1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chromeos/network/onc/onc_signature.h" 6 7 #include "chromeos/network/onc/onc_constants.h" 8 #include "third_party/cros_system_api/dbus/service_constants.h" 9 10 using base::Value; 11 12 namespace chromeos { 13 namespace onc { 14 namespace { 15 16 const OncValueSignature kBoolSignature = { 17 Value::TYPE_BOOLEAN, NULL 18 }; 19 const OncValueSignature kStringSignature = { 20 Value::TYPE_STRING, NULL 21 }; 22 const OncValueSignature kIntegerSignature = { 23 Value::TYPE_INTEGER, NULL 24 }; 25 const OncValueSignature kStringListSignature = { 26 Value::TYPE_LIST, NULL, &kStringSignature 27 }; 28 const OncValueSignature kIntegerListSignature = { 29 Value::TYPE_LIST, NULL, &kIntegerSignature 30 }; 31 const OncValueSignature kIPConfigListSignature = { 32 Value::TYPE_LIST, NULL, &kIPConfigSignature 33 }; 34 35 const OncFieldSignature issuer_subject_pattern_fields[] = { 36 { certificate::kCommonName, &kStringSignature }, 37 { certificate::kLocality, &kStringSignature }, 38 { certificate::kOrganization, &kStringSignature }, 39 { certificate::kOrganizationalUnit, &kStringSignature }, 40 { NULL } 41 }; 42 43 const OncFieldSignature certificate_pattern_fields[] = { 44 { kRecommended, &kRecommendedSignature }, 45 { certificate::kEnrollmentURI, &kStringListSignature }, 46 { certificate::kIssuer, &kIssuerSubjectPatternSignature }, 47 { certificate::kIssuerCARef, &kStringListSignature }, 48 { certificate::kIssuerCAPEMs, &kStringListSignature }, 49 { certificate::kSubject, &kIssuerSubjectPatternSignature }, 50 { NULL } 51 }; 52 53 const OncFieldSignature eap_fields[] = { 54 { kRecommended, &kRecommendedSignature }, 55 { eap::kAnonymousIdentity, &kStringSignature }, 56 { eap::kClientCertPattern, &kCertificatePatternSignature }, 57 { eap::kClientCertRef, &kStringSignature }, 58 { eap::kClientCertType, &kStringSignature }, 59 { eap::kIdentity, &kStringSignature }, 60 { eap::kInner, &kStringSignature }, 61 { eap::kOuter, &kStringSignature }, 62 { eap::kPassword, &kStringSignature }, 63 { eap::kSaveCredentials, &kBoolSignature }, 64 { eap::kServerCAPEMs, &kStringListSignature }, 65 { eap::kServerCARef, &kStringSignature }, 66 { eap::kUseSystemCAs, &kBoolSignature }, 67 { NULL } 68 }; 69 70 const OncFieldSignature ipsec_fields[] = { 71 { kRecommended, &kRecommendedSignature }, 72 { ipsec::kAuthenticationType, &kStringSignature }, 73 { vpn::kClientCertPattern, &kCertificatePatternSignature }, 74 { vpn::kClientCertRef, &kStringSignature }, 75 { vpn::kClientCertType, &kStringSignature }, 76 { ipsec::kGroup, &kStringSignature }, 77 { ipsec::kIKEVersion, &kIntegerSignature }, 78 { ipsec::kPSK, &kStringSignature }, 79 { vpn::kSaveCredentials, &kBoolSignature }, 80 { ipsec::kServerCAPEMs, &kStringSignature }, 81 { ipsec::kServerCARef, &kStringSignature }, 82 // Not yet supported. 83 // { ipsec::kEAP, &kEAPSignature }, 84 // { ipsec::kXAUTH, &kXAUTHSignature }, 85 { NULL } 86 }; 87 88 const OncFieldSignature l2tp_fields[] = { 89 { kRecommended, &kRecommendedSignature }, 90 { vpn::kPassword, &kStringSignature }, 91 { vpn::kSaveCredentials, &kBoolSignature }, 92 { vpn::kUsername, &kStringSignature }, 93 { NULL } 94 }; 95 96 const OncFieldSignature openvpn_fields[] = { 97 { kRecommended, &kRecommendedSignature }, 98 { openvpn::kAuth, &kStringSignature }, 99 { openvpn::kAuthNoCache, &kBoolSignature }, 100 { openvpn::kAuthRetry, &kStringSignature }, 101 { openvpn::kCipher, &kStringSignature }, 102 { vpn::kClientCertPattern, &kCertificatePatternSignature }, 103 { vpn::kClientCertRef, &kStringSignature }, 104 { vpn::kClientCertType, &kStringSignature }, 105 { openvpn::kCompLZO, &kStringSignature }, 106 { openvpn::kCompNoAdapt, &kBoolSignature }, 107 { openvpn::kKeyDirection, &kStringSignature }, 108 { openvpn::kNsCertType, &kStringSignature }, 109 { vpn::kPassword, &kStringSignature }, 110 { openvpn::kPort, &kIntegerSignature }, 111 { openvpn::kProto, &kStringSignature }, 112 { openvpn::kPushPeerInfo, &kBoolSignature }, 113 { openvpn::kRemoteCertEKU, &kStringSignature }, 114 { openvpn::kRemoteCertKU, &kStringListSignature }, 115 { openvpn::kRemoteCertTLS, &kStringSignature }, 116 { openvpn::kRenegSec, &kIntegerSignature }, 117 { vpn::kSaveCredentials, &kBoolSignature }, 118 { openvpn::kServerCAPEMs, &kStringListSignature }, 119 { openvpn::kServerCARef, &kStringSignature }, 120 // Not supported, yet. 121 { openvpn::kServerCertPEM, &kStringSignature }, 122 { openvpn::kServerCertRef, &kStringSignature }, 123 { openvpn::kServerPollTimeout, &kIntegerSignature }, 124 { openvpn::kShaper, &kIntegerSignature }, 125 { openvpn::kStaticChallenge, &kStringSignature }, 126 { openvpn::kTLSAuthContents, &kStringSignature }, 127 { openvpn::kTLSRemote, &kStringSignature }, 128 { vpn::kUsername, &kStringSignature }, 129 // Not supported, yet. 130 { openvpn::kVerb, &kStringSignature }, 131 { NULL } 132 }; 133 134 const OncFieldSignature vpn_fields[] = { 135 { kRecommended, &kRecommendedSignature }, 136 { vpn::kAutoConnect, &kBoolSignature }, 137 { vpn::kHost, &kStringSignature }, 138 { vpn::kIPsec, &kIPsecSignature }, 139 { vpn::kL2TP, &kL2TPSignature }, 140 { vpn::kOpenVPN, &kOpenVPNSignature }, 141 { vpn::kType, &kStringSignature }, 142 { NULL } 143 }; 144 145 const OncFieldSignature ethernet_fields[] = { 146 { kRecommended, &kRecommendedSignature }, 147 // Not supported, yet. 148 { ethernet::kAuthentication, &kStringSignature }, 149 { ethernet::kEAP, &kEAPSignature }, 150 { NULL } 151 }; 152 153 // Not supported, yet. 154 const OncFieldSignature ipconfig_fields[] = { 155 { ipconfig::kGateway, &kStringSignature }, 156 { ipconfig::kIPAddress, &kStringSignature }, 157 { network_config::kNameServers, &kStringSignature }, 158 { ipconfig::kRoutingPrefix, &kIntegerSignature }, 159 { network_config::kSearchDomains, &kStringListSignature }, 160 { ipconfig::kType, &kStringSignature }, 161 { NULL } 162 }; 163 164 const OncFieldSignature proxy_location_fields[] = { 165 { proxy::kHost, &kStringSignature }, 166 { proxy::kPort, &kIntegerSignature }, 167 { NULL } 168 }; 169 170 const OncFieldSignature proxy_manual_fields[] = { 171 { proxy::kFtp, &kProxyLocationSignature }, 172 { proxy::kHttp, &kProxyLocationSignature }, 173 { proxy::kHttps, &kProxyLocationSignature }, 174 { proxy::kSocks, &kProxyLocationSignature }, 175 { NULL } 176 }; 177 178 const OncFieldSignature proxy_settings_fields[] = { 179 { kRecommended, &kRecommendedSignature }, 180 { proxy::kExcludeDomains, &kStringListSignature }, 181 { proxy::kManual, &kProxyManualSignature }, 182 { proxy::kPAC, &kStringSignature }, 183 { proxy::kType, &kStringSignature }, 184 { NULL } 185 }; 186 187 const OncFieldSignature wifi_fields[] = { 188 { kRecommended, &kRecommendedSignature }, 189 { wifi::kAutoConnect, &kBoolSignature }, 190 { wifi::kEAP, &kEAPSignature }, 191 { wifi::kHiddenSSID, &kBoolSignature }, 192 { wifi::kPassphrase, &kStringSignature }, 193 { wifi::kSSID, &kStringSignature }, 194 { wifi::kSecurity, &kStringSignature }, 195 { NULL } 196 }; 197 198 const OncFieldSignature wifi_with_state_fields[] = { 199 { wifi::kBSSID, &kStringSignature }, 200 { wifi::kFrequency, &kIntegerSignature }, 201 { wifi::kFrequencyList, &kIntegerListSignature }, 202 { wifi::kSignalStrength, &kIntegerSignature }, 203 { NULL } 204 }; 205 206 const OncFieldSignature cellular_with_state_fields[] = { 207 { kRecommended, &kRecommendedSignature }, 208 { cellular::kActivateOverNonCellularNetwork, &kBoolSignature }, 209 { cellular::kActivationState, &kStringSignature }, 210 { cellular::kAllowRoaming, &kStringSignature }, 211 { cellular::kAPN, &kStringSignature }, 212 { cellular::kCarrier, &kStringSignature }, 213 { cellular::kESN, &kStringSignature }, 214 { cellular::kFamily, &kStringSignature }, 215 { cellular::kFirmwareRevision, &kStringSignature }, 216 { cellular::kFoundNetworks, &kStringSignature }, 217 { cellular::kHardwareRevision, &kStringSignature }, 218 { cellular::kHomeProvider, &kStringSignature }, 219 { cellular::kICCID, &kStringSignature }, 220 { cellular::kIMEI, &kStringSignature }, 221 { cellular::kIMSI, &kStringSignature }, 222 { cellular::kManufacturer, &kStringSignature }, 223 { cellular::kMDN, &kStringSignature }, 224 { cellular::kMEID, &kStringSignature }, 225 { cellular::kMIN, &kStringSignature }, 226 { cellular::kModelID, &kStringSignature }, 227 { cellular::kNetworkTechnology, &kStringSignature }, 228 { cellular::kOperatorCode, &kStringSignature }, 229 { cellular::kOperatorName, &kStringSignature }, 230 { cellular::kPRLVersion, &kStringSignature }, 231 { cellular::kProviderRequiresRoaming, &kStringSignature }, 232 { cellular::kRoamingState, &kStringSignature }, 233 { cellular::kSelectedNetwork, &kStringSignature }, 234 { cellular::kServingOperator, &kStringSignature }, 235 { cellular::kSIMLockStatus, &kStringSignature }, 236 { cellular::kSIMPresent, &kStringSignature }, 237 { cellular::kSupportedCarriers, &kStringSignature }, 238 { cellular::kSupportNetworkScan, &kStringSignature }, 239 { NULL } 240 }; 241 242 const OncFieldSignature network_configuration_fields[] = { 243 { kRecommended, &kRecommendedSignature }, 244 { network_config::kEthernet, &kEthernetSignature }, 245 { network_config::kGUID, &kStringSignature }, 246 // Not supported, yet. 247 { network_config::kIPConfigs, &kIPConfigListSignature }, 248 { network_config::kName, &kStringSignature }, 249 // Not supported, yet. 250 { network_config::kNameServers, &kStringListSignature }, 251 { network_config::kProxySettings, &kProxySettingsSignature }, 252 { kRemove, &kBoolSignature }, 253 // Not supported, yet. 254 { network_config::kSearchDomains, &kStringListSignature }, 255 { network_config::kType, &kStringSignature }, 256 { network_config::kVPN, &kVPNSignature }, 257 { network_config::kWiFi, &kWiFiSignature }, 258 { NULL } 259 }; 260 261 const OncFieldSignature network_with_state_fields[] = { 262 { network_config::kCellular, &kCellularWithStateSignature }, 263 { network_config::kConnectionState, &kStringSignature }, 264 { network_config::kWiFi, &kWiFiWithStateSignature }, 265 { NULL } 266 }; 267 268 const OncFieldSignature certificate_fields[] = { 269 { certificate::kGUID, &kStringSignature }, 270 { certificate::kPKCS12, &kStringSignature }, 271 { kRemove, &kBoolSignature }, 272 { certificate::kTrustBits, &kStringListSignature }, 273 { certificate::kType, &kStringSignature }, 274 { certificate::kX509, &kStringSignature }, 275 { NULL } 276 }; 277 278 const OncFieldSignature toplevel_configuration_fields[] = { 279 { toplevel_config::kCertificates, &kCertificateListSignature }, 280 { toplevel_config::kNetworkConfigurations, 281 &kNetworkConfigurationListSignature }, 282 { toplevel_config::kType, &kStringSignature }, 283 { encrypted::kCipher, &kStringSignature }, 284 { encrypted::kCiphertext, &kStringSignature }, 285 { encrypted::kHMAC, &kStringSignature }, 286 { encrypted::kHMACMethod, &kStringSignature }, 287 { encrypted::kIV, &kStringSignature }, 288 { encrypted::kIterations, &kIntegerSignature }, 289 { encrypted::kSalt, &kStringSignature }, 290 { encrypted::kStretch, &kStringSignature }, 291 { NULL } 292 }; 293 294 } // namespace 295 296 const OncValueSignature kRecommendedSignature = { 297 Value::TYPE_LIST, NULL, &kStringSignature 298 }; 299 const OncValueSignature kEAPSignature = { 300 Value::TYPE_DICTIONARY, eap_fields, NULL 301 }; 302 const OncValueSignature kIssuerSubjectPatternSignature = { 303 