diff options
| -rw-r--r-- | chrome/app/generated_resources.grd | 8 | ||||
| -rw-r--r-- | chrome/browser/page_info_model.cc | 19 | ||||
| -rw-r--r-- | chrome/browser/renderer_host/buffered_resource_handler.cc | 3 | ||||
| -rw-r--r-- | chrome/browser/renderer_host/render_view_host_delegate.h | 28 | ||||
| -rw-r--r-- | chrome/browser/renderer_host/x509_user_cert_resource_handler.cc | 10 | ||||
| -rw-r--r-- | chrome/browser/renderer_host/x509_user_cert_resource_handler.h | 7 | ||||
| -rw-r--r-- | chrome/browser/ssl/ssl_add_cert_handler.cc | 75 | ||||
| -rw-r--r-- | chrome/browser/ssl/ssl_add_cert_handler.h | 19 | ||||
| -rw-r--r-- | chrome/browser/tab_contents/tab_contents_ssl_helper.cc | 198 | ||||
| -rw-r--r-- | chrome/browser/tab_contents/tab_contents_ssl_helper.h | 18 | ||||
| -rw-r--r-- | net/base/x509_cert_types.cc | 11 | ||||
| -rw-r--r-- | net/base/x509_cert_types.h | 4 |
12 files changed, 340 insertions, 60 deletions
diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd index a85c66d..08b47b0 100644 --- a/chrome/app/generated_resources.grd +++ b/chrome/app/generated_resources.grd @@ -3117,6 +3117,14 @@ each locale. --> There was an error while trying to store the client certificate. Error <ph name="ERROR_number">$1<ex>207</ex></ph> (<ph name="ERROR_NAME">$2<ex>net::ERR_CERT_INVALID</ex></ph>). </message> + <!-- Certificate success infobar --> + <message name="IDS_ADD_CERT_SUCCESS_INFOBAR_LABEL" desc="Label displayed in an infobar when the browser successfully imports a certificate"> + Successfully stored client certificate issued by <ph name="ISSUER">$1<ex>VeriSign</ex></ph>. + </message> + <message name="IDS_ADD_CERT_SUCCESS_INFOBAR_BUTTON" desc="The label of the 'view' button on the infobar after a client certificate import; clicking opens a certificate viewer for the new certificate"> + View + </message> + <!-- Basic Auth Dialog --> <message name="IDS_LOGIN_DIALOG_TITLE" desc="String to be displayed in the title bar of the login prompt dialog"> Authentication Required diff --git a/chrome/browser/page_info_model.cc b/chrome/browser/page_info_model.cc index 636e252..229b002 100644 --- a/chrome/browser/page_info_model.cc +++ b/chrome/browser/page_info_model.cc @@ -22,21 +22,6 @@ #include "net/base/ssl_cipher_suite_names.h" #include "net/base/x509_certificate.h" -namespace { - // Returns a name that can be used to represent the issuer. It tries in this - // order CN, O and OU and returns the first non-empty one found. - std::string GetIssuerName(const net::CertPrincipal& issuer) { - if (!issuer.common_name.empty()) - return issuer.common_name; - if (!issuer.organization_names.empty()) - return issuer.organization_names[0]; - if (!issuer.organization_unit_names.empty()) - return issuer.organization_unit_names[0]; - - return std::string(); - } -} - PageInfoModel::PageInfoModel(Profile* profile, const GURL& url, const NavigationEntry::SSLStatus& ssl, @@ -88,14 +73,14 @@ PageInfoModel::PageInfoModel(Profile* profile, IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV, UTF8ToUTF16(cert->subject().organization_names[0]), locality, - UTF8ToUTF16(GetIssuerName(cert->issuer())))); + UTF8ToUTF16(cert->issuer().GetDisplayName()))); } else { // Non EV OK HTTPS. if (empty_subject_name) head_line.clear(); // Don't display any title. else head_line.assign(subject_name); - string16 issuer_name(UTF8ToUTF16(GetIssuerName(cert->issuer()))); + string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName())); if (issuer_name.empty()) { issuer_name.assign(l10n_util::GetStringUTF16( IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY)); diff --git a/chrome/browser/renderer_host/buffered_resource_handler.cc b/chrome/browser/renderer_host/buffered_resource_handler.cc index 843fd9a..ebbbcb3 100644 --- a/chrome/browser/renderer_host/buffered_resource_handler.cc +++ b/chrome/browser/renderer_host/buffered_resource_handler.cc @@ -323,7 +323,8 @@ bool BufferedResourceHandler::CompleteResponseStarted(int request_id, } X509UserCertResourceHandler* x509_cert_handler = - new X509UserCertResourceHandler(host_, request_); + new X509UserCertResourceHandler(host_, request_, + info->child_id(), info->route_id()); UseAlternateResourceHandler(request_id, x509_cert_handler); } diff --git a/chrome/browser/renderer_host/render_view_host_delegate.h b/chrome/browser/renderer_host/render_view_host_delegate.h index 4f75d7e..1ed62ed 100644 --- a/chrome/browser/renderer_host/render_view_host_delegate.h +++ b/chrome/browser/renderer_host/render_view_host_delegate.h @@ -40,6 +40,7 @@ class ResourceRedirectDetails; class ResourceRequestDetails; class SkBitmap; class SSLClientAuthHandler; +class SSLAddCertHandler; class TabContents; struct ThumbnailScore; struct ViewHostMsg_DidPrintPage_Params; @@ -539,6 +540,33 @@ class RenderViewHostDelegate { virtual void ShowClientCertificateRequestDialog( scoped_refptr<SSLClientAuthHandler> handler) = 0; + // Called when |handler| encounters an error in verifying a + // received client certificate. Note that, because CAs often will + // not send us intermediate certificates, the verification we can + // do is minimal: we verify the certificate is parseable, that we + // have the corresponding private key, and that the certificate + // has not expired. + virtual void OnVerifyClientCertificateError( + scoped_refptr<SSLAddCertHandler> handler, int error_code) = 0; + + // Called when |handler| requests the user's confirmation in adding a + // client certificate. + virtual void AskToAddClientCertificate( + scoped_refptr<SSLAddCertHandler> handler) = 0; + + // Called when |handler| successfully adds a client certificate. + virtual void OnAddClientCertificateSuccess( + scoped_refptr<SSLAddCertHandler> handler) = 0; + + // Called when |handler| encounters an error adding a client certificate. + virtual void OnAddClientCertificateError( + scoped_refptr<SSLAddCertHandler> handler, int error_code) = 0; + + // Called when |handler| has completed, so the delegate may release any + // state accumulated. + virtual void OnAddClientCertificateFinished( + scoped_refptr<SSLAddCertHandler> handler) = 0; + protected: virtual ~SSL() {} }; diff --git a/chrome/browser/renderer_host/x509_user_cert_resource_handler.cc b/chrome/browser/renderer_host/x509_user_cert_resource_handler.cc index 3dcc8ee..40bde4d 100644 --- a/chrome/browser/renderer_host/x509_user_cert_resource_handler.cc +++ b/chrome/browser/renderer_host/x509_user_cert_resource_handler.cc @@ -19,13 +19,16 @@ #include "net/http/http_response_headers.h" X509UserCertResourceHandler::X509UserCertResourceHandler( - ResourceDispatcherHost* host, URLRequest* request) + ResourceDispatcherHost* host, URLRequest* request, + int render_process_host_id, int render_view_id) : host_(host), request_(request), content_length_(0), buffer_(new