ui/cocoa/certificate_viewer_mac.mm

// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#import "chrome/browser/ui/cocoa/certificate_viewer_mac.h"

#include <Security/Security.h>
#include <SecurityInterface/SFCertificatePanel.h>
#include <vector>

#include "base/mac/foundation_util.h"
#include "base/mac/scoped_cftyperef.h"
#include "chrome/browser/certificate_viewer.h"
#import "chrome/browser/ui/cocoa/constrained_window/constrained_window_mac.h"
#import "chrome/browser/ui/cocoa/constrained_window/constrained_window_sheet.h"
#import "chrome/browser/ui/cocoa/constrained_window/constrained_window_sheet_controller.h"
#include "net/cert/x509_certificate.h"
#include "net/cert/x509_util_mac.h"
#import "ui/base/cocoa/window_size_constants.h"

class SSLCertificateViewerCocoaBridge;

@interface SFCertificatePanel (SystemPrivate)
// A system-private interface that dismisses a panel whose sheet was started by
// -beginSheetForWindow:
//        modalDelegate:
//       didEndSelector:
//          contextInfo:
//         certificates:
//            showGroup:
// as though the user clicked the button identified by returnCode. Verified
// present in 10.8.
- (void)_dismissWithCode:(NSInteger)code;
@end

@interface SSLCertificateViewerCocoa ()
- (void)onConstrainedWindowClosed;
@end

class SSLCertificateViewerCocoaBridge : public ConstrainedWindowMacDelegate {
 public:
  explicit SSLCertificateViewerCocoaBridge(SSLCertificateViewerCocoa *
                                           controller)
      : controller_(controller) {
  }

  virtual ~SSLCertificateViewerCocoaBridge() {}

  // ConstrainedWindowMacDelegate implementation:
  virtual void OnConstrainedWindowClosed(
      ConstrainedWindowMac * window) OVERRIDE {
    // |onConstrainedWindowClosed| will delete the sheet which might be still
    // in use higher up the call stack. Wait for the next cycle of the event
    // loop to call this function.
    [controller_ performSelector:@selector(onConstrainedWindowClosed)
                      withObject:nil
                      afterDelay:0];
  }

 private:
  SSLCertificateViewerCocoa* controller_;  // weak

  DISALLOW_COPY_AND_ASSIGN(SSLCertificateViewerCocoaBridge);
};

void ShowCertificateViewer(content::WebContents* web_contents,
                           gfx::NativeWindow parent,
                           net::X509Certificate* cert) {
  // SSLCertificateViewerCocoa will manage its own lifetime and will release
  // itself when the dialog is closed.
  // See -[SSLCertificateViewerCocoa onConstrainedWindowClosed].
  SSLCertificateViewerCocoa* viewer =
      [[SSLCertificateViewerCocoa alloc] initWithCertificate:cert];
  [viewer displayForWebContents:web_contents];
}

@implementation SSLCertificateViewerCocoa

- (id)initWithCertificate:(net::X509Certificate*)certificate {
  if ((self = [super init])) {
    base::ScopedCFTypeRef<CFArrayRef> cert_chain(
        certificate->CreateOSCertChainForCert());
    NSArray* certificates = base::mac::CFToNSCast(cert_chain.get());
    certificates_.reset([certificates retain]);
  }
  return self;
}

- (void)sheetDidEnd:(NSWindow*)parent
         returnCode:(NSInteger)returnCode
            context:(void*)context {
  if (!closePending_)
    constrainedWindow_->CloseWebContentsModalDialog();
}

