Split up chrome/browser/policy subdirectory

chrome/browser/policy/configuration_policy_handler_chromeos.cc

-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "chrome/browser/policy/configuration_policy_handler_chromeos.h"
-
-#include <string>
-
-#include "base/json/json_reader.h"
-#include "base/json/json_writer.h"
-#include "base/memory/scoped_ptr.h"
-#include "base/prefs/pref_value_map.h"
-#include "base/string_util.h"
-#include "base/values.h"
-#include "chrome/browser/policy/policy_error_map.h"
-#include "chrome/browser/policy/policy_map.h"
-#include "chrome/browser/ui/ash/chrome_launcher_prefs.h"
-#include "chrome/common/pref_names.h"
-#include "chromeos/network/onc/onc_constants.h"
-#include "chromeos/network/onc/onc_signature.h"
-#include "chromeos/network/onc/onc_utils.h"
-#include "chromeos/network/onc/onc_validator.h"
-#include "grit/generated_resources.h"
-#include "policy/policy_constants.h"
-
-namespace onc = chromeos::onc;
-
-namespace {
-
-}  // namespace
-
-namespace policy {
-
-NetworkConfigurationPolicyHandler::NetworkConfigurationPolicyHandler(
-    const char* policy_name,
-    chromeos::onc::ONCSource onc_source)
-    : TypeCheckingPolicyHandler(policy_name, base::Value::TYPE_STRING),
-      onc_source_(onc_source) {}
-
-NetworkConfigurationPolicyHandler::~NetworkConfigurationPolicyHandler() {}
-
-bool NetworkConfigurationPolicyHandler::CheckPolicySettings(
-    const PolicyMap& policies,
-    PolicyErrorMap* errors) {
-  const base::Value* value;
-  if (!CheckAndGetValue(policies, errors, &value))
-    return false;
-
-  if (value) {
-    std::string onc_blob;
-    value->GetAsString(&onc_blob);
-    scoped_ptr<base::DictionaryValue> root_dict =
-        onc::ReadDictionaryFromJson(onc_blob);
-    if (root_dict.get() == NULL) {
-      errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_PARSE_FAILED);
-      return false;
-    }
-
-    // Validate the ONC dictionary. We are liberal and ignore unknown field
-    // names and ignore invalid field names in kRecommended arrays.
-    onc::Validator validator(false,  // Ignore unknown fields.
-                             false,  // Ignore invalid recommended field names.
-                             true,  // Fail on missing fields.
-                             true);  // Validate for managed ONC
-    validator.SetOncSource(onc_source_);
-
-    // ONC policies are always unencrypted.
-    onc::Validator::Result validation_result;
-    root_dict = validator.ValidateAndRepairObject(
-        &onc::kToplevelConfigurationSignature, *root_dict, &validation_result);
-    if (validation_result == onc::Validator::VALID_WITH_WARNINGS) {
-      errors->AddError(policy_name(),
-                       IDS_POLICY_NETWORK_CONFIG_IMPORT_PARTIAL);
-    } else if (validation_result == onc::Validator::INVALID) {
-      errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_IMPORT_FAILED);
-    }
-
-    // In any case, don't reject the policy as some networks or certificates
-    // could still be applied.
-  }
-
-  return true;
-}
-
-void NetworkConfigurationPolicyHandler::ApplyPolicySettings(
-    const PolicyMap& policies,
-    PrefValueMap* prefs) {
-  // Network policy is read directly from the provider and injected into
-  // NetworkLibrary, so no need to convert the policy settings into prefs.
-}
-
-void NetworkConfigurationPolicyHandler::PrepareForDisplaying(
-    PolicyMap* policies) const {
-  const PolicyMap::Entry* entry = policies->Get(policy_name());
-  if (!entry)
-    return;
-  base::Value* sanitized_config = SanitizeNetworkConfig(entry->value);
-  if (!sanitized_config)
-    sanitized_config = base::Value::CreateNullValue();
-
-  policies->Set(policy_name(), entry->level, entry->scope, sanitized_config);
-}
-
-// static
-base::Value* NetworkConfigurationPolicyHandler::SanitizeNetworkConfig(
-    const base::Value* config) {
-  std::string json_string;
-  if (!config->GetAsString(&json_string))
-    return NULL;
-
-  scoped_ptr<base::Value> json_value(
-      base::JSONReader::Read(json_string, base::JSON_ALLOW_TRAILING_COMMAS));
-  if (!json_value.get() || !json_value->IsType(base::Value::TYPE_DICTIONARY))
-    return NULL;
-
-  base::DictionaryValue* config_dict =
-      static_cast<base::DictionaryValue*>(json_value.get());
-
-  // Strip any sensitive information from the JSON dictionary.
