OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ui/webui/options/certificate_manager_handler.h" | 5 #include "chrome/browser/ui/webui/options/certificate_manager_handler.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <map> | 8 #include <map> |
9 | 9 |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 11 matching lines...) Expand all Loading... | |
22 #include "chrome/browser/profiles/profile.h" | 22 #include "chrome/browser/profiles/profile.h" |
23 #include "chrome/browser/ui/certificate_dialogs.h" | 23 #include "chrome/browser/ui/certificate_dialogs.h" |
24 #include "chrome/browser/ui/chrome_select_file_policy.h" | 24 #include "chrome/browser/ui/chrome_select_file_policy.h" |
25 #include "chrome/browser/ui/crypto_module_password_dialog_nss.h" | 25 #include "chrome/browser/ui/crypto_module_password_dialog_nss.h" |
26 #include "chrome/browser/ui/webui/certificate_viewer_webui.h" | 26 #include "chrome/browser/ui/webui/certificate_viewer_webui.h" |
27 #include "chrome/grit/generated_resources.h" | 27 #include "chrome/grit/generated_resources.h" |
28 #include "content/public/browser/browser_thread.h" | 28 #include "content/public/browser/browser_thread.h" |
29 #include "content/public/browser/web_contents.h" | 29 #include "content/public/browser/web_contents.h" |
30 #include "net/base/crypto_module.h" | 30 #include "net/base/crypto_module.h" |
31 #include "net/base/net_errors.h" | 31 #include "net/base/net_errors.h" |
32 #include "net/cert/cert_database.h" | |
32 #include "net/cert/x509_certificate.h" | 33 #include "net/cert/x509_certificate.h" |
33 #include "ui/base/l10n/l10n_util.h" | 34 #include "ui/base/l10n/l10n_util.h" |
34 | 35 |
35 #if defined(OS_CHROMEOS) | 36 #if defined(OS_CHROMEOS) |
36 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" | 37 #include "chrome/browser/chromeos/policy/user_network_configuration_updater.h" |
37 #include "chrome/browser/chromeos/policy/user_network_configuration_updater_fact ory.h" | 38 #include "chrome/browser/chromeos/policy/user_network_configuration_updater_fact ory.h" |
38 #endif | 39 #endif |
39 | 40 |
40 using base::UTF8ToUTF16; | 41 using base::UTF8ToUTF16; |
41 using content::BrowserThread; | 42 using content::BrowserThread; |
(...skipping 660 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
702 ui::SelectFileDialog::FileTypeInfo file_type_info; | 703 ui::SelectFileDialog::FileTypeInfo file_type_info; |
703 if (!args->GetBoolean(0, &use_hardware_backed_)) { | 704 if (!args->GetBoolean(0, &use_hardware_backed_)) { |
704 // Unable to retrieve the hardware backed attribute from the args, | 705 // Unable to retrieve the hardware backed attribute from the args, |
705 // so bail. | 706 // so bail. |
706 web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss"); | 707 web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss"); |
707 ImportExportCleanup(); | 708 ImportExportCleanup(); |
708 return; | 709 return; |
709 } | 710 } |
710 file_type_info.extensions.resize(1); | 711 file_type_info.extensions.resize(1); |
711 file_type_info.extensions[0].push_back(FILE_PATH_LITERAL("p12")); | 712 file_type_info.extensions[0].push_back(FILE_PATH_LITERAL("p12")); |
713 file_type_info.extensions[0].push_back(FILE_PATH_LITERAL("crt")); | |
712 file_type_info.extension_description_overrides.push_back( | 714 file_type_info.extension_description_overrides.push_back( |
713 l10n_util::GetStringUTF16(IDS_CERT_MANAGER_PKCS12_FILES)); | 715 l10n_util::GetStringUTF16(IDS_CERT_USAGE_SSL_CLIENT)); |
714 file_type_info.include_all_files = true; | 716 file_type_info.include_all_files = true; |
715 select_file_dialog_ = ui::SelectFileDialog::Create( | 717 select_file_dialog_ = ui::SelectFileDialog::Create( |
716 this, new ChromeSelectFilePolicy(web_ui()->GetWebContents())); | 718 this, new ChromeSelectFilePolicy(web_ui()->GetWebContents())); |
717 select_file_dialog_->SelectFile( | 719 select_file_dialog_->SelectFile( |
718 ui::SelectFileDialog::SELECT_OPEN_FILE, base::string16(), | 720 ui::SelectFileDialog::SELECT_OPEN_FILE, base::string16(), |
