| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/onc/onc_validator.h" | 5 #include "chromeos/network/onc/onc_validator.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/json/json_writer.h" | 10 #include "base/json/json_writer.h" |
| (...skipping 272 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 283 } | 283 } |
| 284 } | 284 } |
| 285 | 285 |
| 286 repaired_recommended->Append((*it)->DeepCopy()); | 286 repaired_recommended->Append((*it)->DeepCopy()); |
| 287 } | 287 } |
| 288 | 288 |
| 289 result->Set(::onc::kRecommended, repaired_recommended.release()); | 289 result->Set(::onc::kRecommended, repaired_recommended.release()); |
| 290 return true; | 290 return true; |
| 291 } | 291 } |
| 292 | 292 |
| 293 bool Validator::ValidateClientCertFields(base::DictionaryValue* result, |
| 294 bool allow_cert_type_none) { |
| 295 using namespace ::onc::client_cert; |
| 296 const char* const kValidCertTypes[] = {kRef, kPattern}; |
| 297 std::vector<const char*> valid_cert_types(toVector(kValidCertTypes)); |
| 298 if (allow_cert_type_none) |
| 299 valid_cert_types.push_back(kNone); |
| 300 if (FieldExistsAndHasNoValidValue(*result, kClientCertType, valid_cert_types)) |
| 301 return false; |
| 302 |
| 303 std::string cert_type; |
| 304 result->GetStringWithoutPathExpansion(kClientCertType, &cert_type); |
| 305 |
| 306 if (IsCertPatternInDevicePolicy(cert_type)) |
| 307 return false; |
| 308 |
| 309 bool all_required_exist = true; |
| 310 |
| 311 if (cert_type == kPattern) |
| 312 all_required_exist &= RequireField(*result, kClientCertPattern); |
| 313 else if (cert_type == kRef) |
| 314 all_required_exist &= RequireField(*result, kClientCertRef); |
| 315 |
| 316 return !error_on_missing_field_ || all_required_exist; |
| 317 } |
| 318 |
| 293 namespace { | 319 namespace { |
| 294 | 320 |
| 295 std::string JoinStringRange(const std::vector<const char*>& strings, | 321 std::string JoinStringRange(const std::vector<const char*>& strings, |
| 296 const std::string& separator) { | 322 const std::string& separator) { |
| 297 std::vector<std::string> string_vector; | 323 std::vector<std::string> string_vector; |
| 298 std::copy(strings.begin(), strings.end(), std::back_inserter(string_vector)); | 324 std::copy(strings.begin(), strings.end(), std::back_inserter(string_vector)); |
| 299 return JoinString(string_vector, separator); | 325 return JoinString(string_vector, separator); |
| 300 } | 326 } |
| 301 | 327 |
| 302 } // namespace | 328 } // namespace |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 393 error_or_warning_found_ = true; | 419 error_or_warning_found_ = true; |
| 394 LOG(ERROR) << MessageHeader() << "Found a duplicate GUID " << guid << "."; | 420 LOG(ERROR) << MessageHeader() << "Found a duplicate GUID " << guid << "."; |
| 395 return false; | 421 return false; |
| 396 } | 422 } |
| 397 guids->insert(guid); | 423 guids->insert(guid); |
| 398 } | 424 } |
| 399 return true; | 425 return true; |
| 400 } | 426 } |
| 401 | 427 |
| 402 bool Validator::IsCertPatternInDevicePolicy(const std::string& cert_type) { | 428 bool Validator::IsCertPatternInDevicePolicy(const std::string& cert_type) { |
| 403 if (cert_type == ::onc::certificate::kPattern && | 429 if (cert_type == ::onc::client_cert::kPattern && |
| 404 onc_source_ == ::onc::ONC_SOURCE_DEVICE_POLICY) { | 430 onc_source_ == ::onc::ONC_SOURCE_DEVICE_POLICY) { |