DownloadBuffer), read_buffer_(NULL), - resource_buffer_(NULL) { + resource_buffer_(NULL), + render_process_host_id_(render_process_host_id), + render_view_id_(render_view_id) { } bool X509UserCertResourceHandler::OnUploadProgress(int request_id, @@ -101,7 +104,8 @@ bool X509UserCertResourceHandler::OnResponseCompleted( net::X509Certificate::CreateFromBytes(resource_buffer_->data(), content_length_); // The handler will run the UI and delete itself when it's finished. - new SSLAddCertHandler(request_, cert); + new SSLAddCertHandler(request_, cert, render_process_host_id_, + render_view_id_); return true; } diff --git a/chrome/browser/renderer_host/x509_user_cert_resource_handler.h b/chrome/browser/renderer_host/x509_user_cert_resource_handler.h index b62ddbf..cedb0f0 100644 --- a/chrome/browser/renderer_host/x509_user_cert_resource_handler.h +++ b/chrome/browser/renderer_host/x509_user_cert_resource_handler.h @@ -19,7 +19,8 @@ class X509UserCertResourceHandler : public ResourceHandler { public: X509UserCertResourceHandler(ResourceDispatcherHost* host, - URLRequest* request); + URLRequest* request, + int render_process_host_id, int render_view_id); bool OnUploadProgress(int request_id, uint64 position, uint64 size); @@ -61,6 +62,10 @@ class X509UserCertResourceHandler : public ResourceHandler { scoped_refptr<net::IOBuffer> read_buffer_; scoped_refptr<net::IOBuffer> resource_buffer_; // Downloaded certificate. static const int kReadBufSize = 32768; + // The id of the |RenderProcessHost| which started the download. + int render_process_host_id_; + // The id of the |RenderView| which started the download. + int render_view_id_; DISALLOW_COPY_AND_ASSIGN(X509UserCertResourceHandler); }; diff --git a/chrome/browser/ssl/ssl_add_cert_handler.cc b/chrome/browser/ssl/ssl_add_cert_handler.cc index 210c502..b6430a7 100644 --- a/chrome/browser/ssl/ssl_add_cert_handler.cc +++ b/chrome/browser/ssl/ssl_add_cert_handler.cc @@ -4,45 +4,54 @@ #include "chrome/browser/ssl/ssl_add_cert_handler.h" -#include "app/l10n_util.h" -#include "base/string_number_conversions.h" -#include "chrome/browser/browser_list.h" -#include "chrome/browser/browser.h" -#include "chrome/browser/browser_window.h" #include "chrome/browser/chrome_thread.h" -#include "chrome/browser/platform_util.h" -#include "grit/generated_resources.h" +#include "chrome/browser/renderer_host/render_view_host_delegate.h" +#include "chrome/browser/renderer_host/render_view_host_notification_task.h" +#include "chrome/browser/renderer_host/resource_dispatcher_host.h" +#include "chrome/browser/renderer_host/resource_dispatcher_host_request_info.h" #include "net/base/cert_database.h" #include "net/base/net_errors.h" #include "net/base/x509_certificate.h" #include "net/url_request/url_request.h" SSLAddCertHandler::SSLAddCertHandler(URLRequest* request, - net::X509Certificate* cert) - : cert_(cert) { - // Stay alive until the UI completes and Finished() is called. + net::X509Certificate* cert, + int render_process_host_id, + int render_view_id) + : cert_(cert), + render_process_host_id_(render_process_host_id), + render_view_id_(render_view_id) { + ResourceDispatcherHostRequestInfo* info = + ResourceDispatcherHost::InfoForRequest(request); + network_request_id_ = info->request_id(); + // Stay alive until the process completes and Finished() is called. AddRef(); + // Delay adding the certificate until the next mainloop iteration. ChromeThread::PostTask( - ChromeThread::UI, FROM_HERE, - NewRunnableMethod(this, &SSLAddCertHandler::RunUI)); + ChromeThread::IO, FROM_HERE, + NewRunnableMethod(this, &SSLAddCertHandler::Run)); } -void