1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chromeos/network/onc/onc_signature.h" 6 7 #include "components/onc/onc_constants.h" 8 #include "third_party/cros_system_api/dbus/service_constants.h" 9 10 using base::Value; 11 12 namespace chromeos { 13 namespace onc { 14 namespace { 15 16 const OncValueSignature kBoolSignature = { 17 base::Value::TYPE_BOOLEAN, NULL 18 }; 19 const OncValueSignature kStringSignature = { 20 base::Value::TYPE_STRING, NULL 21 }; 22 const OncValueSignature kIntegerSignature = { 23 base::Value::TYPE_INTEGER, NULL 24 }; 25 const OncValueSignature kStringListSignature = { 26 base::Value::TYPE_LIST, NULL, &kStringSignature 27 }; 28 const OncValueSignature kIntegerListSignature = { 29 base::Value::TYPE_LIST, NULL, &kIntegerSignature 30 }; 31 const OncValueSignature kIPConfigListSignature = { 32 base::Value::TYPE_LIST, NULL, &kIPConfigSignature 33 }; 34 const OncValueSignature kCellularApnListSignature = { 35 base::Value::TYPE_LIST, NULL, &kCellularApnSignature 36 }; 37 38 const OncFieldSignature issuer_subject_pattern_fields[] = { 39 { ::onc::certificate::kCommonName, &kStringSignature}, 40 { ::onc::certificate::kLocality, &kStringSignature}, 41 { ::onc::certificate::kOrganization, &kStringSignature}, 42 { ::onc::certificate::kOrganizationalUnit, &kStringSignature}, 43 {NULL}}; 44 45 const OncFieldSignature certificate_pattern_fields[] = { 46 { ::onc::kRecommended, &kRecommendedSignature}, 47 { ::onc::certificate::kEnrollmentURI, &kStringListSignature}, 48 { ::onc::certificate::kIssuer, &kIssuerSubjectPatternSignature}, 49 { ::onc::certificate::kIssuerCARef, &kStringListSignature}, 50 // Used internally. Not officially supported. 51 { ::onc::certificate::kIssuerCAPEMs, &kStringListSignature}, 52 { ::onc::certificate::kSubject, &kIssuerSubjectPatternSignature}, 53 {NULL}}; 54 55 const OncFieldSignature eap_fields[] = { 56 { ::onc::kRecommended, &kRecommendedSignature}, 57 { ::onc::eap::kAnonymousIdentity, &kStringSignature}, 58 { ::onc::eap::kClientCertPattern, &kCertificatePatternSignature}, 59 { ::onc::eap::kClientCertRef, &kStringSignature}, 60 { ::onc::eap::kClientCertType, &kStringSignature}, 61 { ::onc::eap::kIdentity, &kStringSignature}, 62 { ::onc::eap::kInner, &kStringSignature}, 63 { ::onc::eap::kOuter, &kStringSignature}, 64 { ::onc::eap::kPassword, &kStringSignature}, 65 { ::onc::eap::kSaveCredentials, &kBoolSignature}, 66 // Used internally. Not officially supported. 67 { ::onc::eap::kServerCAPEMs, &kStringListSignature}, 68 { ::onc::eap::kServerCARef, &kStringSignature}, 69 { ::onc::eap::kServerCARefs, &kStringListSignature}, 70 { ::onc::eap::kUseSystemCAs, &kBoolSignature}, 71 {NULL}}; 72 73 const OncFieldSignature ipsec_fields[] = { 74 { ::onc::kRecommended, &kRecommendedSignature}, 75 { ::onc::ipsec::kAuthenticationType, &kStringSignature}, 76 { ::onc::vpn::kClientCertPattern, &kCertificatePatternSignature}, 77 { ::onc::vpn::kClientCertRef, &kStringSignature}, 78 { ::onc::vpn::kClientCertType, &kStringSignature}, 79 { ::onc::ipsec::kGroup, &kStringSignature}, 80 { ::onc::ipsec::kIKEVersion, &kIntegerSignature}, 81 { ::onc::ipsec::kPSK, &kStringSignature}, 82 { ::onc::vpn::kSaveCredentials, &kBoolSignature}, 83 // Used internally. Not officially supported. 