MD Settings: Certificate manager, error dialog.

chrome/browser/ui/webui/settings/certificates_handler.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/webui/settings/certificates_handler.h"
 
 #include <errno.h>
 #include <stddef.h>
 #include <stdint.h>
 #include <algorithm>
@@ skipping 12 matching lines @@
 #include "base/strings/utf_string_conversions.h"
 #include "base/values.h"
 #include "build/build_config.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/certificate_viewer.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ui/certificate_dialogs.h"
 #include "chrome/browser/ui/chrome_select_file_policy.h"
 #include "chrome/browser/ui/crypto_module_password_dialog_nss.h"
 #include "chrome/browser/ui/webui/certificate_viewer_webui.h"
-#include "chrome/grit/generated_resources.h"
+#include "chrome/grit/settings_strings.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/web_contents.h"
 #include "grit/components_strings.h"
 #include "net/base/crypto_module.h"
 #include "net/base/net_errors.h"
 #include "net/cert/x509_certificate.h"
 #include "net/der/input.h"
 #include "net/der/parser.h"
 #include "ui/base/l10n/l10n_util.h"
 
@@ skipping 33 matching lines @@
   IMPORT_SERVER_FILE_SELECTED,
   IMPORT_CA_FILE_SELECTED,
 };
 
 std::string OrgNameToId(const std::string& org) {
   return "org-" + org;
 }
 
 struct DictionaryIdComparator {
   explicit DictionaryIdComparator(icu::Collator* collator)
-      : collator_(collator) {
-  }
+      : collator_(collator) {}
 
-  bool operator()(const base::Value* a,
-                  const base::Value* b) const {
+  bool operator()(const base::Value* a, const base::Value* b) const {
     DCHECK(a->GetType() == base::Value::TYPE_DICTIONARY);
     DCHECK(b->GetType() == base::Value::TYPE_DICTIONARY);
     const base::DictionaryValue* a_dict =
         reinterpret_cast<const base::DictionaryValue*>(a);
     const base::DictionaryValue* b_dict =
         reinterpret_cast<const base::DictionaryValue*>(b);
     base::string16 a_str;
     base::string16 b_str;
     a_dict->GetString(kNameField, &a_str);
     b_dict->GetString(kNameField, &b_str);
     if (collator_ == NULL)
       return a_str < b_str;
     return base::i18n::CompareString16WithCollator(*collator_, a_str, b_str) ==
            UCOL_LESS;
   }
 
   icu::Collator* collator_;
 };
 
 std::string NetErrorToString(int net_error) {
   switch (net_error) {
     // TODO(mattm): handle more cases.
     case net::ERR_IMPORT_CA_CERT_NOT_CA:
-      return l10n_util::GetStringUTF8(IDS_CERT_MANAGER_ERROR_NOT_CA);
+      return l10n_util::GetStringUTF8(
+          IDS_SETTINGS_CERTIFICATE_MANAGER_ERROR_NOT_CA);
     case net::ERR_IMPORT_CERT_ALREADY_EXISTS:
       return l10n_util::GetStringUTF8(
-          IDS_CERT_MANAGER_ERROR_CERT_ALREADY_EXISTS);
+          IDS_SETTINGS_CERTIFICATE_MANAGER_ERROR_CERT_ALREADY_EXISTS);
     default:
-      return l10n_util::GetStringUTF8(IDS_CERT_MANAGER_UNKNOWN_ERROR);
+      return l10n_util::GetStringUTF8(
+          IDS_SETTINGS_CERTIFICATE_MANAGER_UNKNOWN_ERROR);
   }
 }
 
 // Struct to bind the Equals member function to an object for use in find_if.
 struct CertEquals {
   explicit CertEquals(const net::X509Certificate* cert) : cert_(cert) {}
   bool operator()(const scoped_refptr<net::X509Certificate> cert) const {
     return cert_->Equals(cert.get());
   }
   const net::X509Certificate* cert_;
 };
 
 // Determine whether a certificate was stored with web trust by a policy.
-bool IsPolicyInstalledWithWebTrust(
-    const net::CertificateList& web_trust_certs,
-    net::X509Certificate* cert) {
+bool IsPolicyInstalledWithWebTrust(const net::CertificateList& web_trust_certs,
+                                   net::X509Certificate* cert) {
   return std::find_if(web_trust_certs.begin(), web_trust_certs.end(),
                       CertEquals(cert)) != web_trust_certs.end();
 }
 
 #if defined(OS_CHROMEOS)
 void ShowCertificateViewerModalDialog(content::WebContents* web_contents,
                                       gfx::NativeWindow parent,
                                       net::X509Certificate* cert) {
   CertificateViewerModalDialog* dialog = new CertificateViewerModalDialog(cert);
   dialog->Show(web_contents, parent);
@@ skipping 51 matching lines @@
   ~CertIdMap() {}
 
   std::string CertToId(net::X509Certificate* cert);
   net::X509Certificate* IdToCert(const std::string& id);
   net::X509Certificate* CallbackArgsToCert(const base::ListValue* args);
 
  private:
   typedef std::map<net::X509Certificate*, int32_t> CertMap;
 
   // Creates an ID for cert and looks up the cert for an ID.
-  IDMap<net::X509Certificate>id_map_;
+  IDMap<net::X509Certificate> id_map_;
 
   // Finds the ID for a cert.
   CertMap cert_map_;
 
