Chromium Code Reviews Chromium Code Reviews
Issue 11299236:
This moves the ONC parsing code into chromeos/network/onc (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chromeos/network/onc/onc_certificate_importer.cc |
| diff --git a/chrome/browser/chromeos/network_settings/onc_certificate_importer.cc b/chromeos/network/onc/onc_certificate_importer.cc |
| similarity index 71% |
| rename from chrome/browser/chromeos/network_settings/onc_certificate_importer.cc |
| rename to chromeos/network/onc/onc_certificate_importer.cc |
| index 4c5f1986e1b0c68ebef8b657700c352dc73dd024..415de5ad9a4180bffdee8218529309e06f96c368 100644 |
| --- a/chrome/browser/chromeos/network_settings/onc_certificate_importer.cc |
| +++ b/chromeos/network/onc/onc_certificate_importer.cc |
| @@ -2,7 +2,7 @@ |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| -#include "chrome/browser/chromeos/network_settings/onc_certificate_importer.h" |
| +#include "chromeos/network/onc/onc_certificate_importer.h" |
| #include <cert.h> |
| #include <keyhi.h> |
| @@ -10,14 +10,14 @@ |
| #include "base/base64.h" |
| #include "base/logging.h" |
| -#include "chrome/browser/chromeos/cros/onc_constants.h" |
| -#include "grit/generated_resources.h" |
| +#include "base/values.h" |
| +#include "chromeos/network/network_event_log.h" |
| +#include "chromeos/network/onc/onc_constants.h" |
| #include "net/base/crypto_module.h" |
| #include "net/base/net_errors.h" |
| #include "net/base/nss_cert_database.h" |
| #include "net/base/pem_tokenizer.h" |
| #include "net/base/x509_certificate.h" |
| -#include "ui/base/l10n/l10n_util.h" |
| namespace { |
| @@ -32,57 +32,48 @@ namespace chromeos { |
| namespace onc { |
| CertificateImporter::CertificateImporter( |
| - NetworkUIData::ONCSource onc_source, |
| + ONCSource onc_source, |
| bool allow_web_trust_from_policy) |
| : onc_source_(onc_source), |
| allow_web_trust_from_policy_(allow_web_trust_from_policy) { |
| } |
| -bool CertificateImporter::ParseAndStoreCertificates( |
| - const base::ListValue& certificates, std::string* error) { |
| - error_.clear(); |
| +CertificateImporter::ParseResult CertificateImporter::ParseAndStoreCertificates( |
| + const base::ListValue& certificates) { |
| for (size_t i = 0; i < certificates.GetSize(); ++i) { |
| const base::DictionaryValue* certificate = NULL; |
| if (!certificates.GetDictionary(i, &certificate)) { |
| - if (error) { |
| - *error = l10n_util::GetStringUTF8( |
| - IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MALFORMED); |
| - } |
| - return false; |
| + NET_LOG_ERROR("Certificate data malformed"); |
| + return i > 0 ? IMPORT_INCOMPLETE : IMPORT_FAILED; |
| } |
| if (VLOG_IS_ON(2)) |
| VLOG(2) << "Parsing certificate at index " << i << ": " << *certificate; |
| - if (ParseAndStoreCertificate(*certificate)) { |
| - VLOG(2) << "Successfully imported certificate at index " << i; |
| - continue; |
| + if (!ParseAndStoreCertificate(*certificate)) { |
| + NET_LOG_ERROR( |
| + base::StringPrintf("Cannot parse certificate at index %zu", i)); |
| + return i > 0 ? IMPORT_INCOMPLETE : IMPORT_FAILED; |
| } |
| - LOG(WARNING) << "Cannot parse certificate at index " << i << ": " << error_; |
| - if (error) |
| - *error = error_; |
| - return false; |
| + VLOG(2) << "Successfully imported certificate at index " << i; |
