chrome/browser/ui/webui/options/certificate_manager_handler.cc - Issue 1423663012: Removing x-x509-user-cert mime handler.

Side by Side Diff: chrome/browser/ui/webui/options/certificate_manager_handler.cc

Issue 1423663012: Removing x-x509-user-cert mime handler. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fix windows strings. Created 5 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« chrome/browser/download/chrome_download_manager_delegate.cc ('K') | « chrome/browser/download/chrome_download_manager_delegate.cc ('k') | content/browser/loader/mime_type_resource_handler.cc » ('j') | content/browser/loader/mime_type_resource_handler.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/ui/webui/options/certificate_manager_handler.h"	5 #include "chrome/browser/ui/webui/options/certificate_manager_handler.h"

6	6

7 #include <algorithm>	7 #include <algorithm>

8 #include <map>	8 #include <map>

9	9

10 #include "base/bind.h"	10 #include "base/bind.h"

(...skipping 11 matching lines...) Expand all Loading...
22 #include "chrome/browser/profiles/profile.h"	22 #include "chrome/browser/profiles/profile.h"

23 #include "chrome/browser/ui/certificate_dialogs.h"	23 #include "chrome/browser/ui/certificate_dialogs.h"

24 #include "chrome/browser/ui/chrome_select_file_policy.h"	24 #include "chrome/browser/ui/chrome_select_file_policy.h"

25 #include "chrome/browser/ui/crypto_module_password_dialog_nss.h"	25 #include "chrome/browser/ui/crypto_module_password_dialog_nss.h"

26 #include "chrome/browser/ui/webui/certificate_viewer_webui.h"	26 #include "chrome/browser/ui/webui/certificate_viewer_webui.h"

27 #include "chrome/grit/generated_resources.h"	27 #include "chrome/grit/generated_resources.h"

28 #include "content/public/browser/browser_thread.h"	28 #include "content/public/browser/browser_thread.h"

29 #include "content/public/browser/web_contents.h"	29 #include "content/public/browser/web_contents.h"

30 #include "net/base/crypto_module.h"	30 #include "net/base/crypto_module.h"

31 #include "net/base/net_errors.h"	31 #include "net/base/net_errors.h"

	32 #include "net/cert/cert_database.h"

32 #include "net/cert/x509_certificate.h"	33 #include "net/cert/x509_certificate.h"

33 #include "ui/base/l10n/l10n_util.h"	34 #include "ui/base/l10n/l10n_util.h"

34	35

35 #if defined(OS_CHROMEOS)	36 #if defined(OS_CHROMEOS)

36 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"	37 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"

37 #include "chrome/browser/chromeos/policy/user_network_configuration_updater_fact ory.h"	38 #include "chrome/browser/chromeos/policy/user_network_configuration_updater_fact ory.h"

38 #endif	39 #endif

39	40

40 using base::UTF8ToUTF16;	41 using base::UTF8ToUTF16;

41 using content::BrowserThread;	42 using content::BrowserThread;

(...skipping 660 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
702 ui::SelectFileDialog::FileTypeInfo file_type_info;	703 ui::SelectFileDialog::FileTypeInfo file_type_info;

703 if (!args->GetBoolean(0, &use_hardware_backed_)) {	704 if (!args->GetBoolean(0, &use_hardware_backed_)) {

704 // Unable to retrieve the hardware backed attribute from the args,	705 // Unable to retrieve the hardware backed attribute from the args,

705 // so bail.	706 // so bail.

