Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/cros/onc_network_parser.h" | 5 #include "chrome/browser/chromeos/cros/onc_network_parser.h" |
| 6 | 6 |
| 7 #include <keyhi.h> | 7 #include <keyhi.h> |
| 8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
| 9 | 9 |
| 10 #include "base/base64.h" | 10 #include "base/base64.h" |
| (...skipping 264 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 275 | 275 |
| 276 } // namespace | 276 } // namespace |
| 277 | 277 |
| 278 // -------------------- OncNetworkParser -------------------- | 278 // -------------------- OncNetworkParser -------------------- |
| 279 | 279 |
| 280 OncNetworkParser::OncNetworkParser(const std::string& onc_blob, | 280 OncNetworkParser::OncNetworkParser(const std::string& onc_blob, |
| 281 const std::string& passphrase, | 281 const std::string& passphrase, |
| 282 NetworkUIData::ONCSource onc_source) | 282 NetworkUIData::ONCSource onc_source) |
| 283 : NetworkParser(get_onc_mapper()), | 283 : NetworkParser(get_onc_mapper()), |
| 284 onc_source_(onc_source), | 284 onc_source_(onc_source), |
| 285 allow_web_trust_from_policy_(false), | |
| 285 network_configs_(NULL), | 286 network_configs_(NULL), |
| 286 certificates_(NULL) { | 287 certificates_(NULL) { |
| 287 VLOG(2) << __func__ << ": OncNetworkParser called on " << onc_blob; | 288 VLOG(2) << __func__ << ": OncNetworkParser called on " << onc_blob; |
| 288 JSONStringValueSerializer deserializer(onc_blob); | 289 JSONStringValueSerializer deserializer(onc_blob); |
| 289 deserializer.set_allow_trailing_comma(true); | 290 deserializer.set_allow_trailing_comma(true); |
| 290 scoped_ptr<base::Value> root(deserializer.Deserialize(NULL, &parse_error_)); | 291 scoped_ptr<base::Value> root(deserializer.Deserialize(NULL, &parse_error_)); |
| 291 | 292 |
| 292 if (!root.get() || root->GetType() != base::Value::TYPE_DICTIONARY) { | 293 if (!root.get() || root->GetType() != base::Value::TYPE_DICTIONARY) { |
| 293 LOG(WARNING) << "OncNetworkParser received bad ONC file: " << parse_error_; | 294 LOG(WARNING) << "OncNetworkParser received bad ONC file: " << parse_error_; |
| 294 } else { | 295 } else { |
| (...skipping 647 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 942 // have removed the existing cert above. | 943 // have removed the existing cert above. |
| 943 net::CertificateList certs; | 944 net::CertificateList certs; |
| 944 ListCertsWithNickname(guid, &certs); | 945 ListCertsWithNickname(guid, &certs); |
| 945 if (!certs.empty()) { | 946 if (!certs.empty()) { |
| 946 LOG(WARNING) << "Cert GUID is already in use: " << guid; | 947 LOG(WARNING) << "Cert GUID is already in use: " << guid; |
| 947 parse_error_ = l10n_util::GetStringUTF8( | 948 parse_error_ = l10n_util::GetStringUTF8( |
| 948 IDS_NETWORK_CONFIG_ERROR_CERT_GUID_COLLISION); | 949 IDS_NETWORK_CONFIG_ERROR_CERT_GUID_COLLISION); |
| 949 return NULL; | 950 return NULL; |
| 950 } | 951 } |
| 951 | 952 |
| 953 // Web trust is only granted to certificates imported for a managed user on | |
| 954 // a managed device. | |
| 955 if ((onc_source_ == NetworkUIData::ONC_SOURCE_DEVICE_POLICY || | |
|
Mattias Nissler (ping if slow)
2012/09/04 09:57:04
only for onc_source_ == USER_POLICY
Joao da Silva
2012/09/04 12:52:55
Done. For DEVICE_POLICY this is now bailing out wi
| |
| 956 onc_source_ == NetworkUIData::ONC_SOURCE_USER_POLICY) && | |
| 957 web_trust && !allow_web_trust_from_policy_) { | |
| 958 LOG(WARNING) << "Web trust not granted for certificate with guid " << guid; | |
| 959 web_trust = false; | |
| 960 } | |
| 961 | |
| 952 net::CertificateList cert_list; | 962 net::CertificateList cert_list; |
| 953 cert_list.push_back(x509_cert); | 963 cert_list.push_back(x509_cert); |
| 954 net::CertDatabase::ImportCertFailureList failures; | 964 net::CertDatabase::ImportCertFailureList failures; |
| 955 bool success = false; | 965 bool success = false; |
| 956 net::CertDatabase::TrustBits trust = web_trust ? | 966 net::CertDatabase::TrustBits trust = web_trust ? |
| 957 net::CertDatabase::TRUSTED_SSL : | 967 net::CertDatabase::TRUSTED_SSL : |
| 958 net::CertDatabase::TRUST_DEFAULT; | 968 net::CertDatabase::TRUST_DEFAULT; |
| 959 if (cert_type == "Server") { | 969 if (cert_type == "Server") { |
| 960 success = cert_database.ImportServerCert(cert_list, trust, &failures); | 970 success = cert_database.ImportServerCert(cert_list, trust, &failures); |
| 961 } else { // Authority cert | 971 } else { // Authority cert |
| (...skipping 1049 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2011 // on the value of AuthenticationType. | 2021 // on the value of AuthenticationType. |
| 2012 { "L2TP-IPsec", PROVIDER_TYPE_L2TP_IPSEC_PSK }, | 2022 { "L2TP-IPsec", PROVIDER_TYPE_L2TP_IPSEC_PSK }, |
| 2013 { "OpenVPN", PROVIDER_TYPE_OPEN_VPN }, | 2023 { "OpenVPN", PROVIDER_TYPE_OPEN_VPN }, |
| 2014 }; | 2024 }; |
| 2015 CR_DEFINE_STATIC_LOCAL(EnumMapper<ProviderType>, parser, | 2025 CR_DEFINE_STATIC_LOCAL(EnumMapper<ProviderType>, parser, |
| 2016 (table, arraysize(table), PROVIDER_TYPE_MAX)); | 2026 (table, arraysize(table), PROVIDER_TYPE_MAX)); |
| 2017 return parser.Get(type); | 2027 return parser.Get(type); |
| 2018 } | 2028 } |
| 2019 | 2029 |
| 2020 } // namespace chromeos | 2030 } // namespace chromeos |
| OLD | NEW |