Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(221)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chromeos/network/client_cert_util.cc

Issue 23583018: Check configuration for networks without UIData (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Always return 'false' for VPN in IsCertificateConfigured. Created 7 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chromeos/network/client_cert_util.h ('k') | chromeos/network/network_connection_handler.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chromeos/network/client_cert_util.h" 5 #include "chromeos/network/client_cert_util.h"
6 6
7 #include <cert.h> 7 #include <cert.h>
8 #include <pk11pub.h> 8 #include <pk11pub.h>
9 9
10 #include <list> 10 #include <list>
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after
84 } 84 }
85 85
86 return (std::find(issuer_ca_pems_.begin(), issuer_ca_pems_.end(), 86 return (std::find(issuer_ca_pems_.begin(), issuer_ca_pems_.end(),
87 pem_encoded) == 87 pem_encoded) ==
88 issuer_ca_pems_.end()); 88 issuer_ca_pems_.end());
89 } 89 }
90 private: 90 private:
91 const std::vector<std::string>& issuer_ca_pems_; 91 const std::vector<std::string>& issuer_ca_pems_;
92 }; 92 };
93 93
94 std::string GetStringFromDictionary(const base::DictionaryValue& dict,
95 const std::string& key) {
96 std::string s;
97 dict.GetStringWithoutPathExpansion(key, &s);
98 return s;
99 }
100
94 } // namespace 101 } // namespace
95 102
96 // Returns true only if any fields set in this pattern match exactly with 103 // Returns true only if any fields set in this pattern match exactly with
97 // similar fields in the principal. If organization_ or organizational_unit_ 104 // similar fields in the principal. If organization_ or organizational_unit_
98 // are set, then at least one of the organizations or units in the principal 105 // are set, then at least one of the organizations or units in the principal
99 // must match. 106 // must match.
100 bool CertPrincipalMatches(const IssuerSubjectPattern& pattern, 107 bool CertPrincipalMatches(const IssuerSubjectPattern& pattern,
101 const net::CertPrincipal& principal) { 108 const net::CertPrincipal& principal) {
102 if (!pattern.common_name().empty() && 109 if (!pattern.common_name().empty() &&
103 pattern.common_name() != principal.common_name) { 110 pattern.common_name() != principal.common_name) {
(...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after
231 *pkcs11_id); 238 *pkcs11_id);
232 } 239 }
233 break; 240 break;
234 } 241 }
235 } 242 }
236 DCHECK(tpm_pin_property); 243 DCHECK(tpm_pin_property);
237 if (!tpm_pin.empty()) 244 if (!tpm_pin.empty())
238 properties->SetStringWithoutPathExpansion(tpm_pin_property, tpm_pin); 245 properties->SetStringWithoutPathExpansion(tpm_pin_property, tpm_pin);
239 } 246 }
240 247
248 bool IsCertificateConfigured(const client_cert::ConfigType cert_config_type,
249 const base::DictionaryValue& service_properties) {
250 // VPN certificate properties are read from the Provider dictionary.
251 const base::DictionaryValue* provider_properties = NULL;
252 service_properties.GetDictionaryWithoutPathExpansion(
253 flimflam::kProviderProperty, &provider_properties);
254 switch (cert_config_type) {
255 case CONFIG_TYPE_NONE:
256 return true;
257 case CONFIG_TYPE_OPENVPN:
258 // OpenVPN generally requires a passphrase and we don't know whether or
pneubeck (no reviews) 2013/09/05 07:45:04 nit: or -> or not
stevenjb 2013/09/05 16:29:35 Done.
259 // one is required, so always return false here.
260 return false;
261 case CONFIG_TYPE_IPSEC:
262 // IPSec may require a passphrase, so return false here also.
263 return false;
264 case CONFIG_TYPE_EAP: {
265 std::string cert_id = GetStringFromDictionary(
266 service_properties, flimflam::kEapCertIdProperty);
267 std::string key_id = GetStringFromDictionary(
268 service_properties, flimflam::kEapKeyIdProperty);
269 std::string identity = GetStringFromDictionary(
270 service_properties, flimflam::kEapIdentityProperty);
271 return !cert_id.empty() && !key_id.empty() && !identity.empty();
272 }
273 }
274 NOTREACHED();
275 return false;
276 }
277
241 } // namespace client_cert 278 } // namespace client_cert
242 279
243 } // namespace chromeos 280 } // namespace chromeos
OLDNEW
« no previous file with comments | « chromeos/network/client_cert_util.h ('k') | chromeos/network/network_connection_handler.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698