706 web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss");	707 web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss");

707 ImportExportCleanup();	708 ImportExportCleanup();

708 return;	709 return;

709 }	710 }

710 file_type_info.extensions.resize(1);	711 file_type_info.extensions.resize(1);

711 file_type_info.extensions[0].push_back(FILE_PATH_LITERAL("p12"));	712 file_type_info.extensions[0].push_back(FILE_PATH_LITERAL("p12"));

	713 file_type_info.extensions[0].push_back(FILE_PATH_LITERAL("crt"));

712 file_type_info.extension_description_overrides.push_back(	714 file_type_info.extension_description_overrides.push_back(

713 l10n_util::GetStringUTF16(IDS_CERT_MANAGER_PKCS12_FILES));	715 l10n_util::GetStringUTF16(IDS_CERT_USAGE_SSL_CLIENT));

714 file_type_info.include_all_files = true;	716 file_type_info.include_all_files = true;

715 select_file_dialog_ = ui::SelectFileDialog::Create(	717 select_file_dialog_ = ui::SelectFileDialog::Create(

716 this, new ChromeSelectFilePolicy(web_ui()->GetWebContents()));	718 this, new ChromeSelectFilePolicy(web_ui()->GetWebContents()));

717 select_file_dialog_->SelectFile(	719 select_file_dialog_->SelectFile(

718 ui::SelectFileDialog::SELECT_OPEN_FILE, base::string16(),	720 ui::SelectFileDialog::SELECT_OPEN_FILE, base::string16(),

719 base::FilePath(), &file_type_info, 1, FILE_PATH_LITERAL("p12"),	721 base::FilePath(), &file_type_info, 1, FILE_PATH_LITERAL("p12"),
	Ryan Sleevi 2015/10/30 23:33:47 BUG? the FILE_PATH_LITERAL("p12") BUG? the FILE_PATH_LITERAL("p12") svaldez 2015/11/02 16:27:38 We're defaulting to the existing case of unknown f Show quoted text On 2015/10/30 23:33:47, Ryan Sleevi wrote: > BUG? the FILE_PATH_LITERAL("p12") We're defaulting to the existing case of unknown files being parsed as p12. This is also ignored in most systems for SelectFile dialogs.
720 GetParentWindow(),	722 GetParentWindow(),

721 reinterpret_cast<void*>(IMPORT_PERSONAL_FILE_SELECTED));	723 reinterpret_cast<void*>(IMPORT_PERSONAL_FILE_SELECTED));

722 }	724 }

723	725

724 void CertificateManagerHandler::ImportPersonalFileSelected(	726 void CertificateManagerHandler::ImportPersonalFileSelected(

725 const base::FilePath& path) {	727 const base::FilePath& path) {

726 file_path_ = path;	728 file_path_ = path;

727 web_ui()->CallJavascriptFunction(	729 if (file_path_.MatchesExtension(FILE_PATH_LITERAL(".p12"))) {

728 "CertificateManager.importPersonalAskPassword");	730 web_ui()->CallJavascriptFunction(

	731 "CertificateManager.importPersonalAskPassword");
	Ryan Sleevi 2015/10/30 23:33:46 Blergh; this is bugged even for .p12; there's no g Blergh; this is bugged even for .p12; there's no guarantee that a .p12 will be password protected. svaldez 2015/11/02 16:27:38 It looked like it worked correctly if you just ent Show quoted text On 2015/10/30 23:33:46, Ryan Sleevi wrote: > Blergh; this is bugged even for .p12; there's no guarantee that a .p12 will be > password protected. It looked like it worked correctly if you just entered a blank password previously.
	732 } else {

	733 password_.clear();

	734 file_access_provider_->StartRead(

	735 file_path_,

	736 base::Bind(&CertificateManagerHandler::ImportPersonalFileRead,

	737 base::Unretained(this)),

	738 &tracker_);

	739 }

729 }	740 }

730	741

731 void CertificateManagerHandler::ImportPersonalPasswordSelected(	742 void CertificateManagerHandler::ImportPersonalPasswordSelected(

732 const base::ListValue* args) {	743 const base::ListValue* args) {

733 if (!args->GetString(0, &password_)) {	744 if (!args->GetString(0, &password_)) {

734 web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss");	745 web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss");

