| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/certificate_manager_model.h" | 5 #include "chrome/browser/certificate_manager_model.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/i18n/time_formatting.h" | 10 #include "base/i18n/time_formatting.h" |
| 11 #include "base/logging.h" | 11 #include "base/logging.h" |
| 12 #include "base/stl_util.h" |
| 12 #include "base/strings/utf_string_conversions.h" | 13 #include "base/strings/utf_string_conversions.h" |
| 13 #include "build/build_config.h" | 14 #include "build/build_config.h" |
| 15 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_serv
ice.h" |
| 16 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_serv
ice_factory.h" |
| 14 #include "chrome/browser/net/nss_context.h" | 17 #include "chrome/browser/net/nss_context.h" |
| 15 #include "chrome/browser/ui/crypto_module_password_dialog_nss.h" | 18 #include "chrome/browser/ui/crypto_module_password_dialog_nss.h" |
| 16 #include "chrome/common/net/x509_certificate_model.h" | 19 #include "chrome/common/net/x509_certificate_model.h" |
| 17 #include "chrome/grit/generated_resources.h" | 20 #include "chrome/grit/generated_resources.h" |
| 18 #include "content/public/browser/browser_context.h" | 21 #include "content/public/browser/browser_context.h" |
| 19 #include "content/public/browser/browser_thread.h" | 22 #include "content/public/browser/browser_thread.h" |
| 20 #include "content/public/browser/resource_context.h" | 23 #include "content/public/browser/resource_context.h" |
| 21 #include "crypto/nss_util.h" | 24 #include "crypto/nss_util.h" |
| 22 #include "net/base/crypto_module.h" | 25 #include "net/base/crypto_module.h" |
| 23 #include "net/base/net_errors.h" | 26 #include "net/base/net_errors.h" |
| (...skipping 19 matching lines...) Expand all Loading... |
| 43 // CertificateManagerModel::DidGetCertDBOnIOThread | 46 // CertificateManagerModel::DidGetCertDBOnIOThread |
| 44 // | | 47 // | |
| 45 // crypto::IsTPMTokenEnabledForNSS | 48 // crypto::IsTPMTokenEnabledForNSS |
| 46 // v--------------------------------------/ | 49 // v--------------------------------------/ |
| 47 // CertificateManagerModel::DidGetCertDBOnUIThread | 50 // CertificateManagerModel::DidGetCertDBOnUIThread |
| 48 // | | 51 // | |
| 49 // new CertificateManagerModel | 52 // new CertificateManagerModel |
| 50 // | | 53 // | |
| 51 // callback | 54 // callback |
| 52 | 55 |
| 56 namespace { |
| 57 |
| 58 std::string GetCertificateOrg(net::X509Certificate* cert) { |
| 59 std::string org; |
| 60 if (!cert->subject().organization_names.empty()) |
| 61 org = cert->subject().organization_names[0]; |
| 62 if (org.empty()) |
| 63 org = cert->subject().GetDisplayName(); |
| 64 |
| 65 return org; |
| 66 } |
| 67 |
| 68 } // namespace |
| 69 |
| 53 // static | 70 // static |
| 54 void CertificateManagerModel::Create( | 71 void CertificateManagerModel::Create( |
| 55 content::BrowserContext* browser_context, | 72 content::BrowserContext* browser_context, |
| 56 CertificateManagerModel::Observer* observer, | 73 CertificateManagerModel::Observer* observer, |
| 57 const CreationCallback& callback) { | 74 const CreationCallback& callback) { |
| 58 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 75 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 76 |
| 77 std::unique_ptr<chromeos::CertificateProvider> certificate_provider; |
| 78 #if defined(OS_CHROMEOS) |
| 79 chromeos::CertificateProviderService* service = |
| 80 chromeos::CertificateProviderServiceFactory::GetForBrowserContext( |
| 81 browser_context); |
| 82 certificate_provider = service->CreateCertificateProvider(); |
| 83 #endif |
| 84 |
| 59 BrowserThread::PostTask( | 85 BrowserThread::PostTask( |
| 60 BrowserThread::IO, | 86 BrowserThread::IO, |
| 61 FROM_HERE, | 87 FROM_HERE, |
| 62 base::Bind(&CertificateManagerModel::GetCertDBOnIOThread, | 88 base::Bind(&CertificateManagerModel::GetCertDBOnIOThread, |
