Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(137)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chromeos/network/onc/onc_validator.cc

Issue 2828713002: Enable client certificate patterns in device ONC policy (Closed)
Patch Set: Addressed comments - more DCHECKs, use PostTask..WithReply in client_cert_resolver.cc. Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chromeos/network/onc/onc_validator.h ('k') | chromeos/network/onc/onc_validator_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chromeos/network/onc/onc_validator.h" 5 #include "chromeos/network/onc/onc_validator.h"
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include <algorithm> 10 #include <algorithm>
(...skipping 283 matching lines...) Expand 10 before | Expand all | Expand 10 after
294 const char* const kValidCertTypes[] = {kRef, kPattern}; 294 const char* const kValidCertTypes[] = {kRef, kPattern};
295 std::vector<const char*> valid_cert_types(toVector(kValidCertTypes)); 295 std::vector<const char*> valid_cert_types(toVector(kValidCertTypes));
296 if (allow_cert_type_none) 296 if (allow_cert_type_none)
297 valid_cert_types.push_back(kClientCertTypeNone); 297 valid_cert_types.push_back(kClientCertTypeNone);
298 if (FieldExistsAndHasNoValidValue(*result, kClientCertType, valid_cert_types)) 298 if (FieldExistsAndHasNoValidValue(*result, kClientCertType, valid_cert_types))
299 return false; 299 return false;
300 300
301 std::string cert_type; 301 std::string cert_type;
302 result->GetStringWithoutPathExpansion(kClientCertType, &cert_type); 302 result->GetStringWithoutPathExpansion(kClientCertType, &cert_type);
303 303
304 if (IsCertPatternInDevicePolicy(cert_type))
305 return false;
306
307 bool all_required_exist = true; 304 bool all_required_exist = true;
308 305
309 if (cert_type == kPattern) 306 if (cert_type == kPattern)
310 all_required_exist &= RequireField(*result, kClientCertPattern); 307 all_required_exist &= RequireField(*result, kClientCertPattern);
311 else if (cert_type == kRef) 308 else if (cert_type == kRef)
312 all_required_exist &= RequireField(*result, kClientCertRef); 309 all_required_exist &= RequireField(*result, kClientCertRef);
313 310
314 return !error_on_missing_field_ || all_required_exist; 311 return !error_on_missing_field_ || all_required_exist;
315 } 312 }
316 313
(...skipping 184 matching lines...) Expand 10 before | Expand all | Expand 10 after
501 if (guids->count(guid) != 0) { 498 if (guids->count(guid) != 0) {
502 error_or_warning_found_ = true; 499 error_or_warning_found_ = true;
503 LOG(ERROR) << MessageHeader() << "Found a duplicate GUID " << guid << "."; 500 LOG(ERROR) << MessageHeader() << "Found a duplicate GUID " << guid << ".";
504 return false; 501 return false;
505 } 502 }
506 guids->insert(guid); 503 guids->insert(guid);
507 } 504 }
508 return true; 505 return true;
509 } 506 }
510 507
511 bool Validator::IsCertPatternInDevicePolicy(const std::string& cert_type) {
512 if (cert_type == ::onc::client_cert::kPattern &&
513 onc_source_ == ::onc::ONC_SOURCE_DEVICE_POLICY) {
514 error_or_warning_found_ = true;
515 LOG(ERROR) << MessageHeader() << "Client certificate patterns are "
516 << "prohibited in ONC device policies.";
517 return true;
518 }
519 return false;
520 }
521
522 bool Validator::IsGlobalNetworkConfigInUserImport( 508 bool Validator::IsGlobalNetworkConfigInUserImport(
523 const base::DictionaryValue& onc_object) { 509 const base::DictionaryValue& onc_object) {
524 if (onc_source_ == ::onc::ONC_SOURCE_USER_IMPORT && 510 if (onc_source_ == ::onc::ONC_SOURCE_USER_IMPORT &&
525 onc_object.HasKey(::onc::toplevel_config::kGlobalNetworkConfiguration)) { 511 onc_object.HasKey(::onc::toplevel_config::kGlobalNetworkConfiguration)) {
526 error_or_warning_found_ = true; 512 error_or_warning_found_ = true;
527 LOG(ERROR) << MessageHeader() << "GlobalNetworkConfiguration is prohibited " 513 LOG(ERROR) << MessageHeader() << "GlobalNetworkConfiguration is prohibited "
528 << "in ONC user imports"; 514 << "in ONC user imports";
529 return true; 515 return true;
530 } 516 }
531 return false; 517 return false;
(...skipping 521 matching lines...) Expand 10 before | Expand all | Expand 10 after
1053 } 1039 }
1054 1040
1055 std::string Validator::MessageHeader() { 1041 std::string Validator::MessageHeader() {
1056 std::string path = path_.empty() ? "toplevel" : base::JoinString(path_, "."); 1042 std::string path = path_.empty() ? "toplevel" : base::JoinString(path_, ".");
1057 std::string message = "At " + path + ": "; 1043 std::string message = "At " + path + ": ";
1058 return message; 1044 return message;
1059 } 1045 }
1060 1046
1061 } // namespace onc 1047 } // namespace onc
1062 } // namespace chromeos 1048 } // namespace chromeos
OLDNEW
« no previous file with comments | « chromeos/network/onc/onc_validator.h ('k') | chromeos/network/onc/onc_validator_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698