provider_name| corresponds to the return value of
-  //   net::SSLPrivateKey::GetProviderName().
-  // - |algorithm_preferences| corresponds to the return value of
-  //   net::SSLPrivateKey::GetAlgorithmPreferences().
-  ContinueWithCertificate(network.mojom.X509Certificate x509_certificate,
-                          string provider_name,
-                          array<uint16> algorithm_preferences,
-                          SSLPrivateKey ssl_private_key);
-  // Affirmatively select no certificate (this is cached and can affect future
-  // URLRequests). Does not cancel the URLRequest.
-  //
-  // The connection is continued with no client cert.
-  // net::URLRequest::ContinueWithCertificate(nullptr, nullptr) needs to be
-  // called.
-  ContinueWithoutCertificate();
-  // Cancel the URLRequest. The request is aborted.
-  // net::URLRequest::CancelWithError() needs to be called.
-  CancelRequest();
-};
 struct LoadInfo {
  uint32 process_id;
  uint32 routing_id;
@@ -95,54 +41,6 @@ struct LoadInfo {
 // Network service interface to the browser.
 interface NetworkServiceClient {
-  // Called when we receive an authentication failure.
-  // The |auth_challenge_responder| will respond to auth challenge with
-  // credentials. |head| can provide response headers for the response
-  // which has elicited this auth request, if applicable.
-  //
-  // |window_id| or else |process_id| and |routing_id| indicates
-  // the frame making the request, see
-  // network::ResourceRequest::fetch_window_id.
-  OnAuthRequired(mojo_base.mojom.UnguessableToken? window_id,
-                 uint32 process_id,
-                 uint32 routing_id,
-                 uint32 request_id,
-                 url.mojom.Url url,
-                 bool first_auth_attempt,
-                 AuthChallengeInfo auth_info,
-                 URLResponseHead? head,
-                 AuthChallengeResponder auth_challenge_responder);
-  // Called when an SSL certificate requested message is received for client
-  // authentication.
-  //
-  // Rather than using one response for multiple purposes, the caller expects
-  // exactly one response (or disconnect) to be sent back via |cert_responder|.
-  //
-  // |window_id| or else |process_id| and |routing_id| indicates the frame
-  // making the request, see network::ResourceRequest::fetch_window_id.
-  OnCertificateRequested(mojo_base.mojom.UnguessableToken? window_id,
-                         uint32 process_id,
-                         uint32 routing_id,
-                         uint32 request_id,
-                         network.mojom.SSLCertRequestInfo cert_info,
-                         ClientCertificateResponder cert_responder);
-  // Called when an SSL certificate is encountered.
-  // The callback argument is a net::ERROR value. If it's net::OK, then the
-  // request is resumed. Otherwise it's cancelled with the given error.
-  OnSSLCertificateError(uint32 process_id,
-                        uint32 routing_id,
-                        url.mojom.Url url,
-                        int32 net_error,
-                        SSLInfo ssl_info,
-                        bool fatal) => (int32 net_error);
-  // Notification that a trust anchor was used for the given user.
-  // |username_hash| was the parameter passed in NetworkContextParams.
-  [EnableIf=is_chromeos]
-  OnTrustAnchorUsed(string username_hash);
  // Called when file uploading was requested.
  // If the process that requested the uploads has permission to read all of
  // the files referenced by |file_paths|, the callback arguments will be

