summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorgspencer@chromium.org <gspencer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-07-24 21:35:40 +0000
committergspencer@chromium.org <gspencer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-07-24 21:35:40 +0000
commit4a5c2ec6d21eaab224eff826b524403c8852e936 (patch)
treee8ebe419fda18938dbbcad081415701994d4d902
parentb8d39a65ae7830fb2e255dd60bbe533610d38977 (diff)
downloadchromium_src-4a5c2ec6d21eaab224eff826b524403c8852e936.zip
chromium_src-4a5c2ec6d21eaab224eff826b524403c8852e936.tar.gz
chromium_src-4a5c2ec6d21eaab224eff826b524403c8852e936.tar.bz2
Merge 146447 - This fixes the X509 certificate import so that it accepts actual PEM file.
Before we were only accepting the base64 encoded payload of the PEM file (the base64 encoded DER cert). Now we strip off leading and trailing garbage, the markers, and whitespace around the base64 encoded payload. BUG=chromium:135499 TEST=ran unit test with new input. Review URL: https://chromiumcodereview.appspot.com/10763012 TBR=gspencer@chromium.org Review URL: https://chromiumcodereview.appspot.com/10802095 git-svn-id: svn://svn.chromium.org/chrome/branches/1180/src@148207 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat
-rw-r--r--chrome/browser/chromeos/cros/onc_network_parser.cc33
-rw-r--r--chrome/test/data/chromeos/cros/certificate-server.onc4
2 files changed, 29 insertions, 8 deletions
diff --git a/chrome/browser/chromeos/cros/onc_network_parser.cc b/chrome/browser/chromeos/cros/onc_network_parser.cc
index 52439b5..2b5a349 100644
--- a/chrome/browser/chromeos/cros/onc_network_parser.cc
+++ b/chrome/browser/chromeos/cros/onc_network_parser.cc
@@ -31,6 +31,7 @@
#include "net/base/cert_database.h"
#include "net/base/crypto_module.h"
#include "net/base/net_errors.h"
+#include "net/base/pem_tokenizer.h"
#include "net/base/x509_certificate.h"
#include "net/proxy/proxy_bypass_rules.h"
#include "third_party/cros_system_api/dbus/service_constants.h"
@@ -41,6 +42,11 @@ namespace chromeos {
// Local constants.
namespace {
+// The PEM block header used for DER certificates
+const char kCertificateHeader[] = "CERTIFICATE";
+// This is an older PEM marker for DER certificates.
+const char kX509CertificateHeader[] = "X509 CERTIFICATE";
+
const base::Value::Type TYPE_BOOLEAN = base::Value::TYPE_BOOLEAN;
const base::Value::Type TYPE_DICTIONARY = base::Value::TYPE_DICTIONARY;
const base::Value::Type TYPE_INTEGER = base::Value::TYPE_INTEGER;
@@ -854,13 +860,28 @@ OncNetworkParser::ParseServerOrCaCertificate(
return NULL;
}
+ // Parse PEM certificate, and get the decoded data for use in creating
+ // certificate below.
+ std::vector<std::string> pem_headers;
+ pem_headers.push_back(kCertificateHeader);
+ pem_headers.push_back(kX509CertificateHeader);
+
+ net::PEMTokenizer pem_tokenizer(x509_data, pem_headers);
std::string decoded_x509;
- if (!base::Base64Decode(x509_data, &decoded_x509)) {
- LOG(WARNING) << "Unable to base64 decode X509 data: \""
- << x509_data << "\".";
- parse_error_ = l10n_util::GetStringUTF8(
- IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MALFORMED);
- return NULL;
+ if (!pem_tokenizer.GetNext()) {
+ // If we failed to read the data as a PEM file, then let's just try plain
+ // base64 decode: some versions of Spigots didn't apply the PEM marker
+ // strings. For this to work, there has to be no white space, and it has to
+ // only contain the base64-encoded data.
