OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/ui/views/ssl_client_certificate_selector.h" | 5 #include "chrome/browser/ui/views/ssl_client_certificate_selector.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
11 #include "base/strings/utf_string_conversions.h" | 11 #include "base/strings/utf_string_conversions.h" |
12 #include "build/build_config.h" | 12 #include "build/build_config.h" |
| 13 #include "chrome/browser/ssl/ssl_client_auth_observer.h" |
13 #include "chrome/browser/ui/browser_dialogs.h" | 14 #include "chrome/browser/ui/browser_dialogs.h" |
14 #include "chrome/grit/generated_resources.h" | 15 #include "chrome/grit/generated_resources.h" |
15 #include "content/public/browser/browser_thread.h" | 16 #include "content/public/browser/browser_thread.h" |
16 #include "content/public/browser/client_certificate_delegate.h" | 17 #include "content/public/browser/client_certificate_delegate.h" |
17 #include "content/public/browser/web_contents.h" | 18 #include "content/public/browser/web_contents.h" |
| 19 #include "content/public/browser/web_contents_observer.h" |
18 #include "net/cert/x509_certificate.h" | 20 #include "net/cert/x509_certificate.h" |
19 #include "net/ssl/ssl_cert_request_info.h" | 21 #include "net/ssl/ssl_cert_request_info.h" |
20 #include "ui/base/l10n/l10n_util.h" | 22 #include "ui/base/l10n/l10n_util.h" |
21 #include "ui/views/controls/label.h" | 23 #include "ui/views/controls/label.h" |
22 #include "ui/views/widget/widget.h" | 24 #include "ui/views/widget/widget.h" |
23 | 25 |
24 #if defined(USE_NSS_CERTS) && !defined(OS_CHROMEOS) | 26 class SSLClientCertificateSelector::SSLClientAuthObserverImpl |
25 #include "chrome/browser/ui/crypto_module_password_dialog_nss.h" | 27 : public SSLClientAuthObserver, |
26 #endif | 28 public content::WebContentsObserver { |
| 29 public: |
| 30 SSLClientAuthObserverImpl( |
| 31 content::WebContents* web_contents, |
| 32 const scoped_refptr<net::SSLCertRequestInfo>& cert_request_info, |
| 33 std::unique_ptr<content::ClientCertificateDelegate> delegate) |
| 34 : SSLClientAuthObserver(web_contents->GetBrowserContext(), |
| 35 cert_request_info, |
| 36 std::move(delegate)), |
| 37 content::WebContentsObserver(web_contents) {} |
| 38 |
| 39 void Init(base::OnceClosure close_dialog_callback) { |
| 40 close_dialog_callback_ = std::move(close_dialog_callback); |
| 41 StartObserving(); |
| 42 } |
| 43 |
| 44 static void AcceptCertificate( |
| 45 std::unique_ptr<SSLClientAuthObserverImpl> self, |
| 46 std::unique_ptr<net::ClientCertIdentity> identity) { |
| 47 // Remove the observer before we try acquiring private key, otherwise we |
| 48 // might act on a notification while waiting for the callback, causing us |
| 49 // to delete ourself before the callback gets called, or to try to run |
| 50 // |close_dialog_callback_| on a dialog which is already closed. |
| 51 self->StopObserving(); |
| 52 net::X509Certificate* cert = identity->certificate(); |
| 53 net::ClientCertIdentity::SelfOwningAcquirePrivateKey( |
| 54 std::move(identity), |
| 55 base::Bind(&SSLClientAuthObserverImpl::GotPrivateKey, |
| 56 base::Passed(&self), base::Unretained(cert))); |
| 57 } |
| 58 |
| 59 void GotPrivateKey(net::X509Certificate* cert, |
| 60 scoped_refptr<net::SSLPrivateKey> private_key) { |
| 61 CertificateSelected(cert, private_key.get()); |
| 62 } |
| 63 |
| 64 // SSLClientAuthObserver: |
| 65 void OnCertSelectedByNotification() override { |
| 66 std::move(close_dialog_callback_).Run(); |
| 67 } |
| 68 |
| 69 // content::WebContentsObserver: |
| 70 void WebContentsDestroyed() override { |
| 71 // If the tab is closed (either while the selector dialog is still showing, |
| 72 // or after the dialog has closed but the AcquirePrivateKey callback is |
