OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ui/webui/options/certificate_manager_handler.h" | 5 #include "chrome/browser/ui/webui/options/certificate_manager_handler.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 #include <map> | 10 #include <map> |
(...skipping 693 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
704 ui::SelectFileDialog::FileTypeInfo file_type_info; | 704 ui::SelectFileDialog::FileTypeInfo file_type_info; |
705 if (!args->GetBoolean(0, &use_hardware_backed_)) { | 705 if (!args->GetBoolean(0, &use_hardware_backed_)) { |
706 // Unable to retrieve the hardware backed attribute from the args, | 706 // Unable to retrieve the hardware backed attribute from the args, |
707 // so bail. | 707 // so bail. |
708 web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss"); | 708 web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss"); |
709 ImportExportCleanup(); | 709 ImportExportCleanup(); |
710 return; | 710 return; |
711 } | 711 } |
712 file_type_info.extensions.resize(1); | 712 file_type_info.extensions.resize(1); |
713 file_type_info.extensions[0].push_back(FILE_PATH_LITERAL("p12")); | 713 file_type_info.extensions[0].push_back(FILE_PATH_LITERAL("p12")); |
| 714 file_type_info.extensions[0].push_back(FILE_PATH_LITERAL("crt")); |
714 file_type_info.extension_description_overrides.push_back( | 715 file_type_info.extension_description_overrides.push_back( |
715 l10n_util::GetStringUTF16(IDS_CERT_MANAGER_PKCS12_FILES)); | 716 l10n_util::GetStringUTF16(IDS_CERT_USAGE_SSL_CLIENT)); |
716 file_type_info.include_all_files = true; | 717 file_type_info.include_all_files = true; |
717 select_file_dialog_ = ui::SelectFileDialog::Create( | 718 select_file_dialog_ = ui::SelectFileDialog::Create( |
718 this, new ChromeSelectFilePolicy(web_ui()->GetWebContents())); | 719 this, new ChromeSelectFilePolicy(web_ui()->GetWebContents())); |
719 select_file_dialog_->SelectFile( | 720 select_file_dialog_->SelectFile( |
720 ui::SelectFileDialog::SELECT_OPEN_FILE, base::string16(), | 721 ui::SelectFileDialog::SELECT_OPEN_FILE, base::string16(), |
721 base::FilePath(), &file_type_info, 1, FILE_PATH_LITERAL("p12"), | 722 base::FilePath(), &file_type_info, 1, FILE_PATH_LITERAL("p12"), |
722 GetParentWindow(), | 723 GetParentWindow(), |
723 reinterpret_cast<void*>(IMPORT_PERSONAL_FILE_SELECTED)); | 724 reinterpret_cast<void*>(IMPORT_PERSONAL_FILE_SELECTED)); |
724 } | 725 } |
725 | 726 |
726 void CertificateManagerHandler::ImportPersonalFileSelected( | 727 void CertificateManagerHandler::ImportPersonalFileSelected( |
727 const base::FilePath& path) { | 728 const base::FilePath& path) { |
728 file_path_ = path; | 729 file_path_ = path; |
729 web_ui()->CallJavascriptFunction( | 730 if (file_path_.MatchesExtension(FILE_PATH_LITERAL(".p12"))) { |
730 "CertificateManager.importPersonalAskPassword"); | 731 web_ui()->CallJavascriptFunction( |
| 732 "CertificateManager.importPersonalAskPassword"); |
| 733 return; |
| 734 } |
| 735 |
| 736 // Non .p12 files are treated as unencrypted certificates. |
| 737 password_.clear(); |
| 738 file_access_provider_->StartRead( |
| 739 file_path_, |
| 740 base::Bind(&CertificateManagerHandler::ImportPersonalFileRead, |
| 741 base::Unretained(this)), |
| 742 &tracker_); |
731 } | 743 } |
732 | 744 |
733 void CertificateManagerHandler::ImportPersonalPasswordSelected( | 745 void CertificateManagerHandler::ImportPersonalPasswordSelected( |
734 const base::ListValue* args) { | 746 const base::ListValue* args) { |
735 if (!args->GetString(0, &password_)) { | 747 if (!args->GetString(0, &password_)) { |
736 web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss"); | 748 web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss"); |
737 ImportExportCleanup(); | 749 ImportExportCleanup(); |
738 return; | 750 return; |
739 } | 751 } |
740 file_access_provider_->StartRead( | 752 file_access_provider_->StartRead( |
