Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1590)

Unified Diff: chrome/browser/chromeos/cros/network_library_impl_base.cc

Issue 14192017: Extract certificate policy application from NetworkLibrary. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebased. Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/browser/chromeos/cros/network_library_impl_base.cc
diff --git a/chrome/browser/chromeos/cros/network_library_impl_base.cc b/chrome/browser/chromeos/cros/network_library_impl_base.cc
index 2acde2b570569ec68e844f9ac511523e9aff892f..74582ed31e6dc096688a012ea5864abbee15df43 100644
--- a/chrome/browser/chromeos/cros/network_library_impl_base.cc
+++ b/chrome/browser/chromeos/cros/network_library_impl_base.cc
@@ -7,7 +7,6 @@
#include "base/bind.h"
#include "base/json/json_writer.h"
#include "base/memory/scoped_vector.h"
-#include "base/metrics/histogram.h"
#include "base/stl_util.h"
#include "base/string_util.h"
#include "chrome/browser/chromeos/cros/network_constants.h"
@@ -15,13 +14,11 @@
#include "chrome/browser/chromeos/net/onc_utils.h"
#include "chrome/browser/chromeos/network_login_observer.h"
#include "chromeos/network/network_ui_data.h"
-#include "chromeos/network/onc/onc_certificate_importer.h"
#include "chromeos/network/onc/onc_constants.h"
#include "chromeos/network/onc/onc_normalizer.h"
#include "chromeos/network/onc/onc_signature.h"
#include "chromeos/network/onc/onc_translator.h"
#include "chromeos/network/onc/onc_utils.h"
-#include "chromeos/network/onc/onc_validator.h"
#include "content/public/browser/browser_thread.h"
#include "crypto/nss_util.h" // crypto::GetTPMTokenInfo() for 802.1X and VPN.
#include "third_party/cros_system_api/dbus/service_constants.h"
@@ -1063,12 +1060,10 @@ class UserStringSubstitution : public onc::StringSubstitution {
} // namespace
-bool NetworkLibraryImplBase::LoadOncNetworks(
- const std::string& onc_blob,
- const std::string& passphrase,
- onc::ONCSource source,
- net::CertificateList* onc_trusted_certificates) {
- VLOG(2) << __func__ << ": called on " << onc_blob;
+void NetworkLibraryImplBase::LoadOncNetworks(
+ const base::ListValue& network_configs,
+ onc::ONCSource source) {
+ VLOG(2) << __func__ << ": called on " << network_configs;
NetworkProfile* profile = NULL;
bool from_policy = (source == onc::ONC_SOURCE_USER_POLICY ||
source == onc::ONC_SOURCE_DEVICE_POLICY);
@@ -1082,192 +1077,112 @@ bool NetworkLibraryImplBase::LoadOncNetworks(
if (profile == NULL) {
VLOG(2) << "Profile for ONC source " << onc::GetSourceAsString(source)
<< " doesn't exist.";
- return true;
+ return;
}
}
- scoped_ptr<base::DictionaryValue> root_dict =
- onc::ReadDictionaryFromJson(onc_blob);
- if (root_dict.get() == NULL) {
- LOG(ERROR) << "ONC loaded from " << onc::GetSourceAsString(source)
- << " is not a valid JSON dictionary.";
- return false;
- }
-
- // Check and see if this is an encrypted ONC file. If so, decrypt it.
- std::string onc_type;
- root_dict->GetStringWithoutPathExpansion(onc::toplevel_config::kType,
- &onc_type);
- if (onc_type == onc::toplevel_config::kEncryptedConfiguration) {
- root_dict = onc::Decrypt(passphrase, *root_dict);
- if (root_dict.get() == NULL) {
- LOG(ERROR) << "Couldn't decrypt the ONC from "
- << onc::GetSourceAsString(source);
- return false;
- }
- }
+ std::set<std::string> removal_ids;
+ std::set<std::string>& network_ids(network_source_map_[source]);
+ network_ids.clear();
+ VLOG(2) << "ONC file has " << network_configs.GetSize() << " networks";
+ for (base::ListValue::const_iterator it(network_configs.begin());
+ it != network_configs.end(); ++it) {
+ const base::DictionaryValue* network;
+ (*it)->GetAsDictionary(&network);
- // Validate the ONC dictionary. We are liberal and ignore unknown field
- // names and ignore invalid field names in kRecommended arrays.
- onc::Validator validator(false, // Ignore unknown fields.
- false, // Ignore invalid recommended field names.
- true, // Fail on missing fields.