   DISALLOW_COPY_AND_ASSIGN(CertIdMap);
 };
 
 std::string CertIdMap::CertToId(net::X509Certificate* cert) {
   CertMap::const_iterator iter = cert_map_.find(cert);
   if (iter != cert_map_.end())
@@ skipping 51 matching lines @@
       const std::string& data,
       const WriteCallback& callback,
       base::CancelableTaskTracker* tracker);
 
  private:
   friend class base::RefCountedThreadSafe<FileAccessProvider>;
   virtual ~FileAccessProvider() {}
 
   // Reads file at |path|. |saved_errno| is 0 on success or errno on failure.
   // When success, |data| has file content.
-  void DoRead(const base::FilePath& path,
-              int* saved_errno,
-              std::string* data);
+  void DoRead(const base::FilePath& path, int* saved_errno, std::string* data);
   // Writes data to file at |path|. |saved_errno| is 0 on success or errno on
   // failure. When success, |bytes_written| has number of bytes written.
   void DoWrite(const base::FilePath& path,
                const std::string& data,
                int* saved_errno,
                int* bytes_written);
 };
 
 base::CancelableTaskTracker::TaskId FileAccessProvider::StartRead(
     const base::FilePath& path,
@@ skipping 16 matching lines @@
     const std::string& data,
     const WriteCallback& callback,
     base::CancelableTaskTracker* tracker) {
   // Owned by reply callback posted below.
   int* saved_errno = new int(0);
   int* bytes_written = new int(0);
 
   // Post task to file thread to write file.
   return tracker->PostTaskAndReply(
       BrowserThread::GetMessageLoopProxyForThread(BrowserThread::FILE).get(),
-      FROM_HERE,
-      base::Bind(&FileAccessProvider::DoWrite,
-                 this,
-                 path,
-                 data,
-                 saved_errno,
-                 bytes_written),
-      base::Bind(
-          callback, base::Owned(saved_errno), base::Owned(bytes_written)));
+      FROM_HERE, base::Bind(&FileAccessProvider::DoWrite, this, path, data,
+                            saved_errno, bytes_written),
+      base::Bind(callback, base::Owned(saved_errno),
+                 base::Owned(bytes_written)));
 }
 
 void FileAccessProvider::DoRead(const base::FilePath& path,
                                 int* saved_errno,
                                 std::string* data) {
   bool success = base::ReadFileToString(path, data);
   *saved_errno = success ? 0 : errno;
 }
 
 void FileAccessProvider::DoWrite(const base::FilePath& path,
                                  const std::string& data,
                                  int* saved_errno,
                                  int* bytes_written) {
   *bytes_written = base::WriteFile(path, data.data(), data.size());
   *saved_errno = *bytes_written >= 0 ? 0 : errno;
 }
 
 ///////////////////////////////////////////////////////////////////////////////
 //  CertificatesHandler
 
-CertificatesHandler::CertificatesHandler(
-    bool show_certs_in_modal_dialog)
+CertificatesHandler::CertificatesHandler(bool show_certs_in_modal_dialog)
     : show_certs_in_modal_dialog_(show_certs_in_modal_dialog),
       requested_certificate_manager_model_(false),
       use_hardware_backed_(false),
       file_access_provider_(new FileAccessProvider()),
       cert_id_map_(new CertIdMap),
       weak_ptr_factory_(this) {}
 
-CertificatesHandler::~CertificatesHandler() {
-}
+CertificatesHandler::~CertificatesHandler() {}
 
 void CertificatesHandler::RegisterMessages() {
   web_ui()->RegisterMessageCallback(
-      "viewCertificate",
-      base::Bind(&CertificatesHandler::HandleViewCertificate,
-                 base::Unretained(this)));
+      "viewCertificate", base::Bind(&CertificatesHandler::HandleViewCertificate,
+                                    base::Unretained(this)));
 
   web_ui()->RegisterMessageCallback(
       "getCaCertificateTrust",
       base::Bind(&CertificatesHandler::HandleGetCATrust,
                  base::Unretained(this)));
   web_ui()->RegisterMessageCallback(
       "editCaCertificateTrust",
       base::Bind(&CertificatesHandler::HandleEditCATrust,
                  base::Unretained(this)));
 
@@ skipping 15 matching lines @@
       "importPersonalCertificate",
       base::Bind(&CertificatesHandler::HandleImportPersonal,
                  base::Unretained(this)));
   web_ui()->RegisterMessageCallback(
       "importPersonalCertificatePasswordSelected",
       base::Bind(&CertificatesHandler::HandleImportPersonalPasswordSelected,
                  base::Unretained(this)));
 
   web_ui()->RegisterMessageCallback(
       "importCaCertificate",
-      base::Bind(&CertificatesHandler::HandleImportCA,
-                 base::Unretained(this)));
+      base::Bind(&CertificatesHandler::HandleImportCA, base::Unretained(this)));
   web_ui()->RegisterMessageCallback(
       "importCaCertificateTrustSelected",
       base::Bind(&CertificatesHandler::HandleImportCATrustSelected,
                  base::Unretained(this)));
 
   web_ui()->RegisterMessageCallback(
       "importServerCertificate",
       base::Bind(&CertificatesHandler::HandleImportServer,
                  base::Unretained(this)));
 
