search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Service workers: Allow HTTPS pages arrived at via HTTP redirect to use SW
[chromium-blink-merge.git] / chromeos / network / onc / onc_normalizer.cc
blob627835a3bc7ef368d393155caa7d42bd420c7bb5
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chromeos/network/onc/onc_normalizer.h"
6
7 #include <string>
8
9 #include "base/logging.h"
10 #include "base/values.h"
11 #include "chromeos/network/onc/onc_signature.h"
12 #include "chromeos/network/onc/onc_utils.h"
13 #include "components/onc/onc_constants.h"
14
15 namespace chromeos {
16 namespace onc {
17
18 Normalizer::Normalizer(bool remove_recommended_fields)
19 : remove_recommended_fields_(remove_recommended_fields) {
20 }
21
22 Normalizer::~Normalizer() {
23 }
24
25 scoped_ptr<base::DictionaryValue> Normalizer::NormalizeObject(
26 const OncValueSignature* object_signature,
27 const base::DictionaryValue& onc_object) {
28 CHECK(object_signature != NULL);
29 bool error = false;
30 scoped_ptr<base::DictionaryValue> result =
31 MapObject(*object_signature, onc_object, &error);
32 DCHECK(!error);
33 return result.Pass();
34 }
35
36 scoped_ptr<base::DictionaryValue> Normalizer::MapObject(
37 const OncValueSignature& signature,
38 const base::DictionaryValue& onc_object,
39 bool* error) {
40 scoped_ptr<base::DictionaryValue> normalized =
41 Mapper::MapObject(signature, onc_object, error);
42
43 if (normalized.get() == NULL)
44 return scoped_ptr<base::DictionaryValue>();
45
46 if (remove_recommended_fields_)
47 normalized->RemoveWithoutPathExpansion(::onc::kRecommended, NULL);
48
49 if (&signature == &kCertificateSignature)
50 NormalizeCertificate(normalized.get());
51 else if (&signature == &kEAPSignature)
52 NormalizeEAP(normalized.get());
53 else if (&signature == &kEthernetSignature)
54 NormalizeEthernet(normalized.get());
55 else if (&signature == &kIPsecSignature)
56 NormalizeIPsec(normalized.get());
57 else if (&signature == &kNetworkConfigurationSignature)
58 NormalizeNetworkConfiguration(normalized.get());
59 else if (&signature == &kOpenVPNSignature)
60 NormalizeOpenVPN(normalized.get());
61 else if (&signature == &kProxySettingsSignature)
62 NormalizeProxySettings(normalized.get());
63 else if (&signature == &kVPNSignature)
64 NormalizeVPN(normalized.get());
65 else if (&signature == &kWiFiSignature)
66 NormalizeWiFi(normalized.get());
67
68 return normalized.Pass();
69 }
70
71 namespace {
72
73 void RemoveEntryUnless(base::DictionaryValue* dict,
74 const std::string& path,
75 bool condition) {
76 if (!condition)
77 dict->RemoveWithoutPathExpansion(path, NULL);
78 }
79
80 } // namespace
81
82 void Normalizer::NormalizeCertificate(base::DictionaryValue* cert) {
83 using namespace ::onc::certificate;
84
85 bool remove = false;
86 cert->GetBooleanWithoutPathExpansion(::onc::kRemove, &remove);
87 RemoveEntryUnless(cert, ::onc::certificate::kType, !remove);
88
89 std::string type;
90 cert->GetStringWithoutPathExpansion(::onc::certificate::kType, &type);
