Resolve certificate references in ONC by PEM.

chrome/browser/chromeos/cros/network_library_impl_base.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/cros/network_library_impl_base.h"
 
 #include "base/bind.h"
 #include "base/json/json_writer.h"
 #include "base/memory/scoped_vector.h"
 #include "base/stl_util.h"
@@ skipping 286 matching lines @@
   return wimax_networks_;
 }
 const VirtualNetworkVector& NetworkLibraryImplBase::virtual_networks() const {
   return virtual_networks_;
 }
 const VirtualNetworkVector&
     NetworkLibraryImplBase::remembered_virtual_networks() const {
   return remembered_virtual_networks_;
 }
 
+namespace {
+
 // Use shill's ordering of the services to determine which type of
 // network to return (i.e. don't assume priority of network types).
 // Note: This does not include any virtual networks.
-namespace {
 const Network* highest_priority(const Network* a, const Network*b) {
   if (!a)
     return b;
   if (!b)
     return a;
   if (b->priority_order() < a->priority_order())
     return b;
   return a;
 }
-}
+
+}  // namespace
 
 const Network* NetworkLibraryImplBase::active_network() const {
   const Network* result = active_nonvirtual_network();
   if (active_virtual_ && active_virtual_->is_active())
     result = highest_priority(result, active_virtual_);
   return result;
 }
 
 const Network* NetworkLibraryImplBase::active_nonvirtual_network() const {
   const Network* result = NULL;
@@ skipping 468 matching lines @@
   connect_data_.security = security;
   connect_data_.service_name = ssid;
   connect_data_.passphrase = passphrase;
   connect_data_.save_credentials = save_credentials;
   connect_data_.profile_type = shared ? PROFILE_SHARED : PROFILE_USER;
   if (security == SECURITY_8021X) {
     DCHECK(eap_config);
     connect_data_.service_name = ssid;
     connect_data_.eap_method = eap_config->method;
     connect_data_.eap_auth = eap_config->auth;
-    connect_data_.server_ca_cert_nss_nickname =
-        eap_config->server_ca_cert_nss_nickname;
+    connect_data_.server_ca_cert_fingerprint =
+        eap_config->server_ca_cert_fingerprint;
     connect_data_.eap_use_system_cas = eap_config->use_system_cas;
     connect_data_.client_cert_pkcs11_id =
         eap_config->client_cert_pkcs11_id;
     connect_data_.eap_identity = eap_config->identity;
     connect_data_.eap_anonymous_identity = eap_config->anonymous_identity;
   }
 
   CallRequestWifiNetworkAndConnect(ssid, security);
 }
 
 // 1. Connect to a virtual network with a PSK.
 void NetworkLibraryImplBase::ConnectToUnconfiguredVirtualNetwork(
     const std::string& service_name,
     const std::string& server_hostname,
     ProviderType provider_type,
     const VPNConfigData& config) {
   // Store the connection data to be used by the callback.
   connect_data_.service_name = service_name;
   connect_data_.server_hostname = server_hostname;
   connect_data_.psk_key = config.psk;
-  connect_data_.server_ca_cert_nss_nickname =
-      config.server_ca_cert_nss_nickname;
+  connect_data_.server_ca_cert_fingerprint =
+      config.server_ca_cert_fingerprint;
   connect_data_.client_cert_pkcs11_id = config.client_cert_pkcs11_id;
   connect_data_.username = config.username;
   connect_data_.passphrase = config.user_passphrase;
   connect_data_.otp = config.otp;
   connect_data_.group_name = config.group_name;
   connect_data_.save_credentials = config.save_credentials;
   CallRequestVirtualNetworkAndConnect(
       service_name, server_hostname, provider_type);
 }
 
