| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/certificate_manager_model.h" | 5 #include "chrome/browser/certificate_manager_model.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/i18n/time_formatting.h" | 10 #include "base/i18n/time_formatting.h" |
| 11 #include "base/logging.h" | 11 #include "base/logging.h" |
| 12 #include "base/stl_util.h" |
| 12 #include "base/strings/utf_string_conversions.h" | 13 #include "base/strings/utf_string_conversions.h" |
| 13 #include "build/build_config.h" | 14 #include "build/build_config.h" |
| 15 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" |
| 16 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_serv
ice.h" |
| 17 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_serv
ice_factory.h" |
| 14 #include "chrome/browser/net/nss_context.h" | 18 #include "chrome/browser/net/nss_context.h" |
| 15 #include "chrome/browser/ui/crypto_module_password_dialog_nss.h" | 19 #include "chrome/browser/ui/crypto_module_password_dialog_nss.h" |
| 16 #include "chrome/common/net/x509_certificate_model.h" | 20 #include "chrome/common/net/x509_certificate_model.h" |
| 17 #include "chrome/grit/generated_resources.h" | 21 #include "chrome/grit/generated_resources.h" |
| 18 #include "content/public/browser/browser_context.h" | 22 #include "content/public/browser/browser_context.h" |
| 19 #include "content/public/browser/browser_thread.h" | 23 #include "content/public/browser/browser_thread.h" |
| 20 #include "content/public/browser/resource_context.h" | 24 #include "content/public/browser/resource_context.h" |
| 21 #include "crypto/nss_util.h" | 25 #include "crypto/nss_util.h" |
| 22 #include "net/base/crypto_module.h" | 26 #include "net/base/crypto_module.h" |
| 23 #include "net/base/net_errors.h" | 27 #include "net/base/net_errors.h" |
| (...skipping 19 matching lines...) Expand all Loading... |
| 43 // CertificateManagerModel::DidGetCertDBOnIOThread | 47 // CertificateManagerModel::DidGetCertDBOnIOThread |
| 44 // | | 48 // | |
| 45 // crypto::IsTPMTokenEnabledForNSS | 49 // crypto::IsTPMTokenEnabledForNSS |
| 46 // v--------------------------------------/ | 50 // v--------------------------------------/ |
| 47 // CertificateManagerModel::DidGetCertDBOnUIThread | 51 // CertificateManagerModel::DidGetCertDBOnUIThread |
| 48 // | | 52 // | |
| 49 // new CertificateManagerModel | 53 // new CertificateManagerModel |
| 50 // | | 54 // | |
| 51 // callback | 55 // callback |
| 52 | 56 |
| 57 namespace { |
| 58 |
| 59 std::string GetCertificateOrg(net::X509Certificate* cert) { |
| 60 std::string org; |
| 61 if (!cert->subject().organization_names.empty()) |
| 62 org = cert->subject().organization_names[0]; |
| 63 if (org.empty()) |
| 64 org = cert->subject().GetDisplayName(); |
| 65 |
| 66 return org; |
| 67 } |
| 68 |
| 69 } // namespace |
| 70 |
| 53 // static | 71 // static |
| 54 void CertificateManagerModel::Create( | 72 void CertificateManagerModel::Create( |
| 55 content::BrowserContext* browser_context, | 73 content::BrowserContext* browser_context, |
| 56 CertificateManagerModel::Observer* observer, | 74 CertificateManagerModel::Observer* observer, |
| 57 const CreationCallback& callback) { | 75 const CreationCallback& callback) { |
| 58 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 76 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 77 |
| 78 std::unique_ptr<chromeos::CertificateProvider> extension_certificate_provider; |
| 79 #if defined(OS_CHROMEOS) |
| 80 chromeos::CertificateProviderService* service = |
| 81 chromeos::CertificateProviderServiceFactory::GetForBrowserContext( |
| 82 browser_context); |
| 83 extension_certificate_provider = service->CreateCertificateProvider(); |
| 84 #endif |
| 85 |
| 59 BrowserThread::PostTask( | 86 BrowserThread::PostTask( |
| 60 BrowserThread::IO, | 87 BrowserThread::IO, |
| 61 FROM_HERE, | 88 FROM_HERE, |
| 62 base::Bind(&CertificateManagerModel::GetCertDBOnIOThread, | 89 base::Bind(&CertificateManagerModel::GetCertDBOnIOThread, |