--- a/services/network/test/test_network_context_client.h
+++ b/services/network/test/test_network_context_client.h
@@ -18,6 +18,30 @@ class TestNetworkContextClient : public network::mojom::NetworkContextClient {
  TestNetworkContextClient() = default;
  ~TestNetworkContextClient() override = default;
+  void OnAuthRequired(
+      const base::Optional<base::UnguessableToken>& window_id,
+      uint32_t process_id,
+      uint32_t routing_id,
+      uint32_t request_id,
+      const GURL& url,
+      bool first_auth_attempt,
+      const net::AuthChallengeInfo& auth_info,
+      const base::Optional<ResourceResponseHead>& head,
+      mojom::AuthChallengeResponderPtr auth_challenge_responder) override {}
+  void OnCertificateRequested(
+      const base::Optional<base::UnguessableToken>& window_id,
+      uint32_t process_id,
+      uint32_t routing_id,
+      uint32_t request_id,
+      const scoped_refptr<net::SSLCertRequestInfo>& cert_info,
+      mojom::ClientCertificateResponderPtr client_cert_responder) override {}
+  void OnSSLCertificateError(uint32_t process_id,
+                             uint32_t routing_id,
+                             const GURL& url,
+                             int net_error,
+                             const net::SSLInfo& ssl_info,
+                             bool fatal,
+                             OnSSLCertificateErrorCallback response) override {}
  void OnCanSendReportingReports(
      const std::vector<url::Origin>& origins,
      OnCanSendReportingReportsCallback callback) override {}
@@ -44,6 +68,9 @@ class TestNetworkContextClient : public network::mojom::NetworkContextClient {
      const GURL& url,
      const GURL& site_for_cookies,
      const std::vector<net::CookieWithStatus>& cookie_list) override {}
+#if defined(OS_CHROMEOS)
+  void OnTrustAnchorUsed() override {}
+#endif
 };
 }  // namespace network

--- a/services/network/test/test_network_service_client.cc
+++ b/services/network/test/test_network_service_client.cc
@@ -20,47 +20,6 @@ TestNetworkServiceClient::TestNetworkServiceClient(
 TestNetworkServiceClient::~TestNetworkServiceClient() {}
-void TestNetworkServiceClient::OnAuthRequired(
-    const base::Optional<base::UnguessableToken>& window_id,
-    uint32_t process_id,
-    uint32_t routing_id,
-    uint32_t request_id,
-    const GURL& url,
-    bool first_auth_attempt,
-    const net::AuthChallengeInfo& auth_info,
-    const base::Optional<ResourceResponseHead>& head,
-    mojom::AuthChallengeResponderPtr auth_challenge_responder) {
-  NOTREACHED();
-}
-void TestNetworkServiceClient::OnCertificateRequested(
-    const base::Optional<base::UnguessableToken>& window_id,
-    uint32_t process_id,
-    uint32_t routing_id,
-    uint32_t request_id,
-    const scoped_refptr<net::SSLCertRequestInfo>& cert_info,
-    mojom::ClientCertificateResponderPtr client_cert_responder) {
-  NOTREACHED();
-}
-void TestNetworkServiceClient::OnSSLCertificateError(
-    uint32_t process_id,
-    uint32_t routing_id,
-    const GURL& url,
-    int net_error,
-    const net::SSLInfo& ssl_info,
-    bool fatal,
-    OnSSLCertificateErrorCallback response) {
-  NOTREACHED();
-}
-#if defined(OS_CHROMEOS)
-void TestNetworkServiceClient::OnTrustAnchorUsed(
-    const std::string& username_hash) {
-  NOTREACHED();
-}
-#endif
 void TestNetworkServiceClient::OnFileUploadRequested(
    uint32_t process_id,
    bool async,

--- a/services/network/test/test_network_service_client.h
+++ b/services/network/test/test_network_service_client.h
@@ -32,33 +32,6 @@ class TestNetworkServiceClient : public network::mojom::NetworkServiceClient {
  }
  // network::mojom::NetworkServiceClient implementation:
-  void OnAuthRequired(
-      const base::Optional<base::UnguessableToken>& window_id,
-      uint32_t process_id,
-      uint32_t routing_id,
-      uint32_t request_id,
-      const GURL& url,
-      bool first_auth_attempt,
-      const net::AuthChallengeInfo& auth_info,
-      const base::Optional<ResourceResponseHead>& head,
-      mojom::AuthChallengeResponderPtr auth_challenge_responder) override;
-  void OnCertificateRequested(
-      const base::Optional<base::UnguessableToken>& window_id,
-      uint32_t process_id,
-      uint32_t routing_id,
-      uint32_t request_id,
-      const scoped_refptr<net::SSLCertRequestInfo>& cert_info,
-      mojom::ClientCertificateResponderPtr client_cert_responder) override;
-  void OnSSLCertificateError(uint32_t process_id,
-                             uint32_t routing_id,
-                             const GURL& url,
-                             int net_error,
-                             const net::SSLInfo& ssl_info,
-                             bool fatal,
-                             OnSSLCertificateErrorCallback response) override;
-#if defined(OS_CHROMEOS)
-  void OnTrustAnchorUsed(const std::string& username_hash) override;
-#endif
  void OnFileUploadRequested(uint32_t process_id,
                             bool async,
                             const std::vector<base::FilePath>& file_paths,

