Implementation for chrome.certificateProvider.requestPin/stopPinRequest

chrome/browser/extensions/api/certificate_provider/certificate_provider_api.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/api/certificate_provider/certificate_provider_api.h"
 
 #include <stddef.h>
 #include <stdint.h>
 
 #include <memory>
 #include <vector>
 
 #include "base/logging.h"
+#include "base/strings/utf_string_conversions.h"
 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_service.h"
 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_service_factory.h"
 #include "chrome/common/extensions/api/certificate_provider.h"
 #include "chrome/common/extensions/api/certificate_provider_internal.h"
+#include "chrome/grit/generated_resources.h"
 #include "content/public/common/console_message_level.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/ssl_private_key.h"
+#include "ui/base/l10n/l10n_util.h"
 
 namespace extensions {
 
 namespace api_cp = api::certificate_provider;
 namespace api_cpi = api::certificate_provider_internal;
 
 namespace {
 
 const char kErrorInvalidX509Cert[] =
     "Certificate is not a valid X.509 certificate.";
 const char kErrorECDSANotSupported[] = "Key type ECDSA not supported.";
 const char kErrorUnknownKeyType[] = "Key type unknown.";
 const char kErrorAborted[] = "Request was aborted.";
 const char kErrorTimeout[] = "Request timed out, reply rejected.";
 
 }  // namespace
 
+const int MAX_CLOSED_DIALOGS_PER_10_MINUTES = 2;
+
 CertificateProviderInternalReportCertificatesFunction::
     ~CertificateProviderInternalReportCertificatesFunction() {}
 
 ExtensionFunction::ResponseAction
 CertificateProviderInternalReportCertificatesFunction::Run() {
   std::unique_ptr<api_cpi::ReportCertificates::Params> params(
       api_cpi::ReportCertificates::Params::Create(*args_));
   EXTENSION_FUNCTION_VALIDATE(params);
 
   chromeos::CertificateProviderService* const service =
@@ skipping 93 matching lines @@
         out_info->supported_hashes.push_back(net::SSLPrivateKey::Hash::SHA512);
         break;
       case api_cp::HASH_NONE:
         NOTREACHED();
         return false;
     }
   }
   return true;
 }
 
+base::string16 GetErrorMessageForType(api_cp::PinRequestErrorType error_type) {
+  switch (error_type) {
+    case api_cp::PinRequestErrorType::PIN_REQUEST_ERROR_TYPE_INVALID_PIN:
+        return l10n_util::GetStringUTF16(
+            IDS_REQUEST_PIN_DIALOG_INVALID_PIN_ERROR);
+    case api_cp::PinRequestErrorType::PIN_REQUEST_ERROR_TYPE_INVALID_PUK:
+        return l10n_util::GetStringUTF16(
+            IDS_REQUEST_PIN_DIALOG_INVALID_PUK_ERROR);
+    case
+      api_cp::PinRequestErrorType::PIN_REQUEST_ERROR_TYPE_MAX_ATTEMPTS_EXCEEDED:
+        return l10n_util::GetStringUTF16(
+            IDS_REQUEST_PIN_DIALOG_MAX_ATTEMPTS_EXCEEDED_ERROR);
+    case api_cp::PinRequestErrorType::PIN_REQUEST_ERROR_TYPE_UNKNOWN_ERROR:
+        return l10n_util::GetStringUTF16(
+            IDS_REQUEST_PIN_DIALOG_UNKNOWN_ERROR);
+    case api_cp::PinRequestErrorType::PIN_REQUEST_ERROR_TYPE_NONE:
+        return base::string16();
+  }
+}

[stevenjb, 2016/08/09 21:04:39]

This is UI code, it shouldn't be in the API. We should pass
api_cp::PinRequestErrorType to the UI (or convert it to an enum defined in the
UI code), and that should do the localization.

[igorcov1, 2016/08/10 18:05:04]

Done.

+
+CertificateProviderStopPinRequestFunction::
+    ~CertificateProviderStopPinRequestFunction() {}
+
+ExtensionFunction::ResponseAction
+CertificateProviderStopPinRequestFunction::Run() {
+  std::unique_ptr<api_cp::RequestPin::Params> params(
+    api_cp::RequestPin::Params::Create(*args_));
+  EXTENSION_FUNCTION_VALIDATE(params.get());
+
+  base::string16 error_message = GetErrorMessageForType(
+      params->details.error_type);
+  chromeos::CertificateProviderService* const service =
+      chromeos::CertificateProviderServiceFactory::GetForBrowserContext(
+          browser_context());
+  DCHECK(service);
+  if (error_message.empty()) {
+    bool dialog_closed = service->CloseDialog(extension_id());
+    if (!dialog_closed) {
+      // This might happen if the user closed the dialog while extension was
+      // processing the input.
+      LOG(ERROR) << "Wrong extension requesting to close the dialog";
+      return RespondNow(Error("No active dialog from extension."));
+    }
+
+    std::unique_ptr<base::ListValue> create_results(new base::ListValue());
+    return RespondNow(ArgumentList(std::move(create_results)));
+  } else {

[stevenjb, 2016/08/09 21:04:39]

no else

[igorcov1, 2016/08/10 18:05:04]

Done.

+    bool success = service->UpdatePinDialog(
+        extension()->id(),
+        error_message,
+        false,
+        base::Bind(&CertificateProviderStopPinRequestFunction::DialogClosed,
+                   this));
+    if (success) {
+      return RespondLater();
+    } else {

[stevenjb, 2016/08/09 21:04:39]

invert, no else

[igorcov1, 2016/08/10 18:05:04]

Done.

