| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/onc/onc_validator.h" | 5 #include "chromeos/network/onc/onc_validator.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/json/json_writer.h" | 10 #include "base/json/json_writer.h" |
| (...skipping 336 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 347 } | 347 } |
| 348 error_or_warning_found_ = true; | 348 error_or_warning_found_ = true; |
| 349 path_.push_back(field_name); | 349 path_.push_back(field_name); |
| 350 LOG(ERROR) << ErrorHeader() << "Found value '" << actual_value | 350 LOG(ERROR) << ErrorHeader() << "Found value '" << actual_value |
| 351 << "', but expected a value in the range [" << lower_bound | 351 << "', but expected a value in the range [" << lower_bound |
| 352 << ", " << upper_bound << "] (boundaries inclusive)"; | 352 << ", " << upper_bound << "] (boundaries inclusive)"; |
| 353 path_.pop_back(); | 353 path_.pop_back(); |
| 354 return true; | 354 return true; |
| 355 } | 355 } |
| 356 | 356 |
| 357 bool Validator::FieldExistsAndIsEmpty(const base::DictionaryValue& object, |
| 358 const std::string& field_name) { |
| 359 std::string value; |
| 360 if (!object.GetStringWithoutPathExpansion(field_name, &value) || |
| 361 !value.empty()) { |
| 362 return false; |
| 363 } |
| 364 |
| 365 error_or_warning_found_ = true; |
| 366 path_.push_back(field_name); |
| 367 LOG(ERROR) << ErrorHeader() << "Found an empty string, but expected a " |
| 368 << "non-empty string."; |
| 369 path_.pop_back(); |
| 370 return true; |
| 371 } |
| 372 |
| 357 bool Validator::RequireField(const base::DictionaryValue& dict, | 373 bool Validator::RequireField(const base::DictionaryValue& dict, |
| 358 const std::string& field_name) { | 374 const std::string& field_name) { |
| 359 if (dict.HasKey(field_name)) | 375 if (dict.HasKey(field_name)) |
| 360 return true; | 376 return true; |
| 361 error_or_warning_found_ = true; | 377 error_or_warning_found_ = true; |
| 362 LOG(ERROR) << ErrorHeader() << "The required field '" << field_name | 378 LOG(ERROR) << ErrorHeader() << "The required field '" << field_name |
| 363 << "' is missing."; | 379 << "' is missing."; |
| 364 return false; | 380 return false; |
| 365 } | 381 } |
| 366 | 382 |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 424 if (!ValidateObjectDefault(kNetworkConfigurationSignature, | 440 if (!ValidateObjectDefault(kNetworkConfigurationSignature, |
| 425 onc_object, result)) { | 441 onc_object, result)) { |
| 426 return false; | 442 return false; |
| 427 } | 443 } |
| 428 | 444 |
| 429 static const char* kValidTypes[] = { network_type::kEthernet, | 445 static const char* kValidTypes[] = { network_type::kEthernet, |
| 430 network_type::kVPN, | 446 network_type::kVPN, |
| 431 network_type::kWiFi, | 447 network_type::kWiFi, |
| 432 network_type::kCellular, | 448 network_type::kCellular, |
| 433 NULL }; | 449 NULL }; |
| 434 if (FieldExistsAndHasNoValidValue(*result, | 450 if (FieldExistsAndHasNoValidValue(*result, kType, kValidTypes) || |
| 435 kType, | 451 FieldExistsAndIsEmpty(*result, kGUID)) { |
| 436 kValidTypes)) | |
| 437 return false; | 452 return false; |
| 453 } |
| 438 | 454 |
| 439 bool allRequiredExist = RequireField(*result, kGUID); | 455 bool allRequiredExist = RequireField(*result, kGUID); |
| 440 | 456 |
| 441 bool remove = false; | 457 bool remove = false; |
| 442 result->GetBooleanWithoutPathExpansion(kRemove, &remove); | 458 result->GetBooleanWithoutPathExpansion(kRemove, &remove); |
| 443 if (!remove) { | 459 if (!remove) { |
| 444 allRequiredExist &= RequireField(*result, kName); | 460 allRequiredExist &= RequireField(*result, kName); |
| 445 allRequiredExist &= RequireField(*result, kType); | 461 allRequiredExist &= RequireField(*result, kType); |
| 446 | 462 |
| 447 std::string type; | 463 std::string type; |
