NSS: PKCS 11 password prompt.

chrome/browser/dom_ui/options/certificate_manager_handler.cc

Index: chrome/browser/dom_ui/options/certificate_manager_handler.cc
diff --git a/chrome/browser/dom_ui/options/certificate_manager_handler.cc b/chrome/browser/dom_ui/options/certificate_manager_handler.cc
index 4527f2abefe93a388e7e378a5b1b6d837e0a7022..c4ef60c38441ee536b91bef94381cba73b1b0b4f 100644
--- a/chrome/browser/dom_ui/options/certificate_manager_handler.cc
+++ b/chrome/browser/dom_ui/options/certificate_manager_handler.cc
@@ -17,7 +17,9 @@
 #include "chrome/browser/gtk/certificate_dialogs.h"
 #include "chrome/browser/tab_contents/tab_contents.h"
 #include "chrome/browser/tab_contents/tab_contents_view.h"
+#include "chrome/browser/ui/pk11_password_dialog.h"
 #include "grit/generated_resources.h"
+#include "net/base/pk11_slot.h"
 #include "net/base/x509_certificate.h"
 
 namespace {
@@ -527,6 +529,21 @@ void CertificateManagerHandler::ExportPersonalPasswordSelected(
     ImportExportCleanup();
     return;
   }
+
+  // Currently, we don't support exporting more than one at a time.  If we do,
+  // this would need some cleanup to handle unlocking multiple slots.
+  DCHECK_EQ(selected_cert_list_.size(), 1U);
+
+  // TODO(mattm): do something smarter about non-extractable keys
+  browser::UnlockCertSlotIfNecessary(
+      selected_cert_list_[0].get(),
+      browser::kPK11PasswordCertExport,
+      "",  // unused.
+      NewCallback(this,
+                  &CertificateManagerHandler::ExportPersonalSlotsUnlocked));
+}
+
+void CertificateManagerHandler::ExportPersonalSlotsUnlocked() {
   std::string output;
   int num_exported = certificate_manager_model_->cert_db().ExportToPKCS12(
       selected_cert_list_,
@@ -605,7 +622,25 @@ void CertificateManagerHandler::ImportPersonalFileRead(
                                   UTF8ToUTF16(safe_strerror(read_errno))));
     return;
   }
-  int result = certificate_manager_model_->ImportFromPKCS12(data, password_);
+
+  data_ = data;

[wtc, 2010/12/15 20:54:36]

It's too bad we have to copy the data.  If it's too much
work to avoid this copying, don't worry about it since this
is an uncommon operation.

+
+  // TODO(mattm): allow user to choose a slot to import to.
+  net::PK11SlotList slots;
+  certificate_manager_model_->cert_db().ListTokensForPKCS12(&slots);
+  slot_ = slots[0];

[wtc, 2010/12/15 20:54:36]

IMPORTANT: Is the first slot (slots[0]) the right slot to use
for not only Chrome but also the unit tests?

[mattm, 2011/01/12 01:22:07]

It should be fine for chrome, even chromeos, since it requests only RW slots, so
it won't be confused by the ro slot that chromeos has.

For unittests it could be a problem, bu unfortunately I don't currently have
unittests for the domui parts.

+
+  browser::UnlockSlotIfNecessary(
+      slot_.get(),
+      browser::kPK11PasswordCertImport,
+      "",  // unused.
+      NewCallback(this,
+                  &CertificateManagerHandler::ImportPersonalSlotUnlocked));
+}
+
+void CertificateManagerHandler::ImportPersonalSlotUnlocked() {
+  int result = certificate_manager_model_->ImportFromPKCS12(
+      slot_, data_, password_);
   ImportExportCleanup();
   dom_ui_->CallJavascriptFunction(L"CertificateRestoreOverlay.dismiss");
   switch (result) {
@@ -634,8 +669,10 @@ void CertificateManagerHandler::CancelImportExportProcess(
 void CertificateManagerHandler::ImportExportCleanup() {
   file_path_.clear();
   password_.clear();
+  data_.clear();
   selected_cert_list_.clear();
   select_file_dialog_ = NULL;
+  slot_ = NULL;
 }
 
 void CertificateManagerHandler::ImportServer(const ListValue* args) {