@@ skipping 22 matching lines @@
   if (service)
     service->GetWebTrustedCertificates(&web_trusted_certs);
 #endif
   PopulateTree("personalCerts", net::USER_CERT, web_trusted_certs);
   PopulateTree("serverCerts", net::SERVER_CERT, web_trusted_certs);
   PopulateTree("caCerts", net::CA_CERT, web_trusted_certs);
   PopulateTree("otherCerts", net::OTHER_CERT, web_trusted_certs);
 }
 
 void CertificatesHandler::FileSelected(const base::FilePath& path,
-                                             int index,
-                                             void* params) {
+                                       int index,
+                                       void* params) {
   switch (reinterpret_cast<intptr_t>(params)) {
     case EXPORT_PERSONAL_FILE_SELECTED:
       ExportPersonalFileSelected(path);
       break;
     case IMPORT_PERSONAL_FILE_SELECTED:
       ImportPersonalFileSelected(path);
       break;
     case IMPORT_SERVER_FILE_SELECTED:
       ImportServerFileSelected(path);
       break;
@@ skipping 19 matching lines @@
   }
 }
 
 void CertificatesHandler::HandleViewCertificate(const base::ListValue* args) {
   net::X509Certificate* cert = cert_id_map_->CallbackArgsToCert(args);
   if (!cert)
     return;
 #if defined(OS_CHROMEOS)
   if (show_certs_in_modal_dialog_) {
     ShowCertificateViewerModalDialog(web_ui()->GetWebContents(),
-                                     GetParentWindow(),
-                                     cert);
+                                     GetParentWindow(), cert);
     return;
   }
 #endif
   ShowCertificateViewer(web_ui()->GetWebContents(), GetParentWindow(), cert);
 }
 
 void CertificatesHandler::AssignWebUICallbackId(const base::ListValue* args) {
   CHECK_LE(1U, args->GetSize());
   CHECK(webui_callback_id_.empty());
   CHECK(args->GetString(0, &webui_callback_id_));
@@ skipping 33 matching lines @@
   CHECK(cert);
 
   bool trust_ssl = false;
   bool trust_email = false;
   bool trust_obj_sign = false;
   CHECK(args->GetBoolean(2, &trust_ssl));
   CHECK(args->GetBoolean(3, &trust_email));
   CHECK(args->GetBoolean(4, &trust_obj_sign));
 
   bool result = certificate_manager_model_->SetCertTrust(
-      cert,
-      net::CA_CERT,
+      cert, net::CA_CERT,
       trust_ssl * net::NSSCertDatabase::TRUSTED_SSL +
           trust_email * net::NSSCertDatabase::TRUSTED_EMAIL +
           trust_obj_sign * net::NSSCertDatabase::TRUSTED_OBJ_SIGN);
   if (!result) {
     // TODO(mattm): better error messages?
     RejectCallbackWithError(
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_SET_TRUST_ERROR_TITLE),
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_UNKNOWN_ERROR));
+        l10n_util::GetStringUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_SET_TRUST_ERROR_TITLE),
+        l10n_util::GetStringUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_UNKNOWN_ERROR));
   } else {
     ResolveCallback(*base::Value::CreateNullValue());
   }
 }
 
 void CertificatesHandler::HandleExportPersonal(const base::ListValue* args) {
   CHECK_EQ(2U, args->GetSize());
   AssignWebUICallbackId(args);
   std::string node_id;
   CHECK(args->GetString(1, &node_id));
 
   net::X509Certificate* cert = cert_id_map_->IdToCert(node_id);
   CHECK(cert);
   selected_cert_list_.push_back(cert);
 
   ui::SelectFileDialog::FileTypeInfo file_type_info;
   file_type_info.extensions.resize(1);
   file_type_info.extensions[0].push_back(FILE_PATH_LITERAL("p12"));
   file_type_info.extension_description_overrides.push_back(
-      l10n_util::GetStringUTF16(IDS_CERT_MANAGER_PKCS12_FILES));
+      l10n_util::GetStringUTF16(IDS_SETTINGS_CERTIFICATE_MANAGER_PKCS12_FILES));
   file_type_info.include_all_files = true;
   select_file_dialog_ = ui::SelectFileDialog::Create(
       this, new ChromeSelectFilePolicy(web_ui()->GetWebContents()));
   select_file_dialog_->SelectFile(
       ui::SelectFileDialog::SELECT_SAVEAS_FILE, base::string16(),
       base::FilePath(), &file_type_info, 1, FILE_PATH_LITERAL("p12"),
       GetParentWindow(),
       reinterpret_cast<void*>(EXPORT_PERSONAL_FILE_SELECTED));
 }
 
 void CertificatesHandler::ExportPersonalFileSelected(
     const base::FilePath& path) {
   file_path_ = path;
   ResolveCallback(*base::Value::CreateNullValue());
 }
 
 void CertificatesHandler::HandleExportPersonalPasswordSelected(
     const base::ListValue* args) {
   CHECK_EQ(2U, args->GetSize());
   AssignWebUICallbackId(args);
   CHECK(args->GetString(1, &password_));
 
   // Currently, we don't support exporting more than one at a time.  If we do,
   // this would need to either change this to use UnlockSlotsIfNecessary or
   // change UnlockCertSlotIfNecessary to take a CertificateList.
   DCHECK_EQ(selected_cert_list_.size(), 1U);
 
