ChromeOS: Add more host verification options for OpenVpn.

chromeos/network/onc/onc_validator.cc

Index: chromeos/network/onc/onc_validator.cc
diff --git a/chromeos/network/onc/onc_validator.cc b/chromeos/network/onc/onc_validator.cc
index d1d4c5203b443df0db3583f56922a365da9c7dc2..f5e974104c7191f9191e231229232319cb926a77 100644
--- a/chromeos/network/onc/onc_validator.cc
+++ b/chromeos/network/onc/onc_validator.cc
@@ -126,6 +126,8 @@ scoped_ptr<base::DictionaryValue> Validator::MapObject(
       valid = ValidateIPsec(onc_object, repaired.get());
     else if (&signature == &kOpenVPNSignature)
       valid = ValidateOpenVPN(onc_object, repaired.get());
+    else if (&signature == &kVerifyX509Signature)
+      valid = ValidateVerifyX509(onc_object, repaired.get());
     else if (&signature == &kCertificatePatternSignature)
       valid = ValidateCertificatePattern(onc_object, repaired.get());
     else if (&signature == &kProxySettingsSignature)
@@ -666,6 +668,21 @@ bool Validator::ValidateOpenVPN(
   return !error_on_missing_field_ || allRequiredExist;
 }
 
+bool Validator::ValidateVerifyX509(const base::DictionaryValue& onc_object,
+                                   base::DictionaryValue* result) {
+  using namespace ::onc::verify_x509;
+
+  static const char* kValidTypeValues[] =
+    {types::kName, types::kNamePrefix, types::kSubject, NULL};
+
+  if (FieldExistsAndHasNoValidValue(*result, kType, kValidTypeValues))
+    return false;
+
+  bool allRequiredExist = RequireField(*result, kName);
+
+  return !error_on_missing_field_ || allRequiredExist;
+}
+
 bool Validator::ValidateCertificatePattern(
     const base::DictionaryValue& onc_object,
     base::DictionaryValue* result) {