onc_validator.h revision 8bcbed890bc3ce4d7a057a8f32cab53fa534672e
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROMEOS_NETWORK_ONC_ONC_VALIDATOR_H_ 6#define CHROMEOS_NETWORK_ONC_ONC_VALIDATOR_H_ 7 8#include <string> 9#include <vector> 10 11#include "base/memory/scoped_ptr.h" 12#include "chromeos/chromeos_export.h" 13#include "chromeos/network/onc/onc_mapper.h" 14#include "components/onc/onc_constants.h" 15 16namespace base { 17class DictionaryValue; 18class Value; 19} 20 21namespace chromeos { 22namespace onc { 23 24struct OncValueSignature; 25 26// The ONC Validator searches for the following invalid cases: 27// - a value is found that has the wrong type or is not expected according to 28// the ONC spec (always an error) 29// 30// - a field name is found that is not part of the signature 31// (controlled by flag |error_on_unknown_field|) 32// 33// - a kRecommended array contains a field name that is not part of the 34// enclosing object's signature or if that field is dictionary typed 35// (controlled by flag |error_on_wrong_recommended|) 36// 37// - |managed_onc| is false and a field with name kRecommended is found 38// (always ignored) 39// 40// - a required field is missing (controlled by flag |error_on_missing_field|) 41// 42// If one of these invalid cases occurs and, in case of a controlling flag, that 43// flag is true, then it is an error. The function ValidateAndRepairObject sets 44// |result| to INVALID and returns NULL. 45// 46// Otherwise, a DeepCopy of the validated object is created, which contains 47// all but the invalid fields and values. 48// 49// If one of the invalid cases occurs and the controlling flag is false, then 50// it is a warning. The function ValidateAndRepairObject sets |result| to 51// VALID_WITH_WARNINGS and returns the repaired copy. 52// 53// If no error occurred, |result| is set to VALID and an exact DeepCopy is 54// returned. 55class CHROMEOS_EXPORT Validator : public Mapper { 56 public: 57 enum Result { 58 VALID, 59 VALID_WITH_WARNINGS, 60 INVALID 61 }; 62 63 // See the class comment. 64 Validator(bool error_on_unknown_field, 65 bool error_on_wrong_recommended, 66 bool error_on_missing_field, 67 bool managed_onc); 68 69 virtual ~Validator(); 70 71 // Sets the ONC source to |source|. If not set, defaults to ONC_SOURCE_NONE. 72 // If the source is set to ONC_SOURCE_DEVICE_POLICY, validation additionally 73 // checks: 74 // - only the network types Wifi and Ethernet are allowed 75 // - client certificate patterns are disallowed 76 void SetOncSource(::onc::ONCSource source) { 77 onc_source_ = source; 78 } 79 80 // Validate the given |onc_object| according to |object_signature|. The 81 // |object_signature| has to be a pointer to one of the signatures in 82 // |onc_signature.h|. If an error is found, the function returns NULL and sets 83 // |result| to INVALID. If possible (no error encountered) a DeepCopy is 84 // created that contains all but the invalid fields and values and returns 85 // this "repaired" object. That means, if not handled as an error, then the 86 // following are dropped from the copy: 87 // - unknown fields 88 // - invalid field names in kRecommended arrays 89 // - kRecommended fields in an unmanaged ONC 90 // If any of these cases occurred, sets |result| to VALID_WITH_WARNINGS and 91 // otherwise to VALID. 92 // For details, see the class comment. 93 scoped_ptr<base::DictionaryValue> ValidateAndRepairObject( 94 const OncValueSignature* object_signature, 95 const base::DictionaryValue& onc_object, 96 Result* result); 97 98 private: 99 // Overridden from Mapper: 100 // Compare |onc_value|s type with |onc_type| and validate/repair according to 101 // |signature|. On error returns NULL. 102 virtual scoped_ptr<base::Value> MapValue( 103 const OncValueSignature& signature, 104 const base::Value& onc_value, 105 bool* error) OVERRIDE; 106 107 // Dispatch to the right validation function according to 108 // |signature|. Iterates over all fields and recursively validates/repairs 109 // these. All valid fields are added to the result dictionary. Returns the 110 // repaired dictionary. Only on error returns NULL. 111 virtual scoped_ptr<base::DictionaryValue> MapObject( 112 const OncValueSignature& signature, 113 const base::DictionaryValue& onc_object, 114 bool* error) OVERRIDE; 115 116 // Pushes/pops the |field_name| to |path_|, otherwise like |Mapper::MapField|. 