1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROMEOS_NETWORK_ONC_ONC_UTILS_H_
6#define CHROMEOS_NETWORK_ONC_ONC_UTILS_H_
7
8#include <map>
9#include <string>
10#include <vector>
11
12#include "base/basictypes.h"
13#include "base/memory/ref_counted.h"
14#include "base/memory/scoped_ptr.h"
15#include "chromeos/chromeos_export.h"
16#include "chromeos/network/network_type_pattern.h"
17#include "components/onc/onc_constants.h"
18
19namespace base {
20class DictionaryValue;
21class ListValue;
22}
23
24namespace net {
25class X509Certificate;
26}
27
28namespace chromeos {
29namespace onc {
30
31struct OncValueSignature;
32
33// A valid but empty (no networks and no certificates) and unencrypted
34// configuration.
35CHROMEOS_EXPORT extern const char kEmptyUnencryptedConfiguration[];
36
37typedef std::map<std::string, std::string> CertPEMsByGUIDMap;
38
39// Parses |json| according to the JSON format. If |json| is a JSON formatted
40// dictionary, the function returns the dictionary as a DictionaryValue.
41// Otherwise returns NULL.
42CHROMEOS_EXPORT scoped_ptr<base::DictionaryValue> ReadDictionaryFromJson(
43    const std::string& json);
44
45// Decrypts the given EncryptedConfiguration |onc| (see the ONC specification)
46// using |passphrase|. The resulting UnencryptedConfiguration is returned. If an
47// error occurs, returns NULL.
48CHROMEOS_EXPORT scoped_ptr<base::DictionaryValue> Decrypt(
49    const std::string& passphrase,
50    const base::DictionaryValue& onc);
51
52// For logging only: strings not user facing.
53CHROMEOS_EXPORT std::string GetSourceAsString(::onc::ONCSource source);
54
55// Used for string expansion with function ExpandStringInOncObject(...).
56class CHROMEOS_EXPORT StringSubstitution {
57 public:
58  StringSubstitution() {}
59  virtual ~StringSubstitution() {}
60
61  // Returns the replacement string for |placeholder| in
62  // |substitute|. Currently, substitutes::kLoginIDField and
63  // substitutes::kEmailField are supported.
64  virtual bool GetSubstitute(const std::string& placeholder,
65                             std::string* substitute) const = 0;
66
67 private:
68  DISALLOW_COPY_AND_ASSIGN(StringSubstitution);
69};
70
71// Replaces all expandable fields that are mentioned in the ONC
72// specification. The object of |onc_object| is modified in place. Currently
73// substitutes::kLoginIDField and substitutes::kEmailField are expanded. The
74// replacement strings are obtained from |substitution|.
75CHROMEOS_EXPORT void ExpandStringsInOncObject(
76    const OncValueSignature& signature,
77    const StringSubstitution& substitution,
78    base::DictionaryValue* onc_object);
79
80// Replaces expandable fields in the networks of |network_configs|, which must
81// be a list of ONC NetworkConfigurations. See ExpandStringsInOncObject above.
82CHROMEOS_EXPORT void ExpandStringsInNetworks(
83    const StringSubstitution& substitution,
84    base::ListValue* network_configs);
85
86// Creates a copy of |onc_object| with all values of sensitive fields replaced
87// by |mask|. To find sensitive fields, signature and field name are checked
88// with the function FieldIsCredential().
89CHROMEOS_EXPORT scoped_ptr<base::DictionaryValue> MaskCredentialsInOncObject(
90    const OncValueSignature& signature,
91    const base::DictionaryValue& onc_object,
92    const std::string& mask);
93
94// Decrypts |onc_blob| with |passphrase| if necessary. Clears |network_configs|,
95// |global_network_config| and |certificates| and fills them with the validated
96// NetworkConfigurations, GlobalNetworkConfiguration and Certificates of
97// |onc_blob|. Returns false if any validation errors or warnings occurred.
98// Still, some configuration might be added to the output arguments and should
99// be further processed by the caller.
100CHROMEOS_EXPORT bool ParseAndValidateOncForImport(
101    const std::string& onc_blob,
102    ::onc::ONCSource onc_source,
103    const std::string& passphrase,
104    base::ListValue* network_configs,
105    base::DictionaryValue* global_network_config,
106    base::ListValue* certificates);
107
108// Parse the given PEM encoded certificate |pem_encoded| and create a
109// X509Certificate from it.
110CHROMEOS_EXPORT scoped_refptr<net::X509Certificate> DecodePEMCertificate(
111    const std::string& pem_encoded);
112
113// Replaces all references by GUID to Server or CA certs by their PEM
114// encoding. Returns true if all references could be resolved. Otherwise returns
115// false and network configurations with unresolveable references are removed
116// from |network_configs|. |network_configs| must be a list of ONC
117// NetworkConfiguration dictionaries.
118CHROMEOS_EXPORT bool ResolveServerCertRefsInNetworks(
119    const CertPEMsByGUIDMap& certs_by_guid,
120    base::ListValue* network_configs);
121
122// Replaces all references by GUID to Server or CA certs by their PEM
123// encoding. Returns true if all references could be resolved. |network_config|
124// must be a ONC NetworkConfiguration.
125CHROMEOS_EXPORT bool ResolveServerCertRefsInNetwork(
126    const CertPEMsByGUIDMap& certs_by_guid,
127    base::DictionaryValue* network_config);
128
129// Returns a network type pattern for matching the ONC type string.
130CHROMEOS_EXPORT NetworkTypePattern NetworkTypePatternFromOncType(
131    const std::string& type);
132
133// Returns true if |property_key| is a recommended value in the ONC dictionary.
134CHROMEOS_EXPORT bool IsRecommendedValue(const base::DictionaryValue* onc,
135                                        const std::string& property_key);
136
137}  // namespace onc
138}  // namespace chromeos
139
140#endif  // CHROMEOS_NETWORK_ONC_ONC_UTILS_H_
141