| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ui/views/ssl_client_certificate_selector.h" | 5 #include "chrome/browser/ui/views/ssl_client_certificate_selector.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
| 11 #include "base/strings/utf_string_conversions.h" | 11 #include "base/strings/utf_string_conversions.h" |
| 12 #include "build/build_config.h" | 12 #include "build/build_config.h" |
| 13 #include "chrome/browser/ssl/ssl_client_auth_observer.h" |
| 13 #include "chrome/browser/ui/browser_dialogs.h" | 14 #include "chrome/browser/ui/browser_dialogs.h" |
| 14 #include "chrome/grit/generated_resources.h" | 15 #include "chrome/grit/generated_resources.h" |
| 15 #include "content/public/browser/browser_thread.h" | 16 #include "content/public/browser/browser_thread.h" |
| 16 #include "content/public/browser/client_certificate_delegate.h" | 17 #include "content/public/browser/client_certificate_delegate.h" |
| 17 #include "content/public/browser/web_contents.h" | 18 #include "content/public/browser/web_contents.h" |
| 19 #include "content/public/browser/web_contents_observer.h" |
| 18 #include "net/cert/x509_certificate.h" | 20 #include "net/cert/x509_certificate.h" |
| 19 #include "net/ssl/ssl_cert_request_info.h" | 21 #include "net/ssl/ssl_cert_request_info.h" |
| 20 #include "ui/base/l10n/l10n_util.h" | 22 #include "ui/base/l10n/l10n_util.h" |
| 21 #include "ui/views/controls/label.h" | 23 #include "ui/views/controls/label.h" |
| 22 #include "ui/views/widget/widget.h" | 24 #include "ui/views/widget/widget.h" |
| 23 | 25 |
| 24 #if defined(USE_NSS_CERTS) && !defined(OS_CHROMEOS) | 26 class SSLClientCertificateSelector::SSLClientAuthObserverImpl |
| 25 #include "chrome/browser/ui/crypto_module_password_dialog_nss.h" | 27 : public SSLClientAuthObserver, |
| 26 #endif | 28 public content::WebContentsObserver { |
| 29 public: |
| 30 SSLClientAuthObserverImpl( |
| 31 content::WebContents* web_contents, |
| 32 const scoped_refptr<net::SSLCertRequestInfo>& cert_request_info, |
| 33 std::unique_ptr<content::ClientCertificateDelegate> delegate) |
| 34 : SSLClientAuthObserver(web_contents->GetBrowserContext(), |
| 35 cert_request_info, |
| 36 std::move(delegate)), |
| 37 content::WebContentsObserver(web_contents) {} |
| 38 |
| 39 void Init(base::OnceClosure close_dialog_callback) { |
| 40 close_dialog_callback_ = std::move(close_dialog_callback); |
| 41 StartObserving(); |
| 42 } |
| 43 |
| 44 static void AcceptCertificate( |
| 45 std::unique_ptr<SSLClientAuthObserverImpl> self, |
| 46 std::unique_ptr<net::ClientCertIdentity> identity) { |
| 47 // Remove the observer before we try acquiring private key, otherwise we |
| 48 // might act on a notification while waiting for the callback, causing us |
| 49 // to delete ourself before the callback gets called, or to try to run |
| 50 // |close_dialog_callback_| on a dialog which is already closed. |
| 51 self->StopObserving(); |
| 52 net::X509Certificate* cert = identity->certificate(); |
| 53 net::ClientCertIdentity::SelfOwningAcquirePrivateKey( |
| 54 std::move(identity), |
| 55 base::Bind(&SSLClientAuthObserverImpl::GotPrivateKey, |
| 56 base::Passed(&self), base::Unretained(cert))); |
| 57 } |
| 58 |
| 59 void GotPrivateKey(net::X509Certificate* cert, |
| 60 scoped_refptr<net::SSLPrivateKey> private_key) { |
| 61 CertificateSelected(cert, private_key.get()); |
| 62 } |
| 63 |
| 64 // SSLClientAuthObserver: |
| 65 void OnCertSelectedByNotification() override { |
| 66 std::move(close_dialog_callback_).Run(); |
| 67 } |
| 68 |
| 69 // content::WebContentsObserver: |
| 70 void WebContentsDestroyed() override { |
| 71 // If the tab is closed (either while the selector dialog is still showing, |
| 72 // or after the dialog has closed but the AcquirePrivateKey callback is |
| 73 // still pending), abort the request. |
