OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chromeos/network/onc/onc_validator.h" | 5 #include "chromeos/network/onc/onc_validator.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/json/json_writer.h" | 10 #include "base/json/json_writer.h" |
(...skipping 362 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
373 LOG(ERROR) << ErrorHeader() << "Client certificate patterns are " | 373 LOG(ERROR) << ErrorHeader() << "Client certificate patterns are " |
374 << "prohibited in ONC device policies."; | 374 << "prohibited in ONC device policies."; |
375 return true; | 375 return true; |
376 } | 376 } |
377 return false; | 377 return false; |
378 } | 378 } |
379 | 379 |
380 bool Validator::ValidateToplevelConfiguration( | 380 bool Validator::ValidateToplevelConfiguration( |
381 const base::DictionaryValue& onc_object, | 381 const base::DictionaryValue& onc_object, |
382 base::DictionaryValue* result) { | 382 base::DictionaryValue* result) { |
| 383 using namespace onc::toplevel_config; |
| 384 |
383 if (!ValidateObjectDefault(kToplevelConfigurationSignature, | 385 if (!ValidateObjectDefault(kToplevelConfigurationSignature, |
384 onc_object, result)) { | 386 onc_object, result)) { |
385 return false; | 387 return false; |
386 } | 388 } |
387 | 389 |
388 static const char* kValidTypes[] = | 390 static const char* kValidTypes[] = |
389 { kUnencryptedConfiguration, kEncryptedConfiguration, NULL }; | 391 { kUnencryptedConfiguration, |
390 if (FieldExistsAndHasNoValidValue(*result, kType, kValidTypes)) | 392 kEncryptedConfiguration, |
| 393 NULL }; |
| 394 if (FieldExistsAndHasNoValidValue(*result, |
| 395 kType, |
| 396 kValidTypes)) |
391 return false; | 397 return false; |
392 | 398 |
393 bool allRequiredExist = true; | 399 bool allRequiredExist = true; |
394 | 400 |
395 // Not part of the ONC spec yet: | 401 // Not part of the ONC spec yet: |
396 // We don't require the type field and default to UnencryptedConfiguration. | 402 // We don't require the type field and default to UnencryptedConfiguration. |
397 std::string type = kUnencryptedConfiguration; | 403 std::string type = kUnencryptedConfiguration; |
398 result->GetStringWithoutPathExpansion(kType, &type); | 404 result->GetStringWithoutPathExpansion(kType, &type); |
399 if (type == kUnencryptedConfiguration && | 405 if (type == kUnencryptedConfiguration && |
400 !result->HasKey(kNetworkConfigurations) && | 406 !result->HasKey(kNetworkConfigurations) && |
401 !result->HasKey(kCertificates)) { | 407 !result->HasKey(kCertificates)) { |
402 error_or_warning_found_ = true; | 408 error_or_warning_found_ = true; |
403 std::string message = MessageHeader(error_on_missing_field_) + | 409 std::string message = MessageHeader(error_on_missing_field_) + |
404 "Neither the field '" + kNetworkConfigurations + "' nor '" + | 410 "Neither the field '" + kNetworkConfigurations + |
405 kCertificates + "is present, but at least one is required."; | 411 "' nor '" + kCertificates + |
| 412 "is present, but at least one is required."; |
406 if (error_on_missing_field_) | 413 if (error_on_missing_field_) |
407 LOG(ERROR) << message; | 414 LOG(ERROR) << message; |
408 else | 415 else |
409 LOG(WARNING) << message; | 416 LOG(WARNING) << message; |
410 allRequiredExist = false; | 417 allRequiredExist = false; |
411 } | 418 } |
412 | 419 |
413 return !error_on_missing_field_ || allRequiredExist; | 420 return !error_on_missing_field_ || allRequiredExist; |
414 } | 421 } |
415 | 422 |
416 bool Validator::ValidateNetworkConfiguration( | 423 bool Validator::ValidateNetworkConfiguration( |
