Add callback for custom certificate selection (issue #1824)

include/capi/cef_request_handler_capi.h

@@ -47,6 +47,7 @@
 #include "include/capi/cef_response_capi.h"
 #include "include/capi/cef_response_filter_capi.h"
 #include "include/capi/cef_ssl_info_capi.h"
+#include "include/capi/cef_x509_certificate_capi.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -75,6 +76,25 @@ typedef struct _cef_request_callback_t {
 } cef_request_callback_t;
 
 
+///
+// Callback structure used to select a client certificate for authentication.
+///
+typedef struct _cef_select_client_certificate_callback_t {
+  ///
+  // Base structure.
+  ///
+  cef_base_t base;
+
+  ///
+  // Chooses the specified certificate for client certificate authentication.
+  // NULL value means that no client certificate should be used.
+  ///
+  void (CEF_CALLBACK *select)(
+      struct _cef_select_client_certificate_callback_t* self,
+      struct _cef_x509certificate_t* cert);
+} cef_select_client_certificate_callback_t;
+
+
 ///
 // Implement this structure to handle events related to browser requests. The
 // functions of this structure will be called on the thread indicated.
@@ -241,6 +261,26 @@ typedef struct _cef_request_handler_t {
       const cef_string_t* request_url, struct _cef_sslinfo_t* ssl_info,
       struct _cef_request_callback_t* callback);
 
+  ///
+  // Called on the UI thread when a client certificate is being requested for
+  // authentication. Return false (0) to use the default behavior and
+  // automatically select the first certificate available. Return true (1) and
+  // call cef_select_client_certificate_callback_t::Select either in this
+  // function or at a later time to select a certificate. Do not call Select or
+  // call it with NULL to continue without using any certificate. |isProxy|
+  // indicates whether the host is an HTTPS proxy or the origin server. |host|
+  // and |port| contains the hostname and port of the SSL server. |certificates|
+  // is the list of certificates to choose from; this list has already been
+  // pruned by Chromium so that it only contains certificates from issuers that
+  // the server trusts.
+  ///
+  int (CEF_CALLBACK *on_select_client_certificate)(
+      struct _cef_request_handler_t* self, struct _cef_browser_t* browser,
+      int isProxy, const cef_string_t* host, int port,
+      size_t certificatesCount,
+      struct _cef_x509certificate_t* const* certificates,
+      struct _cef_select_client_certificate_callback_t* callback);
+
   ///
   // Called on the browser process UI thread when a plugin has crashed.
   // |plugin_path| is the path of the plugin that crashed.

include/cef_request_handler.h

@@ -47,7 +47,7 @@
 #include "include/cef_response_filter.h"
 #include "include/cef_request.h"
 #include "include/cef_ssl_info.h"
-
+#include "include/cef_x509_certificate.h"
 
 ///
 // Callback interface used for asynchronous continuation of url requests.
@@ -70,6 +70,21 @@ class CefRequestCallback : public virtual CefBase {
 };
 
 
+///
+// Callback interface used to select a client certificate for authentication.
+///
+/*--cef(source=library)--*/
+class CefSelectClientCertificateCallback : public virtual CefBase {
+ public:
+  ///
+  // Chooses the specified certificate for client certificate authentication.
+  // NULL value means that no client certificate should be used.
+  ///
+  /*--cef(optional_param=cert)--*/
+  virtual void Select(CefRefPtr<CefX509Certificate> cert) =0;
+};
+
+
 ///
 // Implement this interface to handle events related to browser requests. The
 // methods of this class will be called on the thread indicated.
@@ -282,6 +297,29 @@ class CefRequestHandler : public virtual CefBase {
     return false;
   }
 
+  ///
+  // Called on the UI thread when a client certificate is being requested for
+  // authentication. Return false to use the default behavior and automatically
+  // select the first certificate available. Return true and call
+  // CefSelectClientCertificateCallback::Select either in this method or at a
+  // later time to select a certificate. Do not call Select or call it with NULL
+  // to continue without using any certificate. |isProxy| indicates whether the
+  // host is an HTTPS proxy or the origin server. |host| and |port| contains the
+  // hostname and port of the SSL server. |certificates| is the list of
+  // certificates to choose from; this list has already been pruned by Chromium
+  // so that it only contains certificates from issuers that the server trusts.
+  ///
+  /*--cef()--*/
+  virtual bool OnSelectClientCertificate(
+      CefRefPtr<CefBrowser> browser,
+      bool isProxy,
+      const CefString& host,
+      int port,
+      const CefX509CertificateList& certificates,
+      CefRefPtr<CefSelectClientCertificateCallback> callback) {
+    return false;
+  }
+
   ///
   // Called on the browser process UI thread when a plugin has crashed.
   // |plugin_path| is the path of the plugin that crashed.

include/cef_x509_certificate.h

@@ -185,4 +185,6 @@ class CefX509Certificate : public virtual CefBase {
   virtual void GetPEMEncodedIssuerChain(IssuerChainBinaryList& chain) =0;
 };
 
+typedef std::vector<CefRefPtr<CefX509Certificate> > CefX509CertificateList;
+
 #endif  // CEF_INCLUDE_CEF_X509_CERTIFICATE_H_