chromeos/network/onc/onc_utils.cc - Issue 14192017: Extract certificate policy application from NetworkLibrary.

Side by Side Diff: chromeos/network/onc/onc_utils.cc

Issue 14192017: Extract certificate policy application from NetworkLibrary. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Initial patch. Created 7 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chromeos/network/onc/onc_utils.h"	5 #include "chromeos/network/onc/onc_utils.h"

6	6

7 #include "base/base64.h"	7 #include "base/base64.h"

8 #include "base/json/json_reader.h"	8 #include "base/json/json_reader.h"

9 #include "base/logging.h"	9 #include "base/logging.h"

	10 #include "base/metrics/histogram.h"

10 #include "base/string_util.h"	11 #include "base/string_util.h"

11 #include "base/values.h"	12 #include "base/values.h"

12 #include "chromeos/network/network_event_log.h"	13 #include "chromeos/network/network_event_log.h"

13 #include "chromeos/network/onc/onc_mapper.h"	14 #include "chromeos/network/onc/onc_mapper.h"

14 #include "chromeos/network/onc/onc_signature.h"	15 #include "chromeos/network/onc/onc_signature.h"

	16 #include "chromeos/network/onc/onc_utils.h"

	17 #include "chromeos/network/onc/onc_validator.h"

15 #include "crypto/encryptor.h"	18 #include "crypto/encryptor.h"

16 #include "crypto/hmac.h"	19 #include "crypto/hmac.h"

17 #include "crypto/symmetric_key.h"	20 #include "crypto/symmetric_key.h"

18	21

19 #define ONC_LOG_WARNING(message) NET_LOG_WARNING("ONC", message)	22 #define ONC_LOG_WARNING(message) NET_LOG_WARNING("ONC", message)

20 #define ONC_LOG_ERROR(message) NET_LOG_ERROR("ONC", message)	23 #define ONC_LOG_ERROR(message) NET_LOG_ERROR("ONC", message)

21	24

22 namespace chromeos {	25 namespace chromeos {

23 namespace onc {	26 namespace onc {

24	27

(...skipping 223 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
248 found_unknown_field, error);	251 found_unknown_field, error);

249 }	252 }

250 }	253 }

251	254

252 // Mask to insert in place of the sensitive values.	255 // Mask to insert in place of the sensitive values.

253 std::string mask_;	256 std::string mask_;

254 };	257 };

255	258

256 } // namespace	259 } // namespace

257	260

258 CHROMEOS_EXPORT scoped_ptr<base::DictionaryValue> MaskCredentialsInOncObject(	261 scoped_ptr<base::DictionaryValue> MaskCredentialsInOncObject(

259 const onc::OncValueSignature& signature,	262 const onc::OncValueSignature& signature,

260 const base::DictionaryValue& onc_object,	263 const base::DictionaryValue& onc_object,

261 const std::string& mask) {	264 const std::string& mask) {

262 return OncMaskValues::Mask(signature, onc_object, mask);	265 return OncMaskValues::Mask(signature, onc_object, mask);

263 }	266 }

264	267

	268 bool ParseAndValidateOncForImport(

	269 const std::string& onc_blob,

	270 chromeos::onc::ONCSource onc_source,

	271 const std::string& passphrase,

	272 scoped_ptr<base::ListValue>* network_configs,

	273 scoped_ptr<base::ListValue>* certificates) {

	274 if (onc_blob.empty()) {

	275 network_configs->reset(new base::ListValue);
	stevenjb 2013/04/22 16:53:41 Could be network_configs->Clear() Could be network_configs->Clear() pneubeck (no reviews) 2013/04/23 18:05:25 Done. Show quoted text On 2013/04/22 16:53:41, stevenjb (chromium) wrote: > Could be network_configs->Clear() Done.
	276 certificates->reset(new base::ListValue);

	277 return true;

	278 }

	279

	280 scoped_ptr<base::DictionaryValue> toplevel_onc =

	281 onc::ReadDictionaryFromJson(onc_blob);

	282 if (toplevel_onc.get() == NULL) {

	283 LOG(ERROR) << "ONC loaded from " << onc::GetSourceAsString(onc_source)

	284 << " is not a valid JSON dictionary.";

	285 return false;

	286 }

	287

	288 // Check and see if this is an encrypted ONC file. If so, decrypt it.

