| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/onc/onc_validator.h" | 5 #include "chromeos/network/onc/onc_validator.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/json/json_writer.h" | 10 #include "base/json/json_writer.h" |
| (...skipping 562 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 573 allRequiredExist &= RequireField(*result, kIPsec) & | 573 allRequiredExist &= RequireField(*result, kIPsec) & |
| 574 RequireField(*result, kL2TP); | 574 RequireField(*result, kL2TP); |
| 575 } | 575 } |
| 576 | 576 |
| 577 return !error_on_missing_field_ || allRequiredExist; | 577 return !error_on_missing_field_ || allRequiredExist; |
| 578 } | 578 } |
| 579 | 579 |
| 580 bool Validator::ValidateIPsec( | 580 bool Validator::ValidateIPsec( |
| 581 const base::DictionaryValue& onc_object, | 581 const base::DictionaryValue& onc_object, |
| 582 base::DictionaryValue* result) { | 582 base::DictionaryValue* result) { |
| 583 using namespace onc::vpn; | 583 using namespace onc::ipsec; |
| 584 using namespace onc::certificate; | 584 using namespace onc::certificate; |
| 585 | 585 |
| 586 static const char* kValidAuthentications[] = { kPSK, kCert, NULL }; | 586 static const char* kValidAuthentications[] = { kPSK, kCert, NULL }; |
| 587 static const char* kValidCertTypes[] = { kRef, kPattern, NULL }; | 587 static const char* kValidCertTypes[] = { kRef, kPattern, NULL }; |
| 588 // Using strict bit-wise OR to check all conditions. | 588 // Using strict bit-wise OR to check all conditions. |
| 589 if (FieldExistsAndHasNoValidValue(*result, kAuthenticationType, | 589 if (FieldExistsAndHasNoValidValue(*result, kAuthenticationType, |
| 590 kValidAuthentications) | | 590 kValidAuthentications) | |
| 591 FieldExistsAndHasNoValidValue(*result, kClientCertType, | 591 FieldExistsAndHasNoValidValue(*result, vpn::kClientCertType, |
| 592 kValidCertTypes)) { | 592 kValidCertTypes)) { |
| 593 return false; | 593 return false; |
| 594 } | 594 } |
| 595 | 595 |
| 596 bool allRequiredExist = RequireField(*result, kAuthenticationType) & | 596 bool allRequiredExist = RequireField(*result, kAuthenticationType) & |
| 597 RequireField(*result, kIKEVersion); | 597 RequireField(*result, kIKEVersion); |
| 598 std::string auth; | 598 std::string auth; |
| 599 result->GetStringWithoutPathExpansion(kAuthenticationType, &auth); | 599 result->GetStringWithoutPathExpansion(kAuthenticationType, &auth); |
| 600 if (auth == kCert) { | 600 if (auth == kCert) { |
| 601 allRequiredExist &= RequireField(*result, kClientCertType) & | 601 allRequiredExist &= RequireField(*result, vpn::kClientCertType) & |
| 602 RequireField(*result, kServerCARef); | 602 RequireField(*result, kServerCARef); |
| 603 } | 603 } |
| 604 std::string cert_type; | 604 std::string cert_type; |
| 605 result->GetStringWithoutPathExpansion(kClientCertType, &cert_type); | 605 result->GetStringWithoutPathExpansion(vpn::kClientCertType, &cert_type); |
| 606 | 606 |
| 607 if (CertPatternInDevicePolicy(cert_type)) | 607 if (CertPatternInDevicePolicy(cert_type)) |
| 608 return false; | 608 return false; |
| 609 | 609 |
| 610 if (cert_type == kPattern) | 610 if (cert_type == kPattern) |
| 611 allRequiredExist &= RequireField(*result, kClientCertPattern); | 611 allRequiredExist &= RequireField(*result, vpn::kClientCertPattern); |
| 612 else if (cert_type == kRef) | 612 else if (cert_type == kRef) |
| 613 allRequiredExist &= RequireField(*result, kClientCertRef); | 613 allRequiredExist &= RequireField(*result, vpn::kClientCertRef); |
| 614 | 614 |
| 615 return !error_on_missing_field_ || allRequiredExist; | 615 return !error_on_missing_field_ || allRequiredExist; |
| 616 } | 616 } |
| 617 | 617 |
| 618 bool Validator::ValidateOpenVPN( | 618 bool Validator::ValidateOpenVPN( |
| 619 const base::DictionaryValue& onc_object, | 619 const base::DictionaryValue& onc_object, |
| 620 base::DictionaryValue* result) { | 620 base::DictionaryValue* result) { |
