Add new certificateProvider extension API.
[chromium-blink-merge.git] / chrome / browser / chromeos / net / onc_utils.cc
blob1f6b5100e46f3034381f44e1be5146069b2bfe75
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/net/onc_utils.h"
7 #include "base/bind_helpers.h"
8 #include "base/json/json_writer.h"
9 #include "base/logging.h"
10 #include "base/prefs/pref_service.h"
11 #include "base/values.h"
12 #include "chrome/common/pref_names.h"
13 #include "chromeos/network/managed_network_configuration_handler.h"
14 #include "chromeos/network/network_configuration_handler.h"
15 #include "chromeos/network/network_handler.h"
16 #include "chromeos/network/network_profile.h"
17 #include "chromeos/network/network_profile_handler.h"
18 #include "chromeos/network/network_state.h"
19 #include "chromeos/network/network_state_handler.h"
20 #include "chromeos/network/network_ui_data.h"
21 #include "chromeos/network/onc/onc_normalizer.h"
22 #include "chromeos/network/onc/onc_signature.h"
23 #include "chromeos/network/onc/onc_translator.h"
24 #include "chromeos/network/onc/onc_utils.h"
25 #include "components/user_manager/user.h"
26 #include "components/user_manager/user_manager.h"
27 #include "third_party/cros_system_api/dbus/service_constants.h"
28 #include "url/gurl.h"
30 namespace chromeos {
31 namespace onc {
33 namespace {
35 // This class defines which string placeholders of ONC are replaced by which
36 // user attribute.
37 class UserStringSubstitution : public chromeos::onc::StringSubstitution {
38 public:
39 explicit UserStringSubstitution(const user_manager::User* user)
40 : user_(user) {}
41 ~UserStringSubstitution() override {}
43 bool GetSubstitute(const std::string& placeholder,
44 std::string* substitute) const override {
45 if (placeholder == ::onc::substitutes::kLoginIDField)
46 *substitute = user_->GetAccountName(false);
47 else if (placeholder == ::onc::substitutes::kEmailField)
48 *substitute = user_->email();
49 else
50 return false;
51 return true;
54 private:
55 const user_manager::User* user_;
57 DISALLOW_COPY_AND_ASSIGN(UserStringSubstitution);
60 } // namespace
62 void ExpandStringPlaceholdersInNetworksForUser(
63 const user_manager::User* user,
64 base::ListValue* network_configs) {
65 if (!user) {
66 // In tests no user may be logged in. It's not harmful if we just don't
67 // expand the strings.
68 return;
70 UserStringSubstitution substitution(user);
71 chromeos::onc::ExpandStringsInNetworks(substitution, network_configs);
74 void ImportNetworksForUser(const user_manager::User* user,
75 const base::ListValue& network_configs,
76 std::string* error) {
77 error->clear();
79 scoped_ptr<base::ListValue> expanded_networks(network_configs.DeepCopy());
80 ExpandStringPlaceholdersInNetworksForUser(user, expanded_networks.get());
82 const NetworkProfile* profile =
83 NetworkHandler::Get()->network_profile_handler()->GetProfileForUserhash(
84 user->username_hash());
85 if (!profile) {
86 *error = "User profile doesn't exist.";
87 return;
90 bool ethernet_not_found = false;
91 for (base::ListValue::const_iterator it = expanded_networks->begin();
92 it != expanded_networks->end();
93 ++it) {
94 const base::DictionaryValue* network = NULL;
95 (*it)->GetAsDictionary(&network);
96 DCHECK(network);
98 // Remove irrelevant fields.
99 onc::Normalizer normalizer(true /* remove recommended fields */);
100 scoped_ptr<base::DictionaryValue> normalized_network =
101 normalizer.NormalizeObject(&onc::kNetworkConfigurationSignature,
102 *network);
104 // TODO(pneubeck): Use ONC and ManagedNetworkConfigurationHandler instead.
105 // crbug.com/457936
106 scoped_ptr<base::DictionaryValue> shill_dict =
107 onc::TranslateONCObjectToShill(&onc::kNetworkConfigurationSignature,
108 *normalized_network);
110 scoped_ptr<NetworkUIData> ui_data(
111 NetworkUIData::CreateFromONC(::onc::ONC_SOURCE_USER_IMPORT));
112 base::DictionaryValue ui_data_dict;
113 ui_data->FillDictionary(&ui_data_dict);
114 std::string ui_data_json;
115 base::JSONWriter::Write(ui_data_dict, &ui_data_json);
116 shill_dict->SetStringWithoutPathExpansion(shill::kUIDataProperty,
117 ui_data_json);
119 shill_dict->SetStringWithoutPathExpansion(shill::kProfileProperty,
120 profile->path);
122 std::string type;
123 shill_dict->GetStringWithoutPathExpansion(shill::kTypeProperty, &type);
124 NetworkConfigurationHandler* config_handler =
125 NetworkHandler::Get()->network_configuration_handler();
126 if (NetworkTypePattern::Ethernet().MatchesType(type)) {
127 // Ethernet has to be configured using an existing Ethernet service.
