chromeos/network/onc/onc_validator.cc - Issue 11970012: Add a check for server and CA certificates in device policies to the ONC validator.

Unified Diff: chromeos/network/onc/onc_validator.cc

Issue 11970012: Add a check for server and CA certificates in device policies to the ONC validator. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Initial patch. Created 7 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« chromeos/network/onc/onc_validator.h ('K') | « chromeos/network/onc/onc_validator.h ('k') | chromeos/network/onc/onc_validator_unittest.cc » ('j') | chromeos/network/onc/onc_validator_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chromeos/network/onc/onc_validator.cc

diff --git a/chromeos/network/onc/onc_validator.cc b/chromeos/network/onc/onc_validator.cc

index a57aeca2d6e77608b5532f9f853e2a33c7f4f2fa..47be4c2b42a123894866dcc3ae9741f03e9068aa 100644

--- a/chromeos/network/onc/onc_validator.cc

+++ b/chromeos/network/onc/onc_validator.cc

@@ -354,6 +354,22 @@ bool Validator::FieldExistsAndIsNotInRange(const base::DictionaryValue& object,

return true;

}

+bool Validator::FieldExistsAndIsEmpty(const base::DictionaryValue& object,

+ const std::string &field_name) {

Joao da Silva 2013/01/16 15:03:57 & next to std::string

pneubeck (no reviews) 2013/01/16 15:18:04 Done.

+ std::string value;

+ if (!object.GetStringWithoutPathExpansion(field_name, &value) ||

+ !value.empty()) {

+ return false;

+ }

+ error_or_warning_found_ = true;

+ path_.push_back(field_name);

+ LOG(ERROR) << ErrorHeader() << "Found an empty string, but expected a "

+ << "non-empty string.";

+ path_.pop_back();

+ return true;

bool Validator::RequireField(const base::DictionaryValue& dict,

const std::string& field_name) {

if (dict.HasKey(field_name))

@@ -422,8 +438,10 @@ bool Validator::ValidateNetworkConfiguration(

}

static const char* kValidTypes[] = { kEthernet, kVPN, kWiFi, NULL };

- if (FieldExistsAndHasNoValidValue(*result, kType, kValidTypes))

+ if (FieldExistsAndHasNoValidValue(*result, kType, kValidTypes) ||

+ FieldExistsAndIsEmpty(*result, kGUID)) {

return false;

+ }

bool allRequiredExist = RequireField(*result, kGUID);

@@ -736,8 +754,20 @@ bool Validator::ValidateCertificate(

return false;

static const char* kValidTypes[] = { kClient, kServer, kAuthority, NULL };

- if (FieldExistsAndHasNoValidValue(*result, certificate::kType, kValidTypes))

+ if (FieldExistsAndHasNoValidValue(*result, certificate::kType, kValidTypes) ||

+ FieldExistsAndIsEmpty(*result, kGUID)) {

return false;

+ }

+ std::string type;

+ result->GetStringWithoutPathExpansion(certificate::kType, &type);

+ if (onc_source_ == ONC_SOURCE_DEVICE_POLICY &&

+ (type == kServer || type == kAuthority)) {

+ error_or_warning_found_ = true;

+ LOG(ERROR) << ErrorHeader() << "Server and authority certificates are "

+ << "prohibited in ONC device policies.";

+ return false;

+ }

bool allRequiredExist = RequireField(*result, kGUID);

@@ -746,8 +776,6 @@ bool Validator::ValidateCertificate(

if (!remove) {

allRequiredExist &= RequireField(*result, certificate::kType);

- std::string type;

- result->GetStringWithoutPathExpansion(certificate::kType, &type);

if (type == kClient)

allRequiredExist &= RequireField(*result, kPKCS12);

else if (type == kServer || type == kAuthority)