Cleanup client cert store files

The files were not in the right places and wasn't split correctly in
domains.

Change-Id: Ia0d3b1c8f9bc6082f338a09cb64c4bb4b1aa16ad
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>

4 files changed, 452 insertions, 0 deletions

diff --git a/src/core/net/client_cert_override.cpp b/src/core/net/client_cert_override.cpp
new file mode 100644
index 000000000..9f548c4d1
--- /dev/null
+++ b/src/core/net/client_cert_override.cpp
@@ -0,0 +1,155 @@
+/****************************************************************************
+**
+** Copyright (C) 2018 The Qt Company Ltd.
+** Contact: https://www.qt.io/licensing/
+**
+** This file is part of the QtWebEngine module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and The Qt Company. For licensing terms
+** and conditions see https://www.qt.io/terms-conditions. For further
+** information use the contact form at https://www.qt.io/contact-us.
+**
+** GNU Lesser General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU Lesser
+** General Public License version 3 as published by the Free Software
+** Foundation and appearing in the file LICENSE.LGPL3 included in the
+** packaging of this file. Please review the following information to
+** ensure the GNU Lesser General Public License version 3 requirements
+** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 2.0 or (at your option) the GNU General
+** Public license version 3 or any later version approved by the KDE Free
+** Qt Foundation. The licenses are as published by the Free Software
+** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
+** included in the packaging of this file. Please review the following
+** information to ensure the GNU General Public License requirements will
+** be met: https://www.gnu.org/licenses/gpl-2.0.html and
+** https://www.gnu.org/licenses/gpl-3.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#include "net/client_cert_override.h"
+
+#include "base/bind.h"
+#include "base/bind_helpers.h"
+#include "base/task/post_task.h"
+#include "base/callback_forward.h"
+#include "net/ssl/client_cert_store.h"
+#include "net/ssl/ssl_cert_request_info.h"
+#include "net/ssl/ssl_private_key.h"
+#include "net/cert/x509_certificate.h"
+#include "third_party/boringssl/src/include/openssl/pem.h"
+#include "third_party/boringssl/src/include/openssl/err.h"
+#include "third_party/boringssl/src/include/openssl/evp.h"
+
+#include "api/qwebengineclientcertificatestore.h"
+#include "net/client_cert_store_data.h"
+#include "profile_io_data_qt.h"
+
+#include <QtNetwork/qtnetworkglobal.h>
+
+#if defined(USE_NSS_CERTS)
+#include "net/ssl/client_cert_store_nss.h"
+#endif
+
+#if defined(OS_WIN)
+#include "net/ssl/client_cert_store_win.h"
+#endif
+
+#if defined(OS_MACOSX)
+#include "net/ssl/client_cert_store_mac.h"
+#endif
+
+namespace {
+
+class ClientCertIdentityOverride : public net::ClientCertIdentity
+{
+public:
+    ClientCertIdentityOverride(
+            scoped_refptr<net::X509Certificate> cert,
+            scoped_refptr<net::SSLPrivateKey> key)
+        : net::ClientCertIdentity(std::move(cert)), key_(std::move(key)) {}
+    ~ClientCertIdentityOverride() override = default;
+
+    void AcquirePrivateKey(
+            const base::Callback<void(scoped_refptr<net::SSLPrivateKey>)> &
+                    private_key_callback) override
+    {
+        private_key_callback.Run(key_);
+    }
+
+#if defined(OS_MACOSX)
+    SecIdentityRef sec_identity_ref() const override
+    {
+        return nullptr;
+    }
+#endif
+
+private:
+    scoped_refptr<net::SSLPrivateKey> key_;
+};
+
+} // namespace
+
+namespace QtWebEngineCore {
+
+ClientCertOverrideStore::ClientCertOverrideStore()
+    : ClientCertStore()
+{
+}
+
+ClientCertOverrideStore::~ClientCertOverrideStore()
+{
+}
+
+void ClientCertOverrideStore::GetClientCerts(const net::SSLCertRequestInfo &cert_request_info,
+                                             const ClientCertListCallback &callback)
+{
+#if QT_CONFIG(ssl)
+    QWebEngineClientCertificateStore *clientCertificateStore = QWebEngineClientCertificateStore::getInstance();
+    const auto &clientCertOverrideData = clientCertificateStore->d_ptr->addedCerts;
