summaryrefslogtreecommitdiffstats
path: root/chrome/browser/ssl
diff options
context:
space:
mode:
authordavidben@chromium.org <davidben@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-07-21 19:34:49 +0000
committerdavidben@chromium.org <davidben@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-07-21 19:34:49 +0000
commit1f18184a07252103a8cd9652d64de749f41ef09f (patch)
tree7e0c5eb9dea2890d8231eb7ad69dec318ac6e610 /chrome/browser/ssl
parent348b9bc12d4e2ccd03a7fbcb327a3975207a5fec (diff)
downloadchromium_src-1f18184a07252103a8cd9652d64de749f41ef09f.zip
chromium_src-1f18184a07252103a8cd9652d64de749f41ef09f.tar.gz
chromium_src-1f18184a07252103a8cd9652d64de749f41ef09f.tar.bz2
Refactor SSLClientAuthHandler and certificate selection
This cleans up much of the code involved in displaying a certificate selection dialog to the user. - Adds a new inner class to RenderViewHostDelegate (later to be populated with more SSL things). - Adds a helper class for TabContents' implementation. - Moves the certificate dialogs themselves to have a common entry point. - Makes SSLClientAuthHandler call the RVHDelegate to query the user, with the TabContents implementation displaying the dialogs. - Picks the correct parent window for the dialog on all platforms, instead of relying on BrowserList::GetLastActive - Makes the OS X implementation use an asynchronous sheet, now that we know the parent. - Fixes an index-mismatch problem in the OS X implementation, should we fail to create an identity. R=agl,brettw,mark BUG=148 TEST=selecting client certificates still works Review URL: http://codereview.chromium.org/2823038 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53231 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/ssl')
-rw-r--r--chrome/browser/ssl/ssl_client_auth_handler.cc50
-rw-r--r--chrome/browser/ssl/ssl_client_auth_handler.h14
-rw-r--r--chrome/browser/ssl/ssl_client_auth_handler_gtk.cc330
-rw-r--r--chrome/browser/ssl/ssl_client_auth_handler_mac.mm63
-rw-r--r--chrome/browser/ssl/ssl_client_auth_handler_win.cc58
5 files changed, 37 insertions, 478 deletions
diff --git a/chrome/browser/ssl/ssl_client_auth_handler.cc b/chrome/browser/ssl/ssl_client_auth_handler.cc
index f46c6f3..74b25bf 100644
--- a/chrome/browser/ssl/ssl_client_auth_handler.cc
+++ b/chrome/browser/ssl/ssl_client_auth_handler.cc
@@ -4,13 +4,10 @@
#include "chrome/browser/ssl/ssl_client_auth_handler.h"
-#include "app/l10n_util.h"
-#include "base/string_util.h"
-#include "chrome/browser/browser_list.h"
-#include "chrome/browser/browser.h"
-#include "chrome/browser/browser_window.h"
#include "chrome/browser/chrome_thread.h"
-#include "grit/generated_resources.h"
+#include "chrome/browser/renderer_host/render_view_host_delegate.h"
+#include "chrome/browser/renderer_host/render_view_host_notification_task.h"
+#include "chrome/browser/renderer_host/resource_dispatcher_host.h"
#include "net/url_request/url_request.h"
SSLClientAuthHandler::SSLClientAuthHandler(
@@ -18,11 +15,11 @@ SSLClientAuthHandler::SSLClientAuthHandler(
net::SSLCertRequestInfo* cert_request_info)
: request_(request),
cert_request_info_(cert_request_info) {
- // Keep us alive until a cert is selected.
- AddRef();
}
SSLClientAuthHandler::~SSLClientAuthHandler() {
+ // If we were simply dropped, then act as if we selected no certificate.
+ DoCertificateSelected(NULL);
}
void SSLClientAuthHandler::OnRequestCancelled() {
@@ -30,14 +27,24 @@ void SSLClientAuthHandler::OnRequestCancelled() {
}
void SSLClientAuthHandler::SelectCertificate() {
- // Let's move the request to the UI thread.