| 74 CancelCertificateSelection(); |
| 75 } |
| 76 |
| 77 private: |
| 78 base::OnceClosure close_dialog_callback_; |
| 79 }; |
| 27 | 80 |
| 28 SSLClientCertificateSelector::SSLClientCertificateSelector( | 81 SSLClientCertificateSelector::SSLClientCertificateSelector( |
| 29 content::WebContents* web_contents, | 82 content::WebContents* web_contents, |
| 30 const scoped_refptr<net::SSLCertRequestInfo>& cert_request_info, | 83 const scoped_refptr<net::SSLCertRequestInfo>& cert_request_info, |
| 31 net::CertificateList client_certs, | 84 net::ClientCertIdentityList client_certs, |
| 32 std::unique_ptr<content::ClientCertificateDelegate> delegate) | 85 std::unique_ptr<content::ClientCertificateDelegate> delegate) |
| 33 : CertificateSelector(std::move(client_certs), web_contents), | 86 : CertificateSelector(std::move(client_certs), web_contents), |
| 34 SSLClientAuthObserver(web_contents->GetBrowserContext(), | 87 auth_observer_impl_( |
| 35 cert_request_info, | 88 base::MakeUnique<SSLClientAuthObserverImpl>(web_contents, |
| 36 std::move(delegate)), | 89 cert_request_info, |
| 37 WebContentsObserver(web_contents) { | 90 std::move(delegate))) { |
| 38 chrome::RecordDialogCreation( | 91 chrome::RecordDialogCreation( |
| 39 chrome::DialogIdentifier::SSL_CLIENT_CERTIFICATE_SELECTOR); | 92 chrome::DialogIdentifier::SSL_CLIENT_CERTIFICATE_SELECTOR); |
| 40 } | 93 } |
| 41 | 94 |
| 42 SSLClientCertificateSelector::~SSLClientCertificateSelector() {} | 95 SSLClientCertificateSelector::~SSLClientCertificateSelector() {} |
| 43 | 96 |
| 44 void SSLClientCertificateSelector::Init() { | 97 void SSLClientCertificateSelector::Init() { |
| 45 StartObserving(); | 98 auth_observer_impl_->Init(base::BindOnce( |
| 99 &SSLClientCertificateSelector::CloseDialog, base::Unretained(this))); |
| 46 std::unique_ptr<views::Label> text_label( | 100 std::unique_ptr<views::Label> text_label( |
| 47 new views::Label(l10n_util::GetStringFUTF16( | 101 new views::Label(l10n_util::GetStringFUTF16( |
| 48 IDS_CLIENT_CERT_DIALOG_TEXT, | 102 IDS_CLIENT_CERT_DIALOG_TEXT, |
| 49 base::ASCIIToUTF16(cert_request_info()->host_and_port.ToString())))); | 103 base::ASCIIToUTF16(auth_observer_impl_->cert_request_info() |
| 104 ->host_and_port.ToString())))); |
| 50 text_label->SetMultiLine(true); | 105 text_label->SetMultiLine(true); |
| 51 text_label->SetHorizontalAlignment(gfx::ALIGN_LEFT); | 106 text_label->SetHorizontalAlignment(gfx::ALIGN_LEFT); |
| 52 text_label->SetAllowCharacterBreak(true); | 107 text_label->SetAllowCharacterBreak(true); |
| 53 text_label->SizeToFit(kTableViewWidth); | 108 text_label->SizeToFit(kTableViewWidth); |
| 54 InitWithText(std::move(text_label)); | 109 InitWithText(std::move(text_label)); |
| 55 } | 110 } |
| 56 | 111 |
| 57 void SSLClientCertificateSelector::OnCertSelectedByNotification() { | 112 void SSLClientCertificateSelector::CloseDialog() { |
| 58 GetWidget()->Close(); | 113 GetWidget()->Close(); |
| 59 } | 114 } |
| 60 | 115 |
| 61 void SSLClientCertificateSelector::DeleteDelegate() { | 116 void SSLClientCertificateSelector::DeleteDelegate() { |
| 62 // This is here and not in Cancel() to give WebContentsDestroyed a chance | 117 // This is here and not in Cancel() to give WebContentsDestroyed a chance |
| 63 // to abort instead of proceeding with a null certificate. (This will be | 118 // to abort instead of proceeding with a null certificate. (This will be |
| 64 // ignored if there was a previous call to CertificateSelected or | 119 // ignored if there was a previous call to CertificateSelected or |
| 65 // CancelCertificateSelection.) | 120 // CancelCertificateSelection.) |
| 66 CertificateSelected(nullptr); | 121 if (auth_observer_impl_) |
| 122 auth_observer_impl_->CertificateSelected(nullptr, nullptr); |
| 67 chrome::CertificateSelector::DeleteDelegate(); | 123 chrome::CertificateSelector::DeleteDelegate(); |
