| OLD | NEW |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/onc/onc_certificate_importer_impl.h" | 5 #include "chromeos/network/onc/onc_certificate_importer_impl.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <keyhi.h> | 8 #include <keyhi.h> |
| 9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
| 10 | 10 |
| (...skipping 260 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 271 net::CertificateList cert_list; | 271 net::CertificateList cert_list; |
| 272 cert_list.push_back(x509_cert); | 272 cert_list.push_back(x509_cert); |
| 273 net::NSSCertDatabase::ImportCertFailureList failures; | 273 net::NSSCertDatabase::ImportCertFailureList failures; |
| 274 bool success = false; | 274 bool success = false; |
| 275 if (cert_type == ::onc::certificate::kServer) | 275 if (cert_type == ::onc::certificate::kServer) |
| 276 success = target_nssdb_->ImportServerCert(cert_list, trust, &failures); | 276 success = target_nssdb_->ImportServerCert(cert_list, trust, &failures); |
| 277 else // Authority cert | 277 else // Authority cert |
| 278 success = target_nssdb_->ImportCACerts(cert_list, trust, &failures); | 278 success = target_nssdb_->ImportCACerts(cert_list, trust, &failures); |
| 279 | 279 |
| 280 if (!failures.empty()) { | 280 if (!failures.empty()) { |
| 281 std::string error_string = net::ErrorToString(failures[0].net_error); |
| 281 ONC_LOG_ERROR( | 282 ONC_LOG_ERROR( |
| 282 base::StringPrintf("Error ( %s ) importing %s certificate", | 283 base::StringPrintf("Error ( %s ) importing %s certificate", |
| 283 net::ErrorToString(failures[0].net_error), | 284 error_string.c_str(), |
| 284 cert_type.c_str())); | 285 cert_type.c_str())); |
| 285 return false; | 286 return false; |
| 286 } | 287 } |
| 287 | 288 |
| 288 if (!success) { | 289 if (!success) { |
| 289 ONC_LOG_ERROR("Unknown error importing " + cert_type + " certificate."); | 290 ONC_LOG_ERROR("Unknown error importing " + cert_type + " certificate."); |
| 290 return false; | 291 return false; |
| 291 } | 292 } |
| 292 } | 293 } |
| 293 | 294 |
| (...skipping 28 matching lines...) Expand all Loading... |
| 322 crypto::ScopedPK11Slot private_slot(target_nssdb_->GetPrivateSlot()); | 323 crypto::ScopedPK11Slot private_slot(target_nssdb_->GetPrivateSlot()); |
| 323 if (!private_slot) | 324 if (!private_slot) |
| 324 return false; | 325 return false; |
| 325 scoped_refptr<net::CryptoModule> module( | 326 scoped_refptr<net::CryptoModule> module( |
| 326 net::CryptoModule::CreateFromHandle(private_slot.get())); | 327 net::CryptoModule::CreateFromHandle(private_slot.get())); |
| 327 net::CertificateList imported_certs; | 328 net::CertificateList imported_certs; |
| 328 | 329 |
| 329 int import_result = target_nssdb_->ImportFromPKCS12( | 330 int import_result = target_nssdb_->ImportFromPKCS12( |
| 330 module.get(), decoded_pkcs12, base::string16(), false, &imported_certs); | 331 module.get(), decoded_pkcs12, base::string16(), false, &imported_certs); |
| 331 if (import_result != net::OK) { | 332 if (import_result != net::OK) { |
| 333 std::string error_string = net::ErrorToString(import_result); |
| 332 ONC_LOG_ERROR( | 334 ONC_LOG_ERROR( |
| 333 base::StringPrintf("Unable to import client certificate (error %s)", | 335 base::StringPrintf("Unable to import client certificate (error %s)", |
| 334 net::ErrorToString(import_result))); | 336 error_string.c_str())); |
| 335 return false; | 337 return false; |
| 336 } | 338 } |
| 337 | 339 |
| 338 if (imported_certs.size() == 0) { | 340 if (imported_certs.size() == 0) { |
| 339 ONC_LOG_WARNING("PKCS12 data contains no importable certificates."); | 341 ONC_LOG_WARNING("PKCS12 data contains no importable certificates."); |
| 340 return true; | 342 return true; |
| 341 } | 343 } |
| 342 | 344 |
| 343 if (imported_certs.size() != 1) { | 345 if (imported_certs.size() != 1) { |
| 344 ONC_LOG_WARNING("ONC File: PKCS12 data contains more than one certificate. " | 346 ONC_LOG_WARNING("ONC File: PKCS12 data contains more than one certificate. " |
| (...skipping 12 matching lines...) Expand all Loading... |
| 357 PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str())); | 359 PK11_SetPrivateKeyNickname(private_key, const_cast<char*>(guid.c_str())); |
| 358 SECKEY_DestroyPrivateKey(private_key); | 360 SECKEY_DestroyPrivateKey(private_key); |
| 359 } else { | 361 } else { |
| 360 ONC_LOG_WARNING("Unable to find private key for certificate."); | 362 ONC_LOG_WARNING("Unable to find private key for certificate."); |
| 361 } | 363 } |
| 362 return true; | 364 return true; |
| 363 } | 365 } |
| 364 | 366 |
| 365 } // namespace onc | 367 } // namespace onc |
| 366 } // namespace chromeos | 368 } // namespace chromeos |
| OLD | NEW |