NSS: PKCS 11 password prompt.

chrome/browser/dom_ui/options/certificate_manager_handler.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/dom_ui/options/certificate_manager_handler.h"
 
 #include "app/l10n_util.h"
 #include "app/l10n_util_collator.h"
 #include "base/file_util.h"  // for FileAccessProvider
 #include "base/safe_strerror_posix.h"
 #include "base/string_number_conversions.h"
 #include "base/values.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/browser_thread.h"  // for FileAccessProvider
 #include "chrome/browser/certificate_manager_model.h"
 #include "chrome/browser/certificate_viewer.h"
 #include "chrome/browser/gtk/certificate_dialogs.h"
 #include "chrome/browser/tab_contents/tab_contents.h"
 #include "chrome/browser/tab_contents/tab_contents_view.h"
+#include "chrome/browser/ui/pk11_password_dialog.h"
 #include "grit/generated_resources.h"
+#include "net/base/crypto_module.h"
 #include "net/base/x509_certificate.h"
 
 namespace {
 
 static const char kKeyId[] = "id";
 static const char kSubNodesId[] = "subnodes";
 static const char kNameId[] = "name";
 static const char kReadOnlyId[] = "readonly";
 static const char kIconId[] = "icon";
 static const char kSecurityDeviceId[] = "device";
@@ skipping 489 matching lines @@
       L"CertificateManager.exportPersonalAskPassword");
 }
 
 void CertificateManagerHandler::ExportPersonalPasswordSelected(
     const ListValue* args) {
   if (!args->GetString(0, &password_)){
     dom_ui_->CallJavascriptFunction(L"CertificateRestoreOverlay.dismiss");
     ImportExportCleanup();
     return;
   }
+
+  // Currently, we don't support exporting more than one at a time.  If we do,
+  // this would need some cleanup to handle unlocking multiple slots.
+  DCHECK_EQ(selected_cert_list_.size(), 1U);
+
+  // TODO(mattm): do something smarter about non-extractable keys
+  browser::UnlockCertSlotIfNecessary(
+      selected_cert_list_[0].get(),
+      browser::kPK11PasswordCertExport,
+      "",  // unused.
+      NewCallback(this,
+                  &CertificateManagerHandler::ExportPersonalSlotsUnlocked));
+}
+
+void CertificateManagerHandler::ExportPersonalSlotsUnlocked() {
   std::string output;
   int num_exported = certificate_manager_model_->cert_db().ExportToPKCS12(
       selected_cert_list_,
       password_,
       &output);
   if (!num_exported) {
     dom_ui_->CallJavascriptFunction(L"CertificateRestoreOverlay.dismiss");
     ShowError(
         l10n_util::GetStringUTF8(IDS_CERT_MANAGER_PKCS12_EXPORT_ERROR_TITLE),
         l10n_util::GetStringUTF8(IDS_CERT_MANAGER_UNKNOWN_ERROR));
@@ skipping 58 matching lines @@
     int read_errno, std::string data) {
   if (read_errno) {
     ImportExportCleanup();
     dom_ui_->CallJavascriptFunction(L"CertificateRestoreOverlay.dismiss");
     ShowError(
         l10n_util::GetStringUTF8(IDS_CERT_MANAGER_PKCS12_IMPORT_ERROR_TITLE),
         l10n_util::GetStringFUTF8(IDS_CERT_MANAGER_READ_ERROR_FORMAT,
                                   UTF8ToUTF16(safe_strerror(read_errno))));
     return;
   }
-  int result = certificate_manager_model_->ImportFromPKCS12(data, password_);
+
+  file_data_ = data;
+
+  // TODO(mattm): allow user to choose a slot to import to.
+  module_ = certificate_manager_model_->cert_db().GetDefaultModule();
+
+  browser::UnlockSlotIfNecessary(
+      module_.get(),
+      browser::kPK11PasswordCertImport,
+      "",  // unused.
+      NewCallback(this,
+                  &CertificateManagerHandler::ImportPersonalSlotUnlocked));
+}
+
+void CertificateManagerHandler::ImportPersonalSlotUnlocked() {
+  int result = certificate_manager_model_->ImportFromPKCS12(
+      module_, file_data_, password_);
   ImportExportCleanup();
   dom_ui_->CallJavascriptFunction(L"CertificateRestoreOverlay.dismiss");
   switch (result) {
     case net::OK:
       break;
     case net::ERR_PKCS12_IMPORT_BAD_PASSWORD:
       ShowError(
           l10n_util::GetStringUTF8(IDS_CERT_MANAGER_PKCS12_IMPORT_ERROR_TITLE),
           l10n_util::GetStringUTF8(IDS_CERT_MANAGER_BAD_PASSWORD));
       // TODO(mattm): if the error was a bad password, we should reshow the
       // password dialog after the user dismisses the error dialog.
       break;
     default:
       ShowError(
           l10n_util::GetStringUTF8(IDS_CERT_MANAGER_PKCS12_IMPORT_ERROR_TITLE),
           l10n_util::GetStringUTF8(IDS_CERT_MANAGER_UNKNOWN_ERROR));
       break;
   }
 }
 
 void CertificateManagerHandler::CancelImportExportProcess(
     const ListValue* args) {
   ImportExportCleanup();
 }
 
 void CertificateManagerHandler::ImportExportCleanup() {
   file_path_.clear();
   password_.clear();
+  file_data_.clear();
   selected_cert_list_.clear();
   select_file_dialog_ = NULL;
+  module_ = NULL;
 }
 
 void CertificateManagerHandler::ImportServer(const ListValue* args) {
   select_file_dialog_ = SelectFileDialog::Create(this);
   ShowCertSelectFileDialog(
       select_file_dialog_.get(),
       SelectFileDialog::SELECT_OPEN_FILE,
       FilePath(),
       GetParentWindow(),
       reinterpret_cast<void*>(IMPORT_SERVER_FILE_SELECTED));
@@ skipping 244 matching lines @@
   StringValue error_value(error);
   dom_ui_->CallJavascriptFunction(L"CertificateImportErrorOverlay.show",
                                   title_value,
                                   error_value,
                                   cert_error_list);
 }
 
 gfx::NativeWindow CertificateManagerHandler::GetParentWindow() const {
   return dom_ui_->tab_contents()->view()->GetTopLevelNativeWindow();
 }