electron/shell/browser/ui/certificate_trust_mac.mm
electron-roller[bot] 7219142a54
chore: bump chromium to 116.0.5833.0 (main) (#38809)
* chore: bump chromium in DEPS to 116.0.5833.0

* chore: update patches

* 4530656: Add DeviceLoginScreenWebHidAllowDevicesForUrls policy

https://chromium-review.googlesource.com/c/chromium/src/+/4530656

* Split CertDatabase notifications between trust changes and client cert changes

https://chromium-review.googlesource.com/c/chromium/src/+/4596317

---------

Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
2023-06-15 16:37:01 -04:00

123 lines
3.8 KiB
Text

// Copyright (c) 2017 GitHub, Inc.
// Use of this source code is governed by the MIT license that can be
// found in the LICENSE file.
#include "shell/browser/ui/certificate_trust.h"
#include <memory>
#include <string>
#include <utility>
#import <Cocoa/Cocoa.h>
#import <SecurityInterface/SFCertificateTrustPanel.h>
#include "base/strings/sys_string_conversions.h"
#include "net/cert/cert_database.h"
#include "net/cert/x509_util_apple.h"
#include "shell/browser/native_window.h"
@interface TrustDelegate : NSObject {
@private
std::unique_ptr<gin_helper::Promise<void>> promise_;
SFCertificateTrustPanel* panel_;
scoped_refptr<net::X509Certificate> cert_;
SecTrustRef trust_;
CFArrayRef cert_chain_;
SecPolicyRef sec_policy_;
}
- (id)initWithPromise:(gin_helper::Promise<void>)promise
panel:(SFCertificateTrustPanel*)panel
cert:(const scoped_refptr<net::X509Certificate>&)cert
trust:(SecTrustRef)trust
certChain:(CFArrayRef)certChain
secPolicy:(SecPolicyRef)secPolicy;
- (void)panelDidEnd:(NSWindow*)sheet
returnCode:(int)returnCode
contextInfo:(void*)contextInfo;
@end
@implementation TrustDelegate
- (void)dealloc {
[panel_ release];
CFRelease(trust_);
CFRelease(cert_chain_);
CFRelease(sec_policy_);
[super dealloc];
}
- (id)initWithPromise:(gin_helper::Promise<void>)promise
panel:(SFCertificateTrustPanel*)panel
cert:(const scoped_refptr<net::X509Certificate>&)cert
trust:(SecTrustRef)trust
certChain:(CFArrayRef)certChain
secPolicy:(SecPolicyRef)secPolicy {
if ((self = [super init])) {
promise_ = std::make_unique<gin_helper::Promise<void>>(std::move(promise));
panel_ = panel;
cert_ = cert;
trust_ = trust;
cert_chain_ = certChain;
sec_policy_ = secPolicy;
}
return self;
}
- (void)panelDidEnd:(NSWindow*)sheet
returnCode:(int)returnCode
contextInfo:(void*)contextInfo {
auto* cert_db = net::CertDatabase::GetInstance();
// This forces Chromium to reload the certificate since it might be trusted
// now.
cert_db->NotifyObserversTrustStoreChanged();
promise_->Resolve();
[self autorelease];
}
@end
namespace certificate_trust {
v8::Local<v8::Promise> ShowCertificateTrust(
electron::NativeWindow* parent_window,
const scoped_refptr<net::X509Certificate>& cert,
const std::string& message) {
v8::Isolate* isolate = electron::JavascriptEnvironment::GetIsolate();
gin_helper::Promise<void> promise(isolate);
v8::Local<v8::Promise> handle = promise.GetHandle();
auto* sec_policy = SecPolicyCreateBasicX509();
auto cert_chain =
net::x509_util::CreateSecCertificateArrayForX509Certificate(cert.get());
SecTrustRef trust = nullptr;
SecTrustCreateWithCertificates(cert_chain, sec_policy, &trust);
NSWindow* window = parent_window
? parent_window->GetNativeWindow().GetNativeNSWindow()
: nil;
auto msg = base::SysUTF8ToNSString(message);
auto panel = [[SFCertificateTrustPanel alloc] init];
auto delegate = [[TrustDelegate alloc] initWithPromise:std::move(promise)
panel:panel
cert:cert
trust:trust
certChain:cert_chain
secPolicy:sec_policy];
[panel beginSheetForWindow:window
modalDelegate:delegate
didEndSelector:@selector(panelDidEnd:returnCode:contextInfo:)
contextInfo:nil
trust:trust
message:msg];
return handle;
}
} // namespace certificate_trust