Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/onc/onc_utils.h" | 5 #include "chromeos/network/onc/onc_utils.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/json/json_reader.h" | 8 #include "base/json/json_reader.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/metrics/histogram.h" | |
| 10 #include "base/string_util.h" | 11 #include "base/string_util.h" |
| 11 #include "base/values.h" | 12 #include "base/values.h" |
| 12 #include "chromeos/network/network_event_log.h" | 13 #include "chromeos/network/network_event_log.h" |
| 13 #include "chromeos/network/onc/onc_mapper.h" | 14 #include "chromeos/network/onc/onc_mapper.h" |
| 14 #include "chromeos/network/onc/onc_signature.h" | 15 #include "chromeos/network/onc/onc_signature.h" |
| 16 #include "chromeos/network/onc/onc_utils.h" | |
| 17 #include "chromeos/network/onc/onc_validator.h" | |
| 15 #include "crypto/encryptor.h" | 18 #include "crypto/encryptor.h" |
| 16 #include "crypto/hmac.h" | 19 #include "crypto/hmac.h" |
| 17 #include "crypto/symmetric_key.h" | 20 #include "crypto/symmetric_key.h" |
| 18 | 21 |
| 19 #define ONC_LOG_WARNING(message) NET_LOG_WARNING("ONC", message) | 22 #define ONC_LOG_WARNING(message) NET_LOG_WARNING("ONC", message) |
| 20 #define ONC_LOG_ERROR(message) NET_LOG_ERROR("ONC", message) | 23 #define ONC_LOG_ERROR(message) NET_LOG_ERROR("ONC", message) |
| 21 | 24 |
| 22 namespace chromeos { | 25 namespace chromeos { |
| 23 namespace onc { | 26 namespace onc { |
| 24 | 27 |
| (...skipping 223 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 248 found_unknown_field, error); | 251 found_unknown_field, error); |
| 249 } | 252 } |
| 250 } | 253 } |
| 251 | 254 |
| 252 // Mask to insert in place of the sensitive values. | 255 // Mask to insert in place of the sensitive values. |
| 253 std::string mask_; | 256 std::string mask_; |
| 254 }; | 257 }; |
| 255 | 258 |
| 256 } // namespace | 259 } // namespace |
| 257 | 260 |
| 258 CHROMEOS_EXPORT scoped_ptr<base::DictionaryValue> MaskCredentialsInOncObject( | 261 scoped_ptr<base::DictionaryValue> MaskCredentialsInOncObject( |
| 259 const onc::OncValueSignature& signature, | 262 const onc::OncValueSignature& signature, |
| 260 const base::DictionaryValue& onc_object, | 263 const base::DictionaryValue& onc_object, |
| 261 const std::string& mask) { | 264 const std::string& mask) { |
| 262 return OncMaskValues::Mask(signature, onc_object, mask); | 265 return OncMaskValues::Mask(signature, onc_object, mask); |
| 263 } | 266 } |
| 264 | 267 |
| 268 bool ParseAndValidateOncForImport( | |
| 269 const std::string& onc_blob, | |
| 270 chromeos::onc::ONCSource onc_source, | |
| 271 const std::string& passphrase, | |
| 272 scoped_ptr<base::ListValue>* network_configs, | |
| 273 scoped_ptr<base::ListValue>* certificates) { | |
| 274 if (onc_blob.empty()) { | |
| 275 network_configs->reset(new base::ListValue); | |
|
stevenjb
2013/04/22 16:53:41
Could be network_configs->Clear()
pneubeck (no reviews)
2013/04/23 18:05:25
Done.
