OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #import "chrome/browser/ui/cocoa/ssl_client_certificate_selector_cocoa.h" | 5 #import "chrome/browser/ui/cocoa/ssl_client_certificate_selector_cocoa.h" |
6 | 6 |
7 #import <SecurityInterface/SFChooseIdentityPanel.h> | 7 #import <SecurityInterface/SFChooseIdentityPanel.h> |
8 #include <stddef.h> | 8 #include <stddef.h> |
9 | 9 |
10 #include <utility> | 10 #include <utility> |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
65 // ConstrainedWindowMacDelegate implementation: | 65 // ConstrainedWindowMacDelegate implementation: |
66 void OnConstrainedWindowClosed(ConstrainedWindowMac* window) override { | 66 void OnConstrainedWindowClosed(ConstrainedWindowMac* window) override { |
67 // |onConstrainedWindowClosed| will delete the sheet which might be still | 67 // |onConstrainedWindowClosed| will delete the sheet which might be still |
68 // in use higher up the call stack. Wait for the next cycle of the event | 68 // in use higher up the call stack. Wait for the next cycle of the event |
69 // loop to call this function. | 69 // loop to call this function. |
70 [controller_ performSelector:@selector(onConstrainedWindowClosed) | 70 [controller_ performSelector:@selector(onConstrainedWindowClosed) |
71 withObject:nil | 71 withObject:nil |
72 afterDelay:0]; | 72 afterDelay:0]; |
73 } | 73 } |
74 | 74 |
75 void GotPrivateKey( | |
76 base::scoped_nsobject<SSLClientCertificateSelectorCocoa> controller_ref, | |
77 net::X509Certificate* cert, | |
78 scoped_refptr<net::SSLPrivateKey> private_key) { | |
79 CertificateSelected(cert, private_key.get()); | |
80 } | |
81 | |
75 private: | 82 private: |
76 SSLClientCertificateSelectorCocoa* controller_; // weak | 83 SSLClientCertificateSelectorCocoa* controller_; // weak |
77 }; | 84 }; |
78 | 85 |
79 namespace chrome { | 86 namespace chrome { |
80 | 87 |
81 void ShowSSLClientCertificateSelector( | 88 void ShowSSLClientCertificateSelector( |
82 content::WebContents* contents, | 89 content::WebContents* contents, |
83 net::SSLCertRequestInfo* cert_request_info, | 90 net::SSLCertRequestInfo* cert_request_info, |
84 net::CertificateList client_certs, | 91 net::ClientCertIdentityList client_certs, |
85 std::unique_ptr<content::ClientCertificateDelegate> delegate) { | 92 std::unique_ptr<content::ClientCertificateDelegate> delegate) { |
86 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 93 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
87 | 94 |
88 // Not all WebContentses can show modal dialogs. | 95 // Not all WebContentses can show modal dialogs. |
89 // | 96 // |
90 // Use the top-level embedder if |contents| is a guest. | 97 // Use the top-level embedder if |contents| is a guest. |
91 // GetTopLevelWebContents() will return |contents| otherwise. | 98 // GetTopLevelWebContents() will return |contents| otherwise. |
92 // TODO(davidben): Move this hook to the WebContentsDelegate and only try to | 99 // TODO(davidben): Move this hook to the WebContentsDelegate and only try to |
93 // show a dialog in Browser's implementation. https://crbug.com/456255 | 100 // show a dialog in Browser's implementation. https://crbug.com/456255 |
94 if (web_modal::WebContentsModalDialogManager::FromWebContents( | 101 if (web_modal::WebContentsModalDialogManager::FromWebContents( |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
170 if ((self = [super init])) { | 177 if ((self = [super init])) { |
171 observer_.reset(new SSLClientAuthObserverCocoaBridge( | 178 observer_.reset(new SSLClientAuthObserverCocoaBridge( |
172 browserContext, certRequestInfo, std::move(delegate), self)); | 179 browserContext, certRequestInfo, std::move(delegate), self)); |
173 } | 180 } |
174 return self; | 181 return self; |
175 } | 182 } |
