From ca2501dcea59efa01a03939dc40584f41fd366ec Mon Sep 17 00:00:00 2001
From: Romain Pokrzywka <romain.pokrzywka@bluescape.com>
Date: Fri, 10 Feb 2017 17:59:24 -0800
Subject: [PATCH] [PATCH] QtWebEngine: enable support for client certificates

Upstream patch pending
---
 qtwebengine/src/core/content_browser_client_qt.cpp         | 12 +++++++++
 qtwebengine/src/core/content_browser_client_qt.h           |  1 +
 qtwebengine/src/core/resource_context_qt.cpp    | 30 ++++++++++++++++++++++
 qtwebengine/src/core/resource_context_qt.h      |  3 +++
 4 files changed, 46 insertions(+)

diff --git a/qtwebengine/src/core/content_browser_client_qt.cpp b/qtwebengine/src/core/content_browser_client_qt.cpp
index b0d1f41..79b7a8a 100644
--- a/qtwebengine/src/core/content_browser_client_qt.cpp
+++ b/qtwebengine/src/core/content_browser_client_qt.cpp
@@ -41,6 +41,7 @@
 #include "content/browser/renderer_host/render_view_host_delegate.h"
 #include "content/public/browser/browser_main_parts.h"
 #include "content/public/browser/child_process_security_policy.h"
+#include "content/public/browser/client_certificate_delegate.h"
 #include "content/public/browser/media_observer.h"
 #include "content/public/browser/quota_permission_context.h"
 #include "content/public/browser/render_frame_host.h"
@@ -51,6 +52,7 @@
 #include "content/public/common/content_switches.h"
 #include "content/public/common/main_function_params.h"
 #include "content/public/common/url_constants.h"
+#include "net/ssl/ssl_cert_request_info.h"
 #include "ui/base/ui_base_switches.h"
 #include "ui/gfx/screen.h"
 #include "ui/gl/gl_context.h"
@@ -415,6 +417,16 @@ void ContentBrowserClientQt::AllowCertificateError(int render_process_id, int re
         *result = content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY;
 }
 
+void ContentBrowserClientQt::SelectClientCertificate(content::WebContents* web_contents, net::SSLCertRequestInfo* cert_request_info, scoped_ptr<content::ClientCertificateDelegate> delegate)
+{
+    for (const scoped_refptr<net::X509Certificate>& cert : cert_request_info->client_certs) {
+        if (true /*certificateMatchesFilter(cert.get())*/) {
+            delegate->ContinueWithCertificate(cert.get());
+            break;
+        }
+    }
+}
+
 content::LocationProvider *ContentBrowserClientQt::OverrideSystemLocationProvider()
 {
 #ifdef QT_USE_POSITIONING
diff --git a/qtwebengine/src/core/content_browser_client_qt.h b/qtwebengine/src/core/content_browser_client_qt.h
index eea7d2a..28da846 100644
--- a/qtwebengine/src/core/content_browser_client_qt.h
+++ b/qtwebengine/src/core/content_browser_client_qt.h
@@ -101,6 +101,7 @@ public:
         bool expired_previous_decision,
         const base::Callback<void(bool)>& callback,
         content::CertificateRequestResultType* result) Q_DECL_OVERRIDE;
+    virtual void SelectClientCertificate(content::WebContents* web_contents, net::SSLCertRequestInfo* cert_request_info, scoped_ptr<content::ClientCertificateDelegate> delegate) Q_DECL_OVERRIDE;
     content::LocationProvider* OverrideSystemLocationProvider() Q_DECL_OVERRIDE;
     content::DevToolsManagerDelegate *GetDevToolsManagerDelegate() Q_DECL_OVERRIDE;
     virtual net::URLRequestContextGetter *CreateRequestContext(content::BrowserContext *browser_context, content::ProtocolHandlerMap *protocol_handlers, content::URLRequestInterceptorScopedVector request_interceptorss) Q_DECL_OVERRIDE;
diff --git a/qtwebengine/src/core/resource_context_qt.cpp b/qtwebengine/src/core/resource_context_qt.cpp
index 715d92a..6305ee2 100644
--- a/qtwebengine/src/core/resource_context_qt.cpp
+++ b/qtwebengine/src/core/resource_context_qt.cpp
@@ -38,6 +38,18 @@
 
 #include "net/url_request/url_request_context_getter.h"
 
+#if defined(USE_NSS_CERTS)
+#include "net/ssl/client_cert_store_nss.h"
+#endif
+
+#if defined(OS_WIN)
+#include "net/ssl/client_cert_store_win.h"
+#endif
+
+#if defined(OS_MACOSX)
+#include "net/ssl/client_cert_store_mac.h"
+#endif
+
 #include "browser_context_qt.h"
 
 namespace QtWebEngineCore {
@@ -53,4 +65,22 @@ net::URLRequestContext* ResourceContextQt::GetRequestContext()
     return context->GetRequestContext()->GetURLRequestContext();
 }
 
+scoped_ptr<net::ClientCertStore> ResourceContextQt::CreateClientCertStore()
+{
+#if defined(USE_NSS_CERTS)
+    return make_scoped_ptr(new net::ClientCertStoreNSS(net::ClientCertStoreNSS::PasswordDelegateFactory()));
+#elif defined(OS_WIN)
+    return make_scoped_ptr(new net::ClientCertStoreWin());
+#elif defined(OS_MACOSX)
+    return make_scoped_ptr(new net::ClientCertStoreMac());
+#elif defined(OS_ANDROID)
+  // Android does not use the ClientCertStore infrastructure. On Android client
+  // cert matching is done by the OS as part of the call to show the cert
+  // selection dialog.
+    return scoped_ptr<net::ClientCertStore>();
+#else
+    return scoped_ptr<net::ClientCertStore>();
+#endif
+}
+
 } // namespace QtWebEngineCore
diff --git a/qtwebengine/src/core/resource_context_qt.h b/qtwebengine/src/core/resource_context_qt.h
index 22bceb8..3f0231d 100644
--- a/qtwebengine/src/core/resource_context_qt.h
+++ b/qtwebengine/src/core/resource_context_qt.h
@@ -60,6 +60,9 @@ public:
     virtual net::HostResolver* GetHostResolver() Q_DECL_OVERRIDE;
 
     virtual net::URLRequestContext* GetRequestContext() Q_DECL_OVERRIDE;
+
+    virtual scoped_ptr<net::ClientCertStore> CreateClientCertStore() Q_DECL_OVERRIDE;
+
 private:
     BrowserContextQt *context;
 
-- 
2.10.1 (Apple Git-78)