| 405 error_or_warning_found_ = true; | 431 error_or_warning_found_ = true; |
| 406 LOG(ERROR) << MessageHeader() << "Client certificate patterns are " | 432 LOG(ERROR) << MessageHeader() << "Client certificate patterns are " |
| 407 << "prohibited in ONC device policies."; | 433 << "prohibited in ONC device policies."; |
| 408 return true; | 434 return true; |
| 409 } | 435 } |
| 410 return false; | 436 return false; |
| 411 } | 437 } |
| 412 | 438 |
| 413 bool Validator::IsGlobalNetworkConfigInUserImport( | 439 bool Validator::IsGlobalNetworkConfigInUserImport( |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 494 NOTREACHED(); | 520 NOTREACHED(); |
| 495 } | 521 } |
| 496 } | 522 } |
| 497 | 523 |
| 498 return !error_on_missing_field_ || all_required_exist; | 524 return !error_on_missing_field_ || all_required_exist; |
| 499 } | 525 } |
| 500 | 526 |
| 501 bool Validator::ValidateEthernet(base::DictionaryValue* result) { | 527 bool Validator::ValidateEthernet(base::DictionaryValue* result) { |
| 502 using namespace ::onc::ethernet; | 528 using namespace ::onc::ethernet; |
| 503 | 529 |
| 504 const char* const kValidAuthentications[] = {kNone, k8021X}; | 530 const char* const kValidAuthentications[] = {kAuthenticationNone, k8021X}; |
| 505 const std::vector<const char*> valid_authentications( | 531 const std::vector<const char*> valid_authentications( |
| 506 toVector(kValidAuthentications)); | 532 toVector(kValidAuthentications)); |
| 507 if (FieldExistsAndHasNoValidValue( | 533 if (FieldExistsAndHasNoValidValue( |
| 508 *result, kAuthentication, valid_authentications)) { | 534 *result, kAuthentication, valid_authentications)) { |
| 509 return false; | 535 return false; |
| 510 } | 536 } |
| 511 | 537 |
| 512 bool all_required_exist = true; | 538 bool all_required_exist = true; |
| 513 std::string auth; | 539 std::string auth; |
| 514 result->GetStringWithoutPathExpansion(kAuthentication, &auth); | 540 result->GetStringWithoutPathExpansion(kAuthentication, &auth); |
| (...skipping 25 matching lines...) Expand all Loading... |
| 540 bool all_required_exist = RequireField(*result, kIPAddress) && | 566 bool all_required_exist = RequireField(*result, kIPAddress) && |
| 541 RequireField(*result, kRoutingPrefix) && | 567 RequireField(*result, kRoutingPrefix) && |
| 542 RequireField(*result, ::onc::ipconfig::kType); | 568 RequireField(*result, ::onc::ipconfig::kType); |
| 543 | 569 |
| 544 return !error_on_missing_field_ || all_required_exist; | 570 return !error_on_missing_field_ || all_required_exist; |
| 545 } | 571 } |
| 546 | 572 |
| 547 bool Validator::ValidateWiFi(base::DictionaryValue* result) { | 573 bool Validator::ValidateWiFi(base::DictionaryValue* result) { |
| 548 using namespace ::onc::wifi; | 574 using namespace ::onc::wifi; |
| 549 | 575 |
| 550 const char* const kValidSecurities[] = {kNone, kWEP_PSK, kWEP_8021X, kWPA_PSK, | 576 const char* const kValidSecurities[] = {kSecurityNone, kWEP_PSK, kWEP_8021X, |
| 551 kWPA_EAP}; | 577 kWPA_PSK, kWPA_EAP}; |
| 552 const std::vector<const char*> valid_securities(toVector(kValidSecurities)); | 578 const std::vector<const char*> valid_securities(toVector(kValidSecurities)); |
| 553 if (FieldExistsAndHasNoValidValue(*result, kSecurity, valid_securities)) | 579 if (FieldExistsAndHasNoValidValue(*result, kSecurity, valid_securities)) |
