Resolve certificate references in ONC by PEM.

chromeos/network/onc/onc_translator_onc_to_shill.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // The implementation of TranslateONCObjectToShill is structured in two parts:
 // - The recursion through the existing ONC hierarchy
 //     see TranslateONCHierarchy
 // - The local translation of an object depending on the associated signature
 //     see LocalTranslator::TranslateFields
 
@@ skipping 22 matching lines @@
   return make_scoped_ptr(base::Value::CreateStringValue(str));
 }
 
 // This class is responsible to translate the local fields of the given
 // |onc_object| according to |onc_signature| into |shill_dictionary|. This
 // translation should consider (if possible) only fields of this ONC object and
 // not nested objects because recursion is handled by the calling function
 // TranslateONCHierarchy.
 class LocalTranslator {
  public:
-  LocalTranslator(const OncValueSignature& onc_signature,
-                  const base::DictionaryValue& onc_object,
-                  base::DictionaryValue* shill_dictionary)
+  LocalTranslator(
+      const OncValueSignature& onc_signature,
+      const base::DictionaryValue& onc_object,
+      base::DictionaryValue* shill_dictionary,
+      const base::Callback<std::string(const std::string&)>& fingerprint_to_pem)
       : onc_signature_(&onc_signature),
         onc_object_(&onc_object),
-        shill_dictionary_(shill_dictionary) {
+        shill_dictionary_(shill_dictionary),
+        fingerprint_to_pem_(fingerprint_to_pem) {
     field_translation_table_ = GetFieldTranslationTable(onc_signature);
   }
 
   void TranslateFields();
 
  private:
   void TranslateOpenVPN();
+  void TranslateIPsec();
   void TranslateVPN();
   void TranslateWiFi();
   void TranslateEAP();
   void TranslateNetworkConfiguration();
 
   // Copies all entries from |onc_object_| to |shill_dictionary_| for which a
   // translation (shill_property_name) is defined by |onc_signature_|.
   void CopyFieldsAccordingToSignature();
 
   // Adds |value| to |shill_dictionary| at the field shill_property_name given
   // by the associated signature. Takes ownership of |value|. Does nothing if
   // |value| is NULL or the property name cannot be read from the signature.
   void AddValueAccordingToSignature(const std::string& onc_field_name,
                                     scoped_ptr<base::Value> value);
 
   // If existent, translates the entry at |onc_field_name| in |onc_object_|
   // using |table|. It is an error if no matching table entry is found. Writes
   // the result as entry at |shill_property_name| in |shill_dictionary_|.
   void TranslateWithTableAndSet(const std::string& onc_field_name,
                                 const StringTranslationEntry table[],
                                 const std::string& shill_property_name);
 
   const OncValueSignature* onc_signature_;
   const FieldTranslationEntry* field_translation_table_;
   const base::DictionaryValue* onc_object_;
   base::DictionaryValue* shill_dictionary_;
+  base::Callback<std::string(const std::string&)> fingerprint_to_pem_;
 
   DISALLOW_COPY_AND_ASSIGN(LocalTranslator);
 };
 
 void LocalTranslator::TranslateFields() {
   if (onc_signature_ == &kNetworkConfigurationSignature)
     TranslateNetworkConfiguration();
   else if (onc_signature_ == &kVPNSignature)
     TranslateVPN();
   else if (onc_signature_ == &kOpenVPNSignature)
     TranslateOpenVPN();
+  else if (onc_signature_ == &kIPsecSignature)
+    TranslateIPsec();
   else if (onc_signature_ == &kWiFiSignature)
     TranslateWiFi();
   else if (onc_signature_ == &kEAPSignature)
     TranslateEAP();
   else
     CopyFieldsAccordingToSignature();
 }
 
 void LocalTranslator::TranslateOpenVPN() {
   // Shill supports only one RemoteCertKU but ONC a list.
   // Copy only the first entry if existing.
-  const base::ListValue* certKUs = NULL;
-  std::string certKU;
-  if (onc_object_->GetListWithoutPathExpansion(vpn::kRemoteCertKU, &certKUs) &&
-      certKUs->GetString(0, &certKU)) {
+  const base::ListValue* cert_kus = NULL;
+  std::string cert_ku;
+  if (onc_object_->GetListWithoutPathExpansion(vpn::kRemoteCertKU, &cert_kus) &&
+      cert_kus->GetString(0, &cert_ku)) {
     shill_dictionary_->SetStringWithoutPathExpansion(
-        flimflam::kOpenVPNRemoteCertKUProperty, certKU);
+        flimflam::kOpenVPNRemoteCertKUProperty, cert_ku);
+  }
+
+  std::string ca_cert_fingerprint;
+  if (onc_object_->GetStringWithoutPathExpansion(vpn::kServerCAFingerprint,
+                                                 &ca_cert_fingerprint)) {
+    std::string ca_cert_pem = fingerprint_to_pem_.Run(ca_cert_fingerprint);
+    if (!ca_cert_pem.empty()) {
+      shill_dictionary_->SetStringWithoutPathExpansion(
+          shill::kOpenVPNCaCertPemProperty, ca_cert_pem);
+    }
   }
 
   for (base::DictionaryValue::Iterator it(*onc_object_); !it.IsAtEnd();
        it.Advance()) {
     scoped_ptr<base::Value> translated;
     if (it.key() == vpn::kSaveCredentials || it.key() == vpn::kRemoteCertKU) {
       translated.reset(it.value().DeepCopy());
     } else {
       // Shill wants all Provider/VPN fields to be strings.
       translated = ConvertValueToString(it.value());
     }
     AddValueAccordingToSignature(it.key(), translated.Pass());
   }
 }
 
