Support --ignore-urlfetcher-cert-requests with URLLoader.

Bug: 903569 Change-Id: I2f031411f09cfbfcb006e3093a9e24ee5eeb23e6 Reviewed-on: https://chromium-review.googlesource.com/c/1327172 Commit-Queue: John Abd-El-Malek <jam@chromium.org> Reviewed-by: Matt Mueller <mattm@chromium.org> Cr-Commit-Position: refs/heads/master@{#607162}

Support --ignore-urlfetcher-cert-requests with URLLoader.
Bug: 903569 Change-Id: I2f031411f09cfbfcb006e3093a9e24ee5eeb23e6 Reviewed-on: https://chromium-review.googlesource.com/c/1327172 Commit-Queue: John Abd-El-Malek <jam@chromium.org> Reviewed-by: Matt Mueller <mattm@chromium.org> Cr-Commit-Position: refs/heads/master@{#607162}
91258a8f · John Abd-El-Malek · Commit Bot · b436a235 · 91258a8f · 91258a8f
Commit 91258a8f authored Nov 12, 2018 by John Abd-El-Malek Committed by Commit Bot Nov 12, 2018
10 changed files
--- a/chrome/browser/io_thread.cc
+++ b/chrome/browser/io_thread.cc
@@ -292,7 +292,7 @@ void IOThread::Init() {
  globals_->dns_probe_service =
      std::make_unique<chrome_browser_net::DnsProbeService>();

-  if (command_line.HasSwitch(switches::kIgnoreUrlFetcherCertRequests))
+  if (command_line.HasSwitch(network::switches::kIgnoreUrlFetcherCertRequests))
    net::URLFetcher::SetIgnoreCertificateRequests(true);

 #if defined(OS_MACOSX)

--- a/chrome/common/chrome_switches.cc
+++ b/chrome/common/chrome_switches.cc
@@ -384,12 +384,6 @@ const char kForceStackedTabStripLayout[]    = "force-stacked-tab-strip-layout";
 // http://google.com.
 const char kHomePage[]                      = "homepage";

-// Causes net::URLFetchers to ignore requests for SSL client certificates,
-// causing them to attempt an unauthenticated SSL/TLS session. This is intended
-// for use when testing various service URLs (eg: kPromoServerURL, kSbURLPrefix,
-// kSyncServiceURL, etc).
-const char kIgnoreUrlFetcherCertRequests[] = "ignore-urlfetcher-cert-requests";
-
 // Causes the browser to launch directly in incognito mode.
 const char kIncognito[]                     = "incognito";


--- a/chrome/common/chrome_switches.h
+++ b/chrome/common/chrome_switches.h
@@ -120,7 +120,6 @@ extern const char kForceFirstRunDialog[];
 extern const char kForceLocalNtp[];
 extern const char kForceStackedTabStripLayout[];
 extern const char kHomePage[];
-extern const char kIgnoreUrlFetcherCertRequests[];
 extern const char kIncognito[];
 extern const char kInstallChromeApp[];
 extern const char kInstallSupervisedUserWhitelists[];

--- a/chrome/common/service_process_util.cc
+++ b/chrome/common/service_process_util.cc
@@ -32,6 +32,7 @@
 #include "content/public/common/content_paths.h"
 #include "content/public/common/content_switches.h"
 #include "google_apis/gaia/gaia_switches.h"
+#include "services/network/public/cpp/network_switches.h"
 #include "ui/base/ui_base_switches.h"

 #if !defined(OS_MACOSX)
@@ -168,6 +169,7 @@ std::unique_ptr<base::CommandLine> CreateServiceProcessCommandLine() {
 #endif  // defined(OS_WIN)

  static const char* const kSwitchesToCopy[] = {
+    network::switches::kIgnoreUrlFetcherCertRequests,
    switches::kCloudPrintSetupProxy,
    switches::kCloudPrintURL,
    switches::kCloudPrintXmppEndpoint,
@@ -175,7 +177,6 @@ std::unique_ptr<base::CommandLine> CreateServiceProcessCommandLine() {
    switches::kEnableCloudPrintXps,
 #endif
    switches::kEnableLogging,
-    switches::kIgnoreUrlFetcherCertRequests,
    switches::kLang,
    switches::kLoggingLevel,
    switches::kLsoUrl,

--- a/chrome/service/service_process.cc
+++ b/chrome/service/service_process.cc
@@ -50,6 +50,7 @@
 #include "mojo/core/embedder/scoped_ipc_support.h"
 #include "net/base/network_change_notifier.h"
 #include "net/url_request/url_fetcher.h"
+#include "services/network/public/cpp/network_switches.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "ui/base/material_design/material_design_controller.h"
 #include "ui/base/resource/resource_bundle.h"
@@ -203,7 +204,7 @@ bool ServiceProcess::Initialize(base::OnceClosure quit_closure,
  service_prefs_->ReadPrefs();

  // This switch it required to run connector with test gaia.
-  if (command_line.HasSwitch(switches::kIgnoreUrlFetcherCertRequests))
+  if (command_line.HasSwitch(network::switches::kIgnoreUrlFetcherCertRequests))
    net::URLFetcher::SetIgnoreCertificateRequests(true);

  // Check if a locale override has been specified on the command-line.