   // TODO(mattm): do something smarter about non-extractable keys
   chrome::UnlockCertSlotIfNecessary(
-      selected_cert_list_[0].get(),
-      chrome::kCryptoModulePasswordCertExport,
+      selected_cert_list_[0].get(), chrome::kCryptoModulePasswordCertExport,
       net::HostPortPair(),  // unused.
       GetParentWindow(),
       base::Bind(&CertificatesHandler::ExportPersonalSlotsUnlocked,
                  base::Unretained(this)));
 }
 
 void CertificatesHandler::ExportPersonalSlotsUnlocked() {
   std::string output;
   int num_exported = certificate_manager_model_->cert_db()->ExportToPKCS12(
-      selected_cert_list_,
-      password_,
-      &output);
+      selected_cert_list_, password_, &output);
   if (!num_exported) {
     RejectCallbackWithError(
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_PKCS12_EXPORT_ERROR_TITLE),
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_UNKNOWN_ERROR));
+        l10n_util::GetStringUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_PKCS12_EXPORT_ERROR_TITLE),
+        l10n_util::GetStringUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_UNKNOWN_ERROR));
     ImportExportCleanup();
     return;
   }
   file_access_provider_->StartWrite(
-      file_path_,
-      output,
+      file_path_, output,
       base::Bind(&CertificatesHandler::ExportPersonalFileWritten,
                  base::Unretained(this)),
       &tracker_);
 }
 
-void CertificatesHandler::ExportPersonalFileWritten(
-    const int* write_errno, const int* bytes_written) {
+void CertificatesHandler::ExportPersonalFileWritten(const int* write_errno,
+                                                    const int* bytes_written) {
   ImportExportCleanup();
   if (*write_errno) {
     RejectCallbackWithError(
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_PKCS12_EXPORT_ERROR_TITLE),
-        l10n_util::GetStringFUTF8(IDS_CERT_MANAGER_WRITE_ERROR_FORMAT,
-                                  UTF8ToUTF16(
-                                      base::safe_strerror(*write_errno))));
+        l10n_util::GetStringUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_PKCS12_EXPORT_ERROR_TITLE),
+        l10n_util::GetStringFUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_WRITE_ERROR_FORMAT,
+            UTF8ToUTF16(base::safe_strerror(*write_errno))));
   } else {
     ResolveCallback(*base::Value::CreateNullValue());
   }
 }
 
 void CertificatesHandler::HandleImportPersonal(const base::ListValue* args) {
   CHECK_EQ(2U, args->GetSize());
   AssignWebUICallbackId(args);
   CHECK(args->GetBoolean(1, &use_hardware_backed_));
 
   ui::SelectFileDialog::FileTypeInfo file_type_info;
   file_type_info.extensions.resize(1);
   file_type_info.extensions[0].push_back(FILE_PATH_LITERAL("p12"));
   file_type_info.extensions[0].push_back(FILE_PATH_LITERAL("pfx"));
   file_type_info.extensions[0].push_back(FILE_PATH_LITERAL("crt"));
   file_type_info.extension_description_overrides.push_back(
-      l10n_util::GetStringUTF16(IDS_CERT_USAGE_SSL_CLIENT));
+      l10n_util::GetStringUTF16(
+          IDS_SETTINGS_CERTIFICATE_MANAGER_USAGE_SSL_CLIENT));
   file_type_info.include_all_files = true;
   select_file_dialog_ = ui::SelectFileDialog::Create(
       this, new ChromeSelectFilePolicy(web_ui()->GetWebContents()));
   select_file_dialog_->SelectFile(
       ui::SelectFileDialog::SELECT_OPEN_FILE, base::string16(),
       base::FilePath(), &file_type_info, 1, FILE_PATH_LITERAL("p12"),
       GetParentWindow(),
       reinterpret_cast<void*>(IMPORT_PERSONAL_FILE_SELECTED));
 }
 
 void CertificatesHandler::ImportPersonalFileSelected(
     const base::FilePath& path) {
   file_access_provider_->StartRead(
       path, base::Bind(&CertificatesHandler::ImportPersonalFileRead,
                        base::Unretained(this)),
       &tracker_);
 }
 
-void CertificatesHandler::ImportPersonalFileRead(
-    const int* read_errno, const std::string* data) {
+void CertificatesHandler::ImportPersonalFileRead(const int* read_errno,
+                                                 const std::string* data) {
   if (*read_errno) {
     ImportExportCleanup();
     RejectCallbackWithError(
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_IMPORT_ERROR_TITLE),
-        l10n_util::GetStringFUTF8(IDS_CERT_MANAGER_READ_ERROR_FORMAT,
-                                  UTF8ToUTF16(
-                                      base::safe_strerror(*read_errno))));
+        l10n_util::GetStringUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_IMPORT_ERROR_TITLE),
+        l10n_util::GetStringFUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_READ_ERROR_FORMAT,
+            UTF8ToUTF16(base::safe_strerror(*read_errno))));
     return;
   }
 
   file_data_ = *data;
 
   if (CouldBePFX(file_data_)) {
     ResolveCallback(base::FundamentalValue(true));
     return;
   }
 
