Chromium Code Reviews Chromium Code Reviews
Issue 14192017:
Extract certificate policy application from NetworkLibrary. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chromeos/network/onc/onc_utils.cc |
| diff --git a/chromeos/network/onc/onc_utils.cc b/chromeos/network/onc/onc_utils.cc |
| index c14a2a08990a080e540c79aecce03616303f39fa..46c04ecc7edeb8059d42dd358bd068e0eedf42c9 100644 |
| --- a/chromeos/network/onc/onc_utils.cc |
| +++ b/chromeos/network/onc/onc_utils.cc |
| @@ -7,11 +7,14 @@ |
| #include "base/base64.h" |
| #include "base/json/json_reader.h" |
| #include "base/logging.h" |
| +#include "base/metrics/histogram.h" |
| #include "base/string_util.h" |
| #include "base/values.h" |
| #include "chromeos/network/network_event_log.h" |
| #include "chromeos/network/onc/onc_mapper.h" |
| #include "chromeos/network/onc/onc_signature.h" |
| +#include "chromeos/network/onc/onc_utils.h" |
| +#include "chromeos/network/onc/onc_validator.h" |
| #include "crypto/encryptor.h" |
| #include "crypto/hmac.h" |
| #include "crypto/symmetric_key.h" |
| @@ -255,12 +258,103 @@ class OncMaskValues : public onc::Mapper { |
| } // namespace |
| -CHROMEOS_EXPORT scoped_ptr<base::DictionaryValue> MaskCredentialsInOncObject( |
| +scoped_ptr<base::DictionaryValue> MaskCredentialsInOncObject( |
| const onc::OncValueSignature& signature, |
| const base::DictionaryValue& onc_object, |
| const std::string& mask) { |
| return OncMaskValues::Mask(signature, onc_object, mask); |
| } |
| +bool ParseAndValidateOncForImport( |
| + const std::string& onc_blob, |
| + chromeos::onc::ONCSource onc_source, |
| + const std::string& passphrase, |
| + scoped_ptr<base::ListValue>* network_configs, |
| + scoped_ptr<base::ListValue>* certificates) { |
| + if (onc_blob.empty()) { |
| + network_configs->reset(new base::ListValue); |
|
stevenjb
2013/04/22 16:53:41
Could be network_configs->Clear()
pneubeck (no reviews)
2013/04/23 18:05:25
Done.
|
| + certificates->reset(new base::ListValue); |
| + return true; |
| + } |
| + |
| + scoped_ptr<base::DictionaryValue> toplevel_onc = |
| + onc::ReadDictionaryFromJson(onc_blob); |
| + if (toplevel_onc.get() == NULL) { |
| + LOG(ERROR) << "ONC loaded from " << onc::GetSourceAsString(onc_source) |
| + << " is not a valid JSON dictionary."; |
| + return false; |
| + } |
| + |
| + // Check and see if this is an encrypted ONC file. If so, decrypt it. |
| + std::string onc_type; |
| + toplevel_onc->GetStringWithoutPathExpansion(onc::toplevel_config::kType, |
| + &onc_type); |
| + if (onc_type == onc::toplevel_config::kEncryptedConfiguration) { |
| + toplevel_onc = onc::Decrypt(passphrase, *toplevel_onc); |
| + if (toplevel_onc.get() == NULL) { |
| + LOG(ERROR) << "Couldn't decrypt the ONC from " |
| + << onc::GetSourceAsString(onc_source); |
| + return false; |
| + } |
| + } |
| + |
| + bool from_policy = (onc_source == onc::ONC_SOURCE_USER_POLICY || |
| + onc_source == onc::ONC_SOURCE_DEVICE_POLICY); |
| + |
| + // Validate the ONC dictionary. We are liberal and ignore unknown field |
| + // names and ignore invalid field names in kRecommended arrays. |
| + onc::Validator validator(false, // Ignore unknown fields. |
| + false, // Ignore invalid recommended field names. |
| + true, // Fail on missing fields. |
|
stevenjb
2013/04/22 16:53:41
nit: align comments
pneubeck (no reviews)
2013/04/23 18:05:25
Done.
|
| + from_policy); |
| + validator.SetOncSource(onc_source); |
| + |
| + onc::Validator::Result validation_result; |
| + toplevel_onc = validator.ValidateAndRepairObject( |
| + &onc::kToplevelConfigurationSignature, |
| + *toplevel_onc, |
| + &validation_result); |
| + |
| + if (from_policy) { |
| + UMA_HISTOGRAM_BOOLEAN("Enterprise.ONC.PolicyValidation", |
| + validation_result == onc::Validator::VALID); |
| + } |
| + |
| + bool success = true; |
| + if (validation_result == onc::Validator::VALID_WITH_WARNINGS) { |
| + LOG(WARNING) << "ONC from " << onc::GetSourceAsString(onc_source) |
| + << " produced warnings."; |
| + success = false; |
| + } else if (validation_result == onc::Validator::INVALID || |
| + toplevel_onc == NULL) { |
| + LOG(ERROR) << "ONC from " << onc::GetSourceAsString(onc_source) |
| + << " is invalid and couldn't be repaired."; |
| + return false; |
| + } |
| + |
| + base::Value* certificates_value = NULL; |
| + if (toplevel_onc->RemoveWithoutPathExpansion( |
| + onc::toplevel_config::kCertificates, &certificates_value)) { |
| + base::ListValue* certificates_listvalue = NULL; |
| + certificates_value->GetAsList(&certificates_listvalue); |
| + certificates->reset(certificates_listvalue); |
| + } else { |
| + certificates->reset(new base::ListValue); |
| + } |
| + |
| + base::Value* network_configs_value = NULL; |
| + if (toplevel_onc->RemoveWithoutPathExpansion( |
| + onc::toplevel_config::kNetworkConfigurations, |
| + &network_configs_value)) { |
| + base::ListValue* network_configs_listvalue = NULL; |
| + network_configs_value->GetAsList(&network_configs_listvalue); |
| + network_configs->reset(network_configs_listvalue); |
|
stevenjb
2013/04/22 16:53:41
Could be network_configs->Swap()
pneubeck (no reviews)
2013/04/23 18:05:25
Done.
|
| + } else { |
| + network_configs->reset(new base::ListValue); |
| + } |
| + |
| + return success; |
| +} |
| + |
| } // namespace onc |
| } // namespace chromeos |
