Linux: implement Client SSL Certificate selection UI

BUG=25241
TEST=Visit site for which you have a client certificate, verify that dialog comes up and you can select your cert (or cancel)

Review URL: http://codereview.chromium.org/661241

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40587 0039d316-1c4b-4281-b951-d872f2087c98

6 files changed, 189 insertions, 22 deletions

diff --git a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
index 6f6d9f2..3c16cf0 100644
--- a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
+++ b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
@@ -688,13 +688,34 @@ std::string ProcessBMPString(SECItem* extension_data) {
 }
 
 struct MaskIdPair {
-  unsigned char mask;
+  unsigned int mask;
   int string_id;
 };
 
+static std::string ProcessBitField(SECItem* bitfield,
+                                   const MaskIdPair* string_map,
+                                   size_t len,
+                                   char separator) {
+  unsigned int bits = 0;
+  std::string rv;
+  // NSS bit flags like KU_DIGITAL_SIGNATURE, etc. are defined with the
+  // assumption that the bitfields have at most 8 bits.
+  if (bitfield->len)
+    bits = bitfield->data[0];
+  for (size_t i = 0; i < len; ++i) {
+    if (bits & string_map[i].mask) {
+      if (!rv.empty())
+        rv += separator;
+      rv += l10n_util::GetStringUTF8(string_map[i].string_id);
+    }
+  }
+  return rv;
+}
+
 static std::string ProcessBitStringExtension(SECItem* extension_data,
                                              const MaskIdPair* string_map,
-                                             size_t len) {
+                                             size_t len,
+                                             char separator) {
   SECItem decoded;
   decoded.type = siBuffer;
   decoded.data = NULL;
@@ -702,19 +723,13 @@ static std::string ProcessBitStringExtension(SECItem* extension_data,
   if (SEC_ASN1DecodeItem(NULL, &decoded, SEC_ASN1_GET(SEC_BitStringTemplate),
                          extension_data) != SECSuccess)
     return l10n_util::GetStringUTF8(IDS_CERT_EXTENSION_DUMP_ERROR);
-
-  std::string rv;
-  for (size_t i = 0; i < len; ++i) {
-    if (decoded.data[0] & string_map[i].mask) {
-      rv += l10n_util::GetStringUTF8(string_map[i].string_id) + '\n';
-    }
-  }
+  std::string rv = ProcessBitField(&decoded, string_map, len, separator);
   PORT_Free(decoded.data);
   return rv;
 }
 
 std::string ProcessNSCertTypeExtension(SECItem* extension_data) {
-  MaskIdPair usage_string_map[] = {
+  static const MaskIdPair usage_string_map[] = {
     {NS_CERT_TYPE_SSL_CLIENT, IDS_CERT_USAGE_SSL_CLIENT},
     {NS_CERT_TYPE_SSL_SERVER, IDS_CERT_USAGE_SSL_SERVER},
     {NS_CERT_TYPE_EMAIL, IDS_CERT_EXT_NS_CERT_TYPE_EMAIL},
@@ -724,21 +739,30 @@ std::string ProcessNSCertTypeExtension(SECItem* extension_data) {
     {NS_CERT_TYPE_OBJECT_SIGNING_CA, IDS_CERT_USAGE_OBJECT_SIGNER},
   };
   return ProcessBitStringExtension(extension_data, usage_string_map,
-                                   ARRAYSIZE_UNSAFE(usage_string_map));
+                                   ARRAYSIZE_UNSAFE(usage_string_map), '\n');
+}
+
+static const MaskIdPair key_usage_string_map[] = {
+  {KU_DIGITAL_SIGNATURE, IDS_CERT_X509_KEY_USAGE_SIGNING},
+  {KU_NON_REPUDIATION, IDS_CERT_X509_KEY_USAGE_NONREP},
+  {KU_KEY_ENCIPHERMENT, IDS_CERT_X509_KEY_USAGE_ENCIPHERMENT},
+  {KU_DATA_ENCIPHERMENT, IDS_CERT_X509_KEY_USAGE_DATA_ENCIPHERMENT},
+  {KU_KEY_AGREEMENT, IDS_CERT_X509_KEY_USAGE_KEY_AGREEMENT},
+  {KU_KEY_CERT_SIGN, IDS_CERT_X509_KEY_USAGE_CERT_SIGNER},
+  {KU_CRL_SIGN, IDS_CERT_X509_KEY_USAGE_CRL_SIGNER},
+  {KU_ENCIPHER_ONLY, IDS_CERT_X509_KEY_USAGE_ENCIPHER_ONLY},
+  // NSS is missing a flag for dechiperOnly, see:
+  // https://bugzilla.mozilla.org/show_bug.cgi?id=549952
+};
+
+std::string ProcessKeyUsageBitString(SECItem* bitstring, char sep) {
+  return ProcessBitField(bitstring, key_usage_string_map,
+                         arraysize(key_usage_string_map), sep);
 }
 
