diff options
author | davidben@chromium.org <davidben@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-21 19:34:49 +0000 |
---|---|---|
committer | davidben@chromium.org <davidben@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-21 19:34:49 +0000 |
commit | 1f18184a07252103a8cd9652d64de749f41ef09f (patch) | |
tree | 7e0c5eb9dea2890d8231eb7ad69dec318ac6e610 /chrome/browser/ssl | |
parent | 348b9bc12d4e2ccd03a7fbcb327a3975207a5fec (diff) | |
download | chromium_src-1f18184a07252103a8cd9652d64de749f41ef09f.zip chromium_src-1f18184a07252103a8cd9652d64de749f41ef09f.tar.gz chromium_src-1f18184a07252103a8cd9652d64de749f41ef09f.tar.bz2 |
Refactor SSLClientAuthHandler and certificate selection
This cleans up much of the code involved in displaying a certificate selection
dialog to the user.
- Adds a new inner class to RenderViewHostDelegate (later to be populated
with more SSL things).
- Adds a helper class for TabContents' implementation.
- Moves the certificate dialogs themselves to have a common entry point.
- Makes SSLClientAuthHandler call the RVHDelegate to query the user, with the
TabContents implementation displaying the dialogs.
- Picks the correct parent window for the dialog on all platforms, instead of
relying on BrowserList::GetLastActive
- Makes the OS X implementation use an asynchronous sheet, now that we know the
parent.
- Fixes an index-mismatch problem in the OS X implementation, should we fail to create an identity.
R=agl,brettw,mark
BUG=148
TEST=selecting client certificates still works
Review URL: http://codereview.chromium.org/2823038
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53231 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/ssl')
-rw-r--r-- | chrome/browser/ssl/ssl_client_auth_handler.cc | 50 | ||||
-rw-r--r-- | chrome/browser/ssl/ssl_client_auth_handler.h | 14 | ||||
-rw-r--r-- | chrome/browser/ssl/ssl_client_auth_handler_gtk.cc | 330 | ||||
-rw-r--r-- | chrome/browser/ssl/ssl_client_auth_handler_mac.mm | 63 | ||||
-rw-r--r-- | chrome/browser/ssl/ssl_client_auth_handler_win.cc | 58 |
5 files changed, 37 insertions, 478 deletions
diff --git a/chrome/browser/ssl/ssl_client_auth_handler.cc b/chrome/browser/ssl/ssl_client_auth_handler.cc index f46c6f3..74b25bf 100644 --- a/chrome/browser/ssl/ssl_client_auth_handler.cc +++ b/chrome/browser/ssl/ssl_client_auth_handler.cc @@ -4,13 +4,10 @@ #include "chrome/browser/ssl/ssl_client_auth_handler.h" -#include "app/l10n_util.h" -#include "base/string_util.h" -#include "chrome/browser/browser_list.h" -#include "chrome/browser/browser.h" -#include "chrome/browser/browser_window.h" #include "chrome/browser/chrome_thread.h" -#include "grit/generated_resources.h" +#include "chrome/browser/renderer_host/render_view_host_delegate.h" +#include "chrome/browser/renderer_host/render_view_host_notification_task.h" +#include "chrome/browser/renderer_host/resource_dispatcher_host.h" #include "net/url_request/url_request.h" SSLClientAuthHandler::SSLClientAuthHandler( @@ -18,11 +15,11 @@ SSLClientAuthHandler::SSLClientAuthHandler( net::SSLCertRequestInfo* cert_request_info) : request_(request), cert_request_info_(cert_request_info) { - // Keep us alive until a cert is selected. - AddRef(); } SSLClientAuthHandler::~SSLClientAuthHandler() { + // If we were simply dropped, then