OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/options/cert_library.h" | 5 #include "chrome/browser/chromeos/options/cert_library.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 | 8 |
9 #include "base/command_line.h" | |
10 #include "base/i18n/string_compare.h" | 9 #include "base/i18n/string_compare.h" |
11 #include "base/memory/weak_ptr.h" | 10 #include "base/memory/weak_ptr.h" |
12 #include "base/observer_list_threadsafe.h" | 11 #include "base/observer_list_threadsafe.h" |
13 #include "base/strings/string_number_conversions.h" | |
14 #include "base/strings/string_util.h" | 12 #include "base/strings/string_util.h" |
15 #include "base/strings/utf_string_conversions.h" | 13 #include "base/strings/utf_string_conversions.h" |
16 #include "chrome/browser/browser_process.h" // g_browser_process | 14 #include "chrome/browser/browser_process.h" // g_browser_process |
17 #include "chrome/common/chrome_switches.h" | |
18 #include "chrome/common/net/x509_certificate_model.h" | |
19 #include "chrome/grit/generated_resources.h" | 15 #include "chrome/grit/generated_resources.h" |
20 #include "chromeos/dbus/cryptohome_client.h" | 16 #include "chromeos/dbus/cryptohome_client.h" |
21 #include "chromeos/dbus/dbus_thread_manager.h" | 17 #include "chromeos/dbus/dbus_thread_manager.h" |
22 #include "chromeos/login/login_state.h" | 18 #include "chromeos/login/login_state.h" |
| 19 #include "chromeos/network/certificate_helper.h" |
23 #include "chromeos/network/onc/onc_utils.h" | 20 #include "chromeos/network/onc/onc_utils.h" |
24 #include "content/public/browser/browser_thread.h" | |
25 #include "crypto/nss_util.h" | 21 #include "crypto/nss_util.h" |
26 #include "net/cert/cert_database.h" | 22 #include "net/cert/cert_database.h" |
27 #include "net/cert/nss_cert_database.h" | 23 #include "net/cert/nss_cert_database.h" |
28 #include "third_party/icu/source/i18n/unicode/coll.h" // icu::Collator | 24 #include "third_party/icu/source/i18n/unicode/coll.h" // icu::Collator |
29 #include "ui/base/l10n/l10n_util.h" | 25 #include "ui/base/l10n/l10n_util.h" |
30 #include "ui/base/l10n/l10n_util_collator.h" | 26 #include "ui/base/l10n/l10n_util_collator.h" |
31 | 27 |
32 namespace chromeos { | 28 namespace chromeos { |
33 | 29 |
34 namespace { | 30 namespace { |
35 | 31 |
36 // Root CA certificates that are built into Chrome use this token name. | 32 // Root CA certificates that are built into Chrome use this token name. |
37 const char kRootCertificateTokenName[] = "Builtin Object Token"; | 33 const char kRootCertificateTokenName[] = "Builtin Object Token"; |
38 | 34 |
39 base::string16 GetDisplayString(net::X509Certificate* cert, | 35 base::string16 GetDisplayString(net::X509Certificate* cert, |
40 bool hardware_backed) { | 36 bool hardware_backed) { |
41 std::string org; | 37 std::string alt_text; |
42 if (!cert->subject().organization_names.empty()) | 38 if (!cert->subject().organization_names.empty()) |
43 org = cert->subject().organization_names[0]; | 39 alt_text = cert->subject().organization_names[0]; |
44 if (org.empty()) | 40 if (alt_text.empty()) |
45 org = cert->subject().GetDisplayName(); | 41 alt_text = cert->subject().GetDisplayName(); |
46 base::string16 issued_by = base::UTF8ToUTF16( | 42 base::string16 issued_by = base::UTF8ToUTF16( |
47 x509_certificate_model::GetIssuerCommonName(cert->os_cert_handle(), | 43 certificate::GetIssuerCommonName(cert->os_cert_handle(), alt_text)); |
48 org)); // alternative text | 44 |
49 base::string16 issued_to = base::UTF8ToUTF16( | 45 base::string16 issued_to = base::UTF8ToUTF16( |
50 x509_certificate_model::GetCertNameOrNickname(cert->os_cert_handle())); | 46 certificate::GetCertNameOrNickname(cert->os_cert_handle())); |
| 47 base::string16 issued_to_ascii = base::UTF8ToUTF16( |
| 48 certificate::GetCertAsciiNameOrNickname(cert->os_cert_handle())); |
| 49 if (issued_to_ascii != issued_to) { |
| 50 // Input contained encoded data, show original and decoded forms. |
| 51 issued_to = l10n_util::GetStringFUTF16(IDS_CERT_INFO_IDN_VALUE_FORMAT, |
| 52 issued_to_ascii, issued_to); |
| 53 } |
51 | 54 |
52 if (hardware_backed) { | 55 if (hardware_backed) { |
53 return l10n_util::GetStringFUTF16( | 56 return l10n_util::GetStringFUTF16( |