417 const base::DictionaryValue& onc_object, | 424 const base::DictionaryValue& onc_object, |
418 base::DictionaryValue* result) { | 425 base::DictionaryValue* result) { |
| 426 using namespace onc::network_config; |
| 427 |
419 if (!ValidateObjectDefault(kNetworkConfigurationSignature, | 428 if (!ValidateObjectDefault(kNetworkConfigurationSignature, |
420 onc_object, result)) { | 429 onc_object, result)) { |
421 return false; | 430 return false; |
422 } | 431 } |
423 | 432 |
424 static const char* kValidTypes[] = { kEthernet, kVPN, kWiFi, NULL }; | 433 static const char* kValidTypes[] = { network_type::kEthernet, |
425 if (FieldExistsAndHasNoValidValue(*result, kType, kValidTypes)) | 434 network_type::kVPN, |
| 435 network_type::kWiFi, |
| 436 NULL }; |
| 437 if (FieldExistsAndHasNoValidValue(*result, |
| 438 kType, |
| 439 kValidTypes)) |
426 return false; | 440 return false; |
427 | 441 |
428 bool allRequiredExist = RequireField(*result, kGUID); | 442 bool allRequiredExist = RequireField(*result, kGUID); |
429 | 443 |
430 bool remove = false; | 444 bool remove = false; |
431 result->GetBooleanWithoutPathExpansion(kRemove, &remove); | 445 result->GetBooleanWithoutPathExpansion(kRemove, &remove); |
432 if (!remove) { | 446 if (!remove) { |
433 allRequiredExist &= RequireField(*result, kName); | 447 allRequiredExist &= RequireField(*result, kName); |
434 allRequiredExist &= RequireField(*result, kType); | 448 allRequiredExist &= RequireField(*result, kType); |
435 | 449 |
436 std::string type; | 450 std::string type; |
437 result->GetStringWithoutPathExpansion(kType, &type); | 451 result->GetStringWithoutPathExpansion(kType, &type); |
438 | 452 |
439 // Prohibit anything but WiFi and Ethernet for device-level policy (which | 453 // Prohibit anything but WiFi and Ethernet for device-level policy (which |
440 // corresponds to shared networks). See also http://crosbug.com/28741. | 454 // corresponds to shared networks). See also http://crosbug.com/28741. |
441 if (onc_source_ == ONC_SOURCE_DEVICE_POLICY && | 455 if (onc_source_ == ONC_SOURCE_DEVICE_POLICY && |
442 type != kWiFi && | 456 type != network_type::kWiFi && |
443 type != kEthernet) { | 457 type != network_type::kEthernet) { |
444 error_or_warning_found_ = true; | 458 error_or_warning_found_ = true; |
445 LOG(ERROR) << ErrorHeader() << "Networks of type '" | 459 LOG(ERROR) << ErrorHeader() << "Networks of type '" |
446 << type << "' are prohibited in ONC device policies."; | 460 << type << "' are prohibited in ONC device policies."; |
447 return false; | 461 return false; |
448 } | 462 } |
449 allRequiredExist &= type.empty() || RequireField(*result, type); | 463 |
| 464 if (type == network_type::kWiFi) |
| 465 allRequiredExist &= RequireField(*result, network_config::kWiFi); |
| 466 else if (type == network_type::kEthernet) |
| 467 allRequiredExist &= RequireField(*result, network_config::kEthernet); |
| 468 else if (type == network_type::kCellular) |
| 469 allRequiredExist &= RequireField(*result, network_config::kCellular); |
| 470 else if (type == network_type::kVPN) |
| 471 allRequiredExist &= RequireField(*result, network_config::kVPN); |
| 472 else |
| 473 LOG(ERROR) << "Unknown network type " << type << " encountered"; |
450 } | 474 } |
451 | 475 |
452 return !error_on_missing_field_ || allRequiredExist; | 476 return !error_on_missing_field_ || allRequiredExist; |
453 } | 477 } |
454 | 478 |
455 bool Validator::ValidateEthernet( | 479 bool Validator::ValidateEthernet( |