- ChromeThread::PostTask(
- ChromeThread::UI, FROM_HERE,
- NewRunnableMethod(this, &SSLClientAuthHandler::DoSelectCertificate));
-}
+ DCHECK(ChromeThread::CurrentlyOn(ChromeThread::IO));
-// Looking for DoSelectCertificate()?
-// It's implemented in a separate source file for each platform.
+ int render_process_host_id;
+ int render_view_host_id;
+ if (!ResourceDispatcherHost::RenderViewForRequest(request_,
+ &render_process_host_id,
+ &render_view_host_id))
+ NOTREACHED();
+
+ // If the RVH does not exist by the time this task gets run, then the task
+ // will be dropped and the scoped_refptr to SSLClientAuthHandler will go
+ // away, so we do not leak anything. The destructor takes care of ensuring
+ // the URLRequest always gets a response.
+ CallRenderViewHostSSLDelegate(
+ render_process_host_id, render_view_host_id,
+ &RenderViewHostDelegate::SSL::ShowClientCertificateRequestDialog,
+ scoped_refptr<SSLClientAuthHandler>(this));
+}
// Notify the IO thread that we have selected a cert.
void SSLClientAuthHandler::CertificateSelected(net::X509Certificate* cert) {
@@ -48,11 +55,12 @@ void SSLClientAuthHandler::CertificateSelected(net::X509Certificate* cert) {
}
void SSLClientAuthHandler::DoCertificateSelected(net::X509Certificate* cert) {
- // request_ could have been NULLed if the request was cancelled while the user
- // was choosing a cert.
- if (request_)
+ DCHECK(ChromeThread::CurrentlyOn(ChromeThread::IO));
+ // request_ could have been NULLed if the request was cancelled while the
+ // user was choosing a cert, or because we have already responded to the
+ // certificate.
+ if (request_) {
request_->ContinueWithCertificate(cert);
-
- // We are done.
- Release();
+ request_ = NULL;
+ }
}
diff --git a/chrome/browser/ssl/ssl_client_auth_handler.h b/chrome/browser/ssl/ssl_client_auth_handler.h
index f63d4c9..05148d5 100644
--- a/chrome/browser/ssl/ssl_client_auth_handler.h
+++ b/chrome/browser/ssl/ssl_client_auth_handler.h
@@ -7,6 +7,7 @@
#include "base/basictypes.h"
#include "base/ref_counted.h"
+#include "chrome/browser/chrome_thread.h"
#include "net/base/ssl_cert_request_info.h"
namespace net {
@@ -19,7 +20,8 @@ class URLRequest;
// It is self-owned and deletes itself when the UI reports the user selection or
// when the URLRequest is cancelled.
class SSLClientAuthHandler
- : public base::RefCountedThreadSafe<SSLClientAuthHandler> {
+ : public base::RefCountedThreadSafe<SSLClientAuthHandler,
+ ChromeThread::DeleteOnIOThread> {
public:
SSLClientAuthHandler(URLRequest* request,
net::SSLCertRequestInfo* cert_request_info);
@@ -38,15 +40,15 @@ class SSLClientAuthHandler
// be long after DoSelectCertificate returns, if the UI is modeless/async.)
void CertificateSelected(net::X509Certificate* cert);
+ // Returns the SSLCertRequestInfo for this handler.
+ net::SSLCertRequestInfo* cert_request_info() { return cert_request_info_; }
+
private:
- friend class base::RefCountedThreadSafe<SSLClientAuthHandler>;
+ friend class ChromeThread;
+ friend class DeleteTask<SSLClientAuthHandler>;
~SSLClientAuthHandler();
- // Asks the user for a cert.
- // Called on the UI thread.
- void DoSelectCertificate();
-
// Notifies that the user has selected a cert.
