Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(6712)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chromeos/network/onc/onc_certificate_importer.cc

Issue 11299236: This moves the ONC parsing code into chromeos/network/onc (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Remove translated strings Created 8 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chromeos/network/onc/onc_certificate_importer.h ('K') | « chromeos/network/onc/onc_certificate_importer.h ('k') | chromeos/network/onc/onc_certificate_importer_unittest.cc » ('j') | chromeos/network/onc/onc_utils.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chromeos/network/onc/onc_certificate_importer.cc
diff --git a/chrome/browser/chromeos/network_settings/onc_certificate_importer.cc b/chromeos/network/onc/onc_certificate_importer.cc
similarity index 82%
rename from chrome/browser/chromeos/network_settings/onc_certificate_importer.cc
rename to chromeos/network/onc/onc_certificate_importer.cc
index 4c5f1986e1b0c68ebef8b657700c352dc73dd024..a48ca79e7f15a937a33efd7185dd249c37201397 100644
--- a/chrome/browser/chromeos/network_settings/onc_certificate_importer.cc
+++ b/chromeos/network/onc/onc_certificate_importer.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "chrome/browser/chromeos/network_settings/onc_certificate_importer.h"
+#include "chromeos/network/onc/onc_certificate_importer.h"
#include <cert.h>
#include <keyhi.h>
@@ -10,14 +10,13 @@
#include "base/base64.h"
#include "base/logging.h"
-#include "chrome/browser/chromeos/cros/onc_constants.h"
-#include "grit/generated_resources.h"
+#include "base/values.h"
+#include "chromeos/network/onc/onc_constants.h"
#include "net/base/crypto_module.h"
#include "net/base/net_errors.h"
#include "net/base/nss_cert_database.h"
#include "net/base/pem_tokenizer.h"
#include "net/base/x509_certificate.h"
-#include "ui/base/l10n/l10n_util.h"
namespace {
@@ -31,58 +30,67 @@ const char kX509CertificateHeader[] = "X509 CERTIFICATE";
namespace chromeos {
namespace onc {
+const char kErrorCertDataMalformed[] = "Certificate data malformed";
+const char kErrorCertDataMissing[] = "Certificate data missing";
+const char kErrorCertDelete[] = "Certificate delete";
+const char kErrorCertGuidCollision[] = "Certificate GUID collision";
+const char kErrorCertGuidMissing[] = "Certificate GUID missing";
+const char kErrorCertImport[] = "Certificate import error";
+const char kErrorCertTrustInvalid[] = "Certificate trust invalid";
+const char kErrorCertTrustUnknown[] = "Certificate trust unknown";
+const char kErrorCertTypeMissing[] = "Certificate type missing";
+const char kErrorUnknown[] = "Unknown error";
+
CertificateImporter::CertificateImporter(
- NetworkUIData::ONCSource onc_source,
+ ONCSource onc_source,
bool allow_web_trust_from_policy)
: onc_source_(onc_source),
allow_web_trust_from_policy_(allow_web_trust_from_policy) {
}
bool CertificateImporter::ParseAndStoreCertificates(
- const base::ListValue& certificates, std::string* error) {
- error_.clear();
+ const base::ListValue& certificates,
+ std::string* result) {
for (size_t i = 0; i < certificates.GetSize(); ++i) {
const base::DictionaryValue* certificate = NULL;
if (!certificates.GetDictionary(i, &certificate)) {
- if (error) {
- *error = l10n_util::GetStringUTF8(
- IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MALFORMED);
- }
+ if (result)
+ *result = kErrorCertDataMalformed;
return false;
}
if (VLOG_IS_ON(2))
VLOG(2) << "Parsing certificate at index " << i << ": " << *certificate;
- if (ParseAndStoreCertificate(*certificate)) {
+ if (ParseAndStoreCertificate(*certificate, result)) {
VLOG(2) << "Successfully imported certificate at index " << i;
continue;
}
- LOG(WARNING) << "Cannot parse certificate at index " << i << ": " << error_;
- if (error)
- *error = error_;
+ LOG(WARNING) << "Cannot parse certificate at index " << i << ": "
+ << *result;
return false;
}
return true;
}
bool CertificateImporter::ParseAndStoreCertificate(
- const base::DictionaryValue& certificate) {
-
+ const base::DictionaryValue& certificate,
+ std::string* result) {
// Get out the attributes of the given certificate.