Value::TYPE_DICTIONARY, issuer_subject_pattern_fields, NULL 304 }; 305 const OncValueSignature kCertificatePatternSignature = { 306 Value::TYPE_DICTIONARY, certificate_pattern_fields, NULL 307 }; 308 const OncValueSignature kIPsecSignature = { 309 Value::TYPE_DICTIONARY, ipsec_fields, NULL 310 }; 311 const OncValueSignature kL2TPSignature = { 312 Value::TYPE_DICTIONARY, l2tp_fields, NULL 313 }; 314 const OncValueSignature kOpenVPNSignature = { 315 Value::TYPE_DICTIONARY, openvpn_fields, NULL 316 }; 317 const OncValueSignature kVPNSignature = { 318 Value::TYPE_DICTIONARY, vpn_fields, NULL 319 }; 320 const OncValueSignature kEthernetSignature = { 321 Value::TYPE_DICTIONARY, ethernet_fields, NULL 322 }; 323 const OncValueSignature kIPConfigSignature = { 324 Value::TYPE_DICTIONARY, ipconfig_fields, NULL 325 }; 326 const OncValueSignature kProxyLocationSignature = { 327 Value::TYPE_DICTIONARY, proxy_location_fields, NULL 328 }; 329 const OncValueSignature kProxyManualSignature = { 330 Value::TYPE_DICTIONARY, proxy_manual_fields, NULL 331 }; 332 const OncValueSignature kProxySettingsSignature = { 333 Value::TYPE_DICTIONARY, proxy_settings_fields, NULL 334 }; 335 const OncValueSignature kWiFiSignature = { 336 Value::TYPE_DICTIONARY, wifi_fields, NULL 337 }; 338 const OncValueSignature kCertificateSignature = { 339 Value::TYPE_DICTIONARY, certificate_fields, NULL 340 }; 341 const OncValueSignature kNetworkConfigurationSignature = { 342 Value::TYPE_DICTIONARY, network_configuration_fields, NULL 343 }; 344 const OncValueSignature kCertificateListSignature = { 345 Value::TYPE_LIST, NULL, &kCertificateSignature 346 }; 347 const OncValueSignature kNetworkConfigurationListSignature = { 348 Value::TYPE_LIST, NULL, &kNetworkConfigurationSignature 349 }; 350 const OncValueSignature kToplevelConfigurationSignature = { 351 Value::TYPE_DICTIONARY, toplevel_configuration_fields, NULL 352 }; 353 354 // Derived "ONC with State" signatures. 355 const OncValueSignature kNetworkWithStateSignature = { 356 Value::TYPE_DICTIONARY, network_with_state_fields, NULL, 357 &kNetworkConfigurationSignature 358 }; 359 const OncValueSignature kWiFiWithStateSignature = { 360 Value::TYPE_DICTIONARY, wifi_with_state_fields, NULL, &kWiFiSignature 361 }; 362 const OncValueSignature kCellularWithStateSignature = { 363 Value::TYPE_DICTIONARY, cellular_with_state_fields, NULL 364 }; 365 366 const OncFieldSignature* GetFieldSignature(const OncValueSignature& signature, 367 const std::string& onc_field_name) { 368 if (!signature.fields) 369 return NULL; 370 for (const OncFieldSignature* field_signature = signature.fields; 371 field_signature->onc_field_name != NULL; ++field_signature) { 372 if (onc_field_name == field_signature->onc_field_name) 373 return field_signature; 374 } 375 if (signature.base_signature) 376 return GetFieldSignature(*signature.base_signature, onc_field_name); 377 return NULL; 378 } 379 380 namespace { 381 382 struct CredentialEntry { 383 const OncValueSignature* value_signature; 384 const char* field_name; 385 }; 386 387 const CredentialEntry credentials[] = { 388 { &kEAPSignature, onc::eap::kPassword }, 389 { &kIPsecSignature, onc::ipsec::kPSK }, 390 { &kL2TPSignature, onc::vpn::kPassword }, 391 { &kOpenVPNSignature, onc::vpn::kPassword }, 392 { &kOpenVPNSignature, onc::openvpn::kTLSAuthContents }, 393 { &kWiFiSignature, onc::wifi::kPassphrase }, 394 { NULL } 395 }; 396 397 } // namespace 398 399 bool FieldIsCredential(const OncValueSignature& signature, 400 const std::string& onc_field_name) { 401 for (const CredentialEntry* entry = credentials; 402 entry->value_signature != NULL; ++entry) { 403 if (&signature == entry->value_signature && 404 onc_field_name == entry->field_name) { 405 return true; 406 } 407 } 408 return false; 409 } 410 411 } // namespace onc 412 } // namespace chromeos 413
