DOMUI Cert Manager: Disable delete button on readonly certs.

BUG=19991
BUG=chromium-os:7946
TEST=delete button should be disabled on built-in certs, and enabled on user-imported certs

Review URL: http://codereview.chromium.org/4130002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@64473 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 14 insertions, 1 deletions

diff --git a/chrome/browser/dom_ui/options/certificate_manager_handler.cc b/chrome/browser/dom_ui/options/certificate_manager_handler.cc
index bf30674..fd842c3 100644
--- a/chrome/browser/dom_ui/options/certificate_manager_handler.cc
+++ b/chrome/browser/dom_ui/options/certificate_manager_handler.cc
@@ -25,6 +25,7 @@ namespace {
 static const char kKeyId[] = "id";
 static const char kSubNodesId[] = "subnodes";
 static const char kNameId[] = "name";
+static const char kReadOnlyId[] = "readonly";
 static const char kIconId[] = "icon";
 static const char kSecurityDeviceId[] = "device";
 static const char kErrorId[] = "error";
@@ -848,6 +849,9 @@ void CertificateManagerHandler::PopulateTree(const std::string& tab_name,
         cert_dict->SetString(kKeyId, CertToId(*cert));
         cert_dict->SetString(kNameId, certificate_manager_model_->GetColumnText(
             *cert, CertificateManagerModel::COL_SUBJECT_NAME));
+        cert_dict->SetBoolean(
+            kReadOnlyId,
+            certificate_manager_model_->cert_db().IsReadOnly(cert));
         // TODO(mattm): Other columns.
         cert_dict->SetString(kIconId, "none");
         subnodes->Append(cert_dict);
diff --git a/chrome/browser/resources/options/certificate_manager.js b/chrome/browser/resources/options/certificate_manager.js
index 5295bde..df5eed4 100644
--- a/chrome/browser/resources/options/certificate_manager.js
+++ b/chrome/browser/resources/options/certificate_manager.js
@@ -109,6 +109,7 @@ cr.define('options', function() {
      */
     updateButtonState: function(data) {
       var isCert = !!data && data.id.substr(0, 5) == 'cert-';
+      var readOnly = !!data && data.readonly;
       var hasChildren = this.tree.items.length > 0;
       this.viewButton.disabled = !isCert;
       if (this.editButton !== null)
@@ -119,7 +120,7 @@ cr.define('options', function() {
         this.backupAllButton.disabled = !hasChildren;
       if (this.exportButton !== null)
         this.exportButton.disabled = !isCert;
-      this.deleteButton.disabled = !isCert;
+      this.deleteButton.disabled = !isCert || readOnly;
     },
 
     /**
diff --git a/net/base/cert_database.h b/net/base/cert_database.h
index 409ed91..7915cc6 100644
--- a/net/base/cert_database.h
+++ b/net/base/cert_database.h
@@ -124,6 +124,9 @@ class CertDatabase {
   // Returns true on success or false on failure.
   // |cert| is still valid when this function returns.
   bool DeleteCertAndKey(const X509Certificate* cert);
+
+  // Check whether cert is stored in a readonly slot.
+  bool IsReadOnly(const X509Certificate* cert) const;
 #endif
 
  private:
diff --git a/net/base/cert_database_nss.cc b/net/base/cert_database_nss.cc
index 8445d4d..937288a 100644
--- a/net/base/cert_database_nss.cc
+++ b/net/base/cert_database_nss.cc
@@ -205,4 +205,9 @@ bool CertDatabase::DeleteCertAndKey(const X509Certificate* cert) {
   return true;
 }
 
+bool CertDatabase::IsReadOnly(const X509Certificate* cert) const {
+  PK11SlotInfo* slot = cert->os_cert_handle()->slot;
+  return slot && PK11_IsReadOnly(slot);
+}
+
 }  // namespace net