std::string guid;
if (!certificate.GetString(kGUID, &guid) || guid.empty()) {
LOG(WARNING) << "Certificate missing GUID identifier";
- error_ = l10n_util::GetStringUTF8(
- IDS_NETWORK_CONFIG_ERROR_CERT_GUID_MISSING);
+ if (result)
+ *result = kErrorCertGuidMissing;
return false;
}
bool remove = false;
if (certificate.GetBoolean(kRemove, &remove) && remove) {
if (!DeleteCertAndKeyByNickname(guid)) {
- error_ = l10n_util::GetStringUTF8(IDS_NETWORK_CONFIG_ERROR_CERT_DELETE);
+ if (result)
+ *result = kErrorCertDelete;
return false;
} else {
return true;
@@ -93,13 +101,14 @@ bool CertificateImporter::ParseAndStoreCertificate(
std::string cert_type;
certificate.GetString(certificate::kType, &cert_type);
if (cert_type == certificate::kServer || cert_type == certificate::kAuthority)
- return ParseServerOrCaCertificate(cert_type, guid, certificate);
+ return ParseServerOrCaCertificate(cert_type, guid, certificate, result);
if (cert_type == certificate::kClient)
- return ParseClientCertificate(guid, certificate);
+ return ParseClientCertificate(guid, certificate, result);
LOG(WARNING) << "ONC File: certificate of unknown type: " << cert_type;
- error_ = l10n_util::GetStringUTF8(IDS_NETWORK_CONFIG_ERROR_CERT_TYPE_MISSING);
+ if (result)
+ *result = kErrorCertTypeMissing;
return false;
}
@@ -162,13 +171,14 @@ bool CertificateImporter::DeleteCertAndKeyByNickname(const std::string& label) {
}
bool CertificateImporter::ParseServerOrCaCertificate(
- const std::string& cert_type,
- const std::string& guid,
- const base::DictionaryValue& certificate) {
+ const std::string& cert_type,
+ const std::string& guid,
+ const base::DictionaryValue& certificate,
+ std::string* result) {
// Device policy can't import certificates.
- if (onc_source_ == NetworkUIData::ONC_SOURCE_DEVICE_POLICY) {
+ if (onc_source_ == ONC_SOURCE_DEVICE_POLICY) {
LOG(WARNING) << "Refusing to import certificate from device policy";
- // This isn't a parsing error, so just return NULL here.
+ // This isn't a parsing error.
return true;
}
@@ -179,8 +189,8 @@ bool CertificateImporter::ParseServerOrCaCertificate(
std::string trust_type;
if (!trust_list->GetString(i, &trust_type)) {
LOG(WARNING) << "ONC File: certificate trust is invalid";
- error_ = l10n_util::GetStringUTF8(
- IDS_NETWORK_CONFIG_ERROR_CERT_TRUST_INVALID);
+ if (result)
+ *result = kErrorCertTrustInvalid;
return false;
}
if (trust_type == certificate::kWeb) {
@@ -190,8 +200,8 @@ bool CertificateImporter::ParseServerOrCaCertificate(
} else {
LOG(WARNING) << "ONC File: certificate contains unknown "
<< "trust type: " << trust_type;
- error_ = l10n_util::GetStringUTF8(
- IDS_NETWORK_CONFIG_ERROR_CERT_TRUST_UNKNOWN);
+ if (result)
+ *result = kErrorCertTrustUnknown;
return false;
}
}
@@ -199,7 +209,7 @@ bool CertificateImporter::ParseServerOrCaCertificate(
// Web trust is only granted to certificates imported for a managed user
// on a managed device.
- if (onc_source_ == NetworkUIData::ONC_SOURCE_USER_POLICY &&
+ if (onc_source_ == ONC_SOURCE_USER_POLICY &&
web_trust && !allow_web_trust_from_policy_) {
LOG(WARNING) << "Web trust not granted for certificate: " << guid;
web_trust = false;
@@ -210,8 +220,8 @@ bool CertificateImporter::ParseServerOrCaCertificate(
x509_data.empty()) {
LOG(WARNING) << "ONC File: certificate missing appropriate "
<< "certificate data for type: " << cert_type;
- error_ = l10n_util::GetStringUTF8(
- IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MISSING);
+ if (result)
+ *result = kErrorCertDataMissing;
return false;
}
@@ -231,8 +241,8 @@ bool CertificateImporter::ParseServerOrCaCertificate(
if (!base::Base64Decode(x509_data, &decoded_x509)) {
LOG(WARNING) << "Unable to base64 decode X509 data: \""
<< x509_data << "\".";
- error_ = l10n_util::GetStringUTF8(
- IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MALFORMED);
+ if (result)
+ *result = kErrorCertDataMalformed;
return false;
}
} else {
@@ -246,8 +256,8 @@ bool CertificateImporter::ParseServerOrCaCertificate(
guid.c_str());
if (!x509_cert.get()) {
