Refactor SSLClientAuthHandler and certificate selection

This cleans up much of the code involved in displaying a certificate selection
dialog to the user.

- Adds a new inner class to RenderViewHostDelegate (later to be populated
  with more SSL things).
- Adds a helper class for TabContents' implementation.
- Moves the certificate dialogs themselves to have a common entry point.
- Makes SSLClientAuthHandler call the RVHDelegate to query the user, with the
  TabContents implementation displaying the dialogs.
- Picks the correct parent window for the dialog on all platforms, instead of
  relying on BrowserList::GetLastActive
- Makes the OS X implementation use an asynchronous sheet, now that we know the
  parent.
- Fixes an index-mismatch problem in the OS X implementation, should we fail to create an identity.

R=agl,brettw,mark
BUG=148
TEST=selecting client certificates still works

Review URL: http://codereview.chromium.org/2823038

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53231 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 61 insertions, 0 deletions

diff --git a/chrome/browser/views/ssl_client_certificate_selector_win.cc b/chrome/browser/views/ssl_client_certificate_selector_win.cc
new file mode 100644
index 0000000..cf5ad4f3
--- /dev/null
+++ b/chrome/browser/views/ssl_client_certificate_selector_win.cc
@@ -0,0 +1,61 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/ssl_client_certificate_selector.h"
+
+#include <cryptuiapi.h>
+#pragma comment(lib, "cryptui.lib")
+
+#include "app/l10n_util.h"
+#include "base/string_util.h"
+#include "chrome/browser/browser_list.h"
+#include "chrome/browser/browser.h"
+#include "chrome/browser/browser_window.h"
+#include "chrome/browser/chrome_thread.h"
+#include "chrome/browser/ssl/ssl_client_auth_handler.h"
+#include "grit/generated_resources.h"
+#include "net/url_request/url_request.h"
+
+namespace browser {
+
+void ShowSSLClientCertificateSelector(
+    gfx::NativeWindow parent,
+    net::SSLCertRequestInfo* cert_request_info,
+    SSLClientAuthHandler* delegate) {
+  net::X509Certificate* cert = NULL;
+  // TODO(jcampan): replace this with our own cert selection dialog.
+  // CryptUIDlgSelectCertificateFromStore is blocking (but still processes
+  // Windows messages), which is scary.
+  HCERTSTORE client_certs = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, NULL,
+                                          0, NULL);
+  BOOL ok;
+  for (size_t i = 0; i < cert_request_info->client_certs.size(); ++i) {
+    PCCERT_CONTEXT cc = cert_request_info->client_certs[i]->os_cert_handle();
+    ok = CertAddCertificateContextToStore(client_certs, cc,
+                                          CERT_STORE_ADD_ALWAYS, NULL);
+    DCHECK(ok);
+  }
+
+  std::wstring title = l10n_util::GetString(IDS_CLIENT_CERT_DIALOG_TITLE);
+  std::wstring text = l10n_util::GetStringF(
+      IDS_CLIENT_CERT_DIALOG_TEXT,
+      ASCIIToWide(cert_request_info->host_and_port));
+  PCCERT_CONTEXT cert_context = CryptUIDlgSelectCertificateFromStore(
+      client_certs, parent, title.c_str(), text.c_str(), 0, 0, NULL);
+
+  if (cert_context) {
+    cert = net::X509Certificate::CreateFromHandle(
+        cert_context,
+        net::X509Certificate::SOURCE_LONE_CERT_IMPORT,
+        net::X509Certificate::OSCertHandles());
+    net::X509Certificate::FreeOSCertHandle(cert_context);
+  }
+
+  ok = CertCloseStore(client_certs, CERT_CLOSE_STORE_CHECK_FLAG);
+  DCHECK(ok);
+
+  delegate->CertificateSelected(cert);
+}
+
+}  // namespace browser