Chromium Code Reviews Chromium Code Reviews
Issue 10944009:
Implementation of ONC signature, validator and normalizer. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@gperffix| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/cros/onc_network_parser.h" | 5 #include "chrome/browser/chromeos/cros/onc_network_parser.h" |
| 6 | 6 |
| 7 #include <keyhi.h> | 7 #include <keyhi.h> |
| 8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
| 9 | 9 |
| 10 #include "base/base64.h" | 10 #include "base/base64.h" |
| 11 #include "base/json/json_string_value_serializer.h" | 11 #include "base/json/json_string_value_serializer.h" |
| 12 #include "chrome/browser/chromeos/login/user_manager.h" | 12 #include "chrome/browser/chromeos/login/user_manager.h" |
| 13 #include "base/json/json_writer.h" // for debug output only. | 13 #include "base/json/json_writer.h" // for debug output only. |
| 14 #include "base/stringprintf.h" | 14 #include "base/stringprintf.h" |
| 15 #include "base/values.h" | 15 #include "base/values.h" |
| 16 #include "chrome/browser/chromeos/cros/certificate_pattern.h" | 16 #include "chrome/browser/chromeos/cros/certificate_pattern.h" |
| 17 #include "chrome/browser/chromeos/cros/cros_library.h" | 17 #include "chrome/browser/chromeos/cros/cros_library.h" |
| 18 #include "chrome/browser/chromeos/cros/native_network_constants.h" | 18 #include "chrome/browser/chromeos/cros/native_network_constants.h" |
| 19 #include "chrome/browser/chromeos/cros/native_network_parser.h" | 19 #include "chrome/browser/chromeos/cros/native_network_parser.h" |
| 20 #include "chrome/browser/chromeos/cros/network_library.h" | 20 #include "chrome/browser/chromeos/cros/network_library.h" |
| 21 #include "chrome/browser/chromeos/cros/onc_constants.h" | 21 #include "chrome/browser/chromeos/cros/onc_constants.h" |
| 22 #include "chrome/browser/chromeos/network_settings/onc_signature.h" | |
| 23 #include "chrome/browser/chromeos/network_settings/onc_validator.h" | |
| 22 #include "chrome/browser/chromeos/proxy_config_service_impl.h" | 24 #include "chrome/browser/chromeos/proxy_config_service_impl.h" |
| 23 #include "chrome/browser/prefs/proxy_config_dictionary.h" | 25 #include "chrome/browser/prefs/proxy_config_dictionary.h" |
| 24 #include "chrome/common/net/x509_certificate_model.h" | 26 #include "chrome/common/net/x509_certificate_model.h" |
| 25 #include "content/public/browser/browser_thread.h" | 27 #include "content/public/browser/browser_thread.h" |
| 26 #include "crypto/encryptor.h" | 28 #include "crypto/encryptor.h" |
| 27 #include "crypto/hmac.h" | 29 #include "crypto/hmac.h" |
| 28 #include "crypto/scoped_nss_types.h" | 30 #include "crypto/scoped_nss_types.h" |
| 29 #include "crypto/symmetric_key.h" | 31 #include "crypto/symmetric_key.h" |
| 30 #include "grit/generated_resources.h" | 32 #include "grit/generated_resources.h" |
| 31 #include "net/base/crypto_module.h" | 33 #include "net/base/crypto_module.h" |
| (...skipping 265 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 297 | 299 |
| 298 // Check and see if this is an encrypted ONC file. If so, decrypt it. | 300 // Check and see if this is an encrypted ONC file. If so, decrypt it. |
| 299 std::string ciphertext_test; | 301 std::string ciphertext_test; |
| 300 if (root_dict_->GetString("Ciphertext", &ciphertext_test)) | 302 if (root_dict_->GetString("Ciphertext", &ciphertext_test)) |
| 301 root_dict_.reset(Decrypt(passphrase, root_dict_.get())); | 303 root_dict_.reset(Decrypt(passphrase, root_dict_.get())); |
| 302 | 304 |
| 303 // Decryption failed, errors will be in parse_error_; | 305 // Decryption failed, errors will be in parse_error_; |
| 304 if (!root_dict_.get()) | 306 if (!root_dict_.get()) |
| 305 return; | 307 return; |
| 306 | 308 |
| 309 // Validate the ONC dictionary. We are liberal and ignore unknown field | |
| 310 // names and ignore invalid field names in kRecommended arrays. | |
| 311 bool is_managed = onc_source == NetworkUIData::ONC_SOURCE_USER_POLICY || | |
| 312 onc_source == NetworkUIData::ONC_SOURCE_DEVICE_POLICY; | |
| 313 bool error_on_unknown_field = false; | |
| 314 bool error_on_invalid_entry_in_recommended = false; | |
| 315 bool error_on_missing_field = true; | |
| 316 scoped_ptr<onc::Validator> validator( | |
| 317 new onc::Validator(error_on_unknown_field, | |
|
Mattias Nissler (ping if slow)
2012/11/06 09:30:56
nit: we commonly just write
false, /* error on un
pneubeck (no reviews)
2012/11/06 13:32:22
Done.
