chromeos/network/onc/onc_validator.cc - Issue 11970012: Add a check for server and CA certificates in device policies to the ONC validator.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chromeos/network/onc/onc_validator.cc

Issue 11970012: Add a check for server and CA certificates in device policies to the ONC validator. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Fixing unit tests. Created 7 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chromeos/network/onc/onc_validator.cc

diff --git a/chromeos/network/onc/onc_validator.cc b/chromeos/network/onc/onc_validator.cc

index 3c74cfff2fbc113169dd87348f64fcfb5d892991..d80844ffaac3161e2a9442637f7b21c3b084bc69 100644

--- a/chromeos/network/onc/onc_validator.cc

+++ b/chromeos/network/onc/onc_validator.cc

@@ -354,6 +354,22 @@ bool Validator::FieldExistsAndIsNotInRange(const base::DictionaryValue& object,

return true;

}

+bool Validator::FieldExistsAndIsEmpty(const base::DictionaryValue& object,

+ const std::string& field_name) {

+ std::string value;

+ if (!object.GetStringWithoutPathExpansion(field_name, &value) ||

+ !value.empty()) {

+ return false;

+ }

+ error_or_warning_found_ = true;

+ path_.push_back(field_name);

+ LOG(ERROR) << ErrorHeader() << "Found an empty string, but expected a "

+ << "non-empty string.";

+ path_.pop_back();

+ return true;

bool Validator::RequireField(const base::DictionaryValue& dict,

const std::string& field_name) {

if (dict.HasKey(field_name))

@@ -431,10 +447,10 @@ bool Validator::ValidateNetworkConfiguration(

network_type::kWiFi,

network_type::kCellular,

NULL };

- if (FieldExistsAndHasNoValidValue(*result,

- kType,

- kValidTypes))

+ if (FieldExistsAndHasNoValidValue(*result, kType, kValidTypes) ||

+ FieldExistsAndIsEmpty(*result, kGUID)) {

return false;

+ }

bool allRequiredExist = RequireField(*result, kGUID);

@@ -757,8 +773,20 @@ bool Validator::ValidateCertificate(

return false;

static const char* kValidTypes[] = { kClient, kServer, kAuthority, NULL };

- if (FieldExistsAndHasNoValidValue(*result, kType, kValidTypes))

+ if (FieldExistsAndHasNoValidValue(*result, kType, kValidTypes) ||

+ FieldExistsAndIsEmpty(*result, kGUID)) {

return false;

+ }

+ std::string type;

+ result->GetStringWithoutPathExpansion(kType, &type);

+ if (onc_source_ == ONC_SOURCE_DEVICE_POLICY &&

+ (type == kServer || type == kAuthority)) {

+ error_or_warning_found_ = true;

+ LOG(ERROR) << ErrorHeader() << "Server and authority certificates are "

+ << "prohibited in ONC device policies.";

+ return false;

+ }

bool allRequiredExist = RequireField(*result, kGUID);

@@ -767,8 +795,6 @@ bool Validator::ValidateCertificate(

if (!remove) {

allRequiredExist &= RequireField(*result, kType);

- std::string type;

- result->GetStringWithoutPathExpansion(kType, &type);

if (type == kClient)

allRequiredExist &= RequireField(*result, kPKCS12);

else if (type == kServer || type == kAuthority)

« no previous file with comments | « chromeos/network/onc/onc_validator.h ('k') | chromeos/network/onc/onc_validator_unittest.cc » ('j') | no next file with comments »