84 { ::onc::ipsec::kServerCAPEMs, &kStringListSignature}, 85 { ::onc::ipsec::kServerCARef, &kStringSignature}, 86 { ::onc::ipsec::kServerCARefs, &kStringListSignature}, 87 { ::onc::ipsec::kXAUTH, &kXAUTHSignature}, 88 // Not yet supported. 89 // { ipsec::kEAP, &kEAPSignature }, 90 {NULL}}; 91 92 const OncFieldSignature xauth_fields[] = { 93 { ::onc::vpn::kPassword, &kStringSignature}, 94 { ::onc::vpn::kUsername, &kStringSignature}, 95 {NULL}}; 96 97 const OncFieldSignature l2tp_fields[] = { 98 { ::onc::kRecommended, &kRecommendedSignature}, 99 { ::onc::vpn::kPassword, &kStringSignature}, 100 { ::onc::vpn::kSaveCredentials, &kBoolSignature}, 101 { ::onc::vpn::kUsername, &kStringSignature}, 102 {NULL}}; 103 104 const OncFieldSignature openvpn_fields[] = { 105 { ::onc::kRecommended, &kRecommendedSignature}, 106 { ::onc::openvpn::kAuth, &kStringSignature}, 107 { ::onc::openvpn::kAuthNoCache, &kBoolSignature}, 108 { ::onc::openvpn::kAuthRetry, &kStringSignature}, 109 { ::onc::openvpn::kCipher, &kStringSignature}, 110 { ::onc::vpn::kClientCertPattern, &kCertificatePatternSignature}, 111 { ::onc::vpn::kClientCertRef, &kStringSignature}, 112 { ::onc::vpn::kClientCertType, &kStringSignature}, 113 { ::onc::openvpn::kCompLZO, &kStringSignature}, 114 { ::onc::openvpn::kCompNoAdapt, &kBoolSignature}, 115 { ::onc::openvpn::kIgnoreDefaultRoute, &kBoolSignature}, 116 { ::onc::openvpn::kKeyDirection, &kStringSignature}, 117 { ::onc::openvpn::kNsCertType, &kStringSignature}, 118 { ::onc::vpn::kPassword, &kStringSignature}, 119 { ::onc::openvpn::kPort, &kIntegerSignature}, 120 { ::onc::openvpn::kProto, &kStringSignature}, 121 { ::onc::openvpn::kPushPeerInfo, &kBoolSignature}, 122 { ::onc::openvpn::kRemoteCertEKU, &kStringSignature}, 123 { ::onc::openvpn::kRemoteCertKU, &kStringListSignature}, 124 { ::onc::openvpn::kRemoteCertTLS, &kStringSignature}, 125 { ::onc::openvpn::kRenegSec, &kIntegerSignature}, 126 { ::onc::vpn::kSaveCredentials, &kBoolSignature}, 127 // Used internally. Not officially supported. 128 { ::onc::openvpn::kServerCAPEMs, &kStringListSignature}, 129 { ::onc::openvpn::kServerCARef, &kStringSignature}, 130 { ::onc::openvpn::kServerCARefs, &kStringListSignature}, 131 // Not supported, yet. 132 { ::onc::openvpn::kServerCertPEM, &kStringSignature}, 133 { ::onc::openvpn::kServerCertRef, &kStringSignature}, 134 { ::onc::openvpn::kServerPollTimeout, &kIntegerSignature}, 135 { ::onc::openvpn::kShaper, &kIntegerSignature}, 136 { ::onc::openvpn::kStaticChallenge, &kStringSignature}, 137 { ::onc::openvpn::kTLSAuthContents, &kStringSignature}, 138 { ::onc::openvpn::kTLSRemote, &kStringSignature}, 139 { ::onc::vpn::kUsername, &kStringSignature}, 140 // Not supported, yet. 141 { ::onc::openvpn::kVerb, &kStringSignature}, 142 { ::onc::openvpn::kVerifyHash, &kStringSignature}, 143 { ::onc::openvpn::kVerifyX509, &kVerifyX509Signature}, 144 {NULL}}; 145 146 const OncFieldSignature verify_x509_fields[] = { 147 { ::onc::verify_x509::kName, &kStringSignature}, 148 { ::onc::verify_x509::kType, &kStringSignature}, 149 {NULL}}; 150 151 const OncFieldSignature vpn_fields[] = { 152 { ::onc::kRecommended, &kRecommendedSignature}, 153 { ::onc::vpn::kAutoConnect, &kBoolSignature}, 154 { ::onc::vpn::kHost, &kStringSignature}, 155 { ::onc::vpn::kIPsec, &kIPsecSignature}, 156 { ::onc::vpn::kL2TP, &kL2TPSignature}, 157 { ::onc::vpn::kOpenVPN, &kOpenVPNSignature}, 158 { ::onc::vpn::kType, &kStringSignature}, 159 {NULL}}; 160 161 const OncFieldSignature ethernet_fields[] = { 162 { ::onc::kRecommended, &kRecommendedSignature}, 163 { ::onc::ethernet::kAuthentication, &kStringSignature}, 164 { ::onc::ethernet::kEAP, &kEAPSignature}, 165 {NULL}}; 166 167 // Not supported for policy but for reading network state. 168 const OncFieldSignature ipconfig_fields[] = { 169 { ::onc::ipconfig::kGateway, &kStringSignature}, 170 { ::onc::ipconfig::kIPAddress, &kStringSignature}, 171 { ::onc::ipconfig::kNameServers, &kStringListSignature}, 172 { ::onc::ipconfig::kRoutingPrefix, &kIntegerSignature}, 173 { ::onc::network_config::kSearchDomains, &kStringListSignature}, 174 { ::onc::ipconfig::kType, &kStringSignature}, 175 {NULL}}; 176 177 const OncFieldSignature proxy_location_fields[] = { 178 { ::onc::proxy::kHost, &kStringSignature}, 179 { ::onc::proxy::kPort, &kIntegerSignature}, {NULL}}; 180 181 const OncFieldSignature proxy_manual_fields[] = { 182 { ::onc::proxy::kFtp, &kProxyLocationSignature}, 183 { ::onc::proxy::kHttp, &kProxyLocationSignature}, 184 { ::onc::proxy::kHttps, &kProxyLocationSignature}, 185 { ::onc::proxy::kSocks, &kProxyLocationSignature}, 186 {NULL}}; 187 188 const OncFieldSignature proxy_settings_fields[] = { 189 { ::onc::kRecommended, &kRecommendedSignature}, 190 { ::onc::proxy::kExcludeDomains, &kStringListSignature}, 191 { ::onc::proxy::kManual, &kProxyManualSignature}, 192 { ::onc::proxy::kPAC, &kStringSignature}, 193 { ::onc::proxy::kType, &kStringSignature}, 194 {NULL}}; 195 196 const OncFieldSignature wifi_fields[] = { 197 { ::onc::kRecommended, &kRecommendedSignature}, 198 { ::onc::wifi::kAutoConnect, &kBoolSignature}, 199 { ::onc::wifi::kEAP, &kEAPSignature}, 200 { ::onc::wifi::kHiddenSSID, &kBoolSignature}, 201 { ::onc::wifi::kPassphrase, &kStringSignature}, 202 { ::onc::wifi::kSSID, &kStringSignature}, 203 { ::onc::wifi::kSecurity, &kStringSignature}, 204 {NULL}}; 205 206 const OncFieldSignature wifi_with_state_fields[] = { 207 { ::onc::wifi::kBSSID, &kStringSignature}, 208 { ::onc::wifi::kFrequency, &kIntegerSignature}, 209 { ::onc::wifi::kFrequencyList, &kIntegerListSignature}, 210 { ::onc::wifi::kSignalStrength, &kIntegerSignature}, 211 {NULL}}; 212 213 const OncFieldSignature cellular_provider_fields[] = { 214 { ::onc::cellular_provider::kCode, &kStringSignature}, 215 { ::onc::cellular_provider::kCountry, &kStringSignature}, 216 { ::onc::cellular_provider::kName, &kStringSignature}, 217 {NULL}}; 218 219 const OncFieldSignature cellular_apn_fields[] = { 220 { ::onc::cellular_apn::kName, &kStringSignature}, 221 { ::onc::cellular_apn::kUsername, &kStringSignature}, 222 { ::onc::cellular_apn::kPassword, &kStringSignature}, 223 {NULL}}; 224 225 const OncFieldSignature cellular_fields[] = { 226 { ::onc::kRecommended, &kRecommendedSignature}, 227 { ::onc::cellular::kAPN, &kCellularApnSignature }, 228 { ::onc::cellular::kAPNList, &kCellularApnListSignature}, 229 {NULL}}; 230 231 const OncFieldSignature cellular_with_state_fields[] = { 232 { ::onc::cellular::kActivateOverNonCellularNetwork, &kBoolSignature}, 233 { ::onc::cellular::kActivationState, &kStringSignature}, 234 { ::onc::cellular::kAllowRoaming, &kBoolSignature}, 235 { ::onc::cellular::kCarrier, &kStringSignature}, 236 { ::onc::cellular::kESN, &kStringSignature}, 237 { ::onc::cellular::kFamily, &kStringSignature}, 238 { ::onc::cellular::kFirmwareRevision, &kStringSignature}, 239 { ::onc::cellular::kFoundNetworks, &kStringSignature}, 240 { ::onc::cellular::kHardwareRevision, &kStringSignature}, 241 { ::onc::cellular::kHomeProvider, &kCellularProviderSignature}, 242 { ::onc::cellular::kICCID, &kStringSignature}, 243 { ::onc::cellular::kIMEI, &kStringSignature}, 244 { ::onc::cellular::kIMSI, &kStringSignature}, 245 { ::onc::cellular::kManufacturer, &kStringSignature}, 246 { ::onc::cellular::kMDN, &kStringSignature}, 247 { ::onc::cellular::kMEID, &kStringSignature}, 248 { ::onc::cellular::kMIN, &kStringSignature}, 249 { ::onc::cellular::kModelID, &kStringSignature}, 250 { ::onc::cellular::kNetworkTechnology, &kStringSignature}, 251 { ::onc::cellular::kPRLVersion, &kStringSignature}, 252 { ::onc::cellular::kProviderRequiresRoaming, &kBoolSignature}, 253 { ::onc::cellular::kRoamingState, &kStringSignature}, 254 { ::onc::cellular::kSelectedNetwork, &kStringSignature}, 255 { ::onc::cellular::kServingOperator, &kCellularProviderSignature}, 256 { ::onc::cellular::kSIMLockEnabled, &kBoolSignature}, 257 { ::onc::cellular::kSIMLockStatus, &kStringSignature}, 258 { ::onc::cellular::kSIMLockType, &kStringSignature}, 259 { ::onc::cellular::kSIMPresent, &kStringSignature}, 260 { ::onc::cellular::kSupportedCarriers, &kStringSignature}, 261 { ::onc::cellular::kSupportNetworkScan, &kStringSignature}, 262 {NULL}}; 263 264 const OncFieldSignature network_configuration_fields[] = { 265 { ::onc::kRecommended, &kRecommendedSignature}, 266 { ::onc::network_config::kEthernet, &kEthernetSignature}, 267 { ::onc::network_config::kGUID, &kStringSignature}, 268 // Not supported for policy but for reading network state. 269 { ::onc::network_config::kIPConfigs, &kIPConfigListSignature}, 270 { ::onc::network_config::kName, &kStringSignature}, 271 // Not supported, yet. 272 { ::onc::network_config::kNameServers, &kStringListSignature}, 273 { ::onc::network_config::kProxySettings, &kProxySettingsSignature}, 274 { ::onc::kRemove, &kBoolSignature}, 275 // Not supported, yet. 276 { ::onc::network_config::kSearchDomains, &kStringListSignature}, 277 { ::onc::network_config::kType, &kStringSignature}, 278 { ::onc::network_config::kVPN, &kVPNSignature}, 279 { ::onc::network_config::kWiFi, &kWiFiSignature}, 280 { ::onc::network_config::kCellular, &kCellularSignature}, 281 {NULL}}; 282 283 const OncFieldSignature network_with_state_fields[] = { 284 { ::onc::network_config::kCellular, &kCellularWithStateSignature}, 285 { ::onc::network_config::kConnectionState, &kStringSignature}, 286 { ::onc::network_config::kConnectable, &kBoolSignature}, 287 { ::onc::network_config::kErrorState, &kStringSignature}, 288 { ::onc::network_config::kMacAddress, &kStringSignature}, 289 { ::onc::network_config::kWiFi, &kWiFiWithStateSignature}, 290 {NULL}}; 291 292 const OncFieldSignature global_network_configuration_fields[] = { 293 { ::onc::global_network_config::kAllowOnlyPolicyNetworksToAutoconnect, 294 &kBoolSignature}, 295 {NULL}}; 296 297 const OncFieldSignature certificate_fields[] = { 298 { ::onc::certificate::kGUID, &kStringSignature}, 299 { ::onc::certificate::kPKCS12, &kStringSignature}, 300 { ::onc::kRemove, &kBoolSignature}, 301 { ::onc::certificate::kTrustBits, &kStringListSignature}, 302 { ::onc::certificate::kType, &kStringSignature}, 303 { ::onc::certificate::kX509, &kStringSignature}, 304 {NULL}}; 305 306 const OncFieldSignature toplevel_configuration_fields[] = { 307 { ::onc::toplevel_config::kCertificates, &kCertificateListSignature}, 308 { ::onc::toplevel_config::kNetworkConfigurations, 309 &kNetworkConfigurationListSignature}, 310 { ::onc::toplevel_config::kGlobalNetworkConfiguration, 311 &kGlobalNetworkConfigurationSignature}, 312 { ::onc::toplevel_config::kType, &kStringSignature}, 313 { ::onc::encrypted::kCipher, &kStringSignature}, 314 { ::onc::encrypted::kCiphertext, &kStringSignature}, 315 { ::onc::encrypted::kHMAC, &kStringSignature}, 316 { ::onc::encrypted::kHMACMethod, &kStringSignature}, 317 { ::onc::encrypted::kIV, &kStringSignature}, 318 { ::onc::encrypted::kIterations, &kIntegerSignature}, 319 { ::onc::encrypted::kSalt, &kStringSignature}, 320 { ::onc::encrypted::kStretch, &kStringSignature}, {NULL}}; 321 322 } // namespace 323 324 const OncValueSignature kRecommendedSignature = { 325 base::Value::TYPE_LIST, NULL, &kStringSignature 326 }; 327 const OncValueSignature kEAPSignature = { 328 base::Value::TYPE_DICTIONARY, eap_fields, NULL 329 }; 330 const OncValueSignature kIssuerSubjectPatternSignature = { 331 base::Value::TYPE_DICTIONARY, issuer_subject_pattern_fields, NULL 332 }; 333 const OncValueSignature kCertificatePatternSignature = { 334 base::Value::TYPE_DICTIONARY, certificate_pattern_fields, NULL 335 }; 336 const OncValueSignature kIPsecSignature = { 337 base::Value::TYPE_DICTIONARY, ipsec_fields, NULL 338 }; 339 const OncValueSignature kXAUTHSignature = { 340 base::Value::TYPE_DICTIONARY, xauth_fields, NULL 341 }; 342 const OncValueSignature kL2TPSignature = { 343 base::Value::TYPE_DICTIONARY, l2tp_fields, NULL 344 }; 345 const OncValueSignature kOpenVPNSignature = { 346 base::Value::TYPE_DICTIONARY, openvpn_fields, NULL 347 }; 348 const OncValueSignature kVerifyX509Signature = { 349 base::Value::TYPE_DICTIONARY, verify_x509_fields, NULL 350 }; 351 const OncValueSignature kVPNSignature = { 352 base::Value::TYPE_DICTIONARY, vpn_fields, NULL 353 }; 354 const OncValueSignature kEthernetSignature = { 355 base::Value::TYPE_DICTIONARY, ethernet_fields, NULL 356 }; 357 const OncValueSignature kIPConfigSignature = { 358 base::Value::TYPE_DICTIONARY, ipconfig_fields, NULL 359 }; 360 const OncValueSignature kProxyLocationSignature = { 361 base::Value::TYPE_DICTIONARY, proxy_location_fields, NULL 362 }; 363 const OncValueSignature kProxyManualSignature = { 364 base::Value::TYPE_DICTIONARY, proxy_manual_fields, NULL 365 }; 366 const OncValueSignature kProxySettingsSignature = { 367 base::Value::TYPE_DICTIONARY, proxy_settings_fields, NULL 368 }; 369 const OncValueSignature kWiFiSignature = { 370 base::Value::TYPE_DICTIONARY, wifi_fields, NULL 371 }; 372 const OncValueSignature