| 68 } | 124 } |
| 69 | 125 |
| 70 bool SSLClientCertificateSelector::Accept() { | 126 void SSLClientCertificateSelector::AcceptCertificate( |
| 71 scoped_refptr<net::X509Certificate> cert = GetSelectedCert(); | 127 std::unique_ptr<net::ClientCertIdentity> identity) { |
| 72 if (cert.get()) { | 128 // The SSLClientCertificateSelector will be destroyed after this method |
| 73 // Remove the observer before we try unlocking, otherwise we might act on a | 129 // returns, so the SSLClientAuthObserverImpl manages its own lifetime while |
| 74 // notification while waiting for the unlock dialog, causing us to delete | 130 // acquiring the private key from |identity|. |
| 75 // ourself before the Unlocked callback gets called. | 131 SSLClientAuthObserverImpl::AcceptCertificate(std::move(auth_observer_impl_), |
| 76 StopObserving(); | 132 std::move(identity)); |
| 77 #if defined(USE_NSS_CERTS) && !defined(OS_CHROMEOS) | |
| 78 chrome::UnlockCertSlotIfNecessary( | |
| 79 cert.get(), chrome::kCryptoModulePasswordClientAuth, | |
| 80 cert_request_info()->host_and_port, GetWidget()->GetNativeView(), | |
| 81 base::Bind(&SSLClientCertificateSelector::Unlocked, | |
| 82 base::Unretained(this), base::RetainedRef(cert))); | |
| 83 #else | |
| 84 Unlocked(cert.get()); | |
| 85 #endif | |
| 86 return false; // Unlocked() will close the dialog. | |
| 87 } | |
| 88 | |
| 89 return false; | |
| 90 } | |
| 91 | |
| 92 void SSLClientCertificateSelector::WebContentsDestroyed() { | |
| 93 // If the dialog is closed by closing the containing tab, abort the request. | |
| 94 CancelCertificateSelection(); | |
| 95 } | |
| 96 | |
| 97 void SSLClientCertificateSelector::Unlocked(net::X509Certificate* cert) { | |
| 98 CertificateSelected(cert); | |
| 99 GetWidget()->Close(); | |
| 100 } | 133 } |
| 101 | 134 |
| 102 namespace chrome { | 135 namespace chrome { |
| 103 | 136 |
| 104 void ShowSSLClientCertificateSelector( | 137 void ShowSSLClientCertificateSelector( |
| 105 content::WebContents* contents, | 138 content::WebContents* contents, |
| 106 net::SSLCertRequestInfo* cert_request_info, | 139 net::SSLCertRequestInfo* cert_request_info, |
| 107 net::CertificateList client_certs, | 140 net::ClientCertIdentityList client_certs, |
| 108 std::unique_ptr<content::ClientCertificateDelegate> delegate) { | 141 std::unique_ptr<content::ClientCertificateDelegate> delegate) { |
| 109 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | 142 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| 110 | 143 |
| 111 // Not all WebContentses can show modal dialogs. | 144 // Not all WebContentses can show modal dialogs. |
| 112 // | 145 // |
| 113 // TODO(davidben): Move this hook to the WebContentsDelegate and only try to | 146 // TODO(davidben): Move this hook to the WebContentsDelegate and only try to |
| 114 // show a dialog in Browser's implementation. https://crbug.com/456255 | 147 // show a dialog in Browser's implementation. https://crbug.com/456255 |
| 115 if (!SSLClientCertificateSelector::CanShow(contents)) | 148 if (!SSLClientCertificateSelector::CanShow(contents)) |
| 116 return; | 149 return; |
| 117 | 150 |
| 118 SSLClientCertificateSelector* selector = new SSLClientCertificateSelector( | 151 SSLClientCertificateSelector* selector = new SSLClientCertificateSelector( |
| 119 contents, cert_request_info, std::move(client_certs), | 152 contents, cert_request_info, std::move(client_certs), |
| 120 std::move(delegate)); | 153 std::move(delegate)); |
| 121 selector->Init(); | 154 selector->Init(); |
| 122 selector->Show(); | 155 selector->Show(); |
| 123 } | 156 } |
| 124 | 157 |
| 125 } // namespace chrome | 158 } // namespace chrome |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2898573002:
Refactor client cert private key handling. (Closed)