128 const NetworkState* ethernet =
129 NetworkHandler::Get()->network_state_handler()->FirstNetworkByType(
130 NetworkTypePattern::Ethernet());
131 if (ethernet) {
132 config_handler->SetShillProperties(
133 ethernet->path(), *shill_dict,
134 NetworkConfigurationObserver::SOURCE_USER_ACTION, base::Closure(),
135 network_handler::ErrorCallback());
136 } else {
137 ethernet_not_found = true;
140 } else {
141 config_handler->CreateShillConfiguration(
142 *shill_dict, NetworkConfigurationObserver::SOURCE_USER_ACTION,
143 network_handler::StringResultCallback(),
144 network_handler::ErrorCallback());
148 if (ethernet_not_found)
149 *error = "No Ethernet available to configure.";
152 const base::DictionaryValue* FindPolicyForActiveUser(
153 const std::string& guid,
154 ::onc::ONCSource* onc_source) {
155 const user_manager::User* user =
156 user_manager::UserManager::Get()->GetActiveUser();
157 std::string username_hash = user ? user->username_hash() : std::string();
158 return NetworkHandler::Get()->managed_network_configuration_handler()->
159 FindPolicyByGUID(username_hash, guid, onc_source);
162 const base::DictionaryValue* GetGlobalConfigFromPolicy(bool for_active_user) {
163 std::string username_hash;
164 if (for_active_user) {
165 const user_manager::User* user =
166 user_manager::UserManager::Get()->GetActiveUser();
167 if (!user) {
168 LOG(ERROR) << "No user logged in yet.";
169 return NULL;
171 username_hash = user->username_hash();
173 return NetworkHandler::Get()->managed_network_configuration_handler()->
174 GetGlobalConfigFromPolicy(username_hash);
177 bool PolicyAllowsOnlyPolicyNetworksToAutoconnect(bool for_active_user) {
178 const base::DictionaryValue* global_config =
179 GetGlobalConfigFromPolicy(for_active_user);
180 if (!global_config)
181 return false; // By default, all networks are allowed to autoconnect.
183 bool only_policy_autoconnect = false;
184 global_config->GetBooleanWithoutPathExpansion(
185 ::onc::global_network_config::kAllowOnlyPolicyNetworksToAutoconnect,
186 &only_policy_autoconnect);
187 return only_policy_autoconnect;
190 namespace {
192 const base::DictionaryValue* GetNetworkConfigByGUID(
193 const base::ListValue& network_configs,
194 const std::string& guid) {
195 for (base::ListValue::const_iterator it = network_configs.begin();
196 it != network_configs.end(); ++it) {
197 const base::DictionaryValue* network = NULL;
198 (*it)->GetAsDictionary(&network);
199 DCHECK(network);
201 std::string current_guid;
202 network->GetStringWithoutPathExpansion(::onc::network_config::kGUID,
203 &current_guid);
204 if (current_guid == guid)
205 return network;
207 return NULL;
210 const base::DictionaryValue* GetNetworkConfigForEthernetWithoutEAP(
211 const base::ListValue& network_configs) {
212 VLOG(2) << "Search for ethernet policy without EAP.";
213 for (base::ListValue::const_iterator it = network_configs.begin();
214 it != network_configs.end(); ++it) {
215 const base::DictionaryValue* network = NULL;
216 (*it)->GetAsDictionary(&network);
217 DCHECK(network);
219 std::string type;
220 network->GetStringWithoutPathExpansion(::onc::network_config::kType, &type);
221 if (type != ::onc::network_type::kEthernet)
222 continue;
224 const base::DictionaryValue* ethernet = NULL;
225 network->GetDictionaryWithoutPathExpansion(::onc::network_config::kEthernet,
226 &ethernet);
228 std::string auth;
229 ethernet->GetStringWithoutPathExpansion(::onc::ethernet::kAuthentication,
230 &auth);
231 if (auth == ::onc::ethernet::kAuthenticationNone)
232 return network;
234 return NULL;
237 const base::DictionaryValue* GetNetworkConfigForNetworkFromOnc(
238 const base::ListValue& network_configs,
239 const NetworkState& network) {
240 // In all cases except Ethernet, we use the GUID of |network|.
