| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #import "chrome/browser/ui/certificate_viewer_mac.h" |
| 6 |
| 7 #include "base/mac/foundation_util.h" |
| 8 #include "base/mac/scoped_cftyperef.h" |
| 9 #import "base/mac/scoped_nsobject.h" |
| 10 #include "content/public/browser/web_contents.h" |
| 11 #include "net/cert/x509_certificate.h" |
| 12 #include "net/cert/x509_util_mac.h" |
| 13 |
| 14 @interface SFCertificatePanel (SystemPrivate) |
| 15 // A system-private interface that dismisses a panel whose sheet was started by |
| 16 // -beginSheetForWindow: |
| 17 // modalDelegate: |
| 18 // didEndSelector: |
| 19 // contextInfo: |
| 20 // certificates: |
| 21 // showGroup: |
| 22 // as though the user clicked the button identified by returnCode. Verified |
| 23 // present in 10.8. |
| 24 - (void)_dismissWithCode:(NSInteger)code; |
| 25 @end |
| 26 |
| 27 @implementation SSLCertificateViewerMac { |
| 28 // The corresponding list of certificates. |
| 29 base::scoped_nsobject<NSArray> certificates_; |
| 30 base::scoped_nsobject<SFCertificatePanel> panel_; |
| 31 } |
| 32 |
| 33 - (instancetype)initWithCertificate:(net::X509Certificate*)certificate |
| 34 forWebContents:(content::WebContents*)webContents { |
| 35 if ((self = [super init])) { |
| 36 base::ScopedCFTypeRef<CFArrayRef> certChain( |
| 37 certificate->CreateOSCertChainForCert()); |
| 38 NSArray* certificates = base::mac::CFToNSCast(certChain.get()); |
| 39 certificates_.reset([certificates retain]); |
| 40 } |
| 41 |
| 42 // Explicitly disable revocation checking, regardless of user preferences |
| 43 // or system settings. The behaviour of SFCertificatePanel is to call |
| 44 // SecTrustEvaluate on the certificate(s) supplied, effectively |
| 45 // duplicating the behaviour of net::X509Certificate::Verify(). However, |
| 46 // this call stalls the UI if revocation checking is enabled in the |
| 47 // Keychain preferences or if the cert may be an EV cert. By disabling |
| 48 // revocation checking, the stall is limited to the time taken for path |
| 49 // building and verification, which should be minimized due to the path |
| 50 // being provided in |certificates|. This does not affect normal |
| 51 // revocation checking from happening, which is controlled by |
| 52 // net::X509Certificate::Verify() and user preferences, but will prevent |
| 53 // the certificate viewer UI from displaying which certificate is revoked. |
| 54 // This is acceptable, as certificate revocation will still be shown in |
| 55 // the page info bubble if a certificate in the chain is actually revoked. |
| 56 base::ScopedCFTypeRef<CFMutableArrayRef> policies( |
| 57 CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks)); |
| 58 if (!policies.get()) { |
| 59 NOTREACHED(); |
| 60 return self; |
| 61 } |
| 62 // Add a basic X.509 policy, in order to match the behaviour of |
| 63 // SFCertificatePanel when no policies are specified. |
| 64 SecPolicyRef basicPolicy = nil; |
| 65 OSStatus status = net::x509_util::CreateBasicX509Policy(&basicPolicy); |
| 66 if (status != noErr) { |
| 67 NOTREACHED(); |
| 68 return self; |
| 69 } |
| 70 CFArrayAppendValue(policies, basicPolicy); |
| 71 CFRelease(basicPolicy); |
| 72 |
| 73 status = net::x509_util::CreateRevocationPolicies(false, false, policies); |
| 74 if (status != noErr) { |
| 75 NOTREACHED(); |
| 76 return self; |
| 77 } |
| 78 |
| 79 panel_.reset([[SFCertificatePanel alloc] init]); |
| 80 [panel_ setPolicies:base::mac::CFToNSCast(policies.get())]; |
| 81 return self; |
| 82 } |
| 83 |
| 84 - (void)sheetDidEnd:(NSWindow*)parent |
| 85 returnCode:(NSInteger)returnCode |
| 86 context:(void*)context { |
| 87 NOTREACHED(); // Subclasses must implement this. |
| 88 } |
| 89 |
| 90 - (void)showCertificateSheet:(NSWindow*)window { |
| 91 [panel_ beginSheetForWindow:window |
| 92 modalDelegate:self |
| 93 didEndSelector:@selector(sheetDidEnd:returnCode:context:) |
| 94 contextInfo:nil |
| 95 certificates:certificates_ |
| 96 showGroup:YES]; |
| 97 } |
| 98 |
| 99 - (void)closeCertificateSheet { |
| 100 // Closing the sheet using -[NSApp endSheet:] doesn't work so use the private |
| 101 // method. |
| 102 [panel_ _dismissWithCode:NSFileHandlingPanelCancelButton]; |
| 103 certificates_.reset(); |
| 104 } |
| 105 |
| 106 - (void)releaseSheetWindow { |
| 107 panel_.reset(); |
| 108 } |
| 109 |
| 110 - (NSWindow*)certificatePanel { |
| 111 return panel_; |
| 112 } |
| 113 |
| 114 @end |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1779383002:
MacViews: Remove constrained window dependencies for certificate viewer. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master