// Called on the IO thread.
void DoCertificateSelected(net::X509Certificate* cert);
diff --git a/chrome/browser/ssl/ssl_client_auth_handler_gtk.cc b/chrome/browser/ssl/ssl_client_auth_handler_gtk.cc
deleted file mode 100644
index 1045ef9..0000000
--- a/chrome/browser/ssl/ssl_client_auth_handler_gtk.cc
+++ /dev/null
@@ -1,330 +0,0 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "chrome/browser/ssl/ssl_client_auth_handler.h"
-
-#include <cert.h>
-#include <gtk/gtk.h>
-
-#include <string>
-#include <vector>
-
-#include "app/l10n_util.h"
-#include "base/i18n/time_formatting.h"
-#include "base/logging.h"
-#include "base/nss_util.h"
-#include "base/utf_string_conversions.h"
-#include "chrome/browser/certificate_viewer.h"
-#include "chrome/browser/gtk/gtk_util.h"
-#include "chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h"
-#include "chrome/third_party/mozilla_security_manager/nsNSSCertificate.h"
-#include "chrome/third_party/mozilla_security_manager/nsUsageArrayHelper.h"
-#include "gfx/native_widget_types.h"
-#include "grit/generated_resources.h"
-#include "net/base/x509_certificate.h"
-
-// PSM = Mozilla's Personal Security Manager.
-namespace psm = mozilla_security_manager;
-
-namespace {
-
-enum {
- RESPONSE_SHOW_CERT_INFO = 1,
-};
-
-
-///////////////////////////////////////////////////////////////////////////////
-// SSLClientCertificateSelector
-
-class SSLClientCertificateSelector {
- public:
- SSLClientCertificateSelector(gfx::NativeWindow parent,
- net::SSLCertRequestInfo* cert_request_info,
- SSLClientAuthHandler* delegate);
-
- void Show();
-
- private:
- void PopulateCerts();
-
- static std::string FormatComboBoxText(CERTCertificate* cert,
- const char* nickname);
- static std::string FormatDetailsText(CERTCertificate* cert);
-
- static void OnComboBoxChanged(GtkComboBox* combo_box,
- SSLClientCertificateSelector* cert_selector);
- static void OnResponse(GtkDialog* dialog, gint response_id,
- SSLClientCertificateSelector* cert_selector);
- static void OnDestroy(GtkDialog* dialog,
- SSLClientCertificateSelector* cert_selector);
-
- SSLClientAuthHandler* delegate_;
- scoped_refptr<net::SSLCertRequestInfo> cert_request_info_;
-
- std::vector<std::string> details_strings_;
-
- GtkWidget* dialog_;
- GtkWidget* cert_combo_box_;
- GtkTextBuffer* cert_details_buffer_;
-};
-
-SSLClientCertificateSelector::SSLClientCertificateSelector(
- gfx::NativeWindow parent,
- net::SSLCertRequestInfo* cert_request_info,
- SSLClientAuthHandler* delegate)
- : delegate_(delegate),
- cert_request_info_(cert_request_info) {
- dialog_ = gtk_dialog_new_with_buttons(
- l10n_util::GetStringFUTF8(
- IDS_CERT_SELECTOR_DIALOG_TITLE,
- UTF8ToUTF16(cert_request_info->host_and_port)).c_str(),
- parent,
- // Non-modal.