LOG(WARNING) << "Unable to create X509 certificate from bytes.";
- error_ = l10n_util::GetStringUTF8(
- IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MALFORMED);
+ if (result)
+ *result = kErrorCertDataMalformed;
return false;
}
@@ -273,7 +283,9 @@ bool CertificateImporter::ParseServerOrCaCertificate(
net::NSSCertDatabase* cert_database = net::NSSCertDatabase::GetInstance();
if (x509_cert->os_cert_handle()->isperm) {
if (!cert_database->DeleteCertAndKey(x509_cert.get())) {
- error_ = l10n_util::GetStringUTF8(IDS_NETWORK_CONFIG_ERROR_CERT_DELETE);
+ LOG(WARNING) << "Unable to delete X509 certificate.";
+ if (result)
+ *result = kErrorCertDelete;
return false;
}
@@ -285,8 +297,8 @@ bool CertificateImporter::ParseServerOrCaCertificate(
guid.c_str());
if (!x509_cert.get()) {
LOG(WARNING) << "Unable to create X509 certificate from bytes.";
- error_ = l10n_util::GetStringUTF8(
- IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MALFORMED);
+ if (result)
+ *result = kErrorCertDataMalformed;
return false;
}
DCHECK(!x509_cert->os_cert_handle()->isperm);
@@ -299,8 +311,8 @@ bool CertificateImporter::ParseServerOrCaCertificate(
ListCertsWithNickname(guid, &certs);
if (!certs.empty()) {
LOG(WARNING) << "Cert GUID is already in use: " << guid;
- error_ = l10n_util::GetStringUTF8(
- IDS_NETWORK_CONFIG_ERROR_CERT_GUID_COLLISION);
+ if (result)
+ *result = kErrorCertGuidCollision;
return false;
}
@@ -320,13 +332,15 @@ bool CertificateImporter::ParseServerOrCaCertificate(
LOG(WARNING) << "ONC File: Error ("
<< net::ErrorToString(failures[0].net_error)
<< ") importing " << cert_type << " certificate";
- error_ = l10n_util::GetStringUTF8(IDS_NETWORK_CONFIG_ERROR_CERT_IMPORT);
+ if (result)
+ *result = kErrorCertImport;
return false;
}
if (!success) {
LOG(WARNING) << "ONC File: Unknown error importing " << cert_type
<< " certificate";
- error_ = l10n_util::GetStringUTF8(IDS_NETWORK_CONFIG_ERROR_UNKNOWN);
+ if (result)
+ *result = kErrorUnknown;
return false;
}
@@ -335,14 +349,15 @@ bool CertificateImporter::ParseServerOrCaCertificate(
bool CertificateImporter::ParseClientCertificate(
const std::string& guid,
- const base::DictionaryValue& certificate) {
+ const base::DictionaryValue& certificate,
+ std::string* result) {
std::string pkcs12_data;
if (!certificate.GetString(certificate::kPKCS12, &pkcs12_data) ||
pkcs12_data.empty()) {
LOG(WARNING) << "ONC File: PKCS12 data is missing for Client "
<< "certificate";
- error_ = l10n_util::GetStringUTF8(
- IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MISSING);
+ if (result)
+ *result = kErrorCertDataMissing;
return false;
}
@@ -350,8 +365,8 @@ bool CertificateImporter::ParseClientCertificate(
if (!base::Base64Decode(pkcs12_data, &decoded_pkcs12)) {
LOG(WARNING) << "Unable to base64 decode PKCS#12 data: \""
<< pkcs12_data << "\".";
- error_ = l10n_util::GetStringUTF8(
- IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MALFORMED);
+ if (result)
+ *result = kErrorCertDataMalformed;
return false;
}
@@ -360,12 +375,13 @@ bool CertificateImporter::ParseClientCertificate(
scoped_refptr<net::CryptoModule> module(cert_database->GetPrivateModule());
net::CertificateList imported_certs;
- int result = cert_database->ImportFromPKCS12(
+ int import_result = cert_database->ImportFromPKCS12(
module.get(), decoded_pkcs12, string16(), false, &imported_certs);
- if (result != net::OK) {
+ if (import_result != net::OK) {
LOG(WARNING) << "ONC File: Unable to import Client certificate"
- << " (error " << net::ErrorToString(result) << ").";
- error_ = l10n_util::GetStringUTF8(IDS_NETWORK_CONFIG_ERROR_CERT_IMPORT);
+ << " (error " << net::ErrorToString(import_result) << ").";
+ if (result)
+ *result = kErrorCertImport;
return false;
}
« chromeos/network/onc/onc_certificate_importer.h ('K') | « chromeos/network/onc/onc_certificate_importer.h ('k') | chromeos/network/onc/onc_certificate_importer_unittest.cc » ('j') | chromeos/network/onc/onc_utils.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698