electron/patches/chromium/network_service_allow_remote_certificate_verification_logic.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jeremy Apthorp <[email protected]>
Date: Wed, 8 May 2019 17:25:55 -0700
Subject: network_service_allow_remote_certificate_verification_logic.patch

This adds a callback from the network service that's used to implement
session.setCertificateVerifyCallback.

diff --git a/services/network/network_context.cc b/services/network/network_context.cc
index 7e0ee54f435893560515cb8380a5396dc1292d50..f997ff511bb9467a53a2c42b700eb58b5d7d3091 100644
--- a/services/network/network_context.cc
+++ b/services/network/network_context.cc
@@ -158,6 +158,11 @@
 #include "services/network/web_transport.h"
 #include "url/gurl.h"
 
+// Electron
+#include "net/cert/caching_cert_verifier.h"
+#include "net/cert/cert_verify_proc.h"
+#include "net/cert/multi_threaded_cert_verifier.h"
+
 #if BUILDFLAG(IS_CT_SUPPORTED)
 // gn check does not account for BUILDFLAG(). So, for iOS builds, it will
 // complain about a missing dependency on the target exposing this header. Add a
@@ -599,6 +604,99 @@ void RecordHSTSPreconnectUpgradeReason(HSTSRedirectUpgradeReason reason) {
 
 }  // namespace
 
+class RemoteCertVerifier : public net::CertVerifier {
+ public:
+  class Request : public net::CertVerifier::Request {
+   public:
+    Request() {}
+    ~Request() override = default;
+    void OnRemoteResponse(
+        const RequestParams& params,
+        net::CertVerifyResult* verify_result,
+        int error_from_upstream,
+        net::CompletionOnceCallback callback,
+        int error_from_client,
+        const net::CertVerifyResult& verify_result_from_client) {
+      if (error_from_client == net::ERR_ABORTED) {
+        // use the default
+        std::move(callback).Run(error_from_upstream);
+      } else {
+        // use the override
+        verify_result->Reset();
+        verify_result->verified_cert = verify_result_from_client.verified_cert;
+        std::move(callback).Run(error_from_client);
+      }
+    }
+    base::WeakPtr<Request> GetWeakPtr() { return weak_factory_.GetWeakPtr(); }
+   private:
+    base::WeakPtrFactory<Request> weak_factory_{this};
+  };
+
+  RemoteCertVerifier(std::unique_ptr<net::CertVerifier> upstream): upstream_(std::move(upstream)) {
+  }
+  ~RemoteCertVerifier() override = default;
+
+  void Bind(
+      mojo::PendingRemote<mojom::CertVerifierClient> client_info) {
+    client_.reset();
+    if (client_info.is_valid()) {
+      client_.Bind(std::move(client_info));
+    }
+  }
+
+  // CertVerifier implementation
+  int Verify(const RequestParams& params,
+             net::CertVerifyResult* verify_result,
+             net::CompletionOnceCallback callback,
+             std::unique_ptr<CertVerifier::Request>* out_req,
+             const net::NetLogWithSource& net_log) override {
+    out_req->reset();
+
+    net::CompletionOnceCallback callback2 = base::BindOnce(
+        &RemoteCertVerifier::OnRequestFinished, base::Unretained(this),
+        params, std::move(callback), verify_result, out_req);
+    return upstream_->Verify(params, verify_result, std::move(callback2), out_req, net_log);
+  }
+
+
+  void SetConfig(const Config& config) override {
+    upstream_->SetConfig(config);
+  }
+
+  void AddObserver(CertVerifier::Observer* observer) override {
+    upstream_->AddObserver(observer);
+  }
+
+  void RemoveObserver(CertVerifier::Observer* observer) override {
+    upstream_->RemoveObserver(observer);
+  }
+
+  void OnRequestFinished(const RequestParams& params,
+                         net::CompletionOnceCallback callback,
+                         net::CertVerifyResult* verify_result,
+                         std::unique_ptr<CertVerifier::Request>* out_req,
+                         int error) {
+    if (client_.is_bound()) {
+      // We take a weak pointer to the request because deletion of the request
+      // is what signals cancellation. Thus if the request is cancelled, the
+      // callback won't be called, thus avoiding UAF, because |verify_result|
+      // is freed when the request is cancelled.
+      *out_req = std::make_unique<Request>();
+      base::WeakPtr<Request> weak_req = static_cast<Request*>(out_req->get())->GetWeakPtr();
+      client_->Verify(error, *verify_result, params.certificate(),
+          params.hostname(), params.flags(), params.ocsp_response(),
+          base::BindOnce(&Request::OnRemoteResponse,
+            weak_req, params, verify_result, error, std::move(callback)));
+    } else {
+      std::move(callback).Run(error);
+    }
+  }
+
+ private:
+  std::unique_ptr<net::CertVerifier> upstream_;
+  mojo::Remote<mojom::CertVerifierClient> client_;
+};
+
 constexpr uint32_t NetworkContext::kMaxOutstandingRequestsPerProcess;
 
