Home | History | Annotate | Download | only in onc
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chromeos/network/onc/onc_signature.h"
      6 
      7 #include "chromeos/network/onc/onc_constants.h"
      8 #include "third_party/cros_system_api/dbus/service_constants.h"
      9 
     10 using base::Value;
     11 
     12 namespace chromeos {
     13 namespace onc {
     14 namespace {
     15 
     16 const OncValueSignature kBoolSignature = {
     17   Value::TYPE_BOOLEAN, NULL
     18 };
     19 const OncValueSignature kStringSignature = {
     20   Value::TYPE_STRING, NULL
     21 };
     22 const OncValueSignature kIntegerSignature = {
     23   Value::TYPE_INTEGER, NULL
     24 };
     25 const OncValueSignature kStringListSignature = {
     26   Value::TYPE_LIST, NULL, &kStringSignature
     27 };
     28 const OncValueSignature kIntegerListSignature = {
     29   Value::TYPE_LIST, NULL, &kIntegerSignature
     30 };
     31 const OncValueSignature kIPConfigListSignature = {
     32   Value::TYPE_LIST, NULL, &kIPConfigSignature
     33 };
     34 
     35 const OncFieldSignature issuer_subject_pattern_fields[] = {
     36   { certificate::kCommonName, &kStringSignature },
     37   { certificate::kLocality, &kStringSignature },
     38   { certificate::kOrganization, &kStringSignature },
     39   { certificate::kOrganizationalUnit, &kStringSignature },
     40   { NULL }
     41 };
     42 
     43 const OncFieldSignature certificate_pattern_fields[] = {
     44   { kRecommended, &kRecommendedSignature },
     45   { certificate::kEnrollmentURI, &kStringListSignature },
     46   { certificate::kIssuer, &kIssuerSubjectPatternSignature },
     47   { certificate::kIssuerCARef, &kStringListSignature },
     48   { certificate::kIssuerCAPEMs, &kStringListSignature },
     49   { certificate::kSubject, &kIssuerSubjectPatternSignature },
     50   { NULL }
     51 };
     52 
     53 const OncFieldSignature eap_fields[] = {
     54   { kRecommended, &kRecommendedSignature },
     55   { eap::kAnonymousIdentity, &kStringSignature },
     56   { eap::kClientCertPattern, &kCertificatePatternSignature },
     57   { eap::kClientCertRef, &kStringSignature },
     58   { eap::kClientCertType, &kStringSignature },
     59   { eap::kIdentity, &kStringSignature },
     60   { eap::kInner, &kStringSignature },
     61   { eap::kOuter, &kStringSignature },
     62   { eap::kPassword, &kStringSignature },
     63   { eap::kSaveCredentials, &kBoolSignature },
     64   { eap::kServerCAPEMs, &kStringListSignature },
     65   { eap::kServerCARef, &kStringSignature },
     66   { eap::kUseSystemCAs, &kBoolSignature },
     67   { NULL }
     68 };
     69 
     70 const OncFieldSignature ipsec_fields[] = {
     71   { kRecommended, &kRecommendedSignature },
     72   { ipsec::kAuthenticationType, &kStringSignature },
     73   { vpn::kClientCertPattern, &kCertificatePatternSignature },
     74   { vpn::kClientCertRef, &kStringSignature },
     75   { vpn::kClientCertType, &kStringSignature },
     76   { ipsec::kGroup, &kStringSignature },
     77   { ipsec::kIKEVersion, &kIntegerSignature },
     78   { ipsec::kPSK, &kStringSignature },
     79   { vpn::kSaveCredentials, &kBoolSignature },
     80   { ipsec::kServerCAPEMs, &kStringSignature },
     81   { ipsec::kServerCARef, &kStringSignature },
     82   // Not yet supported.
