1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
// Copyright (C) 2018 The Qt Company Ltd.
// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
#include "client_cert_override.h"
#include "base/bind.h"
#include "base/task/post_task.h"
#include "base/callback_forward.h"
#include "content/public/browser/browser_task_traits.h"
#include "net/ssl/client_cert_store.h"
#include "net/ssl/ssl_cert_request_info.h"
#include "net/ssl/ssl_private_key.h"
#include "net/cert/x509_certificate.h"
#include "third_party/boringssl/src/include/openssl/pem.h"
#include "third_party/boringssl/src/include/openssl/err.h"
#include "third_party/boringssl/src/include/openssl/evp.h"
#include "client_cert_store_data.h"
#include "profile_io_data_qt.h"
#include <QtNetwork/qtnetworkglobal.h>
#if defined(USE_NSS_CERTS)
#include "net/ssl/client_cert_store_nss.h"
#endif
#if defined(OS_WIN)
#include "net/ssl/client_cert_store_win.h"
#endif
#if defined(OS_MAC)
#include "net/ssl/client_cert_store_mac.h"
#endif
namespace {
class ClientCertIdentityOverride : public net::ClientCertIdentity
{
public:
ClientCertIdentityOverride(scoped_refptr<net::X509Certificate> cert, scoped_refptr<net::SSLPrivateKey> key)
: net::ClientCertIdentity(std::move(cert)), m_key(std::move(key)) {}
~ClientCertIdentityOverride() override = default;
void AcquirePrivateKey(base::OnceCallback<void(scoped_refptr<net::SSLPrivateKey>)> private_key_callback) override
{
std::move(private_key_callback).Run(m_key);
}
#if defined(OS_MAC)
SecIdentityRef sec_identity_ref() const override
{
return nullptr;
}
#endif
private:
scoped_refptr<net::SSLPrivateKey> m_key;
};
} // namespace
namespace QtWebEngineCore {
ClientCertOverrideStore::ClientCertOverrideStore(ClientCertificateStoreData *storeData)
: ClientCertStore()
, m_storeData(storeData)
, m_nativeStore(createNativeStore())
{
}
ClientCertOverrideStore::~ClientCertOverrideStore() = default;
#if QT_CONFIG(ssl)
net::ClientCertIdentityList ClientCertOverrideStore::GetClientCertsOnUIThread(const net::SSLCertRequestInfo &cert_request_info)
{
DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
const auto &clientCertOverrideData = m_storeData->extraCerts;
// Look for certificates in memory store
for (int i = 0; i < clientCertOverrideData.length(); i++) {
scoped_refptr<net::X509Certificate> cert = clientCertOverrideData[i]->certPtr;
if (cert != NULL && cert->IsIssuedByEncoded(cert_request_info.cert_authorities)) {
net::ClientCertIdentityList selected_identities;
selected_identities.push_back(std::make_unique<ClientCertIdentityOverride>(cert, clientCertOverrideData[i]->keyPtr));
return selected_identities;
}
}
return net::ClientCertIdentityList();
}
void ClientCertOverrideStore::GetClientCertsReturn(const net::SSLCertRequestInfo &cert_request_info,
ClientCertListCallback callback,
net::ClientCertIdentityList &&result)
{
// Continue with native cert store if matching certificatse were not found in memory
if (result.empty() && m_nativeStore)
m_nativeStore->GetClientCerts(cert_request_info, std::move(callback));
else
std::move(callback).Run(std::move(result));
}
#endif // QT_CONFIG(ssl)
void ClientCertOverrideStore::GetClientCerts(const net::SSLCertRequestInfo &cert_request_info,
ClientCertListCallback callback)
{
#if QT_CONFIG(ssl)
// Access the user-provided data from the UI thread, but return on whatever thread this is.
bool ok = base::PostTaskAndReplyWithResult(
FROM_HERE, { content::BrowserThread::UI },
base::BindOnce(&ClientCertOverrideStore::GetClientCertsOnUIThread,
base::Unretained(this), std::cref(cert_request_info)),
base::BindOnce(&ClientCertOverrideStore::GetClientCertsReturn,
base::Unretained(this), std::cref(cert_request_info), std::move(callback)));
DCHECK(ok); // callback is already moved and we can't really recover here.
#else
if (m_nativeStore)
m_nativeStore->GetClientCerts(cert_request_info, std::move(callback));
else
std::move(callback).Run(net::ClientCertIdentityList());
#endif // QT_CONFIG(ssl)
}
// static
std::unique_ptr<net::ClientCertStore> ClientCertOverrideStore::createNativeStore()
{
#if defined(USE_NSS_CERTS)
return std::unique_ptr<net::ClientCertStore>(new net::ClientCertStoreNSS(net::ClientCertStoreNSS::PasswordDelegateFactory()));
#elif defined(OS_WIN)
return std::unique_ptr<net::ClientCertStore>(new net::ClientCertStoreWin());
#elif defined(OS_MAC)
return std::unique_ptr<net::ClientCertStore>(new net::ClientCertStoreMac());
#else
return nullptr;
#endif
}
} // namespace QtWebEngineCore
|