176 | 183 |
177 - (void)sheetDidEnd:(NSWindow*)sheet | 184 - (void)sheetDidEnd:(NSWindow*)sheet |
178 returnCode:(NSInteger)returnCode | 185 returnCode:(NSInteger)returnCode |
179 context:(void*)context { | 186 context:(void*)context { |
180 net::X509Certificate* cert = NULL; | 187 net::ClientCertIdentity* cert = nullptr; |
181 if (returnCode == NSFileHandlingPanelOKButton) { | 188 if (returnCode == NSFileHandlingPanelOKButton) { |
182 CFRange range = CFRangeMake(0, CFArrayGetCount(identities_)); | 189 CFRange range = CFRangeMake(0, CFArrayGetCount(sec_identities_)); |
183 CFIndex index = | 190 CFIndex index = |
184 CFArrayGetFirstIndexOfValue(identities_, range, [panel_ identity]); | 191 CFArrayGetFirstIndexOfValue(sec_identities_, range, [panel_ identity]); |
185 if (index != -1) | 192 if (index != -1) |
186 cert = certificates_[index].get(); | 193 cert = cert_identities_[index].get(); |
187 else | 194 else |
188 NOTREACHED(); | 195 NOTREACHED(); |
189 } | 196 } |
190 | 197 |
191 // See comment at definition; this works around a 10.12 bug. | 198 // See comment at definition; this works around a 10.12 bug. |
192 ClearTableViewDataSourcesIfNeeded(sheet); | 199 ClearTableViewDataSourcesIfNeeded(sheet); |
193 | 200 |
194 if (!closePending_) { | 201 if (!closePending_) { |
195 // If |closePending_| is already set, |closeSheetWithAnimation:| was called | 202 // If |closePending_| is already set, |closeSheetWithAnimation:| was called |
196 // already to cancel the selection rather than continue with no | 203 // already to cancel the selection rather than continue with no |
197 // certificate. Otherwise, tell the backend which identity (or none) the | 204 // certificate. Otherwise, tell the backend which identity (or none) the |
198 // user selected. | 205 // user selected. |
199 userResponded_ = YES; | 206 userResponded_ = YES; |
200 observer_->CertificateSelected(cert); | 207 |
208 // Remove the observer before we try acquiring private key, otherwise we | |
209 // might act on a notification while waiting for the callback, causing us | |
210 // to delete ourself before the callback gets called. | |
211 observer_->StopObserving(); | |
212 | |
213 if (cert) { | |
214 // Pass a scoped_nsobject handle for |self| to ensure |observer_| and | |
215 // |cert_identities_| stay alive until the private key is acquired. | |
216 cert->AcquirePrivateKey( | |
217 base::Bind(&SSLClientAuthObserverCocoaBridge::GotPrivateKey, | |
218 base::Unretained(observer_.get()), | |
219 base::scoped_nsobject<SSLClientCertificateSelectorCocoa>( | |
220 [self retain]), | |
221 base::Unretained(cert->certificate()))); | |
davidben
2017/06/07 23:06:16
Optional: It's a little odd here that you're calli
mattm
2017/06/08 21:47:55
Yeah, I think that makes sense. If this code is al
| |
222 } else { | |
223 observer_->CertificateSelected(nullptr, nullptr); | |
224 } | |
201 | 225 |
202 constrainedWindow_->CloseWebContentsModalDialog(); | 226 constrainedWindow_->CloseWebContentsModalDialog(); |
203 } | 227 } |
204 } | 228 } |
205 | 229 |
206 - (void)displayForWebContents:(content::WebContents*)webContents | 230 - (void)displayForWebContents:(content::WebContents*)webContents |
207 clientCerts:(net::CertificateList)inputClientCerts { | 231 clientCerts:(net::ClientCertIdentityList)inputClientCerts { |
232 cert_identities_ = std::move(inputClientCerts); | |
208 // Create an array of CFIdentityRefs for the certificates: | 233 // Create an array of CFIdentityRefs for the certificates: |
209 size_t numCerts = inputClientCerts.size(); | 234 size_t numCerts = cert_identities_.size(); |
210 identities_.reset(CFArrayCreateMutable( | 235 sec_identities_.reset(CFArrayCreateMutable(kCFAllocatorDefault, numCerts, |
