Chromium Code Reviews Chromium Code Reviews
Issue 9940001:
Fix imported server certs being distrusted in NSS 3.13. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/cros/onc_network_parser.h" | 5 #include "chrome/browser/chromeos/cros/onc_network_parser.h" |
| 6 | 6 |
| 7 #include <keyhi.h> | 7 #include <keyhi.h> |
| 8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
| 9 | 9 |
| 10 #include "base/base64.h" | 10 #include "base/base64.h" |
| (...skipping 810 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 821 if (certificate->GetList("Trust", &trust_list)) { | 821 if (certificate->GetList("Trust", &trust_list)) { |
| 822 for (size_t i = 0; i < trust_list->GetSize(); ++i) { | 822 for (size_t i = 0; i < trust_list->GetSize(); ++i) { |
| 823 std::string trust_type; | 823 std::string trust_type; |
| 824 if (!trust_list->GetString(i, &trust_type)) { | 824 if (!trust_list->GetString(i, &trust_type)) { |
| 825 LOG(WARNING) << "ONC File: certificate trust is invalid at index " | 825 LOG(WARNING) << "ONC File: certificate trust is invalid at index " |
| 826 << cert_index; | 826 << cert_index; |
| 827 parse_error_ = l10n_util::GetStringUTF8( | 827 parse_error_ = l10n_util::GetStringUTF8( |
| 828 IDS_NETWORK_CONFIG_ERROR_CERT_TRUST_INVALID); | 828 IDS_NETWORK_CONFIG_ERROR_CERT_TRUST_INVALID); |
| 829 return NULL; | 829 return NULL; |
| 830 } | 830 } |
| 831 if (trust_type == "Web") { | 831 if (trust_type == "Web") { |
|
wtc
2012/05/22 00:28:39
It may be a good idea to copy what "Web" trust mea
mattm
2012/05/26 03:41:35
Done.
| |
| 832 web_trust = true; | 832 web_trust = true; |
| 833 } else { | 833 } else { |
| 834 LOG(WARNING) << "ONC File: certificate contains unknown " | 834 LOG(WARNING) << "ONC File: certificate contains unknown " |
| 835 << "trust type: " << trust_type | 835 << "trust type: " << trust_type |
| 836 << " at index " << cert_index; | 836 << " at index " << cert_index; |
| 837 parse_error_ = l10n_util::GetStringUTF8( | 837 parse_error_ = l10n_util::GetStringUTF8( |
| 838 IDS_NETWORK_CONFIG_ERROR_CERT_TRUST_UNKNOWN); | 838 IDS_NETWORK_CONFIG_ERROR_CERT_TRUST_UNKNOWN); |
| 839 return NULL; | 839 return NULL; |
| 840 } | 840 } |
| 841 } | 841 } |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 922 LOG(WARNING) << "Cert GUID is already in use: " << guid; | 922 LOG(WARNING) << "Cert GUID is already in use: " << guid; |
| 923 parse_error_ = l10n_util::GetStringUTF8( | 923 parse_error_ = l10n_util::GetStringUTF8( |
| 924 IDS_NETWORK_CONFIG_ERROR_CERT_GUID_COLLISION); | 924 IDS_NETWORK_CONFIG_ERROR_CERT_GUID_COLLISION); |
| 925 return NULL; | 925 return NULL; |
| 926 } | 926 } |
| 927 | 927 |
| 928 net::CertificateList cert_list; | 928 net::CertificateList cert_list; |
| 929 cert_list.push_back(x509_cert); | 929 cert_list.push_back(x509_cert); |
| 930 net::CertDatabase::ImportCertFailureList failures; | 930 net::CertDatabase::ImportCertFailureList failures; |
| 931 bool success = false; | 931 bool success = false; |
| 932 net::CertDatabase::TrustBits trust = web_trust ? | |
| 933 net::CertDatabase::TRUSTED_SSL : | |
| 934 net::CertDatabase::TRUST_DEFAULT; | |
| 932 if (cert_type == "Server") { | 935 if (cert_type == "Server") { |
| 933 success = cert_database.ImportServerCert(cert_list, &failures); | 936 success = cert_database.ImportServerCert(cert_list, trust, &failures); |
| 934 } else { // Authority cert | 937 } else { // Authority cert |
| 935 net::CertDatabase::TrustBits trust = web_trust ? | |
| 936 net::CertDatabase::TRUSTED_SSL : | |
| 937 net::CertDatabase::UNTRUSTED; | |
| 938 success = cert_database.ImportCACerts(cert_list, trust, &failures); | 938 success = cert_database.ImportCACerts(cert_list, trust, &failures); |
| 939 } | 939 } |
| 940 if (!failures.empty()) { | 940 if (!failures.empty()) { |
| 941 LOG(WARNING) << "ONC File: Error (" | 941 LOG(WARNING) << "ONC File: Error (" |
| 942 << net::ErrorToString(failures[0].net_error) | 942 << net::ErrorToString(failures[0].net_error) |
| 943 << ") importing " << cert_type << " certificate at index " | 943 << ") importing " << cert_type << " certificate at index " |
| 944 << cert_index; | 944 << cert_index; |
| 945 parse_error_ = l10n_util::GetStringUTF8( | 945 parse_error_ = l10n_util::GetStringUTF8( |
| 946 IDS_NETWORK_CONFIG_ERROR_CERT_IMPORT); | 946 IDS_NETWORK_CONFIG_ERROR_CERT_IMPORT); |
| 947 return NULL; | 947 return NULL; |
| (...skipping 1039 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1987 // on the value of AuthenticationType. | 1987 // on the value of AuthenticationType. |
| 1988 { "L2TP-IPsec", PROVIDER_TYPE_L2TP_IPSEC_PSK }, | 1988 { "L2TP-IPsec", PROVIDER_TYPE_L2TP_IPSEC_PSK }, |
| 1989 { "OpenVPN", PROVIDER_TYPE_OPEN_VPN }, | 1989 { "OpenVPN", PROVIDER_TYPE_OPEN_VPN }, |
| 1990 }; | 1990 }; |
| 1991 CR_DEFINE_STATIC_LOCAL(EnumMapper<ProviderType>, parser, | 1991 CR_DEFINE_STATIC_LOCAL(EnumMapper<ProviderType>, parser, |
| 1992 (table, arraysize(table), PROVIDER_TYPE_MAX)); | 1992 (table, arraysize(table), PROVIDER_TYPE_MAX)); |
| 1993 return parser.Get(type); | 1993 return parser.Get(type); |
| 1994 } | 1994 } |
| 1995 | 1995 |
| 1996 } // namespace chromeos | 1996 } // namespace chromeos |
| OLD | NEW |