--- a/content/browser/utility_process_host.cc
+++ b/content/browser/utility_process_host.cc
@@ -342,6 +342,7 @@ bool UtilityProcessHost::StartProcess() {
      network::switches::kForceEffectiveConnectionType,
      network::switches::kHostResolverRules,
      network::switches::kIgnoreCertificateErrorsSPKIList,
+      network::switches::kIgnoreUrlFetcherCertRequests,
      network::switches::kLogNetLog,
      network::switches::kNoReferrers,
      service_manager::switches::kNoSandbox,

--- a/services/network/public/cpp/network_switches.cc
+++ b/services/network/public/cpp/network_switches.cc
@@ -15,6 +15,12 @@ const char kForceEffectiveConnectionType[] = "force-effective-connection-type";
 // These mappings only apply to the host resolver.
 const char kHostResolverRules[] = "host-resolver-rules";

+// Causes net::URLFetchers to ignore requests for SSL client certificates,
+// causing them to attempt an unauthenticated SSL/TLS session. This is intended
+// for use when testing various service URLs (eg: kPromoServerURL, kSbURLPrefix,
+// kSyncServiceURL, etc).
+const char kIgnoreUrlFetcherCertRequests[] = "ignore-urlfetcher-cert-requests";
+
 // A set of public key hashes for which to ignore certificate-related errors.
 //
 // If the certificate chain presented by the server does not validate, and one

--- a/services/network/public/cpp/network_switches.h
+++ b/services/network/public/cpp/network_switches.h
@@ -16,6 +16,7 @@ COMPONENT_EXPORT(NETWORK_CPP)
 extern const char kHostResolverRules[];
 COMPONENT_EXPORT(NETWORK_CPP)
 extern const char kIgnoreCertificateErrorsSPKIList[];
+COMPONENT_EXPORT(NETWORK_CPP) extern const char kIgnoreUrlFetcherCertRequests[];
 COMPONENT_EXPORT(NETWORK_CPP) extern const char kLogNetLog[];
 COMPONENT_EXPORT(NETWORK_CPP) extern const char kSSLKeyLogFile[];
 COMPONENT_EXPORT(NETWORK_CPP) extern const char kNoReferrers[];

--- a/services/network/url_loader.cc
+++ b/services/network/url_loader.cc
@@ -9,6 +9,7 @@
 #include <utility>
 #include <vector>

+#include "base/command_line.h"
 #include "base/debug/alias.h"
 #include "base/debug/dump_without_crashing.h"
 #include "base/files/file.h"
@@ -35,6 +36,7 @@
 #include "services/network/network_usage_accumulator.h"
 #include "services/network/public/cpp/features.h"
 #include "services/network/public/cpp/net_adapters.h"
+#include "services/network/public/cpp/network_switches.h"
 #include "services/network/public/cpp/resource_request.h"
 #include "services/network/public/cpp/resource_response.h"
 #include "services/network/public/mojom/url_loader_factory.mojom.h"
@@ -658,6 +660,14 @@ void URLLoader::OnAuthRequired(net::URLRequest* url_request,

 void URLLoader::OnCertificateRequested(net::URLRequest* unused,
                                       net::SSLCertRequestInfo* cert_info) {
+  if (base::CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kIgnoreUrlFetcherCertRequests) &&
+      factory_params_->process_id == 0 &&
+      render_frame_id_ == MSG_ROUTING_NONE) {
+    url_request_->ContinueWithCertificate(nullptr, nullptr);
+    return;
+  }
+
  if (!network_service_client_) {
    OnCertificateRequestedResponse(nullptr, std::string(),
                                   std::vector<uint16_t>(), nullptr,

--- a/services/network/url_loader.h
+++ b/services/network/url_loader.h
@@ -193,7 +193,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader
  // store a raw pointer to mojom::URLLoaderFactoryParams.
  const mojom::URLLoaderFactoryParams* const factory_params_;

-  uint32_t render_frame_id_;
+  int render_frame_id_;
  uint32_t request_id_;
  const bool keepalive_;
  const bool do_not_prompt_for_login_;