| 554 return false; | 580 return false; |
| 555 | 581 |
| 556 bool all_required_exist = | 582 bool all_required_exist = |
| 557 RequireField(*result, kSecurity) && RequireField(*result, kSSID); | 583 RequireField(*result, kSecurity) && RequireField(*result, kSSID); |
| 558 | 584 |
| 559 std::string security; | 585 std::string security; |
| 560 result->GetStringWithoutPathExpansion(kSecurity, &security); | 586 result->GetStringWithoutPathExpansion(kSecurity, &security); |
| 561 if (security == kWEP_8021X || security == kWPA_EAP) | 587 if (security == kWEP_8021X || security == kWPA_EAP) |
| (...skipping 22 matching lines...) Expand all Loading... |
| 584 } else if (type == kTypeL2TP_IPsec) { | 610 } else if (type == kTypeL2TP_IPsec) { |
| 585 all_required_exist &= | 611 all_required_exist &= |
| 586 RequireField(*result, kIPsec) && RequireField(*result, kL2TP); | 612 RequireField(*result, kIPsec) && RequireField(*result, kL2TP); |
| 587 } | 613 } |
| 588 | 614 |
| 589 return !error_on_missing_field_ || all_required_exist; | 615 return !error_on_missing_field_ || all_required_exist; |
| 590 } | 616 } |
| 591 | 617 |
| 592 bool Validator::ValidateIPsec(base::DictionaryValue* result) { | 618 bool Validator::ValidateIPsec(base::DictionaryValue* result) { |
| 593 using namespace ::onc::ipsec; | 619 using namespace ::onc::ipsec; |
| 594 using namespace ::onc::certificate; | |
| 595 | 620 |
| 596 const char* const kValidAuthentications[] = {kPSK, kCert}; | 621 const char* const kValidAuthentications[] = {kPSK, kCert}; |
| 597 const std::vector<const char*> valid_authentications( | 622 const std::vector<const char*> valid_authentications( |
| 598 toVector(kValidAuthentications)); | 623 toVector(kValidAuthentications)); |
| 599 const char* const kValidCertTypes[] = {kRef, kPattern}; | |
| 600 const std::vector<const char*> valid_cert_types(toVector(kValidCertTypes)); | |
| 601 if (FieldExistsAndHasNoValidValue( | 624 if (FieldExistsAndHasNoValidValue( |
| 602 *result, kAuthenticationType, valid_authentications) || | 625 *result, kAuthenticationType, valid_authentications) || |
| 603 FieldExistsAndHasNoValidValue( | |
| 604 *result, ::onc::vpn::kClientCertType, valid_cert_types) || | |
| 605 FieldExistsAndIsEmpty(*result, kServerCARefs)) { | 626 FieldExistsAndIsEmpty(*result, kServerCARefs)) { |
| 606 return false; | 627 return false; |
| 607 } | 628 } |
| 608 | 629 |
| 609 if (result->HasKey(kServerCARefs) && result->HasKey(kServerCARef)) { | 630 if (result->HasKey(kServerCARefs) && result->HasKey(kServerCARef)) { |
| 610 error_or_warning_found_ = true; | 631 error_or_warning_found_ = true; |
| 611 LOG(ERROR) << MessageHeader() << "At most one of " << kServerCARefs | 632 LOG(ERROR) << MessageHeader() << "At most one of " << kServerCARefs |
| 612 << " and " << kServerCARef << " can be set."; | 633 << " and " << kServerCARef << " can be set."; |
| 613 return false; | 634 return false; |
| 614 } | 635 } |
| 615 | 636 |
| 637 if (!ValidateClientCertFields(result, |
| 638 false /* don't allow ClientCertType None */)) { |
| 639 return false; |
| 640 } |
| 641 |
| 616 bool all_required_exist = RequireField(*result, kAuthenticationType) && | 642 bool all_required_exist = RequireField(*result, kAuthenticationType) && |
| 617 RequireField(*result, kIKEVersion); | 643 RequireField(*result, kIKEVersion); |
| 618 std::string auth; | 644 std::string auth; |