-  base::ListValue* config_list = NULL;
-  if (config_dict->GetList("NetworkConfigurations", &config_list)) {
-    for (base::ListValue::const_iterator network_entry = config_list->begin();
-         network_entry != config_list->end();
-         ++network_entry) {
-      if ((*network_entry) &&
-          (*network_entry)->IsType(base::Value::TYPE_DICTIONARY)) {
-        MaskSensitiveValues(
-            static_cast<base::DictionaryValue*>(*network_entry));
-      }
-    }
-  }
-
-  // Convert back to a string, pretty printing the contents.
-  base::JSONWriter::WriteWithOptions(config_dict,
-                                     base::JSONWriter::OPTIONS_DO_NOT_ESCAPE |
-                                         base::JSONWriter::OPTIONS_PRETTY_PRINT,
-                                     &json_string);
-  return base::Value::CreateStringValue(json_string);
-}
-
-// static
-void NetworkConfigurationPolicyHandler::MaskSensitiveValues(
-    base::DictionaryValue* network_dict) {
-  // Paths of the properties to be replaced by the placeholder. Each entry
-  // specifies dictionary key paths.
-  static const int kMaxComponents = 3;
-  static const char* kFilteredSettings[][kMaxComponents] = {
-    { onc::network_config::kEthernet, onc::ethernet::kEAP,
-      onc::eap::kPassword },
-    { onc::network_config::kVPN, onc::vpn::kIPsec, onc::vpn::kPSK },
-    { onc::network_config::kVPN, onc::vpn::kL2TP, onc::vpn::kPassword },
-    { onc::network_config::kVPN, onc::vpn::kOpenVPN, onc::vpn::kPassword },
-    { onc::network_config::kVPN, onc::vpn::kOpenVPN,
-      onc::vpn::kTLSAuthContents },
-    { onc::network_config::kWiFi, onc::wifi::kEAP, onc::eap::kPassword },
-    { onc::network_config::kWiFi, onc::wifi::kPassphrase },
-  };
-
-  // Placeholder to insert in place of the filtered setting.
-  static const char kPlaceholder[] = "********";
-
-  for (size_t i = 0; i < arraysize(kFilteredSettings); ++i) {
-    const char** path = kFilteredSettings[i];
-    base::DictionaryValue* dict = network_dict;
-    int j = 0;
-    for (j = 0; path[j + 1] != NULL && j + 1 < kMaxComponents; ++j) {
-      if (!dict->GetDictionaryWithoutPathExpansion(path[j], &dict)) {
-        dict = NULL;
-        break;
-      }
-    }
-    if (dict && dict->RemoveWithoutPathExpansion(path[j], NULL)) {
-      dict->SetWithoutPathExpansion(
-          path[j], base::Value::CreateStringValue(kPlaceholder));
-    }
-  }
-}
-
-PinnedLauncherAppsPolicyHandler::PinnedLauncherAppsPolicyHandler()
-    : ExtensionListPolicyHandler(key::kPinnedLauncherApps,
-                                 prefs::kPinnedLauncherApps,
-                                 false) {}
-
-PinnedLauncherAppsPolicyHandler::~PinnedLauncherAppsPolicyHandler() {}
-
-void PinnedLauncherAppsPolicyHandler::ApplyPolicySettings(
-    const PolicyMap& policies,
-    PrefValueMap* prefs) {
-  PolicyErrorMap errors;
-  const base::Value* policy_value = policies.GetValue(policy_name());
-  const base::ListValue* policy_list = NULL;
-  if (policy_value && policy_value->GetAsList(&policy_list) && policy_list) {
-    base::ListValue* pinned_apps_list = new base::ListValue();
-    for (base::ListValue::const_iterator entry(policy_list->begin());
-         entry != policy_list->end(); ++entry) {
-      std::string id;
-      if ((*entry)->GetAsString(&id)) {
-        base::DictionaryValue* app_dict = new base::DictionaryValue();
-        app_dict->SetString(ash::kPinnedAppsPrefAppIDPath, id);
-        pinned_apps_list->Append(app_dict);
-      }
-    }
-    prefs->SetValue(pref_path(), pinned_apps_list);
-  }
-}
-
-}  // namespace policy