     83   //  { ipsec::kEAP, &kEAPSignature },
     84   //  { ipsec::kXAUTH, &kXAUTHSignature },
     85   { NULL }
     86 };
     87 
     88 const OncFieldSignature l2tp_fields[] = {
     89   { kRecommended, &kRecommendedSignature },
     90   { vpn::kPassword, &kStringSignature },
     91   { vpn::kSaveCredentials, &kBoolSignature },
     92   { vpn::kUsername, &kStringSignature },
     93   { NULL }
     94 };
     95 
     96 const OncFieldSignature openvpn_fields[] = {
     97   { kRecommended, &kRecommendedSignature },
     98   { openvpn::kAuth, &kStringSignature },
     99   { openvpn::kAuthNoCache, &kBoolSignature },
    100   { openvpn::kAuthRetry, &kStringSignature },
    101   { openvpn::kCipher, &kStringSignature },
    102   { vpn::kClientCertPattern, &kCertificatePatternSignature },
    103   { vpn::kClientCertRef, &kStringSignature },
    104   { vpn::kClientCertType, &kStringSignature },
    105   { openvpn::kCompLZO, &kStringSignature },
    106   { openvpn::kCompNoAdapt, &kBoolSignature },
    107   { openvpn::kKeyDirection, &kStringSignature },
    108   { openvpn::kNsCertType, &kStringSignature },
    109   { vpn::kPassword, &kStringSignature },
    110   { openvpn::kPort, &kIntegerSignature },
    111   { openvpn::kProto, &kStringSignature },
    112   { openvpn::kPushPeerInfo, &kBoolSignature },
    113   { openvpn::kRemoteCertEKU, &kStringSignature },
    114   { openvpn::kRemoteCertKU, &kStringListSignature },
    115   { openvpn::kRemoteCertTLS, &kStringSignature },
    116   { openvpn::kRenegSec, &kIntegerSignature },
    117   { vpn::kSaveCredentials, &kBoolSignature },
    118   { openvpn::kServerCAPEMs, &kStringListSignature },
    119   { openvpn::kServerCARef, &kStringSignature },
    120   // Not supported, yet.
    121   { openvpn::kServerCertPEM, &kStringSignature },
    122   { openvpn::kServerCertRef, &kStringSignature },
    123   { openvpn::kServerPollTimeout, &kIntegerSignature },
    124   { openvpn::kShaper, &kIntegerSignature },
    125   { openvpn::kStaticChallenge, &kStringSignature },
    126   { openvpn::kTLSAuthContents, &kStringSignature },
    127   { openvpn::kTLSRemote, &kStringSignature },
    128   { vpn::kUsername, &kStringSignature },
    129   // Not supported, yet.
    130   { openvpn::kVerb, &kStringSignature },
    131   { NULL }
    132 };
    133 
    134 const OncFieldSignature vpn_fields[] = {
    135   { kRecommended, &kRecommendedSignature },
    136   { vpn::kAutoConnect, &kBoolSignature },
    137   { vpn::kHost, &kStringSignature },
    138   { vpn::kIPsec, &kIPsecSignature },
    139   { vpn::kL2TP, &kL2TPSignature },
    140   { vpn::kOpenVPN, &kOpenVPNSignature },
    141   { vpn::kType, &kStringSignature },
    142   { NULL }
    143 };
    144 
    145 const OncFieldSignature ethernet_fields[] = {
    146   { kRecommended, &kRecommendedSignature },
    147   // Not supported, yet.
    148   { ethernet::kAuthentication, &kStringSignature },
    149   { ethernet::kEAP, &kEAPSignature },
    150   { NULL }
    151 };
    152 
    153 // Not supported, yet.
