mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

Merge pull request #5197 from deepak1556/client_certificate_patch

Browse source 
app: api to import client certificate
This commit is contained in:
Cheng Zhao 2016-04-20 14:35:00 +09:00
commit 965c3f605e
19 changed files with 874 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

71
atom/browser/api/atom_api_app.cc
View file

@ -15,15 +15,17 @@
#include "atom/browser/browser.h"
#include "atom/browser/login_handler.h"
#include "atom/common/native_mate_converters/callback.h"
#include "atom/common/native_mate_converters/net_converter.h"
#include "atom/common/native_mate_converters/file_path_converter.h"
#include "atom/common/native_mate_converters/gurl_converter.h"
#include "atom/common/native_mate_converters/image_converter.h"
#include "atom/common/native_mate_converters/net_converter.h"
#include "atom/common/native_mate_converters/value_converter.h"
#include "atom/common/node_includes.h"
#include "atom/common/options_switches.h"
#include "base/command_line.h"
#include "base/environment.h"
#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "base/path_service.h"
#include "brightray/browser/brightray_paths.h"
#include "chrome/common/chrome_paths.h"
@ -157,6 +159,39 @@ void PassLoginInformation(scoped_refptr<LoginHandler> login_handler,
login_handler->CancelAuth();
}
#if defined(USE_NSS_CERTS)
int ImportIntoCertStore(
CertificateManagerModel* model,
const base::DictionaryValue& options) {
std::string file_data, cert_path;
base::string16 password;
net::CertificateList imported_certs;
int rv = -1;
options.GetString("certificate", &cert_path);
options.GetString("password", &password);
if (!cert_path.empty()) {
if (base::ReadFileToString(base::FilePath(cert_path), &file_data)) {
auto module = model->cert_db()->GetPublicModule();
rv = model->ImportFromPKCS12(module,
file_data,
password,
true,
&imported_certs);
if (imported_certs.size() > 1) {
auto it = imported_certs.begin();
++it; // skip first which would be the client certificate.
for (; it != imported_certs.end(); ++it)
rv &= model->SetCertTrust(it->get(),
net::CA_CERT,
net::NSSCertDatabase::TRUSTED_SSL);
}
}
}
return rv;
}
#endif
} // namespace
App::App() {
@ -369,6 +404,36 @@ bool App::MakeSingleInstance(
}
}
#if defined(USE_NSS_CERTS)
void App::ImportCertificate(
const base::DictionaryValue& options,
const net::CompletionCallback& callback) {
auto browser_context = AtomBrowserMainParts::Get()->browser_context();
if (!certificate_manager_model_) {
scoped_ptr<base::DictionaryValue> copy = options.CreateDeepCopy();
CertificateManagerModel::Create(browser_context,
base::Bind(&App::OnCertificateManagerModelCreated,
base::Unretained(this),
base::Passed(&copy),
callback));
return;
}
int rv = ImportIntoCertStore(certificate_manager_model_.get(), options);
callback.Run(rv);
}
void App::OnCertificateManagerModelCreated(
scoped_ptr<base::DictionaryValue> options,
const net::CompletionCallback& callback,
scoped_ptr<CertificateManagerModel> model) {
certificate_manager_model_ = std::move(model);
int rv = ImportIntoCertStore(certificate_manager_model_.get(),
*(options.get()));
callback.Run(rv);
}
#endif
mate::ObjectTemplateBuilder App::GetObjectTemplateBuilder(
v8::Isolate* isolate) {
auto browser = base::Unretained(Browser::Get());
@ -408,6 +473,9 @@ mate::ObjectTemplateBuilder App::GetObjectTemplateBuilder(
.SetMethod("allowNTLMCredentialsForAllDomains",
&App::AllowNTLMCredentialsForAllDomains)
.SetMethod("getLocale", &App::GetLocale)
#if defined(USE_NSS_CERTS)
.SetMethod("importCertificate", &App::ImportCertificate)
#endif
.SetMethod("makeSingleInstance", &App::MakeSingleInstance);
}
@ -427,7 +495,6 @@ void AppendSwitch(const std::string& switch_string, mate::Arguments* args) {
auto command_line = base::CommandLine::ForCurrentProcess();
if (switch_string == atom::switches::kPpapiFlashPath ||
switch_string == atom::switches::kClientCertificate ||
switch_string == switches::kLogNetLog) {
base::FilePath path;
args->GetNext(&path);