91 RemoveEntryUnless(cert, kPKCS12, type == kClient);
92 RemoveEntryUnless(cert, kTrustBits, type == kServer || type == kAuthority);
93 RemoveEntryUnless(cert, kX509, type == kServer || type == kAuthority);
94 }
95
96 void Normalizer::NormalizeEthernet(base::DictionaryValue* ethernet) {
97 using namespace ::onc::ethernet;
98
99 std::string auth;
100 ethernet->GetStringWithoutPathExpansion(kAuthentication, &auth);
101 RemoveEntryUnless(ethernet, kEAP, auth == k8021X);
102 }
103
104 void Normalizer::NormalizeEAP(base::DictionaryValue* eap) {
105 using namespace ::onc::eap;
106
107 std::string clientcert_type;
108 eap->GetStringWithoutPathExpansion(::onc::client_cert::kClientCertType,
109 &clientcert_type);
110 RemoveEntryUnless(eap,
111 ::onc::client_cert::kClientCertPattern,
112 clientcert_type == ::onc::client_cert::kPattern);
113 RemoveEntryUnless(eap,
114 ::onc::client_cert::kClientCertRef,
115 clientcert_type == ::onc::client_cert::kRef);
116
117 std::string outer;
118 eap->GetStringWithoutPathExpansion(kOuter, &outer);
119 RemoveEntryUnless(eap, kAnonymousIdentity,
120 outer == kPEAP || outer == kEAP_TTLS);
121 RemoveEntryUnless(eap, kInner,
122 outer == kPEAP || outer == kEAP_TTLS || outer == kEAP_FAST);
123 }
124
125 void Normalizer::NormalizeIPsec(base::DictionaryValue* ipsec) {
126 using namespace ::onc::ipsec;
127
128 std::string auth_type;
129 ipsec->GetStringWithoutPathExpansion(kAuthenticationType, &auth_type);
130 RemoveEntryUnless(
131 ipsec, ::onc::client_cert::kClientCertType, auth_type == kCert);
132 RemoveEntryUnless(ipsec, kServerCARef, auth_type == kCert);
133 RemoveEntryUnless(ipsec, kPSK, auth_type == kPSK);
134 RemoveEntryUnless(ipsec, ::onc::vpn::kSaveCredentials, auth_type == kPSK);
135
136 std::string clientcert_type;
137 ipsec->GetStringWithoutPathExpansion(::onc::client_cert::kClientCertType,
138 &clientcert_type);
139 RemoveEntryUnless(ipsec,
140 ::onc::client_cert::kClientCertPattern,
141 clientcert_type == ::onc::client_cert::kPattern);
142 RemoveEntryUnless(ipsec,
143 ::onc::client_cert::kClientCertRef,
144 clientcert_type == ::onc::client_cert::kRef);
145
146 int ike_version = -1;
147 ipsec->GetIntegerWithoutPathExpansion(kIKEVersion, &ike_version);
148 RemoveEntryUnless(ipsec, kEAP, ike_version == 2);
149 RemoveEntryUnless(ipsec, kGroup, ike_version == 1);
150 RemoveEntryUnless(ipsec, kXAUTH, ike_version == 1);
151 }
152
153 void Normalizer::NormalizeNetworkConfiguration(base::DictionaryValue* network) {
154 bool remove = false;
155 network->GetBooleanWithoutPathExpansion(::onc::kRemove, &remove);
156 if (remove) {
157 network->RemoveWithoutPathExpansion(::onc::network_config::kStaticIPConfig,
158 NULL);
159 network->RemoveWithoutPathExpansion(::onc::network_config::kName, NULL);
160 network->RemoveWithoutPathExpansion(::onc::network_config::kProxySettings,
161 NULL);
162 network->RemoveWithoutPathExpansion(::onc::network_config::kType, NULL);
163 // Fields dependent on kType are removed afterwards, too.