act as if we selected no certificate. + DoCertificateSelected(NULL); } void SSLClientAuthHandler::OnRequestCancelled() { @@ -30,14 +27,24 @@ void SSLClientAuthHandler::OnRequestCancelled() { } void SSLClientAuthHandler::SelectCertificate() { - // Let's move the request to the UI thread. - ChromeThread::PostTask( - ChromeThread::UI, FROM_HERE, - NewRunnableMethod(this, &SSLClientAuthHandler::DoSelectCertificate)); -} + DCHECK(ChromeThread::CurrentlyOn(ChromeThread::IO)); -// Looking for DoSelectCertificate()? -// It's implemented in a separate source file for each platform. + int render_process_host_id; + int render_view_host_id; + if (!ResourceDispatcherHost::RenderViewForRequest(request_, + &render_process_host_id, + &render_view_host_id)) + NOTREACHED(); + + // If the RVH does not exist by the time this task gets run, then the task + // will be dropped and the scoped_refptr to SSLClientAuthHandler will go + // away, so we do not leak anything. The destructor takes care of ensuring + // the URLRequest always gets a response. + CallRenderViewHostSSLDelegate( + render_process_host_id, render_view_host_id, + &RenderViewHostDelegate::SSL::ShowClientCertificateRequestDialog, + scoped_refptr<SSLClientAuthHandler>(this)); +} // Notify the IO thread that we have selected a cert. void SSLClientAuthHandler::CertificateSelected(net::X509Certificate* cert) { @@ -48,11 +55,12 @@ void SSLClientAuthHandler::CertificateSelected(net::X509Certificate* cert) { } void SSLClientAuthHandler::DoCertificateSelected(net::X509Certificate* cert) { - // request_ could have been NULLed if the request was cancelled while the user - // was choosing a cert. - if (request_) + DCHECK(ChromeThread::CurrentlyOn(ChromeThread::IO)); + // request_ could have been NULLed if the request was cancelled while the + // user was choosing a cert, or because we have already responded to the + // certificate. + if (request_) { request_->ContinueWithCertificate(cert); - - // We are done. - Release(); + request_ = NULL; + } } diff --git a/chrome/browser/ssl/ssl_client_auth_handler.h b/chrome/browser/ssl/ssl_client_auth_handler.h index f63d4c9..05148d5 100644 --- a/chrome/browser/ssl/ssl_client_auth_handler.h +++ b/chrome/browser/ssl/ssl_client_auth_handler.h @@ -7,6 +7,7 @@ #include "base/basictypes.h" #include "base/ref_counted.h" +#include "chrome/browser/chrome_thread.h" #include "net/base/ssl_cert_request_info.h" namespace net { @@ -19,7 +20,8 @@ class URLRequest; // It is self-owned and deletes itself when the UI reports the user selection or // when the URLRequest is cancelled. class SSLClientAuthHandler - : public base::RefCountedThreadSafe<SSLClientAuthHandler> { + : public base::RefCountedThreadSafe<SSLClientAuthHandler, + ChromeThread::DeleteOnIOThread> { public: SSLClientAuthHandler(URLRequest* request, net::SSLCertRequestInfo* cert_request_info); @@ -38,15 +40,15 @@ class SSLClientAuthHandler // be long after DoSelectCertificate returns, if the UI is modeless/async.) void CertificateSelected(net::X509Certificate* cert); + // Returns the SSLCertRequestInfo for this handler. + net::SSLCertRequestInfo* cert_request_info() { return cert_request_info_; } + private: - friend class base::RefCountedThreadSafe<SSLClientAuthHandler>; + friend class ChromeThread; + friend class