Don't select a client certs for TabContents with no TabContentsWrapper.

BUG=104757 TEST=manual Review URL: http://codereview.chromium.org/8745020 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@112892 0039d316-1c4b-4281-b951-d872f2087c98

Don't select a client certs for TabContents with no TabContentsWrapper.
BUG=104757 TEST=manual Review URL: http://codereview.chromium.org/8745020 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@112892 0039d316-1c4b-4281-b951-d872f2087c98
6786bf40 · markusheintz@chromium.org · 2f2acade · 6786bf40 · 6786bf40 · 6786bf40
Commit 6786bf40 authored Dec 03, 2011 by markusheintz@chromium.org
3 changed files
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -19,6 +19,7 @@
 #include "chrome/browser/chrome_quota_permission_context.h"
 #include "chrome/browser/content_settings/content_settings_utils.h"
 #include "chrome/browser/content_settings/cookie_settings.h"
+#include "chrome/browser/content_settings/host_content_settings_map.h"
 #include "chrome/browser/content_settings/tab_specific_content_settings.h"
 #include "chrome/browser/download/download_util.h"
 #include "chrome/browser/extensions/extension_info_map.h"
@@ -208,6 +209,24 @@ RenderProcessHostPrivilege GetProcessPrivilege(
  return PRIV_EXTENSION;
 }
+bool CertMatchesFilter(const net::X509Certificate& cert,
+                       const base::DictionaryValue& filter) {
+  // TODO(markusheintz): This is the minimal required filter implementation.
+  // Implement a better matcher.
+  // An empty filter matches any client certificate since no requirements are
+  // specified at all.
+  if (filter.empty())
+    return true;
+  std::string common_name;
+  if (filter.GetString("ISSUER.CN", &common_name) &&
+      (cert.issuer().common_name == common_name)) {
+    return true;
+  }
+  return false;
+}
 }  // namespace
 namespace chrome {
@@ -855,9 +874,51 @@ void ChromeContentBrowserClient::SelectClientCertificate(
    return;
  }
+  net::SSLCertRequestInfo* cert_request_info = handler->cert_request_info();
+  GURL requesting_url("https://" + cert_request_info->host_and_port);
+  DCHECK(requesting_url.is_valid()) << "Invalid URL string: https://"
+                                    << cert_request_info->host_and_port;
+  Profile* profile = Profile::FromBrowserContext(tab->browser_context());
+  DCHECK(profile);
+  scoped_ptr<Value> filter(
+      profile->GetHostContentSettingsMap()->GetWebsiteSetting(
+          requesting_url,
+          requesting_url,
+          CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE,
+          std::string(), NULL));
+  if (filter.get()) {
+    // Try to automatically select a client certificate.
+    if (filter->IsType(Value::TYPE_DICTIONARY)) {
+      DictionaryValue* filter_dict =
+          static_cast<DictionaryValue*>(filter.get());
+      const std::vector<scoped_refptr<net::X509Certificate> >&
+          all_client_certs = cert_request_info->client_certs;
+      for (size_t i = 0; i < all_client_certs.size(); ++i) {
+        if (CertMatchesFilter(*all_client_certs[i], *filter_dict)) {
+          // Use the first certificate that is matched by the filter.
+          handler->CertificateSelected(all_client_certs[i]);
+          return;
+        }
+      }
+    } else {
+      NOTREACHED();
+    }
+  }
  TabContentsWrapper* wrapper =
      TabContentsWrapper::GetCurrentWrapperForContents(tab);
-  wrapper->ssl_helper()->SelectClientCertificate(handler);
+  if (!wrapper) {
+    LOG(ERROR) << " *** No TabcontentsWrapper for: " << tab->GetURL().spec();
+    // If there is no TabContentsWrapper for the given TabContents then we can't
+    // show the user a dialog to select a client certificate. So we simply
+    // cancel the request.
+    handler->CertificateSelected(NULL);
+    return;
+  }
+  wrapper->ssl_helper()->ShowClientCertificateRequestDialog(handler);
 }
 void ChromeContentBrowserClient::AddNewCertificate(