| } |
| - return true; |
| + return IMPORT_OK; |
| } |
| bool CertificateImporter::ParseAndStoreCertificate( |
| const base::DictionaryValue& certificate) { |
| - |
| // Get out the attributes of the given certificate. |
| std::string guid; |
| if (!certificate.GetString(kGUID, &guid) || guid.empty()) { |
| - LOG(WARNING) << "Certificate missing GUID identifier"; |
| - error_ = l10n_util::GetStringUTF8( |
| - IDS_NETWORK_CONFIG_ERROR_CERT_GUID_MISSING); |
| + NET_LOG_ERROR("Certificate missing GUID identifier"); |
| return false; |
| } |
| bool remove = false; |
| if (certificate.GetBoolean(kRemove, &remove) && remove) { |
| if (!DeleteCertAndKeyByNickname(guid)) { |
| - error_ = l10n_util::GetStringUTF8(IDS_NETWORK_CONFIG_ERROR_CERT_DELETE); |
| + NET_LOG_WARNING("Unable to delete certificate"); |
|
pneubeck (no reviews)
2012/12/10 09:33:10
to match the "return false", this should perhaps b
|
| return false; |
| } else { |
| return true; |
| @@ -98,8 +89,7 @@ bool CertificateImporter::ParseAndStoreCertificate( |
| if (cert_type == certificate::kClient) |
| return ParseClientCertificate(guid, certificate); |
| - LOG(WARNING) << "ONC File: certificate of unknown type: " << cert_type; |
| - error_ = l10n_util::GetStringUTF8(IDS_NETWORK_CONFIG_ERROR_CERT_TYPE_MISSING); |
| + NET_LOG_ERROR("Certificate of unknown type: " + cert_type); |
| return false; |
| } |
| @@ -166,9 +156,9 @@ bool CertificateImporter::ParseServerOrCaCertificate( |
| const std::string& guid, |
| const base::DictionaryValue& certificate) { |
| // Device policy can't import certificates. |
| - if (onc_source_ == NetworkUIData::ONC_SOURCE_DEVICE_POLICY) { |
| - LOG(WARNING) << "Refusing to import certificate from device policy"; |
| - // This isn't a parsing error, so just return NULL here. |
| + if (onc_source_ == ONC_SOURCE_DEVICE_POLICY) { |
| + // This isn't a parsing error. |
| + NET_LOG_WARNING("Refusing to import certificate from device policy."); |
| return true; |
| } |
| @@ -178,9 +168,7 @@ bool CertificateImporter::ParseServerOrCaCertificate( |
| for (size_t i = 0; i < trust_list->GetSize(); ++i) { |
| std::string trust_type; |
| if (!trust_list->GetString(i, &trust_type)) { |
| - LOG(WARNING) << "ONC File: certificate trust is invalid"; |
| - error_ = l10n_util::GetStringUTF8( |
| - IDS_NETWORK_CONFIG_ERROR_CERT_TRUST_INVALID); |
| + NET_LOG_ERROR("Certificate trust is invalid"); |
| return false; |
| } |
| if (trust_type == certificate::kWeb) { |
| @@ -188,10 +176,7 @@ bool CertificateImporter::ParseServerOrCaCertificate( |
| // identification. |
| web_trust = true; |
| } else { |
| - LOG(WARNING) << "ONC File: certificate contains unknown " |
| - << "trust type: " << trust_type; |
| - error_ = l10n_util::GetStringUTF8( |
| - IDS_NETWORK_CONFIG_ERROR_CERT_TRUST_UNKNOWN); |
| + NET_LOG_ERROR("Certificate contains unknown trust type " + trust_type); |
| return false; |
| } |
| } |
| @@ -199,7 +184,7 @@ bool CertificateImporter::ParseServerOrCaCertificate( |
| // Web trust is only granted to certificates imported for a managed user |
| // on a managed device. |
| - if (onc_source_ == NetworkUIData::ONC_SOURCE_USER_POLICY && |
| + if (onc_source_ == ONC_SOURCE_USER_POLICY && |
| web_trust && !allow_web_trust_from_policy_) { |