- from_policy);
- validator.SetOncSource(source);
+ bool marked_for_removal = false;
+ network->GetBooleanWithoutPathExpansion(onc::kRemove,
+ &marked_for_removal);
- onc::Validator::Result validation_result;
- root_dict = validator.ValidateAndRepairObject(
- &onc::kToplevelConfigurationSignature,
- *root_dict,
- &validation_result);
+ std::string type;
+ network->GetStringWithoutPathExpansion(onc::network_config::kType, &type);
- if (from_policy) {
- UMA_HISTOGRAM_BOOLEAN("Enterprise.ONC.PolicyValidation",
- validation_result == onc::Validator::VALID);
- }
+ std::string guid;
+ network->GetStringWithoutPathExpansion(onc::network_config::kGUID, &guid);
- bool success = true;
- if (validation_result == onc::Validator::VALID_WITH_WARNINGS) {
- LOG(WARNING) << "ONC from " << onc::GetSourceAsString(source)
- << " produced warnings.";
- success = false;
- } else if (validation_result == onc::Validator::INVALID ||
- root_dict == NULL) {
- LOG(ERROR) << "ONC from " << onc::GetSourceAsString(source)
- << " is invalid and couldn't be repaired.";
- return false;
- }
-
- const base::ListValue* certificates;
- bool has_certificates =
- root_dict->GetListWithoutPathExpansion(
- onc::toplevel_config::kCertificates,
- &certificates);
-
- const base::ListValue* network_configs;
- bool has_network_configurations = root_dict->GetListWithoutPathExpansion(
- onc::toplevel_config::kNetworkConfigurations,
- &network_configs);
-
- if (has_certificates) {
- VLOG(2) << "ONC file has " << certificates->GetSize() << " certificates";
-
- // Web trust is only granted to certificates imported by the user.
- bool allow_trust_imports = source == onc::ONC_SOURCE_USER_IMPORT;
- onc::CertificateImporter cert_importer(allow_trust_imports);
- if (cert_importer.ParseAndStoreCertificates(
- *certificates, onc_trusted_certificates) !=
- onc::CertificateImporter::IMPORT_OK) {
- LOG(ERROR) << "Cannot parse some of the certificates in the ONC from "
- << onc::GetSourceAsString(source);
- success = false;
+ if (source == onc::ONC_SOURCE_USER_IMPORT && marked_for_removal) {
+ // User import supports the removal of networks by ID.
+ removal_ids.insert(guid);
+ continue;
}
- }
- std::set<std::string> removal_ids;
- std::set<std::string>& network_ids(network_source_map_[source]);
- network_ids.clear();
- if (has_network_configurations) {
- VLOG(2) << "ONC file has " << network_configs->GetSize() << " networks";
- for (base::ListValue::const_iterator it(network_configs->begin());
- it != network_configs->end(); ++it) {
- const base::DictionaryValue* network;
- (*it)->GetAsDictionary(&network);
-
- bool marked_for_removal = false;
- network->GetBooleanWithoutPathExpansion(onc::kRemove,
- &marked_for_removal);
-
- std::string type;
- network->GetStringWithoutPathExpansion(onc::network_config::kType, &type);
-
- std::string guid;
- network->GetStringWithoutPathExpansion(onc::network_config::kGUID, &guid);
-
- if (source == onc::ONC_SOURCE_USER_IMPORT && marked_for_removal) {
- // User import supports the removal of networks by ID.
- removal_ids.insert(guid);
- continue;
- }
+ // Don't configure a network that is supposed to be removed. For
+ // policy-managed networks, the "remove" functionality of ONC is
+ // irrelevant. Instead, in general, all previously configured networks
+ // that are no longer configured are removed.
+ if (marked_for_removal)
+ continue;
- // Don't configure a network that is supposed to be removed. For
- // policy-managed networks, the "remove" functionality of ONC is
- // irrelevant. Instead, in general, all previously configured networks
- // that are no longer configured are removed.
- if (marked_for_removal)
- continue;
-
- // Expand strings like LoginID
- base::DictionaryValue* expanded_network = network->DeepCopy();
- UserStringSubstitution substitution;
- onc::ExpandStringsInOncObject(onc::kNetworkConfigurationSignature,
- substitution,
- expanded_network);
-
- // Update the ONC map.
- const base::DictionaryValue*& entry = network_onc_map_[guid];
- delete entry;
- entry = expanded_network;
-
- // Normalize the ONC: Remove irrelevant fields.
- onc::Normalizer normalizer(true /* remove recommended fields */);
- scoped_ptr<base::DictionaryValue> normalized_network =
- normalizer.NormalizeObject(&onc::kNetworkConfigurationSignature,
- *expanded_network);
-
- // Configure the network.
- scoped_ptr<base::DictionaryValue> shill_dict =
- onc::TranslateONCObjectToShill(&onc::kNetworkConfigurationSignature,
- *normalized_network);
-
- // Set the ProxyConfig.
- const base::DictionaryValue* proxy_settings;
- if (normalized_network->GetDictionaryWithoutPathExpansion(
- onc::network_config::kProxySettings,
- &proxy_settings)) {
- scoped_ptr<base::DictionaryValue> proxy_config =
- onc::ConvertOncProxySettingsToProxyConfig(*proxy_settings);
- std::string proxy_json;
- base::JSONWriter::Write(proxy_config.get(), &proxy_json);
- shill_dict->SetStringWithoutPathExpansion(
- flimflam::kProxyConfigProperty,
- proxy_json);
- }
+ // Expand strings like LoginID
+ base::DictionaryValue* expanded_network = network->DeepCopy();
+ UserStringSubstitution substitution;
+ onc::ExpandStringsInOncObject(onc::kNetworkConfigurationSignature,
+ substitution,
+ expanded_network);
+
+ // Update the ONC map.