| (...skipping 302 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 750 } | 766 } |
| 751 | 767 |
| 752 bool Validator::ValidateCertificate( | 768 bool Validator::ValidateCertificate( |
| 753 const base::DictionaryValue& onc_object, | 769 const base::DictionaryValue& onc_object, |
| 754 base::DictionaryValue* result) { | 770 base::DictionaryValue* result) { |
| 755 using namespace onc::certificate; | 771 using namespace onc::certificate; |
| 756 if (!ValidateObjectDefault(kCertificateSignature, onc_object, result)) | 772 if (!ValidateObjectDefault(kCertificateSignature, onc_object, result)) |
| 757 return false; | 773 return false; |
| 758 | 774 |
| 759 static const char* kValidTypes[] = { kClient, kServer, kAuthority, NULL }; | 775 static const char* kValidTypes[] = { kClient, kServer, kAuthority, NULL }; |
| 760 if (FieldExistsAndHasNoValidValue(*result, kType, kValidTypes)) | 776 if (FieldExistsAndHasNoValidValue(*result, kType, kValidTypes) || |
| 777 FieldExistsAndIsEmpty(*result, kGUID)) { |
| 761 return false; | 778 return false; |
| 779 } |
| 780 |
| 781 std::string type; |
| 782 result->GetStringWithoutPathExpansion(kType, &type); |
| 783 if (onc_source_ == ONC_SOURCE_DEVICE_POLICY && |
| 784 (type == kServer || type == kAuthority)) { |
| 785 error_or_warning_found_ = true; |
| 786 LOG(ERROR) << ErrorHeader() << "Server and authority certificates are " |
| 787 << "prohibited in ONC device policies."; |
| 788 return false; |
| 789 } |
| 762 | 790 |
| 763 bool allRequiredExist = RequireField(*result, kGUID); | 791 bool allRequiredExist = RequireField(*result, kGUID); |
| 764 | 792 |
| 765 bool remove = false; | 793 bool remove = false; |
| 766 result->GetBooleanWithoutPathExpansion(kRemove, &remove); | 794 result->GetBooleanWithoutPathExpansion(kRemove, &remove); |
| 767 if (!remove) { | 795 if (!remove) { |
| 768 allRequiredExist &= RequireField(*result, kType); | 796 allRequiredExist &= RequireField(*result, kType); |
| 769 | 797 |
| 770 std::string type; | |
| 771 result->GetStringWithoutPathExpansion(kType, &type); | |
| 772 if (type == kClient) | 798 if (type == kClient) |
| 773 allRequiredExist &= RequireField(*result, kPKCS12); | 799 allRequiredExist &= RequireField(*result, kPKCS12); |
| 774 else if (type == kServer || type == kAuthority) | 800 else if (type == kServer || type == kAuthority) |
| 775 allRequiredExist &= RequireField(*result, kX509); | 801 allRequiredExist &= RequireField(*result, kX509); |
| 776 } | 802 } |
| 777 | 803 |
| 778 return !error_on_missing_field_ || allRequiredExist; | 804 return !error_on_missing_field_ || allRequiredExist; |
| 779 } | 805 } |
| 780 | 806 |
| 781 std::string Validator::WarningHeader() { | 807 std::string Validator::WarningHeader() { |
| 782 return MessageHeader(false); | 808 return MessageHeader(false); |
| 783 } | 809 } |
| 784 | 810 |
| 785 std::string Validator::ErrorHeader() { | 811 std::string Validator::ErrorHeader() { |
| 786 return MessageHeader(true); | 812 return MessageHeader(true); |
| 787 } | 813 } |
| 788 | 814 |
| 789 std::string Validator::MessageHeader(bool is_error) { | 815 std::string Validator::MessageHeader(bool is_error) { |
| 790 std::string path = path_.empty() ? "toplevel" : JoinString(path_, "."); | 816 std::string path = path_.empty() ? "toplevel" : JoinString(path_, "."); |
| 791 std::string message = "At " + path + ": "; | 817 std::string message = "At " + path + ": "; |
| 792 return message; | 818 return message; |
| 793 } | 819 } |
| 794 | 820 |
| 795 } // namespace onc | 821 } // namespace onc |
| 796 } // namespace chromeos | 822 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11970012:
Add a check for server and CA certificates in device policies to the ONC validator. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src