@@ skipping 17 matching lines @@
   if (wifi->name() != data.service_name) {
     LOG(WARNING) << "WiFi network name does not match ConnectData: "
                  << wifi->name() << " != " << data.service_name;
     return;
   }
   wifi->set_added(true);
   if (data.security == SECURITY_8021X) {
     // Enterprise 802.1X EAP network.
     wifi->SetEAPMethod(data.eap_method);
     wifi->SetEAPPhase2Auth(data.eap_auth);
-    wifi->SetEAPServerCaCertNssNickname(data.server_ca_cert_nss_nickname);
+    wifi->SetEAPServerCaCertFingerprint(data.server_ca_cert_fingerprint);
     wifi->SetEAPUseSystemCAs(data.eap_use_system_cas);
     wifi->SetEAPClientCertPkcs11Id(data.client_cert_pkcs11_id);
     wifi->SetEAPIdentity(data.eap_identity);
     wifi->SetEAPAnonymousIdentity(data.eap_anonymous_identity);
     wifi->SetEAPPassphrase(data.passphrase);
     wifi->SetSaveCredentials(data.save_credentials);
   } else {
     // Ordinary, non-802.1X network.
     wifi->SetPassphrase(data.passphrase);
   }
@@ skipping 25 matching lines @@
   // the code to make the flow more straightforward. See crosbug.com/24636
   if (vpn->provider_type() == PROVIDER_TYPE_L2TP_IPSEC_PSK &&
       !connect_data_.client_cert_pkcs11_id.empty()) {
     vpn->set_provider_type(PROVIDER_TYPE_L2TP_IPSEC_USER_CERT);
   }
 
   vpn->set_added(true);
   if (!data.server_hostname.empty())
     vpn->set_server_hostname(data.server_hostname);
 
-  vpn->SetCACertNSS(data.server_ca_cert_nss_nickname);
+  vpn->SetCACertFingerprint(data.server_ca_cert_fingerprint);
   switch (vpn->provider_type()) {
     case PROVIDER_TYPE_L2TP_IPSEC_PSK:
       vpn->SetL2TPIPsecPSKCredentials(
           data.psk_key, data.username, data.passphrase, data.group_name);
       break;
     case PROVIDER_TYPE_L2TP_IPSEC_USER_CERT: {
       vpn->SetL2TPIPsecCertCredentials(
           data.client_cert_pkcs11_id,
           data.username, data.passphrase, data.group_name);
       break;
@@ skipping 89 matching lines @@
     else
       return false;
     return true;
   }
 };
 
 }  // namespace
 
 void NetworkLibraryImplBase::LoadOncNetworks(
     const base::ListValue& network_configs,
-    onc::ONCSource source) {
+    onc::ONCSource source,
+    const base::Callback<std::string(const std::string&)>& fingerprint_to_pem) {
   VLOG(2) << __func__ << ": called on " << network_configs;
   NetworkProfile* profile = NULL;
   bool from_policy = (source == onc::ONC_SOURCE_USER_POLICY ||
                       source == onc::ONC_SOURCE_DEVICE_POLICY);
 
   // Policies are applied to a specific Shill profile. User ONC import however
   // is applied to whatever profile Shill chooses. This should be the profile
   // that is already associated with a network and if no profile is associated
   // yet, it should be the user profile.
   if (from_policy) {
@@ skipping 59 matching lines @@
 
     // Normalize the ONC: Remove irrelevant fields.
     onc::Normalizer normalizer(true /* remove recommended fields */);
     scoped_ptr<base::DictionaryValue> normalized_network =
         normalizer.NormalizeObject(&onc::kNetworkConfigurationSignature,
                                    *expanded_network);
 
     // Configure the network.
     scoped_ptr<base::DictionaryValue> shill_dict =
         onc::TranslateONCObjectToShill(&onc::kNetworkConfigurationSignature,
-                                       *normalized_network);
+                                       *normalized_network,
+                                       fingerprint_to_pem);

[stevenjb, 2013/06/21 22:47:13]

Passing the callback through here is pretty confusing to me. I really wish this
wasn't part of NetworkLibrary. Hopefully we will have have the equivalent of
CallConfigureService() and ForgetNetworksById() available in NetworkHandler soon
and we can move this. In the meanwhile, please add a comment.

 
     // Set the ProxyConfig.
     const base::DictionaryValue* proxy_settings;
     if (normalized_network->GetDictionaryWithoutPathExpansion(
             onc::network_config::kProxySettings,
             &proxy_settings)) {
       scoped_ptr<base::DictionaryValue> proxy_config =
           onc::ConvertOncProxySettingsToProxyConfig(*proxy_settings);
       std::string proxy_json;
       base::JSONWriter::Write(proxy_config.get(), &proxy_json);
@@ skipping 562 matching lines @@
   GetTpmInfo();
   return tpm_slot_;
 }
 
 const std::string& NetworkLibraryImplBase::GetTpmPin() {
   GetTpmInfo();
   return tpm_pin_;
 }
 
 }  // namespace chromeos