Chromium Code Reviews Chromium Code Reviews
Issue 16946002:
Resolve certificate references in ONC by PEM. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chrome/browser/chromeos/cros/native_network_parser.cc |
| diff --git a/chrome/browser/chromeos/cros/native_network_parser.cc b/chrome/browser/chromeos/cros/native_network_parser.cc |
| index 4a7637e424687b77c6c7a996ed060084490e7511..58da697a68e428b20038acb06e35f25db01d1a2a 100644 |
| --- a/chrome/browser/chromeos/cros/native_network_parser.cc |
| +++ b/chrome/browser/chromeos/cros/native_network_parser.cc |
| @@ -6,12 +6,15 @@ |
| #include <string> |
| +#include "base/logging.h" |
| #include "base/strings/string_util.h" |
| #include "base/strings/stringprintf.h" |
| #include "base/values.h" |
| #include "chrome/browser/chromeos/cros/native_network_constants.h" |
| #include "chrome/browser/chromeos/cros/network_library.h" |
| #include "chrome/browser/chromeos/login/user_manager.h" |
| +#include "chromeos/network/onc/onc_utils.h" |
| +#include "net/cert/x509_certificate.h" |
| #include "third_party/cros_system_api/dbus/service_constants.h" |
| namespace chromeos { |
| @@ -48,8 +51,7 @@ EnumMapper<PropertyIndex>::Pair property_index_table[] = { |
| { flimflam::kEapAnonymousIdentityProperty, |
| PROPERTY_INDEX_EAP_ANONYMOUS_IDENTITY }, |
| { flimflam::kEapCaCertIdProperty, PROPERTY_INDEX_EAP_CA_CERT_ID }, |
| - { flimflam::kEapCaCertNssProperty, PROPERTY_INDEX_EAP_CA_CERT_NSS }, |
| - { flimflam::kEapCaCertProperty, PROPERTY_INDEX_EAP_CA_CERT }, |
| + { shill::kEapCaCertPemProperty, PROPERTY_INDEX_EAP_CA_CERT_PEM }, |
| { flimflam::kEapCertIdProperty, PROPERTY_INDEX_EAP_CERT_ID }, |
| { flimflam::kEapClientCertNssProperty, PROPERTY_INDEX_EAP_CLIENT_CERT_NSS }, |
| { flimflam::kEapClientCertProperty, PROPERTY_INDEX_EAP_CLIENT_CERT }, |
| @@ -82,8 +84,8 @@ EnumMapper<PropertyIndex>::Pair property_index_table[] = { |
| { flimflam::kIsActiveProperty, PROPERTY_INDEX_IS_ACTIVE }, |
| { flimflam::kL2tpIpsecAuthenticationType, |
| PROPERTY_INDEX_IPSEC_AUTHENTICATIONTYPE }, |
| - { flimflam::kL2tpIpsecCaCertNssProperty, |
| - PROPERTY_INDEX_L2TPIPSEC_CA_CERT_NSS }, |
| + { shill::kL2tpIpsecCaCertPemProperty, |
| + PROPERTY_INDEX_L2TPIPSEC_CA_CERT_PEM }, |
| { flimflam::kL2tpIpsecClientCertIdProperty, |
| PROPERTY_INDEX_L2TPIPSEC_CLIENT_CERT_ID }, |
| { flimflam::kL2tpIpsecClientCertSlotProp, |
| @@ -153,7 +155,7 @@ EnumMapper<PropertyIndex>::Pair property_index_table[] = { |
| PROPERTY_INDEX_OPEN_VPN_AUTHNOCACHE }, |
| { flimflam::kOpenVPNAuthUserPassProperty, |
| PROPERTY_INDEX_OPEN_VPN_AUTHUSERPASS }, |
| - { flimflam::kOpenVPNCaCertNSSProperty, PROPERTY_INDEX_OPEN_VPN_CACERT }, |
| + { shill::kOpenVPNCaCertPemProperty, PROPERTY_INDEX_OPEN_VPN_CA_CERT_PEM }, |
| { flimflam::kOpenVPNClientCertSlotProperty, |
| PROPERTY_INDEX_OPEN_VPN_CLIENT_CERT_SLOT }, |
