-
Pavol Marko authored
If certificates have been specified in ONC policy to be used by a sign-in screen extension, PolicyCertService now uses them. The mapping between extension id (from policy) and StoragePartition is performed in PolicyCertService (see comments in PolicyCertService::GetPolicyCertificatesForStoragePartition). Extension-specific certificates are only allowed if: (*) The extension has isolated storage, i.e. it has its own StoragePartition and (*) The Profile is using CertVerifierBuiltin (which is unconditionally true for the sign-in screen Profile since CL:1750004). A browsertest has been added to ensure that the other StoragePartitions in the sign-in screen Profile do not respect the additional extension-specific certificate. Bug: 939344 Test: browser_tests --gtest_filter=*PolicyProvidedCertsForSigninExtensionTest* Change-Id: If29413049a46ee4f742718253dbbbc7ecdc31ae4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1702425 Commit-Queue: Pavol Marko <pmarko@chromium.org> Reviewed-by:Ryan Sleevi <rsleevi@chromium.org> Reviewed-by:
Nasko Oskov <nasko@chromium.org> Cr-Commit-Position: refs/heads/master@{#693789}
dd1fbeb3