    154 const OncFieldSignature ipconfig_fields[] = {
    155   { ipconfig::kGateway, &kStringSignature },
    156   { ipconfig::kIPAddress, &kStringSignature },
    157   { network_config::kNameServers, &kStringSignature },
    158   { ipconfig::kRoutingPrefix, &kIntegerSignature },
    159   { network_config::kSearchDomains, &kStringListSignature },
    160   { ipconfig::kType, &kStringSignature },
    161   { NULL }
    162 };
    163 
    164 const OncFieldSignature proxy_location_fields[] = {
    165   { proxy::kHost, &kStringSignature },
    166   { proxy::kPort, &kIntegerSignature },
    167   { NULL }
    168 };
    169 
    170 const OncFieldSignature proxy_manual_fields[] = {
    171   { proxy::kFtp, &kProxyLocationSignature },
    172   { proxy::kHttp, &kProxyLocationSignature },
    173   { proxy::kHttps, &kProxyLocationSignature },
    174   { proxy::kSocks, &kProxyLocationSignature },
    175   { NULL }
    176 };
    177 
    178 const OncFieldSignature proxy_settings_fields[] = {
    179   { kRecommended, &kRecommendedSignature },
    180   { proxy::kExcludeDomains, &kStringListSignature },
    181   { proxy::kManual, &kProxyManualSignature },
    182   { proxy::kPAC, &kStringSignature },
    183   { proxy::kType, &kStringSignature },
    184   { NULL }
    185 };
    186 
    187 const OncFieldSignature wifi_fields[] = {
    188   { kRecommended, &kRecommendedSignature },
    189   { wifi::kAutoConnect, &kBoolSignature },
    190   { wifi::kEAP, &kEAPSignature },
    191   { wifi::kHiddenSSID, &kBoolSignature },
    192   { wifi::kPassphrase, &kStringSignature },
    193   { wifi::kSSID, &kStringSignature },
    194   { wifi::kSecurity, &kStringSignature },
    195   { NULL }
    196 };
    197 
    198 const OncFieldSignature wifi_with_state_fields[] = {
    199   { wifi::kBSSID, &kStringSignature },
    200   { wifi::kFrequency, &kIntegerSignature },
    201   { wifi::kFrequencyList, &kIntegerListSignature },
    202   { wifi::kSignalStrength, &kIntegerSignature },
    203   { NULL }
    204 };
    205 
    206 const OncFieldSignature cellular_with_state_fields[] = {
    207   { kRecommended, &kRecommendedSignature },
    208   { cellular::kActivateOverNonCellularNetwork, &kBoolSignature },
    209   { cellular::kActivationState, &kStringSignature },
    210   { cellular::kAllowRoaming, &kStringSignature },
    211   { cellular::kAPN, &kStringSignature },
    212   { cellular::kCarrier, &kStringSignature },
    213   { cellular::kESN, &kStringSignature },
    214   { cellular::kFamily, &kStringSignature },
    215   { cellular::kFirmwareRevision, &kStringSignature },
    216   { cellular::kFoundNetworks, &kStringSignature },
    217   { cellular::kHardwareRevision, &kStringSignature },
    218   { cellular::kHomeProvider, &kStringSignature },
    219   { cellular::kICCID, &kStringSignature },
    220   { cellular::kIMEI, &kStringSignature },
    221   { cellular::kIMSI, &kStringSignature },
    222   { cellular::kManufacturer, &kStringSignature },
    223   { cellular::kMDN, &kStringSignature },
    224   { cellular::kMEID, &kStringSignature },
    225   { cellular::kMIN, &kStringSignature },
    226   { cellular::kModelID, &kStringSignature },
    227   { cellular::kNetworkTechnology, &kStringSignature },
    228   { cellular::kOperatorCode, &kStringSignature },
    229   { cellular::kOperatorName, &kStringSignature },
    230   { cellular::kPRLVersion, &kStringSignature },
    231   { cellular::kProviderRequiresRoaming, &kStringSignature },
    232   { cellular::kRoamingState, &kStringSignature },
    233   { cellular::kSelectedNetwork, &kStringSignature },
    234   { cellular::kServingOperator, &kStringSignature },
    235   { cellular::kSIMLockStatus, &kStringSignature },
    236   { cellular::kSIMPresent, &kStringSignature },
    237   { cellular::kSupportedCarriers, &kStringSignature },
    238   { cellular::kSupportNetworkScan, &kStringSignature },
    239   { NULL }
    240 };
    241 
    242 const OncFieldSignature network_configuration_fields[] = {
    243   { kRecommended, &kRecommendedSignature },
    244   { network_config::kEthernet, &kEthernetSignature },
    245   { network_config::kGUID, &kStringSignature },
    246   // Not supported, yet.
