diff options
-rw-r--r-- | chrome/browser/chromeos/cros/onc_network_parser.cc | 33 | ||||
-rw-r--r-- | chrome/test/data/chromeos/cros/certificate-server.onc | 4 |
2 files changed, 29 insertions, 8 deletions
diff --git a/chrome/browser/chromeos/cros/onc_network_parser.cc b/chrome/browser/chromeos/cros/onc_network_parser.cc index 52439b5..2b5a349 100644 --- a/chrome/browser/chromeos/cros/onc_network_parser.cc +++ b/chrome/browser/chromeos/cros/onc_network_parser.cc @@ -31,6 +31,7 @@ #include "net/base/cert_database.h" #include "net/base/crypto_module.h" #include "net/base/net_errors.h" +#include "net/base/pem_tokenizer.h" #include "net/base/x509_certificate.h" #include "net/proxy/proxy_bypass_rules.h" #include "third_party/cros_system_api/dbus/service_constants.h" @@ -41,6 +42,11 @@ namespace chromeos { // Local constants. namespace { +// The PEM block header used for DER certificates +const char kCertificateHeader[] = "CERTIFICATE"; +// This is an older PEM marker for DER certificates. +const char kX509CertificateHeader[] = "X509 CERTIFICATE"; + const base::Value::Type TYPE_BOOLEAN = base::Value::TYPE_BOOLEAN; const base::Value::Type TYPE_DICTIONARY = base::Value::TYPE_DICTIONARY; const base::Value::Type TYPE_INTEGER = base::Value::TYPE_INTEGER; @@ -854,13 +860,28 @@ OncNetworkParser::ParseServerOrCaCertificate( return NULL; } + // Parse PEM certificate, and get the decoded data for use in creating + // certificate below. + std::vector<std::string> pem_headers; + pem_headers.push_back(kCertificateHeader); + pem_headers.push_back(kX509CertificateHeader); + + net::PEMTokenizer pem_tokenizer(x509_data, pem_headers); std::string decoded_x509; - if (!base::Base64Decode(x509_data, &decoded_x509)) { - LOG(WARNING) << "Unable to base64 decode X509 data: \"" - << x509_data << "\"."; - parse_error_ = l10n_util::GetStringUTF8( - IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MALFORMED); - return NULL; + if (!pem_tokenizer.GetNext()) { + // If we failed to read the data as a PEM file, then let's just try plain + // base64 decode: some versions of Spigots didn't apply the PEM marker + // strings. For this to work, there has to be no white space, and it has to + // only contain the base64-encoded data. + if (!base::Base64Decode(x509_data, &decoded_x509)) { + LOG(WARNING) << "Unable to base64 decode X509 data: \"" + << x509_data << "\"."; + parse_error_ = l10n_util::GetStringUTF8( + IDS_NETWORK_CONFIG_ERROR_CERT_DATA_MALFORMED); + return NULL; + } + } else { + decoded_x509 = pem_tokenizer.data(); } scoped_refptr<net::X509Certificate> x509_cert = diff --git a/chrome/test/data/chromeos/cros/certificate-server.onc b/chrome/test/data/chromeos/cros/certificate-server.onc index 13152d3..2a820e3 100644 --- a/chrome/test/data/chromeos/cros/certificate-server.onc +++ b/chrome/test/data/chromeos/cros/certificate-server.onc @@ -6,9 +6,9 @@ "Web" ], "Type": "Server", - "X509": "MIICWDCCAcECAxAAATANBgkqhkiG9w0BAQQFADCBkzEVMBMGA1UEChMMR29vZ2xlLCBJbmMuMREwDwYDVQQLEwhDaHJvbWVPUzEiMCAGCSqGSIb3DQEJARYTZ3NwZW5jZXJAZ29vZ2xlLmNvbTEaMBgGA1UEBxMRTW91bnRhaW4gVmlldywgQ0ExCzAJBgNVBAgTAkNBMQswCQYDVQQGEwJVUzENMAsGA1UEAxMEbG1hbzAeFw0xMTAzMTYyMzQ5MzhaFw0xMjAzMTUyMzQ5MzhaMFMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEChMMR29vZ2xlLCBJbmMuMREwDwYDVQQLEwhDaHJvbWVPUzENMAsGA1UEAxMEbG1hbzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA31WiJ9LvprrhKtDlW0RdLFAO7Qjkvs+sG6j2Vp2aBSrlhALG/0BVHUhWi4F/HHJho+ncLHAg5AGO0sdAjYUdQG6tfPqjLsIALtoKEZZdFe/JhmqOEaxWsSdu2S2RdPgCQOsP79EH58gXwu2gejCkJDmU22WL4YLuqOc17nxbDC8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCv4vMD+PMlfnftu4/6Yf/oMLE8yCOqZTQ/dWCxB9PiJnOefiBeSzSZE6Uv3G7qnblZPVZaFeJMd+ostt0viCyPucFsFgLMyyoV1dMVPVwJT5Iq1AHehWXnTBbxUK9wioA5jOEKdroKjuSSsg/Q8Wx6cpJmttQz5olGPgstmACRWA==" + "X509": "leading junk \n-----BEGIN CERTIFICATE----- \nMIICWDCCAcECAxAAATANBgkqhkiG9w0BAQQFADCBkzEVMBMGA1UEChMMR29vZ2xlLCBJbm\nMuMREwDwYDVQQLEwhDaHJvbWVPUzEiMCAGCSqGSIb3DQEJARYTZ3NwZW5jZXJAZ29vZ2xl\nLmNvbTEaMBgGA1UEBxMRTW91bnRhaW4gVmlldywgQ0ExCzAJBgNVBAgTAkNBMQswCQYDVQ\nQGEwJVUzENMAsGA1UEAxMEbG1hbzAeFw0xMTAzMTYyMzQ5MzhaFw0xMjAzMTUyMzQ5Mzha\nMFMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEChMMR29vZ2xlLCBJbmMuMR\nEwDwYDVQQLEwhDaHJvbWVPUzENMAsGA1UEAxMEbG1hbzCBnzANBgkqhkiG9w0BAQEFAAOB\njQAwgYkCgYEA31WiJ9LvprrhKtDlW0RdLFAO7Qjkvs+sG6j2Vp2aBSrlhALG/0BVHUhWi4\nF/HHJho+ncLHAg5AGO0sdAjYUdQG6tfPqjLsIALtoKEZZdFe/JhmqOEaxWsSdu2S2RdPgC\nQOsP79EH58gXwu2gejCkJDmU22WL4YLuqOc17nxbDC8CAwEAATANBgkqhkiG9w0BAQQFAA\nOBgQCv4vMD+PMlfnftu4/6Yf/oMLE8yCOqZTQ/dWCxB9PiJnOefiBeSzSZE6Uv3G7qnblZ\nPVZaFeJMd+ostt0viCyPucFsFgLMyyoV1dMVPVwJT5Iq1AHehWXnTBbxUK9wioA5jOEKdr\noKjuSSsg/Q8Wx6cpJmttQz5olGPgstmACRWA==\n-----END CERTIFICATE----- \ntrailing junk" } ], "NetworkConfigurations": [], "Type": "UnencryptedConfiguration" -}
\ No newline at end of file +} |