 std::string ProcessKeyUsageExtension(SECItem* extension_data) {
-  MaskIdPair usage_string_map[] = {
-    {KU_DIGITAL_SIGNATURE, IDS_CERT_X509_KEY_USAGE_SIGNING},
-    {KU_NON_REPUDIATION, IDS_CERT_X509_KEY_USAGE_NONREP},
-    {KU_KEY_ENCIPHERMENT, IDS_CERT_X509_KEY_USAGE_ENCIPHERMENT},
-    {KU_DATA_ENCIPHERMENT, IDS_CERT_X509_KEY_USAGE_DATA_ENCIPHERMENT},
-    {KU_KEY_AGREEMENT, IDS_CERT_X509_KEY_USAGE_KEY_AGREEMENT},
-    {KU_KEY_CERT_SIGN, IDS_CERT_X509_KEY_USAGE_CERT_SIGNER},
-    {KU_CRL_SIGN, IDS_CERT_X509_KEY_USAGE_CRL_SIGNER},
-  };
-  return ProcessBitStringExtension(extension_data, usage_string_map,
-                                   ARRAYSIZE_UNSAFE(usage_string_map));
+  return ProcessBitStringExtension(extension_data, key_usage_string_map,
+                                   arraysize(key_usage_string_map), '\n');
 }
 
 std::string ProcessExtKeyUsage(SECItem* extension_data) {
diff --git a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h
index ba0a445..5741c69 100644
--- a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h
+++ b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h
@@ -88,6 +88,7 @@ std::string ProcessAuthInfoAccess(SECItem* extension_data);
 std::string ProcessIA5String(SECItem* extension_data);
 std::string ProcessBMPString(SECItem* extension_data);
 std::string ProcessNSCertTypeExtension(SECItem* extension_data);
+std::string ProcessKeyUsageBitString(SECItem* bitstring, char sep);
 std::string ProcessKeyUsageExtension(SECItem* extension_data);
 std::string ProcessExtKeyUsage(SECItem* extension_data);
 std::string ProcessExtensionData(SECOidTag oid_tag, SECItem* extension_data);
diff --git a/chrome/third_party/mozilla_security_manager/nsNSSCertificate.cpp b/chrome/third_party/mozilla_security_manager/nsNSSCertificate.cpp
index 9d1abe8..74624ab 100644
--- a/chrome/third_party/mozilla_security_manager/nsNSSCertificate.cpp
+++ b/chrome/third_party/mozilla_security_manager/nsNSSCertificate.cpp
@@ -40,6 +40,11 @@
 
 #include "chrome/third_party/mozilla_security_manager/nsNSSCertificate.h"
 
+#include <pk11func.h>
+
+#include "app/l10n_util.h"
+#include "grit/generated_resources.h"
+
 namespace mozilla_security_manager {
 
 std::string GetCertTitle(CERTCertificate* cert) {
@@ -62,4 +67,12 @@ std::string GetCertTitle(CERTCertificate* cert) {
   return rv;
 }
 
+std::string GetCertTokenName(CERTCertificate* cert) {
+  std::string token;
+  if (cert->slot) {
+    token = PK11_GetTokenName(cert->slot);
+  }
+  return token;
+}
+
 }  // namespace mozilla_security_manager
diff --git a/chrome/third_party/mozilla_security_manager/nsNSSCertificate.h b/chrome/third_party/mozilla_security_manager/nsNSSCertificate.h
index 8ac10e6..b436601 100644
--- a/chrome/third_party/mozilla_security_manager/nsNSSCertificate.h
+++ b/chrome/third_party/mozilla_security_manager/nsNSSCertificate.h
@@ -50,6 +50,9 @@ namespace mozilla_security_manager {
 // Based on nsNSSCertificate::GetWindowTitle.
 std::string GetCertTitle(CERTCertificate* cert);
 
