Extending ONC validator's logging. Completing toplevel validation.

chrome/browser/chromeos/cros/network_library_impl_base.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/cros/network_library_impl_base.h"
 
 #include "base/bind.h"
 #include "base/json/json_reader.h"
 #include "base/memory/scoped_vector.h"
 #include "base/stl_util.h"
@@ skipping 1006 matching lines @@
     if (wifi->auto_connect()) {
       ConnectToWifiNetwork(wifi);
       break;
     }
   }
 }
 
 bool NetworkLibraryImplBase::LoadOncNetworks(const std::string& onc_blob,
                                              const std::string& passphrase,
                                              NetworkUIData::ONCSource source,
-                                             bool allow_web_trust_from_policy,
-                                             std::string* error) {
+                                             bool allow_web_trust_from_policy) {
+  VLOG(2) << __func__ << ": called on " << onc_blob;
   NetworkProfile* profile = NULL;
   bool from_policy = (source == NetworkUIData::ONC_SOURCE_USER_POLICY ||
                       source == NetworkUIData::ONC_SOURCE_DEVICE_POLICY);
 
   // Policies are applied to a specific Shill profile. User ONC import however
   // is applied to whatever profile Shill chooses. This should be the profile
   // that is already associated with a network and if no profile is associated
   // yet, it should be the user profile.
   if (from_policy) {
     profile = GetProfileForType(GetProfileTypeForSource(source));
     if (profile == NULL) {
-      DLOG(WARNING) << "Profile for ONC source " << source << " doesn't exist.";
-      return false;
+      VLOG(2) << "Profile for ONC source " << source << " doesn't exist.";
+      return true;
     }
   }
 
-  VLOG(2) << __func__ << ": called on " << onc_blob;
   std::string json_error;
   scoped_ptr<base::DictionaryValue> root_dict =
       onc::ReadDictionaryFromJson(onc_blob, &json_error);
   if (root_dict.get() == NULL) {
-    if (error != NULL)
-      *error = json_error;
-    LOG(WARNING) << "ONC loaded from ONC source " << source
-                 << " is not a valid json dictionary: " << json_error;
+    LOG(ERROR) << "ONC loaded from ONC source " << source
+               << " is not a valid json dictionary: " << json_error;
     return false;
   }
 
   // Check and see if this is an encrypted ONC file. If so, decrypt it.
   std::string onc_type;
   root_dict->GetStringWithoutPathExpansion(onc::kType, &onc_type);
   if (onc_type == onc::kEncryptedConfiguration) {
     std::string decrypt_error;
     root_dict = onc::Decrypt(passphrase, *root_dict, &decrypt_error);
     if (root_dict.get() == NULL) {
-      if (error != NULL)
-        *error = decrypt_error;
-      LOG(WARNING) << "Couldn't decrypt the ONC from source " << source
-                   << " with error: " << decrypt_error;
+      LOG(ERROR) << "Couldn't decrypt the ONC from source " << source
+                 << " with error: " << decrypt_error;
       return false;
     }
   }
 
   // Validate the ONC dictionary. We are liberal and ignore unknown field
   // names and ignore invalid field names in kRecommended arrays.
   onc::Validator validator(false,  // Ignore unknown fields.
                            false,  // Ignore invalid recommended field names.
                            true,  // Fail on missing fields.
                            from_policy);
 
   // Unknown fields are removed from the result.
+  onc::Validator::Result validation_result;
   root_dict = validator.ValidateAndRepairObject(
-      &onc::kUnencryptedConfigurationSignature,
-      *root_dict);
+      &onc::kToplevelConfigurationSignature, *root_dict, &validation_result);
 
-  if (root_dict.get() == NULL) {
-    LOG(WARNING) << "ONC from source " << source
-                 << " is invalid and couldn't be repaired.";
+  if (validation_result == onc::Validator::VALID_WITH_WARNINGS) {
+    LOG(WARNING) << "ONC from source " << source << " produced warnings.";
+  } else if (validation_result == onc::Validator::INVALID ||
+             root_dict.get() == NULL) {
+    LOG(ERROR) << "ONC from source " << source
+               << " is invalid and couldn't be repaired.";
     return false;
   }
 
   const base::ListValue* certificates;
   bool has_certificates =
       root_dict->GetListWithoutPathExpansion(onc::kCertificates, &certificates);
 
   const base::ListValue* network_configs;
   bool has_network_configurations = root_dict->GetListWithoutPathExpansion(
       onc::kNetworkConfigurations,
       &network_configs);
 