54 IDS_CERT_MANAGER_HARDWARE_BACKED_KEY_FORMAT_LONG, | 57 IDS_CERT_MANAGER_HARDWARE_BACKED_KEY_FORMAT_LONG, |
55 issued_by, | 58 issued_by, |
56 issued_to, | 59 issued_to, |
57 l10n_util::GetStringUTF16(IDS_CERT_MANAGER_HARDWARE_BACKED)); | 60 l10n_util::GetStringUTF16(IDS_CERT_MANAGER_HARDWARE_BACKED)); |
58 } else { | 61 } else { |
59 return l10n_util::GetStringFUTF16( | 62 return l10n_util::GetStringFUTF16( |
60 IDS_CERT_MANAGER_KEY_FORMAT_LONG, | 63 IDS_CERT_MANAGER_KEY_FORMAT_LONG, |
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
191 int slot_id = -1; | 194 int slot_id = -1; |
192 std::string id = CertLoader::GetPkcs11IdAndSlotForCert(*cert, &slot_id); | 195 std::string id = CertLoader::GetPkcs11IdAndSlotForCert(*cert, &slot_id); |
193 if (id == pkcs11_id) | 196 if (id == pkcs11_id) |
194 return index; | 197 return index; |
195 } | 198 } |
196 return -1; // Not found. | 199 return -1; // Not found. |
197 } | 200 } |
198 | 201 |
199 void CertLibrary::OnCertificatesLoaded(const net::CertificateList& cert_list, | 202 void CertLibrary::OnCertificatesLoaded(const net::CertificateList& cert_list, |
200 bool initial_load) { | 203 bool initial_load) { |
201 CHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | 204 DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); |
202 VLOG(1) << "CertLibrary::OnCertificatesLoaded: " << cert_list.size(); | 205 VLOG(1) << "CertLibrary::OnCertificatesLoaded: " << cert_list.size(); |
203 certs_.clear(); | 206 certs_.clear(); |
204 user_certs_.clear(); | 207 user_certs_.clear(); |
205 server_certs_.clear(); | 208 server_certs_.clear(); |
206 server_ca_certs_.clear(); | 209 server_ca_certs_.clear(); |
207 | 210 |
208 // Add certificates to the appropriate list. | 211 // Add certificates to the appropriate list. |
209 for (net::CertificateList::const_iterator iter = cert_list.begin(); | 212 for (net::CertificateList::const_iterator iter = cert_list.begin(); |
210 iter != cert_list.end(); ++iter) { | 213 iter != cert_list.end(); ++iter) { |
211 certs_.push_back(iter->get()); | 214 certs_.push_back(iter->get()); |
212 net::X509Certificate::OSCertHandle cert_handle = | 215 net::X509Certificate::OSCertHandle cert_handle = |
213 iter->get()->os_cert_handle(); | 216 iter->get()->os_cert_handle(); |
214 net::CertType type = x509_certificate_model::GetType(cert_handle); | 217 net::CertType type = certificate::GetCertType(cert_handle); |
215 switch (type) { | 218 switch (type) { |
216 case net::USER_CERT: | 219 case net::USER_CERT: |
217 user_certs_.push_back(iter->get()); | 220 user_certs_.push_back(iter->get()); |
218 break; | 221 break; |
219 case net::SERVER_CERT: | 222 case net::SERVER_CERT: |
220 server_certs_.push_back(iter->get()); | 223 server_certs_.push_back(iter->get()); |
221 break; | 224 break; |
222 case net::CA_CERT: { | 225 case net::CA_CERT: { |
223 // Exclude root CA certificates that are built into Chrome. | 226 // Exclude root CA certificates that are built into Chrome. |
224 std::string token_name = | 227 std::string token_name = certificate::GetCertTokenName(cert_handle); |
225 x509_certificate_model::GetTokenName(cert_handle); | |
226 if (token_name != kRootCertificateTokenName) | 228 if (token_name != kRootCertificateTokenName) |
227 server_ca_certs_.push_back(iter->get()); | 229 server_ca_certs_.push_back(iter->get()); |
228 break; | 230 break; |
229 } | 231 } |
230 default: | 232 default: |
231 break; | 233 break; |
232 } | 234 } |
233 } | 235 } |
234 | 236 |
235 // Perform locale-sensitive sorting by certificate name. | 237 // Perform locale-sensitive sorting by certificate name. |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
268 return user_certs_; | 270 return user_certs_; |
269 if (type == CERT_TYPE_SERVER) | 271 if (type == CERT_TYPE_SERVER) |
270 return server_certs_; | 272 return server_certs_; |
271 if (type == CERT_TYPE_SERVER_CA) | 273 if (type == CERT_TYPE_SERVER_CA) |
272 return server_ca_certs_; | 274 return server_ca_certs_; |
273 DCHECK(type == CERT_TYPE_DEFAULT); | 275 DCHECK(type == CERT_TYPE_DEFAULT); |
274 return certs_; | 276 return certs_; |
275 } | 277 } |
276 | 278 |
277 } // namespace chromeos | 279 } // namespace chromeos |
OLD | NEW |