diff options
16 files changed, 74 insertions, 71 deletions
diff --git a/chromeos/docs/onc_spec.html b/chromeos/docs/onc_spec.html index 3540020..0fe230b 100644 --- a/chromeos/docs/onc_spec.html +++ b/chromeos/docs/onc_spec.html @@ -1670,7 +1670,7 @@ should be set). </dd> - <dt class="field">Trust</dt> + <dt class="field">TrustBits</dt> <dd> <span class="field_meta"> (optional if <span class="field">Type</span> @@ -1679,13 +1679,14 @@ []) <span class="type">array of string</span> </span> - A array of trust attributes. Trust can - include <span class="value">Web</span>. <span class="value">Web</span> - implies that the certificate is to be trusted for HTTPS SSL - identification. A typical web certificate authority would - have <span class="field">Type</span> set to - <span class="value">Authority</span> and <span class="field">Trust</span> - set to <span class="snippet">["Web"]</span>. + An array of trust flags. Clients should ignore unknown flags. For + backwards compatibility, each flag should only increase the trust and + never restrict. The trust flag <span class="value">Web</span> implies that + the certificate is to be trusted for HTTPS SSL identification. A typical + web certificate authority would have <span class="field">Type</span> set + to <span class="value">Authority</span> and + <span class="field">TrustBits</span> set to + <span class="snippet">["Web"]</span>. </dd> <dt class="field">Type</dt> @@ -2040,7 +2041,6 @@ "Certificates": [ { "GUID": "{6ed8dce9-64c8-d568-d225d7e467e37828}", - "Trust": [], "Type": "Authority", "X509": "MIIEpzCCA4+gAwIBAgIJAMueiWq5WEIAMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGUmFkaXVzMRIwEAYDVQQHEwlTb21ld2hlcmUxFTATBgNVBAoTDEV4YW1wbGUgSW5jLjEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5jb20xJjAkBgNVBAMTHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTExMDEyODA2MjA0MFoXDTEyMDEyODA2MjA0MFowgZMxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIEwZSYWRpdXMxEjAQBgNVBAcTCVNvbWV3aGVyZTEVMBMGA1UEChMMRXhhbXBsZSBJbmMuMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTEmMCQGA1UEAxMdRXhhbXBsZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9EDplhyrVNJIoy1OsVqvD/K67B5PW2bDKKxGznodrzCu8jHsP1Ne3mgrK20vbzQUUBdmxTCWO6x3a3//r4ZuPOuZd1ViycWjt6mRfRbBzNrHzP7NiyFuXjdlz74beHQQLcHwvZ3qFAWZK37uweiLiDPaMaEQlka2Bztqx4PsogmSdoVPSCxi5Cl1XlJmITA03LlKpO79+0rEPRamWO/DMCwvffn2/UUjJLog4/lYe16HQ6iq/6bjhffm2rLXDFKOGZmBVbLNMCfANRMtdFWHYdBXERoUo2zpM9tduOOUNLy7E7kRKVm/wy38s51ChFPlpORrhimN2j1caar+KAv2tAgMBAAGjgfswgfgwHQYDVR0OBBYEFBTIImiXp+57jjgn2N5wq93GgAAtMIHIBgNVHSMEgcAwgb2AFBTIImiXp+57jjgn2N5wq93GgAAtoYGZpIGWMIGTMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGUmFkaXVzMRIwEAYDVQQHEwlTb21ld2hlcmUxFTATBgNVBAoTDEV4YW1wbGUgSW5jLjEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5jb20xJjAkBgNVBAMTHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ggkAy56JarlYQgAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAnNd0YY7s2YVYPsgEgDS+rBNjcQloTFWgc9Hv4RWBjwcdJdSPIrpBp7LSjC96wH5U4eWpQjlWbOYQ9RBq9Z/RpuAPEjzRV78rIrQrCWQ3lxwywWEb5Th1EVJSN68eNv7Ke5BlZ2l9kfLRKFm5MEBXX9YoHMX0U8I8dPIXfTyevmKOT1PuEta5cQOM6/zH86XWn6WYx3EXkyjpeIbVOw49AqaEY8u70yBmut4MO03zz/pwLjV1BWyIkXhsrtuJyA+ZImvgLK2oAMZtGGFo7b0GW/sWY/P3R6Un3RFy35k6U3kXCDYYhgZEcS36lIqcj5y6vYUUVM732/etCsuOLz6ppw==" } @@ -2071,7 +2071,7 @@ "Certificates": [ { "GUID": "{f31f2110-9f5f-61a7-a8bd7c00b94237af}", - "Trust": [ "Web" ], + "TrustBits": [ "Web" ], "Type": "Authority", "X509": "MIIEpzCCA4+gAwIBAgIJAMueiWq5WEIAMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGUmFkaXVzMRIwEAYDVQQHEwlTb21ld2hlcmUxFTATBgNVBAoTDEV4YW1wbGUgSW5jLjEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5jb20xJjAkBgNVBAMTHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTExMDEyODA2MjA0MFoXDTEyMDEyODA2MjA0MFowgZMxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIEwZSYWRpdXMxEjAQBgNVBAcTCVNvbWV3aGVyZTEVMBMGA1UEChMMRXhhbXBsZSBJbmMuMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTEmMCQGA1UEAxMdRXhhbXBsZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9EDplhyrVNJIoy1OsVqvD/K67B5PW2bDKKxGznodrzCu8jHsP1Ne3mgrK20vbzQUUBdmxTCWO6x3a3//r4ZuPOuZd1ViycWjt6mRfRbBzNrHzP7NiyFuXjdlz74beHQQLcHwvZ3qFAWZK37uweiLiDPaMaEQlka2Bztqx4PsogmSdoVPSCxi5Cl1XlJmITA03LlKpO79+0rEPRamWO/DMCwvffn2/UUjJLog4/lYe16HQ6iq/6bjhffm2rLXDFKOGZmBVbLNMCfANRMtdFWHYdBXERoUo2zpM9tduOOUNLy7E7kRKVm/wy38s51ChFPlpORrhimN2j1caar+KAv2tAgMBAAGjgfswgfgwHQYDVR0OBBYEFBTIImiXp+57jjgn2N5wq93GgAAtMIHIBgNVHSMEgcAwgb2AFBTIImiXp+57jjgn2N5wq93GgAAtoYGZpIGWMIGTMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGUmFkaXVzMRIwEAYDVQQHEwlTb21ld2hlcmUxFTATBgNVBAoTDEV4YW1wbGUgSW5jLjEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5jb20xJjAkBgNVBAMTHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ggkAy56JarlYQgAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAnNd0YY7s2YVYPsgEgDS+rBNjcQloTFWgc9Hv4RWBjwcdJdSPIrpBp7LSjC96wH5U4eWpQjlWbOYQ9RBq9Z/RpuAPEjzRV78rIrQrCWQ3lxwywWEb5Th1EVJSN68eNv7Ke5BlZ2l9kfLRKFm5MEBXX9YoHMX0U8I8dPIXfTyevmKOT1PuEta5cQOM6/zH86XWn6WYx3EXkyjpeIbVOw49AqaEY8u70yBmut4MO03zz/pwLjV1BWyIkXhsrtuJyA+ZImvgLK2oAMZtGGFo7b0GW/sWY/P3R6Un3RFy35k6U3kXCDYYhgZEcS36lIqcj5y6vYUUVM732/etCsuOLz6ppw==" } diff --git a/chromeos/network/onc/onc_certificate_importer.cc b/chromeos/network/onc/onc_certificate_importer.cc index 0dd9325..266250f 100644 --- a/chromeos/network/onc/onc_certificate_importer.cc +++ b/chromeos/network/onc/onc_certificate_importer.cc @@ -130,11 +130,11 @@ bool CertificateImporter::ParseAndStoreCertificate( net::CertificateList* onc_trusted_certificates) { // Get out the attributes of the given certificate. std::string guid; - certificate.GetString(certificate::kGUID, &guid); + certificate.GetStringWithoutPathExpansion(certificate::kGUID, &guid); DCHECK(!guid.empty()); bool remove = false; - if (certificate.GetBoolean(kRemove, &remove) && remove) { + if (certificate.GetBooleanWithoutPathExpansion(kRemove, &remove) && remove) { if (!DeleteCertAndKeyByNickname(guid)) { ONC_LOG_ERROR("Unable to delete certificate"); return false; @@ -145,7 +145,7 @@ bool CertificateImporter::ParseAndStoreCertificate( // Not removing, so let's get the data we need to add this certificate. std::string cert_type; - certificate.GetString(certificate::kType, &cert_type); + certificate.GetStringWithoutPathExpansion(certificate::kType, &cert_type); if (cert_type == certificate::kServer || cert_type == certificate::kAuthority) { return ParseServerOrCaCertificate( @@ -165,10 +165,12 @@ bool CertificateImporter::ParseServerOrCaCertificate( net::CertificateList* onc_trusted_certificates) { bool web_trust_flag = false; const base::ListValue* trust_list = NULL; - if (certificate.GetList(certificate::kTrust, &trust_list)) { - for (size_t i = 0; i < trust_list->GetSize(); ++i) { + if (certificate.GetListWithoutPathExpansion(certificate::kTrustBits, + &trust_list)) { + for (base::ListValue::const_iterator it = trust_list->begin(); + it != trust_list->end(); ++it) { std::string trust_type; - if (!trust_list->GetString(i, &trust_type)) + if (!(*it)->GetAsString(&trust_type)) NOTREACHED(); if (trust_type == certificate::kWeb) { @@ -176,8 +178,10 @@ bool CertificateImporter::ParseServerOrCaCertificate( // identification. web_trust_flag = true; } else { - ONC_LOG_ERROR("Certificate contains unknown trust type " + trust_type); - return false; + // Trust bits should only increase trust and never restrict. Thus, + // ignoring unknown bits should be safe. + ONC_LOG_WARNING("Certificate contains unknown trust type " + + trust_type); } } } @@ -185,13 +189,14 @@ bool CertificateImporter::ParseServerOrCaCertificate( bool import_with_ssl_trust = false; if (web_trust_flag) { if (!allow_trust_imports_) - LOG(WARNING) << "Web trust not granted for certificate: " << guid; + ONC_LOG_WARNING("Web trust not granted for certificate: " + guid); else import_with_ssl_trust = true; } std::string x509_data; - if (!certificate.GetString(certificate::kX509, &x509_data) || + if (!certificate.GetStringWithoutPathExpansion(certificate::kX509, + &x509_data) || x509_data.empty()) { ONC_LOG_ERROR( "Certificate missing appropriate certificate data for type: " + @@ -257,11 +262,10 @@ bool CertificateImporter::ParseServerOrCaCertificate( } // Reload the cert here to get an actual temporary cert instance. - x509_cert = - net::X509Certificate::CreateFromBytesWithNickname( - decoded_x509.data(), - decoded_x509.size(), - guid.c_str()); + x509_cert = net::X509Certificate::CreateFromBytesWithNickname( + decoded_x509.data(), + decoded_x509.size(), + guid.c_str()); if (!x509_cert.get()) { ONC_LOG_ERROR("Unable to create X509 certificate from bytes."); return false; @@ -312,7 +316,8 @@ bool CertificateImporter::ParseClientCertificate( const std::string& guid, const base::DictionaryValue& certificate) { std::string