Home | History | Annotate | Download | only in onc 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROMEOS_NETWORK_ONC_ONC_VALIDATOR_H_
      6 #define CHROMEOS_NETWORK_ONC_ONC_VALIDATOR_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 #include "base/memory/scoped_ptr.h"
     12 #include "chromeos/chromeos_export.h"
     13 #include "chromeos/network/onc/onc_constants.h"
     14 #include "chromeos/network/onc/onc_mapper.h"
     15 
     16 namespace base {
     17 class DictionaryValue;
     18 class Value;
     19 }
     20 
     21 namespace chromeos {
     22 namespace onc {
     23 
     24 struct OncValueSignature;
     25 
     26 // The ONC Validator searches for the following invalid cases:
     27 // - a value is found that has the wrong type or is not expected according to
     28 //   the ONC spec (always an error)
     29 //
     30 // - a field name is found that is not part of the signature
     31 //   (controlled by flag |error_on_unknown_field|)
     32 //
     33 // - a kRecommended array contains a field name that is not part of the
     34 //   enclosing object's signature or if that field is dictionary typed
     35 //   (controlled by flag |error_on_wrong_recommended|)
     36 //
     37 // - |managed_onc| is false and a field with name kRecommended is found
     38 //   (always ignored)
     39 //
     40 // - a required field is missing (controlled by flag |error_on_missing_field|)
     41 //
     42 // If one of these invalid cases occurs and, in case of a controlling flag, that
     43 // flag is true, then it is an error. The function ValidateAndRepairObject sets
     44 // |result| to INVALID and returns NULL.
     45 //
     46 // Otherwise, a DeepCopy of the validated object is created, which contains
     47 // all but the invalid fields and values.
     48 //
     49 // If one of the invalid cases occurs and the controlling flag is false, then
     50 // it is a warning. The function ValidateAndRepairObject sets |result| to
     51 // VALID_WITH_WARNINGS and returns the repaired copy.
     52 //
     53 // If no error occurred, |result| is set to VALID and an exact DeepCopy is
     54 // returned.
     55 class CHROMEOS_EXPORT Validator : public Mapper {
     56  public:
     57   enum Result {
     58     VALID,
     59     VALID_WITH_WARNINGS,
     60     INVALID
     61   };
     62 
     63   // See the class comment.
     64   Validator(bool error_on_unknown_field,
     65             bool error_on_wrong_recommended,
     66             bool error_on_missing_field,
     67             bool managed_onc);
     68 
     69   virtual ~Validator();
     70 
     71   // Sets the ONC source to |source|. If not set, defaults to ONC_SOURCE_NONE.
     72   // If the source is set to ONC_SOURCE_DEVICE_POLICY, validation additionally
     73   // checks:
     74   // - only the network types Wifi and Ethernet are allowed
     75   // - client certificate patterns are disallowed
     76   void SetOncSource(ONCSource source) {
     77     onc_source_ = source;
     78   }
     79 
     80   // Validate the given |onc_object| according to |object_signature|. The
     81   // |object_signature| has to be a pointer to one of the signatures in
     82   // |onc_signature.h|. If an error is found, the function returns NULL and sets
     83   // |result| to INVALID. If possible (no error encountered) a DeepCopy is
     84   // created that contains all but the invalid fields and values and returns
     85   // this "repaired" object. That means, if not handled as an error, then the
     86   // following are dropped from the copy:
     87   // - unknown fields
     88   // - invalid field names in kRecommended arrays
     89   // - kRecommended fields in an unmanaged ONC
     90   // If any of these cases occurred, sets |result| to VALID_WITH_WARNINGS and
     91   // otherwise to VALID.
     92   // For details, see the class comment.
     93   scoped_ptr<base::DictionaryValue> ValidateAndRepairObject(
     94       const OncValueSignature* object_signature,
     95       const base::DictionaryValue& onc_object,
     96       Result* result);
     97 
     98  private:
     99   // Overridden from Mapper:
    100   // Compare |onc_value|s type with |onc_type| and validate/repair according to
    101   // |signature|. On error returns NULL.
    102   virtual scoped_ptr<base::Value> MapValue(
    103     const OncValueSignature& signature,
    104     const base::Value& onc_value,
    105     bool* error) OVERRIDE;
    106 
    107   // Dispatch to the right validation function according to
    108   // |signature|. Iterates over all fields and recursively validates/repairs
    109   // these. All valid fields are added to the result dictionary. Returns the
    110   // repaired dictionary. Only on error returns NULL.
    111   virtual scoped_ptr<base::DictionaryValue> MapObject(
    112       const OncValueSignature& signature,
    113       const base::DictionaryValue& onc_object,
    114       bool* error) OVERRIDE;
    115 
    116   // Pushes/pops the |field_name| to |path_|, otherwise like |Mapper::MapField|.
