onc_utils.h revision ca12bfac764ba476d6cd062bf1dde12cc64c3f40
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROMEOS_NETWORK_ONC_ONC_UTILS_H_ 6#define CHROMEOS_NETWORK_ONC_ONC_UTILS_H_ 7 8#include <map> 9#include <string> 10#include <vector> 11 12#include "base/basictypes.h" 13#include "base/memory/ref_counted.h" 14#include "base/memory/scoped_ptr.h" 15#include "chromeos/chromeos_export.h" 16#include "chromeos/network/onc/onc_constants.h" 17 18namespace base { 19class DictionaryValue; 20class ListValue; 21} 22 23namespace net { 24class X509Certificate; 25} 26 27namespace chromeos { 28namespace onc { 29 30struct OncValueSignature; 31 32// A valid but empty (no networks and no certificates) and unencrypted 33// configuration. 34CHROMEOS_EXPORT extern const char kEmptyUnencryptedConfiguration[]; 35 36typedef std::map<std::string, std::string> CertPEMsByGUIDMap; 37 38// Parses |json| according to the JSON format. If |json| is a JSON formatted 39// dictionary, the function returns the dictionary as a DictionaryValue. 40// Otherwise returns NULL. 41CHROMEOS_EXPORT scoped_ptr<base::DictionaryValue> ReadDictionaryFromJson( 42 const std::string& json); 43 44// Decrypts the given EncryptedConfiguration |onc| (see the ONC specification) 45// using |passphrase|. The resulting UnencryptedConfiguration is returned. If an 46// error occurs, returns NULL. 47CHROMEOS_EXPORT scoped_ptr<base::DictionaryValue> Decrypt( 48 const std::string& passphrase, 49 const base::DictionaryValue& onc); 50 51// For logging only: strings not user facing. 52CHROMEOS_EXPORT std::string GetSourceAsString(ONCSource source); 53 54// Used for string expansion with function ExpandStringInOncObject(...). 55class CHROMEOS_EXPORT StringSubstitution { 56 public: 57 StringSubstitution() {} 58 virtual ~StringSubstitution() {} 59 60 // Returns the replacement string for |placeholder| in 61 // |substitute|. Currently, substitutes::kLoginIDField and 62 // substitutes::kEmailField are supported. 63 virtual bool GetSubstitute(const std::string& placeholder, 64 std::string* substitute) const = 0; 65 66 private: 67 DISALLOW_COPY_AND_ASSIGN(StringSubstitution); 68}; 69 70// Replaces all expandable fields that are mentioned in the ONC 71// specification. The object of |onc_object| is modified in place. Currently 72// substitutes::kLoginIDField and substitutes::kEmailField are expanded. The 73// replacement strings are obtained from |substitution|. 74CHROMEOS_EXPORT void ExpandStringsInOncObject( 75 const OncValueSignature& signature, 76 const StringSubstitution& substitution, 77 base::DictionaryValue* onc_object); 78 79// Replaces expandable fields in the networks of |network_configs|, which must 80// be a list of ONC NetworkConfigurations. See ExpandStringsInOncObject above. 81CHROMEOS_EXPORT void ExpandStringsInNetworks( 82 const StringSubstitution& substitution, 83 base::ListValue* network_configs); 84 85// Creates a copy of |onc_object| with all values of sensitive fields replaced 86// by |mask|. To find sensitive fields, signature and field name are checked 87// with the function FieldIsCredential(). 88CHROMEOS_EXPORT scoped_ptr<base::DictionaryValue> MaskCredentialsInOncObject( 89 const OncValueSignature& signature, 90 const base::DictionaryValue& onc_object, 91 const std::string& mask); 92 93// Decrypts |onc_blob| with |passphrase| if necessary. Clears |network_configs| 94// and |certificates| and fills them with the validated NetworkConfigurations 95// and Certificates of |onc_blob|. Returns false if any validation errors or 96// warnings occurred. Still, some networks or certificates might be added to the 97// output lists and should be further processed by the caller. 98CHROMEOS_EXPORT bool ParseAndValidateOncForImport( 99 const std::string& onc_blob, 100 ONCSource onc_source, 101 const std::string& passphrase, 102 base::ListValue* network_configs, 103 base::ListValue* certificates); 104 105// Parse the given PEM encoded certificate |pem_encoded| and create a 106// X509Certificate from it. 107CHROMEOS_EXPORT scoped_refptr<net::X509Certificate> DecodePEMCertificate( 108 const std::string& pem_encoded); 109 110// Replaces all references by GUID to Server or CA certs by their PEM 111// encoding. Returns true if all references could be resolved. Otherwise returns 112// false and network configurations with unresolveable references are removed 113// from |network_configs|. |network_configs| must be a list of ONC 114// NetworkConfiguration dictionaries. 115CHROMEOS_EXPORT bool ResolveServerCertRefsInNetworks( 116 const CertPEMsByGUIDMap& certs_by_guid, 117 base::ListValue* network_configs); 118 119// Replaces all references by GUID to Server or CA certs by their PEM 120// encoding. Returns true if all references could be resolved. |network_config| 121// must be a ONC NetworkConfiguration. 122CHROMEOS_EXPORT bool ResolveServerCertRefsInNetwork( 123 const CertPEMsByGUIDMap& certs_by_guid, 124 base::DictionaryValue* network_config); 125 126} // namespace onc 127} // namespace chromeos 128 129#endif // CHROMEOS_NETWORK_ONC_ONC_UTILS_H_ 130