| 63 browser_context->GetResourceContext(), | 89 browser_context->GetResourceContext(), |
| 64 observer, | 90 observer, |
| 91 base::Passed(&certificate_provider), |
| 65 callback)); | 92 callback)); |
| 66 } | 93 } |
| 67 | 94 |
| 68 CertificateManagerModel::CertificateManagerModel( | 95 CertificateManagerModel::CertificateManagerModel( |
| 69 net::NSSCertDatabase* nss_cert_database, | 96 net::NSSCertDatabase* nss_cert_database, |
| 70 bool is_user_db_available, | 97 bool is_user_db_available, |
| 71 bool is_tpm_available, | 98 bool is_tpm_available, |
| 72 Observer* observer) | 99 Observer* observer, |
| 100 std::unique_ptr<chromeos::CertificateProvider> certificate_provider) |
| 73 : cert_db_(nss_cert_database), | 101 : cert_db_(nss_cert_database), |
| 74 is_user_db_available_(is_user_db_available), | 102 is_user_db_available_(is_user_db_available), |
| 75 is_tpm_available_(is_tpm_available), | 103 is_tpm_available_(is_tpm_available), |
| 76 observer_(observer) { | 104 observer_(observer), |
| 105 certificate_provider_(std::move(certificate_provider)), |
| 106 weak_ptr_factory_(this) { |
| 77 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 107 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 78 } | 108 } |
| 79 | 109 |
| 80 CertificateManagerModel::~CertificateManagerModel() { | 110 CertificateManagerModel::~CertificateManagerModel() { |
| 81 } | 111 } |
| 82 | 112 |
| 83 void CertificateManagerModel::Refresh() { | 113 void CertificateManagerModel::Refresh() { |
| 84 DVLOG(1) << "refresh started"; | 114 DVLOG(1) << "refresh started"; |
| 85 net::CryptoModuleList modules; | 115 net::CryptoModuleList modules; |
| 86 cert_db_->ListModules(&modules, false); | 116 cert_db_->ListModules(&modules, false); |
| 87 DVLOG(1) << "refresh waiting for unlocking..."; | 117 DVLOG(1) << "refresh waiting for unlocking..."; |
| 88 chrome::UnlockSlotsIfNecessary( | 118 chrome::UnlockSlotsIfNecessary( |
| 89 modules, | 119 modules, |
| 90 chrome::kCryptoModulePasswordListCerts, | 120 chrome::kCryptoModulePasswordListCerts, |
| 91 net::HostPortPair(), // unused. | 121 net::HostPortPair(), // unused. |
| 92 NULL, // TODO(mattm): supply parent window. | 122 NULL, // TODO(mattm): supply parent window. |
| 93 base::Bind(&CertificateManagerModel::RefreshSlotsUnlocked, | 123 base::Bind(&CertificateManagerModel::RefreshSlotsUnlocked, |
| 94 base::Unretained(this))); | 124 base::Unretained(this))); |
| 125 |
| 126 #if defined(OS_CHROMEOS) |
| 127 certificate_provider_->GetCertificates(base::Bind( |
| 128 &CertificateManagerModel::RefreshExtensionCertificates, |
| 129 weak_ptr_factory_.GetWeakPtr())); |
| 130 #endif |
| 95 } | 131 } |
| 96 | 132 |
| 97 void CertificateManagerModel::RefreshSlotsUnlocked() { | 133 void CertificateManagerModel::RefreshSlotsUnlocked() { |
| 98 DVLOG(1) << "refresh listing certs..."; | 134 DVLOG(1) << "refresh listing certs..."; |
| 99 // TODO(tbarzic): Use async |ListCerts|. | 135 // TODO(tbarzic): Use async |ListCerts|. |
| 100 cert_db_->ListCertsSync(&cert_list_); | 136 cert_db_->ListCertsSync(&cert_list_); |
| 101 observer_->CertificatesRefreshed(); | 137 observer_->CertificatesRefreshed(); |
| 102 DVLOG(1) << "refresh finished"; | 138 DVLOG(1) << "refresh finished for platform provided certificates"; |
| 139 } |
| 140 |
| 141 void CertificateManagerModel::RefreshExtensionCertificates( |
| 142 const net::CertificateList& new_certs) { |
| 143 extension_cert_list_ = new_certs; |
| 144 observer_->CertificatesRefreshed(); |
| 145 DVLOG(1) << "refresh finished for extension provided certificates"; |
| 103 } | 146 } |
| 104 | 147 |
| 105 void CertificateManagerModel::FilterAndBuildOrgGroupingMap( | 148 void CertificateManagerModel::FilterAndBuildOrgGroupingMap( |
| 106 net::CertType filter_type, | 149 net::CertType filter_type, |
| 107 CertificateManagerModel::OrgGroupingMap* map) const { | 150 CertificateManagerModel::OrgGroupingMap* map) const { |