| 619 result->GetStringWithoutPathExpansion(kAuthenticationType, &auth); | 645 result->GetStringWithoutPathExpansion(kAuthenticationType, &auth); |
| 620 bool has_server_ca_cert = | 646 bool has_server_ca_cert = |
| 621 result->HasKey(kServerCARefs) || result->HasKey(kServerCARef); | 647 result->HasKey(kServerCARefs) || result->HasKey(kServerCARef); |
| 622 if (auth == kCert) { | 648 if (auth == kCert) { |
| 623 all_required_exist &= RequireField(*result, ::onc::vpn::kClientCertType); | 649 all_required_exist &= |
| 650 RequireField(*result, ::onc::client_cert::kClientCertType); |
| 624 if (!has_server_ca_cert) { | 651 if (!has_server_ca_cert) { |
| 625 all_required_exist = false; | 652 all_required_exist = false; |
| 626 error_or_warning_found_ = true; | 653 error_or_warning_found_ = true; |
| 627 std::string message = MessageHeader() + "The required field '" + | 654 std::string message = MessageHeader() + "The required field '" + |
| 628 kServerCARefs + "' is missing."; | 655 kServerCARefs + "' is missing."; |
| 629 if (error_on_missing_field_) | 656 if (error_on_missing_field_) |
| 630 LOG(ERROR) << message; | 657 LOG(ERROR) << message; |
| 631 else | 658 else |
| 632 LOG(WARNING) << message; | 659 LOG(WARNING) << message; |
| 633 } | 660 } |
| 634 } else if (has_server_ca_cert) { | 661 } else if (has_server_ca_cert) { |
| 635 error_or_warning_found_ = true; | 662 error_or_warning_found_ = true; |
| 636 LOG(ERROR) << MessageHeader() << kServerCARefs << " (or " << kServerCARef | 663 LOG(ERROR) << MessageHeader() << kServerCARefs << " (or " << kServerCARef |
| 637 << ") can only be set if " << kAuthenticationType | 664 << ") can only be set if " << kAuthenticationType |
| 638 << " is set to " << kCert << "."; | 665 << " is set to " << kCert << "."; |
| 639 return false; | 666 return false; |
| 640 } | 667 } |
| 641 | 668 |
| 642 std::string cert_type; | |
| 643 result->GetStringWithoutPathExpansion(::onc::vpn::kClientCertType, | |
| 644 &cert_type); | |
| 645 | |
| 646 if (IsCertPatternInDevicePolicy(cert_type)) | |
| 647 return false; | |
| 648 | |
| 649 if (cert_type == kPattern) | |
| 650 all_required_exist &= RequireField(*result, ::onc::vpn::kClientCertPattern); | |
| 651 else if (cert_type == kRef) | |
| 652 all_required_exist &= RequireField(*result, ::onc::vpn::kClientCertRef); | |
| 653 | |
| 654 return !error_on_missing_field_ || all_required_exist; | 669 return !error_on_missing_field_ || all_required_exist; |
| 655 } | 670 } |
| 656 | 671 |
| 657 bool Validator::ValidateOpenVPN(base::DictionaryValue* result) { | 672 bool Validator::ValidateOpenVPN(base::DictionaryValue* result) { |
| 658 using namespace ::onc::openvpn; | 673 using namespace ::onc::openvpn; |
| 659 using namespace ::onc::certificate; | |
| 660 | 674 |
| 661 const char* const kValidAuthRetryValues[] = {::onc::openvpn::kNone, kInteract, | 675 const char* const kValidAuthRetryValues[] = {::onc::openvpn::kNone, kInteract, |
| 662 kNoInteract}; | 676 kNoInteract}; |
| 663 const std::vector<const char*> valid_auth_retry_values( | 677 const std::vector<const char*> valid_auth_retry_values( |
| 664 toVector(kValidAuthRetryValues)); | 678 toVector(kValidAuthRetryValues)); |
| 665 const char* const kValidCertTypes[] = {::onc::certificate::kNone, kRef, | |
| 666 kPattern}; | |
| 667 const std::vector<const char*> valid_cert_types(toVector(kValidCertTypes)); | |
