chrome/browser/chromeos/cros/certificate_pattern_matcher.cc - Issue 13454006: Moving ManagedNetworkConfigurationHandler to chromeos/.

Unified Diff: chrome/browser/chromeos/cros/certificate_pattern_matcher.cc

Issue 13454006: Moving ManagedNetworkConfigurationHandler to chromeos/. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Moved CreateUIData from ONC. Created 7 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « chrome/browser/chromeos/cros/certificate_pattern_matcher.h ('k') | chrome/browser/chromeos/cros/network_constants.h » ('j') | chromeos/network/network_ui_data.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/chromeos/cros/certificate_pattern_matcher.cc

diff --git a/chrome/browser/chromeos/cros/certificate_pattern.cc b/chrome/browser/chromeos/cros/certificate_pattern_matcher.cc

similarity index 38%

copy from chrome/browser/chromeos/cros/certificate_pattern.cc

copy to chrome/browser/chromeos/cros/certificate_pattern_matcher.cc

index 78249bc82119602bd1d7c142b2f8f3fefa7eaed9..f733d6088f7e8b2e833f038f5c12182a9af1ea4b 100644

--- a/chrome/browser/chromeos/cros/certificate_pattern.cc

+++ b/chrome/browser/chromeos/cros/certificate_pattern_matcher.cc

@@ -2,69 +2,61 @@

// Use of this source code is governed by a BSD-style license that can be

// found in the LICENSE file.

-#include "chrome/browser/chromeos/cros/certificate_pattern.h"

+#include "chrome/browser/chromeos/cros/certificate_pattern_matcher.h"

+#include <cert.h>

+#include <pk11pub.h>

-#include <algorithm>

#include <list>

#include <string>

#include <vector>

-#include <cert.h>

-#include <pk11pub.h>

-#include "base/logging.h"

-#include "base/values.h"

+#include "chromeos/network/certificate_pattern.h"

#include "net/base/net_errors.h"

#include "net/cert/cert_database.h"

#include "net/cert/nss_cert_database.h"

#include "net/cert/x509_cert_types.h"

#include "net/cert/x509_certificate.h"

-// To shorten some of those long lines below.

-using base::DictionaryValue;

-using base::ListValue;

-using std::find;

-using std::list;

-using std::string;

-using std::vector;

namespace chromeos {

namespace {

-// Keys for converting classes below to/from dictionaries.

-const char kCommonNameKey[] = "CommonName";

-const char kLocalityKey[] = "Locality";

-const char kOrganizationKey[] = "Organization";

-const char kOrganizationalUnitKey[] = "OrganizationalUnit";

-const char kIssuerCaRefKey[] = "IssuerCARef";

-const char kIssuerKey[] = "Issuer";

-const char kSubjectKey[] = "Subject";

-const char kEnrollmentUriKey[] = "EnrollmentURI";

+// Returns true only if any fields set in this pattern match exactly with

+// similar fields in the principal. If organization_ or organizational_unit_

+// are set, then at least one of the organizations or units in the principal

+// must match.

+bool CertPrincipalMatches(const IssuerSubjectPattern& pattern,

+ const net::CertPrincipal& principal) {

+ if (!pattern.common_name().empty() &&

+ pattern.common_name() != principal.common_name) {

+ return false;

+ }

-bool GetAsListOfStrings(const base::Value& value,

- std::vector<std::string>* result) {

- const base::ListValue* list = NULL;

- if (!value.GetAsList(&list))

+ if (!pattern.locality().empty() &&

+ pattern.locality() != principal.locality_name) {

return false;

- result->clear();

- result->reserve(list->GetSize());

- for (size_t i = 0; i < list->GetSize(); i++) {

- std::string item;

- if (!list->GetString(i, &item))

+ }

+ if (!pattern.organization().empty()) {

+ if (std::find(principal.organization_names.begin(),

+ principal.organization_names.end(),

+ pattern.organization()) ==

+ principal.organization_names.end()) {

return false;

- result->push_back(item);

+ }

}

- return true;

-ListValue* CreateListFromStrings(const vector<string>& strings) {

- ListValue* new_list = new ListValue;

- for (vector<string>::const_iterator iter = strings.begin();

- iter != strings.end(); ++iter) {

- new_list->Append(new StringValue(*iter));

+ if (!pattern.organizational_unit().empty()) {

+ if (std::find(principal.organization_unit_names.begin(),

+ principal.organization_unit_names.end(),

+ pattern.organizational_unit()) ==

+ principal.organization_unit_names.end()) {

+ return false;

+ }

}

- return new_list;

+ return true;

}

// Functor to filter out non-matching issuers.