- GTK_DIALOG_NO_SEPARATOR,
- l10n_util::GetStringUTF8(IDS_PAGEINFO_CERT_INFO_BUTTON).c_str(),
- RESPONSE_SHOW_CERT_INFO,
- GTK_STOCK_CANCEL,
- GTK_RESPONSE_CANCEL,
- GTK_STOCK_OK,
- GTK_RESPONSE_OK,
- NULL);
- gtk_box_set_spacing(GTK_BOX(GTK_DIALOG(dialog_)->vbox),
- gtk_util::kContentAreaSpacing);
- gtk_dialog_set_default_response(GTK_DIALOG(dialog_), GTK_RESPONSE_OK);
-
- GtkWidget* site_vbox = gtk_vbox_new(FALSE, gtk_util::kControlSpacing);
- gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog_)->vbox), site_vbox,
- FALSE, FALSE, 0);
-
- GtkWidget* site_description_label = gtk_util::CreateBoldLabel(
- l10n_util::GetStringUTF8(IDS_CERT_SELECTOR_SITE_DESCRIPTION_LABEL));
- gtk_box_pack_start(GTK_BOX(site_vbox), site_description_label,
- FALSE, FALSE, 0);
-
- GtkWidget* site_label = gtk_label_new(
- cert_request_info->host_and_port.c_str());
- gtk_util::LeftAlignMisc(site_label);
- gtk_box_pack_start(GTK_BOX(site_vbox), site_label, FALSE, FALSE, 0);
-
- GtkWidget* selector_vbox = gtk_vbox_new(FALSE, gtk_util::kControlSpacing);
- gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog_)->vbox), selector_vbox,
- TRUE, TRUE, 0);
-
- GtkWidget* choose_description_label = gtk_util::CreateBoldLabel(
- l10n_util::GetStringUTF8(IDS_CERT_SELECTOR_CHOOSE_DESCRIPTION_LABEL));
- gtk_box_pack_start(GTK_BOX(selector_vbox), choose_description_label,
- FALSE, FALSE, 0);
-
-
- cert_combo_box_ = gtk_combo_box_new_text();
- g_signal_connect(cert_combo_box_, "changed", G_CALLBACK(OnComboBoxChanged),
- this);
- gtk_box_pack_start(GTK_BOX(selector_vbox), cert_combo_box_,
- FALSE, FALSE, 0);
-
- GtkWidget* details_label = gtk_label_new(l10n_util::GetStringUTF8(
- IDS_CERT_SELECTOR_DETAILS_DESCRIPTION_LABEL).c_str());
- gtk_util::LeftAlignMisc(details_label);
- gtk_box_pack_start(GTK_BOX(selector_vbox), details_label, FALSE, FALSE, 0);
-
- // TODO(mattm): fix text view coloring (should have grey background).
- GtkWidget* cert_details_view = gtk_text_view_new();
- gtk_text_view_set_editable(GTK_TEXT_VIEW(cert_details_view), FALSE);
- gtk_text_view_set_wrap_mode(GTK_TEXT_VIEW(cert_details_view), GTK_WRAP_WORD);
- cert_details_buffer_ = gtk_text_view_get_buffer(
- GTK_TEXT_VIEW(cert_details_view));
- // We put the details in a frame instead of a scrolled window so that the
- // entirety will be visible without requiring scrolling or expanding the
- // dialog. This does however mean the dialog will grow itself if you switch
- // to different cert that has longer details text.
- GtkWidget* details_frame = gtk_frame_new(NULL);
- gtk_frame_set_shadow_type(GTK_FRAME(details_frame), GTK_SHADOW_ETCHED_IN);
- gtk_container_add(GTK_CONTAINER(details_frame), cert_details_view);
- gtk_box_pack_start(GTK_BOX(selector_vbox), details_frame, TRUE, TRUE, 0);
-
- PopulateCerts();
-
- g_signal_connect(dialog_, "response", G_CALLBACK(OnResponse), this);
- g_signal_connect(dialog_, "destroy", G_CALLBACK(OnDestroy), this);
-}
-
-void SSLClientCertificateSelector::Show() {
- gtk_widget_show_all(dialog_);
-}
-
-void SSLClientCertificateSelector::PopulateCerts() {
- CERTCertList* cert_list = CERT_NewCertList();
- for (size_t i = 0; i < cert_request_info_->client_certs.size(); ++i) {
- CERT_AddCertToListTail(
- cert_list,
- CERT_DupCertificate(
- cert_request_info_->client_certs[i]->os_cert_handle()));
- }
- // Would like to use CERT_GetCertNicknameWithValidity on each cert
- // individually instead of having to build a CERTCertList for this, but that
- // function is not exported.
- CERTCertNicknames* nicknames = CERT_NicknameStringsFromCertList(
- cert_list,
- const_cast<char*>(l10n_util::GetStringUTF8(
- IDS_CERT_SELECTOR_CERT_EXPIRED).c_str()),
- const_cast<char*>(l10n_util::GetStringUTF8(
- IDS_CERT_SELECTOR_CERT_NOT_YET_VALID).c_str()));
- DCHECK_EQ(nicknames->numnicknames,
- static_cast<int>(cert_request_info_->client_certs.size()));
-
- for (size_t i = 0; i < cert_request_info_->client_certs.size(); ++i) {
- CERTCertificate* cert =
- cert_request_info_->client_certs[i]->os_cert_handle();
-
- details_strings_.push_back(FormatDetailsText(cert));
-
- gtk_combo_box_append_text(
- GTK_COMBO_BOX(cert_combo_box_),
- FormatComboBoxText(cert, nicknames->nicknames[i]).c_str());
- }
-
- CERT_FreeNicknames(nicknames);
- CERT_DestroyCertList(cert_list);
-
- // Auto-select the first cert.
