onc_utils.h revision ca12bfac764ba476d6cd062bf1dde12cc64c3f40 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROMEOS_NETWORK_ONC_ONC_UTILS_H_
6#define CHROMEOS_NETWORK_ONC_ONC_UTILS_H_
7
8#include <map>
9#include <string>
10#include <vector>
11
12#include "base/basictypes.h"
13#include "base/memory/ref_counted.h"
14#include "base/memory/scoped_ptr.h"
15#include "chromeos/chromeos_export.h"
16#include "chromeos/network/onc/onc_constants.h"
17
18namespace base {
19class DictionaryValue;
20class ListValue;
21}
22
23namespace net {
24class X509Certificate;
25}
26
27namespace chromeos {
28namespace onc {
29
30struct OncValueSignature;
31
32// A valid but empty (no networks and no certificates) and unencrypted
33// configuration.
34CHROMEOS_EXPORT extern const char kEmptyUnencryptedConfiguration[];
35
36typedef std::map<std::string, std::string> CertPEMsByGUIDMap;
37
38// Parses |json| according to the JSON format. If |json| is a JSON formatted
39// dictionary, the function returns the dictionary as a DictionaryValue.
40// Otherwise returns NULL.
41CHROMEOS_EXPORT scoped_ptr<base::DictionaryValue> ReadDictionaryFromJson(
42    const std::string& json);
43
44// Decrypts the given EncryptedConfiguration |onc| (see the ONC specification)
45// using |passphrase|. The resulting UnencryptedConfiguration is returned. If an
46// error occurs, returns NULL.
47CHROMEOS_EXPORT scoped_ptr<base::DictionaryValue> Decrypt(
48    const std::string& passphrase,
49    const base::DictionaryValue& onc);
50
51// For logging only: strings not user facing.
52CHROMEOS_EXPORT std::string GetSourceAsString(ONCSource source);
53
54// Used for string expansion with function ExpandStringInOncObject(...).
55class CHROMEOS_EXPORT StringSubstitution {
56 public:
57  StringSubstitution() {}
58  virtual ~StringSubstitution() {}
59
60  // Returns the replacement string for |placeholder| in
61  // |substitute|. Currently, substitutes::kLoginIDField and
62  // substitutes::kEmailField are supported.
63  virtual bool GetSubstitute(const std::string& placeholder,
64                             std::string* substitute) const = 0;
65
66 private:
67  DISALLOW_COPY_AND_ASSIGN(StringSubstitution);
68};
69
70// Replaces all expandable fields that are mentioned in the ONC
71// specification. The object of |onc_object| is modified in place. Currently
72// substitutes::kLoginIDField and substitutes::kEmailField are expanded. The
73// replacement strings are obtained from |substitution|.
74CHROMEOS_EXPORT void ExpandStringsInOncObject(
75    const OncValueSignature& signature,
76    const StringSubstitution& substitution,
77    base::DictionaryValue* onc_object);
78
79// Replaces expandable fields in the networks of |network_configs|, which must
80// be a list of ONC NetworkConfigurations. See ExpandStringsInOncObject above.
81CHROMEOS_EXPORT void ExpandStringsInNetworks(
82    const StringSubstitution& substitution,
83    base::ListValue* network_configs);
84
85// Creates a copy of |onc_object| with all values of sensitive fields replaced
86// by |mask|. To find sensitive fields, signature and field name are checked
87// with the function FieldIsCredential().
88CHROMEOS_EXPORT scoped_ptr<base::DictionaryValue> MaskCredentialsInOncObject(
89    const OncValueSignature& signature,
90    const base::DictionaryValue& onc_object,
91    const std::string& mask);
92
93// Decrypts |onc_blob| with |passphrase| if necessary. Clears |network_configs|
94// and |certificates| and fills them with the validated NetworkConfigurations
95// and Certificates of |onc_blob|. Returns false if any validation errors or
96// warnings occurred. Still, some networks or certificates might be added to the
97// output lists and should be further processed by the caller.
98CHROMEOS_EXPORT bool ParseAndValidateOncForImport(
99    const std::string& onc_blob,
100    ONCSource onc_source,
101    const std::string& passphrase,
102    base::ListValue* network_configs,
103    base::ListValue* certificates);
104
105// Parse the given PEM encoded certificate |pem_encoded| and create a
106// X509Certificate from it.
107CHROMEOS_EXPORT scoped_refptr<net::X509Certificate> DecodePEMCertificate(
108    const std::string& pem_encoded);
109
110// Replaces all references by GUID to Server or CA certs by their PEM
111// encoding. Returns true if all references could be resolved. Otherwise returns
112// false and network configurations with unresolveable references are removed
113// from |network_configs|. |network_configs| must be a list of ONC
114// NetworkConfiguration dictionaries.
115CHROMEOS_EXPORT bool ResolveServerCertRefsInNetworks(
116    const CertPEMsByGUIDMap& certs_by_guid,
117    base::ListValue* network_configs);
118
119// Replaces all references by GUID to Server or CA certs by their PEM
120// encoding. Returns true if all references could be resolved. |network_config|
121// must be a ONC NetworkConfiguration.
122CHROMEOS_EXPORT bool ResolveServerCertRefsInNetwork(
123    const CertPEMsByGUIDMap& certs_by_guid,
124    base::DictionaryValue* network_config);
125
126}  // namespace onc
127}  // namespace chromeos
128
129#endif  // CHROMEOS_NETWORK_ONC_ONC_UTILS_H_
130