Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/cros/onc_network_parser.h" | 5 #include "chrome/browser/chromeos/cros/onc_network_parser.h" |
| 6 | 6 |
| 7 #include <keyhi.h> | 7 #include <keyhi.h> |
| 8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
| 9 | 9 |
| 10 #include "base/base64.h" | 10 #include "base/base64.h" |
| (...skipping 264 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 275 | 275 |
| 276 } // namespace | 276 } // namespace |
| 277 | 277 |
| 278 // -------------------- OncNetworkParser -------------------- | 278 // -------------------- OncNetworkParser -------------------- |
| 279 | 279 |
| 280 OncNetworkParser::OncNetworkParser(const std::string& onc_blob, | 280 OncNetworkParser::OncNetworkParser(const std::string& onc_blob, |
| 281 const std::string& passphrase, | 281 const std::string& passphrase, |
| 282 NetworkUIData::ONCSource onc_source) | 282 NetworkUIData::ONCSource onc_source) |
| 283 : NetworkParser(get_onc_mapper()), | 283 : NetworkParser(get_onc_mapper()), |
| 284 onc_source_(onc_source), | 284 onc_source_(onc_source), |
| 285 allow_web_trust_from_policy_(false), | |
| 285 network_configs_(NULL), | 286 network_configs_(NULL), |
| 286 certificates_(NULL) { | 287 certificates_(NULL) { |
| 287 VLOG(2) << __func__ << ": OncNetworkParser called on " << onc_blob; | 288 VLOG(2) << __func__ << ": OncNetworkParser called on " << onc_blob; |
| 288 JSONStringValueSerializer deserializer(onc_blob); | 289 JSONStringValueSerializer deserializer(onc_blob); |
| 289 deserializer.set_allow_trailing_comma(true); | 290 deserializer.set_allow_trailing_comma(true); |
| 290 scoped_ptr<base::Value> root(deserializer.Deserialize(NULL, &parse_error_)); | 291 scoped_ptr<base::Value> root(deserializer.Deserialize(NULL, &parse_error_)); |
| 291 | 292 |
| 292 if (!root.get() || root->GetType() != base::Value::TYPE_DICTIONARY) { | 293 if (!root.get() || root->GetType() != base::Value::TYPE_DICTIONARY) { |
| 293 LOG(WARNING) << "OncNetworkParser received bad ONC file: " << parse_error_; | 294 LOG(WARNING) << "OncNetworkParser received bad ONC file: " << parse_error_; |
| 294 } else { | 295 } else { |
| (...skipping 27 matching lines...) Expand all Loading... | |
| 322 } | 323 } |
| 323 | 324 |
| 324 OncNetworkParser::~OncNetworkParser() { | 325 OncNetworkParser::~OncNetworkParser() { |
| 325 } | 326 } |
| 326 | 327 |
| 327 // static | 328 // static |
| 328 const EnumMapper<PropertyIndex>* OncNetworkParser::property_mapper() { | 329 const EnumMapper<PropertyIndex>* OncNetworkParser::property_mapper() { |
| 329 return get_onc_mapper(); | 330 return get_onc_mapper(); |
| 330 } | 331 } |
| 331 | 332 |
| 333 void OncNetworkParser::AllowWebTrustFromPolicy() { | |
|
Mattias Nissler (ping if slow)
2012/08/28 11:57:56
Make this a regular setter? When I read the declar
Joao da Silva
2012/09/03 15:24:32
Turned into a setter.
