onc_normalizer.cc revision 2a99a7e74a7f215066514fe81d2bfa6639d9eddd
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chromeos/network/onc/onc_normalizer.h" 6 7#include <string> 8 9#include "base/logging.h" 10#include "base/values.h" 11#include "chromeos/network/onc/onc_constants.h" 12#include "chromeos/network/onc/onc_signature.h" 13 14namespace chromeos { 15namespace onc { 16 17Normalizer::Normalizer(bool remove_recommended_fields) 18 : remove_recommended_fields_(remove_recommended_fields) { 19} 20 21Normalizer::~Normalizer() { 22} 23 24scoped_ptr<base::DictionaryValue> Normalizer::NormalizeObject( 25 const OncValueSignature* object_signature, 26 const base::DictionaryValue& onc_object) { 27 CHECK(object_signature != NULL); 28 bool error = false; 29 scoped_ptr<base::DictionaryValue> result = 30 MapObject(*object_signature, onc_object, &error); 31 DCHECK(!error); 32 return result.Pass(); 33} 34 35scoped_ptr<base::DictionaryValue> Normalizer::MapObject( 36 const OncValueSignature& signature, 37 const base::DictionaryValue& onc_object, 38 bool* error) { 39 scoped_ptr<base::DictionaryValue> normalized = 40 Mapper::MapObject(signature, onc_object, error); 41 42 if (normalized.get() == NULL) 43 return scoped_ptr<base::DictionaryValue>(); 44 45 if (remove_recommended_fields_) 46 normalized->RemoveWithoutPathExpansion(kRecommended, NULL); 47 48 if (&signature == &kCertificateSignature) 49 NormalizeCertificate(normalized.get()); 50 else if (&signature == &kEAPSignature) 51 NormalizeEAP(normalized.get()); 52 else if (&signature == &kEthernetSignature) 53 NormalizeEthernet(normalized.get()); 54 else if (&signature == &kIPsecSignature) 55 NormalizeIPsec(normalized.get()); 56 else if (&signature == &kNetworkConfigurationSignature) 57 NormalizeNetworkConfiguration(normalized.get()); 58 else if (&signature == &kOpenVPNSignature) 59 NormalizeOpenVPN(normalized.get()); 60 else if (&signature == &kProxySettingsSignature) 61 NormalizeProxySettings(normalized.get()); 62 else if (&signature == &kVPNSignature) 63 NormalizeVPN(normalized.get()); 64 else if (&signature == &kWiFiSignature) 65 NormalizeWiFi(normalized.get()); 66 67 return normalized.Pass(); 68} 69 70namespace { 71 72void RemoveEntryUnless(base::DictionaryValue* dict, 73 const std::string path, 74 bool condition) { 75 if (!condition) 76 dict->RemoveWithoutPathExpansion(path, NULL); 77} 78 79} // namespace 80 81void Normalizer::NormalizeCertificate(base::DictionaryValue* cert) { 82 using namespace certificate; 83 84 bool remove = false; 85 cert->GetBooleanWithoutPathExpansion(kRemove, &remove); 86 RemoveEntryUnless(cert, certificate::kType, !remove); 87 88 std::string type; 89 cert->GetStringWithoutPathExpansion(certificate::kType, &type); 90 RemoveEntryUnless(cert, kPKCS12, type == kClient); 91 RemoveEntryUnless(cert, kTrust, type == kServer || type == kAuthority); 92 RemoveEntryUnless(cert, kX509, type == kServer || type == kAuthority); 93} 94 95void Normalizer::NormalizeEthernet(base::DictionaryValue* ethernet) { 96 using namespace ethernet; 97 98 std::string auth; 99 ethernet->GetStringWithoutPathExpansion(kAuthentication, &auth); 100 RemoveEntryUnless(ethernet, kEAP, auth == k8021X); 101} 102 103void Normalizer::NormalizeEAP(base::DictionaryValue* eap) { 104 using namespace eap; 105 106 std::string clientcert_type; 107 eap->GetStringWithoutPathExpansion(kClientCertType, &clientcert_type); 108 RemoveEntryUnless(eap, kClientCertPattern, 109 clientcert_type == certificate::kPattern); 110 RemoveEntryUnless(eap, kClientCertRef, clientcert_type == certificate::kRef); 111 112 std::string outer; 113 eap->GetStringWithoutPathExpansion(kOuter, &outer); 114 RemoveEntryUnless(eap, kAnonymousIdentity, 115 outer == kPEAP || outer == kEAP_TTLS); 116 RemoveEntryUnless(eap, kInner, 