OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #import "chrome/browser/ui/cocoa/certificate_viewer_mac.h" | 5 #import "chrome/browser/ui/cocoa/certificate_viewer_mac.h" |
6 | 6 |
7 #include <Security/Security.h> | 7 #include <Security/Security.h> |
8 #include <SecurityInterface/SFCertificatePanel.h> | 8 #include <SecurityInterface/SFCertificatePanel.h> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
73 // See -[SSLCertificateViewerCocoa onConstrainedWindowClosed]. | 73 // See -[SSLCertificateViewerCocoa onConstrainedWindowClosed]. |
74 SSLCertificateViewerCocoa* viewer = | 74 SSLCertificateViewerCocoa* viewer = |
75 [[SSLCertificateViewerCocoa alloc] initWithCertificate:cert]; | 75 [[SSLCertificateViewerCocoa alloc] initWithCertificate:cert]; |
76 [viewer displayForWebContents:web_contents]; | 76 [viewer displayForWebContents:web_contents]; |
77 } | 77 } |
78 | 78 |
79 @implementation SSLCertificateViewerCocoa | 79 @implementation SSLCertificateViewerCocoa |
80 | 80 |
81 - (id)initWithCertificate:(net::X509Certificate*)certificate { | 81 - (id)initWithCertificate:(net::X509Certificate*)certificate { |
82 if ((self = [super init])) { | 82 if ((self = [super init])) { |
83 base::mac::ScopedCFTypeRef<CFArrayRef> cert_chain( | 83 base::ScopedCFTypeRef<CFArrayRef> cert_chain( |
84 certificate->CreateOSCertChainForCert()); | 84 certificate->CreateOSCertChainForCert()); |
85 NSArray* certificates = base::mac::CFToNSCast(cert_chain.get()); | 85 NSArray* certificates = base::mac::CFToNSCast(cert_chain.get()); |
86 certificates_.reset([certificates retain]); | 86 certificates_.reset([certificates retain]); |
87 } | 87 } |
88 return self; | 88 return self; |
89 } | 89 } |
90 | 90 |
91 - (void)sheetDidEnd:(NSWindow*)parent | 91 - (void)sheetDidEnd:(NSWindow*)parent |
92 returnCode:(NSInteger)returnCode | 92 returnCode:(NSInteger)returnCode |
93 context:(void*)context { | 93 context:(void*)context { |
94 if (!closePending_) | 94 if (!closePending_) |
95 constrainedWindow_->CloseWebContentsModalDialog(); | 95 constrainedWindow_->CloseWebContentsModalDialog(); |
96 } | 96 } |
97 | 97 |
98 - (void)displayForWebContents:(content::WebContents*)webContents { | 98 - (void)displayForWebContents:(content::WebContents*)webContents { |
99 // Explicitly disable revocation checking, regardless of user preferences | 99 // Explicitly disable revocation checking, regardless of user preferences |
100 // or system settings. The behaviour of SFCertificatePanel is to call | 100 // or system settings. The behaviour of SFCertificatePanel is to call |
101 // SecTrustEvaluate on the certificate(s) supplied, effectively | 101 // SecTrustEvaluate on the certificate(s) supplied, effectively |
102 // duplicating the behaviour of net::X509Certificate::Verify(). However, | 102 // duplicating the behaviour of net::X509Certificate::Verify(). However, |
103 // this call stalls the UI if revocation checking is enabled in the | 103 // this call stalls the UI if revocation checking is enabled in the |
104 // Keychain preferences or if the cert may be an EV cert. By disabling | 104 // Keychain preferences or if the cert may be an EV cert. By disabling |
105 // revocation checking, the stall is limited to the time taken for path | 105 // revocation checking, the stall is limited to the time taken for path |
106 // building and verification, which should be minimized due to the path | 106 // building and verification, which should be minimized due to the path |
107 // being provided in |certificates|. This does not affect normal | 107 // being provided in |certificates|. This does not affect normal |
108 // revocation checking from happening, which is controlled by | 108 // revocation checking from happening, which is controlled by |
109 // net::X509Certificate::Verify() and user preferences, but will prevent | 109 // net::X509Certificate::Verify() and user preferences, but will prevent |
110 // the certificate viewer UI from displaying which certificate is revoked. | 110 // the certificate viewer UI from displaying which certificate is revoked. |
111 // This is acceptable, as certificate revocation will still be shown in | 111 // This is acceptable, as certificate revocation will still be shown in |
112 // the page info bubble if a certificate in the chain is actually revoked. | 112 // the page info bubble if a certificate in the chain is actually revoked. |
113 base::mac::ScopedCFTypeRef<CFMutableArrayRef> policies( | 113 base::ScopedCFTypeRef<CFMutableArrayRef> policies( |
114 CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks)); | 114 CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks)); |
115 if (!policies.get()) { | 115 if (!policies.get()) { |
116 NOTREACHED(); | 116 NOTREACHED(); |
117 return; | 117 return; |
118 } | 118 } |
119 // Add a basic X.509 policy, in order to match the behaviour of | 119 // Add a basic X.509 policy, in order to match the behaviour of |
120 // SFCertificatePanel when no policies are specified. | 120 // SFCertificatePanel when no policies are specified. |
121 SecPolicyRef basic_policy = NULL; | 121 SecPolicyRef basic_policy = NULL; |
122 OSStatus status = net::x509_util::CreateBasicX509Policy(&basic_policy); | 122 OSStatus status = net::x509_util::CreateBasicX509Policy(&basic_policy); |
123 if (status != noErr) { | 123 if (status != noErr) { |
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
200 // NOOP | 200 // NOOP |
201 } | 201 } |
202 | 202 |
203 - (void)onConstrainedWindowClosed { | 203 - (void)onConstrainedWindowClosed { |
204 panel_.reset(); | 204 panel_.reset(); |
205 constrainedWindow_.reset(); | 205 constrainedWindow_.reset(); |
206 [self release]; | 206 [self release]; |
207 } | 207 } |
208 | 208 |
209 @end | 209 @end |
OLD | NEW |