| 668 const char* const kValidCertTlsValues[] = {::onc::openvpn::kNone, | 679 const char* const kValidCertTlsValues[] = {::onc::openvpn::kNone, |
| 669 ::onc::openvpn::kServer}; | 680 ::onc::openvpn::kServer}; |
| 670 const std::vector<const char*> valid_cert_tls_values( | 681 const std::vector<const char*> valid_cert_tls_values( |
| 671 toVector(kValidCertTlsValues)); | 682 toVector(kValidCertTlsValues)); |
| 672 | 683 |
| 673 if (FieldExistsAndHasNoValidValue( | 684 if (FieldExistsAndHasNoValidValue( |
| 674 *result, kAuthRetry, valid_auth_retry_values) || | 685 *result, kAuthRetry, valid_auth_retry_values) || |
| 675 FieldExistsAndHasNoValidValue( | 686 FieldExistsAndHasNoValidValue( |
| 676 *result, ::onc::vpn::kClientCertType, valid_cert_types) || | |
| 677 FieldExistsAndHasNoValidValue( | |
| 678 *result, kRemoteCertTLS, valid_cert_tls_values) || | 687 *result, kRemoteCertTLS, valid_cert_tls_values) || |
| 679 FieldExistsAndIsEmpty(*result, kServerCARefs)) { | 688 FieldExistsAndIsEmpty(*result, kServerCARefs)) { |
| 680 return false; | 689 return false; |
| 681 } | 690 } |
| 682 | 691 |
| 683 if (result->HasKey(kServerCARefs) && result->HasKey(kServerCARef)) { | 692 if (result->HasKey(kServerCARefs) && result->HasKey(kServerCARef)) { |
| 684 error_or_warning_found_ = true; | 693 error_or_warning_found_ = true; |
| 685 LOG(ERROR) << MessageHeader() << "At most one of " << kServerCARefs | 694 LOG(ERROR) << MessageHeader() << "At most one of " << kServerCARefs |
| 686 << " and " << kServerCARef << " can be set."; | 695 << " and " << kServerCARef << " can be set."; |
| 687 return false; | 696 return false; |
| 688 } | 697 } |
| 689 | 698 |
| 690 bool all_required_exist = RequireField(*result, ::onc::vpn::kClientCertType); | 699 if (!ValidateClientCertFields(result, true /* allow ClientCertType None */)) |
| 691 std::string cert_type; | |
| 692 result->GetStringWithoutPathExpansion(::onc::vpn::kClientCertType, | |
| 693 &cert_type); | |
| 694 | |
| 695 if (IsCertPatternInDevicePolicy(cert_type)) | |
| 696 return false; | 700 return false; |
| 697 | 701 |
| 698 if (cert_type == kPattern) | 702 bool all_required_exist = |
| 699 all_required_exist &= RequireField(*result, ::onc::vpn::kClientCertPattern); | 703 RequireField(*result, ::onc::client_cert::kClientCertType); |
| 700 else if (cert_type == kRef) | |
| 701 all_required_exist &= RequireField(*result, ::onc::vpn::kClientCertRef); | |
| 702 | 704 |
| 703 return !error_on_missing_field_ || all_required_exist; | 705 return !error_on_missing_field_ || all_required_exist; |
| 704 } | 706 } |
| 705 | 707 |
| 706 bool Validator::ValidateVerifyX509(base::DictionaryValue* result) { | 708 bool Validator::ValidateVerifyX509(base::DictionaryValue* result) { |
| 707 using namespace ::onc::verify_x509; | 709 using namespace ::onc::verify_x509; |
| 708 | 710 |
| 709 const char* const kValidTypes[] = {types::kName, types::kNamePrefix, | 711 const char* const kValidTypes[] = {types::kName, types::kNamePrefix, |
| 710 types::kSubject}; | 712 types::kSubject}; |
| 711 const std::vector<const char*> valid_types(toVector(kValidTypes)); | 713 const std::vector<const char*> valid_types(toVector(kValidTypes)); |
| 712 | 714 |
| 713 if (FieldExistsAndHasNoValidValue(*result, kType, valid_types)) | 715 if (FieldExistsAndHasNoValidValue(*result, kType, valid_types)) |