| |
| 276 certificates->reset(new base::ListValue); | |
| 277 return true; | |
| 278 } | |
| 279 | |
| 280 scoped_ptr<base::DictionaryValue> toplevel_onc = | |
| 281 onc::ReadDictionaryFromJson(onc_blob); | |
| 282 if (toplevel_onc.get() == NULL) { | |
| 283 LOG(ERROR) << "ONC loaded from " << onc::GetSourceAsString(onc_source) | |
| 284 << " is not a valid JSON dictionary."; | |
| 285 return false; | |
| 286 } | |
| 287 | |
| 288 // Check and see if this is an encrypted ONC file. If so, decrypt it. | |
| 289 std::string onc_type; | |
| 290 toplevel_onc->GetStringWithoutPathExpansion(onc::toplevel_config::kType, | |
| 291 &onc_type); | |
| 292 if (onc_type == onc::toplevel_config::kEncryptedConfiguration) { | |
| 293 toplevel_onc = onc::Decrypt(passphrase, *toplevel_onc); | |
| 294 if (toplevel_onc.get() == NULL) { | |
| 295 LOG(ERROR) << "Couldn't decrypt the ONC from " | |
| 296 << onc::GetSourceAsString(onc_source); | |
| 297 return false; | |
| 298 } | |
| 299 } | |
| 300 | |
| 301 bool from_policy = (onc_source == onc::ONC_SOURCE_USER_POLICY || | |
| 302 onc_source == onc::ONC_SOURCE_DEVICE_POLICY); | |
| 303 | |
| 304 // Validate the ONC dictionary. We are liberal and ignore unknown field | |
| 305 // names and ignore invalid field names in kRecommended arrays. | |
| 306 onc::Validator validator(false, // Ignore unknown fields. | |
| 307 false, // Ignore invalid recommended field names. | |
| 308 true, // Fail on missing fields. | |
|
stevenjb
2013/04/22 16:53:41
nit: align comments
pneubeck (no reviews)
2013/04/23 18:05:25
Done.
| |
| 309 from_policy); | |
| 310 validator.SetOncSource(onc_source); | |
| 311 | |
| 312 onc::Validator::Result validation_result; | |
| 313 toplevel_onc = validator.ValidateAndRepairObject( | |
| 314 &onc::kToplevelConfigurationSignature, | |
| 315 *toplevel_onc, | |
| 316 &validation_result); | |
| 317 | |
| 318 if (from_policy) { | |
| 319 UMA_HISTOGRAM_BOOLEAN("Enterprise.ONC.PolicyValidation", | |
| 320 validation_result == onc::Validator::VALID); | |
| 321 } | |
| 322 | |
| 323 bool success = true; | |
| 324 if (validation_result == onc::Validator::VALID_WITH_WARNINGS) { | |
| 325 LOG(WARNING) << "ONC from " << onc::GetSourceAsString(onc_source) | |
| 326 << " produced warnings."; | |
| 327 success = false; | |
| 328 } else if (validation_result == onc::Validator::INVALID || | |
| 329 toplevel_onc == NULL) { | |
| 330 LOG(ERROR) << "ONC from " << onc::GetSourceAsString(onc_source) | |
| 331 << " is invalid and couldn't be repaired."; | |
| 332 return false; | |
| 333 } | |
| 334 | |
| 335 base::Value* certificates_value = NULL; | |
| 336 if (toplevel_onc->RemoveWithoutPathExpansion( | |
| 337 onc::toplevel_config::kCertificates, &certificates_value)) { | |
| 338 base::ListValue* certificates_listvalue = NULL; | |
| 339 certificates_value->GetAsList(&certificates_listvalue); | |
| 340 certificates->reset(certificates_listvalue); | |
| 341 } else { | |
| 342 certificates->reset(new base::ListValue); | |
| 343 } | |
| 344 | |
| 345 base::Value* network_configs_value = NULL; | |
| 346 if (toplevel_onc->RemoveWithoutPathExpansion( | |
| 347 onc::toplevel_config::kNetworkConfigurations, | |
| 348 &network_configs_value)) { | |
| 349 base::ListValue* network_configs_listvalue = NULL; | |
| 350 network_configs_value->GetAsList(&network_configs_listvalue); | |
| 351 network_configs->reset(network_configs_listvalue); | |
|
stevenjb
2013/04/22 16:53:41
Could be network_configs->Swap()
pneubeck (no reviews)
2013/04/23 18:05:25
Done.
| |
| 352 } else { | |
| 353 network_configs->reset(new base::ListValue); | |
| 354 } | |
| 355 | |
| 356 return success; | |
| 357 } | |
| 358 | |
| 265 } // namespace onc | 359 } // namespace onc |
| 266 } // namespace chromeos | 360 } // namespace chromeos |
| OLD | NEW |