21
atom/browser/api/atom_api_app.h
View file

@ -14,6 +14,11 @@
#include "chrome/browser/process_singleton.h"
#include "content/public/browser/gpu_data_manager_observer.h"
#include "native_mate/handle.h"
#include "net/base/completion_callback.h"
#if defined(USE_NSS_CERTS)
#include "chrome/browser/certificate_manager_model.h"
#endif
namespace base {
class FilePath;
@ -41,6 +46,13 @@ class App : public AtomBrowserClient::Delegate,
int render_process_id,
int render_frame_id);
#if defined(USE_NSS_CERTS)
void OnCertificateManagerModelCreated(
scoped_ptr<base::DictionaryValue> options,
const net::CompletionCallback& callback,
scoped_ptr<CertificateManagerModel> model);
#endif
protected:
App();
virtual ~App();
@ -98,12 +110,21 @@ class App : public AtomBrowserClient::Delegate,
const ProcessSingleton::NotificationCallback& callback);
std::string GetLocale();
#if defined(USE_NSS_CERTS)
void ImportCertificate(const base::DictionaryValue& options,
const net::CompletionCallback& callback);
#endif
#if defined(OS_WIN)
bool IsAeroGlassEnabled();
#endif
scoped_ptr<ProcessSingleton> process_singleton_;
#if defined(USE_NSS_CERTS)
scoped_ptr<CertificateManagerModel> certificate_manager_model_;
#endif
DISALLOW_COPY_AND_ASSIGN(App);
};

31
atom/browser/atom_browser_client.cc
View file

@ -37,7 +37,6 @@
#include "content/public/browser/site_instance.h"
#include "content/public/browser/web_contents.h"
#include "content/public/common/web_preferences.h"
#include "net/cert/x509_certificate.h"
#include "net/ssl/ssl_cert_request_info.h"
#include "ppapi/host/ppapi_host.h"
#include "ui/base/l10n/l10n_util.h"
@ -55,26 +54,6 @@ std::string g_custom_schemes = "";
// Custom schemes to be registered to handle service worker.
std::string g_custom_service_worker_schemes = "";
scoped_refptr<net::X509Certificate> ImportCertFromFile(
const base::FilePath& path) {
if (path.empty())
return nullptr;
std::string cert_data;
if (!base::ReadFileToString(path, &cert_data))
return nullptr;
net::CertificateList certs =
net::X509Certificate::CreateCertificateListFromBytes(
cert_data.data(), cert_data.size(),
net::X509Certificate::FORMAT_AUTO);
if (certs.empty())
return nullptr;
return certs[0];
}
} // namespace
// static
@ -242,16 +221,6 @@ void AtomBrowserClient::SelectClientCertificate(
content::WebContents* web_contents,
net::SSLCertRequestInfo* cert_request_info,
scoped_ptr<content::ClientCertificateDelegate> delegate) {
// --client-certificate=`path`
auto cmd = base::CommandLine::ForCurrentProcess();
if (cmd->HasSwitch(switches::kClientCertificate)) {
auto cert_path = cmd->GetSwitchValuePath(switches::kClientCertificate);
auto certificate = ImportCertFromFile(cert_path);
if (certificate.get())
delegate->ContinueWithCertificate(certificate.get());
return;
}
if (!cert_request_info->client_certs.empty() && delegate_) {
delegate_->SelectClientCertificate(
web_contents, cert_request_info, std::move(delegate));

3
atom/common/options_switches.cc
View file

@ -119,9 +119,6 @@ const char kPpapiFlashPath[] = "ppapi-flash-path";
// Ppapi Flash version.
const char kPpapiFlashVersion[] = "ppapi-flash-version";
// Path to client certificate.
const char kClientCertificate[] = "client-certificate";
// Disable HTTP cache.
const char kDisableHttpCache[] = "disable-http-cache";

1
atom/common/options_switches.h
View file

@ -68,7 +68,6 @@ namespace switches {
extern const char kEnablePlugins[];
extern const char kPpapiFlashPath[];
extern const char kPpapiFlashVersion[];
extern const char kClientCertificate[];
extern const char kDisableHttpCache[];
extern const char kRegisterStandardSchemes[];
extern const char kRegisterServiceWorkerSchemes[];