Popular sites on the NTP: check that experiment group StartsWith (rather than IS...
[chromium-blink-merge.git] / chrome / browser / ui / cocoa / certificate_viewer_mac.mm
blobe5f6a9a13d975b2d4b9b6552de4c1ce32780d7ec
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #import "chrome/browser/ui/cocoa/certificate_viewer_mac.h"
7 #include <Security/Security.h>
8 #include <SecurityInterface/SFCertificatePanel.h>
9 #include <vector>
11 #include "base/mac/foundation_util.h"
12 #include "base/mac/scoped_cftyperef.h"
13 #include "chrome/browser/certificate_viewer.h"
14 #import "chrome/browser/ui/cocoa/constrained_window/constrained_window_mac.h"
15 #import "chrome/browser/ui/cocoa/constrained_window/constrained_window_sheet.h"
16 #import "chrome/browser/ui/cocoa/constrained_window/constrained_window_sheet_controller.h"
17 #include "net/cert/x509_certificate.h"
18 #include "net/cert/x509_util_mac.h"
19 #import "ui/base/cocoa/window_size_constants.h"
21 class SSLCertificateViewerCocoaBridge;
23 @interface SFCertificatePanel (SystemPrivate)
24 // A system-private interface that dismisses a panel whose sheet was started by
25 // -beginSheetForWindow:
26 //        modalDelegate:
27 //       didEndSelector:
28 //          contextInfo:
29 //         certificates:
30 //            showGroup:
31 // as though the user clicked the button identified by returnCode. Verified
32 // present in 10.8.
33 - (void)_dismissWithCode:(NSInteger)code;
34 @end
36 @interface SSLCertificateViewerCocoa ()
37 - (void)onConstrainedWindowClosed;
38 @end
40 class SSLCertificateViewerCocoaBridge : public ConstrainedWindowMacDelegate {
41  public:
42   explicit SSLCertificateViewerCocoaBridge(SSLCertificateViewerCocoa *
43                                            controller)
44       : controller_(controller) {
45   }
47   virtual ~SSLCertificateViewerCocoaBridge() {}
49   // ConstrainedWindowMacDelegate implementation:
50   void OnConstrainedWindowClosed(ConstrainedWindowMac* window) override {
51     // |onConstrainedWindowClosed| will delete the sheet which might be still
52     // in use higher up the call stack. Wait for the next cycle of the event
53     // loop to call this function.
54     [controller_ performSelector:@selector(onConstrainedWindowClosed)
55                       withObject:nil
56                       afterDelay:0];
57   }
59  private:
60   SSLCertificateViewerCocoa* controller_;  // weak
62   DISALLOW_COPY_AND_ASSIGN(SSLCertificateViewerCocoaBridge);
65 void ShowCertificateViewer(content::WebContents* web_contents,
66                            gfx::NativeWindow parent,
67                            net::X509Certificate* cert) {
68   // SSLCertificateViewerCocoa will manage its own lifetime and will release
69   // itself when the dialog is closed.
70   // See -[SSLCertificateViewerCocoa onConstrainedWindowClosed].
71   SSLCertificateViewerCocoa* viewer =
72       [[SSLCertificateViewerCocoa alloc] initWithCertificate:cert];
73   [viewer displayForWebContents:web_contents];
76 @implementation SSLCertificateViewerCocoa
78 - (id)initWithCertificate:(net::X509Certificate*)certificate {
79   if ((self = [super init])) {
80     base::ScopedCFTypeRef<CFArrayRef> cert_chain(
81         certificate->CreateOSCertChainForCert());
82     NSArray* certificates = base::mac::CFToNSCast(cert_chain.get());
83     certificates_.reset([certificates retain]);
84   }
85   return self;
88 - (void)sheetDidEnd:(NSWindow*)parent
89          returnCode:(NSInteger)returnCode
90             context:(void*)context {
91   if (!closePending_)
92     constrainedWindow_->CloseWebContentsModalDialog();
95 - (void)displayForWebContents:(content::WebContents*)webContents {
96   // Explicitly disable revocation checking, regardless of user preferences
97   // or system settings. The behaviour of SFCertificatePanel is to call
98   // SecTrustEvaluate on the certificate(s) supplied, effectively
99   // duplicating the behaviour of net::X509Certificate::Verify(). However,
100   // this call stalls the UI if revocation checking is enabled in the
101   // Keychain preferences or if the cert may be an EV cert. By disabling
102   // revocation checking, the stall is limited to the time taken for path
103   // building and verification, which should be minimized due to the path
104   // being provided in |certificates|. This does not affect normal
105   // revocation checking from happening, which is controlled by
106   // net::X509Certificate::Verify() and user preferences, but will prevent
107   // the certificate viewer UI from displaying which certificate is revoked.