| 73 // still pending), abort the request. |
| 74 CancelCertificateSelection(); |
| 75 } |
| 76 |
| 77 private: |
| 78 base::OnceClosure close_dialog_callback_; |
| 79 }; |
27 | 80 |
28 SSLClientCertificateSelector::SSLClientCertificateSelector( | 81 SSLClientCertificateSelector::SSLClientCertificateSelector( |
29 content::WebContents* web_contents, | 82 content::WebContents* web_contents, |
30 const scoped_refptr<net::SSLCertRequestInfo>& cert_request_info, | 83 const scoped_refptr<net::SSLCertRequestInfo>& cert_request_info, |
31 net::CertificateList client_certs, | 84 net::ClientCertIdentityList client_certs, |
32 std::unique_ptr<content::ClientCertificateDelegate> delegate) | 85 std::unique_ptr<content::ClientCertificateDelegate> delegate) |
33 : CertificateSelector(std::move(client_certs), web_contents), | 86 : CertificateSelector(std::move(client_certs), web_contents), |
34 SSLClientAuthObserver(web_contents->GetBrowserContext(), | 87 auth_observer_impl_( |
35 cert_request_info, | 88 base::MakeUnique<SSLClientAuthObserverImpl>(web_contents, |
36 std::move(delegate)), | 89 cert_request_info, |
37 WebContentsObserver(web_contents) { | 90 std::move(delegate))) { |
38 chrome::RecordDialogCreation( | 91 chrome::RecordDialogCreation( |
39 chrome::DialogIdentifier::SSL_CLIENT_CERTIFICATE_SELECTOR); | 92 chrome::DialogIdentifier::SSL_CLIENT_CERTIFICATE_SELECTOR); |
40 } | 93 } |
41 | 94 |
42 SSLClientCertificateSelector::~SSLClientCertificateSelector() {} | 95 SSLClientCertificateSelector::~SSLClientCertificateSelector() {} |
43 | 96 |
44 void SSLClientCertificateSelector::Init() { | 97 void SSLClientCertificateSelector::Init() { |
45 StartObserving(); | 98 auth_observer_impl_->Init(base::BindOnce( |
| 99 &SSLClientCertificateSelector::CloseDialog, base::Unretained(this))); |
46 std::unique_ptr<views::Label> text_label( | 100 std::unique_ptr<views::Label> text_label( |
47 new views::Label(l10n_util::GetStringFUTF16( | 101 new views::Label(l10n_util::GetStringFUTF16( |
48 IDS_CLIENT_CERT_DIALOG_TEXT, | 102 IDS_CLIENT_CERT_DIALOG_TEXT, |
49 base::ASCIIToUTF16(cert_request_info()->host_and_port.ToString())))); | 103 base::ASCIIToUTF16(auth_observer_impl_->cert_request_info() |
| 104 ->host_and_port.ToString())))); |
50 text_label->SetMultiLine(true); | 105 text_label->SetMultiLine(true); |
51 text_label->SetHorizontalAlignment(gfx::ALIGN_LEFT); | 106 text_label->SetHorizontalAlignment(gfx::ALIGN_LEFT); |
52 text_label->SetAllowCharacterBreak(true); | 107 text_label->SetAllowCharacterBreak(true); |
53 text_label->SizeToFit(kTableViewWidth); | 108 text_label->SizeToFit(kTableViewWidth); |
54 InitWithText(std::move(text_label)); | 109 InitWithText(std::move(text_label)); |
55 } | 110 } |
56 | 111 |
57 void SSLClientCertificateSelector::OnCertSelectedByNotification() { | 112 void SSLClientCertificateSelector::CloseDialog() { |
58 GetWidget()->Close(); | 113 GetWidget()->Close(); |
59 } | 114 } |
60 | 115 |
61 void SSLClientCertificateSelector::DeleteDelegate() { | 116 void SSLClientCertificateSelector::DeleteDelegate() { |
62 // This is here and not in Cancel() to give WebContentsDestroyed a chance | 117 // This is here and not in Cancel() to give WebContentsDestroyed a chance |
63 // to abort instead of proceeding with a null certificate. (This will be | 118 // to abort instead of proceeding with a null certificate. (This will be |
64 // ignored if there was a previous call to CertificateSelected or | 119 // ignored if there was a previous call to CertificateSelected or |
65 // CancelCertificateSelection.) | 120 // CancelCertificateSelection.) |
66 CertificateSelected(nullptr); | 121 if (auth_observer_impl_) |
