| blob | adacbda00e09f58a33dcb178b67987ddef2c2d44 |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROMEOS_NETWORK_ONC_ONC_VALIDATOR_H_
6 #define CHROMEOS_NETWORK_ONC_ONC_VALIDATOR_H_
8 #include <set>
9 #include <string>
10 #include <vector>
20 }
27 // The ONC Validator searches for the following invalid cases:
28 // - a value is found that has the wrong type or is not expected according to
29 // the ONC spec (always an error)
30 //
31 // - a field name is found that is not part of the signature
32 // (controlled by flag |error_on_unknown_field|)
33 //
34 // - a kRecommended array contains a field name that is not part of the
35 // enclosing object's signature or if that field is dictionary typed
36 // (controlled by flag |error_on_wrong_recommended|)
37 //
38 // - |managed_onc| is false and a field with name kRecommended is found
39 // (always ignored)
40 //
41 // - a required field is missing. Controlled by flag |error_on_missing_field|.
42 // If true this is an error. If false, a message is logged but no error or
43 // warning is flagged.
44 //
45 // If one of these invalid cases occurs and, in case of a controlling flag, that
46 // flag is true, then it is an error. The function ValidateAndRepairObject sets
47 // |result| to INVALID and returns NULL.
48 //
49 // Otherwise, a DeepCopy of the validated object is created, which contains
50 // all but the invalid fields and values.
51 //
52 // If one of the invalid cases occurs and the controlling flag is false, then
53 // it is a warning. The function ValidateAndRepairObject sets |result| to
54 // VALID_WITH_WARNINGS and returns the repaired copy.
55 //
56 // If no error occurred, |result| is set to VALID and an exact DeepCopy is
57 // returned.
61 VALID,
62 VALID_WITH_WARNINGS,
63 INVALID
64 };
66 // See the class comment.
74 // Sets the ONC source to |source|. If not set, defaults to ONC_SOURCE_NONE.
75 // If the source is set to ONC_SOURCE_DEVICE_POLICY, validation additionally
76 // checks:
77 // - only the network types Wifi and Ethernet are allowed
78 // - client certificate patterns are disallowed
81 }
83 // Validate the given |onc_object| according to |object_signature|. The
84 // |object_signature| has to be a pointer to one of the signatures in
85 // |onc_signature.h|. If an error is found, the function returns NULL and sets
86 // |result| to INVALID. If possible (no error encountered) a DeepCopy is
87 // created that contains all but the invalid fields and values and returns
88 // this "repaired" object. That means, if not handled as an error, then the
89 // following are dropped from the copy:
90 // - unknown fields
91 // - invalid field names in kRecommended arrays
92 // - kRecommended fields in an unmanaged ONC
93 // If any of these cases occurred, sets |result| to VALID_WITH_WARNINGS and
94 // otherwise to VALID.
95 // For details, see the class comment.
102 // Overridden from Mapper:
103 // Compare |onc_value|s type with |onc_type| and validate/repair according to
104 // |signature|. On error returns NULL.
109 // Dispatch to the right validation function according to
110 // |signature|. Iterates over all fields and recursively validates/repairs
111 // these. All valid fields are added to the result dictionary. Returns the
112 // repaired dictionary. Only on error returns NULL.
118 // Pushes/pops the |field_name| to |path_|, otherwise like |Mapper::MapField|.
125 // Ignores nested errors in NetworkConfigurations and Certificates, otherwise
126 // like |Mapper::MapArray|.
131 // Pushes/pops the index to |path_|, otherwise like |Mapper::MapEntry|.
137 // This is the default validation of objects/dictionaries. Validates
138 // |onc_object| according to |object_signature|. |result| must point to a
139 // dictionary into which the repaired fields are written.
144 // Validates/repairs the kRecommended array in |result| according to
145 // |object_signature| of the enclosing object.
149 // Validates the ClientCert* fields in a VPN or EAP object. Only if
150 // |allow_cert_type_none| is true, the value "None" is allowed as
151 // ClientCertType.
194 // Returns true if |key| is a key of |dict|. Otherwise, returns false and,
195 // depending on |error_on_missing_field_|, logs a message and sets
196 // |error_or_warning_found_|.
199 // Returns true if the GUID is unique or if the GUID is not a string
200 // and false otherwise. The function also adds the GUID to a set in
201 // order to identify duplicates.
206 // Prohibit certificate patterns for device policy ONC so that an unmanaged
207 // user won't have a certificate presented for them involuntarily.
210 // Prohibit global network configuration in user ONC imports.
223 // The path of field names and indices to the current value. Indices
224 // are stored as strings in decimal notation.
227 // Accumulates all network GUIDs during validation. Used to identify
228 // duplicate GUIDs.
231 // Accumulates all certificate GUIDs during validation. Used to identify
232 // duplicate GUIDs.
235 // Tracks if an error or warning occurred within validation initiated by
236 // function ValidateAndRepairObject.
240 };