735 ImportExportCleanup();	746 ImportExportCleanup();

736 return;	747 return;

737 }	748 }

738 file_access_provider_->StartRead(	749 file_access_provider_->StartRead(

(...skipping 11 matching lines...) Expand all Loading...
750 ShowError(	761 ShowError(

751 l10n_util::GetStringUTF8(IDS_CERT_MANAGER_PKCS12_IMPORT_ERROR_TITLE),	762 l10n_util::GetStringUTF8(IDS_CERT_MANAGER_PKCS12_IMPORT_ERROR_TITLE),

752 l10n_util::GetStringFUTF8(IDS_CERT_MANAGER_READ_ERROR_FORMAT,	763 l10n_util::GetStringFUTF8(IDS_CERT_MANAGER_READ_ERROR_FORMAT,

753 UTF8ToUTF16(	764 UTF8ToUTF16(

754 base::safe_strerror(*read_errno))));	765 base::safe_strerror(*read_errno))));

755 return;	766 return;

756 }	767 }

757	768

758 file_data_ = *data;	769 file_data_ = *data;

759	770

760 if (use_hardware_backed_) {	771 if (file_path_.MatchesExtension(FILE_PATH_LITERAL(".p12"))) {
	Ryan Sleevi 2015/10/30 23:33:47 Again, no guarantee that .p12 == private Again, no guarantee that .p12 == private svaldez 2015/11/02 16:27:38 Can't we assume as much since this is coming in fr Show quoted text On 2015/10/30 23:33:47, Ryan Sleevi wrote: > Again, no guarantee that .p12 == private Can't we assume as much since this is coming in from the user cert import codepath, and if we fail to import the cert, then we just error out?
761 module_ = certificate_manager_model_->cert_db()->GetPrivateModule();	772 if (use_hardware_backed_) {

	773 module_ = certificate_manager_model_->cert_db()->GetPrivateModule();

	774 } else {

	775 module_ = certificate_manager_model_->cert_db()->GetPublicModule();

	776 }

	777

	778 net::CryptoModuleList modules;

	779 modules.push_back(module_);

	780 chrome::UnlockSlotsIfNecessary(

	781 modules,

	782 chrome::kCryptoModulePasswordCertImport,

	783 net::HostPortPair(), // unused.

	784 GetParentWindow(),

	785 base::Bind(&CertificateManagerHandler::ImportPersonalSlotUnlocked,

	786 base::Unretained(this)));

762 } else {	787 } else {

763 module_ = certificate_manager_model_->cert_db()->GetPublicModule();	788 scoped_refptr<net::X509Certificate> cert =

	789 net::X509Certificate::CreateFromBytes(data->c_str(), data->size());
	Ryan Sleevi 2015/10/30 23:33:47 BUG: Part of the goal of this change was to suppor BUG: Part of the goal of this change was to support multiple certificate types, much like .p12 can. There's no guarantee that \|cert\| will be a singular certificate (it could be a chain in a variety of formats) svaldez 2015/11/02 16:27:37 Done. Show quoted text On 2015/10/30 23:33:47, Ryan Sleevi wrote: > BUG: Part of the goal of this change was to support multiple certificate types, > much like .p12 can. There's no guarantee that \|cert\| will be a singular > certificate (it could be a chain in a variety of formats) Done.
	790

