mirror of
https://github.com/electron/electron.git
synced 2026-01-08 23:18:06 -05:00
95e87e46ab
* chore: bump chromium in DEPS to 144.0.7543.0 * Pass PipScreenCaptureCoordinatorProxy to ScreenCaptureKitDeviceMac https://chromium-review.googlesource.com/c/chromium/src/+/7157590 * chore: update patches * chore: update filenames.libcxx.gni * 7142359: Spanification of process_singleton_posix.cc https: //chromium-review.googlesource.com/c/chromium/src/+/7142359 Co-Authored-By: Charles Kerr <70381+ckerr@users.noreply.github.com> * Move logging::LoggingSettings to base/logging/logging_settings.h https://chromium-review.googlesource.com/c/chromium/src/+/7173024 * chore: bump chromium in DEPS to 144.0.7545.0 * 7159368: update PluginService API for sync GetPlugins Upstream removed async PluginService APIs: - GetPluginsAsync() removed, use synchronous GetPlugins() - RegisterInternalPlugin() now takes single argument (remove add_at_beginning) - RefreshPlugins() removed entirely Updated ElectronPluginInfoHostImpl to use synchronous plugin loading and simplified ElectronBrowserMainParts internal plugin registration. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7159368 Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7159328 Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7159056 (cherry picked from commit88cdf50b0a) * 7159184: add missing base/files/file_path.h include Add explicit include for base/files/file_path.h in electron_browser_context.h. After removal of superfluous Mojo includes from content headers, base::FilePath is no longer transitively included via content/public/browser/browser_context.h. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7159184 (cherry picked from commit6ca8ea03ec) * 7126479: add ShouldForceRefreshTextCheckService parameter to SpellCheckClient Upstream added a force-refresh parameter to WebTextCheckClient::RequestCheckingOfText to bypass spell check cache. Add the new ShouldForceRefreshTextCheckService parameter to SpellCheckClient's override (currently unused in Electron). Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7126479 (cherry picked from commit879c0401c4) * 7083663: remove fingerprinting_protection_ruleset_service override Upstream deleted external references to Fingerprinting Protection Filter (FPF) component. Remove the fingerprinting_protection_ruleset_service() override from BrowserProcessImpl as the method no longer exists in the base class. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7083663 (cherry picked from commit8350d152f9) * 7155287: implement WebContentsView::GetSize and Resize Upstream delegated WebContents::GetSize() and Resize() to WebContentsView, making them pure virtual. Add const qualifier to GetSize() and implement the Resize() override in OffScreenWebContentsView (no-op for offscreen). Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7155287 (cherry picked from commit084eaa568e) * 7184238: add OnUnconfirmedTapConvertedToTap override Upstream added OnUnconfirmedTapConvertedToTap as a pure virtual method to RenderWidgetHostViewBase to inform root view when child frame converts an unconfirmed tap. Add empty override for offscreen rendering. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7184238 (cherry picked from commitef03400d9a) * 7143586: add widget parameter to OnCommandsChanged GlobalAcceleratorListener::OnCommandsChanged gained a gfx::AcceleratedWidget parameter for window association in the GlobalShortcutListenerLinux implementation. Pass gfx::kNullAcceleratedWidget for Electron's usage. Ref: : Pass parent handle to GlobalAcceleratorListenerLinux::BindShortcuts | https://chromium-review.googlesource.com/c/chromium/src/+/7143586 (cherry picked from commit38306e2bfc) Co-Authored-By: Samuel Attard <MarshallOfSound@users.noreply.github.com> * chore: update patches Co-Authored-By: Samuel Attard <MarshallOfSound@users.noreply.github.com> * chore: bump chromium in DEPS to 144.0.7547.0 * chore: update patches * 7189232: Add support for UnownedUserData in GlobalFeatures https: //chromium-review.googlesource.com/c/chromium/src/+/7189232 * Refactor: Use std::u16string for extension load error messages https://chromium-review.googlesource.com/c/chromium/src/+/7185844 * fixup Add support for UnownedUserData in GlobalFeatures * 7165650: Remove ResourceContext https://chromium-review.googlesource.com/c/chromium/src/+/7165650 * fixup BUILD.gn for lint * 7202164: Reland "Reland "Remove GenericScopedHandle:IsValid"" https://chromium-review.googlesource.com/c/chromium/src/+/7202164 * advance deprecation of v8::ReturnValue<void>::Set(Local<S>). 7168624: [runtime][api] Relax requirements for setter/definer/deleter callbacks | https://chromium-review.googlesource.com/c/v8/v8/+/7168624 * fixup advance deprecation of v8::ReturnValue<void>::Set(Local<S>) * chore: skip setting LPAC ACLs * Revert "chore: skip setting LPAC ACLs" This reverts commite187aec488. * chore: revert Convert to UNSAFE_TODO in sandbox revert https://chromium-review.googlesource.com/c/chromium/src/+/7131661 to see if it fixes the Windows sandbox issue. * Revert "chore: revert Convert to UNSAFE_TODO in sandbox" This reverts commit57afbfefe5. * chore: Revert "Enable network sandbox by default on Windows" see if this fixes the Windows sandbox issue * Enable network sandbox by default on Windows https://chromium-review.googlesource.com/c/chromium/src/+/7204292 * Revert "chore: Revert "Enable network sandbox by default on Windows"" This reverts commit530ab6af82. * fixup! Enable network sandbox by default on Windows | https://chromium-review.googlesource.com/c/chromium/src/+/7204292 * fixup!: Correct flag name, add kLocalNetworkAccessChecks to all platforms --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org> Co-authored-by: Charles Kerr <70381+ckerr@users.noreply.github.com> Co-authored-by: Samuel Attard <sattard@anthropic.com> Co-authored-by: Samuel Attard <MarshallOfSound@users.noreply.github.com> Co-authored-by: John Kleinschmidt <kleinschmidtorama@gmail.com> Co-authored-by: Keeley Hammond <khammond@slack-corp.com>
162 lines
5.7 KiB
C++
162 lines
5.7 KiB
C++
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#include "shell/browser/certificate_manager_model.h"
|
|
|
|
#include <utility>
|
|
|
|
#include "base/functional/bind.h"
|
|
#include "base/memory/ptr_util.h"
|
|
#include "content/public/browser/browser_task_traits.h"
|
|
#include "content/public/browser/browser_thread.h"
|
|
#include "crypto/nss_util.h"
|
|
#include "crypto/nss_util_internal.h"
|
|
#include "net/base/net_errors.h"
|
|
#include "net/cert/nss_cert_database.h"
|
|
#include "net/cert/x509_certificate.h"
|
|
|
|
using content::BrowserThread;
|
|
|
|
namespace {
|
|
|
|
net::NSSCertDatabase* g_nss_cert_database = nullptr;
|
|
|
|
net::NSSCertDatabase* GetNSSCertDatabase(
|
|
base::OnceCallback<void(net::NSSCertDatabase*)> callback) {
|
|
// This initialization is not thread safe. This CHECK ensures that this code
|
|
// is only run on a single thread.
|
|
CHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
|
|
if (!g_nss_cert_database) {
|
|
// Linux has only a single persistent slot compared to ChromeOS's separate
|
|
// public and private slot.
|
|
// Redirect any slot usage to this persistent slot on Linux.
|
|
crypto::EnsureNSSInit();
|
|
g_nss_cert_database = new net::NSSCertDatabase(
|
|
crypto::ScopedPK11Slot(PK11_GetInternalKeySlot()) /* public slot */,
|
|
crypto::ScopedPK11Slot(PK11_GetInternalKeySlot()) /* private slot */);
|
|
}
|
|
return g_nss_cert_database;
|
|
}
|
|
|
|
} // namespace
|
|
|
|
// CertificateManagerModel is created on the UI thread. It needs a
|
|
// NSSCertDatabase handle (and on ChromeOS it needs to get the TPM status) which
|
|
// needs to be done on the IO thread.