| 63 browser_context->GetResourceContext(), | 90 browser_context->GetResourceContext(), |
| 64 observer, | 91 observer, |
| 92 base::Passed(&extension_certificate_provider), |
| 65 callback)); | 93 callback)); |
| 66 } | 94 } |
| 67 | 95 |
| 68 CertificateManagerModel::CertificateManagerModel( | 96 CertificateManagerModel::CertificateManagerModel( |
| 69 net::NSSCertDatabase* nss_cert_database, | 97 net::NSSCertDatabase* nss_cert_database, |
| 70 bool is_user_db_available, | 98 bool is_user_db_available, |
| 71 bool is_tpm_available, | 99 bool is_tpm_available, |
| 72 Observer* observer) | 100 Observer* observer, |
| 101 std::unique_ptr<chromeos::CertificateProvider> |
| 102 extension_certificate_provider) |
| 73 : cert_db_(nss_cert_database), | 103 : cert_db_(nss_cert_database), |
| 74 is_user_db_available_(is_user_db_available), | 104 is_user_db_available_(is_user_db_available), |
| 75 is_tpm_available_(is_tpm_available), | 105 is_tpm_available_(is_tpm_available), |
| 76 observer_(observer) { | 106 observer_(observer), |
| 107 extension_certificate_provider_(std::move( |
| 108 extension_certificate_provider)), |
| 109 weak_ptr_factory_(this) { |
| 77 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 110 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 78 } | 111 } |
| 79 | 112 |
| 80 CertificateManagerModel::~CertificateManagerModel() { | 113 CertificateManagerModel::~CertificateManagerModel() { |
| 81 } | 114 } |
| 82 | 115 |
| 83 void CertificateManagerModel::Refresh() { | 116 void CertificateManagerModel::Refresh() { |
| 84 DVLOG(1) << "refresh started"; | 117 DVLOG(1) << "refresh started"; |
| 85 net::CryptoModuleList modules; | 118 net::CryptoModuleList modules; |
| 86 cert_db_->ListModules(&modules, false); | 119 cert_db_->ListModules(&modules, false); |
| 87 DVLOG(1) << "refresh waiting for unlocking..."; | 120 DVLOG(1) << "refresh waiting for unlocking..."; |
| 88 chrome::UnlockSlotsIfNecessary( | 121 chrome::UnlockSlotsIfNecessary( |
| 89 modules, | 122 modules, |
| 90 chrome::kCryptoModulePasswordListCerts, | 123 chrome::kCryptoModulePasswordListCerts, |
| 91 net::HostPortPair(), // unused. | 124 net::HostPortPair(), // unused. |
| 92 NULL, // TODO(mattm): supply parent window. | 125 NULL, // TODO(mattm): supply parent window. |
| 93 base::Bind(&CertificateManagerModel::RefreshSlotsUnlocked, | 126 base::Bind(&CertificateManagerModel::RefreshSlotsUnlocked, |
| 94 base::Unretained(this))); | 127 base::Unretained(this))); |
| 128 |
| 129 #if defined(OS_CHROMEOS) |
| 130 extension_certificate_provider_->GetCertificates(base::Bind( |
| 131 &CertificateManagerModel::RefreshExtensionCertificates, |
| 132 weak_ptr_factory_.GetWeakPtr())); |
| 133 #endif |
| 95 } | 134 } |
| 96 | 135 |
| 97 void CertificateManagerModel::RefreshSlotsUnlocked() { | 136 void CertificateManagerModel::RefreshSlotsUnlocked() { |
| 98 DVLOG(1) << "refresh listing certs..."; | 137 DVLOG(1) << "refresh listing certs..."; |
| 99 // TODO(tbarzic): Use async |ListCerts|. | 138 // TODO(tbarzic): Use async |ListCerts|. |
| 100 cert_db_->ListCertsSync(&cert_list_); | 139 cert_db_->ListCertsSync(&cert_list_); |
| 101 observer_->CertificatesRefreshed(); | 140 observer_->CertificatesRefreshed(); |
| 102 DVLOG(1) << "refresh finished"; | 141 DVLOG(1) << "refresh finished for platform provided certificates"; |
| 142 } |
| 143 |
| 144 void CertificateManagerModel::RefreshExtensionCertificates( |
| 145 const net::CertificateList& new_certs) { |
| 146 extension_cert_list_ = new_certs; |
| 147 observer_->CertificatesRefreshed(); |
| 148 DVLOG(1) << "refresh finished for extension provided certificates"; |
| 103 } | 149 } |
| 104 | 150 |
| 105 void CertificateManagerModel::FilterAndBuildOrgGroupingMap( | 151 void CertificateManagerModel::FilterAndBuildOrgGroupingMap( |
| 106 net::CertType filter_type, | 152 net::CertType filter_type, |
| 107 CertificateManagerModel::OrgGroupingMap* map) const { | 153 CertificateManagerModel::OrgGroupingMap* map) const { |