   // Non .p12/.pfx files are assumed to be single/chain certificates without
   // private key data. The default extension according to spec is '.crt',
   // however other extensions are also used in some places to represent these
   // certificates.
   int result = certificate_manager_model_->ImportUserCert(file_data_);
   ImportExportCleanup();
   int string_id;
   switch (result) {
     case net::OK:
       ResolveCallback(base::FundamentalValue(false));
       return;
     case net::ERR_NO_PRIVATE_KEY_FOR_CERT:
-      string_id = IDS_CERT_MANAGER_IMPORT_MISSING_KEY;
+      string_id = IDS_SETTINGS_CERTIFICATE_MANAGER_IMPORT_MISSING_KEY;
       break;
     case net::ERR_CERT_INVALID:
-      string_id = IDS_CERT_MANAGER_IMPORT_INVALID_FILE;
+      string_id = IDS_SETTINGS_CERTIFICATE_MANAGER_IMPORT_INVALID_FILE;
       break;
     default:
-      string_id = IDS_CERT_MANAGER_UNKNOWN_ERROR;
+      string_id = IDS_SETTINGS_CERTIFICATE_MANAGER_UNKNOWN_ERROR;
       break;
   }
   RejectCallbackWithError(
-      l10n_util::GetStringUTF8(IDS_CERT_MANAGER_IMPORT_ERROR_TITLE),
+      l10n_util::GetStringUTF8(
+          IDS_SETTINGS_CERTIFICATE_MANAGER_IMPORT_ERROR_TITLE),
       l10n_util::GetStringUTF8(string_id));
 }
 
 void CertificatesHandler::HandleImportPersonalPasswordSelected(
     const base::ListValue* args) {
   CHECK_EQ(2U, args->GetSize());
   AssignWebUICallbackId(args);
   CHECK(args->GetString(1, &password_));
 
   if (use_hardware_backed_) {
     module_ = certificate_manager_model_->cert_db()->GetPrivateModule();
   } else {
     module_ = certificate_manager_model_->cert_db()->GetPublicModule();
   }
 
   net::CryptoModuleList modules;
   modules.push_back(module_);
   chrome::UnlockSlotsIfNecessary(
-      modules,
-      chrome::kCryptoModulePasswordCertImport,
+      modules, chrome::kCryptoModulePasswordCertImport,
       net::HostPortPair(),  // unused.
       GetParentWindow(),
       base::Bind(&CertificatesHandler::ImportPersonalSlotUnlocked,
                  base::Unretained(this)));
 }
 
 void CertificatesHandler::ImportPersonalSlotUnlocked() {
   // Determine if the private key should be unextractable after the import.
   // We do this by checking the value of |use_hardware_backed_| which is set
   // to true if importing into a hardware module. Currently, this only happens
   // for Chrome OS when the "Import and Bind" option is chosen.
   bool is_extractable = !use_hardware_backed_;
   int result = certificate_manager_model_->ImportFromPKCS12(
       module_.get(), file_data_, password_, is_extractable);
   ImportExportCleanup();
   int string_id;
   switch (result) {
     case net::OK:
       ResolveCallback(*base::Value::CreateNullValue());
       return;
     case net::ERR_PKCS12_IMPORT_BAD_PASSWORD:
       // TODO(mattm): if the error was a bad password, we should reshow the
       // password dialog after the user dismisses the error dialog.
-      string_id = IDS_CERT_MANAGER_BAD_PASSWORD;
+      string_id = IDS_SETTINGS_CERTIFICATE_MANAGER_BAD_PASSWORD;
       break;
     case net::ERR_PKCS12_IMPORT_INVALID_MAC:
-      string_id = IDS_CERT_MANAGER_IMPORT_INVALID_MAC;
+      string_id = IDS_SETTINGS_CERTIFICATE_MANAGER_IMPORT_INVALID_MAC;
       break;
     case net::ERR_PKCS12_IMPORT_INVALID_FILE:
-      string_id = IDS_CERT_MANAGER_IMPORT_INVALID_FILE;
+      string_id = IDS_SETTINGS_CERTIFICATE_MANAGER_IMPORT_INVALID_FILE;
       break;
     case net::ERR_PKCS12_IMPORT_UNSUPPORTED:
-      string_id = IDS_CERT_MANAGER_IMPORT_UNSUPPORTED;
+      string_id = IDS_SETTINGS_CERTIFICATE_MANAGER_IMPORT_UNSUPPORTED;
       break;
     default:
-      string_id = IDS_CERT_MANAGER_UNKNOWN_ERROR;
+      string_id = IDS_SETTINGS_CERTIFICATE_MANAGER_UNKNOWN_ERROR;
       break;
   }
   RejectCallbackWithError(
-      l10n_util::GetStringUTF8(IDS_CERT_MANAGER_IMPORT_ERROR_TITLE),
+      l10n_util::GetStringUTF8(
+          IDS_SETTINGS_CERTIFICATE_MANAGER_IMPORT_ERROR_TITLE),
       l10n_util::GetStringUTF8(string_id));
 }
 
 void CertificatesHandler::HandleCancelImportExportProcess(
     const base::ListValue* args) {
   ImportExportCleanup();
 }
 
 void CertificatesHandler::ImportExportCleanup() {
   file_path_.clear();
@@ skipping 11 matching lines @@
   select_file_dialog_ = NULL;
 }
 
 void CertificatesHandler::HandleImportServer(const base::ListValue* args) {
   CHECK_EQ(1U, args->GetSize());
   AssignWebUICallbackId(args);
 
   select_file_dialog_ = ui::SelectFileDialog::Create(
       this, new ChromeSelectFilePolicy(web_ui()->GetWebContents()));
   ShowCertSelectFileDialog(
-      select_file_dialog_.get(),
-      ui::SelectFileDialog::SELECT_OPEN_FILE,
-      base::FilePath(),
-      GetParentWindow(),
+      select_file_dialog_.get(), ui::SelectFileDialog::SELECT_OPEN_FILE,
+      base::FilePath(), GetParentWindow(),
       reinterpret_cast<void*>(IMPORT_SERVER_FILE_SELECTED));
 }
 
