Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(101)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chromeos/network/onc/onc_certificate_importer_impl.h

Issue 2859123003: Don't reject server and CA certs during device ONC validation (Closed)
Patch Set: Addressed comments. Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | chromeos/network/onc/onc_certificate_importer_impl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_ 5 #ifndef CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_
6 #define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_ 6 #define CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_
7 7
8 #include <map> 8 #include <map>
9 #include <memory> 9 #include <memory>
10 #include <string> 10 #include <string>
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
59 // This is the synchronous implementation of ImportCertificates. It is 59 // This is the synchronous implementation of ImportCertificates. It is
60 // executed on the given |io_task_runner_|. 60 // executed on the given |io_task_runner_|.
61 static void ParseAndStoreCertificates(::onc::ONCSource source, 61 static void ParseAndStoreCertificates(::onc::ONCSource source,
62 const DoneCallback& done_callback, 62 const DoneCallback& done_callback,
63 base::ListValue* certificates, 63 base::ListValue* certificates,
64 net::NSSCertDatabase* nssdb); 64 net::NSSCertDatabase* nssdb);
65 65
66 // Parses and stores |certificate| in the certificate store. Returns true if 66 // Parses and stores |certificate| in the certificate store. Returns true if
67 // the operation succeeded. 67 // the operation succeeded.
68 static bool ParseAndStoreCertificate( 68 static bool ParseAndStoreCertificate(
69 ::onc::ONCSource source,
69 bool allow_trust_imports, 70 bool allow_trust_imports,
70 const base::DictionaryValue& certificate, 71 const base::DictionaryValue& certificate,
71 net::NSSCertDatabase* nssdb, 72 net::NSSCertDatabase* nssdb,
72 net::CertificateList* onc_trusted_certificates); 73 net::CertificateList* onc_trusted_certificates);
73 74
74 // Imports the Server or CA certificate |certificate|. Web trust is only 75 // Imports the Server or CA certificate |certificate|. Web trust is only
75 // applied if the certificate requests the TrustBits attribute "Web" and if 76 // applied if the certificate requests the TrustBits attribute "Web" and if
76 // the |allow_trust_imports| permission is granted, otherwise the attribute is 77 // the |allow_trust_imports| permission is granted, otherwise the attribute is
77 // ignored. 78 // ignored.
78 static bool ParseServerOrCaCertificate( 79 static bool ParseServerOrCaCertificate(
80 ::onc::ONCSource source,
79 bool allow_trust_imports, 81 bool allow_trust_imports,
80 const std::string& cert_type, 82 const std::string& cert_type,
81 const std::string& guid, 83 const std::string& guid,
82 const base::DictionaryValue& certificate, 84 const base::DictionaryValue& certificate,
83 net::NSSCertDatabase* nssdb, 85 net::NSSCertDatabase* nssdb,
84 net::CertificateList* onc_trusted_certificates); 86 net::CertificateList* onc_trusted_certificates);
85 87
86 static bool ParseClientCertificate(const std::string& guid, 88 static bool ParseClientCertificate(const std::string& guid,
87 const base::DictionaryValue& certificate, 89 const base::DictionaryValue& certificate,
88 net::NSSCertDatabase* nssdb); 90 net::NSSCertDatabase* nssdb);
89 91
90 // The task runner to use for NSSCertDatabase accesses. 92 // The task runner to use for NSSCertDatabase accesses.
91 scoped_refptr<base::SequencedTaskRunner> io_task_runner_; 93 scoped_refptr<base::SequencedTaskRunner> io_task_runner_;
92 94
93 // The certificate database to which certificates are imported. 95 // The certificate database to which certificates are imported.
94 net::NSSCertDatabase* target_nssdb_; 96 net::NSSCertDatabase* target_nssdb_;
95 97
96 base::WeakPtrFactory<CertificateImporterImpl> weak_factory_; 98 base::WeakPtrFactory<CertificateImporterImpl> weak_factory_;
97 99
98 DISALLOW_COPY_AND_ASSIGN(CertificateImporterImpl); 100 DISALLOW_COPY_AND_ASSIGN(CertificateImporterImpl);
99 }; 101 };
100 102
101 } // namespace onc 103 } // namespace onc
102 } // namespace chromeos 104 } // namespace chromeos
103 105
104 #endif // CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_ 106 #endif // CHROMEOS_NETWORK_ONC_ONC_CERTIFICATE_IMPORTER_IMPL_H_
OLDNEW
« no previous file with comments | « no previous file | chromeos/network/onc/onc_certificate_importer_impl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698