| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/onc/onc_certificate_importer.h" | 5 #include "chromeos/network/onc/onc_certificate_importer.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <keyhi.h> | 8 #include <keyhi.h> |
| 9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
| 10 | 10 |
| (...skipping 25 matching lines...) Expand all Loading... |
| 36 | 36 |
| 37 CertificateImporter::CertificateImporter( | 37 CertificateImporter::CertificateImporter( |
| 38 ONCSource onc_source, | 38 ONCSource onc_source, |
| 39 bool allow_web_trust_from_policy) | 39 bool allow_web_trust_from_policy) |
| 40 : onc_source_(onc_source), | 40 : onc_source_(onc_source), |
| 41 allow_web_trust_from_policy_(allow_web_trust_from_policy) { | 41 allow_web_trust_from_policy_(allow_web_trust_from_policy) { |
| 42 } | 42 } |
| 43 | 43 |
| 44 CertificateImporter::ParseResult CertificateImporter::ParseAndStoreCertificates( | 44 CertificateImporter::ParseResult CertificateImporter::ParseAndStoreCertificates( |
| 45 const base::ListValue& certificates) { | 45 const base::ListValue& certificates) { |
| 46 size_t successful_imports = 0; |
| 46 for (size_t i = 0; i < certificates.GetSize(); ++i) { | 47 for (size_t i = 0; i < certificates.GetSize(); ++i) { |
| 47 const base::DictionaryValue* certificate = NULL; | 48 const base::DictionaryValue* certificate = NULL; |
| 48 if (!certificates.GetDictionary(i, &certificate)) { | 49 if (!certificates.GetDictionary(i, &certificate)) { |
| 49 ONC_LOG_ERROR("Certificate data malformed"); | 50 ONC_LOG_ERROR("Certificate data malformed"); |
| 50 return i > 0 ? IMPORT_INCOMPLETE : IMPORT_FAILED; | 51 continue; |
| 51 } | 52 } |
| 52 | 53 |
| 53 if (VLOG_IS_ON(2)) | 54 VLOG(2) << "Parsing certificate at index " << i << ": " << *certificate; |
| 54 VLOG(2) << "Parsing certificate at index " << i << ": " << *certificate; | |
| 55 | 55 |
| 56 if (!ParseAndStoreCertificate(*certificate)) { | 56 if (!ParseAndStoreCertificate(*certificate)) { |
| 57 ONC_LOG_ERROR( | 57 ONC_LOG_ERROR( |
| 58 base::StringPrintf("Cannot parse certificate at index %zu", i)); | 58 base::StringPrintf("Cannot parse certificate at index %zu", i)); |
| 59 return i > 0 ? IMPORT_INCOMPLETE : IMPORT_FAILED; | 59 } else { |
| 60 VLOG(2) << "Successfully imported certificate at index " << i; |
| 61 ++successful_imports; |
| 60 } | 62 } |
| 63 } |
| 61 | 64 |
| 62 VLOG(2) << "Successfully imported certificate at index " << i; | 65 if (successful_imports == certificates.GetSize()) |
| 63 } | 66 return IMPORT_OK; |
| 64 return IMPORT_OK; | 67 else if (successful_imports == 0) |
| 68 return IMPORT_FAILED; |
| 69 else |
| 70 return IMPORT_INCOMPLETE; |
| 65 } | 71 } |
| 66 | 72 |
| 67 bool CertificateImporter::ParseAndStoreCertificate( | 73 bool CertificateImporter::ParseAndStoreCertificate( |
| 68 const base::DictionaryValue& certificate) { | 74 const base::DictionaryValue& certificate) { |
| 69 // Get out the attributes of the given certificate. | 75 // Get out the attributes of the given certificate. |
| 70 std::string guid; | 76 std::string guid; |
| 71 if (!certificate.GetString(kGUID, &guid) || guid.empty()) { | 77 if (!certificate.GetString(kGUID, &guid) || guid.empty()) { |
| 72 ONC_LOG_ERROR("Certificate missing GUID identifier"); | 78 ONC_LOG_ERROR("Certificate missing GUID identifier"); |
| 73 return false; | 79 return false; |
| 74 } | 80 } |
| 75 | 81 |
| 76 bool remove = false; | 82 bool remove = false; |
| 77 if (certificate.GetBoolean(kRemove, &remove) && remove) { | 83 if (certificate.GetBoolean(kRemove, &remove) && remove) { |
| 78 if (!DeleteCertAndKeyByNickname(guid)) { | 84 if (!DeleteCertAndKeyByNickname(guid)) { |
| 79 ONC_LOG_WARNING("Unable to delete certificate"); | 85 ONC_LOG_ERROR("Unable to delete certificate"); |
| 80 return false; | 86 return false; |
| 81 } else { | 87 } else { |
| 82 return true; | 88 return true; |
| 83 } | 89 } |
| 84 } | 90 } |
| 85 | 91 |
| 86 // Not removing, so let's get the data we need to add this certificate. | 92 // Not removing, so let's get the data we need to add this certificate. |
| 87 std::string cert_type; | 93 std::string cert_type; |
| 88 certificate.GetString(certificate::kType, &cert_type); | 94 certificate.GetString(certificate::kType, &cert_type); |
| 89 if (cert_type == certificate::kServer || cert_type == certificate::kAuthority) | 95 if (cert_type == certificate::kServer || cert_type == certificate::kAuthority) |
| (...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 359 PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str())); | 365 PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str())); |
| 360 SECKEY_DestroyPrivateKey(private_key); | 366 SECKEY_DestroyPrivateKey(private_key); |
| 361 } else { | 367 } else { |
| 362 ONC_LOG_WARNING("Unable to find private key for certificate."); | 368 ONC_LOG_WARNING("Unable to find private key for certificate."); |
| 363 } | 369 } |
| 364 return true; | 370 return true; |
| 365 } | 371 } |
| 366 | 372 |
| 367 } // chromeos | 373 } // chromeos |
| 368 } // onc | 374 } // onc |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11578005:
Rejecting networks/certificates independently on ONC import and policy loading. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@reject_network_independently