| 108 for (net::CertificateList::const_iterator i = cert_list_.begin(); | 154 for (net::CertificateList::const_iterator i = cert_list_.begin(); |
| 109 i != cert_list_.end(); ++i) { | 155 i != cert_list_.end(); ++i) { |
| 110 net::X509Certificate* cert = i->get(); | 156 net::X509Certificate* cert = i->get(); |
| 111 net::CertType type = | 157 net::CertType type = |
| 112 x509_certificate_model::GetType(cert->os_cert_handle()); | 158 x509_certificate_model::GetType(cert->os_cert_handle()); |
| 113 if (type != filter_type) | 159 if (type != filter_type) |
| 114 continue; | 160 continue; |
| 115 | 161 |
| 116 std::string org; | 162 std::string org = GetCertificateOrg(cert); |
| 117 if (!cert->subject().organization_names.empty()) | 163 (*map)[org].push_back(cert); |
| 118 org = cert->subject().organization_names[0]; | 164 } |
| 119 if (org.empty()) | |
| 120 org = cert->subject().GetDisplayName(); | |
| 121 | 165 |
| 122 (*map)[org].push_back(cert); | 166 // Display extension provided certificates under the "Your Certificates" tab. |
| 167 if (filter_type == net::USER_CERT) { |
| 168 for (const auto& cert : extension_cert_list_) { |
| 169 std::string org = GetCertificateOrg(cert.get()); |
| 170 (*map)[org].push_back(cert); |
| 171 } |
| 123 } | 172 } |
| 124 } | 173 } |
| 125 | 174 |
| 126 base::string16 CertificateManagerModel::GetColumnText( | 175 base::string16 CertificateManagerModel::GetColumnText( |
| 127 const net::X509Certificate& cert, | 176 const net::X509Certificate& cert, |
| 128 Column column) const { | 177 Column column) const { |
| 129 base::string16 rv; | 178 base::string16 rv; |
| 130 switch (column) { | 179 switch (column) { |
| 131 case COL_SUBJECT_NAME: | 180 case COL_SUBJECT_NAME: |
| 132 rv = base::UTF8ToUTF16( | 181 rv = base::UTF8ToUTF16( |
| 133 x509_certificate_model::GetCertNameOrNickname(cert.os_cert_handle())); | 182 x509_certificate_model::GetCertNameOrNickname(cert.os_cert_handle())); |
| 134 | 183 |
| 135 // TODO(xiyuan): Put this into a column when we have js tree-table. | 184 // Mark extension provided certificates. |
| 136 if (IsHardwareBacked(&cert)) { | 185 if (base::ContainsValue(extension_cert_list_, &cert)) { |
| 186 rv = l10n_util::GetStringFUTF16( |
| 187 IDS_CERT_MANAGER_EXTENSION_PROVIDED_FORMAT, |
| 188 rv); |
| 189 } else if (IsHardwareBacked(&cert)) { |
| 190 // TODO(xiyuan): Put this into a column when we have js tree-table. |
| 137 rv = l10n_util::GetStringFUTF16( | 191 rv = l10n_util::GetStringFUTF16( |
| 138 IDS_CERT_MANAGER_HARDWARE_BACKED_KEY_FORMAT, | 192 IDS_CERT_MANAGER_HARDWARE_BACKED_KEY_FORMAT, |
| 139 rv, | 193 rv, |
| 140 l10n_util::GetStringUTF16(IDS_CERT_MANAGER_HARDWARE_BACKED)); | 194 l10n_util::GetStringUTF16(IDS_CERT_MANAGER_HARDWARE_BACKED)); |
| 141 } | 195 } |
| 142 break; | 196 break; |
| 143 case COL_CERTIFICATE_STORE: | 197 case COL_CERTIFICATE_STORE: |
| 144 rv = base::UTF8ToUTF16( | 198 rv = base::UTF8ToUTF16( |
| 145 x509_certificate_model::GetTokenName(cert.os_cert_handle())); | 199 x509_certificate_model::GetTokenName(cert.os_cert_handle())); |
| 146 break; | 200 break; |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 215 const net::X509Certificate* cert) const { | 269 const net::X509Certificate* cert) const { |
| 216 return cert_db_->IsHardwareBacked(cert); | 270 return cert_db_->IsHardwareBacked(cert); |
| 217 } | 271 } |
| 218 | 272 |
| 219 // static | 273 // static |
| 220 void CertificateManagerModel::DidGetCertDBOnUIThread( | 274 void CertificateManagerModel::DidGetCertDBOnUIThread( |
| 221 net::NSSCertDatabase* cert_db, | 275 net::NSSCertDatabase* cert_db, |
| 222 bool is_user_db_available, | 276 bool is_user_db_available, |
| 223 bool is_tpm_available, | 277 bool is_tpm_available, |
| 224 CertificateManagerModel::Observer* observer, | 278 CertificateManagerModel::Observer* observer, |
| 279 std::unique_ptr<chromeos::CertificateProvider> |
| 280 extension_certificate_provider, |
| 225 const CreationCallback& callback) { | 281 const CreationCallback& callback) { |
