| Index: chromeos/network/onc/onc_utils.cc
|
| diff --git a/chrome/browser/chromeos/network_settings/onc_utils.cc b/chromeos/network/onc/onc_utils.cc
|
| similarity index 64%
|
| rename from chrome/browser/chromeos/network_settings/onc_utils.cc
|
| rename to chromeos/network/onc/onc_utils.cc
|
| index 9b57cbe97dafd4aeaff16cd65906b443781dba6d..62e0d4682ace119565c61e0be4b9eba297f7a1ec 100644
|
| --- a/chrome/browser/chromeos/network_settings/onc_utils.cc
|
| +++ b/chromeos/network/onc/onc_utils.cc
|
| @@ -2,33 +2,40 @@
|
| // Use of this source code is governed by a BSD-style license that can be
|
| // found in the LICENSE file.
|
|
|
| -#include "chrome/browser/chromeos/network_settings/onc_utils.h"
|
| +#include "chromeos/network/onc/onc_utils.h"
|
|
|
| #include "base/base64.h"
|
| #include "base/json/json_reader.h"
|
| +#include "base/logging.h"
|
| #include "base/values.h"
|
| -#include "chrome/browser/chromeos/cros/onc_constants.h"
|
| +#include "chromeos/network/network_event_log.h"
|
| +#include "chromeos/network/onc/onc_constants.h"
|
| #include "crypto/encryptor.h"
|
| #include "crypto/hmac.h"
|
| #include "crypto/symmetric_key.h"
|
| -#include "grit/generated_resources.h"
|
| -#include "ui/base/l10n/l10n_util.h"
|
| +
|
| +#define ONC_LOG_WARNING(message) NET_LOG_WARNING("ONC", message)
|
| +#define ONC_LOG_ERROR(message) NET_LOG_ERROR("ONC", message)
|
|
|
| namespace chromeos {
|
| namespace onc {
|
|
|
| +namespace {
|
| +
|
| +const char kUnableToDecrypt[] = "Unable to decrypt encrypted ONC";
|
| +const char kUnableToDecode[] = "Unable to decode encrypted ONC";
|
| +
|
| +} // namespace
|
| +
|
| scoped_ptr<base::DictionaryValue> ReadDictionaryFromJson(
|
| - const std::string& json,
|
| - std::string* error) {
|
| + const std::string& json) {
|
| + std::string error;
|
| base::Value* root = base::JSONReader::ReadAndReturnError(
|
| - json, base::JSON_ALLOW_TRAILING_COMMAS, NULL, error);
|
| + json, base::JSON_ALLOW_TRAILING_COMMAS, NULL, &error);
|
|
|
| base::DictionaryValue* dict_ptr = NULL;
|
| - if (root != NULL && !root->GetAsDictionary(&dict_ptr)) {
|
| - if (error) {
|
| - *error = l10n_util::GetStringUTF8(
|
| - IDS_NETWORK_CONFIG_ERROR_NETWORK_NOT_A_JSON_DICTIONARY);
|
| - }
|
| + if (!root || !root->GetAsDictionary(&dict_ptr)) {
|
| + ONC_LOG_ERROR("Invalid JSON Dictionary: " + error);
|
| delete root;
|
| }
|
|
|
| @@ -36,8 +43,7 @@ scoped_ptr<base::DictionaryValue> ReadDictionaryFromJson(
|
| }
|
|
|
| scoped_ptr<base::DictionaryValue> Decrypt(const std::string& passphrase,
|
| - const base::DictionaryValue& root,
|
| - std::string* error) {
|
| + const base::DictionaryValue& root) {
|
| const int kKeySizeInBits = 256;
|
| const int kMaxIterationCount = 500000;
|
| std::string onc_type;
|
| @@ -60,37 +66,33 @@ scoped_ptr<base::DictionaryValue> Decrypt(const std::string& passphrase,
|
| !root.GetString(encrypted::kStretch, &stretch_method) ||
|
| !root.GetString(encrypted::kType, &onc_type) ||
|
| onc_type != kEncryptedConfiguration) {
|
| - *error = l10n_util::GetStringUTF8(
|
| - IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_MALFORMED);
|
| +
|
| + ONC_LOG_ERROR("Encrypted ONC malformed.");
|
| return scoped_ptr<base::DictionaryValue>();
|
| }
|
|
|
| if (hmac_method != encrypted::kSHA1 ||
|
| cipher != encrypted::kAES256 ||
|
| stretch_method != encrypted::kPBKDF2) {
|
| - *error = l10n_util::GetStringUTF8(
|
| - IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNSUPPORTED_ENCRYPTION);
|
| + ONC_LOG_ERROR("Encrypted ONC unsupported encryption scheme.");
|
| return scoped_ptr<base::DictionaryValue>();
|
| }
|
|
|
| // Make sure iterations != 0, since that's not valid.
