Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4947)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chromeos/network/onc/onc_certificate_importer.cc

Issue 13035003: Added a PolicyCertVerifier that uses the trust anchors from the ONC policies. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: fixed non-chromeos builds Created 7 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chromeos/network/onc/onc_certificate_importer.h ('K') | « chromeos/network/onc/onc_certificate_importer.h ('k') | chromeos/network/onc/onc_certificate_importer_unittest.cc » ('j') | chromeos/network/onc/onc_certificate_importer_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chromeos/network/onc/onc_certificate_importer.cc
diff --git a/chromeos/network/onc/onc_certificate_importer.cc b/chromeos/network/onc/onc_certificate_importer.cc
index b236927831738c930edaa0fd43f3ee17fdc00a00..969009159a6a0995a1f7bf4796ec1f2c9b747267 100644
--- a/chromeos/network/onc/onc_certificate_importer.cc
+++ b/chromeos/network/onc/onc_certificate_importer.cc
@@ -39,7 +39,8 @@ CertificateImporter::CertificateImporter(bool allow_web_trust)
}
CertificateImporter::ParseResult CertificateImporter::ParseAndStoreCertificates(
- const base::ListValue& certificates) {
+ const base::ListValue& certificates,
+ net::CertificateList* web_trust_certificates) {
size_t successful_imports = 0;
for (size_t i = 0; i < certificates.GetSize(); ++i) {
const base::DictionaryValue* certificate = NULL;
@@ -48,7 +49,7 @@ CertificateImporter::ParseResult CertificateImporter::ParseAndStoreCertificates(
VLOG(2) << "Parsing certificate at index " << i << ": " << *certificate;
- if (!ParseAndStoreCertificate(*certificate)) {
+ if (!ParseAndStoreCertificate(*certificate, web_trust_certificates)) {
ONC_LOG_ERROR(
base::StringPrintf("Cannot parse certificate at index %zu", i));
} else {
@@ -67,7 +68,8 @@ CertificateImporter::ParseResult CertificateImporter::ParseAndStoreCertificates(
}
bool CertificateImporter::ParseAndStoreCertificate(
- const base::DictionaryValue& certificate) {
+ const base::DictionaryValue& certificate,
+ net::CertificateList* web_trust_certificates) {
// Get out the attributes of the given certificate.
std::string guid;
certificate.GetString(certificate::kGUID, &guid);
@@ -88,7 +90,8 @@ bool CertificateImporter::ParseAndStoreCertificate(
certificate.GetString(certificate::kType, &cert_type);
if (cert_type == certificate::kServer ||
cert_type == certificate::kAuthority) {
- return ParseServerOrCaCertificate(cert_type, guid, certificate);
+ return ParseServerOrCaCertificate(
+ cert_type, guid, certificate, web_trust_certificates);
} else if (cert_type == certificate::kClient) {
return ParseClientCertificate(guid, certificate);
}
@@ -158,8 +161,9 @@ bool CertificateImporter::DeleteCertAndKeyByNickname(const std::string& label) {
bool CertificateImporter::ParseServerOrCaCertificate(
const std::string& cert_type,
const std::string& guid,
- const base::DictionaryValue& certificate) {
- bool web_trust = false;
+ const base::DictionaryValue& certificate,
+ net::CertificateList* web_trust_certificates) {
+ bool web_trust_flag = false;
const base::ListValue* trust_list = NULL;
if (certificate.GetList(certificate::kTrust, &trust_list)) {
for (size_t i = 0; i < trust_list->GetSize(); ++i) {
@@ -170,7 +174,7 @@ bool CertificateImporter::ParseServerOrCaCertificate(
if (trust_type == certificate::kWeb) {
// "Web" implies that the certificate is to be trusted for SSL
// identification.
- web_trust = true;
+ web_trust_flag = true;
} else {
ONC_LOG_ERROR("Certificate contains unknown trust type " + trust_type);
return false;
@@ -178,9 +182,12 @@ bool CertificateImporter::ParseServerOrCaCertificate(
}
}
- if (web_trust && !allow_web_trust_) {
- LOG(WARNING) << "Web trust not granted for certificate: " << guid;
- web_trust = false;
+ bool import_with_web_trust = false;
+ if (web_trust_flag) {
+ if (!allow_web_trust_)
+ LOG(WARNING) << "Web trust not granted for certificate: " << guid;
+ else
+ import_with_web_trust = true;
}
std::string x509_data;
@@ -276,7 +283,7 @@ bool CertificateImporter::ParseServerOrCaCertificate(
cert_list.push_back(x509_cert);
net::NSSCertDatabase::ImportCertFailureList failures;
bool success = false;
- net::NSSCertDatabase::TrustBits trust = web_trust ?
+ net::NSSCertDatabase::TrustBits trust = import_with_web_trust ?
net::NSSCertDatabase::TRUSTED_SSL :
net::NSSCertDatabase::TRUST_DEFAULT;
if (cert_type == certificate::kServer) {
@@ -295,6 +302,9 @@ bool CertificateImporter::ParseServerOrCaCertificate(
return false;
}
+ if (web_trust_flag && web_trust_certificates)
+ web_trust_certificates->push_back(x509_cert);
+
return true;
}
« chromeos/network/onc/onc_certificate_importer.h ('K') | « chromeos/network/onc/onc_certificate_importer.h ('k') | chromeos/network/onc/onc_certificate_importer_unittest.cc » ('j') | chromeos/network/onc/onc_certificate_importer_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698