241 if (!network.Matches(NetworkTypePattern::Ethernet()))
242 return GetNetworkConfigByGUID(network_configs, network.guid());
244 // Ethernet is always shared and thus cannot store a GUID per user. Thus we
245 // search for any Ethernet policy intead of a matching GUID.
246 // EthernetEAP service contains only the EAP parameters and stores the GUID of
247 // the respective ONC policy. The EthernetEAP service itself is however never
248 // in state "connected". An EthernetEAP policy must be applied, if an Ethernet
249 // service is connected using the EAP parameters.
250 const NetworkState* ethernet_eap = NULL;
251 if (NetworkHandler::IsInitialized()) {
252 ethernet_eap =
253 NetworkHandler::Get()->network_state_handler()->GetEAPForEthernet(
254 network.path());
257 // The GUID associated with the EthernetEAP service refers to the ONC policy
258 // with "Authentication: 8021X".
259 if (ethernet_eap)
260 return GetNetworkConfigByGUID(network_configs, ethernet_eap->guid());
262 // Otherwise, EAP is not used and instead the Ethernet policy with
263 // "Authentication: None" applies.
264 return GetNetworkConfigForEthernetWithoutEAP(network_configs);
267 const base::DictionaryValue* GetPolicyForNetworkFromPref(
268 const PrefService* pref_service,
269 const char* pref_name,
270 const NetworkState& network) {
271 if (!pref_service) {
272 VLOG(2) << "No pref service";
273 return NULL;
276 const PrefService::Preference* preference =
277 pref_service->FindPreference(pref_name);
278 if (!preference) {
279 VLOG(2) << "No preference " << pref_name;
280 // The preference may not exist in tests.
281 return NULL;
284 // User prefs are not stored in this Preference yet but only the policy.
286 // The policy server incorrectly configures the OpenNetworkConfiguration user
287 // policy as Recommended. To work around that, we handle the Recommended and
288 // the Mandatory value in the same way.
289 // TODO(pneubeck): Remove this workaround, once the server is fixed. See
290 // http://crbug.com/280553 .
291 if (preference->IsDefaultValue()) {
292 VLOG(2) << "Preference has no recommended or mandatory value.";
293 // No policy set.
294 return NULL;
296 VLOG(2) << "Preference with policy found.";
297 const base::Value* onc_policy_value = preference->GetValue();
298 DCHECK(onc_policy_value);
300 const base::ListValue* onc_policy = NULL;
301 onc_policy_value->GetAsList(&onc_policy);
302 DCHECK(onc_policy);
304 return GetNetworkConfigForNetworkFromOnc(*onc_policy, network);
307 } // namespace
309 const base::DictionaryValue* GetPolicyForNetwork(
310 const PrefService* profile_prefs,
311 const PrefService* local_state_prefs,
312 const NetworkState& network,
313 ::onc::ONCSource* onc_source) {
314 VLOG(2) << "GetPolicyForNetwork: " << network.path();
315 *onc_source = ::onc::ONC_SOURCE_NONE;
317 const base::DictionaryValue* network_policy = GetPolicyForNetworkFromPref(
318 profile_prefs, prefs::kOpenNetworkConfiguration, network);
319 if (network_policy) {
320 VLOG(1) << "Network " << network.path() << " is managed by user policy.";
321 *onc_source = ::onc::ONC_SOURCE_USER_POLICY;
322 return network_policy;
324 network_policy = GetPolicyForNetworkFromPref(
325 local_state_prefs, prefs::kDeviceOpenNetworkConfiguration, network);
326 if (network_policy) {
327 VLOG(1) << "Network " << network.path() << " is managed by device policy.";
328 *onc_source = ::onc::ONC_SOURCE_DEVICE_POLICY;
329 return network_policy;
331 VLOG(2) << "Network " << network.path() << " is unmanaged.";
332 return NULL;
335 bool HasPolicyForNetwork(const PrefService* profile_prefs,
336 const PrefService* local_state_prefs,
337 const NetworkState& network) {
338 ::onc::ONCSource ignored_onc_source;
339 const base::DictionaryValue* policy = onc::GetPolicyForNetwork(
340 profile_prefs, local_state_prefs, network, &ignored_onc_source);
341 return policy != NULL;
344 } // namespace onc
345 } // namespace chromeos