1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chromeos/network/onc/onc_normalizer.h"
9 #include "base/logging.h"
10 #include "base/values.h"
11 #include "chromeos/network/onc/onc_signature.h"
12 #include "chromeos/network/onc/onc_utils.h"
13 #include "components/onc/onc_constants.h"
18 Normalizer::Normalizer(bool remove_recommended_fields
)
19 : remove_recommended_fields_(remove_recommended_fields
) {
22 Normalizer::~Normalizer() {
25 scoped_ptr
<base::DictionaryValue
> Normalizer::NormalizeObject(
26 const OncValueSignature
* object_signature
,
27 const base::DictionaryValue
& onc_object
) {
28 CHECK(object_signature
!= NULL
);
30 scoped_ptr
<base::DictionaryValue
> result
=
31 MapObject(*object_signature
, onc_object
, &error
);
36 scoped_ptr
<base::DictionaryValue
> Normalizer::MapObject(
37 const OncValueSignature
& signature
,
38 const base::DictionaryValue
& onc_object
,
40 scoped_ptr
<base::DictionaryValue
> normalized
=
41 Mapper::MapObject(signature
, onc_object
, error
);
43 if (normalized
.get() == NULL
)
44 return scoped_ptr
<base::DictionaryValue
>();
46 if (remove_recommended_fields_
)
47 normalized
->RemoveWithoutPathExpansion(::onc::kRecommended
, NULL
);
49 if (&signature
== &kCertificateSignature
)
50 NormalizeCertificate(normalized
.get());
51 else if (&signature
== &kEAPSignature
)
52 NormalizeEAP(normalized
.get());
53 else if (&signature
== &kEthernetSignature
)
54 NormalizeEthernet(normalized
.get());
55 else if (&signature
== &kIPsecSignature
)
56 NormalizeIPsec(normalized
.get());
57 else if (&signature
== &kNetworkConfigurationSignature
)
58 NormalizeNetworkConfiguration(normalized
.get());
59 else if (&signature
== &kOpenVPNSignature
)
60 NormalizeOpenVPN(normalized
.get());
61 else if (&signature
== &kProxySettingsSignature
)
62 NormalizeProxySettings(normalized
.get());
63 else if (&signature
== &kVPNSignature
)
64 NormalizeVPN(normalized
.get());
65 else if (&signature
== &kWiFiSignature
)
66 NormalizeWiFi(normalized
.get());
68 return normalized
.Pass();
73 void RemoveEntryUnless(base::DictionaryValue
* dict
,
74 const std::string
& path
,
77 dict
->RemoveWithoutPathExpansion(path
, NULL
);
82 void Normalizer::NormalizeCertificate(base::DictionaryValue
* cert
) {
83 using namespace ::onc::certificate
;
86 cert
->GetBooleanWithoutPathExpansion(::onc::kRemove
, &remove
);
87 RemoveEntryUnless(cert
, ::onc::certificate::kType
, !remove
);
90 cert
->GetStringWithoutPathExpansion(::onc::certificate::kType
, &type
);
91 RemoveEntryUnless(cert
, kPKCS12
, type
== kClient
);
92 RemoveEntryUnless(cert
, kTrustBits
, type
== kServer
|| type
== kAuthority
);
93 RemoveEntryUnless(cert
, kX509
, type
== kServer
|| type
== kAuthority
);
96 void Normalizer::NormalizeEthernet(base::DictionaryValue
* ethernet
) {
97 using namespace ::onc::ethernet
;
100 ethernet
->GetStringWithoutPathExpansion(kAuthentication
, &auth
);
101 RemoveEntryUnless(ethernet
, kEAP
, auth
== k8021X
);
104 void Normalizer::NormalizeEAP(base::DictionaryValue
* eap
) {
105 using namespace ::onc::eap
;
107 std::string clientcert_type
;
108 eap
->GetStringWithoutPathExpansion(::onc::client_cert::kClientCertType
,
110 RemoveEntryUnless(eap
,
111 ::onc::client_cert::kClientCertPattern
,
112 clientcert_type
== ::onc::client_cert::kPattern
);
113 RemoveEntryUnless(eap
,
114 ::onc::client_cert::kClientCertRef
,
115 clientcert_type
== ::onc::client_cert::kRef
);
118 eap
->GetStringWithoutPathExpansion(kOuter
, &outer
);
119 RemoveEntryUnless(eap
, kAnonymousIdentity
,
120 outer
== kPEAP
|| outer
== kEAP_TTLS
);
121 RemoveEntryUnless(eap
, kInner
,
122 outer
== kPEAP
|| outer
== kEAP_TTLS
|| outer
== kEAP_FAST
);
125 void Normalizer::NormalizeIPsec(base::DictionaryValue
* ipsec
) {
126 using namespace ::onc::ipsec
;
128 std::string auth_type
;
129 ipsec
->GetStringWithoutPathExpansion(kAuthenticationType
, &auth_type
);
131 ipsec
, ::onc::client_cert::kClientCertType
, auth_type
== kCert
);
132 RemoveEntryUnless(ipsec
, kServerCARef
, auth_type
== kCert
);
133 RemoveEntryUnless(ipsec
, kPSK
, auth_type
== kPSK
);
134 RemoveEntryUnless(ipsec
, ::onc::vpn::kSaveCredentials
, auth_type
== kPSK
);
136 std::string clientcert_type
;
137 ipsec
->GetStringWithoutPathExpansion(::onc::client_cert::kClientCertType
,
139 RemoveEntryUnless(ipsec
,
140 ::onc::client_cert::kClientCertPattern
,
141 clientcert_type
== ::onc::client_cert::kPattern
);
142 RemoveEntryUnless(ipsec
,
143 ::onc::client_cert::kClientCertRef
,
144 clientcert_type
== ::onc::client_cert::kRef
);
146 int ike_version
= -1;
147 ipsec
->GetIntegerWithoutPathExpansion(kIKEVersion
, &ike_version
);
148 RemoveEntryUnless(ipsec
, kEAP
, ike_version
== 2);
149 RemoveEntryUnless(ipsec
, kGroup
, ike_version
== 1);
150 RemoveEntryUnless(ipsec
, kXAUTH
, ike_version
== 1);
153 void Normalizer::NormalizeNetworkConfiguration(base::DictionaryValue
* network
) {
155 network
->GetBooleanWithoutPathExpansion(::onc::kRemove
, &remove
);
157 network
->RemoveWithoutPathExpansion(::onc::network_config::kStaticIPConfig
,
159 network
->RemoveWithoutPathExpansion(::onc::network_config::kName
, NULL
);
160 network
->RemoveWithoutPathExpansion(::onc::network_config::kProxySettings
,
162 network
->RemoveWithoutPathExpansion(::onc::network_config::kType
, NULL
);
163 // Fields dependent on kType are removed afterwards, too.