| 621 using namespace onc::vpn; | 621 using namespace onc::vpn; |
| 622 using namespace onc::openvpn; | 622 using namespace onc::openvpn; |
| 623 using namespace onc::certificate; | 623 using namespace onc::certificate; |
| 624 | 624 |
| 625 static const char* kValidAuthRetryValues[] = | 625 static const char* kValidAuthRetryValues[] = |
| 626 { openvpn::kNone, kInteract, kNoInteract, NULL }; | 626 { openvpn::kNone, kInteract, kNoInteract, NULL }; |
| 627 static const char* kValidCertTypes[] = | 627 static const char* kValidCertTypes[] = |
| 628 { certificate::kNone, kRef, kPattern, NULL }; | 628 { certificate::kNone, kRef, kPattern, NULL }; |
| 629 static const char* kValidCertTlsValues[] = | 629 static const char* kValidCertTlsValues[] = |
| 630 { openvpn::kNone, openvpn::kServer, NULL }; | 630 { openvpn::kNone, openvpn::kServer, NULL }; |
| 631 | 631 |
| 632 // Using strict bit-wise OR to check all conditions. | 632 // Using strict bit-wise OR to check all conditions. |
| 633 if (FieldExistsAndHasNoValidValue(*result, kAuthRetry, | 633 if (FieldExistsAndHasNoValidValue(*result, kAuthRetry, |
| 634 kValidAuthRetryValues) | | 634 kValidAuthRetryValues) | |
| 635 FieldExistsAndHasNoValidValue(*result, kClientCertType, kValidCertTypes) | | 635 FieldExistsAndHasNoValidValue(*result, vpn::kClientCertType, |
| 636 kValidCertTypes) | |
| 636 FieldExistsAndHasNoValidValue(*result, kRemoteCertTLS, | 637 FieldExistsAndHasNoValidValue(*result, kRemoteCertTLS, |
| 637 kValidCertTlsValues)) { | 638 kValidCertTlsValues)) { |
| 638 return false; | 639 return false; |
| 639 } | 640 } |
| 640 | 641 |
| 641 bool allRequiredExist = RequireField(*result, kClientCertType); | 642 bool allRequiredExist = RequireField(*result, kClientCertType); |
| 642 std::string cert_type; | 643 std::string cert_type; |
| 643 result->GetStringWithoutPathExpansion(kClientCertType, &cert_type); | 644 result->GetStringWithoutPathExpansion(kClientCertType, &cert_type); |
| 644 | 645 |
| 645 if (CertPatternInDevicePolicy(cert_type)) | 646 if (CertPatternInDevicePolicy(cert_type)) |
| 646 return false; | 647 return false; |
| 647 | 648 |
| 648 if (cert_type == kPattern) | 649 if (cert_type == kPattern) |
| 649 allRequiredExist &= RequireField(*result, kClientCertPattern); | 650 allRequiredExist &= RequireField(*result, vpn::kClientCertPattern); |
| 650 else if (cert_type == kRef) | 651 else if (cert_type == kRef) |
| 651 allRequiredExist &= RequireField(*result, kClientCertRef); | 652 allRequiredExist &= RequireField(*result, vpn::kClientCertRef); |
| 652 | 653 |
| 653 return !error_on_missing_field_ || allRequiredExist; | 654 return !error_on_missing_field_ || allRequiredExist; |
| 654 } | 655 } |
| 655 | 656 |
| 656 bool Validator::ValidateCertificatePattern( | 657 bool Validator::ValidateCertificatePattern( |
| 657 const base::DictionaryValue& onc_object, | 658 const base::DictionaryValue& onc_object, |
| 658 base::DictionaryValue* result) { | 659 base::DictionaryValue* result) { |
| 659 using namespace onc::certificate; | 660 using namespace onc::certificate; |
| 660 | 661 |
| 661 bool allRequiredExist = true; | 662 bool allRequiredExist = true; |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 777 } | 778 } |
| 778 | 779 |
| 779 std::string Validator::MessageHeader() { | 780 std::string Validator::MessageHeader() { |
| 780 std::string path = path_.empty() ? "toplevel" : JoinString(path_, "."); | 781 std::string path = path_.empty() ? "toplevel" : JoinString(path_, "."); |
| 781 std::string message = "At " + path + ": "; | 782 std::string message = "At " + path + ": "; |
| 782 return message; | 783 return message; |
| 783 } | 784 } |
| 784 | 785 |
| 785 } // namespace onc | 786 } // namespace onc |
| 786 } // namespace chromeos | 787 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 16946002:
Resolve certificate references in ONC by PEM. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src