| |
| 334 allow_web_trust_from_policy_ = true; | |
| 335 } | |
| 336 | |
| 332 base::DictionaryValue* OncNetworkParser::Decrypt( | 337 base::DictionaryValue* OncNetworkParser::Decrypt( |
| 333 const std::string& passphrase, | 338 const std::string& passphrase, |
| 334 base::DictionaryValue* root) { | 339 base::DictionaryValue* root) { |
| 335 const int kKeySizeInBits = 256; | 340 const int kKeySizeInBits = 256; |
| 336 const int kMaxIterationCount = 500000; | 341 const int kMaxIterationCount = 500000; |
| 337 std::string onc_type; | 342 std::string onc_type; |
| 338 std::string initial_vector; | 343 std::string initial_vector; |
| 339 std::string salt; | 344 std::string salt; |
| 340 std::string cipher; | 345 std::string cipher; |
| 341 std::string stretch_method; | 346 std::string stretch_method; |
| (...skipping 501 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 843 LOG(WARNING) << "ONC File: certificate contains unknown " | 848 LOG(WARNING) << "ONC File: certificate contains unknown " |
| 844 << "trust type: " << trust_type | 849 << "trust type: " << trust_type |
| 845 << " at index " << cert_index; | 850 << " at index " << cert_index; |
| 846 parse_error_ = l10n_util::GetStringUTF8( | 851 parse_error_ = l10n_util::GetStringUTF8( |
| 847 IDS_NETWORK_CONFIG_ERROR_CERT_TRUST_UNKNOWN); | 852 IDS_NETWORK_CONFIG_ERROR_CERT_TRUST_UNKNOWN); |
| 848 return NULL; | 853 return NULL; |
| 849 } | 854 } |
| 850 } | 855 } |
| 851 } | 856 } |
| 852 | 857 |
| 858 if (web_trust && | |
| 859 (onc_source_ == NetworkUIData::ONC_SOURCE_DEVICE_POLICY || | |
| 860 onc_source_ == NetworkUIData::ONC_SOURCE_USER_POLICY) && | |
| 861 !allow_web_trust_from_policy_) { | |
| 862 LOG(WARNING) << "Web trust not granted"; | |
| 863 parse_error_ = l10n_util::GetStringUTF8( | |
| 864 IDS_NETWORK_CONFIG_ERROR_WEB_TRUST_NOT_ALLOWED); | |
| 865 return NULL; | |
|
Mattias Nissler (ping if slow)
2012/08/28 11:57:56
I don't think this is a good idea, as it'll abort
Joao da Silva
2012/09/03 15:24:32
You're right, thanks! This is now dropping the web
| |
| 866 } | |
| 867 | |
| 853 std::string x509_data; | 868 std::string x509_data; |
| 854 if (!certificate->GetString("X509", &x509_data) || x509_data.empty()) { | 869 if (!certificate->GetString("X509", &x509_data) || x509_data.empty()) { |
| 855 LOG(WARNING) << "ONC File: certificate missing appropriate " | 870 LOG(WARNING) << "ONC File: certificate missing appropriate " |
| 856 << "certificate data for type: " << cert_type | 871 << "certificate data for type: " << cert_type |
| 857 << " at index " << cert_index; | 872 << " at index " << cert_index; |
| 858 parse_error_ = l10n_util::GetStringUTF8( | 873 parse_error_ = l10n_util::GetStringUTF8( |
| 859 IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MISSING); | 874 IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MISSING); |
| 860 return NULL; | 875 return NULL; |
| 861 } | 876 } |
| 862 | 877 |
| (...skipping 1148 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2011 // on the value of AuthenticationType. | 2026 // on the value of AuthenticationType. |
| 2012 { "L2TP-IPsec", PROVIDER_TYPE_L2TP_IPSEC_PSK }, | 2027 { "L2TP-IPsec", PROVIDER_TYPE_L2TP_IPSEC_PSK }, |
| 2013 { "OpenVPN", PROVIDER_TYPE_OPEN_VPN }, | 2028 { "OpenVPN", PROVIDER_TYPE_OPEN_VPN }, |
| 2014 }; | 2029 }; |
| 2015 CR_DEFINE_STATIC_LOCAL(EnumMapper<ProviderType>, parser, | 2030 CR_DEFINE_STATIC_LOCAL(EnumMapper<ProviderType>, parser, |
| 2016 (table, arraysize(table), PROVIDER_TYPE_MAX)); | 2031 (table, arraysize(table), PROVIDER_TYPE_MAX)); |
| 2017 return parser.Get(type); | 2032 return parser.Get(type); |
| 2018 } | 2033 } |
| 2019 | 2034 |
| 2020 } // namespace chromeos | 2035 } // namespace chromeos |
| OLD | NEW |