    117   virtual scoped_ptr<base::Value> MapField(
    118       const std::string& field_name,
    119       const OncValueSignature& object_signature,
    120       const base::Value& onc_value,
    121       bool* found_unknown_field,
    122       bool* error) OVERRIDE;
    123 
    124   // Ignores nested errors in NetworkConfigurations and Certificates, otherwise
    125   // like |Mapper::MapArray|.
    126   virtual scoped_ptr<base::ListValue> MapArray(
    127       const OncValueSignature& array_signature,
    128       const base::ListValue& onc_array,
    129       bool* nested_error) OVERRIDE;
    130 
    131   // Pushes/pops the index to |path_|, otherwise like |Mapper::MapEntry|.
    132   virtual scoped_ptr<base::Value> MapEntry(
    133       int index,
    134       const OncValueSignature& signature,
    135       const base::Value& onc_value,
    136       bool* error) OVERRIDE;
    137 
    138   // This is the default validation of objects/dictionaries. Validates
    139   // |onc_object| according to |object_signature|. |result| must point to a
    140   // dictionary into which the repaired fields are written.
    141   bool ValidateObjectDefault(
    142       const OncValueSignature& object_signature,
    143       const base::DictionaryValue& onc_object,
    144       base::DictionaryValue* result);
    145 
    146   // Validates/repairs the kRecommended array in |result| according to
    147   // |object_signature| of the enclosing object.
    148   bool ValidateRecommendedField(
    149       const OncValueSignature& object_signature,
    150       base::DictionaryValue* result);
    151 
    152   bool ValidateToplevelConfiguration(
    153       const base::DictionaryValue& onc_object,
    154       base::DictionaryValue* result);
    155 
    156   bool ValidateNetworkConfiguration(
    157       const base::DictionaryValue& onc_object,
    158       base::DictionaryValue* result);
    159 
    160   bool ValidateEthernet(
    161       const base::DictionaryValue& onc_object,
    162       base::DictionaryValue* result);
    163 
    164   bool ValidateIPConfig(
    165       const base::DictionaryValue& onc_object,
    166       base::DictionaryValue* result);
    167 
    168   bool ValidateWiFi(
    169       const base::DictionaryValue& onc_object,
    170       base::DictionaryValue* result);
    171 
    172   bool ValidateVPN(
    173       const base::DictionaryValue& onc_object,
    174       base::DictionaryValue* result);
    175 
    176   bool ValidateIPsec(
    177       const base::DictionaryValue& onc_object,
    178       base::DictionaryValue* result);
    179 
    180   bool ValidateOpenVPN(
    181       const base::DictionaryValue& onc_object,
    182       base::DictionaryValue* result);
    183 
    184   bool ValidateCertificatePattern(
    185       const base::DictionaryValue& onc_object,
    186       base::DictionaryValue* result);
    187 
    188   bool ValidateProxySettings(
    189       const base::DictionaryValue& onc_object,
    190       base::DictionaryValue* result);
    191 
    192   bool ValidateProxyLocation(
    193       const base::DictionaryValue& onc_object,
    194       base::DictionaryValue* result);
    195 
    196   bool ValidateEAP(
    197       const base::DictionaryValue& onc_object,
    198       base::DictionaryValue* result);
    199 
    200   bool ValidateCertificate(
    201       const base::DictionaryValue& onc_object,
    202       base::DictionaryValue* result);
    203 
    204   bool FieldExistsAndHasNoValidValue(const base::DictionaryValue& object,
    205                                      const std::string &field_name,
    206                                      const char** valid_values);
    207 
    208   bool FieldExistsAndIsNotInRange(const base::DictionaryValue& object,
    209                                   const std::string &field_name,
    210                                   int lower_bound,
    211                                   int upper_bound);
    212 
    213   bool FieldExistsAndIsEmpty(const base::DictionaryValue& object,
    214                              const std::string& field_name);
    215 
    216   bool RequireField(const base::DictionaryValue& dict, const std::string& key);
    217 
    218   bool CertPatternInDevicePolicy(const std::string& cert_type);
    219 
    220   std::string MessageHeader();
    221 
    222   const bool error_on_unknown_field_;
    223   const bool error_on_wrong_recommended_;
    224   const bool error_on_missing_field_;
    225   const bool managed_onc_;
    226 
    227   ONCSource onc_source_;
    228 
    229   // The path of field names and indices to the current value. Indices
    230   // are stored as strings in decimal notation.
    231   std::vector<std::string> path_;
    232 
    233   // Tracks if an error or warning occurred within validation initiated by
    234   // function ValidateAndRepairObject.
    235   bool error_or_warning_found_;
    236 
    237   DISALLOW_COPY_AND_ASSIGN(Validator);
    238 };
    239 
    240 }  // namespace onc
    241 }  // namespace chromeos
    242 
    243 #endif  // CHROMEOS_NETWORK_ONC_ONC_VALIDATOR_H_
    244