onc_normalizer.cc revision 3551c9c881056c480085172ff9840cab31610854 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chromeos/network/onc/onc_normalizer.h"
6
7#include <string>
8
9#include "base/logging.h"
10#include "base/values.h"
11#include "chromeos/network/onc/onc_constants.h"
12#include "chromeos/network/onc/onc_signature.h"
13
14namespace chromeos {
15namespace onc {
16
17Normalizer::Normalizer(bool remove_recommended_fields)
18    : remove_recommended_fields_(remove_recommended_fields) {
19}
20
21Normalizer::~Normalizer() {
22}
23
24scoped_ptr<base::DictionaryValue> Normalizer::NormalizeObject(
25    const OncValueSignature* object_signature,
26    const base::DictionaryValue& onc_object) {
27  CHECK(object_signature != NULL);
28  bool error = false;
29  scoped_ptr<base::DictionaryValue> result =
30      MapObject(*object_signature, onc_object, &error);
31  DCHECK(!error);
32  return result.Pass();
33}
34
35scoped_ptr<base::DictionaryValue> Normalizer::MapObject(
36    const OncValueSignature& signature,
37    const base::DictionaryValue& onc_object,
38    bool* error) {
39  scoped_ptr<base::DictionaryValue> normalized =
40      Mapper::MapObject(signature, onc_object, error);
41
42  if (normalized.get() == NULL)
43    return scoped_ptr<base::DictionaryValue>();
44
45  if (remove_recommended_fields_)
46    normalized->RemoveWithoutPathExpansion(kRecommended, NULL);
47
48  if (&signature == &kCertificateSignature)
49    NormalizeCertificate(normalized.get());
50  else if (&signature == &kEAPSignature)
51    NormalizeEAP(normalized.get());
52  else if (&signature == &kEthernetSignature)
53    NormalizeEthernet(normalized.get());
54  else if (&signature == &kIPsecSignature)
55    NormalizeIPsec(normalized.get());
56  else if (&signature == &kNetworkConfigurationSignature)
57    NormalizeNetworkConfiguration(normalized.get());
58  else if (&signature == &kOpenVPNSignature)
59    NormalizeOpenVPN(normalized.get());
60  else if (&signature == &kProxySettingsSignature)
61    NormalizeProxySettings(normalized.get());
62  else if (&signature == &kVPNSignature)
63    NormalizeVPN(normalized.get());
64  else if (&signature == &kWiFiSignature)
65    NormalizeWiFi(normalized.get());
66
67  return normalized.Pass();
68}
69
70namespace {
71
72void RemoveEntryUnless(base::DictionaryValue* dict,
73                       const std::string& path,
74                       bool condition) {
75  if (!condition)
76    dict->RemoveWithoutPathExpansion(path, NULL);
77}
78
79}  // namespace
80
81void Normalizer::NormalizeCertificate(base::DictionaryValue* cert) {
82  using namespace certificate;
83
84  bool remove = false;
85  cert->GetBooleanWithoutPathExpansion(kRemove, &remove);
86  RemoveEntryUnless(cert, certificate::kType, !remove);
87
88  std::string type;
89  cert->GetStringWithoutPathExpansion(certificate::kType, &type);
90  RemoveEntryUnless(cert, kPKCS12, type == kClient);
91  RemoveEntryUnless(cert, kTrustBits, type == kServer || type == kAuthority);
92  RemoveEntryUnless(cert, kX509, type == kServer || type == kAuthority);
93}
94
95void Normalizer::NormalizeEthernet(base::DictionaryValue* ethernet) {
96  using namespace ethernet;
97
98  std::string auth;
99  ethernet->GetStringWithoutPathExpansion(kAuthentication, &auth);
100  RemoveEntryUnless(ethernet, kEAP, auth == k8021X);
101}
102
103void Normalizer::NormalizeEAP(base::DictionaryValue* eap) {
104  using namespace eap;
105
106  std::string clientcert_type;
107  eap->GetStringWithoutPathExpansion(kClientCertType, &clientcert_type);
108  RemoveEntryUnless(eap, kClientCertPattern,
109                    clientcert_type == certificate::kPattern);
110  RemoveEntryUnless(eap, kClientCertRef, clientcert_type == certificate::kRef);
111
112  std::string outer;
113  eap->GetStringWithoutPathExpansion(kOuter, &outer);
114  RemoveEntryUnless(eap, kAnonymousIdentity,
115                    outer == kPEAP || outer == kEAP_TTLS);
116  RemoveEntryUnless(eap, kInner,