456 const base::DictionaryValue& onc_object, | 480 const base::DictionaryValue& onc_object, |
457 base::DictionaryValue* result) { | 481 base::DictionaryValue* result) { |
458 using namespace onc::ethernet; | 482 using namespace onc::ethernet; |
459 if (!ValidateObjectDefault(kEthernetSignature, onc_object, result)) | 483 if (!ValidateObjectDefault(kEthernetSignature, onc_object, result)) |
(...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
729 } | 753 } |
730 | 754 |
731 bool Validator::ValidateCertificate( | 755 bool Validator::ValidateCertificate( |
732 const base::DictionaryValue& onc_object, | 756 const base::DictionaryValue& onc_object, |
733 base::DictionaryValue* result) { | 757 base::DictionaryValue* result) { |
734 using namespace onc::certificate; | 758 using namespace onc::certificate; |
735 if (!ValidateObjectDefault(kCertificateSignature, onc_object, result)) | 759 if (!ValidateObjectDefault(kCertificateSignature, onc_object, result)) |
736 return false; | 760 return false; |
737 | 761 |
738 static const char* kValidTypes[] = { kClient, kServer, kAuthority, NULL }; | 762 static const char* kValidTypes[] = { kClient, kServer, kAuthority, NULL }; |
739 if (FieldExistsAndHasNoValidValue(*result, certificate::kType, kValidTypes)) | 763 if (FieldExistsAndHasNoValidValue(*result, kType, kValidTypes)) |
740 return false; | 764 return false; |
741 | 765 |
742 bool allRequiredExist = RequireField(*result, kGUID); | 766 bool allRequiredExist = RequireField(*result, kGUID); |
743 | 767 |
744 bool remove = false; | 768 bool remove = false; |
745 result->GetBooleanWithoutPathExpansion(kRemove, &remove); | 769 result->GetBooleanWithoutPathExpansion(kRemove, &remove); |
746 if (!remove) { | 770 if (!remove) { |
747 allRequiredExist &= RequireField(*result, certificate::kType); | 771 allRequiredExist &= RequireField(*result, kType); |
748 | 772 |
749 std::string type; | 773 std::string type; |
750 result->GetStringWithoutPathExpansion(certificate::kType, &type); | 774 result->GetStringWithoutPathExpansion(kType, &type); |
751 if (type == kClient) | 775 if (type == kClient) |
752 allRequiredExist &= RequireField(*result, kPKCS12); | 776 allRequiredExist &= RequireField(*result, kPKCS12); |
753 else if (type == kServer || type == kAuthority) | 777 else if (type == kServer || type == kAuthority) |
754 allRequiredExist &= RequireField(*result, kX509); | 778 allRequiredExist &= RequireField(*result, kX509); |
755 } | 779 } |
756 | 780 |
757 return !error_on_missing_field_ || allRequiredExist; | 781 return !error_on_missing_field_ || allRequiredExist; |
758 } | 782 } |
759 | 783 |
760 std::string Validator::WarningHeader() { | 784 std::string Validator::WarningHeader() { |
761 return MessageHeader(false); | 785 return MessageHeader(false); |
762 } | 786 } |
763 | 787 |
764 std::string Validator::ErrorHeader() { | 788 std::string Validator::ErrorHeader() { |
765 return MessageHeader(true); | 789 return MessageHeader(true); |
766 } | 790 } |
767 | 791 |
768 std::string Validator::MessageHeader(bool is_error) { | 792 std::string Validator::MessageHeader(bool is_error) { |
769 std::string path = path_.empty() ? "toplevel" : JoinString(path_, "."); | 793 std::string path = path_.empty() ? "toplevel" : JoinString(path_, "."); |
770 std::string message = "At " + path + ": "; | 794 std::string message = "At " + path + ": "; |
771 return message; | 795 return message; |
772 } | 796 } |
773 | 797 |
774 } // namespace onc | 798 } // namespace onc |
775 } // namespace chromeos | 799 } // namespace chromeos |
OLD | NEW |