pkcs12_data; - if (!certificate.GetString(certificate::kPKCS12, &pkcs12_data) || + if (!certificate.GetStringWithoutPathExpansion(certificate::kPKCS12, + &pkcs12_data) || pkcs12_data.empty()) { ONC_LOG_ERROR("PKCS12 data is missing for client certificate."); return false; diff --git a/chromeos/network/onc/onc_certificate_importer.h b/chromeos/network/onc/onc_certificate_importer.h index ebfb9c6..5971831 100644 --- a/chromeos/network/onc/onc_certificate_importer.h +++ b/chromeos/network/onc/onc_certificate_importer.h @@ -39,7 +39,7 @@ class CHROMEOS_EXPORT CertificateImporter { }; // During import with ParseCertificate(), Web trust is only applied to Server - // and Authority certificates with the Trust attribute "Web" if the + // and Authority certificates with the TrustBits attribute "Web" if the // |allow_trust_imports| permission is granted, otherwise the attribute is // ignored. explicit CertificateImporter(bool allow_trust_imports); @@ -82,8 +82,8 @@ class CHROMEOS_EXPORT CertificateImporter { bool ParseClientCertificate(const std::string& guid, const base::DictionaryValue& certificate); - // Whether certificates with Trust attribute "Web" should be stored with web - // trust. + // Whether certificates with TrustBits attribute "Web" should be stored with + // web trust. bool allow_trust_imports_; DISALLOW_COPY_AND_ASSIGN(CertificateImporter); diff --git a/chromeos/network/onc/onc_certificate_importer_unittest.cc b/chromeos/network/onc/onc_certificate_importer_unittest.cc index e8d800d..14106d1 100644 --- a/chromeos/network/onc/onc_certificate_importer_unittest.cc +++ b/chromeos/network/onc/onc_certificate_importer_unittest.cc @@ -223,22 +223,22 @@ TEST_F(ONCCertificateImporterTest, AddAuthorityCertificateWithoutWebTrust) { EXPECT_FALSE(pubkey_list); } +struct CertParam { + CertParam(net::CertType certificate_type, + const char* original_filename, + const char* update_filename) + : cert_type(certificate_type), + original_file(original_filename), + update_file(update_filename) {} + + net::CertType cert_type; + const char* original_file; + const char* update_file; +}; + class ONCCertificateImporterTestWithParam : public ONCCertificateImporterTest, - public testing::WithParamInterface< - std::pair<net::CertType, std::pair<const char*, const char*> > > { - protected: - net::CertType GetCertTypeParam() { - return GetParam().first; - } - - std::string GetOriginalFilename() { - return GetParam().second.first; - } - - std::string GetUpdatedFilename() { - return GetParam().second.second; - } + public testing::WithParamInterface<CertParam> { }; TEST_P(ONCCertificateImporterTestWithParam, UpdateCertificate) { @@ -246,7 +246,7 @@ TEST_P(ONCCertificateImporterTestWithParam, UpdateCertificate) { { SCOPED_TRACE("Import original certificate"); std::string guid_original; - AddCertificateFromFile(GetOriginalFilename(), GetCertTypeParam(), + AddCertificateFromFile(GetParam().original_file, GetParam().cert_type, &guid_original); } @@ -255,7 +255,7 @@ TEST_P(ONCCertificateImporterTestWithParam, UpdateCertificate) { { SCOPED_TRACE("Import updated certificate"); std::string guid_updated; - AddCertificateFromFile(GetUpdatedFilename(), GetCertTypeParam(), + AddCertificateFromFile(GetParam().update_file, GetParam().cert_type, &guid_updated); } } @@ -266,7 +266,7 @@ TEST_P(ONCCertificateImporterTestWithParam, ReimportCertificate) { SCOPED_TRACE("Import certificate, iteration " + base::IntToString(i)); std::string guid_original; - AddCertificateFromFile(GetOriginalFilename(), GetCertTypeParam(), + AddCertificateFromFile(GetParam().original_file, GetParam().cert_type, &guid_original); } } @@ -275,16 +275,15 @@ INSTANTIATE_TEST_CASE_P( ONCCertificateImporterTestWithParam, ONCCertificateImporterTestWithParam, ::testing::Values( - std::make_pair(net::USER_CERT, - std::make_pair("certificate-client.onc", - "certificate-client-update.onc")), - std::make_pair(net::SERVER_CERT, - std::make_pair("certificate-server.onc", - "certificate-server-update.onc")), - std::make_pair( - net::CA_CERT, - std::make_pair("certificate-web-authority.onc", - "certificate-web-authority-update.onc")))); + CertParam(net::USER_CERT, + "certificate-client.onc", + "certificate-client-update.onc"), + CertParam(net::SERVER_CERT, + "certificate-server.onc", + "certificate-server-update.onc"), + CertParam(net::CA_CERT, + "certificate-web-authority.onc", + "certificate-web-authority-update.onc"))); } // namespace onc } // namespace chromeos diff --git a/chromeos/network/onc/onc_constants.cc b/chromeos/network/onc/onc_constants.cc index 4a87725..0fbc7a5 100644 --- a/chromeos/network/onc/onc_constants.cc +++ b/chromeos/network/onc/onc_constants.cc @@ -146,7 +146,7 @@ const char kPattern[] = "Pattern"; const char kRef[] = "Ref"; const char kServer[] = "Server"; const char kSubject[] = "Subject"; -const char kTrust[] = "Trust"; +const char kTrustBits[] = "TrustBits"; const char kType[] = "Type"; const char kWeb[] = "Web"; const char kX509[] = "X509"; diff --git a/chromeos/network/onc/onc_constants.h b/chromeos/network/onc/onc_constants.h index c0486bb..1d1ccf9 100644 --- a/chromeos/network/onc/onc_constants.h +++ b/chromeos/network/onc/onc_constants.h @@ -162,7 +162,7 @@ CHROMEOS_EXPORT extern const char kPattern[]; CHROMEOS_EXPORT extern const char kRef[]; CHROMEOS_EXPORT extern const char kServer[]; CHROMEOS_EXPORT extern const char kSubject[]; -CHROMEOS_EXPORT extern const char kTrust[]; +CHROMEOS_EXPORT extern const char kTrustBits[]; CHROMEOS_EXPORT extern const char kType[]; CHROMEOS_EXPORT extern const char kWeb[]; CHROMEOS_EXPORT extern const char kX509[]; diff --git a/chromeos/network/onc/onc_normalizer.cc b/chromeos/network/onc/onc_normalizer.cc index 9eb3b55..bd1b910 100644 --- a/chromeos/network/onc/onc_normalizer.cc +++ b/chromeos/network/onc/onc_normalizer.cc @@ -88,7 +88,7 @@ void Normalizer::NormalizeCertificate(base::DictionaryValue* cert) { std::string type; cert->GetStringWithoutPathExpansion(certificate::kType, &type); RemoveEntryUnless(cert, kPKCS12, type == kClient); - RemoveEntryUnless(cert, kTrust, type == kServer || type == kAuthority); + RemoveEntryUnless(cert, kTrustBits, type == kServer || type == kAuthority); RemoveEntryUnless(cert, kX509, type == kServer || type == kAuthority); } diff --git a/chromeos/network/onc/onc_signature.cc b/chromeos/network/onc/onc_signature.cc index f826283..964eb4d 100644 --- a/chromeos/network/onc/onc_signature.cc +++ b/chromeos/network/onc/onc_signature.cc @@ -259,7 +259,7 @@ const OncFieldSignature certificate_fields[] = { { certificate::kGUID, &kStringSignature }, { certificate::kPKCS12, &kStringSignature }, { kRemove, &kBoolSignature }, - { certificate::kTrust, &kStringListSignature }, + { certificate::kTrustBits, &kStringListSignature }, { certificate::kType, &kStringSignature }, { certificate::kX509, &kStringSignature }, { NULL } diff --git a/chromeos/test/data/network/certificate-server-update.onc b/chromeos/test/data/network/certificate-server-update.onc index 45db3bd..c17e869 100644 --- a/chromeos/test/data/network/certificate-server-update.onc +++ b/chromeos/test/data/network/certificate-server-update.onc @@ -2,8 +2,8 @@ "Certificates": [ { "GUID": "{f998f760-272b-6939-4c2beffe428697ab}", - "Trust": [ - "Web" + "TrustBits": [ + "Web", "Foo" // Test that certs with unknown flags are still imported. ], "Type": "Server", "X509": "MIICWDCCAcECAxAAATANBgkqhkiG9w0BAQQFADCBkzEVMBMGA1UEChMMR29vZ2xlLCBJbmMuMREwDwYDVQQLEwhDaHJvbWVPUzEiMCAGCSqGSIb3DQEJARYTZ3NwZW5jZXJAZ29vZ2xlLmNvbTEaMBgGA1UEBxMRTW91bnRhaW4gVmlldywgQ0ExCzAJBgNVBAgTAkNBMQswCQYDVQQGEwJVUzENMAsGA1UEAxMEbG1hbzAeFw0xMTAzMTYyMzQ5MzhaFw0xMjAzMTUyMzQ5MzhaMFMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEChMMR29vZ2xlLCBJbmMuMREwDwYDVQQLEwhDaHJvbWVPUzENMAsGA1UEAxMEbG1hbzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA31WiJ9LvprrhKtDlW0RdLFAO7Qjkvs+sG6j2Vp2aBSrlhALG/0BVHUhWi4F/HHJho+ncLHAg5AGO0sdAjYUdQG6tfPqjLsIALtoKEZZdFe/JhmqOEaxWsSdu2S2RdPgCQOsP79EH58gXwu2gejCkJDmU22WL4YLuqOc17nxbDC8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCv4vMD+PMlfnftu4/6Yf/oMLE8yCOqZTQ/dWCxB9PiJnOefiBeSzSZE6Uv3G7qnblZPVZaFeJMd+ostt0viCyPucFsFgLMyyoV1dMVPVwJT5Iq1AHehWXnTBbxUK9wioA5jOEKdroKjuSSsg/Q8Wx6cpJmttQz5olGPgstmACRWA==" diff --git a/chromeos/test/data/network/certificate-server.onc b/chromeos/test/data/network/certificate-server.onc index 2a820e3..604e6ec 100644 --- a/chromeos/test/data/network/certificate-server.onc +++ b/chromeos/test/data/network/certificate-server.onc @@ -2,8 +2,8 @@ "Certificates": [ { "GUID": "{f998f760-272b-6939-4c2beffe428697aa}", - "Trust": [ - "Web" + "TrustBits": [ + "Web", "Foo" // Test that certs with unknown flags are still imported. ], "Type": "Server", "X509": "leading