Adding User Certificate (.crt) Import to Certificate Manager

chrome/browser/ui/webui/options/certificate_manager_handler.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/webui/options/certificate_manager_handler.h"
 
 #include <errno.h>
 
 #include <algorithm>
 #include <map>
@@ skipping 693 matching lines @@
   ui::SelectFileDialog::FileTypeInfo file_type_info;
   if (!args->GetBoolean(0, &use_hardware_backed_)) {
     // Unable to retrieve the hardware backed attribute from the args,
     // so bail.
     web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss");
     ImportExportCleanup();
     return;
   }
   file_type_info.extensions.resize(1);
   file_type_info.extensions[0].push_back(FILE_PATH_LITERAL("p12"));
+  file_type_info.extensions[0].push_back(FILE_PATH_LITERAL("crt"));
   file_type_info.extension_description_overrides.push_back(
-      l10n_util::GetStringUTF16(IDS_CERT_MANAGER_PKCS12_FILES));
+      l10n_util::GetStringUTF16(IDS_CERT_USAGE_SSL_CLIENT));
   file_type_info.include_all_files = true;
   select_file_dialog_ = ui::SelectFileDialog::Create(
       this, new ChromeSelectFilePolicy(web_ui()->GetWebContents()));
   select_file_dialog_->SelectFile(
       ui::SelectFileDialog::SELECT_OPEN_FILE, base::string16(),
       base::FilePath(), &file_type_info, 1, FILE_PATH_LITERAL("p12"),
       GetParentWindow(),
       reinterpret_cast<void*>(IMPORT_PERSONAL_FILE_SELECTED));
 }
 
 void CertificateManagerHandler::ImportPersonalFileSelected(
     const base::FilePath& path) {
   file_path_ = path;
-  web_ui()->CallJavascriptFunction(
-      "CertificateManager.importPersonalAskPassword");
+  if (file_path_.MatchesExtension(FILE_PATH_LITERAL(".p12"))) {
+    web_ui()->CallJavascriptFunction(
+        "CertificateManager.importPersonalAskPassword");

[Lei Zhang, 2015/11/21 01:55:15]

You may also consider adding a return here, and then you can drop the else
keyword and everything in the else block can be shifted 2 chars to the left.
Like in ImportPersonalPasswordSelected() below.

Ditto for ImportPersonalFileRead().

[svaldez, 2015/11/23 15:17:54]

Done.

+  } else {

[Lei Zhang, 2015/11/19 22:23:59]

Just to be clear, is this the .crt file case? Assuming yes, do you care to check
the files have a .crt extension or does it not really matter?

[svaldez, 2015/11/20 15:01:52]

This is for the '.crt' case, however there are other non-standard extensions
used for certificate files that while we shouldn't explicitly add to the file
list, since they aren't standard, should probably go through the .crt code path
(ex: .cer, .der, ...). Using this path for other files also means we'll attempt
to import them and then error out, rather than having a password prompt show up
which isn't relevant for non-p12 files.

[Lei Zhang, 2015/11/21 01:55:15]

Got it. Can you write a comment here to explain the situation, and in
CertificateManagerHandler::ImportPersonalFileRead(), which I presume is similar?

[svaldez, 2015/11/23 15:17:54]

Done.

+    password_.clear();
+    file_access_provider_->StartRead(
+        file_path_,
+        base::Bind(&CertificateManagerHandler::ImportPersonalFileRead,
+                   base::Unretained(this)),
+        &tracker_);
+  }
 }
 
 void CertificateManagerHandler::ImportPersonalPasswordSelected(
     const base::ListValue* args) {
   if (!args->GetString(0, &password_)) {
     web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss");
     ImportExportCleanup();
     return;
   }
   file_access_provider_->StartRead(
       file_path_,
       base::Bind(&CertificateManagerHandler::ImportPersonalFileRead,
                  base::Unretained(this)),
       &tracker_);
 }
 
 void CertificateManagerHandler::ImportPersonalFileRead(
     const int* read_errno, const std::string* data) {
   if (*read_errno) {
     ImportExportCleanup();
     web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss");
     ShowError(
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_PKCS12_IMPORT_ERROR_TITLE),
+        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_IMPORT_ERROR_TITLE),
         l10n_util::GetStringFUTF8(IDS_CERT_MANAGER_READ_ERROR_FORMAT,
                                   UTF8ToUTF16(
                                       base::safe_strerror(*read_errno))));
     return;
   }
 
   file_data_ = *data;
 