+      return RespondNow(Error("No active dialog from extension."));
+    }
+  }
+}
+
+void CertificateProviderStopPinRequestFunction::DialogClosed(
+    const base::string16& value) {
+  std::unique_ptr<base::ListValue> create_results(new base::ListValue());
+  chromeos::CertificateProviderService* const service =
+      chromeos::CertificateProviderServiceFactory::GetForBrowserContext(
+          browser_context());
+  DCHECK(service);
+
+  Respond(ArgumentList(std::move(create_results)));
+  service->OnPinDialogInput(extension_id(), true);
+}
+
+CertificateProviderRequestPinFunction::
+    ~CertificateProviderRequestPinFunction() {}
+
+bool CertificateProviderRequestPinFunction::ShouldSkipQuotaLimiting() const {
+  chromeos::CertificateProviderService* const service =
+      chromeos::CertificateProviderServiceFactory::GetForBrowserContext(
+          browser_context());
+  DCHECK(service);
+
+  return !service->LastPinDialogClosed(extension_id());
+}
+
+void CertificateProviderRequestPinFunction::GetQuotaLimitHeuristics(
+    extensions::QuotaLimitHeuristics* heuristics) const {
+  QuotaLimitHeuristic::Config short_limit_config = {
+      extensions::MAX_CLOSED_DIALOGS_PER_10_MINUTES,
+      base::TimeDelta::FromMinutes(1)};
+  heuristics->push_back(new QuotaService::TimedLimit(
+      short_limit_config, new QuotaLimitHeuristic::SingletonBucketMapper(),
+      "MAX_SHOW_DIALOGS_PER_MINUTE"));
+}
+
+ExtensionFunction::ResponseAction
+CertificateProviderRequestPinFunction::Run() {
+  std::unique_ptr<api_cp::RequestPin::Params> params(
+    api_cp::RequestPin::Params::Create(*args_));
+  EXTENSION_FUNCTION_VALIDATE(params.get());
+
+  api_cp::PinRequestType pin_dialog_type =
+      (params->details.request_type) ?
+          params->details.request_type :
+          api_cp::PinRequestType::PIN_REQUEST_TYPE_PIN;
+
+  base::string16 error_message = GetErrorMessageForType(
+      params->details.error_type);
+
+  bool accept_input = true;
+  if (params->details.attempts_left) {
+    int attempts_left = *(params->details.attempts_left.get());
+    accept_input = attempts_left > 0;
+    error_message.append(l10n_util::GetStringFUTF16(
+        IDS_REQUEST_PIN_DIALOG_ATTEMPTS_LEFT,
+        base::ASCIIToUTF16(std::to_string(attempts_left))));
+  }
+
+  const std::string dialog_type =
+      (pin_dialog_type == api_cp::PinRequestType::PIN_REQUEST_TYPE_PIN) ?
+          "PIN: " : "PUK: ";
+
+  chromeos::CertificateProviderService* const service =
+      chromeos::CertificateProviderServiceFactory::GetForBrowserContext(
+          browser_context());
+  DCHECK(service);
+
+  chromeos::RequestPinResponse success = service->ShowPinDialog(
+      extension()->id(),
+      extension()->name(),
+      params->details.sign_request_id,
+      dialog_type,
+      error_message,
+      accept_input,
+      base::Bind(&CertificateProviderRequestPinFunction::OnInputReceived,
+                 this));
+  switch (success) {
+    case chromeos::RequestPinResponse::SUCCESS: return RespondLater();
+    case chromeos::RequestPinResponse::INVALID_ID:
+        return RespondNow(Error("Invalid signRequestId"));
+    case chromeos::RequestPinResponse::OTHER_FLOW_IN_PROGRESS:
+        return RespondNow(Error("Other flow in progress"));
+  }
+}
+
+void CertificateProviderRequestPinFunction::OnInputReceived(
+    const base::string16& value) {
+  std::unique_ptr<base::ListValue> create_results(new base::ListValue());
+  chromeos::CertificateProviderService* const service =
+      chromeos::CertificateProviderServiceFactory::GetForBrowserContext(
+          browser_context());
+  DCHECK(service);
+  if (!value.empty()) {
+    api::certificate_provider::PinResponseDetails details;
+    details.user_input.reset(new std::string(value.begin(), value.end()));
+    create_results->Append(details.ToValue());
+  }
+
+  Respond(ArgumentList(std::move(create_results)));
+  service->OnPinDialogInput(extension_id(), value.empty());
+}
+
 CertificateProviderInternalReportSignatureFunction::
     ~CertificateProviderInternalReportSignatureFunction() {}
 
 ExtensionFunction::ResponseAction
 CertificateProviderInternalReportSignatureFunction::Run() {
   std::unique_ptr<api_cpi::ReportSignature::Params> params(
       api_cpi::ReportSignature::Params::Create(*args_));
   EXTENSION_FUNCTION_VALIDATE(params);
 
   chromeos::CertificateProviderService* const service =
       chromeos::CertificateProviderServiceFactory::GetForBrowserContext(
           browser_context());
   DCHECK(service);
 
   std::vector<uint8_t> signature;
   // If an error occurred, |signature| will not be set.
   if (params->signature)
     signature.assign(params->signature->begin(), params->signature->end());
 
   service->ReplyToSignRequest(extension_id(), params->request_id, signature);
   return RespondNow(NoArguments());
 }
 
 }  // namespace extensions