1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
// Copyright 2023 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_ASH_BRUSCHETTA_BRUSCHETTA_NETWORK_CONTEXT_H_
#define CHROME_BROWSER_ASH_BRUSCHETTA_BRUSCHETTA_NETWORK_CONTEXT_H_
#include <optional>
#include "base/memory/raw_ptr.h"
#include "base/memory/scoped_refptr.h"
#include "base/unguessable_token.h"
#include "chrome/browser/net/proxy_config_monitor.h"
#include "chrome/browser/profiles/profile.h"
#include "mojo/public/cpp/bindings/pending_receiver.h"
#include "mojo/public/cpp/bindings/pending_remote.h"
#include "mojo/public/cpp/bindings/receiver_set.h"
#include "mojo/public/cpp/bindings/remote.h"
#include "net/base/auth.h"
#include "net/cert/x509_certificate.h"
#include "net/http/http_response_headers.h"
#include "net/ssl/client_cert_identity.h"
#include "net/ssl/client_cert_store.h"
#include "net/ssl/ssl_cert_request_info.h"
#include "net/ssl/ssl_private_key.h"
#include "services/network/public/mojom/network_context.mojom.h"
#include "services/network/public/mojom/url_loader_factory.mojom.h"
#include "services/network/public/mojom/url_loader_network_service_observer.mojom.h"
#include "url/gurl.h"
class PrefService;
namespace bruschetta {
// Provides an isolated NetworkContext which uses the client certificate store
// from the Profile passed to the constructor, but only if client certificates
// are auto-selected by Profile's enterprise policy.
class BruschettaNetworkContext
: public network::mojom::URLLoaderNetworkServiceObserver {
public:
// Class should not outlive the passed-in profile.
BruschettaNetworkContext(Profile* profile, PrefService& local_state);
BruschettaNetworkContext(const BruschettaNetworkContext&) = delete;
BruschettaNetworkContext& operator=(const BruschettaNetworkContext&) = delete;
~BruschettaNetworkContext() override;
network::mojom::URLLoaderFactory* GetURLLoaderFactory();
protected:
// network::mojom::URLLoaderNetworkServiceObserver overrides.
void OnSSLCertificateError(const GURL& url,
int net_error,
const net::SSLInfo& ssl_info,
bool fatal,
OnSSLCertificateErrorCallback response) override;
void OnCertificateRequested(
const std::optional<base::UnguessableToken>& window_id,
const scoped_refptr<net::SSLCertRequestInfo>& cert_info,
mojo::PendingRemote<network::mojom::ClientCertificateResponder>
cert_responder) override;
void OnAuthRequired(
const std::optional<base::UnguessableToken>& window_id,
int32_t request_id,
const GURL& url,
bool first_auth_attempt,
const net::AuthChallengeInfo& auth_info,
const scoped_refptr<net::HttpResponseHeaders>& head_headers,
mojo::PendingRemote<network::mojom::AuthChallengeResponder>
auth_challenge_responder) override;
void OnPrivateNetworkAccessPermissionRequired(
const GURL& url,
const net::IPAddress& ip_address,
const std::optional<std::string>& private_network_device_id,
const std::optional<std::string>& private_network_device_name,
OnPrivateNetworkAccessPermissionRequiredCallback callback) override;
void OnLocalNetworkAccessPermissionRequired(
OnLocalNetworkAccessPermissionRequiredCallback callback) override;
void OnClearSiteData(
const GURL& url,
const std::string& header_value,
int32_t load_flags,
const std::optional<net::CookiePartitionKey>& cookie_partition_key,
bool partitioned_state_allowed_only,
OnClearSiteDataCallback callback) override;
void OnLoadingStateUpdate(network::mojom::LoadInfoPtr info,
OnLoadingStateUpdateCallback callback) override;
void OnDataUseUpdate(int32_t network_traffic_annotation_id_hash,
int64_t recv_bytes,
int64_t sent_bytes) override;
void OnSharedStorageHeaderReceived(
const url::Origin& request_origin,
std::vector<network::mojom::SharedStorageModifierMethodWithOptionsPtr>
methods_with_options,
const std::optional<std::string>& with_lock,
OnSharedStorageHeaderReceivedCallback callback) override;
void OnAdAuctionEventRecordHeaderReceived(
network::AdAuctionEventRecord event_record,
const std::optional<url::Origin>& top_frame_origin) override;
void Clone(
mojo::PendingReceiver<network::mojom::URLLoaderNetworkServiceObserver>
listener) override;
void OnWebSocketConnectedToPrivateNetwork(
network::mojom::IPAddressSpace ip_address_space) override;
void OnUrlLoaderConnectedToPrivateNetwork(
const GURL& request_url,
network::mojom::IPAddressSpace response_address_space,
network::mojom::IPAddressSpace client_address_space,
network::mojom::IPAddressSpace target_address_space) override;
private:
void ContinueWithCertificate(
mojo::PendingRemote<network::mojom::ClientCertificateResponder>
cert_responder_remote,
scoped_refptr<net::X509Certificate> cert,
scoped_refptr<net::SSLPrivateKey> private_key);
void EnsureNetworkContextExists();
void OnGotClientCerts(
const scoped_refptr<net::SSLCertRequestInfo>& cert_info,
mojo::PendingRemote<network::mojom::ClientCertificateResponder>
cert_responder_remote,
net::ClientCertIdentityList certs);
void CreateNetworkContext();
raw_ptr<Profile> profile_;
ProxyConfigMonitor proxy_config_monitor_;
mojo::Remote<network::mojom::NetworkContext> network_context_;
mojo::Remote<network::mojom::URLLoaderFactory> url_loader_factory_;
mojo::ReceiverSet<network::mojom::URLLoaderNetworkServiceObserver>
url_loader_observers_;
std::unique_ptr<net::ClientCertStore> cert_store_;
base::WeakPtrFactory<BruschettaNetworkContext> weak_ptr_factory_{this};
};
} // namespace bruschetta
#endif // CHROME_BROWSER_ASH_BRUSCHETTA_BRUSCHETTA_NETWORK_CONTEXT_H_
|