-void CertificatesHandler::ImportServerFileSelected(
-    const base::FilePath& path) {
+void CertificatesHandler::ImportServerFileSelected(const base::FilePath& path) {
   file_access_provider_->StartRead(
       path, base::Bind(&CertificatesHandler::ImportServerFileRead,
                        base::Unretained(this)),
       &tracker_);
 }
 
 void CertificatesHandler::ImportServerFileRead(const int* read_errno,
                                                const std::string* data) {
   if (*read_errno) {
     ImportExportCleanup();
     RejectCallbackWithError(
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_SERVER_IMPORT_ERROR_TITLE),
-        l10n_util::GetStringFUTF8(IDS_CERT_MANAGER_READ_ERROR_FORMAT,
-                                  UTF8ToUTF16(
-                                      base::safe_strerror(*read_errno))));
+        l10n_util::GetStringUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_SERVER_IMPORT_ERROR_TITLE),
+        l10n_util::GetStringFUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_READ_ERROR_FORMAT,
+            UTF8ToUTF16(base::safe_strerror(*read_errno))));
     return;
   }
 
   selected_cert_list_ = net::X509Certificate::CreateCertificateListFromBytes(
-          data->data(), data->size(), net::X509Certificate::FORMAT_AUTO);
+      data->data(), data->size(), net::X509Certificate::FORMAT_AUTO);
   if (selected_cert_list_.empty()) {
     ImportExportCleanup();
     RejectCallbackWithError(
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_SERVER_IMPORT_ERROR_TITLE),
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_CERT_PARSE_ERROR));
+        l10n_util::GetStringUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_SERVER_IMPORT_ERROR_TITLE),
+        l10n_util::GetStringUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_CERT_PARSE_ERROR));
     return;
   }
 
   net::NSSCertDatabase::ImportCertFailureList not_imported;
   // TODO(mattm): Add UI for trust. http://crbug.com/76274
   bool result = certificate_manager_model_->ImportServerCert(
-      selected_cert_list_,
-      net::NSSCertDatabase::TRUST_DEFAULT,
-      &not_imported);
+      selected_cert_list_, net::NSSCertDatabase::TRUST_DEFAULT, &not_imported);
   if (!result) {
     RejectCallbackWithError(
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_SERVER_IMPORT_ERROR_TITLE),
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_UNKNOWN_ERROR));
+        l10n_util::GetStringUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_SERVER_IMPORT_ERROR_TITLE),
+        l10n_util::GetStringUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_UNKNOWN_ERROR));
   } else if (!not_imported.empty()) {
     RejectCallbackWithImportError(
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_SERVER_IMPORT_ERROR_TITLE),
+        l10n_util::GetStringUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_SERVER_IMPORT_ERROR_TITLE),
         not_imported);
   } else {
     ResolveCallback(*base::Value::CreateNullValue());
   }
   ImportExportCleanup();
 }
 
 void CertificatesHandler::HandleImportCA(const base::ListValue* args) {
   CHECK_EQ(1U, args->GetSize());
   AssignWebUICallbackId(args);
 
   select_file_dialog_ = ui::SelectFileDialog::Create(
       this, new ChromeSelectFilePolicy(web_ui()->GetWebContents()));
   ShowCertSelectFileDialog(select_file_dialog_.get(),
                            ui::SelectFileDialog::SELECT_OPEN_FILE,
-                           base::FilePath(),
-                           GetParentWindow(),
+                           base::FilePath(), GetParentWindow(),
                            reinterpret_cast<void*>(IMPORT_CA_FILE_SELECTED));
 }
 
-void CertificatesHandler::ImportCAFileSelected(
-    const base::FilePath& path) {
+void CertificatesHandler::ImportCAFileSelected(const base::FilePath& path) {
   file_access_provider_->StartRead(
       path, base::Bind(&CertificatesHandler::ImportCAFileRead,
                        base::Unretained(this)),
       &tracker_);
 }
 
 void CertificatesHandler::ImportCAFileRead(const int* read_errno,
                                            const std::string* data) {
   if (*read_errno) {
     ImportExportCleanup();
     RejectCallbackWithError(
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_CA_IMPORT_ERROR_TITLE),
-        l10n_util::GetStringFUTF8(IDS_CERT_MANAGER_READ_ERROR_FORMAT,
-                                  UTF8ToUTF16(
-                                      base::safe_strerror(*read_errno))));
+        l10n_util::GetStringUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_CA_IMPORT_ERROR_TITLE),
+        l10n_util::GetStringFUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_READ_ERROR_FORMAT,
+            UTF8ToUTF16(base::safe_strerror(*read_errno))));
     return;
   }
 
   selected_cert_list_ = net::X509Certificate::CreateCertificateListFromBytes(
-          data->data(), data->size(), net::X509Certificate::FORMAT_AUTO);
+      data->data(), data->size(), net::X509Certificate::FORMAT_AUTO);
   if (selected_cert_list_.empty()) {
     ImportExportCleanup();
     RejectCallbackWithError(
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_CA_IMPORT_ERROR_TITLE),
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_CERT_PARSE_ERROR));
+        l10n_util::GetStringUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_CA_IMPORT_ERROR_TITLE),
+        l10n_util::GetStringUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_CERT_PARSE_ERROR));
     return;
   }
 
   scoped_refptr<net::X509Certificate> root_cert =
       certificate_manager_model_->cert_db()->FindRootInList(
           selected_cert_list_);
 
   // TODO(mattm): check here if root_cert is not a CA cert and show error.
 
