diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-02-11 12:48:48 +0100 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-02-11 14:26:02 +0000 |
commit | 3b19a50d912712be99b82f8c5c8af94db57a9eaf (patch) | |
tree | 810b148df137da97e9abae972d9c57dc36ed93cf /src | |
parent | 358f1398dcb531e906dbb1412f06222c32d1a91f (diff) |
Cleanup client cert store files
The files were not in the right places and wasn't split correctly in
domains.
Change-Id: Ia0d3b1c8f9bc6082f338a09cb64c4bb4b1aa16ad
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
Diffstat (limited to 'src')
-rw-r--r-- | src/core/api/core_api.pro | 1 | ||||
-rw-r--r-- | src/core/api/qwebengineclientcertificatestore.cpp (renamed from src/core/qwebengineclientcertificatestore.cpp) | 162 | ||||
-rw-r--r-- | src/core/api/qwebengineclientcertificatestore.h | 10 | ||||
-rw-r--r-- | src/core/content_browser_client_qt.cpp | 5 | ||||
-rw-r--r-- | src/core/core_chromium.pri | 8 | ||||
-rw-r--r-- | src/core/net/client_cert_override.cpp | 155 | ||||
-rw-r--r-- | src/core/net/client_cert_override.h (renamed from src/core/client_cert_override_p.h) | 11 | ||||
-rw-r--r-- | src/core/net/client_cert_store_data.cpp (renamed from src/core/client_cert_override_key.cpp) | 112 | ||||
-rw-r--r-- | src/core/net/client_cert_store_data.h (renamed from src/core/client_cert_override_key_p.h) | 42 | ||||
-rw-r--r-- | src/core/profile_io_data_qt.cpp | 12 | ||||
-rw-r--r-- | src/core/profile_io_data_qt.h | 3 | ||||
-rw-r--r-- | src/core/resource_context_qt.h | 1 |
12 files changed, 307 insertions, 215 deletions
diff --git a/src/core/api/core_api.pro b/src/core/api/core_api.pro index d6ef81add..4d3ddcc8e 100644 --- a/src/core/api/core_api.pro +++ b/src/core/api/core_api.pro @@ -50,6 +50,7 @@ HEADERS = \ SOURCES = \ qtwebenginecoreglobal.cpp \ + qwebengineclientcertificatestore.cpp \ qwebenginecookiestore.cpp \ qwebenginehttprequest.cpp \ qwebenginenotification.cpp \ diff --git a/src/core/qwebengineclientcertificatestore.cpp b/src/core/api/qwebengineclientcertificatestore.cpp index 08f4389d7..471b31326 100644 --- a/src/core/qwebengineclientcertificatestore.cpp +++ b/src/core/api/qwebengineclientcertificatestore.cpp @@ -37,34 +37,9 @@ ** ****************************************************************************/ -#include "api/qwebengineclientcertificatestore.h" -#include "client_cert_override_key_p.h" -#include "client_cert_override_p.h" +#include "qwebengineclientcertificatestore.h" -#include "base/bind.h" -#include "base/bind_helpers.h" -#include "base/task/post_task.h" -#include "base/callback_forward.h" - -#include "net/ssl/client_cert_store.h" -#include "net/ssl/ssl_cert_request_info.h" -#include "net/cert/x509_certificate.h" - -#include "third_party/boringssl/src/include/openssl/pem.h" -#include "third_party/boringssl/src/include/openssl/err.h" -#include "third_party/boringssl/src/include/openssl/evp.h" - -#if defined(USE_NSS_CERTS) -#include "net/ssl/client_cert_store_nss.h" -#endif - -#if defined(OS_WIN) -#include "net/ssl/client_cert_store_win.h" -#endif - -#if defined(OS_MACOSX) -#include "net/ssl/client_cert_store_mac.h" -#endif +#include "net/client_cert_store_data.h" #include <QByteArray> #include <QList> @@ -73,19 +48,7 @@ QT_BEGIN_NAMESPACE #if QT_CONFIG(ssl) -typedef struct OverrideData { - QSslKey key; - QSslCertificate certificate; - scoped_refptr<net::X509Certificate> certPtr; - scoped_refptr<net::SSLPrivateKey> keyPtr; -} OverrideData; - -struct QWebEngineClientCertificateStoreData { - QList<OverrideData*> deletedCerts; -}; - -static QList<OverrideData*> ClientCertOverrideData; -QWebEngineClientCertificateStore *QWebEngineClientCertificateStore::m_instance = NULL; +QWebEngineClientCertificateStore *QWebEngineClientCertificateStore::m_instance = nullptr; /*! \class QWebEngineClientCertificateStore::Entry @@ -107,8 +70,8 @@ QWebEngineClientCertificateStore *QWebEngineClientCertificateStore::m_instance = */ QWebEngineClientCertificateStore::QWebEngineClientCertificateStore() + : d_ptr(new QtWebEngineCore::ClientCertificateStoreData) { - this->d_ptr = new QWebEngineClientCertificateStoreData; } /*! @@ -119,9 +82,6 @@ QWebEngineClientCertificateStore::~QWebEngineClientCertificateStore() { // Just in case user has not deleted in-memory certificates clear(); - - qDeleteAll(d_ptr->deletedCerts); - delete d_ptr; } /*! @@ -141,17 +101,7 @@ QWebEngineClientCertificateStore *QWebEngineClientCertificateStore::getInstance( void QWebEngineClientCertificateStore::add(const QSslCertificate &certificate, const QSslKey &privateKey) { - - QByteArray sslKeyInBytes = privateKey.toPem(); - QByteArray certInBytes = certificate.toDer(); - - OverrideData* data = new OverrideData; - data->keyPtr = net::WrapOpenSSLPrivateKey(sslKeyInBytes); - data->certPtr = net::X509Certificate::CreateFromBytes( - certInBytes.data(), certInBytes.length()); - data->key = privateKey; - data->certificate = certificate; - ClientCertOverrideData.append(data); + d_ptr->add(certificate, privateKey); } /*! @@ -162,7 +112,7 @@ void QWebEngineClientCertificateStore::add(const QSslCertificate &certificate, c QList<QWebEngineClientCertificateStore::Entry> QWebEngineClientCertificateStore::toList() const { QList<Entry> certificateList; - for (auto data : ClientCertOverrideData) { + for (auto data : qAsConst(d_ptr->addedCerts)) { Entry entry; entry.certificate = data->certificate; entry.privateKey = data->key; @@ -178,13 +128,16 @@ QList<QWebEngineClientCertificateStore::Entry> QWebEngineClientCertificateStore: void QWebEngineClientCertificateStore::remove(Entry entry) { - QMutableListIterator<OverrideData*> iterator(ClientCertOverrideData); - while (iterator.hasNext()) { - auto overrideData = iterator.next(); + auto it = d_ptr->addedCerts.begin(); + const auto end = d_ptr->addedCerts.end(); + while (it != end) { + auto *overrideData = *it; if (entry.certificate.toDer() == overrideData->certificate.toDer()) { d_ptr->deletedCerts.append(overrideData); - iterator.remove(); + it = d_ptr->addedCerts.erase(it); + continue; } + ++it; } } @@ -194,95 +147,10 @@ void QWebEngineClientCertificateStore::remove(Entry entry) void QWebEngineClientCertificateStore::clear() { - for (auto data : ClientCertOverrideData) - d_ptr->deletedCerts.append(data); - ClientCertOverrideData.clear(); + d_ptr->deletedCerts.append(d_ptr->addedCerts); + d_ptr->addedCerts.clear(); } #endif // QT_CONFIG(ssl) QT_END_NAMESPACE - -namespace net { - -namespace { - -class ClientCertIdentityOverride : public ClientCertIdentity { -public: - ClientCertIdentityOverride( - scoped_refptr<net::X509Certificate> cert, - scoped_refptr<net::SSLPrivateKey> key) - : ClientCertIdentity(std::move(cert)), - key_(std::move(key)) {} - ~ClientCertIdentityOverride() override = default; - - void AcquirePrivateKey( - const base::Callback<void(scoped_refptr<SSLPrivateKey>)>& - private_key_callback) override - { - private_key_callback.Run(key_); - } - -#if defined(OS_MACOSX) - SecIdentityRef sec_identity_ref() const override - { - return nullptr; - } -#endif - -private: - scoped_refptr<net::SSLPrivateKey> key_; -}; - -} // namespace - - -ClientCertOverrideStore::ClientCertOverrideStore() - : ClientCertStore() -{ -} - -ClientCertOverrideStore::~ClientCertOverrideStore() -{ -} - -void ClientCertOverrideStore::GetClientCerts(const SSLCertRequestInfo &cert_request_info, - const ClientCertListCallback &callback) -{ -#if QT_CONFIG(ssl) - // Look for certificates in memory store - for (int i = 0; i < ClientCertOverrideData.length(); i++) { - scoped_refptr<net::X509Certificate> cert = ClientCertOverrideData[i]->certPtr; - if (cert != NULL && cert->IsIssuedByEncoded(cert_request_info.cert_authorities)) { - ClientCertIdentityList selected_identities; - selected_identities.push_back(std::make_unique<ClientCertIdentityOverride>(cert, ClientCertOverrideData[i]->keyPtr)); - callback.Run(std::move(selected_identities)); - return; - } - } -#endif // QT_CONFIG(ssl) - - // Continue with native cert store if matching certificate is not found in memory - std::unique_ptr<net::ClientCertStore> store = getNativeStore(); - if (store != NULL) { - store->GetClientCerts(cert_request_info, callback); - return; - } - - callback.Run(ClientCertIdentityList()); - return; -} - -std::unique_ptr<net::ClientCertStore> ClientCertOverrideStore::getNativeStore() -{ -#if defined(USE_NSS_CERTS) - return std::unique_ptr<net::ClientCertStore>(new net::ClientCertStoreNSS(net::ClientCertStoreNSS::PasswordDelegateFactory())); -#elif defined(OS_WIN) - return std::unique_ptr<net::ClientCertStore>(new net::ClientCertStoreWin()); -#elif defined(OS_MACOSX) - return std::unique_ptr<net::ClientCertStore>(new net::ClientCertStoreMac()); -#else - return nullptr; -#endif -} -} diff --git a/src/core/api/qwebengineclientcertificatestore.h b/src/core/api/qwebengineclientcertificatestore.h index 6ba998465..c0bd66e2b 100644 --- a/src/core/api/qwebengineclientcertificatestore.h +++ b/src/core/api/qwebengineclientcertificatestore.h @@ -42,14 +42,19 @@ #include <QtWebEngineCore/qtwebenginecoreglobal.h> +#include <QtCore/qscopedpointer.h> #include <QtNetwork/qsslcertificate.h> #include <QtNetwork/qsslkey.h> +namespace QtWebEngineCore { +class ClientCertOverrideStore; +struct ClientCertificateStoreData; +} + QT_BEGIN_NAMESPACE #if QT_CONFIG(ssl) -struct QWebEngineClientCertificateStoreData; class QWEBENGINECORE_EXPORT QWebEngineClientCertificateStore { @@ -66,12 +71,13 @@ public: void clear(); private: + friend class QtWebEngineCore::ClientCertOverrideStore; static QWebEngineClientCertificateStore *m_instance; Q_DISABLE_COPY(QWebEngineClientCertificateStore) QWebEngineClientCertificateStore(); ~QWebEngineClientCertificateStore(); - QWebEngineClientCertificateStoreData *d_ptr; + QScopedPointer<QtWebEngineCore::ClientCertificateStoreData> d_ptr; }; #endif // QT_CONFIG(ssl) diff --git a/src/core/content_browser_client_qt.cpp b/src/core/content_browser_client_qt.cpp index a9959a82b..3eb224797 100644 --- a/src/core/content_browser_client_qt.cpp +++ b/src/core/content_browser_client_qt.cpp @@ -76,6 +76,7 @@ #include "mojo/public/cpp/bindings/binding_set.h" #include "printing/buildflags/buildflags.h" #include "net/ssl/client_cert_identity.h" +#include "net/ssl/client_cert_store.h" #include "services/proxy_resolver/proxy_resolver_service.h" #include "services/service_manager/public/cpp/connector.h" #include "services/service_manager/public/cpp/service.h" @@ -91,7 +92,6 @@ #include "qtwebengine/grit/qt_webengine_resources.h" -#include "client_cert_override_p.h" #include "profile_adapter.h" #include "browser_main_parts_qt.h" #include "browser_message_filter_qt.h" @@ -108,6 +108,7 @@ #include "printing/printing_message_filter_qt.h" #endif #include "profile_qt.h" +#include "profile_io_data_qt.h" #include "quota_permission_context_qt.h" #include "renderer_host/user_resource_controller_host.h" #include "service/service_qt.h" @@ -401,7 +402,7 @@ std::unique_ptr<net::ClientCertStore> ContentBrowserClientQt::CreateClientCertSt if (!resource_context) return nullptr; - return std::unique_ptr<net::ClientCertStore>(new net::ClientCertOverrideStore()); + return ProfileIODataQt::FromResourceContext(resource_context)->CreateClientCertStore(); } std::string ContentBrowserClientQt::GetApplicationLocale() diff --git a/src/core/core_chromium.pri b/src/core/core_chromium.pri index aa595036d..27b6e4190 100644 --- a/src/core/core_chromium.pri +++ b/src/core/core_chromium.pri @@ -48,7 +48,6 @@ SOURCES = \ browser_message_filter_qt.cpp \ certificate_error_controller.cpp \ chromium_overrides.cpp \ - client_cert_override_key.cpp \ client_cert_select_controller.cpp \ clipboard_qt.cpp \ color_chooser_qt.cpp \ @@ -77,6 +76,8 @@ SOURCES = \ login_delegate_qt.cpp \ media_capture_devices_dispatcher.cpp \ native_web_keyboard_event_qt.cpp \ + net/client_cert_override.cpp \ + net/client_cert_store_data.cpp \ net/cookie_monster_delegate_qt.cpp \ net/custom_protocol_handler.cpp \ net/network_delegate_qt.cpp \ @@ -106,7 +107,6 @@ SOURCES = \ profile_io_data_qt.cpp \ quota_permission_context_qt.cpp \ quota_request_controller_impl.cpp \ - qwebengineclientcertificatestore.cpp \ register_protocol_handler_request_controller_impl.cpp \ render_view_context_menu_qt.cpp \ render_view_observer_host_qt.cpp \ @@ -150,8 +150,6 @@ HEADERS = \ certificate_error_controller_p.h \ certificate_error_controller.h \ chromium_overrides.h \ - client_cert_override_key_p.h \ - client_cert_override_p.h \ client_cert_select_controller.h \ clipboard_qt.h \ command_line_pref_store_qt.h \ @@ -183,6 +181,8 @@ HEADERS = \ locked_ptr.h \ login_delegate_qt.h \ media_capture_devices_dispatcher.h \ + net/client_cert_override.h \ + net/client_cert_store_data.h \ net/cookie_monster_delegate_qt.h \ net/custom_protocol_handler.h \ net/network_delegate_qt.h \ diff --git a/src/core/net/client_cert_override.cpp b/src/core/net/client_cert_override.cpp new file mode 100644 index 000000000..9f548c4d1 --- /dev/null +++ b/src/core/net/client_cert_override.cpp @@ -0,0 +1,155 @@ +/**************************************************************************** +** +** Copyright (C) 2018 The Qt Company Ltd. +** Contact: https://www.qt.io/licensing/ +** +** This file is part of the QtWebEngine module of the Qt Toolkit. +** +** $QT_BEGIN_LICENSE:LGPL$ +** Commercial License Usage +** Licensees holding valid commercial Qt licenses may use this file in +** accordance with the commercial license agreement provided with the +** Software or, alternatively, in accordance with the terms contained in +** a written agreement between you and The Qt Company. For licensing terms +** and conditions see https://www.qt.io/terms-conditions. For further +** information use the contact form at https://www.qt.io/contact-us. +** +** GNU Lesser General Public License Usage +** Alternatively, this file may be used under the terms of the GNU Lesser +** General Public License version 3 as published by the Free Software +** Foundation and appearing in the file LICENSE.LGPL3 included in the +** packaging of this file. Please review the following information to +** ensure the GNU Lesser General Public License version 3 requirements +** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. +** +** GNU General Public License Usage +** Alternatively, this file may be used under the terms of the GNU +** General Public License version 2.0 or (at your option) the GNU General +** Public license version 3 or any later version approved by the KDE Free +** Qt Foundation. The licenses are as published by the Free Software +** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 +** included in the packaging of this file. Please review the following +** information to ensure the GNU General Public License requirements will +** be met: https://www.gnu.org/licenses/gpl-2.0.html and +** https://www.gnu.org/licenses/gpl-3.0.html. +** +** $QT_END_LICENSE$ +** +****************************************************************************/ + +#include "net/client_cert_override.h" + +#include "base/bind.h" +#include "base/bind_helpers.h" +#include "base/task/post_task.h" +#include "base/callback_forward.h" +#include "net/ssl/client_cert_store.h" +#include "net/ssl/ssl_cert_request_info.h" +#include "net/ssl/ssl_private_key.h" +#include "net/cert/x509_certificate.h" +#include "third_party/boringssl/src/include/openssl/pem.h" +#include "third_party/boringssl/src/include/openssl/err.h" +#include "third_party/boringssl/src/include/openssl/evp.h" + +#include "api/qwebengineclientcertificatestore.h" +#include "net/client_cert_store_data.h" +#include "profile_io_data_qt.h" + +#include <QtNetwork/qtnetworkglobal.h> + +#if defined(USE_NSS_CERTS) +#include "net/ssl/client_cert_store_nss.h" +#endif + +#if defined(OS_WIN) +#include "net/ssl/client_cert_store_win.h" +#endif + +#if defined(OS_MACOSX) +#include "net/ssl/client_cert_store_mac.h" +#endif + +namespace { + +class ClientCertIdentityOverride : public net::ClientCertIdentity +{ +public: + ClientCertIdentityOverride( + scoped_refptr<net::X509Certificate> cert, + scoped_refptr<net::SSLPrivateKey> key) + : net::ClientCertIdentity(std::move(cert)), key_(std::move(key)) {} + ~ClientCertIdentityOverride() override = default; + + void AcquirePrivateKey( + const base::Callback<void(scoped_refptr<net::SSLPrivateKey>)> & + private_key_callback) override + { + private_key_callback.Run(key_); + } + +#if defined(OS_MACOSX) + SecIdentityRef sec_identity_ref() const override + { + return nullptr; + } +#endif + +private: + scoped_refptr<net::SSLPrivateKey> key_; +}; + +} // namespace + +namespace QtWebEngineCore { + +ClientCertOverrideStore::ClientCertOverrideStore() + : ClientCertStore() +{ +} + +ClientCertOverrideStore::~ClientCertOverrideStore() +{ +} + +void ClientCertOverrideStore::GetClientCerts(const net::SSLCertRequestInfo &cert_request_info, + const ClientCertListCallback &callback) +{ +#if QT_CONFIG(ssl) + QWebEngineClientCertificateStore *clientCertificateStore = QWebEngineClientCertificateStore::getInstance(); + const auto &clientCertOverrideData = clientCertificateStore->d_ptr->addedCerts; + // Look for certificates in memory store + for (int i = 0; i < clientCertOverrideData.length(); i++) { + scoped_refptr<net::X509Certificate> cert = clientCertOverrideData[i]->certPtr; + if (cert != NULL && cert->IsIssuedByEncoded(cert_request_info.cert_authorities)) { + net::ClientCertIdentityList selected_identities; + selected_identities.push_back(std::make_unique<ClientCertIdentityOverride>(cert, clientCertOverrideData[i]->keyPtr)); + callback.Run(std::move(selected_identities)); + return; + } + } +#endif // QT_CONFIG(ssl) + + // Continue with native cert store if matching certificate is not found in memory + std::unique_ptr<net::ClientCertStore> store = getNativeStore(); + if (store != NULL) { + store->GetClientCerts(cert_request_info, callback); + return; + } + + callback.Run(net::ClientCertIdentityList()); + return; +} + +std::unique_ptr<net::ClientCertStore> ClientCertOverrideStore::getNativeStore() +{ +#if defined(USE_NSS_CERTS) + return std::unique_ptr<net::ClientCertStore>(new net::ClientCertStoreNSS(net::ClientCertStoreNSS::PasswordDelegateFactory())); +#elif defined(OS_WIN) + return std::unique_ptr<net::ClientCertStore>(new net::ClientCertStoreWin()); +#elif defined(OS_MACOSX) + return std::unique_ptr<net::ClientCertStore>(new net::ClientCertStoreMac()); +#else + return nullptr; +#endif +} +} // namespace QtWebEngineCore diff --git a/src/core/client_cert_override_p.h b/src/core/net/client_cert_override.h index b222bf810..ed08a6b64 100644 --- a/src/core/client_cert_override_p.h +++ b/src/core/net/client_cert_override.h @@ -46,17 +46,22 @@ namespace net { class SSLCertRequestInfo; -class ClientCertOverrideStore : public ClientCertStore +} // namespace net + +namespace QtWebEngineCore { + +class ClientCertOverrideStore : public net::ClientCertStore { public: ClientCertOverrideStore(); virtual ~ClientCertOverrideStore() override; - void GetClientCerts(const SSLCertRequestInfo &cert_request_info, + void GetClientCerts(const net::SSLCertRequestInfo &cert_request_info, const ClientCertListCallback &callback) override; private: std::unique_ptr<net::ClientCertStore> getNativeStore(); }; -} // namespace net + +} // QtWebEngineCore #endif diff --git a/src/core/client_cert_override_key.cpp b/src/core/net/client_cert_store_data.cpp index 99ddf7466..ae4deed1c 100644 --- a/src/core/client_cert_override_key.cpp +++ b/src/core/net/client_cert_store_data.cpp @@ -1,6 +1,6 @@ /**************************************************************************** ** -** Copyright (C) 2018 The Qt Company Ltd. +** Copyright (C) 2019 The Qt Company Ltd. ** Contact: https://www.qt.io/licensing/ ** ** This file is part of the QtWebEngine module of the Qt Toolkit. @@ -37,101 +37,115 @@ ** ****************************************************************************/ -#ifndef CLIENT_CERT_OVERRIDE_KEY_H -#define CLIENT_CERT_OVERRIDE_KEY_H - -#include "client_cert_override_key_p.h" - -#include "third_party/boringssl/src/include/openssl/ssl.h" -#include "third_party/boringssl/src/include/openssl/digest.h" -#include "third_party/boringssl/src/include/openssl/evp.h" -#include "third_party/boringssl/src/include/openssl/rsa.h" -#include "third_party/boringssl/src/include/openssl/pem.h" - -#include <utility> -#include <QByteArray> +#include "net/client_cert_store_data.h" +#if QT_CONFIG(ssl) #include "base/logging.h" #include "base/macros.h" #include "base/memory/ptr_util.h" #include "net/base/net_errors.h" +#include "net/cert/x509_certificate.h" #include "net/ssl/ssl_platform_key_util.h" #include "net/ssl/ssl_private_key.h" #include "net/ssl/threaded_ssl_private_key.h" -namespace net { +#include "third_party/boringssl/src/include/openssl/ssl.h" +#include "third_party/boringssl/src/include/openssl/digest.h" +#include "third_party/boringssl/src/include/openssl/evp.h" +#include "third_party/boringssl/src/include/openssl/rsa.h" +#include "third_party/boringssl/src/include/openssl/pem.h" + +#include "QtCore/qbytearray.h" namespace { -class SSLPlatformKeyOverride : public ThreadedSSLPrivateKey::Delegate { +class SSLPlatformKeyOverride : public net::ThreadedSSLPrivateKey::Delegate { public: SSLPlatformKeyOverride(const QByteArray &sslKeyInBytes) { - mem_ = BIO_new_mem_buf(sslKeyInBytes, -1); - key_ = PEM_read_bio_PrivateKey(mem_, NULL, 0, NULL); + m_mem = BIO_new_mem_buf(sslKeyInBytes, -1); + m_key = PEM_read_bio_PrivateKey(m_mem, nullptr, nullptr, nullptr); } - ~SSLPlatformKeyOverride() override { - if (key_) - EVP_PKEY_free(key_); - if (mem_) - BIO_free(mem_); + ~SSLPlatformKeyOverride() override + { + if (m_key) + EVP_PKEY_free(m_key); + if (m_mem) + BIO_free(m_mem); } - Error Sign(uint16_t algorithm, - base::span<const uint8_t> input, - std::vector<uint8_t>* signature) override { + net::Error Sign(uint16_t algorithm, base::span<const uint8_t> input, std::vector<uint8_t> *signature) override + { bssl::ScopedEVP_MD_CTX ctx; - EVP_PKEY_CTX* pctx; + EVP_PKEY_CTX *pctx; if (!EVP_DigestSignInit(ctx.get(), &pctx, SSL_get_signature_algorithm_digest(algorithm), - nullptr, key_)) { - return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; + nullptr, m_key)) { + return net::ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; } if (SSL_is_signature_algorithm_rsa_pss(algorithm)) { if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) || !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1 /* hash length */)) { - return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; + return net::ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; } } size_t sig_len = 0; if (!EVP_DigestSign(ctx.get(), NULL, &sig_len, input.data(), input.size())) - return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; + return net::ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; signature->resize(sig_len); - if (!EVP_DigestSign(ctx.get(), signature->data(), &sig_len, input.data(), - input.size())) { - return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; - } + if (!EVP_DigestSign(ctx.get(), signature->data(), &sig_len, input.data(), input.size())) + return net::ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; signature->resize(sig_len); - return OK; + return net::OK; } - std::vector<uint16_t> GetAlgorithmPreferences() override { - return { - SSL_SIGN_RSA_PKCS1_SHA1, SSL_SIGN_RSA_PKCS1_SHA512, - SSL_SIGN_RSA_PKCS1_SHA384, SSL_SIGN_RSA_PKCS1_SHA256, - }; + std::vector<uint16_t> GetAlgorithmPreferences() override + { + return { SSL_SIGN_RSA_PKCS1_SHA1, SSL_SIGN_RSA_PKCS1_SHA512 + , SSL_SIGN_RSA_PKCS1_SHA384, SSL_SIGN_RSA_PKCS1_SHA256 }; } private: - EVP_PKEY* key_; - BIO * mem_; + EVP_PKEY *m_key; + BIO *m_mem; DISALLOW_COPY_AND_ASSIGN(SSLPlatformKeyOverride); }; -} // namespace - -scoped_refptr<SSLPrivateKey> WrapOpenSSLPrivateKey(const QByteArray &sslKeyInBytes) { +scoped_refptr<net::SSLPrivateKey> wrapOpenSSLPrivateKey(const QByteArray &sslKeyInBytes) +{ if (sslKeyInBytes.isEmpty()) return nullptr; - return base::MakeRefCounted<ThreadedSSLPrivateKey>( + return base::MakeRefCounted<net::ThreadedSSLPrivateKey>( std::make_unique<SSLPlatformKeyOverride>(sslKeyInBytes), - GetSSLPlatformKeyTaskRunner()); + net::GetSSLPlatformKeyTaskRunner()); +} + +} // namespace + +namespace QtWebEngineCore { + +void ClientCertificateStoreData::add(const QSslCertificate &certificate, const QSslKey &privateKey) +{ + QByteArray sslKeyInBytes = privateKey.toPem(); + QByteArray certInBytes = certificate.toDer(); + + Entry *data = new Entry; + data->keyPtr = wrapOpenSSLPrivateKey(sslKeyInBytes); + data->certPtr = net::X509Certificate::CreateFromBytes(certInBytes.data(), certInBytes.length()); + data->key = privateKey; + data->certificate = certificate; + addedCerts.append(data); +} + +ClientCertificateStoreData::~ClientCertificateStoreData() +{ + qDeleteAll(deletedCerts); } -} // namespace net +} // namespace QtWebEngineCore #endif diff --git a/src/core/client_cert_override_key_p.h b/src/core/net/client_cert_store_data.h index 7ac610be4..41dc1f8ec 100644 --- a/src/core/client_cert_override_key_p.h +++ b/src/core/net/client_cert_store_data.h @@ -1,6 +1,6 @@ /**************************************************************************** ** -** Copyright (C) 2018 The Qt Company Ltd. +** Copyright (C) 2019 The Qt Company Ltd. ** Contact: https://www.qt.io/licensing/ ** ** This file is part of the QtWebEngine module of the Qt Toolkit. @@ -37,16 +37,42 @@ ** ****************************************************************************/ -#ifndef CLIENT_CERT_OVERRIDE_KEY_P_H -#define CLIENT_CERT_OVERRIDE_KEY_P_H +#ifndef CLIENT_CERT_STORE_DATA_H +#define CLIENT_CERT_STORE_DATA_H -#include "net/ssl/ssl_private_key.h" +#include "qtwebenginecoreglobal.h" +#include "qtnetworkglobal.h" -#include <QByteArray> +#if QT_CONFIG(ssl) +#include "base/memory/ref_counted.h" + +#include <QtCore/qlist.h> +#include <QtNetwork/qsslcertificate.h> +#include <QtNetwork/qsslkey.h> namespace net { - class SSLPrivateKey; - scoped_refptr<SSLPrivateKey> WrapOpenSSLPrivateKey(const QByteArray &sslKeyInBytes); -} // namespace net +class SSLPrivateKey; +class X509Certificate; +} + +namespace QtWebEngineCore { + +struct ClientCertificateStoreData { + struct Entry { + QSslKey key; + QSslCertificate certificate; + scoped_refptr<net::X509Certificate> certPtr; + scoped_refptr<net::SSLPrivateKey> keyPtr; + }; + + ~ClientCertificateStoreData(); + void add(const QSslCertificate &certificate, const QSslKey &privateKey); + + QList<Entry*> addedCerts; + QList<Entry*> deletedCerts; +}; + +} // namespace QtWebEngineCore #endif +#endif // CLIENT_CERT_STORE_DATA_H diff --git a/src/core/profile_io_data_qt.cpp b/src/core/profile_io_data_qt.cpp index 4815b8749..e44354029 100644 --- a/src/core/profile_io_data_qt.cpp +++ b/src/core/profile_io_data_qt.cpp @@ -78,6 +78,7 @@ #include "services/file/user_id_map.h" #include "services/network/proxy_service_mojo.h" +#include "net/client_cert_override.h" #include "net/cookie_monster_delegate_qt.h" #include "net/custom_protocol_handler.h" #include "net/network_delegate_qt.h" @@ -791,4 +792,15 @@ void ProfileIODataQt::updateUsedForGlobalCertificateVerification() base::BindOnce(&ProfileIODataQt::setGlobalCertificateVerification, m_weakPtr)); } +std::unique_ptr<net::ClientCertStore> ProfileIODataQt::CreateClientCertStore() +{ + return std::unique_ptr<net::ClientCertStore>(new ClientCertOverrideStore()); +} + +// static +ProfileIODataQt *ProfileIODataQt::FromResourceContext(content::ResourceContext *resource_context) +{ + return static_cast<ResourceContextQt *>(resource_context)->m_io_data; +} + } // namespace QtWebEngineCore diff --git a/src/core/profile_io_data_qt.h b/src/core/profile_io_data_qt.h index 407d0d6f2..4694ae350 100644 --- a/src/core/profile_io_data_qt.h +++ b/src/core/profile_io_data_qt.h @@ -51,6 +51,7 @@ #include <QtCore/QMutex> namespace net { +class ClientCertStore; class DhcpPacFileFetcherFactory; class HttpAuthPreferences; class HttpNetworkSession; @@ -120,6 +121,8 @@ public: void updateUsedForGlobalCertificateVerification(); // runs on ui thread bool hasPageInterceptors(); + std::unique_ptr<net::ClientCertStore> CreateClientCertStore(); + static ProfileIODataQt *FromResourceContext(content::ResourceContext *resource_context); private: ProfileQt *m_profile; std::unique_ptr<net::URLRequestContextStorage> m_storage; diff --git a/src/core/resource_context_qt.h b/src/core/resource_context_qt.h index 08359c79c..ccbe2c364 100644 --- a/src/core/resource_context_qt.h +++ b/src/core/resource_context_qt.h @@ -69,6 +69,7 @@ public: extensions::ExtensionSystemQt* GetExtensionSystem(); #endif // BUILDFLAG(ENABLE_EXTENSIONS) private: + friend class ProfileIODataQt; ProfileIODataQt* m_io_data; DISALLOW_COPY_AND_ASSIGN(ResourceContextQt); }; |