108   // This is acceptable, as certificate revocation will still be shown in
109   // the page info bubble if a certificate in the chain is actually revoked.
110   base::ScopedCFTypeRef<CFMutableArrayRef> policies(
111       CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks));
112   if (!policies.get()) {
113     NOTREACHED();
114     return;
115   }
116   // Add a basic X.509 policy, in order to match the behaviour of
117   // SFCertificatePanel when no policies are specified.
118   SecPolicyRef basic_policy = NULL;
119   OSStatus status = net::x509_util::CreateBasicX509Policy(&basic_policy);
120   if (status != noErr) {
121     NOTREACHED();
122     return;
123   }
124   CFArrayAppendValue(policies, basic_policy);
125   CFRelease(basic_policy);
127   status = net::x509_util::CreateRevocationPolicies(false, false, policies);
128   if (status != noErr) {
129     NOTREACHED();
130     return;
131   }
133   panel_.reset([[SFCertificatePanel alloc] init]);
134   [panel_ setPolicies:(id) policies.get()];
136   constrainedWindow_.reset(
137       new ConstrainedWindowMac(observer_.get(), webContents, self));
140 - (NSWindow*)overlayWindow {
141   return overlayWindow_;
144 - (void)showSheetForWindow:(NSWindow*)window {
145   overlayWindow_.reset([window retain]);
146   [panel_ beginSheetForWindow:window
147                 modalDelegate:self
148                didEndSelector:@selector(sheetDidEnd:
149                                          returnCode:
150                                             context:)
151                   contextInfo:NULL
152                  certificates:certificates_
153                     showGroup:YES];
156 - (void)closeSheetWithAnimation:(BOOL)withAnimation {
157   closePending_ = YES;
158   overlayWindow_.reset();
159   // Closing the sheet using -[NSApp endSheet:] doesn't work so use the private
160   // method.
161   [panel_ _dismissWithCode:NSFileHandlingPanelCancelButton];
164 - (void)hideSheet {
165   NSWindow* sheetWindow = [overlayWindow_ attachedSheet];
166   [sheetWindow setAlphaValue:0.0];
168   oldResizesSubviews_ = [[sheetWindow contentView] autoresizesSubviews];
169   [[sheetWindow contentView] setAutoresizesSubviews:NO];
171   oldSheetFrame_ = [sheetWindow frame];
172   NSRect overlayFrame = [overlayWindow_ frame];
173   oldSheetFrame_.origin.x -= NSMinX(overlayFrame);
174   oldSheetFrame_.origin.y -= NSMinY(overlayFrame);
175   [sheetWindow setFrame:ui::kWindowSizeDeterminedLater display:NO];
178 - (void)unhideSheet {
179   NSWindow* sheetWindow = [overlayWindow_ attachedSheet];
180   NSRect overlayFrame = [overlayWindow_ frame];
181   oldSheetFrame_.origin.x += NSMinX(overlayFrame);
182   oldSheetFrame_.origin.y += NSMinY(overlayFrame);
183   [sheetWindow setFrame:oldSheetFrame_ display:NO];
184   [[sheetWindow contentView] setAutoresizesSubviews:oldResizesSubviews_];
185   [[overlayWindow_ attachedSheet] setAlphaValue:1.0];
188 - (void)pulseSheet {
189   // NOOP
192 - (void)makeSheetKeyAndOrderFront {
193   [[overlayWindow_ attachedSheet] makeKeyAndOrderFront:nil];
196 - (void)updateSheetPosition {
197   // NOOP
200 - (NSWindow*)sheetWindow {
201   return panel_;
204 - (void)onConstrainedWindowClosed {
205   panel_.reset();
206   constrainedWindow_.reset();
207   [self release];
210 @end