junk \n-----BEGIN CERTIFICATE----- \nMIICWDCCAcECAxAAATANBgkqhkiG9w0BAQQFADCBkzEVMBMGA1UEChMMR29vZ2xlLCBJbm\nMuMREwDwYDVQQLEwhDaHJvbWVPUzEiMCAGCSqGSIb3DQEJARYTZ3NwZW5jZXJAZ29vZ2xl\nLmNvbTEaMBgGA1UEBxMRTW91bnRhaW4gVmlldywgQ0ExCzAJBgNVBAgTAkNBMQswCQYDVQ\nQGEwJVUzENMAsGA1UEAxMEbG1hbzAeFw0xMTAzMTYyMzQ5MzhaFw0xMjAzMTUyMzQ5Mzha\nMFMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEChMMR29vZ2xlLCBJbmMuMR\nEwDwYDVQQLEwhDaHJvbWVPUzENMAsGA1UEAxMEbG1hbzCBnzANBgkqhkiG9w0BAQEFAAOB\njQAwgYkCgYEA31WiJ9LvprrhKtDlW0RdLFAO7Qjkvs+sG6j2Vp2aBSrlhALG/0BVHUhWi4\nF/HHJho+ncLHAg5AGO0sdAjYUdQG6tfPqjLsIALtoKEZZdFe/JhmqOEaxWsSdu2S2RdPgC\nQOsP79EH58gXwu2gejCkJDmU22WL4YLuqOc17nxbDC8CAwEAATANBgkqhkiG9w0BAQQFAA\nOBgQCv4vMD+PMlfnftu4/6Yf/oMLE8yCOqZTQ/dWCxB9PiJnOefiBeSzSZE6Uv3G7qnblZ\nPVZaFeJMd+ostt0viCyPucFsFgLMyyoV1dMVPVwJT5Iq1AHehWXnTBbxUK9wioA5jOEKdr\noKjuSSsg/Q8Wx6cpJmttQz5olGPgstmACRWA==\n-----END CERTIFICATE----- \ntrailing junk" diff --git a/chromeos/test/data/network/certificate-web-authority-update.onc b/chromeos/test/data/network/certificate-web-authority-update.onc index ca0de2d..2462cc7 100644 --- a/chromeos/test/data/network/certificate-web-authority-update.onc +++ b/chromeos/test/data/network/certificate-web-authority-update.onc @@ -2,7 +2,7 @@ "Certificates": [ { "GUID": "{f998f760-272b-6939-4c2beffe428697ac}", - "Trust": [ + "TrustBits": [ "Web" ], "Type": "Authority", diff --git a/chromeos/test/data/network/certificate-web-authority.onc b/chromeos/test/data/network/certificate-web-authority.onc index 81e316d..f2e8aba 100644 --- a/chromeos/test/data/network/certificate-web-authority.onc +++ b/chromeos/test/data/network/certificate-web-authority.onc @@ -2,7 +2,7 @@ "Certificates": [ { "GUID": "{f998f760-272b-6939-4c2beffe428697ab}", - "Trust": [ + "TrustBits": [ "Web" ], "Type": "Authority", diff --git a/chromeos/test/data/network/invalid_settings_with_repairs.json b/chromeos/test/data/network/invalid_settings_with_repairs.json index 96b9b49..1e03c6f 100644 --- a/chromeos/test/data/network/invalid_settings_with_repairs.json +++ b/chromeos/test/data/network/invalid_settings_with_repairs.json @@ -261,7 +261,7 @@ "toplevel-with-server-and-ca-cert": { "Type": "UnencryptedConfiguration", "Certificates": - [ { "Trust": ["Web"], + [ { "TrustBits": ["Web"], "GUID": "1", "Type": "Authority", "X509": "abc" }, diff --git a/chromeos/test/data/network/managed_toplevel2.onc b/chromeos/test/data/network/managed_toplevel2.onc index 60690bb..b0826d4 100644 --- a/chromeos/test/data/network/managed_toplevel2.onc +++ b/chromeos/test/data/network/managed_toplevel2.onc @@ -75,13 +75,12 @@ ], "Certificates": [ { - "Trust": [], + "TrustBits": [], // Test that the empty array is imported