117 virtual scoped_ptr<base::Value> MapField( 118 const std::string& field_name, 119 const OncValueSignature& object_signature, 120 const base::Value& onc_value, 121 bool* found_unknown_field, 122 bool* error) OVERRIDE; 123 124 // Ignores nested errors in NetworkConfigurations and Certificates, otherwise 125 // like |Mapper::MapArray|. 126 virtual scoped_ptr<base::ListValue> MapArray( 127 const OncValueSignature& array_signature, 128 const base::ListValue& onc_array, 129 bool* nested_error) OVERRIDE; 130 131 // Pushes/pops the index to |path_|, otherwise like |Mapper::MapEntry|. 132 virtual scoped_ptr<base::Value> MapEntry( 133 int index, 134 const OncValueSignature& signature, 135 const base::Value& onc_value, 136 bool* error) OVERRIDE; 137 138 // This is the default validation of objects/dictionaries. Validates 139 // |onc_object| according to |object_signature|. |result| must point to a 140 // dictionary into which the repaired fields are written. 141 bool ValidateObjectDefault( 142 const OncValueSignature& object_signature, 143 const base::DictionaryValue& onc_object, 144 base::DictionaryValue* result); 145 146 // Validates/repairs the kRecommended array in |result| according to 147 // |object_signature| of the enclosing object. 148 bool ValidateRecommendedField( 149 const OncValueSignature& object_signature, 150 base::DictionaryValue* result); 151 152 bool ValidateToplevelConfiguration( 153 const base::DictionaryValue& onc_object, 154 base::DictionaryValue* result); 155 156 bool ValidateNetworkConfiguration( 157 const base::DictionaryValue& onc_object, 158 base::DictionaryValue* result); 159 160 bool ValidateEthernet( 161 const base::DictionaryValue& onc_object, 162 base::DictionaryValue* result); 163 164 bool ValidateIPConfig( 165 const base::DictionaryValue& onc_object, 166 base::DictionaryValue* result); 167 168 bool ValidateWiFi( 169 const base::DictionaryValue& onc_object, 170 base::DictionaryValue* result); 171 172 bool ValidateVPN( 173 const base::DictionaryValue& onc_object, 174 base::DictionaryValue* result); 175 176 bool ValidateIPsec( 177 const base::DictionaryValue& onc_object, 178 base::DictionaryValue* result); 179 180 bool ValidateOpenVPN( 181 const base::DictionaryValue& onc_object, 182 base::DictionaryValue* result); 183 184 bool ValidateCertificatePattern( 185 const base::DictionaryValue& onc_object, 186 base::DictionaryValue* result); 187 188 bool ValidateProxySettings( 189 const base::DictionaryValue& onc_object, 190 base::DictionaryValue* result); 191 192 bool ValidateProxyLocation( 193 const base::DictionaryValue& onc_object, 194 base::DictionaryValue* result); 195 196 bool ValidateEAP( 197 const base::DictionaryValue& onc_object, 198 base::DictionaryValue* result); 199 200 bool ValidateCertificate( 201 const base::DictionaryValue& onc_object, 202 base::DictionaryValue* result); 203 204 bool FieldExistsAndHasNoValidValue(const base::DictionaryValue& object, 205 const std::string &field_name, 206 const char** valid_values); 207 208 bool FieldExistsAndIsNotInRange(const base::DictionaryValue& object, 209 const std::string &field_name, 210 int lower_bound, 211 int upper_bound); 212 213 bool FieldExistsAndIsEmpty(const base::DictionaryValue& object, 214 const std::string& field_name); 215 216 bool RequireField(const base::DictionaryValue& dict, const std::string& key); 217 218 // Prohibit certificate patterns for device policy ONC so that an unmanaged 219 // user won't have a certificate presented for them involuntarily. 220 bool IsCertPatternInDevicePolicy(const std::string& cert_type); 221 222 // Prohibit global network configuration in user ONC imports. 223 bool IsGlobalNetworkConfigInUserImport( 224 const base::DictionaryValue& onc_object); 225 226 std::string MessageHeader(); 227 228 const bool error_on_unknown_field_; 229 const bool error_on_wrong_recommended_; 230 const bool error_on_missing_field_; 231 const bool managed_onc_; 232 233 ::onc::ONCSource onc_source_; 234 235 // The path of field names and indices to the current value. Indices 236 // are stored as strings in decimal notation. 237 std::vector<std::string> path_; 238 239 // Tracks if an error or warning occurred within validation initiated by 240 // function ValidateAndRepairObject. 241 bool error_or_warning_found_; 242 243 DISALLOW_COPY_AND_ASSIGN(Validator); 244}; 245 246} // namespace onc 247} // namespace chromeos 248 249#endif // CHROMEOS_NETWORK_ONC_ONC_VALIDATOR_H_ 250