	289 std::string onc_type;

	290 toplevel_onc->GetStringWithoutPathExpansion(onc::toplevel_config::kType,

	291 &onc_type);

	292 if (onc_type == onc::toplevel_config::kEncryptedConfiguration) {

	293 toplevel_onc = onc::Decrypt(passphrase, *toplevel_onc);

	294 if (toplevel_onc.get() == NULL) {

	295 LOG(ERROR) << "Couldn't decrypt the ONC from "

	296 << onc::GetSourceAsString(onc_source);

	297 return false;

	298 }

	299 }

	300

	301 bool from_policy = (onc_source == onc::ONC_SOURCE_USER_POLICY \|\|

	302 onc_source == onc::ONC_SOURCE_DEVICE_POLICY);

	303

	304 // Validate the ONC dictionary. We are liberal and ignore unknown field

	305 // names and ignore invalid field names in kRecommended arrays.

	306 onc::Validator validator(false, // Ignore unknown fields.

	307 false, // Ignore invalid recommended field names.

	308 true, // Fail on missing fields.
	stevenjb 2013/04/22 16:53:41 nit: align comments nit: align comments pneubeck (no reviews) 2013/04/23 18:05:25 Done. Show quoted text On 2013/04/22 16:53:41, stevenjb (chromium) wrote: > nit: align comments Done.
	309 from_policy);

	310 validator.SetOncSource(onc_source);

	311

	312 onc::Validator::Result validation_result;

	313 toplevel_onc = validator.ValidateAndRepairObject(

	314 &onc::kToplevelConfigurationSignature,

	315 *toplevel_onc,

	316 &validation_result);

	317

	318 if (from_policy) {

	319 UMA_HISTOGRAM_BOOLEAN("Enterprise.ONC.PolicyValidation",

	320 validation_result == onc::Validator::VALID);

	321 }

	322

	323 bool success = true;

	324 if (validation_result == onc::Validator::VALID_WITH_WARNINGS) {

	325 LOG(WARNING) << "ONC from " << onc::GetSourceAsString(onc_source)

	326 << " produced warnings.";

	327 success = false;

	328 } else if (validation_result == onc::Validator::INVALID \|\|

	329 toplevel_onc == NULL) {

	330 LOG(ERROR) << "ONC from " << onc::GetSourceAsString(onc_source)

	331 << " is invalid and couldn't be repaired.";

	332 return false;

	333 }

	334

	335 base::Value* certificates_value = NULL;

	336 if (toplevel_onc->RemoveWithoutPathExpansion(

	337 onc::toplevel_config::kCertificates, &certificates_value)) {

	338 base::ListValue* certificates_listvalue = NULL;

	339 certificates_value->GetAsList(&certificates_listvalue);

	340 certificates->reset(certificates_listvalue);

	341 } else {

	342 certificates->reset(new base::ListValue);

	343 }

	344

	345 base::Value* network_configs_value = NULL;

	346 if (toplevel_onc->RemoveWithoutPathExpansion(

	347 onc::toplevel_config::kNetworkConfigurations,

	348 &network_configs_value)) {

	349 base::ListValue* network_configs_listvalue = NULL;

	350 network_configs_value->GetAsList(&network_configs_listvalue);

	351 network_configs->reset(network_configs_listvalue);
	stevenjb 2013/04/22 16:53:41 Could be network_configs->Swap() Could be network_configs->Swap() pneubeck (no reviews) 2013/04/23 18:05:25 Done. Show quoted text On 2013/04/22 16:53:41, stevenjb (chromium) wrote: > Could be network_configs->Swap() Done.
	352 } else {

	353 network_configs->reset(new base::ListValue);

	354 }

	355

	356 return success;

	357 }

	358

265 } // namespace onc	359 } // namespace onc

266 } // namespace chromeos	360 } // namespace chromeos

OLD	NEW

« chromeos/network/onc/onc_utils.h ('K') | « chromeos/network/onc/onc_utils.h ('k') | chromeos/test/data/network/repaired_toplevel_partially_invalid.onc » ('j') | no next file with comments »