@@ -73,7 +65,7 @@ class IssuerFilter {

explicit IssuerFilter(const IssuerSubjectPattern& issuer)

: issuer_(issuer) {}

bool operator()(const scoped_refptr<net::X509Certificate>& cert) const {

- return !issuer_.Matches(cert.get()->issuer());

+ return !CertPrincipalMatches(issuer_, cert.get()->issuer());

}

private:

const IssuerSubjectPattern& issuer_;

@@ -85,7 +77,7 @@ class SubjectFilter {

explicit SubjectFilter(const IssuerSubjectPattern& subject)

: subject_(subject) {}

bool operator()(const scoped_refptr<net::X509Certificate>& cert) const {

- return !subject_.Matches(cert.get()->subject());

+ return !CertPrincipalMatches(subject_, cert.get()->subject());

}

private:

const IssuerSubjectPattern& subject_;

@@ -106,7 +98,7 @@ class PrivateKeyFilter {

// IssuerCARef list.

class IssuerCaRefFilter {

public:

- explicit IssuerCaRefFilter(const vector<string>& issuer_ca_ref_list)

+ explicit IssuerCaRefFilter(const std::vector<std::string>& issuer_ca_ref_list)

: issuer_ca_ref_list_(issuer_ca_ref_list) {}

bool operator()(const scoped_refptr<net::X509Certificate>& cert) const {

// Find the certificate issuer for each certificate.

@@ -121,9 +113,10 @@ class IssuerCaRefFilter {

const char* delimiter = ::strchr(issuer_cert->nickname, ':');

if (delimiter) {

delimiter++; // move past the colon.

- vector<string>::const_iterator pat_iter = issuer_ca_ref_list_.begin();

+ std::vector<std::string>::const_iterator pat_iter =

+ issuer_ca_ref_list_.begin();

while (pat_iter != issuer_ca_ref_list_.end()) {

- if (::strcmp(delimiter, pat_iter->c_str()) == 0)

+ if (*pat_iter == delimiter)

return false;

++pat_iter;

}

@@ -132,115 +125,14 @@ class IssuerCaRefFilter {

return true;

}

private:

- const vector<string>& issuer_ca_ref_list_;

+ const std::vector<std::string>& issuer_ca_ref_list_;

};

} // namespace

-////////////////////////////////////////////////////////////////////////////////

-// IssuerSubjectPattern

-IssuerSubjectPattern::IssuerSubjectPattern(const std::string& common_name,

- const std::string& locality,

- const std::string& organization,

- const std::string& organizational_unit)

- : common_name_(common_name),

- locality_(locality),

- organization_(organization),

- organizational_unit_(organizational_unit) { }

-IssuerSubjectPattern::IssuerSubjectPattern() {}

-IssuerSubjectPattern::~IssuerSubjectPattern() {}

-bool IssuerSubjectPattern::Matches(const net::CertPrincipal& principal) const {

- if (!common_name_.empty() && common_name_ != principal.common_name)

- return false;

- if (!locality_.empty() && locality_ != principal.locality_name)

- return false;

- if (!organization_.empty()) {

- if (find(principal.organization_names.begin(),

- principal.organization_names.end(), organization_) ==

- principal.organization_names.end()) {

- return false;

- }

- if (!organizational_unit_.empty()) {

- if (find(principal.organization_unit_names.begin(),

- principal.organization_unit_names.end(),

- organizational_unit_) == principal.organization_unit_names.end()) {

- return false;

- }

- return true;

-bool IssuerSubjectPattern::Empty() const {

- return common_name_.empty() &&

- locality_.empty() &&

- organization_.empty() &&

- organizational_unit_.empty();

-void IssuerSubjectPattern::Clear() {

- common_name_.clear();

- locality_.clear();

- organization_.clear();

- organizational_unit_.clear();

-DictionaryValue* IssuerSubjectPattern::CreateAsDictionary() const {

- DictionaryValue* dict = new DictionaryValue;

- if (!common_name_.empty())

- dict->SetString(kCommonNameKey, common_name_);

- if (!locality_.empty())

- dict->SetString(kLocalityKey, locality_);

- if (!organization_.empty())

- dict->SetString(kOrganizationKey, organization_);

- if (!organizational_unit_.empty())

- dict->SetString(kOrganizationalUnitKey, organizational_unit_);

- return dict;

-bool IssuerSubjectPattern::CopyFromDictionary(const DictionaryValue& dict) {

- Clear();

- dict.GetString(kCommonNameKey, &common_name_);

- dict.GetString(kLocalityKey, &locality_);

- dict.GetString(kOrganizationKey, &organization_);

- dict.GetString(kOrganizationalUnitKey, &organizational_unit_);

- // If the dictionary wasn't empty, but we are, or vice versa, then something

- // went wrong.