   base::StringValue cert_name(root_cert->subject().GetDisplayName());
@@ skipping 16 matching lines @@
   // http://crbug.com/128411
   net::NSSCertDatabase::ImportCertFailureList not_imported;
   bool result = certificate_manager_model_->ImportCACerts(
       selected_cert_list_,
       trust_ssl * net::NSSCertDatabase::TRUSTED_SSL +
           trust_email * net::NSSCertDatabase::TRUSTED_EMAIL +
           trust_obj_sign * net::NSSCertDatabase::TRUSTED_OBJ_SIGN,
       &not_imported);
   if (!result) {
     RejectCallbackWithError(
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_CA_IMPORT_ERROR_TITLE),
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_UNKNOWN_ERROR));
+        l10n_util::GetStringUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_CA_IMPORT_ERROR_TITLE),
+        l10n_util::GetStringUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_UNKNOWN_ERROR));
   } else if (!not_imported.empty()) {
     RejectCallbackWithImportError(
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_CA_IMPORT_ERROR_TITLE),
+        l10n_util::GetStringUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_CA_IMPORT_ERROR_TITLE),
         not_imported);
   } else {
     ResolveCallback(*base::Value::CreateNullValue());
   }
   ImportExportCleanup();
 }
 
 void CertificatesHandler::HandleExportCertificate(const base::ListValue* args) {
   net::X509Certificate* cert = cert_id_map_->CallbackArgsToCert(args);
   if (!cert)
     return;
   ShowCertExportDialog(web_ui()->GetWebContents(), GetParentWindow(), cert);
 }
 
 void CertificatesHandler::HandleDeleteCertificate(const base::ListValue* args) {
   CHECK_EQ(2U, args->GetSize());
   AssignWebUICallbackId(args);
   std::string node_id;
   CHECK(args->GetString(1, &node_id));
 
   net::X509Certificate* cert = cert_id_map_->IdToCert(node_id);
   CHECK(cert);
 
   bool result = certificate_manager_model_->Delete(cert);
   if (!result) {
     // TODO(mattm): better error messages?
     RejectCallbackWithError(
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_DELETE_CERT_ERROR_TITLE),
-        l10n_util::GetStringUTF8(IDS_CERT_MANAGER_UNKNOWN_ERROR));
+        l10n_util::GetStringUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_DELETE_CERT_ERROR_TITLE),
+        l10n_util::GetStringUTF8(
+            IDS_SETTINGS_CERTIFICATE_MANAGER_UNKNOWN_ERROR));
   } else {
     ResolveCallback(*base::Value::CreateNullValue());
   }
 }
 
 void CertificatesHandler::OnCertificateManagerModelCreated(
     scoped_ptr<CertificateManagerModel> model) {
   certificate_manager_model_ = std::move(model);
   CertificateManagerModelReady();
 }
 
 void CertificatesHandler::CertificateManagerModelReady() {
   base::FundamentalValue user_db_available_value(
       certificate_manager_model_->is_user_db_available());
   base::FundamentalValue tpm_available_value(
       certificate_manager_model_->is_tpm_available());
   web_ui()->CallJavascriptFunction(
-      "cr.webUIListenerCallback",
-      base::StringValue("certificates-model-ready"),
-      user_db_available_value,
-      tpm_available_value);
+      "cr.webUIListenerCallback", base::StringValue("certificates-model-ready"),
+      user_db_available_value, tpm_available_value);
   certificate_manager_model_->Refresh();
 }
 
 void CertificatesHandler::HandleRefreshCertificates(
     const base::ListValue* args) {
   if (certificate_manager_model_) {
     // Already have a model, the webui must be re-loading.  Just re-run the
     // webui initialization.
     CertificateManagerModelReady();
     return;
   }
 
   if (!requested_certificate_manager_model_) {
     // Request that a model be created.
     CertificateManagerModel::Create(
-        Profile::FromWebUI(web_ui()),
-        this,
+        Profile::FromWebUI(web_ui()), this,
         base::Bind(&CertificatesHandler::OnCertificateManagerModelCreated,
                    weak_ptr_factory_.GetWeakPtr()));
     requested_certificate_manager_model_ = true;
     return;
   }
 
   // We are already waiting for a CertificateManagerModel to be created, no need
   // to do anything.
 }
 
 void CertificatesHandler::PopulateTree(
     const std::string& tab_name,
     net::CertType type,
     const net::CertificateList& web_trust_certs) {
   scoped_ptr<icu::Collator> collator;
   UErrorCode error = U_ZERO_ERROR;
-  collator.reset(
-      icu::Collator::createInstance(
-          icu::Locale(g_browser_process->GetApplicationLocale().c_str()),
-          error));
+  collator.reset(icu::Collator::createInstance(
+      icu::Locale(g_browser_process->GetApplicationLocale().c_str()), error));
   if (U_FAILURE(error))
     collator.reset(NULL);
   DictionaryIdComparator comparator(collator.get());
   CertificateManagerModel::OrgGroupingMap map;
 
   certificate_manager_model_->FilterAndBuildOrgGroupingMap(type, &map);
 
   {
     scoped_ptr<base::ListValue> nodes = make_scoped_ptr(new base::ListValue());
     for (CertificateManagerModel::OrgGroupingMap::iterator i = map.begin();
          i != map.end(); ++i) {
       // Populate first level (org name).
       base::DictionaryValue* dict = new base::DictionaryValue;
       dict->SetString(kKeyField, OrgNameToId(i->first));
       dict->SetString(kNameField, i->first);
 
