summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--chrome/browser/chromeos/cros/onc_network_parser.cc33
-rw-r--r--chrome/test/data/chromeos/cros/certificate-server.onc4
2 files changed, 29 insertions, 8 deletions
diff --git a/chrome/browser/chromeos/cros/onc_network_parser.cc b/chrome/browser/chromeos/cros/onc_network_parser.cc
index 52439b5..2b5a349 100644
--- a/chrome/browser/chromeos/cros/onc_network_parser.cc
+++ b/chrome/browser/chromeos/cros/onc_network_parser.cc
@@ -31,6 +31,7 @@
#include "net/base/cert_database.h"
#include "net/base/crypto_module.h"
#include "net/base/net_errors.h"
+#include "net/base/pem_tokenizer.h"
#include "net/base/x509_certificate.h"
#include "net/proxy/proxy_bypass_rules.h"
#include "third_party/cros_system_api/dbus/service_constants.h"
@@ -41,6 +42,11 @@ namespace chromeos {
// Local constants.
namespace {
+// The PEM block header used for DER certificates
+const char kCertificateHeader[] = "CERTIFICATE";
+// This is an older PEM marker for DER certificates.
+const char kX509CertificateHeader[] = "X509 CERTIFICATE";
+
const base::Value::Type TYPE_BOOLEAN = base::Value::TYPE_BOOLEAN;
const base::Value::Type TYPE_DICTIONARY = base::Value::TYPE_DICTIONARY;
const base::Value::Type TYPE_INTEGER = base::Value::TYPE_INTEGER;
@@ -854,13 +860,28 @@ OncNetworkParser::ParseServerOrCaCertificate(
return NULL;
}
+ // Parse PEM certificate, and get the decoded data for use in creating
+ // certificate below.
+ std::vector<std::string> pem_headers;
+ pem_headers.push_back(kCertificateHeader);
+ pem_headers.push_back(kX509CertificateHeader);
+
+ net::PEMTokenizer pem_tokenizer(x509_data, pem_headers);
std::string decoded_x509;
- if (!base::Base64Decode(x509_data, &decoded_x509)) {
- LOG(WARNING) << "Unable to base64 decode X509 data: \""
- << x509_data << "\".";
- parse_error_ = l10n_util::GetStringUTF8(
- IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MALFORMED);
- return NULL;
+ if (!pem_tokenizer.GetNext()) {
+ // If we failed to read the data as a PEM file, then let's just try plain
+ // base64 decode: some versions of Spigots didn't apply the PEM marker
+ // strings. For this to work, there has to be no white space, and it has to
+ // only contain the base64-encoded data.
+ if (!base::Base64Decode(x509_data, &decoded_x509)) {
+ LOG(WARNING) << "Unable to base64 decode X509 data: \""
+ << x509_data << "\".";
+ parse_error_ = l10n_util::GetStringUTF8(
+ IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MALFORMED);
+ return NULL;
+ }
+ } else {
+ decoded_x509 = pem_tokenizer.data();
}
scoped_refptr<net::X509Certificate> x509_cert =
diff --git a/chrome/test/data/chromeos/cros/certificate-server.onc b/chrome/test/data/chromeos/cros/certificate-server.onc
index 13152d3..2a820e3 100644
--- a/chrome/test/data/chromeos/cros/certificate-server.onc
+++ b/chrome/test/data/chromeos/cros/certificate-server.onc
@@ -6,9 +6,9 @@
"Web"
],
"Type": "Server",
- "X509": "MIICWDCCAcECAxAAATANBgkqhkiG9w0BAQQFADCBkzEVMBMGA1UEChMMR29vZ2xlLCBJbmMuMREwDwYDVQQLEwhDaHJvbWVPUzEiMCAGCSqGSIb3DQEJARYTZ3NwZW5jZXJAZ29vZ2xlLmNvbTEaMBgGA1UEBxMRTW91bnRhaW4gVmlldywgQ0ExCzAJBgNVBAgTAkNBMQswCQYDVQQGEwJVUzENMAsGA1UEAxMEbG1hbzAeFw0xMTAzMTYyMzQ5MzhaFw0xMjAzMTUyMzQ5MzhaMFMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEChMMR29vZ2xlLCBJbmMuMREwDwYDVQQLEwhDaHJvbWVPUzENMAsGA1UEAxMEbG1hbzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA31WiJ9LvprrhKtDlW0RdLFAO7Qjkvs+sG6j2Vp2aBSrlhALG/0BVHUhWi4F/HHJho+ncLHAg5AGO0sdAjYUdQG6tfPqjLsIALtoKEZZdFe/JhmqOEaxWsSdu2S2RdPgCQOsP79EH58gXwu2gejCkJDmU22WL4YLuqOc17nxbDC8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCv4vMD+PMlfnftu4/6Yf/oMLE8yCOqZTQ/dWCxB9PiJnOefiBeSzSZE6Uv3G7qnblZPVZaFeJMd+ostt0viCyPucFsFgLMyyoV1dMVPVwJT5Iq1AHehWXnTBbxUK9wioA5jOEKdroKjuSSsg/Q8Wx6cpJmttQz5olGPgstmACRWA=="
+ "X509": "leading junk \n-----BEGIN CERTIFICATE----- \nMIICWDCCAcECAxAAATANBgkqhkiG9w0BAQQFADCBkzEVMBMGA1UEChMMR29vZ2xlLCBJbm\nMuMREwDwYDVQQLEwhDaHJvbWVPUzEiMCAGCSqGSIb3DQEJARYTZ3NwZW5jZXJAZ29vZ2xl\nLmNvbTEaMBgGA1UEBxMRTW91bnRhaW4gVmlldywgQ0ExCzAJBgNVBAgTAkNBMQswCQYDVQ\nQGEwJVUzENMAsGA1UEAxMEbG1hbzAeFw0xMTAzMTYyMzQ5MzhaFw0xMjAzMTUyMzQ5Mzha\nMFMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEChMMR29vZ2xlLCBJbmMuMR\nEwDwYDVQQLEwhDaHJvbWVPUzENMAsGA1UEAxMEbG1hbzCBnzANBgkqhkiG9w0BAQEFAAOB\njQAwgYkCgYEA31WiJ9LvprrhKtDlW0RdLFAO7Qjkvs+sG6j2Vp2aBSrlhALG/0BVHUhWi4\nF/HHJho+ncLHAg5AGO0sdAjYUdQG6tfPqjLsIALtoKEZZdFe/JhmqOEaxWsSdu2S2RdPgC\nQOsP79EH58gXwu2gejCkJDmU22WL4YLuqOc17nxbDC8CAwEAATANBgkqhkiG9w0BAQQFAA\nOBgQCv4vMD+PMlfnftu4/6Yf/oMLE8yCOqZTQ/dWCxB9PiJnOefiBeSzSZE6Uv3G7qnblZ\nPVZaFeJMd+ostt0viCyPucFsFgLMyyoV1dMVPVwJT5Iq1AHehWXnTBbxUK9wioA5jOEKdr\noKjuSSsg/Q8Wx6cpJmttQz5olGPgstmACRWA==\n-----END CERTIFICATE----- \ntrailing junk"
}
],
"NetworkConfigurations": [],
"Type": "UnencryptedConfiguration"
-} \ No newline at end of file
+}