chrome/browser/certificate_manager_model.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/certificate_manager_model.h"
   6
   7 #include "base/bind.h"
   8 #include "base/i18n/time_formatting.h"
   9 #include "base/logging.h"
  10 #include "base/strings/utf_string_conversions.h"
  11 #include "chrome/browser/ui/crypto_module_password_dialog_nss.h"
  12 #include "chrome/common/net/x509_certificate_model.h"
  13 #include "grit/generated_resources.h"
  14 #include "net/base/crypto_module.h"
  15 #include "net/base/net_errors.h"
  16 #include "net/cert/x509_certificate.h"
  17 #include "ui/base/l10n/l10n_util.h"
  18
  19 CertificateManagerModel::CertificateManagerModel(Observer* observer)
  20     : cert_db_(net::NSSCertDatabase::GetInstance()),
  21       observer_(observer) {
  22 }
  23
  24 CertificateManagerModel::~CertificateManagerModel() {
  25 }
  26
  27 void CertificateManagerModel::Refresh() {
  28   DVLOG(1) << "refresh started";
  29   net::CryptoModuleList modules;
  30   cert_db_->ListModules(&modules, false);
  31   DVLOG(1) << "refresh waiting for unlocking...";
  32   chrome::UnlockSlotsIfNecessary(
  33       modules,
  34       chrome::kCryptoModulePasswordListCerts,
  35       net::HostPortPair(),  // unused.
  36       NULL, // TODO(mattm): supply parent window.
  37       base::Bind(&CertificateManagerModel::RefreshSlotsUnlocked,
  38                  base::Unretained(this)));
  39 }
  40
  41 void CertificateManagerModel::RefreshSlotsUnlocked() {
  42   DVLOG(1) << "refresh listing certs...";
  43   cert_db_->ListCerts(&cert_list_);
  44   observer_->CertificatesRefreshed();
  45   DVLOG(1) << "refresh finished";
  46 }
  47
  48 void CertificateManagerModel::FilterAndBuildOrgGroupingMap(
  49     net::CertType filter_type,
  50     CertificateManagerModel::OrgGroupingMap* map) const {
  51   for (net::CertificateList::const_iterator i = cert_list_.begin();
  52        i != cert_list_.end(); ++i) {
  53     net::X509Certificate* cert = i->get();
  54     net::CertType type =
  55         x509_certificate_model::GetType(cert->os_cert_handle());
  56     if (type != filter_type)
  57       continue;
  58
  59     std::string org;
  60     if (!cert->subject().organization_names.empty())
  61       org = cert->subject().organization_names[0];
  62     if (org.empty())
  63       org = cert->subject().GetDisplayName();
  64
  65     (*map)[org].push_back(cert);
  66   }
  67 }
  68
  69 base::string16 CertificateManagerModel::GetColumnText(
  70     const net::X509Certificate& cert,
  71     Column column) const {
  72   base::string16 rv;
  73   switch (column) {
  74     case COL_SUBJECT_NAME:
  75       rv = base::UTF8ToUTF16(
  76           x509_certificate_model::GetCertNameOrNickname(cert.os_cert_handle()));
  77
  78       // TODO(xiyuan): Put this into a column when we have js tree-table.
  79       if (IsHardwareBacked(&cert)) {
  80         rv = l10n_util::GetStringFUTF16(
  81             IDS_CERT_MANAGER_HARDWARE_BACKED_KEY_FORMAT,
  82             rv,
  83             l10n_util::GetStringUTF16(IDS_CERT_MANAGER_HARDWARE_BACKED));
  84       }
  85       break;
  86     case COL_CERTIFICATE_STORE:
  87       rv = base::UTF8ToUTF16(
  88           x509_certificate_model::GetTokenName(cert.os_cert_handle()));
  89       break;
  90     case COL_SERIAL_NUMBER:
  91       rv = base::ASCIIToUTF16(x509_certificate_model::GetSerialNumberHexified(
  92           cert.os_cert_handle(), std::string()));
  93       break;
  94     case COL_EXPIRES_ON:
  95       if (!cert.valid_expiry().is_null())
  96         rv = base::TimeFormatShortDateNumeric(cert.valid_expiry());
  97       break;
  98     default:
  99       NOTREACHED();
 100   }
 101   return rv;
 102 }
 103
 104 int CertificateManagerModel::ImportFromPKCS12(net::CryptoModule* module,
 105                                               const std::string& data,
 106                                               const base::string16& password,
 107                                               bool is_extractable) {
 108   int result = cert_db_->ImportFromPKCS12(module, data, password,
 109                                           is_extractable, NULL);
 110   if (result == net::OK)
 111     Refresh();
 112   return result;
 113 }
 114
 115 bool CertificateManagerModel::ImportCACerts(
 116     const net::CertificateList& certificates,
 117     net::NSSCertDatabase::TrustBits trust_bits,
 118     net::NSSCertDatabase::ImportCertFailureList* not_imported) {
 119   bool result = cert_db_->ImportCACerts(certificates, trust_bits, not_imported);
 120   if (result && not_imported->size() != certificates.size())
 121     Refresh();
 122   return result;
 123 }
 124
 125 bool CertificateManagerModel::ImportServerCert(
 126     const net::CertificateList& certificates,
 127     net::NSSCertDatabase::TrustBits trust_bits,
 128     net::NSSCertDatabase::ImportCertFailureList* not_imported) {
 129   bool result = cert_db_->ImportServerCert(certificates, trust_bits,
 130                                            not_imported);
 131   if (result && not_imported->size() != certificates.size())
 132     Refresh();
 133   return result;
 134 }
 135
 136 bool CertificateManagerModel::SetCertTrust(
 137     const net::X509Certificate* cert,
 138     net::CertType type,
 139     net::NSSCertDatabase::TrustBits trust_bits) {
 140   return cert_db_->SetCertTrust(cert, type, trust_bits);
 141 }
 142
 143 bool CertificateManagerModel::Delete(net::X509Certificate* cert) {
 144   bool result = cert_db_->DeleteCertAndKey(cert);
 145   if (result)
 146     Refresh();
 147   return result;
 148 }
 149
 150 bool CertificateManagerModel::IsHardwareBacked(
 151     const net::X509Certificate* cert) const {
 152   return cert_db_->IsHardwareBacked(cert);
 153 }