correctly. "GUID": "{58ac1967-a0e7-49e9-be68-123abc}", "Type": "Authority", "X509": "MIIDojCCAwugAwIBAgIJAKGvi5ZgEWDVMA0GCSqGSIb3DQEBBAUAMIGTMRUwEwYDVQQKEwxHb29nbGUsIEluYy4xETAPBgNVBAsTCENocm9tZU9TMSIwIAYJKoZIhvcNAQkBFhNnc3BlbmNlckBnb29nbGUuY29tMRowGAYDVQQHExFNb3VudGFpbiBWaWV3LCBDQTELMAkGA1UECBMCQ0ExCzAJBgNVBAYTAlVTMQ0wCwYDVQQDEwRsbWFvMB4XDTExMDMxNjIzNDcxMFoXDTEyMDMxNTIzNDcxMFowgZMxFTATBgNVBAoTDEdvb2dsZSwgSW5jLjERMA8GA1UECxMIQ2hyb21lT1MxIjAgBgkqhkiG9w0BCQEWE2dzcGVuY2VyQGdvb2dsZS5jb20xGjAYBgNVBAcTEU1vdW50YWluIFZpZXcsIENBMQswCQYDVQQIEwJDQTELMAkGA1UEBhMCVVMxDTALBgNVBAMTBGxtYW8wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMDX6BQz2JUzIAVjetiXxDznd2wdqVqVHfNkbSRW+xBywgqUaIXmFEGUol7VzPfmeFV8o8ok/eFlQB0h6ycqgwwMd0KjtJs2ys/k0F5GuN0G7fsgr+NRnhVgxj21yF6gYTN/8a9kscla/svdmp8ekexbALFnghbLBx3CgcqUxT+tAgMBAAGjgfswgfgwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUbYygbSkl4kpjCNuxoezFGupA97UwgcgGA1UdIwSBwDCBvYAUbYygbSkl4kpjCNuxoezFGupA97WhgZmkgZYwgZMxFTATBgNVBAoTDEdvb2dsZSwgSW5jLjERMA8GA1UECxMIQ2hyb21lT1MxIjAgBgkqhkiG9w0BCQEWE2dzcGVuY2VyQGdvb2dsZS5jb20xGjAYBgNVBAcTEU1vdW50YWluIFZpZXcsIENBMQswCQYDVQQIEwJDQTELMAkGA1UEBhMCVVMxDTALBgNVBAMTBGxtYW+CCQChr4uWYBFg1TANBgkqhkiG9w0BAQQFAAOBgQCDq9wiQ4uVuf1CQU3sXfXCy1yqi5m8AsO9FxHvah5/SVFNwKllqTfedpCaWEswJ55YAojW9e+pY2Fh3Fo/Y9YkF88KCtLuBjjqDKCRLxF4LycjHODKyQQ7mN/t5AtP9yKOsNvWF+M4IfReg51kohau6FauQx87by5NIRPdkNPvkQ==" }, { - "Trust": [], "GUID": "{42cb13cd-140c-4941-9fb6-456def}", "Type": "Authority", "X509": "MIICijCCAfOgAwIBAgIJAPYTFSuNYH3DMA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFjAUBgNVBAMMDW15LmRvbWFpbi5jb20wIBcNMTIxMTI5MTIxOTMwWhgPMjExMjExMDUxMjE5MzBaMF0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFjAUBgNVBAMMDW15LmRvbWFpbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMGU4ZFREFcUB5M6CNmgR6m2HHI6qL8dLBFH3jVe+FIUWyrF3UtBQrhPtD7tC+3qsoRHDquHo3oVedOG2B22hQ3TUTvkO2YmL0pv9RsaRRbhYD8YqqpmWPq94nZNF13y007LwJLuwLU/8kikrNgmnT7meWVSAcLYLsbgjYaZmn2XAgMBAAGjUDBOMB0GA1UdDgQWBBTX5f2mCM32pbNdXrsKmRHeZlcxOjAfBgNVHSMEGDAWgBTX5f2mCM32pbNdXrsKmRHeZlcxOjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAGUj0fZr2UzZjacnGhHf9x9FeQt8VALyASCw4JQyxbhB8YHjKS+IF80X8OkDiJrjkM6IOBTtyG0n0ozEgTL9m5NqWuAB2+SPkRpDgabI6mIUR/l1tkQarKCdKzYQ3+oggkiHiHXl2uC4sutgsyt54KQaQxx04+9z2WRt9yI6I1NW" diff --git a/chromeos/test/data/network/toplevel_openvpn_clientcert.onc b/chromeos/test/data/network/toplevel_openvpn_clientcert.onc index 0c27a6e..c4ff4a4 100644 --- a/chromeos/test/data/network/toplevel_openvpn_clientcert.onc +++ b/chromeos/test/data/network/toplevel_openvpn_clientcert.onc @@ -7,7 +7,7 @@ }, { "GUID": "{55ca78f6-0842-4e1b-96a3-09a9e1a26ef5}", - "Trust": [ + "TrustBits": [ "Web" ], "Type": "Authority", diff --git a/chromeos/test/data/network/toplevel_wifi_eap_clientcert.onc b/chromeos/test/data/network/toplevel_wifi_eap_clientcert.onc index 6e01a10..a800e3a 100644 --- a/chromeos/test/data/network/toplevel_wifi_eap_clientcert.onc +++ b/chromeos/test/data/network/toplevel_wifi_eap_clientcert.onc @@ -37,7 +37,7 @@ "Type": "Client" }, { - "Trust": [ + "TrustBits": [ "Web" ], "GUID": "{f5f2c9c9-0079-a712-49da21137af62fdd}", |