diff options
| author | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-07-03 19:21:00 +0000 |
|---|---|---|
| committer | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-07-03 19:21:00 +0000 |
| commit | 823e3cdbc71d7f7255509850f389f7d76f00ece6 (patch) | |
| tree | d48b6977d99fe8f90d3157cdd36835784c4a68a1 /chrome/test | |
| parent | 3e1593459b82220567d99ec1a766c8eddb1f8b61 (diff) | |
| download | chromium_src-823e3cdbc71d7f7255509850f389f7d76f00ece6.zip chromium_src-823e3cdbc71d7f7255509850f389f7d76f00ece6.tar.gz chromium_src-823e3cdbc71d7f7255509850f389f7d76f00ece6.tar.bz2 | |
Resolve certificate references in ONC by PEM.
In ONC, Server and CA certificates are referenced by GUID.
Before, the GUID was stored in the nickname of each certificate and used to identify each certificate.
After this change, the GUID is resolved and replaced by the PEM encoding of the certificate during import. The nickname is not used.
This commit only affects Server and CA certificates (including IssuerCARef in CertificatePatterns).
Client certificates are still identified by GUID.
This CL also
- uses the new *CaCertPEMProperty fields of Shill.
- prepares for a list of CaCerts (for EAP, IPsec and OpenVPN)
Side-effect of this CL:
IssuerCARef is stored in the UIData service-property in Shill. Because this CL replaces IssuerCARef by IssuerCAPEMs, IssuerCARef entries of old UIData properties are ignored.
This may break network configurations which were configured via chrome://net-internals.
Reimporting such a configuration will fix the problem.
BUG=208986
TBR=eroman@chromium.org (for net_internals_ui.cc)
Review URL: https://chromiumcodereview.appspot.com/16946002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@210019 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/test')
4 files changed, 8 insertions, 8 deletions
diff --git a/chrome/test/data/chromeos/net/shill_for_managed_toplevel1.json b/chrome/test/data/chromeos/net/shill_for_managed_toplevel1.json index 1606838..f4d3de4 100644 --- a/chrome/test/data/chromeos/net/shill_for_managed_toplevel1.json +++ b/chrome/test/data/chromeos/net/shill_for_managed_toplevel1.json @@ -8,7 +8,7 @@ "Provider.Host": "policys host", "Provider.Type": "openvpn", "Type": "vpn", - "UIData": "{\"certificate_pattern\":{\"IssuerCARef\":[\"openvpn-test-ca\"]},\"certificate_type\":\"pattern\",\"onc_source\":\"user_policy\"}" + "UIData": "{\"certificate_pattern\":{\"IssuerCAPEMs\":[\"pem1\"]},\"certificate_type\":\"pattern\",\"onc_source\":\"user_policy\"}" }, "Fake Ethernet": { "GUID": "guid", diff --git a/chrome/test/data/chromeos/net/shill_for_managed_toplevel2.json b/chrome/test/data/chromeos/net/shill_for_managed_toplevel2.json index f37e67c..6823f99 100644 --- a/chrome/test/data/chromeos/net/shill_for_managed_toplevel2.json +++ b/chrome/test/data/chromeos/net/shill_for_managed_toplevel2.json @@ -11,7 +11,7 @@ "SaveCredentials": true, "Security": "802_1x", "Type": "wifi", - "UIData": "{\"certificate_pattern\":{\"EnrollmentURI\":[\"chrome-extension://delkjfjibodjclmdijflfnimdmgdagfk/generate-cert.html\"],\"IssuerCARef\":[\"{58ac1967-a0e7-49e9-be68-123abc}\",\"{42cb13cd-140c-4941-9fb6-456def}\"]},\"certificate_type\":\"pattern\",\"onc_source\":\"user_policy\"}" + "UIData": "{\"certificate_pattern\":{\"EnrollmentURI\":[\"chrome-extension://delkjfjibodjclmdijflfnimdmgdagfk/generate-cert.html\"],\"IssuerCAPEMs\":[\"pem1\",\"pem2\"]},\"certificate_type\":\"pattern\",\"onc_source\":\"user_policy\"}" }, "{a3860e83-f03d-4cb1-bafa-789oij}": { "GUID": "{a3860e83-f03d-4cb1-bafa-789oij}", @@ -19,7 +19,7 @@ "OpenVPN.AuthRetry": "interact", // Not needed by Shill. // "OpenVPN.AuthUserPass": "", - "OpenVPN.CACertNSS": "{14ff4d51-64c1-4c86-a622-054dxyz}", + "OpenVPN.CACertPEM": [ "pem1", "pem2" ], "OpenVPN.CompLZO": "true", "OpenVPN.KeyDirection": "1", // Ignored by Shill. @@ -42,7 +42,7 @@ "ProxyConfig": "{\"mode\":\"pac_script\",\"pac_mandatory\":false,\"pac_url\":\"http://proxycfg.my.domain/proxy.dat\"}", "SaveCredentials": false, "Type": "vpn", - "UIData": "{\"certificate_pattern\":{\"EnrollmentURI\":[\"chrome-extension://deicdjjibodjclmdijflfnimdmgdagfk/keygen-cert.html\"],\"IssuerCARef\":[\"{58ac1967-a0e7-49e9-be68-eb44b8827bcc}\",\"{42cb13cd-140c-4941-9fb6-0824ea2fde17}\"]},\"certificate_type\":\"pattern\",\"onc_source\":\"user_policy\"}" + "UIData": "{\"certificate_pattern\":{\"EnrollmentURI\":[\"chrome-extension://deicdjjibodjclmdijflfnimdmgdagfk/keygen-cert.html\"],\"IssuerCAPEMs\":[\"pem3\",\"pem4\"]},\"certificate_type\":\"pattern\",\"onc_source\":\"user_policy\"}" // Ignored by Shill. // "VPN.Domain": "" } diff --git a/chrome/test/data/chromeos/net/shill_for_toplevel_openvpn_clientcert.json b/chrome/test/data/chromeos/net/shill_for_toplevel_openvpn_clientcert.json index ab74326..93034e83 100644 --- a/chrome/test/data/chromeos/net/shill_for_toplevel_openvpn_clientcert.json +++ b/chrome/test/data/chromeos/net/shill_for_toplevel_openvpn_clientcert.json @@ -1,11 +1,11 @@ -{ +{ "{408290ea-9299-4757-ab04-8957d55f0f13}": { "GUID": "{408290ea-9299-4757-ab04-8957d55f0f13}", "Name": "MyVPN", "OpenVPN.AuthRetry": "interact", // Not needed by Shill. // "OpenVPN.AuthUserPass": "", - "OpenVPN.CACertNSS": "{55ca78f6-0842-4e1b-96a3-09a9e1a26ef5}", + "OpenVPN.CACertPEM": [ "pem1" ], "OpenVPN.CompLZO": "true", "OpenVPN.KeyDirection": "1", "OpenVPN.Port": "443", diff --git a/chrome/test/data/chromeos/net/shill_for_toplevel_wifi_eap_clientcert.json b/chrome/test/data/chromeos/net/shill_for_toplevel_wifi_eap_clientcert.json index 7c5adb2..6d87daf 100644 --- a/chrome/test/data/chromeos/net/shill_for_toplevel_wifi_eap_clientcert.json +++ b/chrome/test/data/chromeos/net/shill_for_toplevel_wifi_eap_clientcert.json @@ -1,7 +1,7 @@ -{ +{ "{88dc6576-a740-ded0-3c0f16c4c7f5fb51}": { "AutoConnect": false, - "EAP.CACertNSS": "{f5f2c9c9-0079-a712-49da21137af62fdd}", + "EAP.CACertPEM": [ "pem1", "pem2" ], "EAP.EAP": "TLS", "EAP.UseSystemCAs": true, "GUID": "{88dc6576-a740-ded0-3c0f16c4c7f5fb51}", |