| 122 auth_observer_impl_->CertificateSelected(nullptr, nullptr); |
67 chrome::CertificateSelector::DeleteDelegate(); | 123 chrome::CertificateSelector::DeleteDelegate(); |
68 } | 124 } |
69 | 125 |
70 bool SSLClientCertificateSelector::Accept() { | 126 void SSLClientCertificateSelector::AcceptCertificate( |
71 scoped_refptr<net::X509Certificate> cert = GetSelectedCert(); | 127 std::unique_ptr<net::ClientCertIdentity> identity) { |
72 if (cert.get()) { | 128 // The SSLClientCertificateSelector will be destroyed after this method |
73 // Remove the observer before we try unlocking, otherwise we might act on a | 129 // returns, so the SSLClientAuthObserverImpl manages its own lifetime while |
74 // notification while waiting for the unlock dialog, causing us to delete | 130 // acquiring the private key from |identity|. |
75 // ourself before the Unlocked callback gets called. | 131 SSLClientAuthObserverImpl::AcceptCertificate(std::move(auth_observer_impl_), |
76 StopObserving(); | 132 std::move(identity)); |
77 #if defined(USE_NSS_CERTS) && !defined(OS_CHROMEOS) | |
78 chrome::UnlockCertSlotIfNecessary( | |
79 cert.get(), chrome::kCryptoModulePasswordClientAuth, | |
80 cert_request_info()->host_and_port, GetWidget()->GetNativeView(), | |
81 base::Bind(&SSLClientCertificateSelector::Unlocked, | |
82 base::Unretained(this), base::RetainedRef(cert))); | |
83 #else | |
84 Unlocked(cert.get()); | |
85 #endif | |
86 return false; // Unlocked() will close the dialog. | |
87 } | |
88 | |
89 return false; | |
90 } | |
91 | |
92 void SSLClientCertificateSelector::WebContentsDestroyed() { | |
93 // If the dialog is closed by closing the containing tab, abort the request. | |
94 CancelCertificateSelection(); | |
95 } | |
96 | |
97 void SSLClientCertificateSelector::Unlocked(net::X509Certificate* cert) { | |
98 CertificateSelected(cert); | |
99 GetWidget()->Close(); | |
100 } | 133 } |
101 | 134 |
102 namespace chrome { | 135 namespace chrome { |
103 | 136 |
104 void ShowSSLClientCertificateSelector( | 137 void ShowSSLClientCertificateSelector( |
105 content::WebContents* contents, | 138 content::WebContents* contents, |
106 net::SSLCertRequestInfo* cert_request_info, | 139 net::SSLCertRequestInfo* cert_request_info, |
107 net::CertificateList client_certs, | 140 net::ClientCertIdentityList client_certs, |
108 std::unique_ptr<content::ClientCertificateDelegate> delegate) { | 141 std::unique_ptr<content::ClientCertificateDelegate> delegate) { |
109 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | 142 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
110 | 143 |
111 // Not all WebContentses can show modal dialogs. | 144 // Not all WebContentses can show modal dialogs. |
112 // | 145 // |
113 // TODO(davidben): Move this hook to the WebContentsDelegate and only try to | 146 // TODO(davidben): Move this hook to the WebContentsDelegate and only try to |
114 // show a dialog in Browser's implementation. https://crbug.com/456255 | 147 // show a dialog in Browser's implementation. https://crbug.com/456255 |
115 if (!SSLClientCertificateSelector::CanShow(contents)) | 148 if (!SSLClientCertificateSelector::CanShow(contents)) |
116 return; | 149 return; |
117 | 150 |
118 SSLClientCertificateSelector* selector = new SSLClientCertificateSelector( | 151 SSLClientCertificateSelector* selector = new SSLClientCertificateSelector( |
119 contents, cert_request_info, std::move(client_certs), | 152 contents, cert_request_info, std::move(client_certs), |
120 std::move(delegate)); | 153 std::move(delegate)); |
121 selector->Init(); | 154 selector->Init(); |
122 selector->Show(); | 155 selector->Show(); |
123 } | 156 } |
124 | 157 |
125 } // namespace chrome | 158 } // namespace chrome |
OLD | NEW |