Enable client certificate patterns in device ONC policy

chromeos/network/client_cert_util.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chromeos/network/client_cert_util.h"
 
 #include <cert.h>
 #include <pk11pub.h>
 #include <stddef.h>
 
@@ skipping 21 matching lines @@
 const char kDefaultTPMPin[] = "111111";
 
 std::string GetStringFromDictionary(const base::DictionaryValue& dict,
                                     const std::string& key) {
   std::string s;
   dict.GetStringWithoutPathExpansion(key, &s);
   return s;
 }
 
 void GetClientCertTypeAndPattern(
+    onc::ONCSource onc_source,
     const base::DictionaryValue& dict_with_client_cert,
     ClientCertConfig* cert_config) {
+  cert_config->source_is_device_policy_ =
+      onc_source != onc::ONC_SOURCE_USER_POLICY;
+
   dict_with_client_cert.GetStringWithoutPathExpansion(
       ::onc::eap::kIdentity, &cert_config->policy_identity);
 
   using namespace ::onc::client_cert;
   dict_with_client_cert.GetStringWithoutPathExpansion(
       kClientCertType, &cert_config->client_cert_type);
 
   if (cert_config->client_cert_type == kPattern) {
     const base::DictionaryValue* pattern = NULL;
     dict_with_client_cert.GetDictionaryWithoutPathExpansion(kClientCertPattern,
@@ skipping 205 matching lines @@
   }
 }
 
 ClientCertConfig::ClientCertConfig()
     : location(CONFIG_TYPE_NONE),
       client_cert_type(onc::client_cert::kClientCertTypeNone) {
 }
 
 ClientCertConfig::ClientCertConfig(const ClientCertConfig& other) = default;
 
-void OncToClientCertConfig(const base::DictionaryValue& network_config,
+void OncToClientCertConfig(::onc::ONCSource onc_source,
+                           const base::DictionaryValue& network_config,
                            ClientCertConfig* cert_config) {
   using namespace ::onc;
 
   *cert_config = ClientCertConfig();
 
   const base::DictionaryValue* dict_with_client_cert = NULL;
 
   const base::DictionaryValue* wifi = NULL;
   network_config.GetDictionaryWithoutPathExpansion(network_config::kWiFi,
                                                    &wifi);
@@ skipping 30 matching lines @@
                                                    &ethernet);
   if (ethernet) {
     const base::DictionaryValue* eap = NULL;
     ethernet->GetDictionaryWithoutPathExpansion(wifi::kEAP, &eap);
     if (!eap)
       return;
     dict_with_client_cert = eap;
     cert_config->location = CONFIG_TYPE_EAP;
   }
 
-  if (dict_with_client_cert)
-    GetClientCertTypeAndPattern(*dict_with_client_cert, cert_config);
+  if (dict_with_client_cert) {
+    GetClientCertTypeAndPattern(onc_source, *dict_with_client_cert,
+                                cert_config);
+  }
 }
 
 bool IsCertificateConfigured(const ConfigType cert_config_type,
                              const base::DictionaryValue& service_properties) {
   // VPN certificate properties are read from the Provider dictionary.
   const base::DictionaryValue* provider_properties = NULL;
   service_properties.GetDictionaryWithoutPathExpansion(
       shill::kProviderProperty, &provider_properties);
   switch (cert_config_type) {
     case CONFIG_TYPE_NONE:
@@ skipping 21 matching lines @@
       return !cert_id.empty() && !key_id.empty() && !identity.empty();
     }
   }
   NOTREACHED();
   return false;
 }
 
 }  // namespace client_cert
 
 }  // namespace chromeos