SSLAddCertHandler::RunUI() { +void SSLAddCertHandler::Run() { int cert_error; { net::CertDatabase db; cert_error = db.CheckUserCert(cert_); } if (cert_error != net::OK) { - // TODO(snej): Map cert_error to a more specific error message. - ShowError(l10n_util::GetStringFUTF16( - IDS_ADD_CERT_ERR_INVALID_CERT, - base::IntToString16(-cert_error), - ASCIIToUTF16(net::ErrorToString(cert_error)))); + CallRenderViewHostSSLDelegate( + render_process_host_id_, render_view_id_, + &RenderViewHostDelegate::SSL::OnVerifyClientCertificateError, + scoped_refptr<SSLAddCertHandler>(this), cert_error); Finished(false); return; } - AskToAddCert(); + // TODO(davidben): Move the existing certificate dialog elsewhere, make + // AskToAddCert send a message to the RenderViewHostDelegate, and ask when we + // cannot completely verify the certificate for whatever reason. + + // AskToAddCert(); + Finished(true); } #if !defined(OS_MACOSX) @@ -57,20 +66,22 @@ void SSLAddCertHandler::Finished(bool add_cert) { net::CertDatabase db; int cert_error = db.AddUserCert(cert_); if (cert_error != net::OK) { - // TODO(snej): Map cert_error to a more specific error message. - ShowError(l10n_util::GetStringFUTF16( - IDS_ADD_CERT_ERR_FAILED, - base::IntToString16(-cert_error), - ASCIIToUTF16(net::ErrorToString(cert_error)))); + CallRenderViewHostSSLDelegate( + render_process_host_id_, render_view_id_, + &RenderViewHostDelegate::SSL::OnAddClientCertificateError, + scoped_refptr<SSLAddCertHandler>(this), cert_error); + } else { + CallRenderViewHostSSLDelegate( + render_process_host_id_, render_view_id_, + &RenderViewHostDelegate::SSL::OnAddClientCertificateSuccess, + scoped_refptr<SSLAddCertHandler>(this)); } } - Release(); -} + // Inform the RVH that we're finished + CallRenderViewHostSSLDelegate( + render_process_host_id_, render_view_id_, + &RenderViewHostDelegate::SSL::OnAddClientCertificateFinished, + scoped_refptr<SSLAddCertHandler>(this)); -void SSLAddCertHandler::ShowError(const string16& error) { - Browser* browser = BrowserList::GetLastActive(); - platform_util::SimpleErrorBox( - browser ? browser->window()->GetNativeHandle() : NULL, - l10n_util::GetStringUTF16(IDS_ADD_CERT_FAILURE_TITLE), - error); + Release(); } diff --git a/chrome/browser/ssl/ssl_add_cert_handler.h b/chrome/browser/ssl/ssl_add_cert_handler.h index 0e3d8b0..3b33403 100644 --- a/chrome/browser/ssl/ssl_add_cert_handler.h +++ b/chrome/browser/ssl/ssl_add_cert_handler.h @@ -21,10 +21,13 @@ class URLRequest; // It is self-owned and deletes itself when finished. class SSLAddCertHandler : public base::RefCountedThreadSafe<SSLAddCertHandler> { public: - SSLAddCertHandler(URLRequest* request, net::X509Certificate* cert); + SSLAddCertHandler(URLRequest* request, net::X509Certificate* cert, + int render_process_host_id, int render_view_id); net::X509Certificate* cert() { return cert_; } + int network_request_id() const { return network_request_id_; } + // The platform-specific code calls this when it's done, to clean up. // If |addCert| is true, the cert will be added to the CertDatabase. void Finished(bool add_cert); @@ -32,19 +35,23 @@ class SSLAddCertHandler : public base::RefCountedThreadSafe<SSLAddCertHandler> { private: friend class base::RefCountedThreadSafe<SSLAddCertHandler>; - // Runs the user interface. Called on the UI thread. Calls