| 108 for (net::CertificateList::const_iterator i = cert_list_.begin(); | 151 for (net::CertificateList::const_iterator i = cert_list_.begin(); |
| 109 i != cert_list_.end(); ++i) { | 152 i != cert_list_.end(); ++i) { |
| 110 net::X509Certificate* cert = i->get(); | 153 net::X509Certificate* cert = i->get(); |
| 111 net::CertType type = | 154 net::CertType type = |
| 112 x509_certificate_model::GetType(cert->os_cert_handle()); | 155 x509_certificate_model::GetType(cert->os_cert_handle()); |
| 113 if (type != filter_type) | 156 if (type != filter_type) |
| 114 continue; | 157 continue; |
| 115 | 158 |
| 116 std::string org; | 159 std::string org = GetCertificateOrg(cert); |
| 117 if (!cert->subject().organization_names.empty()) | 160 (*map)[org].push_back(cert); |
| 118 org = cert->subject().organization_names[0]; | 161 } |
| 119 if (org.empty()) | |
| 120 org = cert->subject().GetDisplayName(); | |
| 121 | 162 |
| 122 (*map)[org].push_back(cert); | 163 // Display extension provided certificates under the "Your Certificates" tab. |
| 164 if (filter_type == net::USER_CERT) { |
| 165 for (auto cert : extension_cert_list_) { |
| 166 std::string org = GetCertificateOrg(cert.get()); |
| 167 (*map)[org].push_back(cert); |
| 168 } |
| 123 } | 169 } |
| 124 } | 170 } |
| 125 | 171 |
| 126 base::string16 CertificateManagerModel::GetColumnText( | 172 base::string16 CertificateManagerModel::GetColumnText( |
| 127 const net::X509Certificate& cert, | 173 const net::X509Certificate& cert, |
| 128 Column column) const { | 174 Column column) const { |
| 129 base::string16 rv; | 175 base::string16 rv; |
| 130 switch (column) { | 176 switch (column) { |
| 131 case COL_SUBJECT_NAME: | 177 case COL_SUBJECT_NAME: |
| 132 rv = base::UTF8ToUTF16( | 178 rv = base::UTF8ToUTF16( |
| 133 x509_certificate_model::GetCertNameOrNickname(cert.os_cert_handle())); | 179 x509_certificate_model::GetCertNameOrNickname(cert.os_cert_handle())); |
| 134 | 180 |
| 181 // Mark extension provided certificates. |
| 182 if (base::ContainsValue(extension_cert_list_, &cert)) { |
| 183 rv = l10n_util::GetStringFUTF16( |
| 184 IDS_CERT_MANAGER_EXTENSION_PROVIDED_FORMAT, |
| 185 rv); |
| 186 } |
| 187 |
| 135 // TODO(xiyuan): Put this into a column when we have js tree-table. | 188 // TODO(xiyuan): Put this into a column when we have js tree-table. |
| 136 if (IsHardwareBacked(&cert)) { | 189 if (IsHardwareBacked(&cert)) { |
| 137 rv = l10n_util::GetStringFUTF16( | 190 rv = l10n_util::GetStringFUTF16( |
| 138 IDS_CERT_MANAGER_HARDWARE_BACKED_KEY_FORMAT, | 191 IDS_CERT_MANAGER_HARDWARE_BACKED_KEY_FORMAT, |
| 139 rv, | 192 rv, |
| 140 l10n_util::GetStringUTF16(IDS_CERT_MANAGER_HARDWARE_BACKED)); | 193 l10n_util::GetStringUTF16(IDS_CERT_MANAGER_HARDWARE_BACKED)); |
| 141 } | 194 } |
| 142 break; | 195 break; |
| 143 case COL_CERTIFICATE_STORE: | 196 case COL_CERTIFICATE_STORE: |
| 144 rv = base::UTF8ToUTF16( | 197 rv = base::UTF8ToUTF16( |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 215 const net::X509Certificate* cert) const { | 268 const net::X509Certificate* cert) const { |
| 216 return cert_db_->IsHardwareBacked(cert); | 269 return cert_db_->IsHardwareBacked(cert); |
| 217 } | 270 } |
| 218 | 271 |
| 219 // static | 272 // static |
| 220 void CertificateManagerModel::DidGetCertDBOnUIThread( | 273 void CertificateManagerModel::DidGetCertDBOnUIThread( |
| 221 net::NSSCertDatabase* cert_db, | 274 net::NSSCertDatabase* cert_db, |
| 222 bool is_user_db_available, | 275 bool is_user_db_available, |
| 223 bool is_tpm_available, | 276 bool is_tpm_available, |
| 224 CertificateManagerModel::Observer* observer, | 277 CertificateManagerModel::Observer* observer, |
| 278 std::unique_ptr<chromeos::CertificateProvider> certificate_provider, |
| 225 const CreationCallback& callback) { | 279 const CreationCallback& callback) { |
