Adding error handling to ONC validation.

chrome/browser/chromeos/cros/network_library_impl_base.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/cros/network_library_impl_base.h"
 
 #include "base/bind.h"
 #include "base/json/json_reader.h"
 #include "base/memory/scoped_vector.h"
 #include "base/stl_util.h"
@@ skipping 1059 matching lines @@
   }
 
   // Validate the ONC dictionary. We are liberal and ignore unknown field
   // names and ignore invalid field names in kRecommended arrays.
   onc::Validator validator(false,  // Ignore unknown fields.
                            false,  // Ignore invalid recommended field names.
                            true,  // Fail on missing fields.
                            from_policy);
 
   // Unknown fields are removed from the result.
+  std::string validator_error;
   root_dict = validator.ValidateAndRepairObject(
-      &onc::kUnencryptedConfigurationSignature,
-      *root_dict);
+      &onc::kToplevelConfigurationSignature, *root_dict, &validator_error);
+
+  if (!validator_error.empty()) {
+    if (error != NULL) {
+      *error = validator_error;
+      error->append("\n");
+    }
+    LOG(WARNING) << "ONC from source " << source
+                 << " contains errors: " << validator_error;
+  }
 
   if (root_dict.get() == NULL) {
     LOG(WARNING) << "ONC from source " << source
                  << " is invalid and couldn't be repaired.";
     return false;
   }
 
   const base::ListValue* certificates;
   bool has_certificates =
       root_dict->GetListWithoutPathExpansion(onc::kCertificates, &certificates);
 
   const base::ListValue* network_configs;
   bool has_network_configurations = root_dict->GetListWithoutPathExpansion(
       onc::kNetworkConfigurations,
       &network_configs);
 
-  // At least one of NetworkConfigurations or Certificates is required.
-  LOG_IF(WARNING, (!has_network_configurations && !has_certificates))
-      << "ONC from source " << source
-      << " has neither NetworkConfigurations nor Certificates.";
-
   if (has_certificates) {
     VLOG(2) << "ONC file has " << certificates->GetSize() << " certificates";
 
     onc::CertificateImporter cert_importer(source, allow_web_trust_from_policy);
     std::string cert_error;
     if (!cert_importer.ParseAndStoreCertificates(*certificates, &cert_error)) {
-      if (error != NULL)
-        *error = cert_error;
+      if (error != NULL) {
+        error->append(cert_error);
+        error->append("\n");
+      }
       LOG(WARNING) << "Cannot parse some of the certificates in the ONC from "
                    << "source " << source << " with error: " << cert_error;
       return false;
     }
   }
 
   std::set<std::string> removal_ids;
   std::set<std::string>& network_ids(network_source_map_[source]);
   network_ids.clear();
   if (has_network_configurations) {
     VLOG(2) << "ONC file has " << network_configs->GetSize() << " networks";
     OncNetworkParser parser(*network_configs, source);
 
     // Parse all networks. Bail out if that fails.
     NetworkOncMap added_onc_map;
     ScopedVector<Network> networks;
     for (int i = 0; i < parser.GetNetworkConfigsSize(); i++) {
       // Parse Open Network Configuration blob into a temporary Network object.
       bool marked_for_removal = false;
       Network* network = parser.ParseNetwork(i, &marked_for_removal);
       if (!network) {
-        if (error != NULL)
-          *error = parser.parse_error();
+        if (error != NULL) {
+          error->append(parser.parse_error());
+          error->append("\n");
+        }
         LOG(WARNING) << "Error during parsing network at index " << i
                      << " from ONC source " << source
                      << ": " << parser.parse_error();
         return false;
       }
 
       // Disallow anything but WiFi and Ethernet for device-level policy (which
       // corresponds to shared networks). See also http://crosbug.com/28741.
       if (source == NetworkUIData::ONC_SOURCE_DEVICE_POLICY &&
           network->type() != TYPE_WIFI &&
           network->type() != TYPE_ETHERNET) {
+        if (error != NULL) {
+          error->append(l10n_util::GetStringUTF8(
+              IDS_NETWORK_CONFIG_ERROR_IGNORING_DEVICE_LEVEL_POLICY));
+          error->append("\n");
+        }
         LOG(WARNING) << "Ignoring device-level policy-pushed network of type "
                      << network->type();
         delete network;
         continue;
       }
 
       networks.push_back(network);
       if (!(source == NetworkUIData::ONC_SOURCE_USER_IMPORT &&
             marked_for_removal)) {
         added_onc_map[network->unique_id()] = parser.GetNetworkConfig(i);
@@ skipping 42 matching lines @@
       // Set the appropriate profile for |source|.
       if (profile != NULL)
         dict.SetString(flimflam::kProfileProperty, profile->path);
 
       // For Ethernet networks, apply them to the current Ethernet service.
       if (network->type() == TYPE_ETHERNET) {
         const EthernetNetwork* ethernet = ethernet_network();
         if (ethernet) {
           CallConfigureService(ethernet->unique_id(), &dict);
         } else {
+          if (error != NULL) {
+            error->append(l10n_util::GetStringUTF8(
+                IDS_NETWORK_CONFIG_ERROR_IGNORING_DEVICE_LEVEL_POLICY));
+            error->append("\n");
+          }
           DLOG(WARNING) << "Tried to import ONC with an Ethernet network when "
                         << "there is no active Ethernet connection.";
         }
       } else {
         CallConfigureService(network->unique_id(), &dict);
       }
 
       network_ids.insert(network->unique_id());
     }
   }
@@ skipping 528 matching lines @@
   GetTpmInfo();
   return tpm_slot_;
 }
 
 const std::string& NetworkLibraryImplBase::GetTpmPin() {
   GetTpmInfo();
   return tpm_pin_;
 }
 
 }  // namespace chromeos