164 }
165
166 std::string type;
167 network->GetStringWithoutPathExpansion(::onc::network_config::kType, &type);
168 RemoveEntryUnless(network,
169 ::onc::network_config::kEthernet,
170 type == ::onc::network_type::kEthernet);
171 RemoveEntryUnless(
172 network, ::onc::network_config::kVPN, type == ::onc::network_type::kVPN);
173 RemoveEntryUnless(network,
174 ::onc::network_config::kWiFi,
175 type == ::onc::network_type::kWiFi);
176
177 std::string ip_address_config_type, name_servers_config_type;
178 network->GetStringWithoutPathExpansion(
179 ::onc::network_config::kIPAddressConfigType, &ip_address_config_type);
180 network->GetStringWithoutPathExpansion(
181 ::onc::network_config::kNameServersConfigType, &name_servers_config_type);
182 RemoveEntryUnless(
183 network, ::onc::network_config::kStaticIPConfig,
184 (ip_address_config_type == ::onc::network_config::kIPConfigTypeStatic) ||
185 (name_servers_config_type ==
186 ::onc::network_config::kIPConfigTypeStatic));
187 // TODO(pneubeck): Remove fields from StaticIPConfig not specified by
188 // IP[Address|Nameservers]ConfigType.
189 }
190
191 void Normalizer::NormalizeOpenVPN(base::DictionaryValue* openvpn) {
192 std::string clientcert_type;
193 openvpn->GetStringWithoutPathExpansion(::onc::client_cert::kClientCertType,
194 &clientcert_type);
195 RemoveEntryUnless(openvpn,
196 ::onc::client_cert::kClientCertPattern,
197 clientcert_type == ::onc::client_cert::kPattern);
198 RemoveEntryUnless(openvpn,
199 ::onc::client_cert::kClientCertRef,
200 clientcert_type == ::onc::client_cert::kRef);
201
202 std::string user_auth_type;
203 openvpn->GetStringWithoutPathExpansion(
204 ::onc::openvpn::kUserAuthenticationType, &user_auth_type);
205 RemoveEntryUnless(
206 openvpn,
207 ::onc::openvpn::kPassword,
208 user_auth_type == ::onc::openvpn_user_auth_type::kPassword ||
209 user_auth_type == ::onc::openvpn_user_auth_type::kPasswordAndOTP);
210 RemoveEntryUnless(
211 openvpn,
212 ::onc::openvpn::kOTP,
213 user_auth_type == ::onc::openvpn_user_auth_type::kOTP ||
214 user_auth_type == ::onc::openvpn_user_auth_type::kPasswordAndOTP);
215 }
216
217 void Normalizer::NormalizeProxySettings(base::DictionaryValue* proxy) {
218 using namespace ::onc::proxy;
219
220 std::string type;
221 proxy->GetStringWithoutPathExpansion(::onc::proxy::kType, &type);
222 RemoveEntryUnless(proxy, kManual, type == kManual);
223 RemoveEntryUnless(proxy, kExcludeDomains, type == kManual);
224 RemoveEntryUnless(proxy, kPAC, type == kPAC);
225 }
226
227 void Normalizer::NormalizeVPN(base::DictionaryValue* vpn) {
228 using namespace ::onc::vpn;
229
230 std::string type;
231 vpn->GetStringWithoutPathExpansion(::onc::vpn::kType, &type);
232 RemoveEntryUnless(vpn, kOpenVPN, type == kOpenVPN);
233 RemoveEntryUnless(vpn, kIPsec, type == kIPsec || type == kTypeL2TP_IPsec);
234 RemoveEntryUnless(vpn, kL2TP, type == kTypeL2TP_IPsec);
235 RemoveEntryUnless(vpn, kThirdPartyVpn, type == kThirdPartyVpn);
236 }
237
238 void Normalizer::NormalizeWiFi(base::DictionaryValue* wifi) {
239 using namespace ::onc::wifi;
240
241 std::string security;
242 wifi->GetStringWithoutPathExpansion(::onc::wifi::kSecurity, &security);
243 RemoveEntryUnless(wifi, kEAP, security == kWEP_8021X || security == kWPA_EAP);
244 RemoveEntryUnless(wifi, kPassphrase,
245 security == kWEP_PSK || security == kWPA_PSK);
246 FillInHexSSIDField(wifi);
247 }
248
249 } // namespace onc
250 } // namespace chromeos