- DCHECK(dict.empty() == Empty());

- if (dict.empty() != Empty())

- return false;

- return true;

-////////////////////////////////////////////////////////////////////////////////

-// CertificatePattern

-CertificatePattern::CertificatePattern() {}

-CertificatePattern::~CertificatePattern() {}

-bool CertificatePattern::Empty() const {

- return issuer_ca_ref_list_.empty() &&

- issuer_.Empty() &&

- subject_.Empty();

-void CertificatePattern::Clear() {

- issuer_ca_ref_list_.clear();

- issuer_.Clear();

- subject_.Clear();

- enrollment_uri_list_.clear();

-scoped_refptr<net::X509Certificate> CertificatePattern::GetMatch() const {

- typedef list<scoped_refptr<net::X509Certificate> > CertificateStlList;

+scoped_refptr<net::X509Certificate> GetCertificateMatch(

+ const CertificatePattern& pattern) {

+ typedef std::list<scoped_refptr<net::X509Certificate> > CertificateStlList;

// Start with all the certs, and narrow it down from there.

net::CertificateList all_certs;

@@ -256,20 +148,20 @@ scoped_refptr<net::X509Certificate> CertificatePattern::GetMatch() const {

}

// Strip off any certs that don't have the right issuer and/or subject.

- if (!issuer_.Empty()) {

- matching_certs.remove_if(IssuerFilter(issuer_));

+ if (!pattern.issuer().Empty()) {

+ matching_certs.remove_if(IssuerFilter(pattern.issuer()));

if (matching_certs.empty())

return NULL;

}

- if (!subject_.Empty()) {

- matching_certs.remove_if(SubjectFilter(subject_));

+ if (!pattern.subject().Empty()) {

+ matching_certs.remove_if(SubjectFilter(pattern.subject()));

if (matching_certs.empty())

return NULL;

}

- if (!issuer_ca_ref_list_.empty()) {

- matching_certs.remove_if(IssuerCaRefFilter(issuer_ca_ref_list_));

+ if (!pattern.issuer_ca_ref_list().empty()) {

+ matching_certs.remove_if(IssuerCaRefFilter(pattern.issuer_ca_ref_list()));

if (matching_certs.empty())

return NULL;

}

@@ -298,55 +190,4 @@ scoped_refptr<net::X509Certificate> CertificatePattern::GetMatch() const {

return latest;

}

-DictionaryValue* CertificatePattern::CreateAsDictionary() const {

- DictionaryValue* dict = new base::DictionaryValue;

- if (!issuer_ca_ref_list_.empty())

- dict->Set(kIssuerCaRefKey, CreateListFromStrings(issuer_ca_ref_list_));

- if (!issuer_.Empty())

- dict->Set(kIssuerKey, issuer_.CreateAsDictionary());

- if (!subject_.Empty())

- dict->Set(kSubjectKey, subject_.CreateAsDictionary());

- if (!enrollment_uri_list_.empty())

- dict->Set(kEnrollmentUriKey, CreateListFromStrings(enrollment_uri_list_));

- return dict;

-bool CertificatePattern::CopyFromDictionary(const DictionaryValue &dict) {

- const DictionaryValue* child_dict = NULL;

- const ListValue* child_list = NULL;

- Clear();

- // All of these are optional.

- if (dict.GetList(kIssuerCaRefKey, &child_list) && child_list) {

- if (!GetAsListOfStrings(*child_list, &issuer_ca_ref_list_))

- return false;

- }

- if (dict.GetDictionary(kIssuerKey, &child_dict) && child_dict) {

- if (!issuer_.CopyFromDictionary(*child_dict))

- return false;

- }

- child_dict = NULL;

- if (dict.GetDictionary(kSubjectKey, &child_dict) && child_dict) {

- if (!subject_.CopyFromDictionary(*child_dict))

- return false;

- }

- child_list = NULL;

- if (dict.GetList(kEnrollmentUriKey, &child_list) && child_list) {

- if (!GetAsListOfStrings(*child_list, &enrollment_uri_list_))

- return false;

- }

- // If we didn't copy anything from the dictionary, then it had better be

- // empty.

- DCHECK(dict.empty() == Empty());

- if (dict.empty() != Empty())

- return false;

- return true;

} // namespace chromeos