Merge pull request #1859 from deepak1556/client_certificate_patch

browser: support client certificate

atom/browser/atom_browser_client.cc

@@ -19,11 +19,14 @@
 #include "chrome/browser/renderer_host/pepper/chrome_browser_pepper_host_factory.h"
 #include "chrome/browser/speech/tts_message_filter.h"
 #include "content/public/browser/browser_ppapi_host.h"
+#include "content/public/browser/client_certificate_delegate.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/site_instance.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/web_preferences.h"
+#include "net/cert/x509_certificate.h"
+#include "net/ssl/ssl_cert_request_info.h"
 #include "ppapi/host/ppapi_host.h"
 #include "ui/base/l10n/l10n_util.h"
 
@@ -67,6 +70,23 @@ ProcessOwner GetProcessOwner(int process_id,
   return OWNER_NONE;
 }
 
+scoped_refptr<net::X509Certificate> ImportCertFromFile(
+    const base::FilePath& path) {
+  std::string cert_data;
+  if (!base::ReadFileToString(path, &cert_data))
+    return nullptr;
+
+  net::CertificateList certs =
+      net::X509Certificate::CreateCertificateListFromBytes(
+          cert_data.data(), cert_data.size(),
+          net::X509Certificate::FORMAT_AUTO);
+
+  if (certs.empty())
+    return nullptr;
+
+  return certs[0];
+}
+
 }  // namespace
 
 // static
@@ -189,6 +209,29 @@ content::QuotaPermissionContext*
   return new AtomQuotaPermissionContext;
 }
 
+void AtomBrowserClient::SelectClientCertificate(
+    content::WebContents* web_contents,
+    net::SSLCertRequestInfo* cert_request_info,
+    scoped_ptr<content::ClientCertificateDelegate> delegate) {
+  auto command_line = base::CommandLine::ForCurrentProcess();
+  auto cert_path = command_line->GetSwitchValueNative(
+      switches::kClientCertificate);
+
+  // TODO(zcbenz): allow users to select certificate from
+  // client_cert list. Right now defaults to first certificate
+  // in the list.
+  scoped_refptr<net::X509Certificate> certificate;
+  if (cert_path.empty()) {
+    if (!cert_request_info->client_certs.empty())
+      certificate = cert_request_info->client_certs[0];
+  } else {
+    certificate = ImportCertFromFile(base::FilePath(cert_path));
+  }
+
+  if (certificate.get())
+    delegate->ContinueWithCertificate(certificate.get());
+}
+
 brightray::BrowserMainParts* AtomBrowserClient::OverrideCreateBrowserMainParts(
     const content::MainFunctionParams&) {
   v8::V8::Initialize();  // Init V8 before creating main parts.

atom/browser/atom_browser_client.h

@@ -11,6 +11,11 @@
 
 namespace content {
 class QuotaPermissionContext;
+class ClientCertificateDelegate;
+}
+
+namespace net {
+class SSLCertRequestInfo;
 }
 
 namespace atom {
@@ -41,6 +46,10 @@ class AtomBrowserClient : public brightray::BrowserClient {
                                       int child_process_id) override;
   void DidCreatePpapiPlugin(content::BrowserPpapiHost* browser_host) override;
   content::QuotaPermissionContext* CreateQuotaPermissionContext() override;
+  void SelectClientCertificate(
+      content::WebContents* web_contents,
+      net::SSLCertRequestInfo* cert_request_info,
+      scoped_ptr<content::ClientCertificateDelegate> delegate) override;
 
  private:
   brightray::BrowserMainParts* OverrideCreateBrowserMainParts(

atom/common/options_switches.cc

@@ -87,6 +87,9 @@ const char kDisableAutoHideCursor[] = "disable-auto-hide-cursor";
 // Use the OS X's standard window instead of the textured window.
 const char kStandardWindow[] = "standard-window";
 
+// Path to client certificate.
+const char kClientCertificate[] = "client-certificate";
+
 // Web runtime features.
 const char kExperimentalFeatures[]       = "experimental-features";
 const char kExperimentalCanvasFeatures[] = "experimental-canvas-features";

atom/common/options_switches.h

@@ -45,6 +45,7 @@ extern const char kTransparent[];
 extern const char kType[];
 extern const char kDisableAutoHideCursor[];
 extern const char kStandardWindow[];
+extern const char kClientCertificate[];
 
 extern const char kExperimentalFeatures[];
 extern const char kExperimentalCanvasFeatures[];

docs/api/chrome-command-line-switches.md

@@ -15,6 +15,10 @@ app.on('ready', function() {
 });
 ```
 
+## --client-certificate
+
+Path to client certificate file.
+
 ## --disable-http-cache
 
 Disables the disk cache for HTTP requests.