    247   { network_config::kIPConfigs, &kIPConfigListSignature },
    248   { network_config::kName, &kStringSignature },
    249   // Not supported, yet.
    250   { network_config::kNameServers, &kStringListSignature },
    251   { network_config::kProxySettings, &kProxySettingsSignature },
    252   { kRemove, &kBoolSignature },
    253   // Not supported, yet.
    254   { network_config::kSearchDomains, &kStringListSignature },
    255   { network_config::kType, &kStringSignature },
    256   { network_config::kVPN, &kVPNSignature },
    257   { network_config::kWiFi, &kWiFiSignature },
    258   { NULL }
    259 };
    260 
    261 const OncFieldSignature network_with_state_fields[] = {
    262   { network_config::kCellular, &kCellularWithStateSignature },
    263   { network_config::kConnectionState, &kStringSignature },
    264   { network_config::kWiFi, &kWiFiWithStateSignature },
    265   { NULL }
    266 };
    267 
    268 const OncFieldSignature certificate_fields[] = {
    269   { certificate::kGUID, &kStringSignature },
    270   { certificate::kPKCS12, &kStringSignature },
    271   { kRemove, &kBoolSignature },
    272   { certificate::kTrustBits, &kStringListSignature },
    273   { certificate::kType, &kStringSignature },
    274   { certificate::kX509, &kStringSignature },
    275   { NULL }
    276 };
    277 
    278 const OncFieldSignature toplevel_configuration_fields[] = {
    279   { toplevel_config::kCertificates, &kCertificateListSignature },
    280   { toplevel_config::kNetworkConfigurations,
    281     &kNetworkConfigurationListSignature },
    282   { toplevel_config::kType, &kStringSignature },
    283   { encrypted::kCipher, &kStringSignature },
    284   { encrypted::kCiphertext, &kStringSignature },
    285   { encrypted::kHMAC, &kStringSignature },
    286   { encrypted::kHMACMethod, &kStringSignature },
    287   { encrypted::kIV, &kStringSignature },
    288   { encrypted::kIterations, &kIntegerSignature },
    289   { encrypted::kSalt, &kStringSignature },
    290   { encrypted::kStretch, &kStringSignature },
    291   { NULL }
    292 };
    293 
    294 }  // namespace
    295 
    296 const OncValueSignature kRecommendedSignature = {
    297   Value::TYPE_LIST, NULL, &kStringSignature
    298 };
    299 const OncValueSignature kEAPSignature = {
    300   Value::TYPE_DICTIONARY, eap_fields, NULL
    301 };
    302 const OncValueSignature kIssuerSubjectPatternSignature = {
    303   Value::TYPE_DICTIONARY, issuer_subject_pattern_fields, NULL
    304 };
    305 const OncValueSignature kCertificatePatternSignature = {
    306   Value::TYPE_DICTIONARY, certificate_pattern_fields, NULL
    307 };
    308 const OncValueSignature kIPsecSignature = {
    309   Value::TYPE_DICTIONARY, ipsec_fields, NULL
    310 };
    311 const OncValueSignature kL2TPSignature = {
    312   Value::TYPE_DICTIONARY, l2tp_fields, NULL
    313 };
    314 const OncValueSignature kOpenVPNSignature = {
    315   Value::TYPE_DICTIONARY, openvpn_fields, NULL
    316 };
    317 const OncValueSignature kVPNSignature = {
    318   Value::TYPE_DICTIONARY, vpn_fields, NULL
    319 };
    320 const OncValueSignature kEthernetSignature = {
    321   Value::TYPE_DICTIONARY, ethernet_fields, NULL
    322 };
    323 const OncValueSignature kIPConfigSignature = {
    324   Value::TYPE_DICTIONARY, ipconfig_fields, NULL
    325 };
    326 const OncValueSignature kProxyLocationSignature = {