+    // Look for certificates in memory store
+    for (int i = 0; i < clientCertOverrideData.length(); i++) {
+        scoped_refptr<net::X509Certificate> cert = clientCertOverrideData[i]->certPtr;
+        if (cert != NULL && cert->IsIssuedByEncoded(cert_request_info.cert_authorities)) {
+            net::ClientCertIdentityList selected_identities;
+            selected_identities.push_back(std::make_unique<ClientCertIdentityOverride>(cert, clientCertOverrideData[i]->keyPtr));
+            callback.Run(std::move(selected_identities));
+            return;
+        }
+    }
+#endif // QT_CONFIG(ssl)
+
+    // Continue with native cert store if matching certificate is not found in memory
+    std::unique_ptr<net::ClientCertStore> store = getNativeStore();
+    if (store != NULL) {
+        store->GetClientCerts(cert_request_info, callback);
+        return;
+    }
+
+    callback.Run(net::ClientCertIdentityList());
+    return;
+}
+
+std::unique_ptr<net::ClientCertStore> ClientCertOverrideStore::getNativeStore()
+{
+#if defined(USE_NSS_CERTS)
+    return std::unique_ptr<net::ClientCertStore>(new net::ClientCertStoreNSS(net::ClientCertStoreNSS::PasswordDelegateFactory()));
+#elif defined(OS_WIN)
+    return std::unique_ptr<net::ClientCertStore>(new net::ClientCertStoreWin());
+#elif defined(OS_MACOSX)
+    return std::unique_ptr<net::ClientCertStore>(new net::ClientCertStoreMac());
+#else
+    return nullptr;
+#endif
+}
+} // namespace QtWebEngineCore
diff --git a/src/core/net/client_cert_override.h b/src/core/net/client_cert_override.h
new file mode 100644
index 000000000..ed08a6b64
--- /dev/null
+++ b/src/core/net/client_cert_override.h
@@ -0,0 +1,68 @@
+/****************************************************************************
+**
+** Copyright (C) 2018 The Qt Company Ltd.
+** Contact: https://www.qt.io/licensing/
+**
+** This file is part of the QtWebEngine module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and The Qt Company. For licensing terms
+** and conditions see https://www.qt.io/terms-conditions. For further
+** information use the contact form at https://www.qt.io/contact-us.
+**
+** GNU Lesser General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU Lesser
+** General Public License version 3 as published by the Free Software
+** Foundation and appearing in the file LICENSE.LGPL3 included in the
+** packaging of this file. Please review the following information to
+** ensure the GNU Lesser General Public License version 3 requirements
+** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 2.0 or (at your option) the GNU General
+** Public license version 3 or any later version approved by the KDE Free
+** Qt Foundation. The licenses are as published by the Free Software
+** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
+** included in the packaging of this file. Please review the following
+** information to ensure the GNU General Public License requirements will
+** be met: https://www.gnu.org/licenses/gpl-2.0.html and
+** https://www.gnu.org/licenses/gpl-3.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#ifndef CLIENT_CERT_OVERRIDE_P_H
+#define CLIENT_CERT_OVERRIDE_P_H
+
+#include "net/ssl/client_cert_store.h"
+#include "base/callback_forward.h"
+#include "net/cert/x509_certificate.h"
+
+namespace net {
+class SSLCertRequestInfo;
+} // namespace net
+
+namespace QtWebEngineCore {
+
+class ClientCertOverrideStore : public net::ClientCertStore
+{
+public:
+    ClientCertOverrideStore();
+    virtual ~ClientCertOverrideStore() override;
+    void GetClientCerts(const net::SSLCertRequestInfo &cert_request_info,
+                        const ClientCertListCallback &callback) override;
+private:
+    std::unique_ptr<net::ClientCertStore> getNativeStore();
+};
+
+} // QtWebEngineCore
+
+#endif
+
+
diff --git a/src/core/net/client_cert_store_data.cpp b/src/core/net/client_cert_store_data.cpp
new file mode 100644
index 000000000..ae4deed1c
--- /dev/null
+++ b/src/core/net/client_cert_store_data.cpp
@@ -0,0 +1,151 @@
+/****************************************************************************
+**
+** Copyright (C) 2019 The Qt Company Ltd.
