1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
|
// Copyright 2016 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_UI_WEBUI_SETTINGS_CERTIFICATES_HANDLER_H_
#define CHROME_BROWSER_UI_WEBUI_SETTINGS_CERTIFICATES_HANDLER_H_
#include <string>
#include "base/compiler_specific.h"
#include "base/macros.h"
#include "base/memory/scoped_ptr.h"
#include "base/memory/weak_ptr.h"
#include "base/task/cancelable_task_tracker.h"
#include "chrome/browser/certificate_manager_model.h"
#include "chrome/browser/ui/webui/settings/settings_page_ui_handler.h"
#include "net/cert/nss_cert_database.h"
#include "ui/gfx/native_widget_types.h"
#include "ui/shell_dialogs/select_file_dialog.h"
namespace settings {
class CertIdMap;
class FileAccessProvider;
class CertificatesHandler
: public SettingsPageUIHandler,
public CertificateManagerModel::Observer,
public ui::SelectFileDialog::Listener {
public:
explicit CertificatesHandler(bool show_certs_in_modal_dialog);
~CertificatesHandler() override;
// SettingsPageUIHandler implementation.
void RegisterMessages() override;
// CertificateManagerModel::Observer implementation.
void CertificatesRefreshed() override;
// SelectFileDialog::Listener implementation.
void FileSelected(const base::FilePath& path,
int index,
void* params) override;
void FileSelectionCanceled(void* params) override;
private:
// View certificate.
void HandleViewCertificate(const base::ListValue* args);
// Edit certificate authority trust values. The sequence goes like:
// 1. user clicks edit button -> Edit dialog is shown ->
// HandleGetCATrust -> Edit dialog is populated.
// 2. User checks/unchecks boxes, and clicks ok -> HandleEditCATrust ->
// edit dialog is dismissed upon success.
void HandleGetCATrust(const base::ListValue* args);
void HandleEditCATrust(const base::ListValue* args);
// Cleanup state stored during import or export process.
void HandleCancelImportExportProcess(const base::ListValue* args);
void ImportExportCleanup();
// Export to PKCS #12 file. The sequence goes like:
// 1. user click on export button -> HandleExportPersonal -> launches file
// selector
// 2. user selects file -> ExportPersonalFileSelected -> launches password
// dialog
// 3. user enters password -> HandleExportPersonalPasswordSelected ->
// unlock slots
// 4. slots unlocked -> ExportPersonalSlotsUnlocked -> exports to memory
// buffer -> starts async write operation
// 5. write finishes (or fails) -> ExportPersonalFileWritten
void HandleExportPersonal(const base::ListValue* args);
void ExportPersonalFileSelected(const base::FilePath& path);
void HandleExportPersonalPasswordSelected(const base::ListValue* args);
void ExportPersonalSlotsUnlocked();
void ExportPersonalFileWritten(const int* write_errno,
const int* bytes_written);
// Import from PKCS #12 or cert file. The sequence goes like:
// 1. user click on import button -> HandleImportPersonal ->
// launches file selector
// 2. user selects file -> ImportPersonalFileSelected -> starts async
// read operation
// 3. read operation completes -> ImportPersonalFileRead ->
// If file is PFX -> launches password dialog, goto step 4
// Else -> import as certificate, goto step 6
// 4. user enters password -> HandleImportPersonalPasswordSelected ->
// unlock slot
// 5. slot unlocked -> ImportPersonalSlotUnlocked attempts to
// import with previously entered password
// 6a. if import succeeds -> ImportExportCleanup
// 6b. if import fails -> show error, ImportExportCleanup
// TODO(mattm): allow retrying with different password
void HandleImportPersonal(const base::ListValue* args);
void ImportPersonalFileSelected(const base::FilePath& path);
void ImportPersonalFileRead(const int* read_errno, const std::string* data);
void HandleImportPersonalPasswordSelected(const base::ListValue* args);
void ImportPersonalSlotUnlocked();
// Import Server certificates from file. Sequence goes like:
// 1. user clicks on import button -> HandleImportServer -> launches file
// selector
// 2. user selects file -> ImportServerFileSelected -> starts async read
// 3. read completes -> ImportServerFileRead -> parse certs -> attempt import
// 4a. if import succeeds -> ImportExportCleanup
// 4b. if import fails -> show error, ImportExportCleanup
void HandleImportServer(const base::ListValue* args);
void ImportServerFileSelected(const base::FilePath& path);
void ImportServerFileRead(const int* read_errno, const std::string* data);
// Import Certificate Authorities from file. Sequence goes like:
// 1. user clicks on import button -> HandleImportCA -> launches file
// selector
// 2. user selects file -> ImportCAFileSelected -> starts async read
// 3. read completes -> ImportCAFileRead -> parse certs -> Certificate trust
// level dialog is shown.