 NetworkContext::NetworkContextHttpAuthPreferences::
@@ -988,6 +1086,13 @@ void NetworkContext::SetClient(
   client_.Bind(std::move(client));
 }
 
+void NetworkContext::SetCertVerifierClient(
+    mojo::PendingRemote<mojom::CertVerifierClient> client) {
+  if (remote_cert_verifier_) {
+    remote_cert_verifier_->Bind(std::move(client));
+  }
+}
+
 void NetworkContext::CreateURLLoaderFactory(
     mojo::PendingReceiver<mojom::URLLoaderFactory> receiver,
     mojom::URLLoaderFactoryParamsPtr params) {
@@ -2538,6 +2643,9 @@ URLRequestContextOwner NetworkContext::MakeURLRequestContext(
         std::move(cert_verifier));
     cert_verifier = std::move(cert_verifier_with_trust_anchors);
 #endif  // BUILDFLAG(IS_CHROMEOS)
+    auto remote_cert_verifier = std::make_unique<RemoteCertVerifier>(std::move(cert_verifier));
+    remote_cert_verifier_ = remote_cert_verifier.get();
+    cert_verifier = std::make_unique<net::CachingCertVerifier>(std::move(remote_cert_verifier));
   }
 
   builder.SetCertVerifier(IgnoreErrorsCertVerifier::MaybeWrapCertVerifier(
diff --git a/services/network/network_context.h b/services/network/network_context.h
index d9c63e9ff7f3afb320b1d88f69cc1105f0a59bad..884a1da963ac6e05dd47ec6b0dcd595f2a7e44c0 100644
--- a/services/network/network_context.h
+++ b/services/network/network_context.h
@@ -114,6 +114,7 @@ class URLMatcher;
 }
 
 namespace network {
+class RemoteCertVerifier;
 class CookieManager;
 class HostResolver;
 class MdnsResponderManager;
@@ -245,6 +246,8 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) NetworkContext
   void CreateURLLoaderFactory(
       mojo::PendingReceiver<mojom::URLLoaderFactory> receiver,
       mojom::URLLoaderFactoryParamsPtr params) override;
+  void SetCertVerifierClient(
+      mojo::PendingRemote<mojom::CertVerifierClient> client) override;
   void ResetURLLoaderFactories() override;
   void GetViaObliviousHttp(
       mojom::ObliviousHttpRequestPtr request,
@@ -930,6 +933,8 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) NetworkContext
   std::vector<base::OnceClosure> dismount_closures_;
 #endif  // BUILDFLAG(IS_DIRECTORY_TRANSFER_REQUIRED)
 
+  raw_ptr<RemoteCertVerifier> remote_cert_verifier_ = nullptr;
+
   // Created on-demand. Null if unused.
   std::unique_ptr<HostResolver> internal_host_resolver_;
   std::set<std::unique_ptr<HostResolver>, base::UniquePtrComparator>
diff --git a/services/network/public/mojom/network_context.mojom b/services/network/public/mojom/network_context.mojom
index 7a77b8dcf945d4b2d25ea51a6aebcf1663324139..f4c35e58af2eb5e009772de967000546fff9d290 100644
--- a/services/network/public/mojom/network_context.mojom
+++ b/services/network/public/mojom/network_context.mojom
@@ -299,6 +299,16 @@ struct SocketBrokerRemotes {
   pending_remote<SocketBroker> server;
 };
 
+interface CertVerifierClient {
+  Verify(
+    int32 default_error,
+    CertVerifyResult default_result,
+    X509Certificate certificate,
+    string hostname,
+    int32 flags,
+    string? ocsp_response
+  ) => (int32 error_code, CertVerifyResult result);
+};
 
 // Parameters for constructing a network context.
 struct NetworkContextParams {
@@ -911,6 +921,9 @@ interface NetworkContext {
   // Sets a client for this network context.
   SetClient(pending_remote<NetworkContextClient> client);
 
+  // Sets a certificate verifier client for this network context.
+  SetCertVerifierClient(pending_remote<CertVerifierClient>? client);
+
   // Creates a new URLLoaderFactory with the given |params|.
   CreateURLLoaderFactory(pending_receiver<URLLoaderFactory> url_loader_factory,
                          URLLoaderFactoryParams params);
diff --git a/services/network/test/test_network_context.h b/services/network/test/test_network_context.h
index 5d01189f263ae9d8f86304a74efb73bfacbf846d..407beb272038b19e6165495f247404b9654ecc2d 100644
--- a/services/network/test/test_network_context.h
+++ b/services/network/test/test_network_context.h
@@ -63,6 +63,8 @@ class TestNetworkContext : public mojom::NetworkContext {
   void CreateURLLoaderFactory(
       mojo::PendingReceiver<mojom::URLLoaderFactory> receiver,
       mojom::URLLoaderFactoryParamsPtr params) override {}
+  void SetCertVerifierClient(
+      mojo::PendingRemote<mojom::CertVerifierClient> client) override {}
   void GetCookieManager(
       mojo::PendingReceiver<mojom::CookieManager> cookie_manager) override {}
   void GetRestrictedCookieManager(