diff options
| author | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-07-03 19:21:00 +0000 |
|---|---|---|
| committer | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-07-03 19:21:00 +0000 |
| commit | 823e3cdbc71d7f7255509850f389f7d76f00ece6 (patch) | |
| tree | d48b6977d99fe8f90d3157cdd36835784c4a68a1 /chrome/browser/chromeos/cros/network_library.cc | |
| parent | 3e1593459b82220567d99ec1a766c8eddb1f8b61 (diff) | |
| download | chromium_src-823e3cdbc71d7f7255509850f389f7d76f00ece6.zip chromium_src-823e3cdbc71d7f7255509850f389f7d76f00ece6.tar.gz chromium_src-823e3cdbc71d7f7255509850f389f7d76f00ece6.tar.bz2 | |
Resolve certificate references in ONC by PEM.
In ONC, Server and CA certificates are referenced by GUID.
Before, the GUID was stored in the nickname of each certificate and used to identify each certificate.
After this change, the GUID is resolved and replaced by the PEM encoding of the certificate during import. The nickname is not used.
This commit only affects Server and CA certificates (including IssuerCARef in CertificatePatterns).
Client certificates are still identified by GUID.
This CL also
- uses the new *CaCertPEMProperty fields of Shill.
- prepares for a list of CaCerts (for EAP, IPsec and OpenVPN)
Side-effect of this CL:
IssuerCARef is stored in the UIData service-property in Shill. Because this CL replaces IssuerCARef by IssuerCAPEMs, IssuerCARef entries of old UIData properties are ignored.
This may break network configurations which were configured via chrome://net-internals.
Reimporting such a configuration will fix the problem.
BUG=208986
TBR=eroman@chromium.org (for net_internals_ui.cc)
Review URL: https://chromiumcodereview.appspot.com/16946002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@210019 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/chromeos/cros/network_library.cc')
| -rw-r--r-- | chrome/browser/chromeos/cros/network_library.cc | 32 |
1 files changed, 20 insertions, 12 deletions
diff --git a/chrome/browser/chromeos/cros/network_library.cc b/chrome/browser/chromeos/cros/network_library.cc index 5076cdc..8db027b 100644 --- a/chrome/browser/chromeos/cros/network_library.cc +++ b/chrome/browser/chromeos/cros/network_library.cc @@ -16,10 +16,12 @@ #include "chrome/browser/chromeos/cros/network_library_impl_cros.h" #include "chrome/browser/chromeos/cros/network_library_impl_stub.h" #include "chrome/common/net/x509_certificate_model.h" +#include "chromeos/network/cert_loader.h" #include "chromeos/network/certificate_pattern.h" #include "chromeos/network/certificate_pattern_matcher.h" #include "chromeos/network/cros_network_functions.h" #include "chromeos/network/network_state_handler.h" +#include "chromeos/network/onc/onc_utils.h" #include "content/public/browser/browser_thread.h" #include "grit/ash_strings.h" #include "grit/generated_resources.h" @@ -591,7 +593,7 @@ VirtualNetwork::VirtualNetwork(const std::string& service_path) VirtualNetwork::~VirtualNetwork() {} void VirtualNetwork::EraseCredentials() { - WipeString(&ca_cert_nss_); + WipeString(&ca_cert_pem_); WipeString(&psk_passphrase_); WipeString(&client_cert_id_); WipeString(&user_passphrase_); @@ -619,8 +621,8 @@ void VirtualNetwork::CopyCredentialsFromRemembered(Network* remembered) { VirtualNetwork* remembered_vpn = static_cast<VirtualNetwork*>(remembered); VLOG(1) << "Copy VPN credentials: " << name() << " username: " << remembered_vpn->username(); - if (ca_cert_nss_.empty()) - ca_cert_nss_ = remembered_vpn->ca_cert_nss(); + if (ca_cert_pem_.empty()) + ca_cert_pem_ = remembered_vpn->ca_cert_pem(); if (psk_passphrase_.empty()) psk_passphrase_ = remembered_vpn->psk_passphrase(); if (client_cert_id_.empty()) @@ -711,13 +713,16 @@ bool VirtualNetwork::IsUserPassphraseRequired() const { return user_passphrase_required_ && user_passphrase_.empty(); } -void VirtualNetwork::SetCACertNSS(const std::string& ca_cert_nss) { +void VirtualNetwork::SetCACertPEM(const std::string& ca_cert_pem) { + VLOG(1) << "SetCACertPEM " << ca_cert_pem; if (provider_type_ == PROVIDER_TYPE_OPEN_VPN) { - SetStringProperty( - flimflam::kOpenVPNCaCertNSSProperty, ca_cert_nss, &ca_cert_nss_); + ca_cert_pem_ = ca_cert_pem; + base::ListValue pem_list; + pem_list.AppendString(ca_cert_pem_); + SetValueProperty(shill::kOpenVPNCaCertPemProperty, pem_list); } else { SetStringProperty( - flimflam::kL2tpIpsecCaCertNssProperty, ca_cert_nss, &ca_cert_nss_); + shill::kL2tpIpsecCaCertPemProperty, ca_cert_pem, &ca_cert_pem_); } } @@ -1109,6 +1114,7 @@ void WifiNetwork::SetPassphrase(const std::string& passphrase) { void WifiNetwork::EraseCredentials() { WipeString(&passphrase_); WipeString(&user_passphrase_); + WipeString(&eap_server_ca_cert_pem_); WipeString(&eap_client_cert_pkcs11_id_); WipeString(&eap_identity_); WipeString(&eap_anonymous_identity_); @@ -1182,11 +1188,13 @@ void WifiNetwork::SetEAPPhase2Auth(EAPPhase2Auth auth) { } } -void WifiNetwork::SetEAPServerCaCertNssNickname( - const std::string& nss_nickname) { - VLOG(1) << "SetEAPServerCaCertNssNickname " << nss_nickname; - SetOrClearStringProperty(flimflam::kEapCaCertNssProperty, - nss_nickname, &eap_server_ca_cert_nss_nickname_); +void WifiNetwork::SetEAPServerCaCertPEM( + const std::string& ca_cert_pem) { + VLOG(1) << "SetEAPServerCaCertPEM " << ca_cert_pem; + eap_server_ca_cert_pem_ = ca_cert_pem; + base::ListValue pem_list; + pem_list.AppendString(ca_cert_pem); + SetValueProperty(shill::kEapCaCertPemProperty, pem_list); } void WifiNetwork::SetEAPClientCertPkcs11Id(const std::string& pkcs11_id) { |