| 226 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 282 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 227 | 283 |
| 228 std::unique_ptr<CertificateManagerModel> model(new CertificateManagerModel( | 284 std::unique_ptr<CertificateManagerModel> model(new CertificateManagerModel( |
| 229 cert_db, is_user_db_available, is_tpm_available, observer)); | 285 cert_db, is_user_db_available, is_tpm_available, observer, |
| 286 std::move(extension_certificate_provider))); |
| 230 callback.Run(std::move(model)); | 287 callback.Run(std::move(model)); |
| 231 } | 288 } |
| 232 | 289 |
| 233 // static | 290 // static |
| 234 void CertificateManagerModel::DidGetCertDBOnIOThread( | 291 void CertificateManagerModel::DidGetCertDBOnIOThread( |
| 235 CertificateManagerModel::Observer* observer, | 292 CertificateManagerModel::Observer* observer, |
| 293 std::unique_ptr<chromeos::CertificateProvider> |
| 294 extension_certificate_provider, |
| 236 const CreationCallback& callback, | 295 const CreationCallback& callback, |
| 237 net::NSSCertDatabase* cert_db) { | 296 net::NSSCertDatabase* cert_db) { |
| 238 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 297 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| 239 | 298 |
| 240 bool is_user_db_available = !!cert_db->GetPublicSlot(); | 299 bool is_user_db_available = !!cert_db->GetPublicSlot(); |
| 241 bool is_tpm_available = false; | 300 bool is_tpm_available = false; |
| 242 #if defined(OS_CHROMEOS) | 301 #if defined(OS_CHROMEOS) |
| 243 is_tpm_available = crypto::IsTPMTokenEnabledForNSS(); | 302 is_tpm_available = crypto::IsTPMTokenEnabledForNSS(); |
| 244 #endif | 303 #endif |
| 245 BrowserThread::PostTask( | 304 BrowserThread::PostTask( |
| 246 BrowserThread::UI, | 305 BrowserThread::UI, |
| 247 FROM_HERE, | 306 FROM_HERE, |
| 248 base::Bind(&CertificateManagerModel::DidGetCertDBOnUIThread, | 307 base::Bind(&CertificateManagerModel::DidGetCertDBOnUIThread, |
| 249 cert_db, | 308 cert_db, |
| 250 is_user_db_available, | 309 is_user_db_available, |
| 251 is_tpm_available, | 310 is_tpm_available, |
| 252 observer, | 311 observer, |
| 312 base::Passed(&extension_certificate_provider), |
| 253 callback)); | 313 callback)); |
| 254 } | 314 } |
| 255 | 315 |
| 256 // static | 316 // static |
| 257 void CertificateManagerModel::GetCertDBOnIOThread( | 317 void CertificateManagerModel::GetCertDBOnIOThread( |
| 258 content::ResourceContext* context, | 318 content::ResourceContext* context, |
| 259 CertificateManagerModel::Observer* observer, | 319 CertificateManagerModel::Observer* observer, |
| 320 std::unique_ptr<chromeos::CertificateProvider> |
| 321 extension_certificate_provider, |
| 260 const CreationCallback& callback) { | 322 const CreationCallback& callback) { |
| 261 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 323 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| 324 |
| 325 auto did_get_cert_db_callback = base::Bind( |
| 326 &CertificateManagerModel::DidGetCertDBOnIOThread, observer, |
| 327 base::Passed(&extension_certificate_provider), callback); |
| 328 |
| 262 net::NSSCertDatabase* cert_db = GetNSSCertDatabaseForResourceContext( | 329 net::NSSCertDatabase* cert_db = GetNSSCertDatabaseForResourceContext( |
| 263 context, | 330 context, did_get_cert_db_callback); |
| 264 base::Bind(&CertificateManagerModel::DidGetCertDBOnIOThread, | 331 |
| 265 observer, | 332 // The callback is run here instead of the actual function call because of |
| 266 callback)); | 333 // extension_certificate_provider ownership semantics, ie. ownership can only |
| 334 // be released once. The callback will only be run once (either inside the |
| 335 // function above or here). |
| 267 if (cert_db) | 336 if (cert_db) |
| 268 DidGetCertDBOnIOThread(observer, callback, cert_db); | 337 did_get_cert_db_callback.Run(cert_db); |
| 269 } | 338 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2307373003:
Show extension provided certificates in chrome://settings/certificates (Closed)