| 714 return false; | 716 return false; |
| 715 | 717 |
| 716 bool all_required_exist = RequireField(*result, kName); | 718 bool all_required_exist = RequireField(*result, kName); |
| 717 | 719 |
| 718 return !error_on_missing_field_ || all_required_exist; | 720 return !error_on_missing_field_ || all_required_exist; |
| 719 } | 721 } |
| 720 | 722 |
| 721 bool Validator::ValidateCertificatePattern(base::DictionaryValue* result) { | 723 bool Validator::ValidateCertificatePattern(base::DictionaryValue* result) { |
| 722 using namespace ::onc::certificate; | 724 using namespace ::onc::client_cert; |
| 723 | 725 |
| 724 bool all_required_exist = true; | 726 bool all_required_exist = true; |
| 725 if (!result->HasKey(kSubject) && !result->HasKey(kIssuer) && | 727 if (!result->HasKey(kSubject) && !result->HasKey(kIssuer) && |
| 726 !result->HasKey(kIssuerCARef)) { | 728 !result->HasKey(kIssuerCARef)) { |
| 727 error_or_warning_found_ = true; | 729 error_or_warning_found_ = true; |
| 728 all_required_exist = false; | 730 all_required_exist = false; |
| 729 std::string message = MessageHeader() + "None of the fields '" + kSubject + | 731 std::string message = MessageHeader() + "None of the fields '" + kSubject + |
| 730 "', '" + kIssuer + "', and '" + kIssuerCARef + | 732 "', '" + kIssuer + "', and '" + kIssuerCARef + |
| 731 "' is present, but at least one is required."; | 733 "' is present, but at least one is required."; |
| 732 if (error_on_missing_field_) | 734 if (error_on_missing_field_) |
| (...skipping 28 matching lines...) Expand all Loading... |
| 761 using namespace ::onc::proxy; | 763 using namespace ::onc::proxy; |
| 762 | 764 |
| 763 bool all_required_exist = | 765 bool all_required_exist = |
| 764 RequireField(*result, kHost) && RequireField(*result, kPort); | 766 RequireField(*result, kHost) && RequireField(*result, kPort); |
| 765 | 767 |
| 766 return !error_on_missing_field_ || all_required_exist; | 768 return !error_on_missing_field_ || all_required_exist; |
| 767 } | 769 } |
| 768 | 770 |
| 769 bool Validator::ValidateEAP(base::DictionaryValue* result) { | 771 bool Validator::ValidateEAP(base::DictionaryValue* result) { |
| 770 using namespace ::onc::eap; | 772 using namespace ::onc::eap; |
| 771 using namespace ::onc::certificate; | |
| 772 | 773 |
| 773 const char* const kValidInnerValues[] = {kAutomatic, kMD5, kMSCHAPv2, kPAP}; | 774 const char* const kValidInnerValues[] = {kAutomatic, kMD5, kMSCHAPv2, kPAP}; |
| 774 const std::vector<const char*> valid_inner_values( | 775 const std::vector<const char*> valid_inner_values( |
| 775 toVector(kValidInnerValues)); | 776 toVector(kValidInnerValues)); |
| 776 const char* const kValidOuterValues[] = { | 777 const char* const kValidOuterValues[] = { |
| 777 kPEAP, kEAP_TLS, kEAP_TTLS, kLEAP, kEAP_SIM, kEAP_FAST, kEAP_AKA}; | 778 kPEAP, kEAP_TLS, kEAP_TTLS, kLEAP, kEAP_SIM, kEAP_FAST, kEAP_AKA}; |
| 778 const std::vector<const char*> valid_outer_values( | 779 const std::vector<const char*> valid_outer_values( |
| 779 toVector(kValidOuterValues)); | 780 toVector(kValidOuterValues)); |
| 780 const char* const kValidCertTypes[] = {kRef, kPattern}; | |
| 781 const std::vector<const char*> valid_cert_types(toVector(kValidCertTypes)); | |
| 782 | 781 |
| 783 if (FieldExistsAndHasNoValidValue(*result, kInner, valid_inner_values) || | 782 if (FieldExistsAndHasNoValidValue(*result, kInner, valid_inner_values) || |
