1 files changed, 176 insertions, 0 deletions

diff --git a/src/core/net/client_cert_override.cpp b/src/core/net/client_cert_override.cpp
new file mode 100644
index 000000000..305f0cef0
--- /dev/null
+++ b/src/core/net/client_cert_override.cpp
@@ -0,0 +1,176 @@
+/****************************************************************************
+**
+** Copyright (C) 2018 The Qt Company Ltd.
+** Contact: https://www.qt.io/licensing/
+**
+** This file is part of the QtWebEngine module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and The Qt Company. For licensing terms
+** and conditions see https://www.qt.io/terms-conditions. For further
+** information use the contact form at https://www.qt.io/contact-us.
+**
+** GNU Lesser General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU Lesser
+** General Public License version 3 as published by the Free Software
+** Foundation and appearing in the file LICENSE.LGPL3 included in the
+** packaging of this file. Please review the following information to
+** ensure the GNU Lesser General Public License version 3 requirements
+** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 2.0 or (at your option) the GNU General
+** Public license version 3 or any later version approved by the KDE Free
+** Qt Foundation. The licenses are as published by the Free Software
+** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
+** included in the packaging of this file. Please review the following
+** information to ensure the GNU General Public License requirements will
+** be met: https://www.gnu.org/licenses/gpl-2.0.html and
+** https://www.gnu.org/licenses/gpl-3.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#include "client_cert_override.h"
+
+#include "base/bind.h"
+#include "base/bind_helpers.h"
+#include "base/task/post_task.h"
+#include "base/callback_forward.h"
+#include "content/public/browser/browser_task_traits.h"
+#include "net/ssl/client_cert_store.h"
+#include "net/ssl/ssl_cert_request_info.h"
+#include "net/ssl/ssl_private_key.h"
+#include "net/cert/x509_certificate.h"
+#include "third_party/boringssl/src/include/openssl/pem.h"
+#include "third_party/boringssl/src/include/openssl/err.h"
+#include "third_party/boringssl/src/include/openssl/evp.h"
+
+#include "client_cert_store_data.h"
+#include "profile_io_data_qt.h"
+
+#include <QtNetwork/qtnetworkglobal.h>
+
+#if defined(USE_NSS_CERTS)
+#include "net/ssl/client_cert_store_nss.h"
+#endif
+
+#if defined(OS_WIN)
+#include "net/ssl/client_cert_store_win.h"
+#endif
+
+#if defined(OS_MACOSX)
+#include "net/ssl/client_cert_store_mac.h"
+#endif
+
+namespace {
+
+class ClientCertIdentityOverride : public net::ClientCertIdentity
+{
+public:
+    ClientCertIdentityOverride(scoped_refptr<net::X509Certificate> cert, scoped_refptr<net::SSLPrivateKey> key)
+            : net::ClientCertIdentity(std::move(cert)), m_key(std::move(key)) {}
+    ~ClientCertIdentityOverride() override = default;
+
+    void AcquirePrivateKey(const base::Callback<void(scoped_refptr<net::SSLPrivateKey>)> &private_key_callback) override
+    {
+        private_key_callback.Run(m_key);
+    }
+
+#if defined(OS_MACOSX)
+    SecIdentityRef sec_identity_ref() const override
+    {
+        return nullptr;
+    }
+#endif
+
+private:
+    scoped_refptr<net::SSLPrivateKey> m_key;
+};
+
+} // namespace
+
+namespace QtWebEngineCore {
+
+ClientCertOverrideStore::ClientCertOverrideStore(ClientCertificateStoreData *storeData)
+    : ClientCertStore()
+    , m_storeData(storeData)
+    , m_nativeStore(createNativeStore())
+{
+}
+
+ClientCertOverrideStore::~ClientCertOverrideStore() = default;
+
+#if QT_CONFIG(ssl)
+net::ClientCertIdentityList ClientCertOverrideStore::GetClientCertsOnUIThread(const net::SSLCertRequestInfo &cert_request_info)
+{
+    DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+    const auto &clientCertOverrideData = m_storeData->extraCerts;
+    // Look for certificates in memory store
+    for (int i = 0; i < clientCertOverrideData.length(); i++) {
+        scoped_refptr<net::X509Certificate> cert = clientCertOverrideData[i]->certPtr;
+        if (cert != NULL && cert->IsIssuedByEncoded(cert_request_info.cert_authorities)) {
+            net::ClientCertIdentityList selected_identities;
+            selected_identities.push_back(std::make_unique<ClientCertIdentityOverride>(cert, clientCertOverrideData[i]->keyPtr));
+            return selected_identities;
+        }
+    }
+    return net::ClientCertIdentityList();
+}
+
+void ClientCertOverrideStore::GetClientCertsReturn(const net::SSLCertRequestInfo &cert_request_info,
+                                                   const ClientCertListCallback &callback,
+                                                   net::ClientCertIdentityList &&result)
+{
+    // Continue with native cert store if matching certificatse were not found in memory
+    if (result.empty() && m_nativeStore)
+        m_nativeStore->GetClientCerts(cert_request_info, callback);
+    else
+        callback.Run(std::move(result));
+}
+
+#endif // QT_CONFIG(ssl)
+
+void ClientCertOverrideStore::GetClientCerts(const net::SSLCertRequestInfo &cert_request_info,
+                                             const ClientCertListCallback &callback)
+{
+#if QT_CONFIG(ssl)
+    // Access the user-provided data from the UI thread, but return on whatever thread this is.
+    if (base::PostTaskWithTraitsAndReplyWithResult(
+            FROM_HERE, { content::BrowserThread::UI },
+            base::BindOnce(&ClientCertOverrideStore::GetClientCertsOnUIThread,
+                           base::Unretained(this), base::ConstRef(cert_request_info)),
+            base::BindOnce(&ClientCertOverrideStore::GetClientCertsReturn,
+                           base::Unretained(this), base::ConstRef(cert_request_info), callback))
+       ) {
+        return;
+    }
+#endif // QT_CONFIG(ssl)
+
+    // Continue with native cert store if we failed to post task
+    if (m_nativeStore)
+        m_nativeStore->GetClientCerts(cert_request_info, callback);
+    else
+        callback.Run(net::ClientCertIdentityList());
+}
+
+// static
+std::unique_ptr<net::ClientCertStore> ClientCertOverrideStore::createNativeStore()
+{
+#if defined(USE_NSS_CERTS)
+    return std::unique_ptr<net::ClientCertStore>(new net::ClientCertStoreNSS(net::ClientCertStoreNSS::PasswordDelegateFactory()));
+#elif defined(OS_WIN)
+    return std::unique_ptr<net::ClientCertStore>(new net::ClientCertStoreWin());
+#elif defined(OS_MACOSX)
+    return std::unique_ptr<net::ClientCertStore>(new net::ClientCertStoreMac());
+#else
+    return nullptr;
+#endif
+}
+} // namespace QtWebEngineCore