1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROMEOS_NETWORK_ONC_ONC_VALIDATOR_H_ 6 #define CHROMEOS_NETWORK_ONC_ONC_VALIDATOR_H_ 7 8 #include <string> 9 #include <vector> 10 11 #include "base/memory/scoped_ptr.h" 12 #include "chromeos/chromeos_export.h" 13 #include "chromeos/network/onc/onc_constants.h" 14 #include "chromeos/network/onc/onc_mapper.h" 15 16 namespace base { 17 class DictionaryValue; 18 class Value; 19 } 20 21 namespace chromeos { 22 namespace onc { 23 24 struct OncValueSignature; 25 26 // The ONC Validator searches for the following invalid cases: 27 // - a value is found that has the wrong type or is not expected according to 28 // the ONC spec (always an error) 29 // 30 // - a field name is found that is not part of the signature 31 // (controlled by flag |error_on_unknown_field|) 32 // 33 // - a kRecommended array contains a field name that is not part of the 34 // enclosing object's signature or if that field is dictionary typed 35 // (controlled by flag |error_on_wrong_recommended|) 36 // 37 // - |managed_onc| is false and a field with name kRecommended is found 38 // (always ignored) 39 // 40 // - a required field is missing (controlled by flag |error_on_missing_field|) 41 // 42 // If one of these invalid cases occurs and, in case of a controlling flag, that 43 // flag is true, then it is an error. The function ValidateAndRepairObject sets 44 // |result| to INVALID and returns NULL. 45 // 46 // Otherwise, a DeepCopy of the validated object is created, which contains 47 // all but the invalid fields and values. 48 // 49 // If one of the invalid cases occurs and the controlling flag is false, then 50 // it is a warning. The function ValidateAndRepairObject sets |result| to 51 // VALID_WITH_WARNINGS and returns the repaired copy. 52 // 53 // If no error occurred, |result| is set to VALID and an exact DeepCopy is 54 // returned. 55 class CHROMEOS_EXPORT Validator : public Mapper { 56 public: 57 enum Result { 58 VALID, 59 VALID_WITH_WARNINGS, 60 INVALID 61 }; 62 63 // See the class comment. 64 Validator(bool error_on_unknown_field, 65 bool error_on_wrong_recommended, 66 bool error_on_missing_field, 67 bool managed_onc); 68 69 virtual ~Validator(); 70 71 // Sets the ONC source to |source|. If not set, defaults to ONC_SOURCE_NONE. 72 // If the source is set to ONC_SOURCE_DEVICE_POLICY, validation additionally 73 // checks: 74 // - only the network types Wifi and Ethernet are allowed 75 // - client certificate patterns are disallowed 76 void SetOncSource(ONCSource source) { 77 onc_source_ = source; 78 } 79 80 // Validate the given |onc_object| according to |object_signature|. The 81 // |object_signature| has to be a pointer to one of the signatures in 82 // |onc_signature.h|. If an error is found, the function returns NULL and sets 83 // |result| to INVALID. If possible (no error encountered) a DeepCopy is 84 // created that contains all but the invalid fields and values and returns 85 // this "repaired" object. That means, if not handled as an error, then the 86 // following are dropped from the copy: 87 // - unknown fields 88 // - invalid field names in kRecommended arrays 89 // - kRecommended fields in an unmanaged ONC 90 // If any of these cases occurred, sets |result| to VALID_WITH_WARNINGS and 91 // otherwise to VALID. 92 // For details, see the class comment. 93 scoped_ptr<base::DictionaryValue> ValidateAndRepairObject( 94 const OncValueSignature* object_signature, 95 const base::DictionaryValue& onc_object, 96 Result* result); 97 98 private: 99 // Overridden from Mapper: 100 // Compare |onc_value|s type with |onc_type| and validate/repair according to 101 // |signature|. On error returns NULL. 102 virtual scoped_ptr<base::Value> MapValue( 103 const OncValueSignature& signature, 104 const base::Value& onc_value, 105 bool* error) OVERRIDE; 106 107 // Dispatch to the right validation function according to 108 // |signature|. Iterates over all fields and recursively validates/repairs 109 // these. All valid fields are added to the result dictionary. Returns the 110 // repaired dictionary. Only on error returns NULL. 111 virtual scoped_ptr<base::DictionaryValue> MapObject( 112 const OncValueSignature& signature, 113 const base::DictionaryValue& onc_object, 114 bool* error) OVERRIDE; 115 116 // Pushes/pops the |field_name| to |path_|, otherwise like |Mapper::MapField|. 