Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(372)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/chromeos/cros/network_library_impl_base.cc

Issue 14192017: Extract certificate policy application from NetworkLibrary. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Initial patch. Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/chromeos/cros/network_library_impl_base.h ('k') | chrome/browser/chromeos/cros/network_library_unittest.cc » ('j') | chrome/browser/chromeos/policy/network_configuration_updater.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/chromeos/cros/network_library_impl_base.cc
diff --git a/chrome/browser/chromeos/cros/network_library_impl_base.cc b/chrome/browser/chromeos/cros/network_library_impl_base.cc
index 2acde2b570569ec68e844f9ac511523e9aff892f..d2a58dcdaa46ecc8073c48700cc28993849aa5c4 100644
--- a/chrome/browser/chromeos/cros/network_library_impl_base.cc
+++ b/chrome/browser/chromeos/cros/network_library_impl_base.cc
@@ -7,7 +7,6 @@
#include "base/bind.h"
#include "base/json/json_writer.h"
#include "base/memory/scoped_vector.h"
-#include "base/metrics/histogram.h"
#include "base/stl_util.h"
#include "base/string_util.h"
#include "chrome/browser/chromeos/cros/network_constants.h"
@@ -15,13 +14,11 @@
#include "chrome/browser/chromeos/net/onc_utils.h"
#include "chrome/browser/chromeos/network_login_observer.h"
#include "chromeos/network/network_ui_data.h"
-#include "chromeos/network/onc/onc_certificate_importer.h"
#include "chromeos/network/onc/onc_constants.h"
#include "chromeos/network/onc/onc_normalizer.h"
#include "chromeos/network/onc/onc_signature.h"
#include "chromeos/network/onc/onc_translator.h"
#include "chromeos/network/onc/onc_utils.h"
-#include "chromeos/network/onc/onc_validator.h"
#include "content/public/browser/browser_thread.h"
#include "crypto/nss_util.h" // crypto::GetTPMTokenInfo() for 802.1X and VPN.
#include "third_party/cros_system_api/dbus/service_constants.h"
@@ -1063,12 +1060,10 @@ class UserStringSubstitution : public onc::StringSubstitution {
} // namespace
-bool NetworkLibraryImplBase::LoadOncNetworks(
- const std::string& onc_blob,
- const std::string& passphrase,
- onc::ONCSource source,
- net::CertificateList* onc_trusted_certificates) {
- VLOG(2) << __func__ << ": called on " << onc_blob;
+void NetworkLibraryImplBase::LoadOncNetworks(
+ const base::ListValue& network_configs,
+ onc::ONCSource source) {
+ VLOG(2) << __func__ << ": called on " << network_configs;
NetworkProfile* profile = NULL;
bool from_policy = (source == onc::ONC_SOURCE_USER_POLICY ||
source == onc::ONC_SOURCE_DEVICE_POLICY);
@@ -1082,95 +1077,17 @@ bool NetworkLibraryImplBase::LoadOncNetworks(
if (profile == NULL) {
VLOG(2) << "Profile for ONC source " << onc::GetSourceAsString(source)
<< " doesn't exist.";
- return true;
- }
- }
-
- scoped_ptr<base::DictionaryValue> root_dict =
- onc::ReadDictionaryFromJson(onc_blob);
- if (root_dict.get() == NULL) {
- LOG(ERROR) << "ONC loaded from " << onc::GetSourceAsString(source)
- << " is not a valid JSON dictionary.";
- return false;
- }
-
- // Check and see if this is an encrypted ONC file. If so, decrypt it.
- std::string onc_type;
- root_dict->GetStringWithoutPathExpansion(onc::toplevel_config::kType,
- &onc_type);
- if (onc_type == onc::toplevel_config::kEncryptedConfiguration) {
- root_dict = onc::Decrypt(passphrase, *root_dict);
- if (root_dict.get() == NULL) {
- LOG(ERROR) << "Couldn't decrypt the ONC from "
- << onc::GetSourceAsString(source);
- return false;
- }
- }
-
- // Validate the ONC dictionary. We are liberal and ignore unknown field
- // names and ignore invalid field names in kRecommended arrays.
- onc::Validator validator(false, // Ignore unknown fields.
- false, // Ignore invalid recommended field names.
- true, // Fail on missing fields.
- from_policy);
- validator.SetOncSource(source);
-
- onc::Validator::Result validation_result;
- root_dict = validator.ValidateAndRepairObject(
- &onc::kToplevelConfigurationSignature,
- *root_dict,
- &validation_result);
-
- if (from_policy) {
- UMA_HISTOGRAM_BOOLEAN("Enterprise.ONC.PolicyValidation",
- validation_result == onc::Validator::VALID);
- }
-
- bool success = true;
- if (validation_result == onc::Validator::VALID_WITH_WARNINGS) {
- LOG(WARNING) << "ONC from " << onc::GetSourceAsString(source)
- << " produced warnings.";
- success = false;
- } else if (validation_result == onc::Validator::INVALID ||
- root_dict == NULL) {
- LOG(ERROR) << "ONC from " << onc::GetSourceAsString(source)
- << " is invalid and couldn't be repaired.";
- return false;
- }
-
- const base::ListValue* certificates;
- bool has_certificates =
- root_dict->GetListWithoutPathExpansion(
- onc::toplevel_config::kCertificates,
- &certificates);
-
- const base::ListValue* network_configs;
- bool has_network_configurations = root_dict->GetListWithoutPathExpansion(
- onc::toplevel_config::kNetworkConfigurations,
- &network_configs);
-
- if (has_certificates) {
- VLOG(2) << "ONC file has " << certificates->GetSize() << " certificates";
-
- // Web trust is only granted to certificates imported by the user.
- bool allow_trust_imports = source == onc::ONC_SOURCE_USER_IMPORT;
- onc::CertificateImporter cert_importer(allow_trust_imports);
- if (cert_importer.ParseAndStoreCertificates(
- *certificates, onc_trusted_certificates) !=
- onc::CertificateImporter::IMPORT_OK) {
- LOG(ERROR) << "Cannot parse some of the certificates in the ONC from "
- << onc::GetSourceAsString(source);
- success = false;
+ return;
}
}
std::set<std::string> removal_ids;
std::set<std::string>& network_ids(network_source_map_[source]);
network_ids.clear();
- if (has_network_configurations) {
- VLOG(2) << "ONC file has " << network_configs->GetSize() << " networks";
- for (base::ListValue::const_iterator it(network_configs->begin());
- it != network_configs->end(); ++it) {
+ if (true) {
Joao da Silva 2013/04/22 10:38:09 ?
pneubeck (no reviews) 2013/04/23 18:05:25 Done.
+ VLOG(2) << "ONC file has " << network_configs.GetSize() << " networks";
+ for (base::ListValue::const_iterator it(network_configs.begin());
+ it != network_configs.end(); ++it) {
const base::DictionaryValue* network;
(*it)->GetAsDictionary(&network);
@@ -1279,8 +1196,6 @@ bool NetworkLibraryImplBase::LoadOncNetworks(
} else if (source == onc::ONC_SOURCE_USER_IMPORT && !removal_ids.empty()) {
ForgetNetworksById(source, removal_ids, true);
}
-
- return success;
}
////////////////////////////////////////////////////////////////////////////
« no previous file with comments | « chrome/browser/chromeos/cros/network_library_impl_base.h ('k') | chrome/browser/chromeos/cros/network_library_unittest.cc » ('j') | chrome/browser/chromeos/policy/network_configuration_updater.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698