117 outer == kPEAP || outer == kEAP_TTLS || outer == kEAP_FAST); 118} 119 120void Normalizer::NormalizeIPsec(base::DictionaryValue* ipsec) { 121 using namespace vpn; 122 123 std::string auth_type; 124 ipsec->GetStringWithoutPathExpansion(kAuthenticationType, &auth_type); 125 RemoveEntryUnless(ipsec, kClientCertType, auth_type == kCert); 126 RemoveEntryUnless(ipsec, kServerCARef, auth_type == kCert); 127 RemoveEntryUnless(ipsec, kPSK, auth_type == kPSK); 128 RemoveEntryUnless(ipsec, kSaveCredentials, auth_type == kPSK); 129 130 std::string clientcert_type; 131 ipsec->GetStringWithoutPathExpansion(kClientCertType, &clientcert_type); 132 RemoveEntryUnless(ipsec, kClientCertPattern, 133 clientcert_type == certificate::kPattern); 134 RemoveEntryUnless(ipsec, kClientCertRef, 135 clientcert_type == certificate::kRef); 136 137 int ike_version = -1; 138 ipsec->GetIntegerWithoutPathExpansion(kIKEVersion, &ike_version); 139 RemoveEntryUnless(ipsec, kEAP, ike_version == 2); 140 RemoveEntryUnless(ipsec, kGroup, ike_version == 1); 141 RemoveEntryUnless(ipsec, kXAUTH, ike_version == 1); 142} 143 144void Normalizer::NormalizeNetworkConfiguration(base::DictionaryValue* network) { 145 bool remove = false; 146 network->GetBooleanWithoutPathExpansion(kRemove, &remove); 147 if (remove) { 148 network->RemoveWithoutPathExpansion(network_config::kIPConfigs, NULL); 149 network->RemoveWithoutPathExpansion(network_config::kName, NULL); 150 network->RemoveWithoutPathExpansion(network_config::kNameServers, NULL); 151 network->RemoveWithoutPathExpansion(network_config::kProxySettings, NULL); 152 network->RemoveWithoutPathExpansion(network_config::kSearchDomains, NULL); 153 network->RemoveWithoutPathExpansion(network_config::kType, NULL); 154 // Fields dependent on kType are removed afterwards, too. 155 } 156 157 std::string type; 158 network->GetStringWithoutPathExpansion(network_config::kType, &type); 159 RemoveEntryUnless(network, network_config::kEthernet, 160 type == network_type::kEthernet); 161 RemoveEntryUnless(network, network_config::kVPN, type == network_type::kVPN); 162 RemoveEntryUnless(network, network_config::kWiFi, 163 type == network_type::kWiFi); 164} 165 166void Normalizer::NormalizeOpenVPN(base::DictionaryValue* openvpn) { 167 using namespace vpn; 168 169 std::string clientcert_type; 170 openvpn->GetStringWithoutPathExpansion(kClientCertType, &clientcert_type); 171 RemoveEntryUnless(openvpn, kClientCertPattern, 172 clientcert_type == certificate::kPattern); 173 RemoveEntryUnless(openvpn, kClientCertRef, 174 clientcert_type == certificate::kRef); 175} 176 177void Normalizer::NormalizeProxySettings(base::DictionaryValue* proxy) { 178 using namespace proxy; 179 180 std::string type; 181 proxy->GetStringWithoutPathExpansion(proxy::kType, &type); 182 RemoveEntryUnless(proxy, kManual, type == kManual); 183 RemoveEntryUnless(proxy, kExcludeDomains, type == kManual); 184 RemoveEntryUnless(proxy, kPAC, type == kPAC); 185} 186 187void Normalizer::NormalizeVPN(base::DictionaryValue* vpn) { 188 using namespace vpn; 189 190 std::string type; 191 vpn->GetStringWithoutPathExpansion(vpn::kType, &type); 192 RemoveEntryUnless(vpn, kOpenVPN, type == kOpenVPN); 193 RemoveEntryUnless(vpn, kIPsec, type == kIPsec || type == kTypeL2TP_IPsec); 194 RemoveEntryUnless(vpn, kL2TP, type == kTypeL2TP_IPsec); 195} 196 197void Normalizer::NormalizeWiFi(base::DictionaryValue* wifi) { 198 using namespace wifi; 199 200 std::string security; 201 wifi->GetStringWithoutPathExpansion(wifi::kSecurity, &security); 202 RemoveEntryUnless(wifi, kEAP, security == kWEP_8021X || security == kWPA_EAP); 203 RemoveEntryUnless(wifi, kPassphrase, 204 security == kWEP_PSK || security == kWPA_PSK); 205} 206 207} // namespace onc 208} // namespace chromeos 209