	791 int cert_error =

	792 net::CertDatabase::GetInstance()->CheckUserCert(cert.get());
	Ryan Sleevi 2015/10/30 23:33:47 net::CertDatabase is pretty awful; ideally, we'll net::CertDatabase is pretty awful; ideally, we'll be able to move away from it as much as possible. We already have a net::NSSCertDatabase (cert_db_), via the certificate_manager_model_, ideally we should be importing certificates against that. Even if we don't, we want the model to be responsible for this sort of logic, I think... There's also no (strict) need to require an associated private key. svaldez 2015/11/02 16:27:38 We'd need to modify the mozilla_security_manager t Show quoted text On 2015/10/30 23:33:47, Ryan Sleevi wrote: > net::CertDatabase is pretty awful; ideally, we'll be able to move away from it > as much as possible. > > We already have a net::NSSCertDatabase (cert_db_), via the > certificate_manager_model_, ideally we should be importing certificates against > that. Even if we don't, we want the model to be responsible for this sort of > logic, I think... > > There's also no (strict) need to require an associated private key. We'd need to modify the mozilla_security_manager to support this case, since there currently doesn't exist an API to import a bare certificate, without also providing the private key. Also, by spec, it looks like we are required to throw an error on a missing private key.
	793 if (cert_error == net::OK)

	794 cert_error = net::CertDatabase::GetInstance()->AddUserCert(cert.get());

	795

	796 ImportExportCleanup();

	797 web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss");

	798 if (cert_error != net::OK) {
	Ryan Sleevi 2015/10/30 23:33:47 BUG: You shouldn't assume that any error indicat BUG: You shouldn't assume that any error indicates a missing private key. net::ERR_NO_PRIVATE_KEY_FOR_CERT is that error, but you can have other errors. svaldez 2015/11/02 16:27:37 Done. Show quoted text On 2015/10/30 23:33:47, Ryan Sleevi wrote: > BUG: You shouldn't assume that any error indicates a missing private key. > net::ERR_NO_PRIVATE_KEY_FOR_CERT is that error, but you can have other errors. Done.
	799 ShowError(

	800 l10n_util::GetStringUTF8(IDS_CERT_MANAGER_PKCS12_IMPORT_ERROR_TITLE),

	801 l10n_util::GetStringUTF8(IDS_CERT_MANAGER_IMPORT_MISSING_KEY));

	802 }

764 }	803 }

765

766 net::CryptoModuleList modules;

767 modules.push_back(module_);

768 chrome::UnlockSlotsIfNecessary(

769 modules,

770 chrome::kCryptoModulePasswordCertImport,

771 net::HostPortPair(), // unused.

772 GetParentWindow(),

773 base::Bind(&CertificateManagerHandler::ImportPersonalSlotUnlocked,

774 base::Unretained(this)));

775 }	804 }

776	805

777 void CertificateManagerHandler::ImportPersonalSlotUnlocked() {	806 void CertificateManagerHandler::ImportPersonalSlotUnlocked() {

778 // Determine if the private key should be unextractable after the import.	807 // Determine if the private key should be unextractable after the import.

779 // We do this by checking the value of \|use_hardware_backed_\| which is set	808 // We do this by checking the value of \|use_hardware_backed_\| which is set

780 // to true if importing into a hardware module. Currently, this only happens	809 // to true if importing into a hardware module. Currently, this only happens

781 // for Chrome OS when the "Import and Bind" option is chosen.	810 // for Chrome OS when the "Import and Bind" option is chosen.

782 bool is_extractable = !use_hardware_backed_;	811 bool is_extractable = !use_hardware_backed_;

783 int result = certificate_manager_model_->ImportFromPKCS12(	812 int result = certificate_manager_model_->ImportFromPKCS12(

784 module_.get(), file_data_, password_, is_extractable);	813 module_.get(), file_data_, password_, is_extractable);

(...skipping 368 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1153 title_value,	1182 title_value,

1154 error_value,	1183 error_value,

1155 cert_error_list);	1184 cert_error_list);

1156 }	1185 }

1157	1186

1158 gfx::NativeWindow CertificateManagerHandler::GetParentWindow() const {	1187 gfx::NativeWindow CertificateManagerHandler::GetParentWindow() const {

1159 return web_ui()->GetWebContents()->GetTopLevelNativeWindow();	1188 return web_ui()->GetWebContents()->GetTopLevelNativeWindow();

1160 }	1189 }

1161	1190

1162 } // namespace options	1191 } // namespace options

OLD	NEW