AskToAddCert. - void RunUI(); + // Runs the handler. Called on the IO thread. + void Run(); // Platform-specific code that asks the user whether to add the cert. // Called on the UI thread. void AskToAddCert(); - // Utility to display an error message in a dialog box. - void ShowError(const string16& error); - // The cert to add. scoped_refptr<net::X509Certificate> cert_; + // The id of the request which started the process. + int network_request_id_; + // The id of the |RenderProcessHost| which started the download. + int render_process_host_id_; + // The id of the |RenderView| which started the download. + int render_view_id_; + DISALLOW_COPY_AND_ASSIGN(SSLAddCertHandler); }; diff --git a/chrome/browser/tab_contents/tab_contents_ssl_helper.cc b/chrome/browser/tab_contents/tab_contents_ssl_helper.cc index 0f00d1e..90041d9 100644 --- a/chrome/browser/tab_contents/tab_contents_ssl_helper.cc +++ b/chrome/browser/tab_contents/tab_contents_ssl_helper.cc @@ -4,9 +4,155 @@ #include "chrome/browser/tab_contents/tab_contents_ssl_helper.h" +#include "app/l10n_util.h" +#include "app/resource_bundle.h" +#include "base/basictypes.h" +#include "base/string_number_conversions.h" +#include "base/utf_string_conversions.h" +#include "chrome/browser/certificate_viewer.h" +#include "chrome/browser/ssl/ssl_add_cert_handler.h" #include "chrome/browser/ssl/ssl_client_auth_handler.h" #include "chrome/browser/ssl_client_certificate_selector.h" +#include "chrome/browser/tab_contents/infobar_delegate.h" #include "chrome/browser/tab_contents/tab_contents.h" +#include "chrome/common/notification_service.h" +#include "grit/generated_resources.h" +#include "grit/theme_resources.h" +#include "net/base/net_errors.h" + +namespace { + +SkBitmap* GetCertIcon() { + // TODO(davidben): use a more appropriate icon. + return ResourceBundle::GetSharedInstance().GetBitmapNamed( + IDR_INFOBAR_SAVE_PASSWORD); +} + +class SSLCertAddedInfoBarDelegate : public ConfirmInfoBarDelegate { + public: + SSLCertAddedInfoBarDelegate(TabContents* tab_contents, + net::X509Certificate* cert) + : ConfirmInfoBarDelegate(tab_contents), + tab_contents_(tab_contents), + cert_(cert) { + } + + virtual ~SSLCertAddedInfoBarDelegate() { + } + + // Overridden from ConfirmInfoBarDelegate: + virtual std::wstring GetMessageText() const { + return l10n_util::GetStringF(IDS_ADD_CERT_SUCCESS_INFOBAR_LABEL, + UTF8ToWide(cert_->issuer().GetDisplayName())); + } + + virtual SkBitmap* GetIcon() const { + return GetCertIcon(); + } + + virtual int GetButtons() const { + return BUTTON_OK; + } + + virtual std::wstring GetButtonLabel(InfoBarButton button) const { + switch (button) { + case BUTTON_OK: + return l10n_util::GetString(IDS_ADD_CERT_SUCCESS_INFOBAR_BUTTON); + default: + return std::wstring(); + } + } + + virtual Type GetInfoBarType() { + return PAGE_ACTION_TYPE; + } + + virtual bool Accept() { + ShowCertificateViewer(tab_contents_->GetMessageBoxRootWindow(), cert_); + return false; // Hiding the infobar just as the dialog opens looks weird. + } + + virtual void InfoBarClosed() { + // ConfirmInfoBarDelegate doesn't delete itself. + delete this; + } + + private: + // The TabContents we are attached to + TabContents* tab_contents_; + // The cert we added. + scoped_refptr<net::X509Certificate> cert_; +}; + +} // namespace + +class TabContentsSSLHelper::SSLAddCertData : public NotificationObserver { + public: + SSLAddCertData(TabContents* tab, SSLAddCertHandler* handler) + : tab_(tab), + handler_(handler), + infobar_delegate_(NULL) { + // Listen for disappearing InfoBars. + Source<TabContents> tc_source(tab_); + registrar_.Add(this, NotificationType::TAB_CONTENTS_INFOBAR_REMOVED, + tc_source); + registrar_.Add(this, NotificationType::TAB_CONTENTS_INFOBAR_REPLACED, + tc_source); + } + ~SSLAddCertData() {} + + // Displays |delegate| as an infobar in |tab_|, replacing our current one if + // still active. + void ShowInfoBar(InfoBarDelegate* delegate) { + if (infobar_delegate_) { + tab_->ReplaceInfoBar(infobar_delegate_, delegate); + } else { + tab_->AddInfoBar(delegate); + } + infobar_delegate_ = delegate; + } + + void ShowErrorInfoBar(const std::wstring& message) { + ShowInfoBar( + new SimpleAlertInfoBarDelegate(tab_, message, GetCertIcon(), true)); + } + + // NotificationObserver implementation. + virtual void Observe(NotificationType type, + const NotificationSource& source, + const NotificationDetails& details) { + switch (type.value) { + case NotificationType::TAB_CONTENTS_INFOBAR_REMOVED: + InfoBarClosed(Details<InfoBarDelegate>(details).ptr()); + break; + case NotificationType::TAB_CONTENTS_INFOBAR_REPLACED: + typedef std::pair<InfoBarDelegate*, InfoBarDelegate*> + InfoBarDelegatePair; + InfoBarClosed(Details<InfoBarDelegatePair>(details).ptr()->first); + break; + default: + NOTREACHED(); + break; + } + } + + private: + void InfoBarClosed(InfoBarDelegate* delegate) { + if (infobar_delegate_ == delegate) + infobar_delegate_ = NULL; + } + + // The TabContents we are attached to. + TabContents* tab_; + // The handler we call back to. + scoped_refptr<SSLAddCertHandler> handler_; + // The current InfoBarDelegate we're displaying. + InfoBarDelegate* infobar_delegate_; + + NotificationRegistrar registrar_; + + DISALLOW_COPY_AND_ASSIGN(SSLAddCertData); +}; TabContentsSSLHelper::TabContentsSSLHelper(TabContents* tab_contents) : tab_contents_(tab_contents) { @@ -22,3 +168,55 @@ void TabContentsSSLHelper::ShowClientCertificateRequestDialog( tab_contents_->GetMessageBoxRootWindow(), handler->cert_request_info(), handler); } + +void TabContentsSSLHelper::OnVerifyClientCertificateError( + scoped_refptr<SSLAddCertHandler> handler, int error_code) { + SSLAddCertData* add_cert_data = GetAddCertData(handler); + // Display an infobar with the error message. + // TODO(davidben): Display a more user-friendly error string. + add_cert_data->ShowErrorInfoBar( + l10n_util::GetStringF(IDS_ADD_CERT_ERR_INVALID_CERT, + UTF8ToWide(base::IntToString(-error_code)), + ASCIIToWide(net::ErrorToString(error_code)))); +} + +void TabContentsSSLHelper::AskToAddClientCertificate( + scoped_refptr<SSLAddCertHandler> handler) { + NOTREACHED(); // Not implemented yet. +} + +void TabContentsSSLHelper::OnAddClientCertificateSuccess( + scoped_refptr<SSLAddCertHandler> handler) { + SSLAddCertData* add_cert_data = GetAddCertData(handler); + // Display an infobar to inform the user. + add_cert_data->ShowInfoBar( + new SSLCertAddedInfoBarDelegate(tab_contents_, handler->cert())); +} + +void TabContentsSSLHelper::OnAddClientCertificateError( + scoped_refptr<SSLAddCertHandler> handler, int error_code) { + SSLAddCertData* add_cert_data = GetAddCertData(handler); + // Display an infobar with the error message. + // TODO(davidben): Display a more user-friendly error string. + add_cert_data->ShowErrorInfoBar( + l10n_util::GetStringF(IDS_ADD_CERT_ERR_FAILED, + UTF8ToWide(base::IntToString(-error_code)), + ASCIIToWide(net::ErrorToString(error_code)))); +} + +void