741 file_path_, | 753 file_path_, |
742 base::Bind(&CertificateManagerHandler::ImportPersonalFileRead, | 754 base::Bind(&CertificateManagerHandler::ImportPersonalFileRead, |
743 base::Unretained(this)), | 755 base::Unretained(this)), |
744 &tracker_); | 756 &tracker_); |
745 } | 757 } |
746 | 758 |
747 void CertificateManagerHandler::ImportPersonalFileRead( | 759 void CertificateManagerHandler::ImportPersonalFileRead( |
748 const int* read_errno, const std::string* data) { | 760 const int* read_errno, const std::string* data) { |
749 if (*read_errno) { | 761 if (*read_errno) { |
750 ImportExportCleanup(); | 762 ImportExportCleanup(); |
751 web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss"); | 763 web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss"); |
752 ShowError( | 764 ShowError( |
753 l10n_util::GetStringUTF8(IDS_CERT_MANAGER_PKCS12_IMPORT_ERROR_TITLE), | 765 l10n_util::GetStringUTF8(IDS_CERT_MANAGER_IMPORT_ERROR_TITLE), |
754 l10n_util::GetStringFUTF8(IDS_CERT_MANAGER_READ_ERROR_FORMAT, | 766 l10n_util::GetStringFUTF8(IDS_CERT_MANAGER_READ_ERROR_FORMAT, |
755 UTF8ToUTF16( | 767 UTF8ToUTF16( |
756 base::safe_strerror(*read_errno)))); | 768 base::safe_strerror(*read_errno)))); |
757 return; | 769 return; |
758 } | 770 } |
759 | 771 |
760 file_data_ = *data; | 772 file_data_ = *data; |
761 | 773 |
762 if (use_hardware_backed_) { | 774 if (file_path_.MatchesExtension(FILE_PATH_LITERAL(".p12"))) { |
763 module_ = certificate_manager_model_->cert_db()->GetPrivateModule(); | 775 if (use_hardware_backed_) { |
764 } else { | 776 module_ = certificate_manager_model_->cert_db()->GetPrivateModule(); |
765 module_ = certificate_manager_model_->cert_db()->GetPublicModule(); | 777 } else { |
| 778 module_ = certificate_manager_model_->cert_db()->GetPublicModule(); |
| 779 } |
| 780 |
| 781 net::CryptoModuleList modules; |
| 782 modules.push_back(module_); |
| 783 chrome::UnlockSlotsIfNecessary( |
| 784 modules, |
| 785 chrome::kCryptoModulePasswordCertImport, |
| 786 net::HostPortPair(), // unused. |
| 787 GetParentWindow(), |
| 788 base::Bind(&CertificateManagerHandler::ImportPersonalSlotUnlocked, |
| 789 base::Unretained(this))); |
| 790 return; |
766 } | 791 } |
767 | 792 |
768 net::CryptoModuleList modules; | 793 // Non .p12 files are assumed to be single/chain certificates without private |
769 modules.push_back(module_); | 794 // key data. The default extension according to spec is '.crt', however other |
770 chrome::UnlockSlotsIfNecessary( | 795 // extensions are also used in some places to represent these certificates. |
771 modules, | 796 int result = certificate_manager_model_->ImportUserCert(file_data_); |
772 chrome::kCryptoModulePasswordCertImport, | 797 ImportExportCleanup(); |
773 net::HostPortPair(), // unused. | 798 web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss"); |
774 GetParentWindow(), | 799 int string_id; |
775 base::Bind(&CertificateManagerHandler::ImportPersonalSlotUnlocked, | 800 switch (result) { |
776 base::Unretained(this))); | 801 case net::OK: |
| 802 return; |
| 803 case net::ERR_NO_PRIVATE_KEY_FOR_CERT: |
| 804 string_id = IDS_CERT_MANAGER_IMPORT_MISSING_KEY; |
| 805 break; |
| 806 case net::ERR_CERT_INVALID: |
| 807 string_id = IDS_CERT_MANAGER_READ_ERROR_FORMAT; |
| 808 break; |
| 809 default: |
| 810 string_id = IDS_CERT_MANAGER_UNKNOWN_ERROR; |
| 811 break; |
| 812 } |
| 813 ShowError( |
| 814 l10n_util::GetStringUTF8(IDS_CERT_MANAGER_IMPORT_ERROR_TITLE), |
| 815 l10n_util::GetStringUTF8(string_id)); |
777 } | 816 } |
778 | 817 |
779 void CertificateManagerHandler::ImportPersonalSlotUnlocked() { | 818 void CertificateManagerHandler::ImportPersonalSlotUnlocked() { |
780 // Determine if the private key should be unextractable after the import. | 819 // Determine if the private key should be unextractable after the import. |