+ const base::DictionaryValue*& entry = network_onc_map_[guid];
+ delete entry;
+ entry = expanded_network;
+
+ // Normalize the ONC: Remove irrelevant fields.
+ onc::Normalizer normalizer(true /* remove recommended fields */);
+ scoped_ptr<base::DictionaryValue> normalized_network =
+ normalizer.NormalizeObject(&onc::kNetworkConfigurationSignature,
+ *expanded_network);
+
+ // Configure the network.
+ scoped_ptr<base::DictionaryValue> shill_dict =
+ onc::TranslateONCObjectToShill(&onc::kNetworkConfigurationSignature,
+ *normalized_network);
+
+ // Set the ProxyConfig.
+ const base::DictionaryValue* proxy_settings;
+ if (normalized_network->GetDictionaryWithoutPathExpansion(
+ onc::network_config::kProxySettings,
+ &proxy_settings)) {
+ scoped_ptr<base::DictionaryValue> proxy_config =
+ onc::ConvertOncProxySettingsToProxyConfig(*proxy_settings);
+ std::string proxy_json;
+ base::JSONWriter::Write(proxy_config.get(), &proxy_json);
+ shill_dict->SetStringWithoutPathExpansion(
+ flimflam::kProxyConfigProperty,
+ proxy_json);
+ }
- // Set the UIData.
- scoped_ptr<NetworkUIData> ui_data =
- chromeos::CreateUIDataFromONC(source, *normalized_network);
- base::DictionaryValue ui_data_dict;
- ui_data->FillDictionary(&ui_data_dict);
- std::string ui_data_json;
- base::JSONWriter::Write(&ui_data_dict, &ui_data_json);
- shill_dict->SetStringWithoutPathExpansion(flimflam::kUIDataProperty,
- ui_data_json);
-
- // Set the appropriate profile for |source|.
- if (profile != NULL) {
- shill_dict->SetStringWithoutPathExpansion(flimflam::kProfileProperty,
- profile->path);
- }
+ // Set the UIData.
+ scoped_ptr<NetworkUIData> ui_data =
+ chromeos::CreateUIDataFromONC(source, *normalized_network);
+ base::DictionaryValue ui_data_dict;
+ ui_data->FillDictionary(&ui_data_dict);
+ std::string ui_data_json;
+ base::JSONWriter::Write(&ui_data_dict, &ui_data_json);
+ shill_dict->SetStringWithoutPathExpansion(flimflam::kUIDataProperty,
+ ui_data_json);
+
+ // Set the appropriate profile for |source|.
+ if (profile != NULL) {
+ shill_dict->SetStringWithoutPathExpansion(flimflam::kProfileProperty,
+ profile->path);
+ }
- // For Ethernet networks, apply them to the current Ethernet service.
- if (type == onc::network_type::kEthernet) {
- const EthernetNetwork* ethernet = ethernet_network();
- if (ethernet) {
- CallConfigureService(ethernet->unique_id(), shill_dict.get());
- } else {
- LOG(WARNING) << "Tried to import ONC with an Ethernet network when "
- << "there is no active Ethernet connection.";
- }
+ // For Ethernet networks, apply them to the current Ethernet service.
+ if (type == onc::network_type::kEthernet) {
+ const EthernetNetwork* ethernet = ethernet_network();
+ if (ethernet) {
+ CallConfigureService(ethernet->unique_id(), shill_dict.get());
} else {
- CallConfigureService(guid, shill_dict.get());
+ LOG(WARNING) << "Tried to import ONC with an Ethernet network when "
+ << "there is no active Ethernet connection.";
}
-
- // Store the network's identifier. The identifiers are later used to clean
- // out any previously-existing networks that had been configured through
- // policy but are no longer specified in the updated ONC blob.
- network_ids.insert(guid);
+ } else {
+ CallConfigureService(guid, shill_dict.get());
}
+
+ // Store the network's identifier. The identifiers are later used to clean
+ // out any previously-existing networks that had been configured through
+ // policy but are no longer specified in the updated ONC blob.
+ network_ids.insert(guid);
}
if (from_policy) {
@@ -1279,8 +1194,6 @@ bool NetworkLibraryImplBase::LoadOncNetworks(
} else if (source == onc::ONC_SOURCE_USER_IMPORT && !removal_ids.empty()) {
ForgetNetworksById(source, removal_ids, true);
}
-
- return success;
}
////////////////////////////////////////////////////////////////////////////
« no previous file with comments | « chrome/browser/chromeos/cros/network_library_impl_base.h ('k') | chrome/browser/chromeos/cros/network_library_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698