- gtk_combo_box_set_active(GTK_COMBO_BOX(cert_combo_box_), 0);
-}
-
-// static
-std::string SSLClientCertificateSelector::FormatComboBoxText(
- CERTCertificate* cert, const char* nickname) {
- std::string rv(nickname);
- char* serial_hex = CERT_Hexify(&cert->serialNumber, TRUE);
- rv += " [";
- rv += serial_hex;
- rv += ']';
- PORT_Free(serial_hex);
- return rv;
-}
-
-// static
-std::string SSLClientCertificateSelector::FormatDetailsText(
- CERTCertificate* cert) {
- std::string rv;
-
- rv += l10n_util::GetStringFUTF8(IDS_CERT_SUBJECTNAME_FORMAT,
- UTF8ToUTF16(cert->subjectName));
-
- char* serial_hex = CERT_Hexify(&cert->serialNumber, TRUE);
- rv += "\n ";
- rv += l10n_util::GetStringFUTF8(IDS_CERT_SERIAL_NUMBER_FORMAT,
- UTF8ToUTF16(serial_hex));
- PORT_Free(serial_hex);
-
- PRTime issued, expires;
- if (CERT_GetCertTimes(cert, &issued, &expires) == SECSuccess) {
- string16 issued_str = WideToUTF16(
- base::TimeFormatShortDateAndTime(base::PRTimeToBaseTime(issued)));
- string16 expires_str = WideToUTF16(
- base::TimeFormatShortDateAndTime(base::PRTimeToBaseTime(expires)));
- rv += "\n ";
- rv += l10n_util::GetStringFUTF8(IDS_CERT_VALIDITY_RANGE_FORMAT,
- issued_str, expires_str);
- }
-
- std::vector<std::string> usages;
- psm::GetCertUsageStrings(cert, &usages);
- if (usages.size()) {
- rv += "\n ";
- rv += l10n_util::GetStringFUTF8(IDS_CERT_X509_EXTENDED_KEY_USAGE_FORMAT,
- UTF8ToUTF16(JoinString(usages, ',')));
- }
-
- SECItem key_usage;
- key_usage.data = NULL;
- if (CERT_FindKeyUsageExtension(cert, &key_usage) == SECSuccess) {
- std::string key_usage_str = psm::ProcessKeyUsageBitString(&key_usage, ',');
- PORT_Free(key_usage.data);
- if (!key_usage_str.empty()) {
- rv += "\n ";
- rv += l10n_util::GetStringFUTF8(IDS_CERT_X509_KEY_USAGE_FORMAT,
- UTF8ToUTF16(key_usage_str));
- }
- }
-
- std::vector<std::string> email_addresses;
- for (const char* addr = CERT_GetFirstEmailAddress(cert);
- addr; addr = CERT_GetNextEmailAddress(cert, addr)) {
- // The first email addr (from Subject) may be duplicated in Subject
- // Alternative Name, so check subsequent addresses are not equal to the
- // first one before adding to the list.
