chromeos/network/onc/onc_signature.cc - Issue 16946002: Resolve certificate references in ONC by PEM.

Unified Diff: chromeos/network/onc/onc_signature.cc

Issue 16946002: Resolve certificate references in ONC by PEM. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Support CACert PEM list for L2tp. Created 7 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« chromeos/network/onc/onc_constants.cc ('K') | « chromeos/network/onc/onc_normalizer.cc ('k') | chromeos/network/onc/onc_translation_tables.cc » ('j') | chromeos/test/data/network/managed_toplevel1_with_cert_pems.onc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chromeos/network/onc/onc_signature.cc

diff --git a/chromeos/network/onc/onc_signature.cc b/chromeos/network/onc/onc_signature.cc

index 8f404614bb0d9991773703305e61258711b7f357..3ec88fff18ef2742ef2a19c03a0525cdb8590d4f 100644

--- a/chromeos/network/onc/onc_signature.cc

+++ b/chromeos/network/onc/onc_signature.cc

@@ -45,6 +45,7 @@ const OncFieldSignature certificate_pattern_fields[] = {

{ certificate::kEnrollmentURI, &kStringListSignature },

{ certificate::kIssuer, &kIssuerSubjectPatternSignature },

{ certificate::kIssuerCARef, &kStringListSignature },

+ { certificate::kIssuerCAPEMs, &kStringListSignature },

{ certificate::kSubject, &kIssuerSubjectPatternSignature },

{ NULL }

};

@@ -60,6 +61,7 @@ const OncFieldSignature eap_fields[] = {

{ eap::kOuter, &kStringSignature },

{ eap::kPassword, &kStringSignature },

{ eap::kSaveCredentials, &kBoolSignature },

+ { eap::kServerCAPEMs, &kStringListSignature },

{ eap::kServerCARef, &kStringSignature },

{ eap::kUseSystemCAs, &kBoolSignature },

{ NULL }

@@ -67,18 +69,19 @@ const OncFieldSignature eap_fields[] = {

const OncFieldSignature ipsec_fields[] = {

{ kRecommended, &kRecommendedSignature },

- { vpn::kAuthenticationType, &kStringSignature },

+ { ipsec::kAuthenticationType, &kStringSignature },

{ vpn::kClientCertPattern, &kCertificatePatternSignature },

{ vpn::kClientCertRef, &kStringSignature },

{ vpn::kClientCertType, &kStringSignature },

- { vpn::kGroup, &kStringSignature },

- { vpn::kIKEVersion, &kIntegerSignature },

- { vpn::kPSK, &kStringSignature },

+ { ipsec::kGroup, &kStringSignature },

+ { ipsec::kIKEVersion, &kIntegerSignature },

+ { ipsec::kPSK, &kStringSignature },

{ vpn::kSaveCredentials, &kBoolSignature },

- { vpn::kServerCARef, &kStringSignature },

+ { ipsec::kServerCAPEMs, &kStringSignature },

+ { ipsec::kServerCARef, &kStringSignature },

// Not yet supported.

- // { vpn::kEAP, &kEAPSignature },

- // { vpn::kXAUTH, &kXAUTHSignature },

+ // { ipsec::kEAP, &kEAPSignature },

+ // { ipsec::kXAUTH, &kXAUTHSignature },

{ NULL }

};

@@ -112,8 +115,10 @@ const OncFieldSignature openvpn_fields[] = {

{ vpn::kRemoteCertTLS, &kStringSignature },

{ vpn::kRenegSec, &kIntegerSignature },

{ vpn::kSaveCredentials, &kBoolSignature },

- { vpn::kServerCARef, &kStringSignature },

+ { openvpn::kServerCAPEMs, &kStringListSignature },

+ { openvpn::kServerCARef, &kStringSignature },

// Not supported, yet.

+ { vpn::kServerCertPEM, &kStringSignature },

{ vpn::kServerCertRef, &kStringSignature },

{ vpn::kServerPollTimeout, &kIntegerSignature },

{ vpn::kShaper, &kIntegerSignature },

@@ -381,7 +386,7 @@ struct CredentialEntry {

const CredentialEntry credentials[] = {

{ &kEAPSignature, onc::eap::kPassword },

- { &kIPsecSignature, onc::vpn::kPSK },

+ { &kIPsecSignature, onc::ipsec::kPSK },

{ &kL2TPSignature, onc::vpn::kPassword },

{ &kOpenVPNSignature, onc::vpn::kPassword },

{ &kOpenVPNSignature, onc::vpn::kTLSAuthContents },