Chromium Code Reviews Chromium Code Reviews
Issue 2307373003:
Show extension provided certificates in chrome://settings/certificates (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/certificate_manager_model.h" | 5 #include "chrome/browser/certificate_manager_model.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/i18n/time_formatting.h" | 10 #include "base/i18n/time_formatting.h" |
| 11 #include "base/logging.h" | 11 #include "base/logging.h" |
| 12 #include "base/strings/utf_string_conversions.h" | 12 #include "base/strings/utf_string_conversions.h" |
| 13 #include "build/build_config.h" | 13 #include "build/build_config.h" |
| 14 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_serv ice.h" | |
| 15 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_serv ice_factory.h" | |
| 14 #include "chrome/browser/net/nss_context.h" | 16 #include "chrome/browser/net/nss_context.h" |
| 15 #include "chrome/browser/ui/crypto_module_password_dialog_nss.h" | 17 #include "chrome/browser/ui/crypto_module_password_dialog_nss.h" |
| 16 #include "chrome/common/net/x509_certificate_model.h" | 18 #include "chrome/common/net/x509_certificate_model.h" |
| 17 #include "chrome/grit/generated_resources.h" | 19 #include "chrome/grit/generated_resources.h" |
| 18 #include "content/public/browser/browser_context.h" | 20 #include "content/public/browser/browser_context.h" |
| 19 #include "content/public/browser/browser_thread.h" | 21 #include "content/public/browser/browser_thread.h" |
| 20 #include "content/public/browser/resource_context.h" | 22 #include "content/public/browser/resource_context.h" |
| 21 #include "crypto/nss_util.h" | 23 #include "crypto/nss_util.h" |
| 22 #include "net/base/crypto_module.h" | 24 #include "net/base/crypto_module.h" |
| 23 #include "net/base/net_errors.h" | 25 #include "net/base/net_errors.h" |
| (...skipping 19 matching lines...) Expand all Loading... | |
| 43 // CertificateManagerModel::DidGetCertDBOnIOThread | 45 // CertificateManagerModel::DidGetCertDBOnIOThread |
| 44 // | | 46 // | |
| 45 // crypto::IsTPMTokenEnabledForNSS | 47 // crypto::IsTPMTokenEnabledForNSS |
| 46 // v--------------------------------------/ | 48 // v--------------------------------------/ |
| 47 // CertificateManagerModel::DidGetCertDBOnUIThread | 49 // CertificateManagerModel::DidGetCertDBOnUIThread |
| 48 // | | 50 // | |
| 49 // new CertificateManagerModel | 51 // new CertificateManagerModel |
| 50 // | | 52 // | |
| 51 // callback | 53 // callback |
| 52 | 54 |
| 55 namespace { | |
| 56 | |
| 57 std::string GetCertificateOrg(net::X509Certificate* cert) { | |
| 58 std::string org; | |
| 59 if (!cert->subject().organization_names.empty()) | |
| 60 org = cert->subject().organization_names[0]; | |
| 61 if (org.empty()) | |
| 62 org = cert->subject().GetDisplayName(); | |
| 63 | |
| 64 return org; | |
| 65 } | |
| 66 | |
| 67 } // namespace | |
| 68 | |
| 53 // static | 69 // static |
| 54 void CertificateManagerModel::Create( | 70 void CertificateManagerModel::Create( |
| 55 content::BrowserContext* browser_context, | 71 content::BrowserContext* browser_context, |
| 56 CertificateManagerModel::Observer* observer, | 72 CertificateManagerModel::Observer* observer, |
| 57 const CreationCallback& callback) { | 73 const CreationCallback& callback) { |
| 58 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 74 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 59 BrowserThread::PostTask( | 75 BrowserThread::PostTask( |
| 60 BrowserThread::IO, | 76 BrowserThread::IO, |
| 61 FROM_HERE, | 77 FROM_HERE, |
| 62 base::Bind(&CertificateManagerModel::GetCertDBOnIOThread, | 78 base::Bind(&CertificateManagerModel::GetCertDBOnIOThread, |
| 63 browser_context->GetResourceContext(), | |
| 64 observer, | 79 observer, |
| 80 browser_context, | |