- if (!email_addresses.size() || email_addresses[0] != addr)
- email_addresses.push_back(addr);
- }
- if (email_addresses.size()) {
- rv += "\n ";
- rv += l10n_util::GetStringFUTF8(
- IDS_CERT_EMAIL_ADDRESSES_FORMAT,
- UTF8ToUTF16(JoinString(email_addresses, ',')));
- }
-
- rv += '\n';
- rv += l10n_util::GetStringFUTF8(IDS_CERT_ISSUERNAME_FORMAT,
- UTF8ToUTF16(cert->issuerName));
-
- string16 token(UTF8ToUTF16(psm::GetCertTokenName(cert)));
- if (!token.empty()) {
- rv += '\n';
- rv += l10n_util::GetStringFUTF8(IDS_CERT_TOKEN_FORMAT, token);
- }
-
- return rv;
-}
-
-// static
-void SSLClientCertificateSelector::OnComboBoxChanged(
- GtkComboBox* combo_box, SSLClientCertificateSelector* cert_selector) {
- int selected = gtk_combo_box_get_active(
- GTK_COMBO_BOX(cert_selector->cert_combo_box_));
- if (selected < 0)
- return;
- gtk_text_buffer_set_text(cert_selector->cert_details_buffer_,
- cert_selector->details_strings_[selected].c_str(),
- cert_selector->details_strings_[selected].size());
-}
-
-// static
-void SSLClientCertificateSelector::OnResponse(
- GtkDialog* dialog, gint response_id,
- SSLClientCertificateSelector* cert_selector) {
- net::X509Certificate* cert = NULL;
- if (response_id == GTK_RESPONSE_OK ||
- response_id == RESPONSE_SHOW_CERT_INFO) {
- int selected = gtk_combo_box_get_active(
- GTK_COMBO_BOX(cert_selector->cert_combo_box_));
- if (selected >= 0 &&
- selected < static_cast<int>(
- cert_selector->cert_request_info_->client_certs.size()))
- cert = cert_selector->cert_request_info_->client_certs[selected];
- }
- if (response_id == RESPONSE_SHOW_CERT_INFO) {
- if (cert)
- ShowCertificateViewer(GTK_WINDOW(cert_selector->dialog_), cert);
- return;
- }
- cert_selector->delegate_->CertificateSelected(cert);
- gtk_widget_destroy(GTK_WIDGET(dialog));
-}
-
-// static
-void SSLClientCertificateSelector::OnDestroy(
- GtkDialog* dialog,
- SSLClientCertificateSelector* cert_selector) {
- delete cert_selector;
-}
-
-} // namespace
-
-///////////////////////////////////////////////////////////////////////////////
-// SSLClientAuthHandler platform specific implementation:
-
-void SSLClientAuthHandler::DoSelectCertificate() {
- // TODO(mattm): Pipe parent gfx::NativeWindow param into here somehow.
- (new SSLClientCertificateSelector(NULL, cert_request_info_, this))->Show();
-}
diff --git a/chrome/browser/ssl/ssl_client_auth_handler_mac.mm b/chrome/browser/ssl/ssl_client_auth_handler_mac.mm
deleted file mode 100644
index cde8acc..0000000
--- a/chrome/browser/ssl/ssl_client_auth_handler_mac.mm
+++ /dev/null
@@ -1,63 +0,0 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "chrome/browser/ssl/ssl_client_auth_handler.h"
-
-#import <SecurityInterface/SFChooseIdentityPanel.h>
-
-#include "app/l10n_util_mac.h"
-#include "base/scoped_cftyperef.h"
-#include "base/scoped_nsobject.h"
-#include "base/string_util.h"
-#include "base/sys_string_conversions.h"
-#include "chrome/browser/chrome_thread.h"
-#include "grit/generated_resources.h"
-#include "net/base/x509_certificate.h"
-
-void SSLClientAuthHandler::DoSelectCertificate() {
- net::X509Certificate* cert = NULL;
- // Create an array of CFIdentityRefs for the certificates:
- size_t num_certs = cert_request_info_->client_certs.size();
- NSMutableArray* identities = [NSMutableArray arrayWithCapacity:num_certs];
- for (size_t i = 0; i < num_certs; ++i) {
- SecCertificateRef cert;
- cert = cert_request_info_->client_certs[i]->os_cert_handle();
- SecIdentityRef identity;
- if (SecIdentityCreateWithCertificate(NULL, cert, &identity) == noErr) {
- [identities addObject:(id)identity];
- CFRelease(identity);
- }
- }
-
- // Get the message to display:
- NSString* title = l10n_util::GetNSString(IDS_CLIENT_CERT_DIALOG_TITLE);
- NSString* message = l10n_util::GetNSStringF(
- IDS_CLIENT_CERT_DIALOG_TEXT,
- ASCIIToUTF16(cert_request_info_->host_and_port));
-
- // Create and set up a system choose-identity panel.