DeleteTask<SSLClientAuthHandler>; ~SSLClientAuthHandler(); - // Asks the user for a cert. - // Called on the UI thread. - void DoSelectCertificate(); - // Notifies that the user has selected a cert. // Called on the IO thread. void DoCertificateSelected(net::X509Certificate* cert); diff --git a/chrome/browser/ssl/ssl_client_auth_handler_gtk.cc b/chrome/browser/ssl/ssl_client_auth_handler_gtk.cc deleted file mode 100644 index 1045ef9..0000000 --- a/chrome/browser/ssl/ssl_client_auth_handler_gtk.cc +++ /dev/null @@ -1,330 +0,0 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "chrome/browser/ssl/ssl_client_auth_handler.h" - -#include <cert.h> -#include <gtk/gtk.h> - -#include <string> -#include <vector> - -#include "app/l10n_util.h" -#include "base/i18n/time_formatting.h" -#include "base/logging.h" -#include "base/nss_util.h" -#include "base/utf_string_conversions.h" -#include "chrome/browser/certificate_viewer.h" -#include "chrome/browser/gtk/gtk_util.h" -#include "chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h" -#include "chrome/third_party/mozilla_security_manager/nsNSSCertificate.h" -#include "chrome/third_party/mozilla_security_manager/nsUsageArrayHelper.h" -#include "gfx/native_widget_types.h" -#include "grit/generated_resources.h" -#include "net/base/x509_certificate.h" - -// PSM = Mozilla's Personal Security Manager. -namespace psm = mozilla_security_manager; - -namespace { - -enum { - RESPONSE_SHOW_CERT_INFO = 1, -}; - - -/////////////////////////////////////////////////////////////////////////////// -// SSLClientCertificateSelector - -class SSLClientCertificateSelector { - public: - SSLClientCertificateSelector(gfx::NativeWindow parent, - net::SSLCertRequestInfo* cert_request_info, - SSLClientAuthHandler* delegate); - - void Show(); - - private: - void PopulateCerts(); - - static std::string FormatComboBoxText(CERTCertificate* cert, - const char* nickname); - static std::string FormatDetailsText(CERTCertificate* cert); - - static void OnComboBoxChanged(GtkComboBox* combo_box, - SSLClientCertificateSelector* cert_selector); - static void OnResponse(GtkDialog* dialog, gint response_id, - SSLClientCertificateSelector* cert_selector); - static void OnDestroy(GtkDialog* dialog, - SSLClientCertificateSelector* cert_selector); - - SSLClientAuthHandler* delegate_; - scoped_refptr<net::SSLCertRequestInfo> cert_request_info_; - - std::vector<std::string> details_strings_; - - GtkWidget* dialog_; - GtkWidget* cert_combo_box_; - GtkTextBuffer* cert_details_buffer_; -}; - -SSLClientCertificateSelector::SSLClientCertificateSelector( - gfx::NativeWindow parent, - net::SSLCertRequestInfo* cert_request_info, - SSLClientAuthHandler* delegate) - : delegate_(delegate), - cert_request_info_(cert_request_info) { - dialog_ = gtk_dialog_new_with_buttons( - l10n_util::GetStringFUTF8( - IDS_CERT_SELECTOR_DIALOG_TITLE, - UTF8ToUTF16(cert_request_info->host_and_port)).c_str(), - parent, - // Non-modal. - GTK_DIALOG_NO_SEPARATOR, - l10n_util::GetStringUTF8(IDS_PAGEINFO_CERT_INFO_BUTTON).c_str(), - RESPONSE_SHOW_CERT_INFO, - GTK_STOCK_CANCEL, - GTK_RESPONSE_CANCEL, - GTK_STOCK_OK, - GTK_RESPONSE_OK, - NULL); - gtk_box_set_spacing(GTK_BOX(GTK_DIALOG(dialog_)->vbox), - gtk_util::kContentAreaSpacing); - gtk_dialog_set_default_response(GTK_DIALOG(dialog_), GTK_RESPONSE_OK); - - GtkWidget* site_vbox = gtk_vbox_new(FALSE, gtk_util::kControlSpacing); - gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog_)->vbox), site_vbox, - FALSE, FALSE, 0); - - GtkWidget* site_description_label = gtk_util::CreateBoldLabel( - l10n_util::GetStringUTF8(IDS_CERT_SELECTOR_SITE_DESCRIPTION_LABEL)); - gtk_box_pack_start(GTK_BOX(site_vbox), site_description_label, - FALSE, FALSE, 0); - - GtkWidget* site_label = gtk_label_new( - cert_request_info->host_and_port.c_str()); - gtk_util::LeftAlignMisc(site_label); - gtk_box_pack_start(GTK_BOX(site_vbox), site_label, FALSE, FALSE, 0); - - GtkWidget* selector_vbox = gtk_vbox_new(FALSE, gtk_util::kControlSpacing); - gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog_)->vbox), selector_vbox, - TRUE, TRUE, 0); - - GtkWidget* choose_description_label = gtk_util::CreateBoldLabel( - l10n_util::GetStringUTF8(IDS_CERT_SELECTOR_CHOOSE_DESCRIPTION_LABEL)); - gtk_box_pack_start(GTK_BOX(selector_vbox), choose_description_label, - FALSE, FALSE, 0); - - - cert_combo_box_ = gtk_combo_box_new_text(); - g_signal_connect(cert_combo_box_, "changed", G_CALLBACK(OnComboBoxChanged), - this); - gtk_box_pack_start(GTK_BOX(selector_vbox), cert_combo_box_, - FALSE, FALSE, 0); - - GtkWidget* details_label = gtk_label_new(l10n_util::GetStringUTF8( - IDS_CERT_SELECTOR_DETAILS_DESCRIPTION_LABEL).c_str()); - gtk_util::LeftAlignMisc(details_label); - gtk_box_pack_start(GTK_BOX(selector_vbox), details_label, FALSE, FALSE, 0); - - // TODO(mattm): fix text view coloring (should have grey background). - GtkWidget* cert_details_view = gtk_text_view_new(); - gtk_text_view_set_editable(GTK_TEXT_VIEW(cert_details_view), FALSE); - gtk_text_view_set_wrap_mode(GTK_TEXT_VIEW(cert_details_view), GTK_WRAP_WORD); - cert_details_buffer_ = gtk_text_view_get_buffer( - GTK_TEXT_VIEW(cert_details_view)); - // We put the details in a frame instead of a scrolled window so that the - // entirety will be visible without requiring scrolling or expanding the - // dialog. This does however mean the dialog will grow itself if you switch - // to different cert that has longer details text. - GtkWidget* details_frame = gtk_frame_new(NULL); - gtk_frame_set_shadow_type(GTK_FRAME(details_frame), GTK_SHADOW_ETCHED_IN); - gtk_container_add(GTK_CONTAINER(details_frame), cert_details_view); - gtk_box_pack_start(GTK_BOX(selector_vbox), details_frame, TRUE, TRUE, 0); - - PopulateCerts(); - - g_signal_connect(dialog_, "response", G_CALLBACK(OnResponse), this); - g_signal_connect(dialog_, "destroy", G_CALLBACK(OnDestroy), this); -} - -void SSLClientCertificateSelector::Show() { - gtk_widget_show_all(dialog_); -} - -void SSLClientCertificateSelector::PopulateCerts() { - CERTCertList* cert_list = CERT_NewCertList(); - for (size_t i = 0; i < cert_request_info_->client_certs.size(); ++i) { - CERT_AddCertToListTail( - cert_list, - CERT_DupCertificate( - cert_request_info_->client_certs[i]->os_cert_handle())); - } - // Would like to use CERT_GetCertNicknameWithValidity on each cert - // individually instead of having to build a CERTCertList for this, but that - // function is not exported. - CERTCertNicknames* nicknames = CERT_NicknameStringsFromCertList( - cert_list, - const_cast<char*>(l10n_util::GetStringUTF8( - IDS_CERT_SELECTOR_CERT_EXPIRED).c_str()), - const_cast<char*>(l10n_util::GetStringUTF8( - IDS_CERT_SELECTOR_CERT_NOT_YET_VALID).c_str())); - DCHECK_EQ(nicknames->numnicknames, - static_cast<int>(cert_request_info_->client_certs.size())); - - for (size_t i = 0; i < cert_request_info_->client_certs.size(); ++i) { - CERTCertificate* cert = - cert_request_info_->client_certs[i]->os_cert_handle(); - - details_strings_.push_back(FormatDetailsText(cert)); - - gtk_combo_box_append_text( - GTK_COMBO_BOX(cert_combo_box_), - FormatComboBoxText(cert, nicknames->nicknames[i]).c_str()); - } - - CERT_FreeNicknames(nicknames); - CERT_DestroyCertList(cert_list); - - // Auto-select the first cert. - gtk_combo_box_set_active(GTK_COMBO_BOX(cert_combo_box_), 0); -} - -// static -std::string SSLClientCertificateSelector::FormatComboBoxText( - CERTCertificate* cert, const char* nickname) { - std::string rv(nickname); - char* serial_hex = CERT_Hexify(&cert->serialNumber, TRUE); - rv += " ["; - rv += serial_hex; - rv += ']'; - PORT_Free(serial_hex); - return rv; -} - -// static -std::string SSLClientCertificateSelector::FormatDetailsText( - CERTCertificate* cert) { - std::string rv; - - rv += l10n_util::GetStringFUTF8(IDS_CERT_SUBJECTNAME_FORMAT, - UTF8ToUTF16(cert->subjectName)); - - char* serial_hex = CERT_Hexify(&cert->serialNumber, TRUE); - rv += "\n "; - rv += l10n_util::GetStringFUTF8(IDS_CERT_SERIAL_NUMBER_FORMAT, - UTF8ToUTF16(serial_hex)); - PORT_Free(serial_hex); - - PRTime issued, expires; - if (CERT_GetCertTimes(cert, &issued, &expires) == SECSuccess) { - string16 issued_str = WideToUTF16( - base::TimeFormatShortDateAndTime(base::PRTimeToBaseTime(issued))); - string16 expires_str = WideToUTF16( - base::TimeFormatShortDateAndTime(base::PRTimeToBaseTime(expires))); - rv += "\n "; - rv += l10n_util::GetStringFUTF8(IDS_CERT_VALIDITY_RANGE_FORMAT, - issued_str, expires_str); - } - - std::vector<std::string> usages; - psm::GetCertUsageStrings(cert, &usages); - if (usages.size()) { - rv += "\n "; - rv += l10n_util::GetStringFUTF8(IDS_CERT_X509_EXTENDED_KEY_USAGE_FORMAT, - UTF8ToUTF16(JoinString(usages, ','))); - } - - SECItem key_usage; - key_usage.data = NULL; - if (CERT_FindKeyUsageExtension(cert, &key_usage) == SECSuccess) { - std::string key_usage_str = psm::ProcessKeyUsageBitString(&key_usage, ','); - PORT_Free(key_usage.data); - if (!key_usage_str.empty()) { - rv += "\n "; - rv += l10n_util::GetStringFUTF8(IDS_CERT_X509_KEY_USAGE_FORMAT, - UTF8ToUTF16(key_usage_str)); - } - } - - std::vector<std::string> email_addresses; - for (const char* addr = CERT_GetFirstEmailAddress(cert); - addr; addr = CERT_GetNextEmailAddress(cert, addr)) { - // The first email addr (from Subject) may be duplicated in Subject - // Alternative Name, so check subsequent addresses are not equal to the - // first one before adding to the list. - if (!email_addresses.size() || email_addresses[0] != addr) - email_addresses.push_back(addr); - } - if (email_addresses.size()) { - rv += "\n "; - rv += l10n_util::GetStringFUTF8( - IDS_CERT_EMAIL_ADDRESSES_FORMAT, - UTF8ToUTF16(JoinString(email_addresses, ','))); - } - - rv += '\n'; - rv += l10n_util::GetStringFUTF8(IDS_CERT_ISSUERNAME_FORMAT, - UTF8ToUTF16(cert->issuerName)); - - string16 token(UTF8ToUTF16(psm::GetCertTokenName(cert))); - if (!token.empty()) { - rv += '\n'; - rv += l10n_util::GetStringFUTF8(IDS_CERT_TOKEN_FORMAT, token); - } - - return rv; -} - -// static -void SSLClientCertificateSelector::OnComboBoxChanged( - GtkComboBox* combo_box, SSLClientCertificateSelector* cert_selector) { - int selected = gtk_combo_box_get_active( - GTK_COMBO_BOX(cert_selector->cert_combo_box_)); - if (selected < 0) - return; - gtk_text_buffer_set_text(cert_selector->cert_details_buffer_, - cert_selector->details_strings_[selected].c_str(), - cert_selector->details_strings_[selected].size()); -} - -// static -void SSLClientCertificateSelector::OnResponse( - GtkDialog* dialog, gint response_id, - SSLClientCertificateSelector* cert_selector) { - net::X509Certificate* cert = NULL; - if (response_id == GTK_RESPONSE_OK || - response_id == RESPONSE_SHOW_CERT_INFO) { - int selected = gtk_combo_box_get_active( - GTK_COMBO_BOX(cert_selector->cert_combo_box_)); - if (selected >= 0 && - selected < static_cast<int>( - cert_selector->cert_request_info_->client_certs.size())) - cert = cert_selector->cert_request_info_->client_certs[selected]; - } - if (response_id == RESPONSE_SHOW_CERT_INFO) { - if (cert) - ShowCertificateViewer(GTK_WINDOW(cert_selector->dialog_), cert); - return; - } - cert_selector->delegate_->CertificateSelected(cert); - gtk_widget_destroy(GTK_WIDGET(dialog)); -} - -// static -void SSLClientCertificateSelector::OnDestroy( - GtkDialog* dialog, - SSLClientCertificateSelector* cert_selector) { - delete cert_selector; -} - -} // namespace - -/////////////////////////////////////////////////////////////////////////////// -// SSLClientAuthHandler platform specific implementation: - -void SSLClientAuthHandler::DoSelectCertificate() { - // TODO(mattm): Pipe parent gfx::NativeWindow param into here somehow. - (new SSLClientCertificateSelector(NULL, cert_request_info_, this))->Show(); -} diff --git a/chrome/browser/ssl/ssl_client_auth_handler_mac.mm b/chrome/browser/ssl/ssl_client_auth_handler_mac.mm deleted file mode 100644 index cde8acc..0000000 --- a/chrome/browser/ssl/ssl_client_auth_handler_mac.mm +++ /dev/null @@ -1,63 +0,0 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "chrome/browser/ssl/ssl_client_auth_handler.h" - -#import <SecurityInterface/SFChooseIdentityPanel.h> - -#include "app/l10n_util_mac.h" -#include "base/scoped_cftyperef.h" -#include "base/scoped_nsobject.h" -#include "base/string_util.h" -#include "base/sys_string_conversions.h" -#include "chrome/browser/chrome_thread.h" -#include "grit/generated_resources.h" -#include "net/base/x509_certificate.h" - -void SSLClientAuthHandler::DoSelectCertificate() { - net::X509Certificate* cert = NULL; - // Create an array of CFIdentityRefs for the certificates: - size_t num_certs = cert_request_info_->client_certs.size(); - NSMutableArray* identities = [NSMutableArray arrayWithCapacity:num_certs]; - for (size_t i = 0; i < num_certs; ++i) { - SecCertificateRef cert; - cert = cert_request_info_->client_certs[i]->os_cert_handle(); - SecIdentityRef identity; - if (SecIdentityCreateWithCertificate(NULL, cert, &identity) == noErr) { - [identities addObject:(id)identity]; - CFRelease(identity); - } - } - - // Get the message to display: - NSString* title = l10n_util::GetNSString(IDS_CLIENT_CERT_DIALOG_TITLE); - NSString* message = l10n_util::GetNSStringF( - IDS_CLIENT_CERT_DIALOG_TEXT, - ASCIIToUTF16(cert_request_info_->host_and_port)); - - // Create and set up a system choose-identity panel. - scoped_nsobject<SFChooseIdentityPanel> panel ( - [[SFChooseIdentityPanel alloc] init]); - NSString* domain = base::SysUTF8ToNSString( - "https://" + cert_request_info_->host_and_port); - [panel setDomain:domain]; - [panel setInformativeText:message]; - [panel setAlternateButtonTitle:l10n_util::GetNSString(IDS_CANCEL)]; - SecPolicyRef sslPolicy; - if (net::X509Certificate::CreateSSLClientPolicy(&sslPolicy) == noErr) { - [panel setPolicies:(id)sslPolicy]; - CFRelease(sslPolicy); - } - - // Run the panel, modally. - // TODO(snej): Change this into a sheet so it doesn't block the runloop! - if ([panel runModalForIdentities:identities message:title] == NSOKButton) { - NSUInteger index = [identities indexOfObject:(id)[panel identity]]; - DCHECK(index != NSNotFound); - cert = cert_request_info_->client_certs[index]; - } - - // Finally, tell the back end which identity (or none) the user selected. - CertificateSelected(cert); -} diff --git a/chrome/browser/ssl/ssl_client_auth_handler_win.cc b/chrome/browser/ssl/ssl_client_auth_handler_win.cc deleted file mode 100644 index cbac1ae..0000000 --- a/chrome/browser/ssl/ssl_client_auth_handler_win.cc +++ /dev/null @@ -1,58 +0,0 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "chrome/browser/ssl/ssl_client_auth_handler.h" - -#include <cryptuiapi.h> -#pragma comment(lib, "cryptui.lib") - -#include "app/l10n_util.h" -#include "base/string_util.h" -#include "chrome/browser/browser_list.h" -#include "chrome/browser/browser.h" -#include "chrome/browser/browser_window.h" -#include "chrome/browser/chrome_thread.h" -#include "grit/generated_resources.h" -#include "net/url_request/url_request.h" - -void SSLClientAuthHandler::DoSelectCertificate() { - net::X509Certificate* cert = NULL; - // TODO(jcampan): replace this with our own cert selection dialog. - // CryptUIDlgSelectCertificateFromStore is blocking (but still processes - // Windows messages), which is scary. - HCERTSTORE client_certs = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, NULL, - 0, NULL); - BOOL ok; - for (size_t i = 0; i < cert_request_info_->client_certs.size(); ++i) { - PCCERT_CONTEXT cc = cert_request_info_->client_certs[i]->os_cert_handle(); - ok = CertAddCertificateContextToStore(client_certs, cc, - CERT_STORE_ADD_ALWAYS, NULL); - DCHECK(ok); - } - - HWND browser_hwnd = NULL; - Browser* browser = BrowserList::GetLastActive(); - if (browser) - browser_hwnd = browser->window()->GetNativeHandle(); - - std::wstring title = l10n_util::GetString(IDS_CLIENT_CERT_DIALOG_TITLE); - std::wstring text = l10n_util::GetStringF( - IDS_CLIENT_CERT_DIALOG_TEXT, - ASCIIToWide(cert_request_info_->host_and_port)); - PCCERT_CONTEXT cert_context = CryptUIDlgSelectCertificateFromStore( - client_certs, browser_hwnd, title.c_str(), text.c_str(), 0, 0, NULL); - - if (cert_context) { - cert = net::X509Certificate::CreateFromHandle( - cert_context, - net::X509Certificate::SOURCE_LONE_CERT_IMPORT, - net::X509Certificate::OSCertHandles()); - net::X509Certificate::FreeOSCertHandle(cert_context); - } - - ok = CertCloseStore(client_certs, CERT_CLOSE_STORE_CHECK_FLAG); - DCHECK(ok); - - CertificateSelected(cert); -} |