| 65 callback)); | 81 callback)); |
| 66 } | 82 } |
| 67 | 83 |
| 68 CertificateManagerModel::CertificateManagerModel( | 84 CertificateManagerModel::CertificateManagerModel( |
| 69 net::NSSCertDatabase* nss_cert_database, | 85 net::NSSCertDatabase* nss_cert_database, |
| 70 bool is_user_db_available, | 86 bool is_user_db_available, |
| 71 bool is_tpm_available, | 87 bool is_tpm_available, |
| 72 Observer* observer) | 88 Observer* observer, |
| 89 content::BrowserContext* browser_context) | |
| 73 : cert_db_(nss_cert_database), | 90 : cert_db_(nss_cert_database), |
| 74 is_user_db_available_(is_user_db_available), | 91 is_user_db_available_(is_user_db_available), |
| 75 is_tpm_available_(is_tpm_available), | 92 is_tpm_available_(is_tpm_available), |
| 76 observer_(observer) { | 93 observer_(observer), |
| 94 weak_ptr_factory_(this) { | |
| 77 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 95 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 96 | |
| 97 #if defined(OS_CHROMEOS) | |
| 98 chromeos::CertificateProviderService* service = | |
| 99 chromeos::CertificateProviderServiceFactory::GetForBrowserContext( | |
| 100 browser_context); | |
| 101 certificate_provider_ = service->CreateCertificateProvider(); | |
| 102 #endif | |
| 78 } | 103 } |
| 79 | 104 |
| 80 CertificateManagerModel::~CertificateManagerModel() { | 105 CertificateManagerModel::~CertificateManagerModel() { |
| 81 } | 106 } |
| 82 | 107 |
| 83 void CertificateManagerModel::Refresh() { | 108 void CertificateManagerModel::Refresh() { |
| 84 DVLOG(1) << "refresh started"; | 109 DVLOG(1) << "refresh started"; |
| 85 net::CryptoModuleList modules; | 110 net::CryptoModuleList modules; |
| 86 cert_db_->ListModules(&modules, false); | 111 cert_db_->ListModules(&modules, false); |
| 87 DVLOG(1) << "refresh waiting for unlocking..."; | 112 DVLOG(1) << "refresh waiting for unlocking..."; |
| 88 chrome::UnlockSlotsIfNecessary( | 113 chrome::UnlockSlotsIfNecessary( |
| 89 modules, | 114 modules, |
| 90 chrome::kCryptoModulePasswordListCerts, | 115 chrome::kCryptoModulePasswordListCerts, |
| 91 net::HostPortPair(), // unused. | 116 net::HostPortPair(), // unused. |
| 92 NULL, // TODO(mattm): supply parent window. | 117 NULL, // TODO(mattm): supply parent window. |
| 93 base::Bind(&CertificateManagerModel::RefreshSlotsUnlocked, | 118 base::Bind(&CertificateManagerModel::RefreshSlotsUnlocked, |
| 94 base::Unretained(this))); | 119 base::Unretained(this))); |
| 120 | |
| 121 #if defined(OS_CHROMEOS) | |
| 122 certificate_provider_->GetCertificates(base::Bind( | |
| 123 &CertificateManagerModel::RefreshExtensionCertificates, | |
| 124 weak_ptr_factory_.GetWeakPtr())); | |
| 125 #endif | |
| 95 } | 126 } |
| 96 | 127 |
| 97 void CertificateManagerModel::RefreshSlotsUnlocked() { | 128 void CertificateManagerModel::RefreshSlotsUnlocked() { |
| 98 DVLOG(1) << "refresh listing certs..."; | 129 DVLOG(1) << "refresh listing certs..."; |
| 99 // TODO(tbarzic): Use async |ListCerts|. | 130 // TODO(tbarzic): Use async |ListCerts|. |
| 100 cert_db_->ListCertsSync(&cert_list_); | 131 cert_db_->ListCertsSync(&cert_list_); |
| 101 observer_->CertificatesRefreshed(); | 132 observer_->CertificatesRefreshed(); |
| 102 DVLOG(1) << "refresh finished"; | 133 DVLOG(1) << "refresh finished for platform provided certificates"; |
| 134 } | |
| 135 | |
| 136 void CertificateManagerModel::RefreshExtensionCertificates( | |
| 137 const net::CertificateList& new_certs) { | |
| 138 extension_cert_list_ = new_certs; | |
| 139 observer_->CertificatesRefreshed(); | |
| 140 DVLOG(1) << "refresh finished for extension provided certificates"; | |
| 103 } | 141 } |
| 104 | 142 |
| 105 void CertificateManagerModel::FilterAndBuildOrgGroupingMap( | 143 void CertificateManagerModel::FilterAndBuildOrgGroupingMap( |