| LOG(WARNING) << "Web trust not granted for certificate: " << guid; |
|
pneubeck (no reviews)
2012/12/10 09:33:10
NET_LOG_
|
| web_trust = false; |
| @@ -208,10 +193,9 @@ bool CertificateImporter::ParseServerOrCaCertificate( |
| std::string x509_data; |
| if (!certificate.GetString(certificate::kX509, &x509_data) || |
| x509_data.empty()) { |
| - LOG(WARNING) << "ONC File: certificate missing appropriate " |
| - << "certificate data for type: " << cert_type; |
| - error_ = l10n_util::GetStringUTF8( |
| - IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MISSING); |
| + NET_LOG_ERROR( |
| + "Certificate missing appropriate certificate data for type: " + |
| + cert_type); |
| return false; |
| } |
| @@ -229,10 +213,7 @@ bool CertificateImporter::ParseServerOrCaCertificate( |
| // strings. For this to work, there has to be no white space, and it has to |
| // only contain the base64-encoded data. |
| if (!base::Base64Decode(x509_data, &decoded_x509)) { |
| - LOG(WARNING) << "Unable to base64 decode X509 data: \"" |
| - << x509_data << "\"."; |
| - error_ = l10n_util::GetStringUTF8( |
| - IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MALFORMED); |
| + NET_LOG_ERROR("Unable to base64 decode X509 data: " + x509_data); |
| return false; |
| } |
| } else { |
| @@ -245,9 +226,7 @@ bool CertificateImporter::ParseServerOrCaCertificate( |
| decoded_x509.size(), |
| guid.c_str()); |
| if (!x509_cert.get()) { |
| - LOG(WARNING) << "Unable to create X509 certificate from bytes."; |
| - error_ = l10n_util::GetStringUTF8( |
| - IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MALFORMED); |
| + NET_LOG_ERROR("Unable to create X509 certificate from bytes."); |
| return false; |
| } |
| @@ -273,7 +252,7 @@ bool CertificateImporter::ParseServerOrCaCertificate( |
| net::NSSCertDatabase* cert_database = net::NSSCertDatabase::GetInstance(); |
| if (x509_cert->os_cert_handle()->isperm) { |
| if (!cert_database->DeleteCertAndKey(x509_cert.get())) { |
| - error_ = l10n_util::GetStringUTF8(IDS_NETWORK_CONFIG_ERROR_CERT_DELETE); |
| + NET_LOG_ERROR("Unable to delete X509 certificate."); |
| return false; |
| } |
| @@ -284,9 +263,7 @@ bool CertificateImporter::ParseServerOrCaCertificate( |
| decoded_x509.size(), |
| guid.c_str()); |
| if (!x509_cert.get()) { |
| - LOG(WARNING) << "Unable to create X509 certificate from bytes."; |
| - error_ = l10n_util::GetStringUTF8( |
| - IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MALFORMED); |
| + NET_LOG_ERROR("Unable to create X509 certificate from bytes."); |
| return false; |
| } |
| DCHECK(!x509_cert->os_cert_handle()->isperm); |
| @@ -298,9 +275,7 @@ bool CertificateImporter::ParseServerOrCaCertificate( |
| net::CertificateList certs; |
| ListCertsWithNickname(guid, &certs); |
| if (!certs.empty()) { |
| - LOG(WARNING) << "Cert GUID is already in use: " << guid; |
| - error_ = l10n_util::GetStringUTF8( |
| - IDS_NETWORK_CONFIG_ERROR_CERT_GUID_COLLISION); |
| + NET_LOG_ERROR("Certificate GUID is already in use: " + guid); |
| return false; |
| } |
| @@ -317,16 +292,12 @@ bool CertificateImporter::ParseServerOrCaCertificate( |
| success = cert_database->ImportCACerts(cert_list, trust, &failures); |
| if (!failures.empty()) { |
| - LOG(WARNING) << "ONC File: Error (" |
| - << net::ErrorToString(failures[0].net_error) |
