Show extension provided certificates in chrome://settings/certificates

chrome/browser/certificate_manager_model.cc

Index: chrome/browser/certificate_manager_model.cc
diff --git a/chrome/browser/certificate_manager_model.cc b/chrome/browser/certificate_manager_model.cc
index 3d366edc97e98d158ddca5d90b70cbd37120be6f..bbe821bded7aede473a3bf7a6238ba59617f40cd 100644
--- a/chrome/browser/certificate_manager_model.cc
+++ b/chrome/browser/certificate_manager_model.cc
@@ -11,6 +11,8 @@
 #include "base/logging.h"
 #include "base/strings/utf_string_conversions.h"
 #include "build/build_config.h"
+#include "chrome/browser/chromeos/certificate_provider/certificate_provider_service.h"
+#include "chrome/browser/chromeos/certificate_provider/certificate_provider_service_factory.h"
 #include "chrome/browser/net/nss_context.h"
 #include "chrome/browser/ui/crypto_module_password_dialog_nss.h"
 #include "chrome/common/net/x509_certificate_model.h"
@@ -50,6 +52,20 @@ using content::BrowserThread;
 //                  |
 //               callback
 
+namespace {
+
+std::string GetCertificateOrg(net::X509Certificate* cert) {
+    std::string org;
+    if (!cert->subject().organization_names.empty())
+      org = cert->subject().organization_names[0];
+    if (org.empty())
+      org = cert->subject().GetDisplayName();
+
+    return org;
+}
+
+}  // namespace
+
 // static
 void CertificateManagerModel::Create(
     content::BrowserContext* browser_context,
@@ -60,8 +76,8 @@ void CertificateManagerModel::Create(
       BrowserThread::IO,
       FROM_HERE,
       base::Bind(&CertificateManagerModel::GetCertDBOnIOThread,
-                 browser_context->GetResourceContext(),
                  observer,
+                 browser_context,
                  callback));
 }
 
@@ -69,12 +85,21 @@ CertificateManagerModel::CertificateManagerModel(
     net::NSSCertDatabase* nss_cert_database,
     bool is_user_db_available,
     bool is_tpm_available,
-    Observer* observer)
+    Observer* observer,
+    content::BrowserContext* browser_context)
     : cert_db_(nss_cert_database),
       is_user_db_available_(is_user_db_available),
       is_tpm_available_(is_tpm_available),
-      observer_(observer) {
+      observer_(observer),
+      weak_ptr_factory_(this) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
+
+#if defined(OS_CHROMEOS)
+  chromeos::CertificateProviderService* service =
+      chromeos::CertificateProviderServiceFactory::GetForBrowserContext(
+          browser_context);
+  certificate_provider_ = service->CreateCertificateProvider();
+#endif
 }
 
 CertificateManagerModel::~CertificateManagerModel() {
@@ -92,6 +117,12 @@ void CertificateManagerModel::Refresh() {
       NULL, // TODO(mattm): supply parent window.
       base::Bind(&CertificateManagerModel::RefreshSlotsUnlocked,
                  base::Unretained(this)));
+
+#if defined(OS_CHROMEOS)
+  certificate_provider_->GetCertificates(base::Bind(
+      &CertificateManagerModel::RefreshExtensionCertificates,
+      weak_ptr_factory_.GetWeakPtr()));
+#endif
 }
 
 void CertificateManagerModel::RefreshSlotsUnlocked() {
@@ -99,7 +130,14 @@ void CertificateManagerModel::RefreshSlotsUnlocked() {
   // TODO(tbarzic): Use async |ListCerts|.
   cert_db_->ListCertsSync(&cert_list_);
   observer_->CertificatesRefreshed();
-  DVLOG(1) << "refresh finished";
+  DVLOG(1) << "refresh finished for platform provided certificates";
+}
+
+void CertificateManagerModel::RefreshExtensionCertificates(
+    const net::CertificateList& new_certs) {
+  extension_cert_list_ = new_certs;
+  observer_->CertificatesRefreshed();
+  DVLOG(1) << "refresh finished for extension provided certificates";
 }
 
 void CertificateManagerModel::FilterAndBuildOrgGroupingMap(
@@ -113,14 +151,17 @@ void CertificateManagerModel::FilterAndBuildOrgGroupingMap(
     if (type != filter_type)
       continue;
 
-    std::string org;
-    if (!cert->subject().organization_names.empty())
-      org = cert->subject().organization_names[0];
-    if (org.empty())
-      org = cert->subject().GetDisplayName();
-
+    std::string org = GetCertificateOrg(cert);
     (*map)[org].push_back(cert);
   }
+
+  // Display extension provided certificates under the "Your Certificates" tab.
+  if (filter_type == net::USER_CERT) {
+    for (auto cert : extension_cert_list_) {
+      std::string org = GetCertificateOrg(cert.get());
+      (*map)[org].push_back(cert);
+    }
+  }
 }
 
 base::string16 CertificateManagerModel::GetColumnText(
@@ -132,6 +173,14 @@ base::string16 CertificateManagerModel::GetColumnText(
       rv = base::UTF8ToUTF16(
           x509_certificate_model::GetCertNameOrNickname(cert.os_cert_handle()));
 
+      // Mark extension provided certificates.
+      if (std::find(extension_cert_list_.begin(), extension_cert_list_.end(),

[emaxx, 2016/09/06 16:17:03]

You could use base::ContainsValue for this check.

[Ivan Šandrk, 2016/09/06 16:27:53]

Done.

+                    &cert) != extension_cert_list_.end()) {
+        rv = l10n_util::GetStringFUTF16(
+            IDS_CERT_MANAGER_EXTENSION_PROVIDED_FORMAT,
+            rv);
+      }
+
       // TODO(xiyuan): Put this into a column when we have js tree-table.
       if (IsHardwareBacked(&cert)) {
         rv = l10n_util::GetStringFUTF16(
@@ -222,17 +271,20 @@ void CertificateManagerModel::DidGetCertDBOnUIThread(
     bool is_user_db_available,
     bool is_tpm_available,
     CertificateManagerModel::Observer* observer,
+    content::BrowserContext* browser_context,
     const CreationCallback& callback) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
 
   std::unique_ptr<CertificateManagerModel> model(new CertificateManagerModel(
-      cert_db, is_user_db_available, is_tpm_available, observer));
+      cert_db, is_user_db_available, is_tpm_available, observer,
+      browser_context));
   callback.Run(std::move(model));
 }
 
 // static
 void CertificateManagerModel::DidGetCertDBOnIOThread(
     CertificateManagerModel::Observer* observer,
+    content::BrowserContext* browser_context,
     const CreationCallback& callback,
     net::NSSCertDatabase* cert_db) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
@@ -250,20 +302,23 @@ void CertificateManagerModel::DidGetCertDBOnIOThread(
                  is_user_db_available,
                  is_tpm_available,
                  observer,
+                 browser_context,
                  callback));
 }
 
 // static
 void CertificateManagerModel::GetCertDBOnIOThread(
-    content::ResourceContext* context,
     CertificateManagerModel::Observer* observer,
+    content::BrowserContext* browser_context,
     const CreationCallback& callback) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   net::NSSCertDatabase* cert_db = GetNSSCertDatabaseForResourceContext(
-      context,
+      browser_context->GetResourceContext(),
       base::Bind(&CertificateManagerModel::DidGetCertDBOnIOThread,
                  observer,
+                 browser_context,
                  callback));
+
   if (cert_db)
-    DidGetCertDBOnIOThread(observer, callback, cert_db);
+    DidGetCertDBOnIOThread(observer, browser_context, callback, cert_db);
 }