Implementation of ONC signature, validator and normalizer.

chrome/browser/chromeos/network_settings/onc_validator.cc

Index: chrome/browser/chromeos/network_settings/onc_validator.cc
diff --git a/chrome/browser/chromeos/network_settings/onc_validator.cc b/chrome/browser/chromeos/network_settings/onc_validator.cc
new file mode 100644
index 0000000000000000000000000000000000000000..69646355efdb4faf8b6c8f108dd22780e2e9d0f0
--- /dev/null
+++ b/chrome/browser/chromeos/network_settings/onc_validator.cc
@@ -0,0 +1,77 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/network_settings/onc_validator.h"
+
+#include <string>

[Mattias Nissler (ping if slow), 2012/09/18 16:29:08]

newline

[pneubeck (no reviews), 2012/10/02 15:03:02]

Done.

+#include "base/values.h"
+#include "chrome/browser/chromeos/cros/onc_constants.h"
+
+namespace {
+
+void RemoveEntryUnless(base::DictionaryValue* dict, const std::string path,

[Mattias Nissler (ping if slow), 2012/09/18 16:29:08]

all parameters on separate lines unless they really really really belong
together.

[pneubeck (no reviews), 2012/10/02 15:03:02]

Done.

+                       bool condition) {
+  if (!condition)
+    dict->RemoveWithoutPathExpansion(path, NULL);
+}
+
+}  // namespace
+
+namespace chromeos {
+namespace onc {
+
+// static
+void ONCValidator::RemoveIgnoredFieldsFromIPsec(base::DictionaryValue* ipsec) {

[Mattias Nissler (ping if slow), 2012/09/18 16:29:08]

If we do this, shouldn't we also remove keys that are not specified in ONC?

+  using namespace vpn;
+
+  std::string auth_type = "";
+  ipsec->GetStringWithoutPathExpansion(kAuthenticationType, &auth_type);
+  RemoveEntryUnless(ipsec, kClientCertType,  auth_type == "Cert");
+  RemoveEntryUnless(ipsec, kServerCARef,     auth_type == "Cert");
+  RemoveEntryUnless(ipsec, kPSK,             auth_type == "PSK");
+  RemoveEntryUnless(ipsec, kSaveCredentials, auth_type == "PSK");
+
+  std::string clientcert_type = "";
+  ipsec->GetStringWithoutPathExpansion(kClientCertType, &clientcert_type);
+  RemoveEntryUnless(ipsec, kClientCertPattern, clientcert_type == "Pattern");
+  RemoveEntryUnless(ipsec, kClientCertRef,     clientcert_type == "Ref");
+
+  int ike_version = -1;
+  ipsec->GetIntegerWithoutPathExpansion(kIKEVersion, &ike_version);
+  RemoveEntryUnless(ipsec, kEAP,   ike_version == 2);
+  RemoveEntryUnless(ipsec, kGroup, ike_version == 1);
+  RemoveEntryUnless(ipsec, kXAUTH, ike_version == 1);
+}
+
+// static
+void ONCValidator::RemoveIgnoredFieldsFromVPN(base::DictionaryValue* vpn) {
+  using namespace vpn;
+  std::string type = "";
+  vpn->GetStringWithoutPathExpansion(vpn::kType, &type);
+  RemoveEntryUnless(vpn, kOpenVPN, type == kOpenVPN);
+  RemoveEntryUnless(vpn, kIPsec,   type == kIPsec ||
+                                   type == "L2TP-IPsec");
+  RemoveEntryUnless(vpn, kL2TP,    type == "L2TP-IPSec");
+
+  base::DictionaryValue* ipsec;
+  if (vpn->GetDictionaryWithoutPathExpansion(kIPsec, &ipsec))
+    RemoveIgnoredFieldsFromIPsec(ipsec);
+}
+
+// static
+void ONCValidator::RemoveIgnoredFieldsFromNetwork(
+    base::DictionaryValue* network) {
+  std::string type = "";
+  network->GetStringWithoutPathExpansion(kType, &type);
+  RemoveEntryUnless(network, kEthernet, type == kEthernet);
+  RemoveEntryUnless(network, kVPN,      type == kVPN);
+  RemoveEntryUnless(network, kWiFi,     type == kWiFi);
+
+  base::DictionaryValue* vpn;
+  if (network->GetDictionaryWithoutPathExpansion(kVPN, &vpn))
+    RemoveIgnoredFieldsFromVPN(vpn);
+}
+
+}  // namespace onc
+}  // namespace chromeos