| 226 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 280 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 227 | 281 |
| 228 std::unique_ptr<CertificateManagerModel> model(new CertificateManagerModel( | 282 std::unique_ptr<CertificateManagerModel> model(new CertificateManagerModel( |
| 229 cert_db, is_user_db_available, is_tpm_available, observer)); | 283 cert_db, is_user_db_available, is_tpm_available, observer, |
| 284 std::move(certificate_provider))); |
| 230 callback.Run(std::move(model)); | 285 callback.Run(std::move(model)); |
| 231 } | 286 } |
| 232 | 287 |
| 233 // static | 288 // static |
| 234 void CertificateManagerModel::DidGetCertDBOnIOThread( | 289 void CertificateManagerModel::DidGetCertDBOnIOThread( |
| 235 CertificateManagerModel::Observer* observer, | 290 CertificateManagerModel::Observer* observer, |
| 291 std::unique_ptr<chromeos::CertificateProvider> certificate_provider, |
| 236 const CreationCallback& callback, | 292 const CreationCallback& callback, |
| 237 net::NSSCertDatabase* cert_db) { | 293 net::NSSCertDatabase* cert_db) { |
| 238 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 294 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| 239 | 295 |
| 240 bool is_user_db_available = !!cert_db->GetPublicSlot(); | 296 bool is_user_db_available = !!cert_db->GetPublicSlot(); |
| 241 bool is_tpm_available = false; | 297 bool is_tpm_available = false; |
| 242 #if defined(OS_CHROMEOS) | 298 #if defined(OS_CHROMEOS) |
| 243 is_tpm_available = crypto::IsTPMTokenEnabledForNSS(); | 299 is_tpm_available = crypto::IsTPMTokenEnabledForNSS(); |
| 244 #endif | 300 #endif |
| 245 BrowserThread::PostTask( | 301 BrowserThread::PostTask( |
| 246 BrowserThread::UI, | 302 BrowserThread::UI, |
| 247 FROM_HERE, | 303 FROM_HERE, |
| 248 base::Bind(&CertificateManagerModel::DidGetCertDBOnUIThread, | 304 base::Bind(&CertificateManagerModel::DidGetCertDBOnUIThread, |
| 249 cert_db, | 305 cert_db, |
| 250 is_user_db_available, | 306 is_user_db_available, |
| 251 is_tpm_available, | 307 is_tpm_available, |
| 252 observer, | 308 observer, |
| 309 base::Passed(&certificate_provider), |
| 253 callback)); | 310 callback)); |
| 254 } | 311 } |
| 255 | 312 |
| 256 // static | 313 // static |
| 257 void CertificateManagerModel::GetCertDBOnIOThread( | 314 void CertificateManagerModel::GetCertDBOnIOThread( |
| 258 content::ResourceContext* context, | 315 content::ResourceContext* context, |
| 259 CertificateManagerModel::Observer* observer, | 316 CertificateManagerModel::Observer* observer, |
| 317 std::unique_ptr<chromeos::CertificateProvider> certificate_provider, |
| 260 const CreationCallback& callback) { | 318 const CreationCallback& callback) { |
| 261 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 319 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| 320 |
| 321 auto did_get_cert_db_callback = base::Bind( |
| 322 &CertificateManagerModel::DidGetCertDBOnIOThread, observer, |
| 323 base::Passed(&certificate_provider), callback); |
| 324 |
| 262 net::NSSCertDatabase* cert_db = GetNSSCertDatabaseForResourceContext( | 325 net::NSSCertDatabase* cert_db = GetNSSCertDatabaseForResourceContext( |
| 263 context, | 326 context, did_get_cert_db_callback); |
| 264 base::Bind(&CertificateManagerModel::DidGetCertDBOnIOThread, | 327 |
| 265 observer, | 328 // The callback is run here instead of the actual function call because of |
| 266 callback)); | 329 // certificate_provider ownership semantics, ie. ownership can only be |
| 330 // released once. The callback will only be run once (either inside the |
| 331 // function above or here). |
| 267 if (cert_db) | 332 if (cert_db) |
| 268 DidGetCertDBOnIOThread(observer, callback, cert_db); | 333 did_get_cert_db_callback.Run(cert_db); |
| 269 } | 334 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2307373003:
Show extension provided certificates in chrome://settings/certificates (Closed)