+** Contact: https://www.qt.io/licensing/
+**
+** This file is part of the QtWebEngine module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and The Qt Company. For licensing terms
+** and conditions see https://www.qt.io/terms-conditions. For further
+** information use the contact form at https://www.qt.io/contact-us.
+**
+** GNU Lesser General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU Lesser
+** General Public License version 3 as published by the Free Software
+** Foundation and appearing in the file LICENSE.LGPL3 included in the
+** packaging of this file. Please review the following information to
+** ensure the GNU Lesser General Public License version 3 requirements
+** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 2.0 or (at your option) the GNU General
+** Public license version 3 or any later version approved by the KDE Free
+** Qt Foundation. The licenses are as published by the Free Software
+** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
+** included in the packaging of this file. Please review the following
+** information to ensure the GNU General Public License requirements will
+** be met: https://www.gnu.org/licenses/gpl-2.0.html and
+** https://www.gnu.org/licenses/gpl-3.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#include "net/client_cert_store_data.h"
+
+#if QT_CONFIG(ssl)
+#include "base/logging.h"
+#include "base/macros.h"
+#include "base/memory/ptr_util.h"
+#include "net/base/net_errors.h"
+#include "net/cert/x509_certificate.h"
+#include "net/ssl/ssl_platform_key_util.h"
+#include "net/ssl/ssl_private_key.h"
+#include "net/ssl/threaded_ssl_private_key.h"
+
+#include "third_party/boringssl/src/include/openssl/ssl.h"
+#include "third_party/boringssl/src/include/openssl/digest.h"
+#include "third_party/boringssl/src/include/openssl/evp.h"
+#include "third_party/boringssl/src/include/openssl/rsa.h"
+#include "third_party/boringssl/src/include/openssl/pem.h"
+
+#include "QtCore/qbytearray.h"
+
+namespace {
+
+class SSLPlatformKeyOverride : public net::ThreadedSSLPrivateKey::Delegate {
+public:
+    SSLPlatformKeyOverride(const QByteArray &sslKeyInBytes)
+    {
+        m_mem = BIO_new_mem_buf(sslKeyInBytes, -1);
+        m_key = PEM_read_bio_PrivateKey(m_mem, nullptr, nullptr, nullptr);
+    }
+
+    ~SSLPlatformKeyOverride() override
+    {
+        if (m_key)
+            EVP_PKEY_free(m_key);
+        if (m_mem)
+            BIO_free(m_mem);
+    }
+
+    net::Error Sign(uint16_t algorithm, base::span<const uint8_t> input, std::vector<uint8_t> *signature) override
+    {
+        bssl::ScopedEVP_MD_CTX ctx;
+        EVP_PKEY_CTX *pctx;
+        if (!EVP_DigestSignInit(ctx.get(), &pctx,
+                                SSL_get_signature_algorithm_digest(algorithm),
+                                nullptr, m_key)) {
+            return net::ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED;
+        }
+
+        if (SSL_is_signature_algorithm_rsa_pss(algorithm)) {
+            if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
+                    !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1 /* hash length */)) {
+                return net::ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED;
+            }
+        }
+        size_t sig_len = 0;
+        if (!EVP_DigestSign(ctx.get(), NULL, &sig_len, input.data(), input.size()))
+            return net::ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED;
+        signature->resize(sig_len);
+        if (!EVP_DigestSign(ctx.get(), signature->data(), &sig_len, input.data(), input.size()))
+            return net::ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED;
+        signature->resize(sig_len);
+        return net::OK;
+    }
+
+    std::vector<uint16_t> GetAlgorithmPreferences() override
+    {
