search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ONC: Use HexSSID instead of SSID.
[chromium-blink-merge.git] / chromeos / network / onc / onc_validator.h
blob5a5cf6ae15ebbd1596eead99443eb88db65695ef
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef CHROMEOS_NETWORK_ONC_ONC_VALIDATOR_H_
6 #define CHROMEOS_NETWORK_ONC_ONC_VALIDATOR_H_
7
8 #include <set>
9 #include <string>
10 #include <vector>
11
12 #include "base/memory/scoped_ptr.h"
13 #include "chromeos/chromeos_export.h"
14 #include "chromeos/network/onc/onc_mapper.h"
15 #include "components/onc/onc_constants.h"
16
17 namespace base {
18 class DictionaryValue;
19 class Value;
20 }
21
22 namespace chromeos {
23 namespace onc {
24
25 struct OncValueSignature;
26
27 // The ONC Validator searches for the following invalid cases:
28 // - a value is found that has the wrong type or is not expected according to
29 // the ONC spec (always an error)
30 //
31 // - a field name is found that is not part of the signature
32 // (controlled by flag |error_on_unknown_field|)
33 //
34 // - a kRecommended array contains a field name that is not part of the
35 // enclosing object's signature or if that field is dictionary typed
36 // (controlled by flag |error_on_wrong_recommended|)
37 //
38 // - |managed_onc| is false and a field with name kRecommended is found
39 // (always ignored)
40 //
41 // - a required field is missing. Controlled by flag |error_on_missing_field|.
42 // If true this is an error. If false, a message is logged but no error or
43 // warning is flagged.
44 //
45 // If one of these invalid cases occurs and, in case of a controlling flag, that
46 // flag is true, then it is an error. The function ValidateAndRepairObject sets
47 // |result| to INVALID and returns NULL.
48 //
49 // Otherwise, a DeepCopy of the validated object is created, which contains
50 // all but the invalid fields and values.
51 //
52 // If one of the invalid cases occurs and the controlling flag is false, then
53 // it is a warning. The function ValidateAndRepairObject sets |result| to
54 // VALID_WITH_WARNINGS and returns the repaired copy.
55 //
56 // If no error occurred, |result| is set to VALID and an exact DeepCopy is
57 // returned.
58 class CHROMEOS_EXPORT Validator : public Mapper {
59 public:
60 enum Result {
61 VALID,
62 VALID_WITH_WARNINGS,
63 INVALID
64 };
65
66 // See the class comment.
67 Validator(bool error_on_unknown_field,
68 bool error_on_wrong_recommended,
69 bool error_on_missing_field,
70 bool managed_onc);
71
72 virtual ~Validator();
73
74 // Sets the ONC source to |source|. If not set, defaults to ONC_SOURCE_NONE.
75 // If the source is set to ONC_SOURCE_DEVICE_POLICY, validation additionally
76 // checks:
77 // - only the network types Wifi and Ethernet are allowed
78 // - client certificate patterns are disallowed
79 void SetOncSource(::onc::ONCSource source) {
80 onc_source_ = source;
81 }
82
83 // Validate the given |onc_object| according to |object_signature|. The
84 // |object_signature| has to be a pointer to one of the signatures in
85 // |onc_signature.h|. If an error is found, the function returns NULL and sets
86 // |result| to INVALID. If possible (no error encountered) a DeepCopy is
87 // created that contains all but the invalid fields and values and returns
88 // this "repaired" object. That means, if not handled as an error, then the
89 // following are dropped from the copy:
90 // - unknown fields
91 // - invalid field names in kRecommended arrays
92 // - kRecommended fields in an unmanaged ONC
93 // If any of these cases occurred, sets |result| to VALID_WITH_WARNINGS and
94 // otherwise to VALID.
95 // For details, see the class comment.
96 scoped_ptr<base::DictionaryValue> ValidateAndRepairObject(
97 const OncValueSignature* object_signature,
98 const base::DictionaryValue& onc_object,
99 Result* result);
100
101 private:
102 // Overridden from Mapper:
103 // Compare |onc_value|s type with |onc_type| and validate/repair according to
104 // |signature|. On error returns NULL.
105 virtual scoped_ptr<base::Value> MapValue(const OncValueSignature& signature,
106 const base::Value& onc_value,
107 bool* error) override;
108
109 // Dispatch to the right validation function according to
110 // |signature|. Iterates over all fields and recursively validates/repairs
111 // these. All valid fields are added to the result dictionary. Returns the
112 // repaired dictionary. Only on error returns NULL.
113 virtual scoped_ptr<base::DictionaryValue> MapObject(
114 const OncValueSignature& signature,
115 const base::DictionaryValue& onc_object,
116 bool* error) override;
117
118 // Pushes/pops the |field_name| to |path_|, otherwise like |Mapper::MapField|.
119 virtual scoped_ptr<base::Value> MapField(
120 const std::string& field_name,
121 const OncValueSignature& object_signature,
122 const base::Value& onc_value,
123 bool* found_unknown_field,
124 bool* error) override;
125
126 // Ignores nested errors in NetworkConfigurations and Certificates, otherwise
127 // like |Mapper::MapArray|.