| 106 net::CertType filter_type, | 144 net::CertType filter_type, |
| 107 CertificateManagerModel::OrgGroupingMap* map) const { | 145 CertificateManagerModel::OrgGroupingMap* map) const { |
| 108 for (net::CertificateList::const_iterator i = cert_list_.begin(); | 146 for (net::CertificateList::const_iterator i = cert_list_.begin(); |
| 109 i != cert_list_.end(); ++i) { | 147 i != cert_list_.end(); ++i) { |
| 110 net::X509Certificate* cert = i->get(); | 148 net::X509Certificate* cert = i->get(); |
| 111 net::CertType type = | 149 net::CertType type = |
| 112 x509_certificate_model::GetType(cert->os_cert_handle()); | 150 x509_certificate_model::GetType(cert->os_cert_handle()); |
| 113 if (type != filter_type) | 151 if (type != filter_type) |
| 114 continue; | 152 continue; |
| 115 | 153 |
| 116 std::string org; | 154 std::string org = GetCertificateOrg(cert); |
| 117 if (!cert->subject().organization_names.empty()) | 155 (*map)[org].push_back(cert); |
| 118 org = cert->subject().organization_names[0]; | 156 } |
| 119 if (org.empty()) | |
| 120 org = cert->subject().GetDisplayName(); | |
| 121 | 157 |
| 122 (*map)[org].push_back(cert); | 158 // Display extension provided certificates under the "Your Certificates" tab. |
| 159 if (filter_type == net::USER_CERT) { | |
| 160 for (auto cert : extension_cert_list_) { | |
| 161 std::string org = GetCertificateOrg(cert.get()); | |
| 162 (*map)[org].push_back(cert); | |
| 163 } | |
| 123 } | 164 } |
| 124 } | 165 } |
| 125 | 166 |
| 126 base::string16 CertificateManagerModel::GetColumnText( | 167 base::string16 CertificateManagerModel::GetColumnText( |
| 127 const net::X509Certificate& cert, | 168 const net::X509Certificate& cert, |
| 128 Column column) const { | 169 Column column) const { |
| 129 base::string16 rv; | 170 base::string16 rv; |
| 130 switch (column) { | 171 switch (column) { |
| 131 case COL_SUBJECT_NAME: | 172 case COL_SUBJECT_NAME: |
| 132 rv = base::UTF8ToUTF16( | 173 rv = base::UTF8ToUTF16( |
| 133 x509_certificate_model::GetCertNameOrNickname(cert.os_cert_handle())); | 174 x509_certificate_model::GetCertNameOrNickname(cert.os_cert_handle())); |
| 134 | 175 |
| 176 // Mark extension provided certificates. | |
| 177 if (std::find(extension_cert_list_.begin(), extension_cert_list_.end(), | |
|
emaxx
2016/09/06 16:17:03
You could use base::ContainsValue for this check.
Ivan Šandrk
2016/09/06 16:27:53
Done.
| |
| 178 &cert) != extension_cert_list_.end()) { | |
| 179 rv = l10n_util::GetStringFUTF16( | |
| 180 IDS_CERT_MANAGER_EXTENSION_PROVIDED_FORMAT, | |
| 181 rv); | |
| 182 } | |
| 183 | |
| 135 // TODO(xiyuan): Put this into a column when we have js tree-table. | 184 // TODO(xiyuan): Put this into a column when we have js tree-table. |
| 136 if (IsHardwareBacked(&cert)) { | 185 if (IsHardwareBacked(&cert)) { |
| 137 rv = l10n_util::GetStringFUTF16( | 186 rv = l10n_util::GetStringFUTF16( |
| 138 IDS_CERT_MANAGER_HARDWARE_BACKED_KEY_FORMAT, | 187 IDS_CERT_MANAGER_HARDWARE_BACKED_KEY_FORMAT, |
| 139 rv, | 188 rv, |
| 140 l10n_util::GetStringUTF16(IDS_CERT_MANAGER_HARDWARE_BACKED)); | 189 l10n_util::GetStringUTF16(IDS_CERT_MANAGER_HARDWARE_BACKED)); |
| 141 } | 190 } |
| 142 break; | 191 break; |
| 143 case COL_CERTIFICATE_STORE: | 192 case COL_CERTIFICATE_STORE: |
| 144 rv = base::UTF8ToUTF16( | 193 rv = base::UTF8ToUTF16( |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 215 const net::X509Certificate* cert) const { | 264 const net::X509Certificate* cert) const { |
| 216 return cert_db_->IsHardwareBacked(cert); | 265 return cert_db_->IsHardwareBacked(cert); |
| 217 } | 266 } |
| 218 | 267 |
| 219 // static | 268 // static |
| 220 void CertificateManagerModel::DidGetCertDBOnUIThread( | 269 void CertificateManagerModel::DidGetCertDBOnUIThread( |