|
| if (iterations == 0) {
|
| - *error = l10n_util::GetStringUTF8(
|
| - IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECRYPT);
|
| + ONC_LOG_ERROR(kUnableToDecrypt);
|
| return scoped_ptr<base::DictionaryValue>();
|
| }
|
|
|
| // Simply a sanity check to make sure we can't lock up the machine
|
| // for too long with a huge number (or a negative number).
|
| if (iterations < 0 || iterations > kMaxIterationCount) {
|
| - *error = l10n_util::GetStringUTF8(
|
| - IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_TOO_MANY_ITERATIONS);
|
| + ONC_LOG_ERROR("Too many iterations in encrypted ONC");
|
| return scoped_ptr<base::DictionaryValue>();
|
| }
|
|
|
| if (!base::Base64Decode(salt, &salt)) {
|
| - *error = l10n_util::GetStringUTF8(
|
| - IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECODE);
|
| + ONC_LOG_ERROR(kUnableToDecode);
|
| return scoped_ptr<base::DictionaryValue>();
|
| }
|
|
|
| @@ -102,51 +104,61 @@ scoped_ptr<base::DictionaryValue> Decrypt(const std::string& passphrase,
|
| kKeySizeInBits));
|
|
|
| if (!base::Base64Decode(initial_vector, &initial_vector)) {
|
| - *error = l10n_util::GetStringUTF8(
|
| - IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECODE);
|
| + ONC_LOG_ERROR(kUnableToDecode);
|
| return scoped_ptr<base::DictionaryValue>();
|
| }
|
| if (!base::Base64Decode(ciphertext, &ciphertext)) {
|
| - *error = l10n_util::GetStringUTF8(
|
| - IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECODE);
|
| + ONC_LOG_ERROR(kUnableToDecode);
|
| return scoped_ptr<base::DictionaryValue>();
|
| }
|
| if (!base::Base64Decode(hmac, &hmac)) {
|
| - *error = l10n_util::GetStringUTF8(
|
| - IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECODE);
|
| + ONC_LOG_ERROR(kUnableToDecode);
|
| return scoped_ptr<base::DictionaryValue>();
|
| }
|
|
|
| crypto::HMAC hmac_verifier(crypto::HMAC::SHA1);
|
| if (!hmac_verifier.Init(key.get()) ||
|
| !hmac_verifier.Verify(ciphertext, hmac)) {
|
| - *error = l10n_util::GetStringUTF8(
|
| - IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECRYPT);
|
| + ONC_LOG_ERROR(kUnableToDecrypt);
|
| return scoped_ptr<base::DictionaryValue>();
|
| }
|
|
|
| crypto::Encryptor decryptor;
|
| if (!decryptor.Init(key.get(), crypto::Encryptor::CBC, initial_vector)) {
|
| - *error = l10n_util::GetStringUTF8(
|
| - IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECRYPT);
|
| + ONC_LOG_ERROR(kUnableToDecrypt);
|
| return scoped_ptr<base::DictionaryValue>();
|
| }
|
|
|
| std::string plaintext;
|
| if (!decryptor.Decrypt(ciphertext, &plaintext)) {
|
| - *error = l10n_util::GetStringUTF8(
|
| - IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECRYPT);
|
| + ONC_LOG_ERROR(kUnableToDecrypt);
|
| return scoped_ptr<base::DictionaryValue>();
|
| }
|
|
|
| scoped_ptr<base::DictionaryValue> new_root =
|
| - ReadDictionaryFromJson(plaintext, error);
|
| - if (new_root.get() == NULL && error->empty()) {
|
| - *error = l10n_util::GetStringUTF8(
|
| - IDS_NETWORK_CONFIG_ERROR_NETWORK_PROP_DICT_MALFORMED);
|
| + ReadDictionaryFromJson(plaintext);
|
| + if (new_root.get() == NULL) {
|
| + ONC_LOG_ERROR("Property dictionary malformed.");
|
| + return scoped_ptr<base::DictionaryValue>();
|
| }
|
| +
|
| return new_root.Pass();
|
| }
|
|
|
| +std::string GetSourceAsString(ONCSource source) {
|
| + switch (source) {
|
| + case ONC_SOURCE_DEVICE_POLICY:
|
| + return "device policy";
|
| + case ONC_SOURCE_USER_POLICY:
|
| + return "user policy";
|
| + case ONC_SOURCE_NONE:
|
| + return "none";
|
| + case ONC_SOURCE_USER_IMPORT:
|
| + return "user import";
|
| + }
|
| + NOTREACHED() << "unknown ONC source " << source;
|
| + return "unknown";
|
| +}
|
| +
|
| } // chromeos
|
| } // onc
|
|
|
Chromium Code Reviews
Issue 11299236:
This moves the ONC parsing code into chromeos/network/onc (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src