+void LocalTranslator::TranslateIPsec() {
+  std::string ca_cert_fingerprint;
+  if (onc_object_->GetStringWithoutPathExpansion(vpn::kServerCAFingerprint,
+                                                 &ca_cert_fingerprint)) {
+    std::string ca_cert_pem = fingerprint_to_pem_.Run(ca_cert_fingerprint);
+    if (!ca_cert_pem.empty()) {
+      shill_dictionary_->SetStringWithoutPathExpansion(
+          shill::kL2tpIpsecCaCertPemProperty, ca_cert_pem);
+    }
+  }
+  CopyFieldsAccordingToSignature();
+}
+
 void LocalTranslator::TranslateVPN() {
   std::string type;
   onc_object_->GetStringWithoutPathExpansion(vpn::kType, &type);
   TranslateWithTableAndSet(type, kVPNTypeTable,
                            flimflam::kProviderTypeProperty);
 
   CopyFieldsAccordingToSignature();
 }
 
 void LocalTranslator::TranslateWiFi() {
@@ skipping 20 matching lines @@
     // ONC's Inner == "Automatic" translates to omitting the Phase2 property in
     // Shill.
     onc_object_->GetStringWithoutPathExpansion(eap::kInner, &inner);
     if (inner != eap::kAutomatic) {
       const StringTranslationEntry* table =
           outer == eap::kPEAP ? kEAP_PEAP_InnerTable : kEAP_TTLS_InnerTable;
       TranslateWithTableAndSet(inner, table, flimflam::kEapPhase2AuthProperty);
     }
   }
 
+  std::string ca_cert_fingerprint;
+  if (onc_object_->GetStringWithoutPathExpansion(eap::kServerCAFingerprint,
+                                                 &ca_cert_fingerprint)) {
+    std::string ca_cert_pem = fingerprint_to_pem_.Run(ca_cert_fingerprint);
+    if (!ca_cert_pem.empty()) {
+      shill_dictionary_->SetStringWithoutPathExpansion(
+          shill::kEapCaCertPemProperty, ca_cert_pem);
+    }
+  }
+
   CopyFieldsAccordingToSignature();
 }
 
 void LocalTranslator::TranslateNetworkConfiguration() {
   std::string type;
   onc_object_->GetStringWithoutPathExpansion(network_config::kType, &type);
   TranslateWithTableAndSet(type, kNetworkTypeTable, flimflam::kTypeProperty);
 
   // Shill doesn't allow setting the name for non-VPN networks.
   if (type == network_type::kVPN) {
@@ skipping 44 matching lines @@
   // occurs, we should check here. Otherwise the failure will only show up much
   // later in Shill.
   LOG(ERROR) << "Value '" << onc_value
              << "' cannot be translated to Shill property "
              << shill_property_name;
 }
 
 // Iterates recursively over |onc_object| and its |signature|. At each object
 // applies the local translation using LocalTranslator::TranslateFields. The
 // results are written to |shill_dictionary|.
-void TranslateONCHierarchy(const OncValueSignature& signature,
-                           const base::DictionaryValue& onc_object,
-                           base::DictionaryValue* shill_dictionary) {
+void TranslateONCHierarchy(
+    const OncValueSignature& signature,
+    const base::DictionaryValue& onc_object,
+    const base::Callback<std::string(const std::string&)>& fingerprint_to_pem,
+    base::DictionaryValue* shill_dictionary) {
   // Translates fields of |onc_object| and writes them to |shill_dictionary_|.
-  LocalTranslator translator(signature, onc_object, shill_dictionary);
+  LocalTranslator translator(signature, onc_object, shill_dictionary,
+                             fingerprint_to_pem);
   translator.TranslateFields();
 
   // Recurse into nested objects.
   for (base::DictionaryValue::Iterator it(onc_object); !it.IsAtEnd();
        it.Advance()) {
     const base::DictionaryValue* inner_object = NULL;
     if (!it.value().GetAsDictionary(&inner_object))
       continue;
 
     const OncFieldSignature* field_signature =
         GetFieldSignature(signature, it.key());
 
     TranslateONCHierarchy(*field_signature->value_signature, *inner_object,
-                          shill_dictionary);
+                          fingerprint_to_pem, shill_dictionary);
   }
 }
 
 }  // namespace
 
 scoped_ptr<base::DictionaryValue> TranslateONCObjectToShill(
     const OncValueSignature* onc_signature,
-    const base::DictionaryValue& onc_object) {
+    const base::DictionaryValue& onc_object,
+    const base::Callback<std::string(const std::string&)>& fingerprint_to_pem) {
   CHECK(onc_signature != NULL);
   scoped_ptr<base::DictionaryValue> shill_dictionary(new base::DictionaryValue);
-  TranslateONCHierarchy(*onc_signature, onc_object, shill_dictionary.get());
+  TranslateONCHierarchy(*onc_signature, onc_object, fingerprint_to_pem,
+                        shill_dictionary.get());
   return shill_dictionary.Pass();
 }
 
 }  // namespace onc
 }  // namespace chromeos