--- a/chrome/browser/tab_contents/tab_contents_ssl_helper.cc
+++ b/chrome/browser/tab_contents/tab_contents_ssl_helper.cc
@@ -41,24 +41,6 @@ gfx::Image* GetCertIcon() {
      IDR_INFOBAR_SAVE_PASSWORD);
 }
-bool CertMatchesFilter(const net::X509Certificate& cert,
-                       const base::DictionaryValue& filter) {
-  // TODO(markusheintz): This is the minimal required filter implementation.
-  // Implement a better matcher.
-  // An empty filter matches any client certificate since no requirements are
-  // specified at all.
-  if (filter.empty())
-    return true;
-  std::string common_name;
-  if (filter.GetString("ISSUER.CN", &common_name) &&
-      (cert.issuer().common_name == common_name)) {
-    return true;
-  }
-  return false;
-}
 // SSLCertAddedInfoBarDelegate ------------------------------------------------
 class SSLCertAddedInfoBarDelegate : public ConfirmInfoBarDelegate {
@@ -204,48 +186,6 @@ TabContentsSSLHelper::TabContentsSSLHelper(TabContentsWrapper* tab_contents)
 TabContentsSSLHelper::~TabContentsSSLHelper() {
 }
-void TabContentsSSLHelper::SelectClientCertificate(
-    scoped_refptr<SSLClientAuthHandler> handler) {
-  net::SSLCertRequestInfo* cert_request_info = handler->cert_request_info();
-  GURL requesting_url("https://" + cert_request_info->host_and_port);
-  DCHECK(requesting_url.is_valid()) << "Invalid URL string: https://"
-                                    << cert_request_info->host_and_port;
-  HostContentSettingsMap* map =
-      tab_contents_->profile()->GetHostContentSettingsMap();
-  scoped_ptr<Value> filter(map->GetWebsiteSetting(
-      requesting_url, requesting_url,
-      CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE,
-      std::string(), NULL));
-  scoped_refptr<net::X509Certificate> selected_cert;
-  if (filter.get()) {
-    // Try to automatically select a client certificate.
-    if (filter->IsType(Value::TYPE_DICTIONARY)) {
-      DictionaryValue* filter_dict =
-          static_cast<DictionaryValue*>(filter.get());
-      const std::vector<scoped_refptr<net::X509Certificate> >&
-          all_client_certs = cert_request_info->client_certs;
-      for (size_t i = 0; i < all_client_certs.size(); ++i) {
-        if (CertMatchesFilter(*all_client_certs[i], *filter_dict)) {
-          selected_cert = all_client_certs[i];
-          // Use the first certificate that is matched by the filter.
-          break;
-        }
-      }
-    } else {
-      NOTREACHED();
-    }
-  }
-  if (selected_cert) {
-    handler->CertificateSelected(selected_cert);
-  } else {
-    ShowClientCertificateRequestDialog(handler);
-  }
-}
 void TabContentsSSLHelper::ShowClientCertificateRequestDialog(
    scoped_refptr<SSLClientAuthHandler> handler) {
  browser::ShowSSLClientCertificateSelector(

--- a/chrome/browser/tab_contents/tab_contents_ssl_helper.h
+++ b/chrome/browser/tab_contents/tab_contents_ssl_helper.h
@@ -21,9 +21,6 @@ class TabContentsSSLHelper {
  explicit TabContentsSSLHelper(TabContentsWrapper* tab_contents);
  virtual ~TabContentsSSLHelper();
-  // Selects the client certificate to submit and returns it to the |handler|.
-  void SelectClientCertificate(scoped_refptr<SSLClientAuthHandler> handler);
  // Called when |handler| encounters an error in verifying a received client
  // certificate. Note that, because CAs often will not send us intermediate
  // certificates, the verification we can do is minimal: we verify the
@@ -50,12 +47,12 @@ class TabContentsSSLHelper {
  void OnAddClientCertificateFinished(
      scoped_refptr<SSLAddCertHandler> handler);
- private:
  // Displays a dialog for selecting a client certificate and returns it to
  // the |handler|.
  void ShowClientCertificateRequestDialog(
      scoped_refptr<SSLClientAuthHandler> handler);
+ private:
  TabContentsWrapper* tab_contents_;
  class SSLAddCertData;