-  if (use_hardware_backed_) {
-    module_ = certificate_manager_model_->cert_db()->GetPrivateModule();
+  if (file_path_.MatchesExtension(FILE_PATH_LITERAL(".p12"))) {
+    if (use_hardware_backed_) {
+      module_ = certificate_manager_model_->cert_db()->GetPrivateModule();
+    } else {
+      module_ = certificate_manager_model_->cert_db()->GetPublicModule();
+    }
+
+    net::CryptoModuleList modules;
+    modules.push_back(module_);
+    chrome::UnlockSlotsIfNecessary(
+        modules,
+        chrome::kCryptoModulePasswordCertImport,
+        net::HostPortPair(),  // unused.
+        GetParentWindow(),
+        base::Bind(&CertificateManagerHandler::ImportPersonalSlotUnlocked,
+                   base::Unretained(this)));
   } else {
-    module_ = certificate_manager_model_->cert_db()->GetPublicModule();
+    int result = certificate_manager_model_->ImportUserCert(file_data_);
+    ImportExportCleanup();
+    web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss");
+    int string_id;
+    switch (result) {
+      case net::OK:
+        return;
+      case net::ERR_NO_PRIVATE_KEY_FOR_CERT:
+        string_id = IDS_CERT_MANAGER_IMPORT_MISSING_KEY;
+        break;
+      case net::ERR_CERT_INVALID:
+        string_id = IDS_CERT_MANAGER_READ_ERROR_FORMAT;
+        break;
+      default:
+        string_id = IDS_CERT_MANAGER_UNKNOWN_ERROR;
+        break;
+    }
+    ShowError(
+        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_IMPORT_ERROR_TITLE),
+        l10n_util::GetStringUTF8(string_id));
   }
-
-  net::CryptoModuleList modules;
-  modules.push_back(module_);
-  chrome::UnlockSlotsIfNecessary(
-      modules,
-      chrome::kCryptoModulePasswordCertImport,
-      net::HostPortPair(),  // unused.
-      GetParentWindow(),
-      base::Bind(&CertificateManagerHandler::ImportPersonalSlotUnlocked,
-                 base::Unretained(this)));
 }
 
 void CertificateManagerHandler::ImportPersonalSlotUnlocked() {
   // Determine if the private key should be unextractable after the import.
   // We do this by checking the value of |use_hardware_backed_| which is set
   // to true if importing into a hardware module. Currently, this only happens
   // for Chrome OS when the "Import and Bind" option is chosen.
   bool is_extractable = !use_hardware_backed_;
   int result = certificate_manager_model_->ImportFromPKCS12(
       module_.get(), file_data_, password_, is_extractable);
   ImportExportCleanup();
   web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss");
   int string_id;
   switch (result) {
     case net::OK:
       return;
     case net::ERR_PKCS12_IMPORT_BAD_PASSWORD:
       // TODO(mattm): if the error was a bad password, we should reshow the
       // password dialog after the user dismisses the error dialog.
       string_id = IDS_CERT_MANAGER_BAD_PASSWORD;
       break;
     case net::ERR_PKCS12_IMPORT_INVALID_MAC:
-      string_id = IDS_CERT_MANAGER_PKCS12_IMPORT_INVALID_MAC;
+      string_id = IDS_CERT_MANAGER_IMPORT_INVALID_MAC;
       break;
     case net::ERR_PKCS12_IMPORT_INVALID_FILE:
-      string_id = IDS_CERT_MANAGER_PKCS12_IMPORT_INVALID_FILE;
+      string_id = IDS_CERT_MANAGER_IMPORT_INVALID_FILE;
       break;
     case net::ERR_PKCS12_IMPORT_UNSUPPORTED:
-      string_id = IDS_CERT_MANAGER_PKCS12_IMPORT_UNSUPPORTED;
+      string_id = IDS_CERT_MANAGER_IMPORT_UNSUPPORTED;
       break;
     default:
       string_id = IDS_CERT_MANAGER_UNKNOWN_ERROR;
       break;
   }
   ShowError(
-      l10n_util::GetStringUTF8(IDS_CERT_MANAGER_PKCS12_IMPORT_ERROR_TITLE),
+      l10n_util::GetStringUTF8(IDS_CERT_MANAGER_IMPORT_ERROR_TITLE),
       l10n_util::GetStringUTF8(string_id));
 }
 
 void CertificateManagerHandler::CancelImportExportProcess(
     const base::ListValue* args) {
   ImportExportCleanup();
 }
 
 void CertificateManagerHandler::ImportExportCleanup() {
   file_path_.clear();
@@ skipping 332 matching lines @@
                                    title_value,
                                    error_value,
                                    cert_error_list);
 }
 
 gfx::NativeWindow CertificateManagerHandler::GetParentWindow() const {
   return web_ui()->GetWebContents()->GetTopLevelNativeWindow();
 }
 
 }  // namespace options