OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chromeos/network/onc/onc_certificate_importer_impl.h" | 5 #include "chromeos/network/onc/onc_certificate_importer_impl.h" |
6 | 6 |
7 #include <cert.h> | 7 #include <cert.h> |
8 #include <keyhi.h> | 8 #include <keyhi.h> |
9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
10 #include <stddef.h> | 10 #include <stddef.h> |
(...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
160 const base::DictionaryValue& certificate, | 160 const base::DictionaryValue& certificate, |
161 net::NSSCertDatabase* nssdb, | 161 net::NSSCertDatabase* nssdb, |
162 net::CertificateList* onc_trusted_certificates) { | 162 net::CertificateList* onc_trusted_certificates) { |
163 bool web_trust_flag = false; | 163 bool web_trust_flag = false; |
164 const base::ListValue* trust_list = NULL; | 164 const base::ListValue* trust_list = NULL; |
165 if (certificate.GetListWithoutPathExpansion(::onc::certificate::kTrustBits, | 165 if (certificate.GetListWithoutPathExpansion(::onc::certificate::kTrustBits, |
166 &trust_list)) { | 166 &trust_list)) { |
167 for (base::ListValue::const_iterator it = trust_list->begin(); | 167 for (base::ListValue::const_iterator it = trust_list->begin(); |
168 it != trust_list->end(); ++it) { | 168 it != trust_list->end(); ++it) { |
169 std::string trust_type; | 169 std::string trust_type; |
170 if (!(*it)->GetAsString(&trust_type)) | 170 if (!it->GetAsString(&trust_type)) |
171 NOTREACHED(); | 171 NOTREACHED(); |
172 | 172 |
173 if (trust_type == ::onc::certificate::kWeb) { | 173 if (trust_type == ::onc::certificate::kWeb) { |
174 // "Web" implies that the certificate is to be trusted for SSL | 174 // "Web" implies that the certificate is to be trusted for SSL |
175 // identification. | 175 // identification. |
176 web_trust_flag = true; | 176 web_trust_flag = true; |
177 } else { | 177 } else { |
178 // Trust bits should only increase trust and never restrict. Thus, | 178 // Trust bits should only increase trust and never restrict. Thus, |
179 // ignoring unknown bits should be safe. | 179 // ignoring unknown bits should be safe. |
180 LOG(WARNING) << "Certificate contains unknown trust type " | 180 LOG(WARNING) << "Certificate contains unknown trust type " |
(...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
320 PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str())); | 320 PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str())); |
321 SECKEY_DestroyPrivateKey(private_key); | 321 SECKEY_DestroyPrivateKey(private_key); |
322 } else { | 322 } else { |
323 LOG(WARNING) << "Unable to find private key for certificate."; | 323 LOG(WARNING) << "Unable to find private key for certificate."; |
324 } | 324 } |
325 return true; | 325 return true; |
326 } | 326 } |
327 | 327 |
328 } // namespace onc | 328 } // namespace onc |
329 } // namespace chromeos | 329 } // namespace chromeos |
OLD | NEW |