NSS: PKCS 11 password prompt.

chrome/browser/gtk/ssl_client_certificate_selector.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl_client_certificate_selector.h"
 
 #include <gtk/gtk.h>
 
 #include <string>
 #include <vector>
 
 #include "app/gtk_signal.h"
 #include "app/l10n_util.h"
 #include "base/i18n/time_formatting.h"
 #include "base/logging.h"
 #include "base/nss_util.h"
 #include "base/utf_string_conversions.h"
 #include "chrome/browser/certificate_viewer.h"
 #include "chrome/browser/gtk/constrained_window_gtk.h"
 #include "chrome/browser/gtk/gtk_util.h"
 #include "chrome/browser/gtk/owned_widget_gtk.h"
 #include "chrome/browser/ssl/ssl_client_auth_handler.h"
 #include "chrome/browser/tab_contents/tab_contents.h"
+#include "chrome/browser/ui/pk11_password_dialog.h"
 #include "chrome/common/net/x509_certificate_model.h"
 #include "gfx/native_widget_types.h"
 #include "grit/generated_resources.h"
 #include "net/base/x509_certificate.h"
 
 namespace {
 
 enum {
   RESPONSE_SHOW_CERT_INFO = 1,
 };
@@ skipping 19 matching lines @@
   void PopulateCerts();
 
   net::X509Certificate* GetSelectedCert();
 
   static std::string FormatComboBoxText(
       net::X509Certificate::OSCertHandle cert,
       const std::string& nickname);
   static std::string FormatDetailsText(
       net::X509Certificate::OSCertHandle cert);
 
+  // Callback after unlocking certificate slot.
+  void Unlocked();
+
   CHROMEGTK_CALLBACK_0(SSLClientCertificateSelector, void, OnComboBoxChanged);
   CHROMEGTK_CALLBACK_0(SSLClientCertificateSelector, void, OnViewClicked);
   CHROMEGTK_CALLBACK_0(SSLClientCertificateSelector, void, OnCancelClicked);
   CHROMEGTK_CALLBACK_0(SSLClientCertificateSelector, void, OnOkClicked);
   CHROMEGTK_CALLBACK_1(SSLClientCertificateSelector, void, OnPromptShown,
                        GtkWidget*);
 
   scoped_refptr<net::SSLCertRequestInfo> cert_request_info_;
 
   std::vector<std::string> details_strings_;
@@ skipping 166 matching lines @@
   return rv;
 }
 
 // static
 std::string SSLClientCertificateSelector::FormatDetailsText(
     net::X509Certificate::OSCertHandle cert) {
   std::string rv;
 
   rv += l10n_util::GetStringFUTF8(
       IDS_CERT_SUBJECTNAME_FORMAT,
-      UTF8ToUTF16(x509_certificate_model::GetSubjectName(cert)));;
+      UTF8ToUTF16(x509_certificate_model::GetSubjectName(cert)));
 
   rv += "\n  ";
   rv += l10n_util::GetStringFUTF8(
       IDS_CERT_SERIAL_NUMBER_FORMAT,
       UTF8ToUTF16(
           x509_certificate_model::GetSerialNumberHexified(cert, "")));
 
   base::Time issued, expires;
   if (x509_certificate_model::GetTimes(cert, &issued, &expires)) {
     string16 issued_str = WideToUTF16(
@@ skipping 36 matching lines @@
 
   string16 token(UTF8ToUTF16(x509_certificate_model::GetTokenName(cert)));
   if (!token.empty()) {
     rv += '\n';
     rv += l10n_util::GetStringFUTF8(IDS_CERT_TOKEN_FORMAT, token);
   }
 
   return rv;
 }
 
+void SSLClientCertificateSelector::Unlocked() {
+  net::X509Certificate* cert = GetSelectedCert();

[wtc, 2010/12/15 20:54:36]

Can |cert| be passed to this method as a parameter, so
that this method doesn't need to call GetSelectedCert()
again?

[mattm, 2011/01/12 01:22:07]

Could be done, but UnlockSlotIfNecessary and UnlockCertSlotIfNecessary both take
the same callback type, so it'd need to be templated or just use void*.  I'll
just add a TODO about it for now.

+  delegate_->CertificateSelected(cert);
+  delegate_ = NULL;
+  DCHECK(window_);
+  window_->CloseConstrainedWindow();
+}
+
 void SSLClientCertificateSelector::OnComboBoxChanged(GtkWidget* combo_box) {
   int selected = gtk_combo_box_get_active(
       GTK_COMBO_BOX(cert_combo_box_));
   if (selected < 0)
     return;
   gtk_text_buffer_set_text(cert_details_buffer_,
                            details_strings_[selected].c_str(),
                            details_strings_[selected].size());
 }
 
 void SSLClientCertificateSelector::OnViewClicked(GtkWidget* button) {
   net::X509Certificate* cert = GetSelectedCert();
   if (cert) {
     GtkWidget* toplevel = gtk_widget_get_toplevel(root_widget_.get());
     ShowCertificateViewer(GTK_WINDOW(toplevel), cert);
   }
 }
 
 void SSLClientCertificateSelector::OnCancelClicked(GtkWidget* button) {
   delegate_->CertificateSelected(NULL);
   delegate_ = NULL;
   DCHECK(window_);
   window_->CloseConstrainedWindow();
 }
 
 void SSLClientCertificateSelector::OnOkClicked(GtkWidget* button) {
   net::X509Certificate* cert = GetSelectedCert();
-  delegate_->CertificateSelected(cert);
-  delegate_ = NULL;
-  DCHECK(window_);
-  window_->CloseConstrainedWindow();
+
+  browser::UnlockCertSlotIfNecessary(
+      cert,
+      browser::kPK11PasswordClientAuth,
+      cert_request_info_->host_and_port,  // TODO(mattm): strip port part?

[wtc, 2010/12/15 20:54:36]

The port part is important.

[mattm, 2011/01/12 01:22:07]

Done.

+      NewCallback(this, &SSLClientCertificateSelector::Unlocked));
 }
 
 void SSLClientCertificateSelector::OnPromptShown(GtkWidget* widget,
                                                  GtkWidget* previous_toplevel) {
   if (!root_widget_.get() ||
       !GTK_WIDGET_TOPLEVEL(gtk_widget_get_toplevel(root_widget_.get())))
     return;
   GTK_WIDGET_SET_FLAGS(select_button_, GTK_CAN_DEFAULT);
   gtk_widget_grab_default(select_button_);
   gtk_widget_grab_focus(select_button_);
 }
 
 }  // namespace
 
 ///////////////////////////////////////////////////////////////////////////////
 // SSLClientAuthHandler platform specific implementation:
 
 namespace browser {
 
 void ShowSSLClientCertificateSelector(
     TabContents* parent,
     net::SSLCertRequestInfo* cert_request_info,
     SSLClientAuthHandler* delegate) {
   (new SSLClientCertificateSelector(parent,
                                     cert_request_info,
                                     delegate))->Show();
 }
 
 }  // namespace browser