TabContentsSSLHelper::OnAddClientCertificateFinished( + scoped_refptr<SSLAddCertHandler> handler) { + // Clean up. + request_id_to_add_cert_data_.erase(handler->network_request_id()); +} + +TabContentsSSLHelper::SSLAddCertData* TabContentsSSLHelper::GetAddCertData( + SSLAddCertHandler* handler) { + // Find/create the slot. + linked_ptr<SSLAddCertData>& ptr_ref = + request_id_to_add_cert_data_[handler->network_request_id()]; + // Fill it if necessary. + if (!ptr_ref.get()) + ptr_ref.reset(new SSLAddCertData(tab_contents_, handler)); + return ptr_ref.get(); +} diff --git a/chrome/browser/tab_contents/tab_contents_ssl_helper.h b/chrome/browser/tab_contents/tab_contents_ssl_helper.h index 682829ab..9233561 100644 --- a/chrome/browser/tab_contents/tab_contents_ssl_helper.h +++ b/chrome/browser/tab_contents/tab_contents_ssl_helper.h @@ -6,6 +6,9 @@ #define CHROME_BROWSER_TAB_CONTENTS_TAB_CONTENTS_SSL_HELPER_H_ #pragma once +#include <map> + +#include "base/linked_ptr.h" #include "chrome/browser/renderer_host/render_view_host_delegate.h" class SSLClientAuthHandler; @@ -19,10 +22,25 @@ class TabContentsSSLHelper : public RenderViewHostDelegate::SSL { // RenderViewHostDelegate::SSL implementation: virtual void ShowClientCertificateRequestDialog( scoped_refptr<SSLClientAuthHandler> handler); + virtual void OnVerifyClientCertificateError( + scoped_refptr<SSLAddCertHandler> handler, int error_code); + virtual void AskToAddClientCertificate( + scoped_refptr<SSLAddCertHandler> handler); + virtual void OnAddClientCertificateSuccess( + scoped_refptr<SSLAddCertHandler> handler); + virtual void OnAddClientCertificateError( + scoped_refptr<SSLAddCertHandler> handler, int error_code); + virtual void OnAddClientCertificateFinished( + scoped_refptr<SSLAddCertHandler> handler); private: TabContents* tab_contents_; + class SSLAddCertData; + std::map<int, linked_ptr<SSLAddCertData> > request_id_to_add_cert_data_; + + SSLAddCertData* GetAddCertData(SSLAddCertHandler *handler); + DISALLOW_COPY_AND_ASSIGN(TabContentsSSLHelper); }; diff --git a/net/base/x509_cert_types.cc b/net/base/x509_cert_types.cc index 8f7a2ae..9c1369d 100644 --- a/net/base/x509_cert_types.cc +++ b/net/base/x509_cert_types.cc @@ -49,6 +49,17 @@ bool CertPrincipal::Matches(const CertPrincipal& against) const { match(domain_components, against.domain_components); } +std::string CertPrincipal::GetDisplayName() const { + if (!common_name.empty()) + return common_name; + if (!organization_names.empty()) + return organization_names[0]; + if (!organization_unit_names.empty()) + return organization_unit_names[0]; + + return std::string(); +} + std::ostream& operator<<(std::ostream& s, const CertPrincipal& p) { s << "CertPrincipal["; if (!p.common_name.empty()) diff --git a/net/base/x509_cert_types.h b/net/base/x509_cert_types.h index 8693ba9..1a788a7d 100644 --- a/net/base/x509_cert_types.h +++ b/net/base/x509_cert_types.h @@ -69,6 +69,10 @@ struct CertPrincipal { // where "match" is defined in RFC 5280 sec. 7.1. bool Matches(const CertPrincipal& against) const; + // Returns a name that can be used to represent the issuer. It tries in this + // order: CN, O and OU and returns the first non-empty one found. + std::string GetDisplayName() const; + // The different attributes for a principal. They may be "". // Note that some of them can have several values. |