-  // At least one of NetworkConfigurations or Certificates is required.
-  LOG_IF(WARNING, (!has_network_configurations && !has_certificates))
-      << "ONC from source " << source
-      << " has neither NetworkConfigurations nor Certificates.";
-
   if (has_certificates) {
     VLOG(2) << "ONC file has " << certificates->GetSize() << " certificates";
 
     onc::CertificateImporter cert_importer(source, allow_web_trust_from_policy);
     std::string cert_error;
     if (!cert_importer.ParseAndStoreCertificates(*certificates, &cert_error)) {
-      if (error != NULL)
-        *error = cert_error;
-      LOG(WARNING) << "Cannot parse some of the certificates in the ONC from "
-                   << "source " << source << " with error: " << cert_error;
+      LOG(ERROR) << "Cannot parse some of the certificates in the ONC from "
+                 << "source " << source << " with error: " << cert_error;
       return false;
     }
   }
 
   std::set<std::string> removal_ids;
   std::set<std::string>& network_ids(network_source_map_[source]);
   network_ids.clear();
   if (has_network_configurations) {
     VLOG(2) << "ONC file has " << network_configs->GetSize() << " networks";
     OncNetworkParser parser(*network_configs, source);
 
     // Parse all networks. Bail out if that fails.
     NetworkOncMap added_onc_map;
     ScopedVector<Network> networks;
     for (int i = 0; i < parser.GetNetworkConfigsSize(); i++) {
       // Parse Open Network Configuration blob into a temporary Network object.
       bool marked_for_removal = false;
       Network* network = parser.ParseNetwork(i, &marked_for_removal);
       if (!network) {
-        if (error != NULL)
-          *error = parser.parse_error();
-        LOG(WARNING) << "Error during parsing network at index " << i
+        LOG(ERROR) << "Error during parsing network at index " << i
                      << " from ONC source " << source
                      << ": " << parser.parse_error();
         return false;
       }
 
       // Disallow anything but WiFi and Ethernet for device-level policy (which
       // corresponds to shared networks). See also http://crosbug.com/28741.
       if (source == NetworkUIData::ONC_SOURCE_DEVICE_POLICY &&
           network->type() != TYPE_WIFI &&
           network->type() != TYPE_ETHERNET) {
@@ skipping 52 matching lines @@
       // Set the appropriate profile for |source|.
       if (profile != NULL)
         dict.SetString(flimflam::kProfileProperty, profile->path);
 
       // For Ethernet networks, apply them to the current Ethernet service.
       if (network->type() == TYPE_ETHERNET) {
         const EthernetNetwork* ethernet = ethernet_network();
         if (ethernet) {
           CallConfigureService(ethernet->unique_id(), &dict);
         } else {
-          DLOG(WARNING) << "Tried to import ONC with an Ethernet network when "
-                        << "there is no active Ethernet connection.";
+          LOG(WARNING) << "Tried to import ONC with an Ethernet network when "
+                       << "there is no active Ethernet connection.";
         }
       } else {
         CallConfigureService(network->unique_id(), &dict);
       }
 
       network_ids.insert(network->unique_id());
     }
   }
 
   if (from_policy) {
     // For policy-managed networks, go through the list of existing remembered
     // networks and clean out the ones that no longer have a definition in the
     // ONC blob. We first collect the networks and do the actual deletion later
     // because ForgetNetwork() changes the remembered network vectors.
     ForgetNetworksById(source, network_ids, false);
-  } else if (source == NetworkUIData::ONC_SOURCE_USER_IMPORT) {
-    if (removal_ids.empty())
-      return true;
-
+  } else if (source == NetworkUIData::ONC_SOURCE_USER_IMPORT &&
+             !removal_ids.empty()) {
     ForgetNetworksById(source, removal_ids, true);
   }
 
   return true;
 }
 
 ////////////////////////////////////////////////////////////////////////////
 // Testing functions.
 
 bool NetworkLibraryImplBase::SetActiveNetwork(
@@ skipping 507 matching lines @@
   GetTpmInfo();
   return tpm_slot_;
 }
 
 const std::string& NetworkLibraryImplBase::GetTpmPin() {
   GetTpmInfo();
   return tpm_pin_;
 }
 
 }  // namespace chromeos