+        return { SSL_SIGN_RSA_PKCS1_SHA1, SSL_SIGN_RSA_PKCS1_SHA512
+               , SSL_SIGN_RSA_PKCS1_SHA384, SSL_SIGN_RSA_PKCS1_SHA256 };
+    }
+
+private:
+    EVP_PKEY *m_key;
+    BIO *m_mem;
+
+    DISALLOW_COPY_AND_ASSIGN(SSLPlatformKeyOverride);
+};
+
+scoped_refptr<net::SSLPrivateKey> wrapOpenSSLPrivateKey(const QByteArray &sslKeyInBytes)
+{
+    if (sslKeyInBytes.isEmpty())
+        return nullptr;
+
+    return base::MakeRefCounted<net::ThreadedSSLPrivateKey>(
+                std::make_unique<SSLPlatformKeyOverride>(sslKeyInBytes),
+                net::GetSSLPlatformKeyTaskRunner());
+}
+
+}  // namespace
+
+namespace QtWebEngineCore {
+
+void ClientCertificateStoreData::add(const QSslCertificate &certificate, const QSslKey &privateKey)
+{
+    QByteArray sslKeyInBytes = privateKey.toPem();
+    QByteArray certInBytes = certificate.toDer();
+
+    Entry *data = new Entry;
+    data->keyPtr = wrapOpenSSLPrivateKey(sslKeyInBytes);
+    data->certPtr = net::X509Certificate::CreateFromBytes(certInBytes.data(), certInBytes.length());
+    data->key = privateKey;
+    data->certificate = certificate;
+    addedCerts.append(data);
+}
+
+ClientCertificateStoreData::~ClientCertificateStoreData()
+{
+    qDeleteAll(deletedCerts);
+}
+
+} // namespace QtWebEngineCore
+
+#endif
diff --git a/src/core/net/client_cert_store_data.h b/src/core/net/client_cert_store_data.h
new file mode 100644
index 000000000..41dc1f8ec
--- /dev/null
+++ b/src/core/net/client_cert_store_data.h
@@ -0,0 +1,78 @@
+/****************************************************************************
+**
+** Copyright (C) 2019 The Qt Company Ltd.
+** Contact: https://www.qt.io/licensing/
+**
+** This file is part of the QtWebEngine module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and The Qt Company. For licensing terms
+** and conditions see https://www.qt.io/terms-conditions. For further
+** information use the contact form at https://www.qt.io/contact-us.
+**
+** GNU Lesser General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU Lesser
+** General Public License version 3 as published by the Free Software
+** Foundation and appearing in the file LICENSE.LGPL3 included in the
+** packaging of this file. Please review the following information to
+** ensure the GNU Lesser General Public License version 3 requirements
+** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 2.0 or (at your option) the GNU General
+** Public license version 3 or any later version approved by the KDE Free
+** Qt Foundation. The licenses are as published by the Free Software
+** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
+** included in the packaging of this file. Please review the following
+** information to ensure the GNU General Public License requirements will
+** be met: https://www.gnu.org/licenses/gpl-2.0.html and
+** https://www.gnu.org/licenses/gpl-3.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#ifndef CLIENT_CERT_STORE_DATA_H
+#define CLIENT_CERT_STORE_DATA_H
+
+#include "qtwebenginecoreglobal.h"
+#include "qtnetworkglobal.h"
+
+#if QT_CONFIG(ssl)
+#include "base/memory/ref_counted.h"
+
+#include <QtCore/qlist.h>
+#include <QtNetwork/qsslcertificate.h>
+#include <QtNetwork/qsslkey.h>
+
+namespace net {
+class SSLPrivateKey;
+class X509Certificate;
+}
+
+namespace QtWebEngineCore {
+
+struct ClientCertificateStoreData {
+    struct Entry {
+        QSslKey key;
+        QSslCertificate certificate;
+        scoped_refptr<net::X509Certificate> certPtr;
+        scoped_refptr<net::SSLPrivateKey> keyPtr;
+    };
+
+    ~ClientCertificateStoreData();
+    void add(const QSslCertificate &certificate, const QSslKey &privateKey);
+
+    QList<Entry*> addedCerts;
+    QList<Entry*> deletedCerts;
+};
+
+} // namespace QtWebEngineCore
+
+#endif
+#endif // CLIENT_CERT_STORE_DATA_H