| - << ") importing " << cert_type << " certificate"; |
| - error_ = l10n_util::GetStringUTF8(IDS_NETWORK_CONFIG_ERROR_CERT_IMPORT); |
| + NET_LOG_ERROR("Error (" + net::ErrorToString(failures[0].net_error) + |
| + ") importing " + cert_type + " certificate"); |
| return false; |
| } |
| if (!success) { |
| - LOG(WARNING) << "ONC File: Unknown error importing " << cert_type |
| - << " certificate"; |
| - error_ = l10n_util::GetStringUTF8(IDS_NETWORK_CONFIG_ERROR_UNKNOWN); |
| + NET_LOG_ERROR("Unknown error importing " + cert_type + " certificate."); |
| return false; |
| } |
| @@ -339,19 +310,14 @@ bool CertificateImporter::ParseClientCertificate( |
| std::string pkcs12_data; |
| if (!certificate.GetString(certificate::kPKCS12, &pkcs12_data) || |
| pkcs12_data.empty()) { |
| - LOG(WARNING) << "ONC File: PKCS12 data is missing for Client " |
| - << "certificate"; |
| - error_ = l10n_util::GetStringUTF8( |
| - IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MISSING); |
| + NET_LOG_ERROR("PKCS12 data is missing for client certificate."); |
| return false; |
| } |
| std::string decoded_pkcs12; |
| if (!base::Base64Decode(pkcs12_data, &decoded_pkcs12)) { |
| - LOG(WARNING) << "Unable to base64 decode PKCS#12 data: \"" |
| - << pkcs12_data << "\"."; |
| - error_ = l10n_util::GetStringUTF8( |
| - IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MALFORMED); |
| + NET_LOG_ERROR( |
| + "Unable to base64 decode PKCS#12 data: \"" + pkcs12_data + "\"."); |
| return false; |
| } |
| @@ -360,23 +326,22 @@ bool CertificateImporter::ParseClientCertificate( |
| scoped_refptr<net::CryptoModule> module(cert_database->GetPrivateModule()); |
| net::CertificateList imported_certs; |
| - int result = cert_database->ImportFromPKCS12( |
| + int import_result = cert_database->ImportFromPKCS12( |
| module.get(), decoded_pkcs12, string16(), false, &imported_certs); |
| - if (result != net::OK) { |
| - LOG(WARNING) << "ONC File: Unable to import Client certificate" |
| - << " (error " << net::ErrorToString(result) << ")."; |
| - error_ = l10n_util::GetStringUTF8(IDS_NETWORK_CONFIG_ERROR_CERT_IMPORT); |
| + if (import_result != net::OK) { |
| + NET_LOG_ERROR("Unable to import client certificate (error " + |
| + net::ErrorToString(import_result) + ")."); |
| return false; |
| } |
| if (imported_certs.size() == 0) { |
| - LOG(WARNING) << "ONC File: PKCS12 data contains no importable certificates"; |
| + NET_LOG_WARNING("PKCS12 data contains no importable certificates."); |
| return true; |
| } |
| if (imported_certs.size() != 1) { |
| - LOG(WARNING) << "ONC File: PKCS12 data contains more than one certificate." |
| - << "Only the first one will be imported."; |
| + NET_LOG_WARNING("ONC File: PKCS12 data contains more than one certificate. " |
| + "Only the first one will be imported."); |
| } |
| scoped_refptr<net::X509Certificate> cert_result = imported_certs[0]; |
| @@ -391,7 +356,7 @@ bool CertificateImporter::ParseClientCertificate( |
| PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str())); |
| SECKEY_DestroyPrivateKey(private_key); |
| } else { |
| - LOG(WARNING) << "ONC File: Unable to find private key for cert"; |
| + NET_LOG_WARNING("Unable to find private key for certificate."); |
| } |
| return true; |
| } |