| 221 net::NSSCertDatabase* cert_db, | 270 net::NSSCertDatabase* cert_db, |
| 222 bool is_user_db_available, | 271 bool is_user_db_available, |
| 223 bool is_tpm_available, | 272 bool is_tpm_available, |
| 224 CertificateManagerModel::Observer* observer, | 273 CertificateManagerModel::Observer* observer, |
| 274 content::BrowserContext* browser_context, | |
| 225 const CreationCallback& callback) { | 275 const CreationCallback& callback) { |
| 226 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 276 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 227 | 277 |
| 228 std::unique_ptr<CertificateManagerModel> model(new CertificateManagerModel( | 278 std::unique_ptr<CertificateManagerModel> model(new CertificateManagerModel( |
| 229 cert_db, is_user_db_available, is_tpm_available, observer)); | 279 cert_db, is_user_db_available, is_tpm_available, observer, |
| 280 browser_context)); | |
| 230 callback.Run(std::move(model)); | 281 callback.Run(std::move(model)); |
| 231 } | 282 } |
| 232 | 283 |
| 233 // static | 284 // static |
| 234 void CertificateManagerModel::DidGetCertDBOnIOThread( | 285 void CertificateManagerModel::DidGetCertDBOnIOThread( |
| 235 CertificateManagerModel::Observer* observer, | 286 CertificateManagerModel::Observer* observer, |
| 287 content::BrowserContext* browser_context, | |
| 236 const CreationCallback& callback, | 288 const CreationCallback& callback, |
| 237 net::NSSCertDatabase* cert_db) { | 289 net::NSSCertDatabase* cert_db) { |
| 238 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 290 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| 239 | 291 |
| 240 bool is_user_db_available = !!cert_db->GetPublicSlot(); | 292 bool is_user_db_available = !!cert_db->GetPublicSlot(); |
| 241 bool is_tpm_available = false; | 293 bool is_tpm_available = false; |
| 242 #if defined(OS_CHROMEOS) | 294 #if defined(OS_CHROMEOS) |
| 243 is_tpm_available = crypto::IsTPMTokenEnabledForNSS(); | 295 is_tpm_available = crypto::IsTPMTokenEnabledForNSS(); |
| 244 #endif | 296 #endif |
| 245 BrowserThread::PostTask( | 297 BrowserThread::PostTask( |
| 246 BrowserThread::UI, | 298 BrowserThread::UI, |
| 247 FROM_HERE, | 299 FROM_HERE, |
| 248 base::Bind(&CertificateManagerModel::DidGetCertDBOnUIThread, | 300 base::Bind(&CertificateManagerModel::DidGetCertDBOnUIThread, |
| 249 cert_db, | 301 cert_db, |
| 250 is_user_db_available, | 302 is_user_db_available, |
| 251 is_tpm_available, | 303 is_tpm_available, |
| 252 observer, | 304 observer, |
| 305 browser_context, | |
| 253 callback)); | 306 callback)); |
| 254 } | 307 } |
| 255 | 308 |
| 256 // static | 309 // static |
| 257 void CertificateManagerModel::GetCertDBOnIOThread( | 310 void CertificateManagerModel::GetCertDBOnIOThread( |
| 258 content::ResourceContext* context, | |
| 259 CertificateManagerModel::Observer* observer, | 311 CertificateManagerModel::Observer* observer, |
| 312 content::BrowserContext* browser_context, | |
| 260 const CreationCallback& callback) { | 313 const CreationCallback& callback) { |
| 261 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 314 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| 262 net::NSSCertDatabase* cert_db = GetNSSCertDatabaseForResourceContext( | 315 net::NSSCertDatabase* cert_db = GetNSSCertDatabaseForResourceContext( |
| 263 context, | 316 browser_context->GetResourceContext(), |
| 264 base::Bind(&CertificateManagerModel::DidGetCertDBOnIOThread, | 317 base::Bind(&CertificateManagerModel::DidGetCertDBOnIOThread, |
| 265 observer, | 318 observer, |
| 319 browser_context, | |
| 266 callback)); | 320 callback)); |
| 321 | |
| 267 if (cert_db) | 322 if (cert_db) |
| 268 DidGetCertDBOnIOThread(observer, callback, cert_db); | 323 DidGetCertDBOnIOThread(observer, browser_context, callback, cert_db); |
| 269 } | 324 } |
| OLD | NEW |