// 4. user clicks ok -> HandleImportCATrustSelected -> attempt import
// 5a. if import succeeds -> ImportExportCleanup
// 5b. if import fails -> show error, ImportExportCleanup
void HandleImportCA(const base::ListValue* args);
void ImportCAFileSelected(const base::FilePath& path);
void ImportCAFileRead(const int* read_errno, const std::string* data);
void HandleImportCATrustSelected(const base::ListValue* args);
// Export a certificate.
void HandleExportCertificate(const base::ListValue* args);
// Delete certificate and private key (if any).
void HandleDeleteCertificate(const base::ListValue* args);
// Model initialization methods.
void OnCertificateManagerModelCreated(
scoped_ptr<CertificateManagerModel> model);
void CertificateManagerModelReady();
// Populate the trees in all the tabs.
void HandleRefreshCertificates(const base::ListValue* args);
// Populate the given tab's tree.
void PopulateTree(const std::string& tab_name,
net::CertType type,
const net::CertificateList& web_trust_certs);
// Populate the tree after retrieving the list of policy-installed
// web-trusted certificates.
void OnPolicyWebTrustCertsRetrieved(
const net::CertificateList& web_trust_certs);
void ResolveCallback(const base::Value& response);
void RejectCallback(const base::Value& response);
// Reject the pending JS callback with a generic error.
void RejectCallbackWithError(
const std::string& title, const std::string& error);
// Reject the pending JS callback with a certificate import error.
void RejectCallbackWithImportError(
const std::string& title,
const net::NSSCertDatabase::ImportCertFailureList& not_imported);
// Assigns a new |webui_callback_id_|. Ensures that previous in-flight request
// has been fulfilled.
void AssignWebUICallbackId(const base::ListValue* args);
gfx::NativeWindow GetParentWindow() const;
// True if certificate viewer should be shown in modal instead of constrianed
// dialog.
bool show_certs_in_modal_dialog_;
// The Certificates Manager model
bool requested_certificate_manager_model_;
scoped_ptr<CertificateManagerModel> certificate_manager_model_;
// For multi-step import or export processes, we need to store the path,
// password, etc the user chose while we wait for them to enter a password,
// wait for file to be read, etc.
base::FilePath file_path_;
base::string16 password_;
// The WebUI callback ID of the last in-flight async request. There is always
// only one in-flight such request.
std::string webui_callback_id_;
bool use_hardware_backed_;
std::string file_data_;
net::CertificateList selected_cert_list_;
scoped_refptr<ui::SelectFileDialog> select_file_dialog_;
scoped_refptr<net::CryptoModule> module_;
// Used in reading and writing certificate files.
base::CancelableTaskTracker tracker_;
scoped_refptr<FileAccessProvider> file_access_provider_;
scoped_ptr<CertIdMap> cert_id_map_;
base::WeakPtrFactory<CertificatesHandler> weak_ptr_factory_;
DISALLOW_COPY_AND_ASSIGN(CertificatesHandler);
};
} // namespace settings
#endif // CHROME_BROWSER_UI_WEBUI_SETTINGS_CERTIFICATES_HANDLER_H_
|