- (void)displayForWebContents:(content::WebContents*)webContents {
  // Explicitly disable revocation checking, regardless of user preferences
  // or system settings. The behaviour of SFCertificatePanel is to call
  // SecTrustEvaluate on the certificate(s) supplied, effectively
  // duplicating the behaviour of net::X509Certificate::Verify(). However,
  // this call stalls the UI if revocation checking is enabled in the
  // Keychain preferences or if the cert may be an EV cert. By disabling
  // revocation checking, the stall is limited to the time taken for path
  // building and verification, which should be minimized due to the path
  // being provided in |certificates|. This does not affect normal
  // revocation checking from happening, which is controlled by
  // net::X509Certificate::Verify() and user preferences, but will prevent
  // the certificate viewer UI from displaying which certificate is revoked.
  // This is acceptable, as certificate revocation will still be shown in
  // the page info bubble if a certificate in the chain is actually revoked.
  base::ScopedCFTypeRef<CFMutableArrayRef> policies(
      CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks));
  if (!policies.get()) {
    NOTREACHED();
    return;
  }
  // Add a basic X.509 policy, in order to match the behaviour of
  // SFCertificatePanel when no policies are specified.
  SecPolicyRef basic_policy = NULL;
  OSStatus status = net::x509_util::CreateBasicX509Policy(&basic_policy);
  if (status != noErr) {
    NOTREACHED();
    return;
  }
  CFArrayAppendValue(policies, basic_policy);
  CFRelease(basic_policy);

  status = net::x509_util::CreateRevocationPolicies(false, false, policies);
  if (status != noErr) {
    NOTREACHED();
    return;
  }

  panel_.reset([[SFCertificatePanel alloc] init]);
  [panel_ setPolicies:(id) policies.get()];

  constrainedWindow_.reset(
      new ConstrainedWindowMac(observer_.get(), webContents, self));
}

- (NSWindow*)overlayWindow {
  return overlayWindow_;
}

- (void)showSheetForWindow:(NSWindow*)window {
  overlayWindow_.reset([window retain]);
  [panel_ beginSheetForWindow:window
                modalDelegate:self
               didEndSelector:@selector(sheetDidEnd:
                                         returnCode:
                                            context:)
                  contextInfo:NULL
                 certificates:certificates_
                    showGroup:YES];
}

- (void)closeSheetWithAnimation:(BOOL)withAnimation {
  closePending_ = YES;
  overlayWindow_.reset();
  // Closing the sheet using -[NSApp endSheet:] doesn't work so use the private
  // method.
  [panel_ _dismissWithCode:NSFileHandlingPanelCancelButton];
}

- (void)hideSheet {
  NSWindow* sheetWindow = [overlayWindow_ attachedSheet];
  [sheetWindow setAlphaValue:0.0];

  oldResizesSubviews_ = [[sheetWindow contentView] autoresizesSubviews];
  [[sheetWindow contentView] setAutoresizesSubviews:NO];

  oldSheetFrame_ = [sheetWindow frame];
  NSRect overlayFrame = [overlayWindow_ frame];
  oldSheetFrame_.origin.x -= NSMinX(overlayFrame);
  oldSheetFrame_.origin.y -= NSMinY(overlayFrame);
  [sheetWindow setFrame:ui::kWindowSizeDeterminedLater display:NO];
}

- (void)unhideSheet {
  NSWindow* sheetWindow = [overlayWindow_ attachedSheet];
  NSRect overlayFrame = [overlayWindow_ frame];
  oldSheetFrame_.origin.x += NSMinX(overlayFrame);
  oldSheetFrame_.origin.y += NSMinY(overlayFrame);
  [sheetWindow setFrame:oldSheetFrame_ display:NO];
  [[sheetWindow contentView] setAutoresizesSubviews:oldResizesSubviews_];
  [[overlayWindow_ attachedSheet] setAlphaValue:1.0];
}

- (void)pulseSheet {
  // NOOP
}

- (void)makeSheetKeyAndOrderFront {
  [[overlayWindow_ attachedSheet] makeKeyAndOrderFront:nil];
}

- (void)updateSheetPosition {
  // NOOP
}

- (void)onConstrainedWindowClosed {
  panel_.reset();
  constrainedWindow_.reset();
  [self release];
}

@end