+ if (!base::Base64Decode(x509_data, &decoded_x509)) {
+ LOG(WARNING) << "Unable to base64 decode X509 data: \""
+ << x509_data << "\".";
+ parse_error_ = l10n_util::GetStringUTF8(
+ IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MALFORMED);
+ return NULL;
+ }
+ } else {
+ decoded_x509 = pem_tokenizer.data();
}
scoped_refptr<net::X509Certificate> x509_cert =
diff --git a/chrome/test/data/chromeos/cros/certificate-server.onc b/chrome/test/data/chromeos/cros/certificate-server.onc
index 13152d3..2a820e3 100644
--- a/chrome/test/data/chromeos/cros/certificate-server.onc
+++ b/chrome/test/data/chromeos/cros/certificate-server.onc
@@ -6,9 +6,9 @@
"Web"
],
"Type": "Server",
- "X509": "MIICWDCCAcECAxAAATANBgkqhkiG9w0BAQQFADCBkzEVMBMGA1UEChMMR29vZ2xlLCBJbmMuMREwDwYDVQQLEwhDaHJvbWVPUzEiMCAGCSqGSIb3DQEJARYTZ3NwZW5jZXJAZ29vZ2xlLmNvbTEaMBgGA1UEBxMRTW91bnRhaW4gVmlldywgQ0ExCzAJBgNVBAgTAkNBMQswCQYDVQQGEwJVUzENMAsGA1UEAxMEbG1hbzAeFw0xMTAzMTYyMzQ5MzhaFw0xMjAzMTUyMzQ5MzhaMFMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEChMMR29vZ2xlLCBJbmMuMREwDwYDVQQLEwhDaHJvbWVPUzENMAsGA1UEAxMEbG1hbzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA31WiJ9LvprrhKtDlW0RdLFAO7Qjkvs+sG6j2Vp2aBSrlhALG/0BVHUhWi4F/HHJho+ncLHAg5AGO0sdAjYUdQG6tfPqjLsIALtoKEZZdFe/JhmqOEaxWsSdu2S2RdPgCQOsP79EH58gXwu2gejCkJDmU22WL4YLuqOc17nxbDC8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCv4vMD+PMlfnftu4/6Yf/oMLE8yCOqZTQ/dWCxB9PiJnOefiBeSzSZE6Uv3G7qnblZPVZaFeJMd+ostt0viCyPucFsFgLMyyoV1dMVPVwJT5Iq1AHehWXnTBbxUK9wioA5jOEKdroKjuSSsg/Q8Wx6cpJmttQz5olGPgstmACRWA=="
+ "X509": "leading junk \n-----BEGIN CERTIFICATE----- \nMIICWDCCAcECAxAAATANBgkqhkiG9w0BAQQFADCBkzEVMBMGA1UEChMMR29vZ2xlLCBJbm\nMuMREwDwYDVQQLEwhDaHJvbWVPUzEiMCAGCSqGSIb3DQEJARYTZ3NwZW5jZXJAZ29vZ2xl\nLmNvbTEaMBgGA1UEBxMRTW91bnRhaW4gVmlldywgQ0ExCzAJBgNVBAgTAkNBMQswCQYDVQ\nQGEwJVUzENMAsGA1UEAxMEbG1hbzAeFw0xMTAzMTYyMzQ5MzhaFw0xMjAzMTUyMzQ5Mzha\nMFMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEChMMR29vZ2xlLCBJbmMuMR\nEwDwYDVQQLEwhDaHJvbWVPUzENMAsGA1UEAxMEbG1hbzCBnzANBgkqhkiG9w0BAQEFAAOB\njQAwgYkCgYEA31WiJ9LvprrhKtDlW0RdLFAO7Qjkvs+sG6j2Vp2aBSrlhALG/0BVHUhWi4\nF/HHJho+ncLHAg5AGO0sdAjYUdQG6tfPqjLsIALtoKEZZdFe/JhmqOEaxWsSdu2S2RdPgC\nQOsP79EH58gXwu2gejCkJDmU22WL4YLuqOc17nxbDC8CAwEAATANBgkqhkiG9w0BAQQFAA\nOBgQCv4vMD+PMlfnftu4/6Yf/oMLE8yCOqZTQ/dWCxB9PiJnOefiBeSzSZE6Uv3G7qnblZ\nPVZaFeJMd+ostt0viCyPucFsFgLMyyoV1dMVPVwJT5Iq1AHehWXnTBbxUK9wioA5jOEKdr\noKjuSSsg/Q8Wx6cpJmttQz5olGPgstmACRWA==\n-----END CERTIFICATE----- \ntrailing junk"
}
],
"NetworkConfigurations": [],
"Type": "UnencryptedConfiguration"
-} \ No newline at end of file
+}
generated by cgit v1.1 at 2024-12-22 18:20:42 +0000