+// Based on nsNSSCertificate::GetTokenName.
+std::string GetCertTokenName(CERTCertificate* cert);
+
 }  // namespace mozilla_security_manager
 
 #endif  // CHROME_THIRD_PARTY_MOZILLA_SECURITY_MANAGER_NSNSSCERTIFICATE_H_
diff --git a/chrome/third_party/mozilla_security_manager/nsUsageArrayHelper.cpp b/chrome/third_party/mozilla_security_manager/nsUsageArrayHelper.cpp
new file mode 100644
index 0000000..234e4dd
--- /dev/null
+++ b/chrome/third_party/mozilla_security_manager/nsUsageArrayHelper.cpp
@@ -0,0 +1,73 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *  John Gardiner Myers <jgmyers@speakeasy.net>
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "chrome/third_party/mozilla_security_manager/nsUsageArrayHelper.h"
+
+#include "app/l10n_util.h"
+#include "grit/generated_resources.h"
+
+namespace mozilla_security_manager {
+
+void GetCertUsageStrings(CERTCertificate* cert, std::vector<std::string>* out) {
+  SECCertificateUsage usages = 0;
+  // TODO(wtc): See if we should use X509Certificate::Verify instead.
+  if (CERT_VerifyCertificateNow(CERT_GetDefaultCertDB(), cert, PR_TRUE,
+                                certificateUsageCheckAllUsages,
+                                NULL, &usages) == SECSuccess) {
+    static const struct {
+      SECCertificateUsage usage;
+      int string_id;
+    } usage_string_map[] = {
+      {certificateUsageSSLClient, IDS_CERT_USAGE_SSL_CLIENT},
+      {certificateUsageSSLServer, IDS_CERT_USAGE_SSL_SERVER},
+      {certificateUsageSSLServerWithStepUp,
+        IDS_CERT_USAGE_SSL_SERVER_WITH_STEPUP},
+      {certificateUsageEmailSigner, IDS_CERT_USAGE_EMAIL_SIGNER},
+      {certificateUsageEmailRecipient, IDS_CERT_USAGE_EMAIL_RECEIVER},
+      {certificateUsageObjectSigner, IDS_CERT_USAGE_OBJECT_SIGNER},
+      {certificateUsageSSLCA, IDS_CERT_USAGE_SSL_CA},
+      {certificateUsageStatusResponder, IDS_CERT_USAGE_STATUS_RESPONDER},
+    };
+    for (size_t i = 0; i < ARRAYSIZE_UNSAFE(usage_string_map); ++i) {
+      if (usages & usage_string_map[i].usage)
+        out->push_back(l10n_util::GetStringUTF8(
+            usage_string_map[i].string_id));
+    }
+  }
+}
+
+}  // namespace mozilla_security_manager
diff --git a/chrome/third_party/mozilla_security_manager/nsUsageArrayHelper.h b/chrome/third_party/mozilla_security_manager/nsUsageArrayHelper.h
new file mode 100644
index 0000000..31ba550
--- /dev/null
+++ b/chrome/third_party/mozilla_security_manager/nsUsageArrayHelper.h
@@ -0,0 +1,53 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *  John Gardiner Myers <jgmyers@speakeasy.net>
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#ifndef CHROME_THIRD_PARTY_MOZILLA_SECURITY_MANAGER_NSUSAGEARRAYHELPER_H_
+#define CHROME_THIRD_PARTY_MOZILLA_SECURITY_MANAGER_NSUSAGEARRAYHELPER_H_
+
+#include <cert.h>
+
+#include <string>
+#include <vector>
+
+namespace mozilla_security_manager {
+
+// Based on nsUsageArrayHelper::GetUsagesArray.
+void GetCertUsageStrings(CERTCertificate* cert, std::vector<std::string>* out);
+
+}  // namespace mozilla_security_manager
+
+#endif  // CHROME_THIRD_PARTY_MOZILLA_SECURITY_MANAGER_NSUSAGEARRAYHELPER_H_