Rename ONC field Trust to TrustBits.

chromeos/network/onc/onc_certificate_importer.cc

Index: chromeos/network/onc/onc_certificate_importer.cc
diff --git a/chromeos/network/onc/onc_certificate_importer.cc b/chromeos/network/onc/onc_certificate_importer.cc
index 34079715a2a5f0cfdd521dd340976d9ec6484b40..3a5f88fa083a648927500bd6120c6289e37870ee 100644
--- a/chromeos/network/onc/onc_certificate_importer.cc
+++ b/chromeos/network/onc/onc_certificate_importer.cc
@@ -70,11 +70,11 @@ bool CertificateImporter::ParseAndStoreCertificate(
     const base::DictionaryValue& certificate) {
   // Get out the attributes of the given certificate.
   std::string guid;
-  certificate.GetString(certificate::kGUID, &guid);
+  certificate.GetStringWithoutPathExpansion(certificate::kGUID, &guid);
   DCHECK(!guid.empty());
 
   bool remove = false;
-  if (certificate.GetBoolean(kRemove, &remove) && remove) {
+  if (certificate.GetBooleanWithoutPathExpansion(kRemove, &remove) && remove) {
     if (!DeleteCertAndKeyByNickname(guid)) {
       ONC_LOG_ERROR("Unable to delete certificate");
       return false;
@@ -85,7 +85,7 @@ bool CertificateImporter::ParseAndStoreCertificate(
 
   // Not removing, so let's get the data we need to add this certificate.
   std::string cert_type;
-  certificate.GetString(certificate::kType, &cert_type);
+  certificate.GetStringWithoutPathExpansion(certificate::kType, &cert_type);
   if (cert_type == certificate::kServer ||
       cert_type == certificate::kAuthority) {
     return ParseServerOrCaCertificate(cert_type, guid, certificate);
@@ -161,10 +161,12 @@ bool CertificateImporter::ParseServerOrCaCertificate(
     const base::DictionaryValue& certificate) {
   bool web_trust = false;
   const base::ListValue* trust_list = NULL;
-  if (certificate.GetList(certificate::kTrust, &trust_list)) {
-    for (size_t i = 0; i < trust_list->GetSize(); ++i) {
+  if (certificate.GetListWithoutPathExpansion(certificate::kTrustBits,
+                                              &trust_list)) {
+    for (base::ListValue::const_iterator it = trust_list->begin();
+         it != trust_list->end(); ++it) {
       std::string trust_type;
-      if (!trust_list->GetString(i, &trust_type))
+      if (!(*it)->GetAsString(&trust_type))
         NOTREACHED();
 
       if (trust_type == certificate::kWeb) {
@@ -172,19 +174,22 @@ bool CertificateImporter::ParseServerOrCaCertificate(
         // identification.
         web_trust = true;
       } else {
-        ONC_LOG_ERROR("Certificate contains unknown trust type " + trust_type);
-        return false;
+        // Trust bits should only increase trust and never restrict. Thus,
+        // ignoring unknown bits should be safe.
+        ONC_LOG_WARNING("Certificate contains unknown trust type " +
+                        trust_type);

[Joao da Silva, 2013/04/03 12:49:53]

It'd be nice to add a test for this: have an ONC file with a "Foo" flag, and
check that the certificate is still imported.

[pneubeck (no reviews), 2013/04/04 11:24:49]

Added the flag to an existing test.

       }
     }
   }
 
   if (web_trust && !allow_web_trust_) {
-    LOG(WARNING) << "Web trust not granted for certificate: " << guid;
+    ONC_LOG_WARNING("Web trust not granted for certificate: " + guid);
     web_trust = false;
   }
 
   std::string x509_data;
-  if (!certificate.GetString(certificate::kX509, &x509_data) ||
+  if (!certificate.GetStringWithoutPathExpansion(certificate::kX509,
+                                                 &x509_data) ||
       x509_data.empty()) {
     ONC_LOG_ERROR(
         "Certificate missing appropriate certificate data for type: " +
@@ -250,11 +255,10 @@ bool CertificateImporter::ParseServerOrCaCertificate(
     }
 
     // Reload the cert here to get an actual temporary cert instance.
-    x509_cert =
-        net::X509Certificate::CreateFromBytesWithNickname(
-            decoded_x509.data(),
-            decoded_x509.size(),
-            guid.c_str());
+    x509_cert = net::X509Certificate::CreateFromBytesWithNickname(
+        decoded_x509.data(),
+        decoded_x509.size(),
+        guid.c_str());
     if (!x509_cert.get()) {
       ONC_LOG_ERROR("Unable to create X509 certificate from bytes.");
       return false;
@@ -302,7 +306,8 @@ bool CertificateImporter::ParseClientCertificate(
     const std::string& guid,
     const base::DictionaryValue& certificate) {
   std::string pkcs12_data;
-  if (!certificate.GetString(certificate::kPKCS12, &pkcs12_data) ||
+  if (!certificate.GetStringWithoutPathExpansion(certificate::kPKCS12,
+                                                 &pkcs12_data) ||
       pkcs12_data.empty()) {
     ONC_LOG_ERROR("PKCS12 data is missing for client certificate.");
     return false;