- scoped_nsobject<SFChooseIdentityPanel> panel (
- [[SFChooseIdentityPanel alloc] init]);
- NSString* domain = base::SysUTF8ToNSString(
- "https://" + cert_request_info_->host_and_port);
- [panel setDomain:domain];
- [panel setInformativeText:message];
- [panel setAlternateButtonTitle:l10n_util::GetNSString(IDS_CANCEL)];
- SecPolicyRef sslPolicy;
- if (net::X509Certificate::CreateSSLClientPolicy(&sslPolicy) == noErr) {
- [panel setPolicies:(id)sslPolicy];
- CFRelease(sslPolicy);
- }
-
- // Run the panel, modally.
- // TODO(snej): Change this into a sheet so it doesn't block the runloop!
- if ([panel runModalForIdentities:identities message:title] == NSOKButton) {
- NSUInteger index = [identities indexOfObject:(id)[panel identity]];
- DCHECK(index != NSNotFound);
- cert = cert_request_info_->client_certs[index];
- }
-
- // Finally, tell the back end which identity (or none) the user selected.
- CertificateSelected(cert);
-}
diff --git a/chrome/browser/ssl/ssl_client_auth_handler_win.cc b/chrome/browser/ssl/ssl_client_auth_handler_win.cc
deleted file mode 100644
index cbac1ae..0000000
--- a/chrome/browser/ssl/ssl_client_auth_handler_win.cc
+++ /dev/null
@@ -1,58 +0,0 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "chrome/browser/ssl/ssl_client_auth_handler.h"
-
-#include <cryptuiapi.h>
-#pragma comment(lib, "cryptui.lib")
-
-#include "app/l10n_util.h"
-#include "base/string_util.h"
-#include "chrome/browser/browser_list.h"
-#include "chrome/browser/browser.h"
-#include "chrome/browser/browser_window.h"
-#include "chrome/browser/chrome_thread.h"
-#include "grit/generated_resources.h"
-#include "net/url_request/url_request.h"
-
-void SSLClientAuthHandler::DoSelectCertificate() {
- net::X509Certificate* cert = NULL;
- // TODO(jcampan): replace this with our own cert selection dialog.
- // CryptUIDlgSelectCertificateFromStore is blocking (but still processes
- // Windows messages), which is scary.
- HCERTSTORE client_certs = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, NULL,
- 0, NULL);
- BOOL ok;
- for (size_t i = 0; i < cert_request_info_->client_certs.size(); ++i) {
- PCCERT_CONTEXT cc = cert_request_info_->client_certs[i]->os_cert_handle();
- ok = CertAddCertificateContextToStore(client_certs, cc,
- CERT_STORE_ADD_ALWAYS, NULL);
- DCHECK(ok);
- }
-
- HWND browser_hwnd = NULL;
- Browser* browser = BrowserList::GetLastActive();
- if (browser)
- browser_hwnd = browser->window()->GetNativeHandle();
-
- std::wstring title = l10n_util::GetString(IDS_CLIENT_CERT_DIALOG_TITLE);
- std::wstring text = l10n_util::GetStringF(
- IDS_CLIENT_CERT_DIALOG_TEXT,
- ASCIIToWide(cert_request_info_->host_and_port));
- PCCERT_CONTEXT cert_context = CryptUIDlgSelectCertificateFromStore(
- client_certs, browser_hwnd, title.c_str(), text.c_str(), 0, 0, NULL);
-
- if (cert_context) {
- cert = net::X509Certificate::CreateFromHandle(
- cert_context,
- net::X509Certificate::SOURCE_LONE_CERT_IMPORT,
- net::X509Certificate::OSCertHandles());
- net::X509Certificate::FreeOSCertHandle(cert_context);
- }
-
- ok = CertCloseStore(client_certs, CERT_CLOSE_STORE_CHECK_FLAG);
- DCHECK(ok);
-
- CertificateSelected(cert);
-}