| { flimflam::kOpenVPNCipherProperty, PROPERTY_INDEX_OPEN_VPN_CIPHER }, |
| @@ -1237,12 +1239,20 @@ bool NativeWifiNetworkParser::ParseValue(PropertyIndex index, |
| wifi_network->set_eap_client_cert_pkcs11_id(eap_client_cert_pkcs11_id); |
| return true; |
| } |
| - case PROPERTY_INDEX_EAP_CA_CERT_NSS: { |
| - std::string eap_server_ca_cert_nss_nickname; |
| - if (!value.GetAsString(&eap_server_ca_cert_nss_nickname)) |
| + case PROPERTY_INDEX_EAP_CA_CERT_PEM: { |
| + std::string eap_server_ca_cert_pem; |
| + if (!value.GetAsString(&eap_server_ca_cert_pem)) |
| break; |
| - wifi_network->set_eap_server_ca_cert_nss_nickname( |
| - eap_server_ca_cert_nss_nickname); |
| + |
| + scoped_refptr<net::X509Certificate> cert = |
| + onc::DecodePEMCertificate(eap_server_ca_cert_pem); |
|
stevenjb
2013/06/21 22:47:13
How expensive is this? It would be better to defer
pneubeck (no reviews)
2013/06/24 08:12:31
It is less expensive than the certificate import (
|
| + if (!cert.get()) { |
| + LOG(ERROR) << "Unable to create certificate from PEM encoding."; |
| + return false; |
| + } |
| + |
| + wifi_network->set_eap_server_ca_cert_fingerprint( |
| + onc::GetHexFingerprintOfCert(*cert)); |
| return true; |
| } |
| case PROPERTY_INDEX_EAP_USE_SYSTEM_CAS: { |
| @@ -1259,13 +1269,6 @@ bool NativeWifiNetworkParser::ParseValue(PropertyIndex index, |
| wifi_network->set_eap_passphrase(eap_passphrase); |
| return true; |
| } |
| - case PROPERTY_INDEX_EAP_CA_CERT: { |
| - std::string eap_cert_nickname; |
| - if (!value.GetAsString(&eap_cert_nickname)) |
| - break; |
| - wifi_network->set_eap_server_ca_cert_nss_nickname(eap_cert_nickname); |
| - return true; |
| - } |
| case PROPERTY_INDEX_WIFI_AUTH_MODE: |
| case PROPERTY_INDEX_WIFI_PHY_MODE: |
| case PROPERTY_INDEX_EAP_CLIENT_CERT: |
| @@ -1379,12 +1382,20 @@ bool NativeVirtualNetworkParser::ParseProviderValue(PropertyIndex index, |
| network->set_provider_type(ParseProviderType(provider_type_string)); |
| return true; |
| } |
| - case PROPERTY_INDEX_L2TPIPSEC_CA_CERT_NSS: |
| - case PROPERTY_INDEX_OPEN_VPN_CACERT: { |
| - std::string ca_cert_nss; |
| - if (!value.GetAsString(&ca_cert_nss)) |
| + case PROPERTY_INDEX_L2TPIPSEC_CA_CERT_PEM: |
| + case PROPERTY_INDEX_OPEN_VPN_CA_CERT_PEM: { |
| + std::string ca_cert_pem; |
| + if (!value.GetAsString(&ca_cert_pem)) |
| break; |
| - network->set_ca_cert_nss(ca_cert_nss); |
| + |
| + scoped_refptr<net::X509Certificate> cert = |
| + onc::DecodePEMCertificate(ca_cert_pem); |
|
stevenjb
2013/06/21 22:47:13
Same comment about decoding here.
|
| + if (!cert.get()) { |
| + LOG(ERROR) << "Unable to create certificate from PEM encoding."; |
| + return false; |
| + } |
| + |
| + network->set_ca_cert_fingerprint(onc::GetHexFingerprintOfCert(*cert)); |
| return true; |
| } |
| case PROPERTY_INDEX_L2TPIPSEC_PSK: { |
