Merge pull request #1859 from deepak1556/client_certificate_patch

browser: support client certificate
This commit is contained in:
Cheng Zhao 2015-06-10 19:17:41 +08:00
commit 2fdc5780ff
5 changed files with 60 additions and 0 deletions

View file

@ -19,11 +19,14 @@
#include "chrome/browser/renderer_host/pepper/chrome_browser_pepper_host_factory.h"
#include "chrome/browser/speech/tts_message_filter.h"
#include "content/public/browser/browser_ppapi_host.h"
#include "content/public/browser/client_certificate_delegate.h"
#include "content/public/browser/render_process_host.h"
#include "content/public/browser/render_view_host.h"
#include "content/public/browser/site_instance.h"
#include "content/public/browser/web_contents.h"
#include "content/public/common/web_preferences.h"
#include "net/cert/x509_certificate.h"
#include "net/ssl/ssl_cert_request_info.h"
#include "ppapi/host/ppapi_host.h"
#include "ui/base/l10n/l10n_util.h"
@ -67,6 +70,23 @@ ProcessOwner GetProcessOwner(int process_id,
return OWNER_NONE;
}
scoped_refptr<net::X509Certificate> ImportCertFromFile(
const base::FilePath& path) {
std::string cert_data;
if (!base::ReadFileToString(path, &cert_data))
return nullptr;
net::CertificateList certs =
net::X509Certificate::CreateCertificateListFromBytes(
cert_data.data(), cert_data.size(),
net::X509Certificate::FORMAT_AUTO);
if (certs.empty())
return nullptr;
return certs[0];
}
} // namespace
// static
@ -189,6 +209,29 @@ content::QuotaPermissionContext*
return new AtomQuotaPermissionContext;
}
void AtomBrowserClient::SelectClientCertificate(
content::WebContents* web_contents,
net::SSLCertRequestInfo* cert_request_info,
scoped_ptr<content::ClientCertificateDelegate> delegate) {
auto command_line = base::CommandLine::ForCurrentProcess();
auto cert_path = command_line->GetSwitchValueNative(
switches::kClientCertificate);
// TODO(zcbenz): allow users to select certificate from
// client_cert list. Right now defaults to first certificate
// in the list.
scoped_refptr<net::X509Certificate> certificate;
if (cert_path.empty()) {
if (!cert_request_info->client_certs.empty())
certificate = cert_request_info->client_certs[0];
} else {
certificate = ImportCertFromFile(base::FilePath(cert_path));
}
if (certificate.get())
delegate->ContinueWithCertificate(certificate.get());
}
brightray::BrowserMainParts* AtomBrowserClient::OverrideCreateBrowserMainParts(
const content::MainFunctionParams&) {
v8::V8::Initialize(); // Init V8 before creating main parts.

View file

@ -11,6 +11,11 @@
namespace content {
class QuotaPermissionContext;
class ClientCertificateDelegate;
}
namespace net {
class SSLCertRequestInfo;
}
namespace atom {
@ -41,6 +46,10 @@ class AtomBrowserClient : public brightray::BrowserClient {
int child_process_id) override;
void DidCreatePpapiPlugin(content::BrowserPpapiHost* browser_host) override;
content::QuotaPermissionContext* CreateQuotaPermissionContext() override;
void SelectClientCertificate(
content::WebContents* web_contents,
net::SSLCertRequestInfo* cert_request_info,
scoped_ptr<content::ClientCertificateDelegate> delegate) override;
private:
brightray::BrowserMainParts* OverrideCreateBrowserMainParts(

View file

@ -87,6 +87,9 @@ const char kDisableAutoHideCursor[] = "disable-auto-hide-cursor";
// Use the OS X's standard window instead of the textured window.
const char kStandardWindow[] = "standard-window";
// Path to client certificate.
const char kClientCertificate[] = "client-certificate";
// Web runtime features.
const char kExperimentalFeatures[] = "experimental-features";
const char kExperimentalCanvasFeatures[] = "experimental-canvas-features";

View file

@ -45,6 +45,7 @@ extern const char kTransparent[];
extern const char kType[];
extern const char kDisableAutoHideCursor[];
extern const char kStandardWindow[];
extern const char kClientCertificate[];
extern const char kExperimentalFeatures[];
extern const char kExperimentalCanvasFeatures[];

View file

@ -15,6 +15,10 @@ app.on('ready', function() {
});
```
## --client-certificate
Path to client certificate file.
## --disable-http-cache
Disables the disk cache for HTTP requests.