Allow ${CERT_SAN_EMAIL} and ${CERT_SAN_UPN} in the ONC Identity field

Currently enterprise customers can specify ${LOGIN_ID} or ${LOGIN_EMAIL}
to tell Chrome OS to substitute user identity information into an EAP
configuration.  However, in some installations, the login ID for the
Chromebook does not match the login ID for the EAP-TLS wireless network;
instead, the EAP-TLS identity is stored in the subjectAltName field
in the client certificate.  Add code to Chrome to allow this
field to be extracted if so configured in CPanel.

BUG=549659
TEST=`chromeos_unittests`
TEST=manually configure EAP-TLS network in CPanel, then watch
     the `freeradius -X` logs during connection

Review URL: https://codereview.chromium.org/1717123002

Cr-Commit-Position: refs/heads/master@{#379056}

2 files changed, 4 insertions, 0 deletions

diff --git a/components/onc/onc_constants.cc b/components/onc/onc_constants.cc
index 7b3c014..791ce67 100644
--- a/components/onc/onc_constants.cc
+++ b/components/onc/onc_constants.cc
@@ -411,6 +411,8 @@ const char kWPAD[] = "WPAD";
 namespace substitutes {
 const char kLoginIDField[] = "${LOGIN_ID}";
 const char kEmailField[] = "${LOGIN_EMAIL}";
+const char kCertSANEmail[] = "${CERT_SAN_EMAIL}";
+const char kCertSANUPN[] = "${CERT_SAN_UPN}";
 }  // namespace substitutes
 
 namespace global_network_config {
diff --git a/components/onc/onc_constants.h b/components/onc/onc_constants.h
index f0fb7ec..40a469d 100644
--- a/components/onc/onc_constants.h
+++ b/components/onc/onc_constants.h
@@ -410,6 +410,8 @@ ONC_EXPORT extern const char kSubject[];
 namespace substitutes {
 ONC_EXPORT extern const char kEmailField[];
 ONC_EXPORT extern const char kLoginIDField[];
+ONC_EXPORT extern const char kCertSANEmail[];
+ONC_EXPORT extern const char kCertSANUPN[];
 }  // namespace substitutes
 
 namespace proxy {