128 virtual scoped_ptr<base::ListValue> MapArray(
129 const OncValueSignature& array_signature,
130 const base::ListValue& onc_array,
131 bool* nested_error) override;
132
133 // Pushes/pops the index to |path_|, otherwise like |Mapper::MapEntry|.
134 virtual scoped_ptr<base::Value> MapEntry(int index,
135 const OncValueSignature& signature,
136 const base::Value& onc_value,
137 bool* error) override;
138
139 // This is the default validation of objects/dictionaries. Validates
140 // |onc_object| according to |object_signature|. |result| must point to a
141 // dictionary into which the repaired fields are written.
142 bool ValidateObjectDefault(const OncValueSignature& object_signature,
143 const base::DictionaryValue& onc_object,
144 base::DictionaryValue* result);
145
146 // Validates/repairs the kRecommended array in |result| according to
147 // |object_signature| of the enclosing object.
148 bool ValidateRecommendedField(const OncValueSignature& object_signature,
149 base::DictionaryValue* result);
150
151 // Validates the ClientCert* fields in a VPN or EAP object. Only if
152 // |allow_cert_type_none| is true, the value "None" is allowed as
153 // ClientCertType.
154 bool ValidateClientCertFields(bool allow_cert_type_none,
155 base::DictionaryValue* result);
156
157 bool ValidateToplevelConfiguration(base::DictionaryValue* result);
158 bool ValidateNetworkConfiguration(base::DictionaryValue* result);
159 bool ValidateEthernet(base::DictionaryValue* result);
160 bool ValidateIPConfig(base::DictionaryValue* result);
161 bool ValidateWiFi(base::DictionaryValue* result);
162 bool ValidateVPN(base::DictionaryValue* result);
163 bool ValidateIPsec(base::DictionaryValue* result);
164 bool ValidateOpenVPN(base::DictionaryValue* result);
165 bool ValidateVerifyX509(base::DictionaryValue* result);
166 bool ValidateCertificatePattern(base::DictionaryValue* result);
167 bool ValidateProxySettings(base::DictionaryValue* result);
168 bool ValidateProxyLocation(base::DictionaryValue* result);
169 bool ValidateEAP(base::DictionaryValue* result);
170 bool ValidateCertificate(base::DictionaryValue* result);
171
172 bool FieldExistsAndHasNoValidValue(
173 const base::DictionaryValue& object,
174 const std::string& field_name,
175 const std::vector<const char*>& valid_values);
176
177 bool FieldExistsAndIsNotInRange(const base::DictionaryValue& object,
178 const std::string &field_name,
179 int lower_bound,
180 int upper_bound);
181
182 bool FieldExistsAndIsEmpty(const base::DictionaryValue& object,
183 const std::string& field_name);
184
185 bool ValidateSSIDAndHexSSID(base::DictionaryValue* object);
186
187 // Returns true if |key| is a key of |dict|. Otherwise, returns false and,
188 // depending on |error_on_missing_field_|, logs a message and sets
189 // |error_or_warning_found_|.
190 bool RequireField(const base::DictionaryValue& dict, const std::string& key);
191
192 // Returns true if the GUID is unique or if the GUID is not a string
193 // and false otherwise. The function also adds the GUID to a set in
194 // order to identify duplicates.
195 bool CheckGuidIsUniqueAndAddToSet(const base::DictionaryValue& dict,
196 const std::string& kGUID,
197 std::set<std::string> *guids);
198
199 // Prohibit certificate patterns for device policy ONC so that an unmanaged
200 // user won't have a certificate presented for them involuntarily.
201 bool IsCertPatternInDevicePolicy(const std::string& cert_type);
202
203 // Prohibit global network configuration in user ONC imports.
204 bool IsGlobalNetworkConfigInUserImport(
205 const base::DictionaryValue& onc_object);
206
207 std::string MessageHeader();
208
209 const bool error_on_unknown_field_;
210 const bool error_on_wrong_recommended_;
211 const bool error_on_missing_field_;
212 const bool managed_onc_;
213
214 ::onc::ONCSource onc_source_;
215
216 // The path of field names and indices to the current value. Indices
217 // are stored as strings in decimal notation.
218 std::vector<std::string> path_;
219
220 // Accumulates all network GUIDs during validation. Used to identify
221 // duplicate GUIDs.
222 std::set<std::string> network_guids_;
223
224 // Accumulates all certificate GUIDs during validation. Used to identify
225 // duplicate GUIDs.
226 std::set<std::string> certificate_guids_;
227
228 // Tracks if an error or warning occurred within validation initiated by
229 // function ValidateAndRepairObject.
230 bool error_or_warning_found_;
231
232 DISALLOW_COPY_AND_ASSIGN(Validator);
233 };
234
235 } // namespace onc
236 } // namespace chromeos
237
238 #endif // CHROMEOS_NETWORK_ONC_ONC_VALIDATOR_H_