719 base::FilePath(), &file_type_info, 1, FILE_PATH_LITERAL("p12"), | 721 base::FilePath(), &file_type_info, 1, FILE_PATH_LITERAL("p12"), |
Ryan Sleevi
2015/10/30 23:33:47
BUG? the FILE_PATH_LITERAL("p12")
svaldez
2015/11/02 16:27:38
We're defaulting to the existing case of unknown f
| |
720 GetParentWindow(), | 722 GetParentWindow(), |
721 reinterpret_cast<void*>(IMPORT_PERSONAL_FILE_SELECTED)); | 723 reinterpret_cast<void*>(IMPORT_PERSONAL_FILE_SELECTED)); |
722 } | 724 } |
723 | 725 |
724 void CertificateManagerHandler::ImportPersonalFileSelected( | 726 void CertificateManagerHandler::ImportPersonalFileSelected( |
725 const base::FilePath& path) { | 727 const base::FilePath& path) { |
726 file_path_ = path; | 728 file_path_ = path; |
727 web_ui()->CallJavascriptFunction( | 729 if (file_path_.MatchesExtension(FILE_PATH_LITERAL(".p12"))) { |
728 "CertificateManager.importPersonalAskPassword"); | 730 web_ui()->CallJavascriptFunction( |
731 "CertificateManager.importPersonalAskPassword"); | |
Ryan Sleevi
2015/10/30 23:33:46
Blergh; this is bugged even for .p12; there's no g
svaldez
2015/11/02 16:27:38
It looked like it worked correctly if you just ent
| |
732 } else { | |
733 password_.clear(); | |
734 file_access_provider_->StartRead( | |
735 file_path_, | |
736 base::Bind(&CertificateManagerHandler::ImportPersonalFileRead, | |
737 base::Unretained(this)), | |
738 &tracker_); | |
739 } | |
729 } | 740 } |
730 | 741 |
731 void CertificateManagerHandler::ImportPersonalPasswordSelected( | 742 void CertificateManagerHandler::ImportPersonalPasswordSelected( |
732 const base::ListValue* args) { | 743 const base::ListValue* args) { |
733 if (!args->GetString(0, &password_)) { | 744 if (!args->GetString(0, &password_)) { |
734 web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss"); | 745 web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss"); |
735 ImportExportCleanup(); | 746 ImportExportCleanup(); |
736 return; | 747 return; |
737 } | 748 } |
738 file_access_provider_->StartRead( | 749 file_access_provider_->StartRead( |
(...skipping 11 matching lines...) Expand all Loading... | |
750 ShowError( | 761 ShowError( |
751 l10n_util::GetStringUTF8(IDS_CERT_MANAGER_PKCS12_IMPORT_ERROR_TITLE), | 762 l10n_util::GetStringUTF8(IDS_CERT_MANAGER_PKCS12_IMPORT_ERROR_TITLE), |
752 l10n_util::GetStringFUTF8(IDS_CERT_MANAGER_READ_ERROR_FORMAT, | 763 l10n_util::GetStringFUTF8(IDS_CERT_MANAGER_READ_ERROR_FORMAT, |
753 UTF8ToUTF16( | 764 UTF8ToUTF16( |
754 base::safe_strerror(*read_errno)))); | 765 base::safe_strerror(*read_errno)))); |
755 return; | 766 return; |
756 } | 767 } |
757 | 768 |
758 file_data_ = *data; | 769 file_data_ = *data; |
759 | 770 |
760 if (use_hardware_backed_) { | 771 if (file_path_.MatchesExtension(FILE_PATH_LITERAL(".p12"))) { |
Ryan Sleevi
2015/10/30 23:33:47
Again, no guarantee that .p12 == private
svaldez
2015/11/02 16:27:38
Can't we assume as much since this is coming in fr
| |
761 module_ = certificate_manager_model_->cert_db()->GetPrivateModule(); | 772 if (use_hardware_backed_) { |
773 module_ = certificate_manager_model_->cert_db()->GetPrivateModule(); | |
774 } else { | |
775 module_ = certificate_manager_model_->cert_db()->GetPublicModule(); | |
776 } | |
777 | |
778 net::CryptoModuleList modules; | |
779 modules.push_back(module_); | |
780 chrome::UnlockSlotsIfNecessary( | |
781 modules, | |
782 chrome::kCryptoModulePasswordCertImport, | |
783 net::HostPortPair(), // unused. | |
784 GetParentWindow(), | |
785 base::Bind(&CertificateManagerHandler::ImportPersonalSlotUnlocked, | |
786 base::Unretained(this))); | |
762 } else { | 787 } else { |
763 module_ = certificate_manager_model_->cert_db()->GetPublicModule(); | 788 scoped_refptr<net::X509Certificate> cert = |
789 net::X509Certificate::CreateFromBytes(data->c_str(), data->size()); | |
Ryan Sleevi
2015/10/30 23:33:47
BUG: Part of the goal of this change was to suppor
svaldez
2015/11/02 16:27:37
Done.