       // Populate second level (certs).
       base::ListValue* subnodes = new base::ListValue;
       for (net::CertificateList::const_iterator org_cert_it = i->second.begin();
            org_cert_it != i->second.end(); ++org_cert_it) {
         base::DictionaryValue* cert_dict = new base::DictionaryValue;
         net::X509Certificate* cert = org_cert_it->get();
         cert_dict->SetString(kKeyField, cert_id_map_->CertToId(cert));
         cert_dict->SetString(
             kNameField, certificate_manager_model_->GetColumnText(
-                *cert, CertificateManagerModel::COL_SUBJECT_NAME));
+                            *cert, CertificateManagerModel::COL_SUBJECT_NAME));
         cert_dict->SetBoolean(
             kReadonlyField,
             certificate_manager_model_->cert_db()->IsReadOnly(cert));
         // Policy-installed certificates with web trust are trusted.
         bool policy_trusted =
             IsPolicyInstalledWithWebTrust(web_trust_certs, cert);
         cert_dict->SetBoolean(
             kUntrustedField,
             !policy_trusted &&
                 certificate_manager_model_->cert_db()->IsUntrusted(cert));
         cert_dict->SetBoolean(kPolicyField, policy_trusted);
         // TODO(hshi): This should be determined by testing for PKCS #11
         // CKA_EXTRACTABLE attribute. We may need to use the NSS function
         // PK11_ReadRawAttribute to do that.
         cert_dict->SetBoolean(
             kExtractableField,
             !certificate_manager_model_->IsHardwareBacked(cert));
         // TODO(mattm): Other columns.
         subnodes->Append(cert_dict);
       }
       std::sort(subnodes->begin(), subnodes->end(), comparator);
 
       dict->Set(kSubnodesField, subnodes);
       nodes->Append(dict);
     }
     std::sort(nodes->begin(), nodes->end(), comparator);
 
     web_ui()->CallJavascriptFunction("cr.webUIListenerCallback",
                                      base::StringValue("certificates-changed"),
-                                     base::StringValue(tab_name),
-                                     *nodes);
+                                     base::StringValue(tab_name), *nodes);
   }
 }
 
 void CertificatesHandler::ResolveCallback(const base::Value& response) {
   DCHECK(!webui_callback_id_.empty());
   ResolveJavascriptCallback(base::StringValue(webui_callback_id_), response);
   webui_callback_id_.clear();
 }
 
 void CertificatesHandler::RejectCallback(const base::Value& response) {
   DCHECK(!webui_callback_id_.empty());
   RejectJavascriptCallback(base::StringValue(webui_callback_id_), response);
   webui_callback_id_.clear();
 }
 
-void CertificatesHandler::RejectCallbackWithError(
-    const std::string& title,
-    const std::string& error) {
+void CertificatesHandler::RejectCallbackWithError(const std::string& title,
+                                                  const std::string& error) {
   scoped_ptr<base::DictionaryValue> error_info(new base::DictionaryValue);
   error_info->SetString(kErrorTitle, title);
   error_info->SetString(kErrorDescription, error);
   RejectCallback(*error_info);
 }
 
 void CertificatesHandler::RejectCallbackWithImportError(
     const std::string& title,
     const net::NSSCertDatabase::ImportCertFailureList& not_imported) {
   std::string error;
   if (selected_cert_list_.size() == 1)
     error = l10n_util::GetStringUTF8(
-        IDS_CERT_MANAGER_IMPORT_SINGLE_NOT_IMPORTED);
+        IDS_SETTINGS_CERTIFICATE_MANAGER_IMPORT_SINGLE_NOT_IMPORTED);
   else if (not_imported.size() == selected_cert_list_.size())
-    error = l10n_util::GetStringUTF8(IDS_CERT_MANAGER_IMPORT_ALL_NOT_IMPORTED);
+    error = l10n_util::GetStringUTF8(
+        IDS_SETTINGS_CERTIFICATE_MANAGER_IMPORT_ALL_NOT_IMPORTED);
   else
-    error = l10n_util::GetStringUTF8(IDS_CERT_MANAGER_IMPORT_SOME_NOT_IMPORTED);
+    error = l10n_util::GetStringUTF8(
+        IDS_SETTINGS_CERTIFICATE_MANAGER_IMPORT_SOME_NOT_IMPORTED);
 
   scoped_ptr<base::ListValue> cert_error_list =
       make_scoped_ptr(new base::ListValue());
   for (size_t i = 0; i < not_imported.size(); ++i) {
     const net::NSSCertDatabase::ImportCertFailure& failure = not_imported[i];
     base::DictionaryValue* dict = new base::DictionaryValue;
-    dict->SetString(
-        kNameField, failure.certificate->subject().GetDisplayName());
+    dict->SetString(kNameField,
+                    failure.certificate->subject().GetDisplayName());
     dict->SetString(kErrorField, NetErrorToString(failure.net_error));
     cert_error_list->Append(dict);
   }
 
   scoped_ptr<base::DictionaryValue> error_info(new base::DictionaryValue);
   error_info->SetString(kErrorTitle, title);
   error_info->SetString(kErrorDescription, error);
-  error_info->Set(
-      kCertificateErrors, make_scoped_ptr(cert_error_list.release()));
+  error_info->Set(kCertificateErrors,
+                  make_scoped_ptr(cert_error_list.release()));
   RejectCallback(*error_info);
 }
 
 gfx::NativeWindow CertificatesHandler::GetParentWindow() const {
   return web_ui()->GetWebContents()->GetTopLevelNativeWindow();
 }
 
 }  // namespace settings