211 kCFAllocatorDefault, numCerts, &kCFTypeArrayCallBacks)); | 236 &kCFTypeArrayCallBacks)); |
212 for (size_t i = 0; i < numCerts; ++i) { | 237 for (size_t i = 0; i < numCerts; ++i) { |
213 base::ScopedCFTypeRef<SecCertificateRef> cert( | 238 DCHECK(cert_identities_[i]->sec_identity_ref()); |
214 net::x509_util::CreateSecCertificateFromX509Certificate( | 239 CFArrayAppendValue(sec_identities_, |
215 inputClientCerts[i].get())); | 240 cert_identities_[i]->sec_identity_ref()); |
216 if (!cert) | |
217 continue; | |
218 SecIdentityRef identity; | |
219 if (SecIdentityCreateWithCertificate(NULL, cert, &identity) == noErr) { | |
220 CFArrayAppendValue(identities_, identity); | |
221 CFRelease(identity); | |
222 certificates_.push_back(inputClientCerts[i]); | |
223 } | |
224 } | 241 } |
225 | 242 |
226 // Get the message to display: | 243 // Get the message to display: |
227 NSString* message = l10n_util::GetNSStringF( | 244 NSString* message = l10n_util::GetNSStringF( |
228 IDS_CLIENT_CERT_DIALOG_TEXT, | 245 IDS_CLIENT_CERT_DIALOG_TEXT, |
229 base::ASCIIToUTF16( | 246 base::ASCIIToUTF16( |
230 observer_->cert_request_info()->host_and_port.ToString())); | 247 observer_->cert_request_info()->host_and_port.ToString())); |
231 | 248 |
232 // Create and set up a system choose-identity panel. | 249 // Create and set up a system choose-identity panel. |
233 panel_.reset([[SFChooseIdentityPanel alloc] init]); | 250 panel_.reset([[SFChooseIdentityPanel alloc] init]); |
(...skipping 24 matching lines...) Expand all Loading... | |
258 return panel_; | 275 return panel_; |
259 } | 276 } |
260 | 277 |
261 - (void)showSheetForWindow:(NSWindow*)window { | 278 - (void)showSheetForWindow:(NSWindow*)window { |
262 NSString* title = l10n_util::GetNSString(IDS_CLIENT_CERT_DIALOG_TITLE); | 279 NSString* title = l10n_util::GetNSString(IDS_CLIENT_CERT_DIALOG_TITLE); |
263 overlayWindow_.reset([window retain]); | 280 overlayWindow_.reset([window retain]); |
264 [panel_ beginSheetForWindow:window | 281 [panel_ beginSheetForWindow:window |
265 modalDelegate:self | 282 modalDelegate:self |
266 didEndSelector:@selector(sheetDidEnd:returnCode:context:) | 283 didEndSelector:@selector(sheetDidEnd:returnCode:context:) |
267 contextInfo:NULL | 284 contextInfo:NULL |
268 identities:base::mac::CFToNSCast(identities_) | 285 identities:base::mac::CFToNSCast(sec_identities_) |
269 message:title]; | 286 message:title]; |
270 } | 287 } |
271 | 288 |
272 - (void)closeSheetWithAnimation:(BOOL)withAnimation { | 289 - (void)closeSheetWithAnimation:(BOOL)withAnimation { |
273 if (!userResponded_) { | 290 if (!userResponded_) { |
274 // If the sheet is closed by closing the tab rather than the user explicitly | 291 // If the sheet is closed by closing the tab rather than the user explicitly |
275 // hitting Cancel, |closeSheetWithAnimation:| gets called before | 292 // hitting Cancel, |closeSheetWithAnimation:| gets called before |
276 // |sheetDidEnd:|. In this case, the selection should be canceled rather | 293 // |sheetDidEnd:|. In this case, the selection should be canceled rather |
277 // than continue with no certificate. The |returnCode| parameter to | 294 // than continue with no certificate. The |returnCode| parameter to |
278 // |sheetDidEnd:| is the same in both cases. | 295 // |sheetDidEnd:| is the same in both cases. |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
322 } | 339 } |
323 | 340 |
324 - (void)onConstrainedWindowClosed { | 341 - (void)onConstrainedWindowClosed { |
325 observer_->StopObserving(); | 342 observer_->StopObserving(); |
326 panel_.reset(); | 343 panel_.reset(); |
327 constrainedWindow_.reset(); | 344 constrainedWindow_.reset(); |
328 [self release]; | 345 [self release]; |
329 } | 346 } |
330 | 347 |
331 @end | 348 @end |
OLD | NEW |