Adding User Certificate (.crt) Import to Certificate Manager

chrome/browser/ui/webui/options/certificate_manager_handler.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/webui/options/certificate_manager_handler.h"
 
 #include <errno.h>

[mattm, 2015/11/10 21:59:41]

unused?

[svaldez, 2015/11/11 14:53:14]

Done.

[mattm, 2015/11/11 22:14:39]

Nevermind, looks like that actually came in from a rebase. In the future I would
recommend uploading a rebase in a separate patchset from any of your own
changes.

 
 #include <algorithm>
 #include <map>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/files/file_util.h"  // for FileAccessProvider
 #include "base/i18n/string_compare.h"
 #include "base/id_map.h"
 #include "base/memory/scoped_vector.h"
@@ skipping 686 matching lines @@
   ui::SelectFileDialog::FileTypeInfo file_type_info;
   if (!args->GetBoolean(0, &use_hardware_backed_)) {
     // Unable to retrieve the hardware backed attribute from the args,
     // so bail.
     web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss");
     ImportExportCleanup();
     return;
   }
   file_type_info.extensions.resize(1);
   file_type_info.extensions[0].push_back(FILE_PATH_LITERAL("p12"));
+  file_type_info.extensions[0].push_back(FILE_PATH_LITERAL("crt"));
   file_type_info.extension_description_overrides.push_back(
-      l10n_util::GetStringUTF16(IDS_CERT_MANAGER_PKCS12_FILES));
+      l10n_util::GetStringUTF16(IDS_CERT_USAGE_SSL_CLIENT));
   file_type_info.include_all_files = true;
   select_file_dialog_ = ui::SelectFileDialog::Create(
       this, new ChromeSelectFilePolicy(web_ui()->GetWebContents()));
   select_file_dialog_->SelectFile(
       ui::SelectFileDialog::SELECT_OPEN_FILE, base::string16(),
       base::FilePath(), &file_type_info, 1, FILE_PATH_LITERAL("p12"),
       GetParentWindow(),
       reinterpret_cast<void*>(IMPORT_PERSONAL_FILE_SELECTED));
 }
 
 void CertificateManagerHandler::ImportPersonalFileSelected(
     const base::FilePath& path) {
   file_path_ = path;
-  web_ui()->CallJavascriptFunction(
-      "CertificateManager.importPersonalAskPassword");
+  if (file_path_.MatchesExtension(FILE_PATH_LITERAL(".p12"))) {
+    web_ui()->CallJavascriptFunction(
+        "CertificateManager.importPersonalAskPassword");
+  } else {
+    password_.clear();
+    file_access_provider_->StartRead(
+        file_path_,
+        base::Bind(&CertificateManagerHandler::ImportPersonalFileRead,
+                   base::Unretained(this)),
+        &tracker_);
+  }
 }
 
 void CertificateManagerHandler::ImportPersonalPasswordSelected(
     const base::ListValue* args) {
   if (!args->GetString(0, &password_)) {
     web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss");
     ImportExportCleanup();
     return;
   }
   file_access_provider_->StartRead(
       file_path_,
       base::Bind(&CertificateManagerHandler::ImportPersonalFileRead,
                  base::Unretained(this)),
       &tracker_);
 }
 
 void CertificateManagerHandler::ImportPersonalFileRead(
     const int* read_errno, const std::string* data) {
   if (*read_errno) {
     ImportExportCleanup();
     web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss");
     ShowError(
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_PKCS12_IMPORT_ERROR_TITLE),
+        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_IMPORT_ERROR_TITLE),
         l10n_util::GetStringFUTF8(IDS_CERT_MANAGER_READ_ERROR_FORMAT,
                                   UTF8ToUTF16(
                                       base::safe_strerror(*read_errno))));
     return;
   }
 
   file_data_ = *data;
 
-  if (use_hardware_backed_) {
-    module_ = certificate_manager_model_->cert_db()->GetPrivateModule();
+  if (file_path_.MatchesExtension(FILE_PATH_LITERAL(".p12"))) {
+    if (use_hardware_backed_) {
+      module_ = certificate_manager_model_->cert_db()->GetPrivateModule();
+    } else {
+      module_ = certificate_manager_model_->cert_db()->GetPublicModule();
+    }
+
+    net::CryptoModuleList modules;
+    modules.push_back(module_);
+    chrome::UnlockSlotsIfNecessary(
+        modules,
+        chrome::kCryptoModulePasswordCertImport,
+        net::HostPortPair(),  // unused.
+        GetParentWindow(),
+        base::Bind(&CertificateManagerHandler::ImportPersonalSlotUnlocked,
+                   base::Unretained(this)));
   } else {
-    module_ = certificate_manager_model_->cert_db()->GetPublicModule();
+    int result = certificate_manager_model_->ImportUserCert(file_data_);
+    ImportExportCleanup();
+    web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss");
+    int string_id;
+    switch (result) {
+      case net::OK:
+        return;
+      case net::ERR_NO_PRIVATE_KEY_FOR_CERT:
+        string_id = IDS_CERT_MANAGER_IMPORT_MISSING_KEY;
+        break;
+      case net::ERR_CERT_INVALID:
+        string_id = IDS_CERT_MANAGER_READ_ERROR_FORMAT;
+        break;
+      default:
+        string_id = IDS_CERT_MANAGER_UNKNOWN_ERROR;
+        break;
+    }
+    ShowError(
+        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_IMPORT_ERROR_TITLE),
+        l10n_util::GetStringUTF8(string_id));
   }
-
-  net::CryptoModuleList modules;
-  modules.push_back(module_);
-  chrome::UnlockSlotsIfNecessary(
-      modules,
-      chrome::kCryptoModulePasswordCertImport,
-      net::HostPortPair(),  // unused.
-      GetParentWindow(),
-      base::Bind(&CertificateManagerHandler::ImportPersonalSlotUnlocked,
-                 base::Unretained(this)));
 }
 
 void CertificateManagerHandler::ImportPersonalSlotUnlocked() {
   // Determine if the private key should be unextractable after the import.
   // We do this by checking the value of |use_hardware_backed_| which is set
   // to true if importing into a hardware module. Currently, this only happens
   // for Chrome OS when the "Import and Bind" option is chosen.
   bool is_extractable = !use_hardware_backed_;
   int result = certificate_manager_model_->ImportFromPKCS12(
       module_.get(), file_data_, password_, is_extractable);
@@ skipping 368 matching lines @@
                                    title_value,
                                    error_value,
                                    cert_error_list);
 }
 
 gfx::NativeWindow CertificateManagerHandler::GetParentWindow() const {
   return web_ui()->GetWebContents()->GetTopLevelNativeWindow();
 }
 
 }  // namespace options