    327   Value::TYPE_DICTIONARY, proxy_location_fields, NULL
    328 };
    329 const OncValueSignature kProxyManualSignature = {
    330   Value::TYPE_DICTIONARY, proxy_manual_fields, NULL
    331 };
    332 const OncValueSignature kProxySettingsSignature = {
    333   Value::TYPE_DICTIONARY, proxy_settings_fields, NULL
    334 };
    335 const OncValueSignature kWiFiSignature = {
    336   Value::TYPE_DICTIONARY, wifi_fields, NULL
    337 };
    338 const OncValueSignature kCertificateSignature = {
    339   Value::TYPE_DICTIONARY, certificate_fields, NULL
    340 };
    341 const OncValueSignature kNetworkConfigurationSignature = {
    342   Value::TYPE_DICTIONARY, network_configuration_fields, NULL
    343 };
    344 const OncValueSignature kCertificateListSignature = {
    345   Value::TYPE_LIST, NULL, &kCertificateSignature
    346 };
    347 const OncValueSignature kNetworkConfigurationListSignature = {
    348   Value::TYPE_LIST, NULL, &kNetworkConfigurationSignature
    349 };
    350 const OncValueSignature kToplevelConfigurationSignature = {
    351   Value::TYPE_DICTIONARY, toplevel_configuration_fields, NULL
    352 };
    353 
    354 // Derived "ONC with State" signatures.
    355 const OncValueSignature kNetworkWithStateSignature = {
    356   Value::TYPE_DICTIONARY, network_with_state_fields, NULL,
    357   &kNetworkConfigurationSignature
    358 };
    359 const OncValueSignature kWiFiWithStateSignature = {
    360   Value::TYPE_DICTIONARY, wifi_with_state_fields, NULL, &kWiFiSignature
    361 };
    362 const OncValueSignature kCellularWithStateSignature = {
    363   Value::TYPE_DICTIONARY, cellular_with_state_fields, NULL
    364 };
    365 
    366 const OncFieldSignature* GetFieldSignature(const OncValueSignature& signature,
    367                                            const std::string& onc_field_name) {
    368   if (!signature.fields)
    369     return NULL;
    370   for (const OncFieldSignature* field_signature = signature.fields;
    371        field_signature->onc_field_name != NULL; ++field_signature) {
    372     if (onc_field_name == field_signature->onc_field_name)
    373       return field_signature;
    374   }
    375   if (signature.base_signature)
    376     return GetFieldSignature(*signature.base_signature, onc_field_name);
    377   return NULL;
    378 }
    379 
    380 namespace {
    381 
    382 struct CredentialEntry {
    383   const OncValueSignature* value_signature;
    384   const char* field_name;
    385 };
    386 
    387 const CredentialEntry credentials[] = {
    388   { &kEAPSignature, onc::eap::kPassword },
    389   { &kIPsecSignature, onc::ipsec::kPSK },
    390   { &kL2TPSignature, onc::vpn::kPassword },
    391   { &kOpenVPNSignature, onc::vpn::kPassword },
    392   { &kOpenVPNSignature, onc::openvpn::kTLSAuthContents },
    393   { &kWiFiSignature, onc::wifi::kPassphrase },
    394   { NULL }
    395 };
    396 
    397 }  // namespace
    398 
    399 bool FieldIsCredential(const OncValueSignature& signature,
    400                        const std::string& onc_field_name) {
    401   for (const CredentialEntry* entry = credentials;
    402        entry->value_signature != NULL; ++entry) {
    403     if (&signature == entry->value_signature &&
    404         onc_field_name == entry->field_name) {
    405       return true;
    406     }
    407   }
    408   return false;
    409 }
    410 
    411 }  // namespace onc
    412 }  // namespace chromeos
    413