| |
790 | |
791 int cert_error = | |
792 net::CertDatabase::GetInstance()->CheckUserCert(cert.get()); | |
Ryan Sleevi
2015/10/30 23:33:47
net::CertDatabase is pretty awful; ideally, we'll
svaldez
2015/11/02 16:27:38
We'd need to modify the mozilla_security_manager t
| |
793 if (cert_error == net::OK) | |
794 cert_error = net::CertDatabase::GetInstance()->AddUserCert(cert.get()); | |
795 | |
796 ImportExportCleanup(); | |
797 web_ui()->CallJavascriptFunction("CertificateRestoreOverlay.dismiss"); | |
798 if (cert_error != net::OK) { | |
Ryan Sleevi
2015/10/30 23:33:47
BUG: You shouldn't assume that *any* error indicat
svaldez
2015/11/02 16:27:37
Done.
| |
799 ShowError( | |
800 l10n_util::GetStringUTF8(IDS_CERT_MANAGER_PKCS12_IMPORT_ERROR_TITLE), | |
801 l10n_util::GetStringUTF8(IDS_CERT_MANAGER_IMPORT_MISSING_KEY)); | |
802 } | |
764 } | 803 } |
765 | |
766 net::CryptoModuleList modules; | |
767 modules.push_back(module_); | |
768 chrome::UnlockSlotsIfNecessary( | |
769 modules, | |
770 chrome::kCryptoModulePasswordCertImport, | |
771 net::HostPortPair(), // unused. | |
772 GetParentWindow(), | |
773 base::Bind(&CertificateManagerHandler::ImportPersonalSlotUnlocked, | |
774 base::Unretained(this))); | |
775 } | 804 } |
776 | 805 |
777 void CertificateManagerHandler::ImportPersonalSlotUnlocked() { | 806 void CertificateManagerHandler::ImportPersonalSlotUnlocked() { |
778 // Determine if the private key should be unextractable after the import. | 807 // Determine if the private key should be unextractable after the import. |
779 // We do this by checking the value of |use_hardware_backed_| which is set | 808 // We do this by checking the value of |use_hardware_backed_| which is set |
780 // to true if importing into a hardware module. Currently, this only happens | 809 // to true if importing into a hardware module. Currently, this only happens |
781 // for Chrome OS when the "Import and Bind" option is chosen. | 810 // for Chrome OS when the "Import and Bind" option is chosen. |
782 bool is_extractable = !use_hardware_backed_; | 811 bool is_extractable = !use_hardware_backed_; |
783 int result = certificate_manager_model_->ImportFromPKCS12( | 812 int result = certificate_manager_model_->ImportFromPKCS12( |
784 module_.get(), file_data_, password_, is_extractable); | 813 module_.get(), file_data_, password_, is_extractable); |
(...skipping 368 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1153 title_value, | 1182 title_value, |
1154 error_value, | 1183 error_value, |
1155 cert_error_list); | 1184 cert_error_list); |
1156 } | 1185 } |
1157 | 1186 |
1158 gfx::NativeWindow CertificateManagerHandler::GetParentWindow() const { | 1187 gfx::NativeWindow CertificateManagerHandler::GetParentWindow() const { |
1159 return web_ui()->GetWebContents()->GetTopLevelNativeWindow(); | 1188 return web_ui()->GetWebContents()->GetTopLevelNativeWindow(); |
1160 } | 1189 } |
1161 | 1190 |
1162 } // namespace options | 1191 } // namespace options |
OLD | NEW |