781 // We do this by checking the value of |use_hardware_backed_| which is set | 820 // We do this by checking the value of |use_hardware_backed_| which is set |
782 // to true if importing into a hardware module. Currently, this only happens | 821 // to true if importing into a hardware module. Currently, this only happens |
783 // for Chrome OS when the "Import and Bind" option is chosen. | 822 // for Chrome OS when the "Import and Bind" option is chosen. |
784 bool is_extractable = !use_hardware_backed_; | 823 bool is_extractable = !use_hardware_backed_; |
785 int result = certificate_manager_model_->ImportFromPKCS12( | 824 int result = certificate_manager_model_->ImportFromPKCS12( |
786 module_.get(), file_data_, password_, is_extractable); | 825 module_.get(), file_data_, password_, is_extractable); |
787 ImportExportCleanup(); | 826 ImportExportCleanup(); |
788 web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss"); | 827 web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss"); |
789 int string_id; | 828 int string_id; |
790 switch (result) { | 829 switch (result) { |
791 case net::OK: | 830 case net::OK: |
792 return; | 831 return; |
793 case net::ERR_PKCS12_IMPORT_BAD_PASSWORD: | 832 case net::ERR_PKCS12_IMPORT_BAD_PASSWORD: |
794 // TODO(mattm): if the error was a bad password, we should reshow the | 833 // TODO(mattm): if the error was a bad password, we should reshow the |
795 // password dialog after the user dismisses the error dialog. | 834 // password dialog after the user dismisses the error dialog. |
796 string_id = IDS_CERT_MANAGER_BAD_PASSWORD; | 835 string_id = IDS_CERT_MANAGER_BAD_PASSWORD; |
797 break; | 836 break; |
798 case net::ERR_PKCS12_IMPORT_INVALID_MAC: | 837 case net::ERR_PKCS12_IMPORT_INVALID_MAC: |
799 string_id = IDS_CERT_MANAGER_PKCS12_IMPORT_INVALID_MAC; | 838 string_id = IDS_CERT_MANAGER_IMPORT_INVALID_MAC; |
800 break; | 839 break; |
801 case net::ERR_PKCS12_IMPORT_INVALID_FILE: | 840 case net::ERR_PKCS12_IMPORT_INVALID_FILE: |
802 string_id = IDS_CERT_MANAGER_PKCS12_IMPORT_INVALID_FILE; | 841 string_id = IDS_CERT_MANAGER_IMPORT_INVALID_FILE; |
803 break; | 842 break; |
804 case net::ERR_PKCS12_IMPORT_UNSUPPORTED: | 843 case net::ERR_PKCS12_IMPORT_UNSUPPORTED: |
805 string_id = IDS_CERT_MANAGER_PKCS12_IMPORT_UNSUPPORTED; | 844 string_id = IDS_CERT_MANAGER_IMPORT_UNSUPPORTED; |
806 break; | 845 break; |
807 default: | 846 default: |
808 string_id = IDS_CERT_MANAGER_UNKNOWN_ERROR; | 847 string_id = IDS_CERT_MANAGER_UNKNOWN_ERROR; |
809 break; | 848 break; |
810 } | 849 } |
811 ShowError( | 850 ShowError( |
812 l10n_util::GetStringUTF8(IDS_CERT_MANAGER_PKCS12_IMPORT_ERROR_TITLE), | 851 l10n_util::GetStringUTF8(IDS_CERT_MANAGER_IMPORT_ERROR_TITLE), |
813 l10n_util::GetStringUTF8(string_id)); | 852 l10n_util::GetStringUTF8(string_id)); |
814 } | 853 } |
815 | 854 |
816 void CertificateManagerHandler::CancelImportExportProcess( | 855 void CertificateManagerHandler::CancelImportExportProcess( |
817 const base::ListValue* args) { | 856 const base::ListValue* args) { |
818 ImportExportCleanup(); | 857 ImportExportCleanup(); |
819 } | 858 } |
820 | 859 |
821 void CertificateManagerHandler::ImportExportCleanup() { | 860 void CertificateManagerHandler::ImportExportCleanup() { |
822 file_path_.clear(); | 861 file_path_.clear(); |
(...skipping 332 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1155 title_value, | 1194 title_value, |
1156 error_value, | 1195 error_value, |
1157 cert_error_list); | 1196 cert_error_list); |
1158 } | 1197 } |
1159 | 1198 |
1160 gfx::NativeWindow CertificateManagerHandler::GetParentWindow() const { | 1199 gfx::NativeWindow CertificateManagerHandler::GetParentWindow() const { |
1161 return web_ui()->GetWebContents()->GetTopLevelNativeWindow(); | 1200 return web_ui()->GetWebContents()->GetTopLevelNativeWindow(); |
1162 } | 1201 } |
1163 | 1202 |
1164 } // namespace options | 1203 } // namespace options |
OLD | NEW |