117 virtual scoped_ptr<base::Value> MapField( 118 const std::string& field_name, 119 const OncValueSignature& object_signature, 120 const base::Value& onc_value, 121 bool* found_unknown_field, 122 bool* error) OVERRIDE; 123 124 // Ignores nested errors in NetworkConfigurations and Certificates, otherwise 125 // like |Mapper::MapArray|. 126 virtual scoped_ptr<base::ListValue> MapArray( 127 const OncValueSignature& array_signature, 128 const base::ListValue& onc_array, 129 bool* nested_error) OVERRIDE; 130 131 // Pushes/pops the index to |path_|, otherwise like |Mapper::MapEntry|. 132 virtual scoped_ptr<base::Value> MapEntry( 133 int index, 134 const OncValueSignature& signature, 135 const base::Value& onc_value, 136 bool* error) OVERRIDE; 137 138 // This is the default validation of objects/dictionaries. Validates 139 // |onc_object| according to |object_signature|. |result| must point to a 140 // dictionary into which the repaired fields are written. 141 bool ValidateObjectDefault( 142 const OncValueSignature& object_signature, 143 const base::DictionaryValue& onc_object, 144 base::DictionaryValue* result); 145 146 // Validates/repairs the kRecommended array in |result| according to 147 // |object_signature| of the enclosing object. 148 bool ValidateRecommendedField( 149 const OncValueSignature& object_signature, 150 base::DictionaryValue* result); 151 152 bool ValidateToplevelConfiguration( 153 const base::DictionaryValue& onc_object, 154 base::DictionaryValue* result); 155 156 bool ValidateNetworkConfiguration( 157 const base::DictionaryValue& onc_object, 158 base::DictionaryValue* result); 159 160 bool ValidateEthernet( 161 const base::DictionaryValue& onc_object, 162 base::DictionaryValue* result); 163 164 bool ValidateIPConfig( 165 const base::DictionaryValue& onc_object, 166 base::DictionaryValue* result); 167 168 bool ValidateWiFi( 169 const base::DictionaryValue& onc_object, 170 base::DictionaryValue* result); 171 172 bool ValidateVPN( 173 const base::DictionaryValue& onc_object, 174 base::DictionaryValue* result); 175 176 bool ValidateIPsec( 177 const base::DictionaryValue& onc_object, 178 base::DictionaryValue* result); 179 180 bool ValidateOpenVPN( 181 const base::DictionaryValue& onc_object, 182 base::DictionaryValue* result); 183 184 bool ValidateCertificatePattern( 185 const base::DictionaryValue& onc_object, 186 base::DictionaryValue* result); 187 188 bool ValidateProxySettings( 189 const base::DictionaryValue& onc_object, 190 base::DictionaryValue* result); 191 192 bool ValidateProxyLocation( 193 const base::DictionaryValue& onc_object, 194 base::DictionaryValue* result); 195 196 bool ValidateEAP( 197 const base::DictionaryValue& onc_object, 198 base::DictionaryValue* result); 199 200 bool ValidateCertificate( 201 const base::DictionaryValue& onc_object, 202 base::DictionaryValue* result); 203 204 bool FieldExistsAndHasNoValidValue(const base::DictionaryValue& object, 205 const std::string &field_name, 206 const char** valid_values); 207 208 bool FieldExistsAndIsNotInRange(const base::DictionaryValue& object, 209 const std::string &field_name, 210 int lower_bound, 211 int upper_bound); 212 213 bool FieldExistsAndIsEmpty(const base::DictionaryValue& object, 214 const std::string& field_name); 215 216 bool RequireField(const base::DictionaryValue& dict, const std::string& key); 217 218 bool CertPatternInDevicePolicy(const std::string& cert_type); 219 220 std::string MessageHeader(); 221 222 const bool error_on_unknown_field_; 223 const bool error_on_wrong_recommended_; 224 const bool error_on_missing_field_; 225 const bool managed_onc_; 226 227 ONCSource onc_source_; 228 229 // The path of field names and indices to the current value. Indices 230 // are stored as strings in decimal notation. 231 std::vector<std::string> path_; 232 233 // Tracks if an error or warning occurred within validation initiated by 234 // function ValidateAndRepairObject. 235 bool error_or_warning_found_; 236 237 DISALLOW_COPY_AND_ASSIGN(Validator); 238 }; 239 240 } // namespace onc 241 } // namespace chromeos 242 243 #endif // CHROMEOS_NETWORK_ONC_ONC_VALIDATOR_H_ 244