|
|
//
|
|
// The initialization flow is roughly:
|
|
//
|
|
// UI thread IO Thread
|
|
//
|
|
// CertificateManagerModel::Create
|
|
// \--------------------------------------v
|
|
// CertificateManagerModel::GetCertDBOnIOThread
|
|
// |
|
|
// GetNSSCertDatabase
|
|
// |
|
|
// CertificateManagerModel::DidGetCertDBOnIOThread
|
|
// v--------------------------------------/
|
|
// CertificateManagerModel::DidGetCertDBOnUIThread
|
|
// |
|
|
// new CertificateManagerModel
|
|
// |
|
|
// callback
|
|
|
|
// static
|
|
void CertificateManagerModel::Create(CreationCallback callback) {
|
|
DCHECK_CURRENTLY_ON(BrowserThread::UI);
|
|
content::GetIOThreadTaskRunner({})->PostTask(
|
|
FROM_HERE, base::BindOnce(&CertificateManagerModel::GetCertDBOnIOThread,
|
|
std::move(callback)));
|
|
}
|
|
|
|
CertificateManagerModel::CertificateManagerModel(
|
|
net::NSSCertDatabase* nss_cert_database,
|
|
bool is_user_db_available)
|
|
: cert_db_(nss_cert_database), is_user_db_available_(is_user_db_available) {
|
|
DCHECK_CURRENTLY_ON(BrowserThread::UI);
|
|
}
|
|
|
|
CertificateManagerModel::~CertificateManagerModel() = default;
|
|
|
|
int CertificateManagerModel::ImportFromPKCS12(
|
|
PK11SlotInfo* slot_info,
|
|
const std::string& data,
|
|
const std::u16string& password,
|
|
bool is_extractable,
|
|
net::ScopedCERTCertificateList* imported_certs) {
|
|
return cert_db_->ImportFromPKCS12(slot_info, data, password, is_extractable,
|
|
imported_certs);
|
|
}
|
|
|
|
int CertificateManagerModel::ImportUserCert(const std::string& data) {
|
|
return cert_db_->ImportUserCert(data);
|
|
}
|
|
|
|
bool CertificateManagerModel::ImportCACerts(
|
|
const net::ScopedCERTCertificateList& certificates,
|
|
net::NSSCertDatabase::TrustBits trust_bits,
|
|
net::NSSCertDatabase::ImportCertFailureList* not_imported) {
|
|
return cert_db_->ImportCACerts(certificates, trust_bits, not_imported);
|
|
}
|
|
|
|
bool CertificateManagerModel::ImportServerCert(
|
|
const net::ScopedCERTCertificateList& certificates,
|
|
net::NSSCertDatabase::TrustBits trust_bits,
|
|
net::NSSCertDatabase::ImportCertFailureList* not_imported) {
|
|
return cert_db_->ImportServerCert(certificates, trust_bits, not_imported);
|
|
}
|
|
|
|
bool CertificateManagerModel::SetCertTrust(
|
|
CERTCertificate* cert,
|
|
net::CertType type,
|
|
net::NSSCertDatabase::TrustBits trust_bits) {
|
|
return cert_db_->SetCertTrust(cert, type, trust_bits);
|
|
}
|
|
|
|
bool CertificateManagerModel::Delete(CERTCertificate* cert) {
|
|
return cert_db_->DeleteCertAndKey(cert);
|
|
}
|
|
|
|
// static
|
|
void CertificateManagerModel::DidGetCertDBOnUIThread(
|
|
net::NSSCertDatabase* cert_db,
|
|
bool is_user_db_available,
|
|
CreationCallback callback) {
|
|
DCHECK_CURRENTLY_ON(BrowserThread::UI);
|
|
|
|
auto model = base::WrapUnique(
|
|
new CertificateManagerModel(cert_db, is_user_db_available));
|
|
std::move(callback).Run(std::move(model));
|
|
}
|
|
|
|
// static
|
|
void CertificateManagerModel::DidGetCertDBOnIOThread(
|
|
CreationCallback callback,
|
|
net::NSSCertDatabase* cert_db) {
|
|
DCHECK_CURRENTLY_ON(BrowserThread::IO);
|
|
|
|
bool is_user_db_available = !!cert_db->GetPublicSlot();
|
|
content::GetUIThreadTaskRunner({})->PostTask(
|
|
FROM_HERE,
|
|
base::BindOnce(&CertificateManagerModel::DidGetCertDBOnUIThread, cert_db,
|
|
is_user_db_available, std::move(callback)));
|
|
}
|
|
|
|
// static
|
|
void CertificateManagerModel::GetCertDBOnIOThread(CreationCallback callback) {
|
|
DCHECK_CURRENTLY_ON(BrowserThread::IO);
|
|
|
|
auto split_callback = base::SplitOnceCallback(base::BindOnce(
|
|
&CertificateManagerModel::DidGetCertDBOnIOThread, std::move(callback)));
|
|
|
|
net::NSSCertDatabase* cert_db =
|
|
GetNSSCertDatabase(std::move(split_callback.first));
|
|
|
|
// If the NSS database was already available, |cert_db| is non-null and
|
|
// |did_get_cert_db_callback| has not been called. Call it explicitly.
|
|
if (cert_db)
|
|
std::move(split_callback.second).Run(cert_db);
|
|
}
|