OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
| 5 #include "base/logging.h" |
5 #include "chrome/browser/ssl/ssl_client_certificate_selector.h" | 6 #include "chrome/browser/ssl/ssl_client_certificate_selector.h" |
| 7 #include "chrome/browser/ui/android/ssl_client_certificate_request.h" |
| 8 #include "content/public/browser/browser_thread.h" |
| 9 #include "net/base/ssl_cert_request_info.h" |
6 | 10 |
7 #include "base/logging.h" | 11 // On other platforms, the list of client certificates compatible with |
| 12 // the SSLCertRequestInfo is built using system APIs that do not require |
| 13 // user interaction. After this, ShowSSLClientCertificateSelector() is |
| 14 // merely used to display a tab sub-window asking the user to select |
| 15 // one of these certificates. |
| 16 |
| 17 // On Android, things are a bit different, because getting the list of |
| 18 // compatible client certificates is only possible using an API that shows |
| 19 // a system UI dialog. More precisely: |
| 20 // |
| 21 // - The application must call KeyChain.choosePrivateKeyAlias() and |
| 22 // pass it the request parameters directly. |
| 23 // |
| 24 // - This API always launches a system activity (CertInstaller), that |
| 25 // will display a list of compatible installed client certificates, |
| 26 // if any, or prompt the user to install one manually otherwise. |
| 27 // |
| 28 // - Also, the first time this API is called, the CertInstaller will |
| 29 // first prompt the user to enter the secure storage's password |
| 30 // (which is the user's PIN code / password by default). This establishes |
| 31 // a trust relationship between the KeyChain system application, and |
| 32 // the application calling the API. It persists until the application |
| 33 // is killed. |
| 34 // |
| 35 // - The client certificate selection result is sent back to the |
| 36 // application through a UI thread callback. It only contains a |
| 37 // string alias for the selected certificate, or 'null' to indicate |
| 38 // that the user has canceled the selection, or couldn't unlock |
| 39 // access to the secure storage. |
| 40 // |
| 41 // Note that: |
| 42 // |
| 43 // - There is no way, when the result if 'null', to know from the |
| 44 // application if the user cancelled the request, or couldn't access |
| 45 // the secure storage. |
| 46 // |
| 47 // - There is no way to cancel a request once it has started. Each call |
| 48 // to KeyChain.choosePrivateKeyAlias() launches a new activity, which |
| 49 // runs in a completely different process, and steals the focus from |
| 50 // the browser. |
8 | 51 |
9 namespace chrome { | 52 namespace chrome { |
10 | 53 |
11 // Client Auth is not implemented on Android yet. | 54 using browser::android::SSLClientCertificateRequest; |
| 55 |
12 void ShowSSLClientCertificateSelector( | 56 void ShowSSLClientCertificateSelector( |
13 content::WebContents* contents, | 57 content::WebContents* contents, |
14 const net::HttpNetworkSession* network_session, | 58 const net::HttpNetworkSession* network_session, |
15 net::SSLCertRequestInfo* cert_request_info, | 59 net::SSLCertRequestInfo* cert_request_info, |
16 const base::Callback<void(net::X509Certificate*)>& callback) { | 60 const chrome::SelectCertificateCallback& callback) { |
17 NOTIMPLEMENTED(); | 61 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 62 // Create a new request, then try to start it. |
| 63 scoped_refptr<SSLClientCertificateRequest> request( |
| 64 new SSLClientCertificateRequest(cert_request_info, callback)); |
| 65 if (!request->Start()) { |
| 66 LOG(ERROR) << "Could not start client certificate request!"; |
| 67 // Note: the destructor will call callback(NULL) automatically. |
| 68 } |
18 } | 69 } |
19 | 70 |
20 } // namespace chrome | 71 } // namespace chrome |
OLD | NEW |