| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/cros/onc_network_parser.h" | 5 #include "chrome/browser/chromeos/cros/onc_network_parser.h" |
| 6 | 6 |
| 7 #include <keyhi.h> | 7 #include <keyhi.h> |
| 8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
| 9 | 9 |
| 10 #include "base/base64.h" | 10 #include "base/base64.h" |
| (...skipping 811 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 822 for (size_t i = 0; i < trust_list->GetSize(); ++i) { | 822 for (size_t i = 0; i < trust_list->GetSize(); ++i) { |
| 823 std::string trust_type; | 823 std::string trust_type; |
| 824 if (!trust_list->GetString(i, &trust_type)) { | 824 if (!trust_list->GetString(i, &trust_type)) { |
| 825 LOG(WARNING) << "ONC File: certificate trust is invalid at index " | 825 LOG(WARNING) << "ONC File: certificate trust is invalid at index " |
| 826 << cert_index; | 826 << cert_index; |
| 827 parse_error_ = l10n_util::GetStringUTF8( | 827 parse_error_ = l10n_util::GetStringUTF8( |
| 828 IDS_NETWORK_CONFIG_ERROR_CERT_TRUST_INVALID); | 828 IDS_NETWORK_CONFIG_ERROR_CERT_TRUST_INVALID); |
| 829 return NULL; | 829 return NULL; |
| 830 } | 830 } |
| 831 if (trust_type == "Web") { | 831 if (trust_type == "Web") { |
| 832 // "Web" implies that the certificate is to be trusted for SSL |
| 833 // identification. |
| 832 web_trust = true; | 834 web_trust = true; |
| 833 } else { | 835 } else { |
| 834 LOG(WARNING) << "ONC File: certificate contains unknown " | 836 LOG(WARNING) << "ONC File: certificate contains unknown " |
| 835 << "trust type: " << trust_type | 837 << "trust type: " << trust_type |
| 836 << " at index " << cert_index; | 838 << " at index " << cert_index; |
| 837 parse_error_ = l10n_util::GetStringUTF8( | 839 parse_error_ = l10n_util::GetStringUTF8( |
| 838 IDS_NETWORK_CONFIG_ERROR_CERT_TRUST_UNKNOWN); | 840 IDS_NETWORK_CONFIG_ERROR_CERT_TRUST_UNKNOWN); |
| 839 return NULL; | 841 return NULL; |
| 840 } | 842 } |
| 841 } | 843 } |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 922 LOG(WARNING) << "Cert GUID is already in use: " << guid; | 924 LOG(WARNING) << "Cert GUID is already in use: " << guid; |
| 923 parse_error_ = l10n_util::GetStringUTF8( | 925 parse_error_ = l10n_util::GetStringUTF8( |
| 924 IDS_NETWORK_CONFIG_ERROR_CERT_GUID_COLLISION); | 926 IDS_NETWORK_CONFIG_ERROR_CERT_GUID_COLLISION); |
| 925 return NULL; | 927 return NULL; |
| 926 } | 928 } |
| 927 | 929 |
| 928 net::CertificateList cert_list; | 930 net::CertificateList cert_list; |
| 929 cert_list.push_back(x509_cert); | 931 cert_list.push_back(x509_cert); |
| 930 net::CertDatabase::ImportCertFailureList failures; | 932 net::CertDatabase::ImportCertFailureList failures; |
| 931 bool success = false; | 933 bool success = false; |
| 934 net::CertDatabase::TrustBits trust = web_trust ? |
| 935 net::CertDatabase::TRUSTED_SSL : |
| 936 net::CertDatabase::TRUST_DEFAULT; |
| 932 if (cert_type == "Server") { | 937 if (cert_type == "Server") { |
| 933 success = cert_database.ImportServerCert(cert_list, &failures); | 938 success = cert_database.ImportServerCert(cert_list, trust, &failures); |
| 934 } else { // Authority cert | 939 } else { // Authority cert |
| 935 net::CertDatabase::TrustBits trust = web_trust ? | |
| 936 net::CertDatabase::TRUSTED_SSL : | |
| 937 net::CertDatabase::UNTRUSTED; | |
| 938 success = cert_database.ImportCACerts(cert_list, trust, &failures); | 940 success = cert_database.ImportCACerts(cert_list, trust, &failures); |
| 939 } | 941 } |
| 940 if (!failures.empty()) { | 942 if (!failures.empty()) { |
| 941 LOG(WARNING) << "ONC File: Error (" | 943 LOG(WARNING) << "ONC File: Error (" |
| 942 << net::ErrorToString(failures[0].net_error) | 944 << net::ErrorToString(failures[0].net_error) |
| 943 << ") importing " << cert_type << " certificate at index " | 945 << ") importing " << cert_type << " certificate at index " |
| 944 << cert_index; | 946 << cert_index; |
| 945 parse_error_ = l10n_util::GetStringUTF8( | 947 parse_error_ = l10n_util::GetStringUTF8( |
| 946 IDS_NETWORK_CONFIG_ERROR_CERT_IMPORT); | 948 IDS_NETWORK_CONFIG_ERROR_CERT_IMPORT); |
| 947 return NULL; | 949 return NULL; |
| (...skipping 1039 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1987 // on the value of AuthenticationType. | 1989 // on the value of AuthenticationType. |
| 1988 { "L2TP-IPsec", PROVIDER_TYPE_L2TP_IPSEC_PSK }, | 1990 { "L2TP-IPsec", PROVIDER_TYPE_L2TP_IPSEC_PSK }, |
| 1989 { "OpenVPN", PROVIDER_TYPE_OPEN_VPN }, | 1991 { "OpenVPN", PROVIDER_TYPE_OPEN_VPN }, |
| 1990 }; | 1992 }; |
| 1991 CR_DEFINE_STATIC_LOCAL(EnumMapper<ProviderType>, parser, | 1993 CR_DEFINE_STATIC_LOCAL(EnumMapper<ProviderType>, parser, |
| 1992 (table, arraysize(table), PROVIDER_TYPE_MAX)); | 1994 (table, arraysize(table), PROVIDER_TYPE_MAX)); |
| 1993 return parser.Get(type); | 1995 return parser.Get(type); |
| 1994 } | 1996 } |
| 1995 | 1997 |
| 1996 } // namespace chromeos | 1998 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10458069:
Reland: Fix imported server certs being distrusted in NSS 3.13. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src