117                    outer == kPEAP || outer == kEAP_TTLS || outer == kEAP_FAST);
118}
119
120void Normalizer::NormalizeIPsec(base::DictionaryValue* ipsec) {
121  using namespace ipsec;
122
123  std::string auth_type;
124  ipsec->GetStringWithoutPathExpansion(kAuthenticationType, &auth_type);
125  RemoveEntryUnless(ipsec, vpn::kClientCertType, auth_type == kCert);
126  RemoveEntryUnless(ipsec, kServerCARef, auth_type == kCert);
127  RemoveEntryUnless(ipsec, kPSK, auth_type == kPSK);
128  RemoveEntryUnless(ipsec, vpn::kSaveCredentials, auth_type == kPSK);
129
130  std::string clientcert_type;
131  ipsec->GetStringWithoutPathExpansion(vpn::kClientCertType, &clientcert_type);
132  RemoveEntryUnless(ipsec, vpn::kClientCertPattern,
133                    clientcert_type == certificate::kPattern);
134  RemoveEntryUnless(ipsec, vpn::kClientCertRef,
135                    clientcert_type == certificate::kRef);
136
137  int ike_version = -1;
138  ipsec->GetIntegerWithoutPathExpansion(kIKEVersion, &ike_version);
139  RemoveEntryUnless(ipsec, kEAP, ike_version == 2);
140  RemoveEntryUnless(ipsec, kGroup, ike_version == 1);
141  RemoveEntryUnless(ipsec, kXAUTH, ike_version == 1);
142}
143
144void Normalizer::NormalizeNetworkConfiguration(base::DictionaryValue* network) {
145  bool remove = false;
146  network->GetBooleanWithoutPathExpansion(kRemove, &remove);
147  if (remove) {
148    network->RemoveWithoutPathExpansion(network_config::kIPConfigs, NULL);
149    network->RemoveWithoutPathExpansion(network_config::kName, NULL);
150    network->RemoveWithoutPathExpansion(network_config::kNameServers, NULL);
151    network->RemoveWithoutPathExpansion(network_config::kProxySettings, NULL);
152    network->RemoveWithoutPathExpansion(network_config::kSearchDomains, NULL);
153    network->RemoveWithoutPathExpansion(network_config::kType, NULL);
154    // Fields dependent on kType are removed afterwards, too.
155  }
156
157  std::string type;
158  network->GetStringWithoutPathExpansion(network_config::kType, &type);
159  RemoveEntryUnless(network, network_config::kEthernet,
160                    type == network_type::kEthernet);
161  RemoveEntryUnless(network, network_config::kVPN, type == network_type::kVPN);
162  RemoveEntryUnless(network, network_config::kWiFi,
163                    type == network_type::kWiFi);
164}
165
166void Normalizer::NormalizeOpenVPN(base::DictionaryValue* openvpn) {
167  using namespace vpn;
168
169  std::string clientcert_type;
170  openvpn->GetStringWithoutPathExpansion(kClientCertType, &clientcert_type);
171  RemoveEntryUnless(openvpn, kClientCertPattern,
172                    clientcert_type == certificate::kPattern);
173  RemoveEntryUnless(openvpn, kClientCertRef,
174                    clientcert_type == certificate::kRef);
175}
176
177void Normalizer::NormalizeProxySettings(base::DictionaryValue* proxy) {
178  using namespace proxy;
179
180  std::string type;
181  proxy->GetStringWithoutPathExpansion(proxy::kType, &type);
182  RemoveEntryUnless(proxy, kManual, type == kManual);
183  RemoveEntryUnless(proxy, kExcludeDomains, type == kManual);
184  RemoveEntryUnless(proxy, kPAC, type == kPAC);
185}
186
187void Normalizer::NormalizeVPN(base::DictionaryValue* vpn) {
188  using namespace vpn;
189
190  std::string type;
191  vpn->GetStringWithoutPathExpansion(vpn::kType, &type);
192  RemoveEntryUnless(vpn, kOpenVPN, type == kOpenVPN);
193  RemoveEntryUnless(vpn, kIPsec, type == kIPsec || type == kTypeL2TP_IPsec);
194  RemoveEntryUnless(vpn, kL2TP, type == kTypeL2TP_IPsec);
195}
196
197void Normalizer::NormalizeWiFi(base::DictionaryValue* wifi) {
198  using namespace wifi;
199
200  std::string security;
201  wifi->GetStringWithoutPathExpansion(wifi::kSecurity, &security);
202  RemoveEntryUnless(wifi, kEAP, security == kWEP_8021X || security == kWPA_EAP);
203  RemoveEntryUnless(wifi, kPassphrase,
204                    security == kWEP_PSK || security == kWPA_PSK);
205}
206
207}  // namespace onc
208}  // namespace chromeos
209