| |
| 318 error_on_invalid_entry_in_recommended, | |
| 319 error_on_missing_field, is_managed)); | |
| 320 | |
| 321 // Unknown fields are removed from the result. | |
| 322 root_dict_ = validator->ValidateAndRepairObject( | |
| 323 &onc::kUnencryptedConfigurationSignature, | |
| 324 *root_dict_); | |
| 325 | |
| 326 if (!root_dict_.get()) { | |
| 327 LOG(WARNING) << "Provided ONC is invalid and couldn't be repaired"; | |
| 328 return; | |
| 329 } | |
| 330 | |
| 307 // At least one of NetworkConfigurations or Certificates is required. | 331 // At least one of NetworkConfigurations or Certificates is required. |
| 308 bool has_network_configurations = | 332 bool has_network_configurations = |
| 309 root_dict_->GetList("NetworkConfigurations", &network_configs_); | 333 root_dict_->GetList("NetworkConfigurations", &network_configs_); |
| 310 bool has_certificates = | 334 bool has_certificates = |
| 311 root_dict_->GetList("Certificates", &certificates_); | 335 root_dict_->GetList("Certificates", &certificates_); |
| 312 VLOG(2) << "ONC file has " << GetNetworkConfigsSize() << " networks and " | 336 VLOG(2) << "ONC file has " << GetNetworkConfigsSize() << " networks and " |
| 313 << GetCertificatesSize() << " certificates"; | 337 << GetCertificatesSize() << " certificates"; |
| 314 LOG_IF(WARNING, (!has_network_configurations && !has_certificates)) | 338 LOG_IF(WARNING, (!has_network_configurations && !has_certificates)) |
| 315 << "ONC file has no NetworkConfigurations or Certificates."; | 339 << "ONC file has no NetworkConfigurations or Certificates."; |
| 316 } | 340 } |
| (...skipping 1713 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2030 // on the value of AuthenticationType. | 2054 // on the value of AuthenticationType. |
| 2031 { "L2TP-IPsec", PROVIDER_TYPE_L2TP_IPSEC_PSK }, | 2055 { "L2TP-IPsec", PROVIDER_TYPE_L2TP_IPSEC_PSK }, |
| 2032 { "OpenVPN", PROVIDER_TYPE_OPEN_VPN }, | 2056 { "OpenVPN", PROVIDER_TYPE_OPEN_VPN }, |
| 2033 }; | 2057 }; |
| 2034 CR_DEFINE_STATIC_LOCAL(EnumMapper<ProviderType>, parser, | 2058 CR_DEFINE_STATIC_LOCAL(EnumMapper<ProviderType>, parser, |
| 2035 (table, arraysize(table), PROVIDER_TYPE_MAX)); | 2059 (table, arraysize(table), PROVIDER_TYPE_MAX)); |
| 2036 return parser.Get(type); | 2060 return parser.Get(type); |
| 2037 } | 2061 } |
| 2038 | 2062 |
| 2039 } // namespace chromeos | 2063 } // namespace chromeos |
| OLD | NEW |
