// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #import "chrome/browser/ui/cocoa/certificate_viewer_mac.h" #include #include #include #include "base/mac/foundation_util.h" #include "base/mac/scoped_cftyperef.h" #include "chrome/browser/certificate_viewer.h" #import "chrome/browser/ui/cocoa/constrained_window/constrained_window_mac.h" #import "chrome/browser/ui/cocoa/constrained_window/constrained_window_sheet.h" #import "chrome/browser/ui/cocoa/constrained_window/constrained_window_sheet_controller.h" #include "net/cert/x509_certificate.h" #include "net/cert/x509_util_mac.h" #import "ui/base/cocoa/window_size_constants.h" class SSLCertificateViewerCocoaBridge; @interface SFCertificatePanel (SystemPrivate) // A system-private interface that dismisses a panel whose sheet was started by // -beginSheetForWindow: // modalDelegate: // didEndSelector: // contextInfo: // certificates: // showGroup: // as though the user clicked the button identified by returnCode. Verified // present in 10.8. - (void)_dismissWithCode:(NSInteger)code; @end @interface SSLCertificateViewerCocoa () - (void)onConstrainedWindowClosed; @end class SSLCertificateViewerCocoaBridge : public ConstrainedWindowMacDelegate { public: explicit SSLCertificateViewerCocoaBridge(SSLCertificateViewerCocoa * controller) : controller_(controller) { } virtual ~SSLCertificateViewerCocoaBridge() {} // ConstrainedWindowMacDelegate implementation: virtual void OnConstrainedWindowClosed( ConstrainedWindowMac * window) OVERRIDE { // |onConstrainedWindowClosed| will delete the sheet which might be still // in use higher up the call stack. Wait for the next cycle of the event // loop to call this function. [controller_ performSelector:@selector(onConstrainedWindowClosed) withObject:nil afterDelay:0]; } private: SSLCertificateViewerCocoa* controller_; // weak DISALLOW_COPY_AND_ASSIGN(SSLCertificateViewerCocoaBridge); }; void ShowCertificateViewer(content::WebContents* web_contents, gfx::NativeWindow parent, net::X509Certificate* cert) { // SSLCertificateViewerCocoa will manage its own lifetime and will release // itself when the dialog is closed. // See -[SSLCertificateViewerCocoa onConstrainedWindowClosed]. SSLCertificateViewerCocoa* viewer = [[SSLCertificateViewerCocoa alloc] initWithCertificate:cert]; [viewer displayForWebContents:web_contents]; } @implementation SSLCertificateViewerCocoa - (id)initWithCertificate:(net::X509Certificate*)certificate { if ((self = [super init])) { base::ScopedCFTypeRef cert_chain( certificate->CreateOSCertChainForCert()); NSArray* certificates = base::mac::CFToNSCast(cert_chain.get()); certificates_.reset([certificates retain]); } return self; } - (void)sheetDidEnd:(NSWindow*)parent returnCode:(NSInteger)returnCode context:(void*)context { if (!closePending_) constrainedWindow_->CloseWebContentsModalDialog(); } - (void)displayForWebContents:(content::WebContents*)webContents { // Explicitly disable revocation checking, regardless of user preferences // or system settings. The behaviour of SFCertificatePanel is to call // SecTrustEvaluate on the certificate(s) supplied, effectively // duplicating the behaviour of net::X509Certificate::Verify(). However, // this call stalls the UI if revocation checking is enabled in the // Keychain preferences or if the cert may be an EV cert. By disabling // revocation checking, the stall is limited to the time taken for path // building and verification, which should be minimized due to the path // being provided in |certificates|. This does not affect normal // revocation checking from happening, which is controlled by // net::X509Certificate::Verify() and user preferences, but will prevent // the certificate viewer UI from displaying which certificate is revoked. // This is acceptable, as certificate revocation will still be shown in // the page info bubble if a certificate in the chain is actually revoked. base::ScopedCFTypeRef policies( CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks)); if (!policies.get()) { NOTREACHED(); return; } // Add a basic X.509 policy, in order to match the behaviour of // SFCertificatePanel when no policies are specified. SecPolicyRef basic_policy = NULL; OSStatus status = net::x509_util::CreateBasicX509Policy(&basic_policy); if (status != noErr) { NOTREACHED(); return; } CFArrayAppendValue(policies, basic_policy); CFRelease(basic_policy); status = net::x509_util::CreateRevocationPolicies(false, false, policies); if (status != noErr) { NOTREACHED(); return; } panel_.reset([[SFCertificatePanel alloc] init]); [panel_ setPolicies:(id) policies.get()]; constrainedWindow_.reset( new ConstrainedWindowMac(observer_.get(), webContents, self)); } - (NSWindow*)overlayWindow { return overlayWindow_; } - (void)showSheetForWindow:(NSWindow*)window { overlayWindow_.reset([window retain]); [panel_ beginSheetForWindow:window modalDelegate:self didEndSelector:@selector(sheetDidEnd: returnCode: context:) contextInfo:NULL certificates:certificates_ showGroup:YES]; } - (void)closeSheetWithAnimation:(BOOL)withAnimation { closePending_ = YES; overlayWindow_.reset(); // Closing the sheet using -[NSApp endSheet:] doesn't work so use the private // method. [panel_ _dismissWithCode:NSFileHandlingPanelCancelButton]; } - (void)hideSheet { NSWindow* sheetWindow = [overlayWindow_ attachedSheet]; [sheetWindow setAlphaValue:0.0]; oldResizesSubviews_ = [[sheetWindow contentView] autoresizesSubviews]; [[sheetWindow contentView] setAutoresizesSubviews:NO]; oldSheetFrame_ = [sheetWindow frame]; NSRect overlayFrame = [overlayWindow_ frame]; oldSheetFrame_.origin.x -= NSMinX(overlayFrame); oldSheetFrame_.origin.y -= NSMinY(overlayFrame); [sheetWindow setFrame:ui::kWindowSizeDeterminedLater display:NO]; } - (void)unhideSheet { NSWindow* sheetWindow = [overlayWindow_ attachedSheet]; NSRect overlayFrame = [overlayWindow_ frame]; oldSheetFrame_.origin.x += NSMinX(overlayFrame); oldSheetFrame_.origin.y += NSMinY(overlayFrame); [sheetWindow setFrame:oldSheetFrame_ display:NO]; [[sheetWindow contentView] setAutoresizesSubviews:oldResizesSubviews_]; [[overlayWindow_ attachedSheet] setAlphaValue:1.0]; } - (void)pulseSheet { // NOOP } - (void)makeSheetKeyAndOrderFront { [[overlayWindow_ attachedSheet] makeKeyAndOrderFront:nil]; } - (void)updateSheetPosition { // NOOP } - (void)onConstrainedWindowClosed { panel_.reset(); constrainedWindow_.reset(); [self release]; } @end