| 784 FieldExistsAndHasNoValidValue(*result, kOuter, valid_outer_values) || | 783 FieldExistsAndHasNoValidValue(*result, kOuter, valid_outer_values) || |
| 785 FieldExistsAndHasNoValidValue( | |
| 786 *result, kClientCertType, valid_cert_types) || | |
| 787 FieldExistsAndIsEmpty(*result, kServerCARefs)) { | 784 FieldExistsAndIsEmpty(*result, kServerCARefs)) { |
| 788 return false; | 785 return false; |
| 789 } | 786 } |
| 790 | 787 |
| 791 if (result->HasKey(kServerCARefs) && result->HasKey(kServerCARef)) { | 788 if (result->HasKey(kServerCARefs) && result->HasKey(kServerCARef)) { |
| 792 error_or_warning_found_ = true; | 789 error_or_warning_found_ = true; |
| 793 LOG(ERROR) << MessageHeader() << "At most one of " << kServerCARefs | 790 LOG(ERROR) << MessageHeader() << "At most one of " << kServerCARefs |
| 794 << " and " << kServerCARef << " can be set."; | 791 << " and " << kServerCARef << " can be set."; |
| 795 return false; | 792 return false; |
| 796 } | 793 } |
| 797 | 794 |
| 795 if (!ValidateClientCertFields(result, |
| 796 false /* don't allow ClientCertType None */)) { |
| 797 return false; |
| 798 } |
| 799 |
| 798 bool all_required_exist = RequireField(*result, kOuter); | 800 bool all_required_exist = RequireField(*result, kOuter); |
| 799 std::string cert_type; | |
| 800 result->GetStringWithoutPathExpansion(kClientCertType, &cert_type); | |
| 801 | |
| 802 if (IsCertPatternInDevicePolicy(cert_type)) | |
| 803 return false; | |
| 804 | |
| 805 if (cert_type == kPattern) | |
| 806 all_required_exist &= RequireField(*result, kClientCertPattern); | |
| 807 else if (cert_type == kRef) | |
| 808 all_required_exist &= RequireField(*result, kClientCertRef); | |
| 809 | 801 |
| 810 return !error_on_missing_field_ || all_required_exist; | 802 return !error_on_missing_field_ || all_required_exist; |
| 811 } | 803 } |
| 812 | 804 |
| 813 bool Validator::ValidateCertificate(base::DictionaryValue* result) { | 805 bool Validator::ValidateCertificate(base::DictionaryValue* result) { |
| 814 using namespace ::onc::certificate; | 806 using namespace ::onc::certificate; |
| 815 | 807 |
| 816 const char* const kValidTypes[] = {kClient, kServer, kAuthority}; | 808 const char* const kValidTypes[] = {kClient, kServer, kAuthority}; |
| 817 const std::vector<const char*> valid_types(toVector(kValidTypes)); | 809 const std::vector<const char*> valid_types(toVector(kValidTypes)); |
| 818 if (FieldExistsAndHasNoValidValue(*result, kType, valid_types) || | 810 if (FieldExistsAndHasNoValidValue(*result, kType, valid_types) || |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 850 } | 842 } |
| 851 | 843 |
| 852 std::string Validator::MessageHeader() { | 844 std::string Validator::MessageHeader() { |
| 853 std::string path = path_.empty() ? "toplevel" : JoinString(path_, "."); | 845 std::string path = path_.empty() ? "toplevel" : JoinString(path_, "."); |
| 854 std::string message = "At " + path + ": "; | 846 std::string message = "At " + path + ": "; |
| 855 return message; | 847 return message; |
| 856 } | 848 } |
| 857 | 849 |
| 858 } // namespace onc | 850 } // namespace onc |
| 859 } // namespace chromeos | 851 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 368233004:
ONC: Cleanup client certificate related fields. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src