--- a/services/network/url_loader.cc
+++ b/services/network/url_loader.cc
@@ -827,7 +827,7 @@ void URLLoader::OnReceivedRedirect(net::URLRequest* url_request,
 void URLLoader::OnAuthRequired(net::URLRequest* url_request,
                               const net::AuthChallengeInfo& auth_info) {
-  if (!network_service_client_) {
+  if (!network_context_client_) {
    OnAuthCredentials(base::nullopt);
    return;
  }
@@ -848,7 +848,7 @@ void URLLoader::OnAuthRequired(net::URLRequest* url_request,
  if (url_request->response_headers())
    head.headers = url_request->response_headers();
  head.auth_challenge_info = auth_info;
-  network_service_client_->OnAuthRequired(
+  network_context_client_->OnAuthRequired(
      fetch_window_id_, factory_params_->process_id, render_frame_id_,
      request_id_, url_request_->url(), first_auth_attempt_, auth_info, head,
      std::move(auth_challenge_responder));
@@ -868,7 +868,7 @@ void URLLoader::OnCertificateRequested(net::URLRequest* unused,
    return;
  }
-  if (!network_service_client_) {
+  if (!network_context_client_) {
    ContinueWithoutCertificate();
    return;
  }
@@ -884,11 +884,11 @@ void URLLoader::OnCertificateRequested(net::URLRequest* unused,
      base::BindOnce(&URLLoader::CancelRequest, base::Unretained(this)));
  if (fetch_window_id_) {
-    network_service_client_->OnCertificateRequested(
+    network_context_client_->OnCertificateRequested(
        fetch_window_id_, -1 /* process_id */, -1 /* routing_id */, request_id_,
        cert_info, std::move(client_cert_responder));
  } else {
-    network_service_client_->OnCertificateRequested(
+    network_context_client_->OnCertificateRequested(
        base::nullopt /* window_id */, factory_params_->process_id,
        render_frame_id_, request_id_, cert_info,
        std::move(client_cert_responder));
@@ -899,11 +899,11 @@ void URLLoader::OnSSLCertificateError(net::URLRequest* request,
                                      int net_error,
                                      const net::SSLInfo& ssl_info,
                                      bool fatal) {
-  if (!network_service_client_) {
+  if (!network_context_client_) {
    OnSSLCertificateErrorResponse(ssl_info, net::ERR_INSECURE_RESPONSE);
    return;
  }
-  network_service_client_->OnSSLCertificateError(
+  network_context_client_->OnSSLCertificateError(
      factory_params_->process_id, render_frame_id_, url_request_->url(),
      net_error, ssl_info, fatal,
      base::Bind(&URLLoader::OnSSLCertificateErrorResponse,

--- a/services/network/url_loader_unittest.cc
+++ b/services/network/url_loader_unittest.cc
--- a/services/network/websocket_factory.cc
+++ b/services/network/websocket_factory.cc
@@ -9,7 +9,7 @@
 #include "net/base/url_util.h"
 #include "services/network/network_context.h"
 #include "services/network/network_service.h"
-#include "services/network/public/mojom/network_service.mojom.h"
+#include "services/network/public/mojom/network_context.mojom.h"
 #include "services/network/websocket.h"
 #include "url/origin.h"
 #include "url/url_constants.h"
@@ -64,10 +64,9 @@ void WebSocketFactory::OnSSLCertificateError(
    int net_error,
    const net::SSLInfo& ssl_info,
    bool fatal) {
-  NetworkService* network_service = context_->network_service();
+  context_->client()->OnSSLCertificateError(process_id, render_frame_id, url,
-  network_service->client()->OnSSLCertificateError(process_id, render_frame_id,
+                                            net_error, ssl_info, fatal,
-                                                   url, net_error, ssl_info,
+                                            std::move(callback));
-                                                   fatal, std::move(callback));
 }
 void WebSocketFactory::Remove(WebSocket* impl) {