167 network
->GetStringWithoutPathExpansion(::onc::network_config::kType
, &type
);
168 RemoveEntryUnless(network
,
169 ::onc::network_config::kEthernet
,
170 type
== ::onc::network_type::kEthernet
);
172 network
, ::onc::network_config::kVPN
, type
== ::onc::network_type::kVPN
);
173 RemoveEntryUnless(network
,
174 ::onc::network_config::kWiFi
,
175 type
== ::onc::network_type::kWiFi
);
177 std::string ip_address_config_type
, name_servers_config_type
;
178 network
->GetStringWithoutPathExpansion(
179 ::onc::network_config::kIPAddressConfigType
, &ip_address_config_type
);
180 network
->GetStringWithoutPathExpansion(
181 ::onc::network_config::kNameServersConfigType
, &name_servers_config_type
);
183 network
, ::onc::network_config::kStaticIPConfig
,
184 (ip_address_config_type
== ::onc::network_config::kIPConfigTypeStatic
) ||
185 (name_servers_config_type
==
186 ::onc::network_config::kIPConfigTypeStatic
));
187 // TODO(pneubeck): Remove fields from StaticIPConfig not specified by
188 // IP[Address|Nameservers]ConfigType.
191 void Normalizer::NormalizeOpenVPN(base::DictionaryValue
* openvpn
) {
192 std::string clientcert_type
;
193 openvpn
->GetStringWithoutPathExpansion(::onc::client_cert::kClientCertType
,
195 RemoveEntryUnless(openvpn
,
196 ::onc::client_cert::kClientCertPattern
,
197 clientcert_type
== ::onc::client_cert::kPattern
);
198 RemoveEntryUnless(openvpn
,
199 ::onc::client_cert::kClientCertRef
,
200 clientcert_type
== ::onc::client_cert::kRef
);
202 std::string user_auth_type
;
203 openvpn
->GetStringWithoutPathExpansion(
204 ::onc::openvpn::kUserAuthenticationType
, &user_auth_type
);
207 ::onc::openvpn::kPassword
,
208 user_auth_type
== ::onc::openvpn_user_auth_type::kPassword
||
209 user_auth_type
== ::onc::openvpn_user_auth_type::kPasswordAndOTP
);
212 ::onc::openvpn::kOTP
,
213 user_auth_type
== ::onc::openvpn_user_auth_type::kOTP
||
214 user_auth_type
== ::onc::openvpn_user_auth_type::kPasswordAndOTP
);
217 void Normalizer::NormalizeProxySettings(base::DictionaryValue
* proxy
) {
218 using namespace ::onc::proxy
;
221 proxy
->GetStringWithoutPathExpansion(::onc::proxy::kType
, &type
);
222 RemoveEntryUnless(proxy
, kManual
, type
== kManual
);
223 RemoveEntryUnless(proxy
, kExcludeDomains
, type
== kManual
);
224 RemoveEntryUnless(proxy
, kPAC
, type
== kPAC
);
227 void Normalizer::NormalizeVPN(base::DictionaryValue
* vpn
) {
228 using namespace ::onc::vpn
;
231 vpn
->GetStringWithoutPathExpansion(::onc::vpn::kType
, &type
);
232 RemoveEntryUnless(vpn
, kOpenVPN
, type
== kOpenVPN
);
233 RemoveEntryUnless(vpn
, kIPsec
, type
== kIPsec
|| type
== kTypeL2TP_IPsec
);
234 RemoveEntryUnless(vpn
, kL2TP
, type
== kTypeL2TP_IPsec
);
237 void Normalizer::NormalizeWiFi(base::DictionaryValue
* wifi
) {
238 using namespace ::onc::wifi
;
240 std::string security
;
241 wifi
->GetStringWithoutPathExpansion(::onc::wifi::kSecurity
, &security
);
242 RemoveEntryUnless(wifi
, kEAP
, security
== kWEP_8021X
|| security
== kWPA_EAP
);
243 RemoveEntryUnless(wifi
, kPassphrase
,
244 security
== kWEP_PSK
|| security
== kWPA_PSK
);
245 FillInHexSSIDField(wifi
);
249 } // namespace chromeos