kCertificateSignature = { 373 base::Value::TYPE_DICTIONARY, certificate_fields, NULL 374 }; 375 const OncValueSignature kNetworkConfigurationSignature = { 376 base::Value::TYPE_DICTIONARY, network_configuration_fields, NULL 377 }; 378 const OncValueSignature kGlobalNetworkConfigurationSignature = { 379 base::Value::TYPE_DICTIONARY, global_network_configuration_fields, NULL 380 }; 381 const OncValueSignature kCertificateListSignature = { 382 base::Value::TYPE_LIST, NULL, &kCertificateSignature 383 }; 384 const OncValueSignature kNetworkConfigurationListSignature = { 385 base::Value::TYPE_LIST, NULL, &kNetworkConfigurationSignature 386 }; 387 const OncValueSignature kToplevelConfigurationSignature = { 388 base::Value::TYPE_DICTIONARY, toplevel_configuration_fields, NULL 389 }; 390 391 // Derived "ONC with State" signatures. 392 const OncValueSignature kNetworkWithStateSignature = { 393 base::Value::TYPE_DICTIONARY, network_with_state_fields, NULL, 394 &kNetworkConfigurationSignature 395 }; 396 const OncValueSignature kWiFiWithStateSignature = { 397 base::Value::TYPE_DICTIONARY, wifi_with_state_fields, NULL, &kWiFiSignature 398 }; 399 const OncValueSignature kCellularSignature = { 400 base::Value::TYPE_DICTIONARY, cellular_fields, NULL 401 }; 402 const OncValueSignature kCellularWithStateSignature = { 403 base::Value::TYPE_DICTIONARY, cellular_with_state_fields, NULL, 404 &kCellularSignature 405 }; 406 const OncValueSignature kCellularProviderSignature = { 407 base::Value::TYPE_DICTIONARY, cellular_provider_fields, NULL 408 }; 409 const OncValueSignature kCellularApnSignature = { 410 base::Value::TYPE_DICTIONARY, cellular_apn_fields, NULL 411 }; 412 413 const OncFieldSignature* GetFieldSignature(const OncValueSignature& signature, 414 const std::string& onc_field_name) { 415 if (!signature.fields) 416 return NULL; 417 for (const OncFieldSignature* field_signature = signature.fields; 418 field_signature->onc_field_name != NULL; ++field_signature) { 419 if (onc_field_name == field_signature->onc_field_name) 420 return field_signature; 421 } 422 if (signature.base_signature) 423 return GetFieldSignature(*signature.base_signature, onc_field_name); 424 return NULL; 425 } 426 427 namespace { 428 429 struct CredentialEntry { 430 const OncValueSignature* value_signature; 431 const char* field_name; 432 }; 433 434 const CredentialEntry credentials[] = { 435 {&kEAPSignature, ::onc::eap::kPassword}, 436 {&kIPsecSignature, ::onc::ipsec::kPSK}, 437 {&kXAUTHSignature, ::onc::vpn::kPassword}, 438 {&kL2TPSignature, ::onc::vpn::kPassword}, 439 {&kOpenVPNSignature, ::onc::vpn::kPassword}, 440 {&kOpenVPNSignature, ::onc::openvpn::kTLSAuthContents}, 441 {&kWiFiSignature, ::onc::wifi::kPassphrase}, 442 {&kCellularApnSignature, ::onc::cellular_apn::kPassword}, 443 {NULL}}; 444 445 } // namespace 446 447 bool FieldIsCredential(const OncValueSignature& signature, 448 const std::string& onc_field_name) { 449 for (const CredentialEntry* entry = credentials; 450 entry->value_signature != NULL; ++entry) { 451 if (&signature == entry->value_signature && 452 onc_field_name == entry->field_name) { 453 return true; 454 } 455 } 456 return false; 457 } 458 459 } // namespace onc 460 } // namespace chromeos 461
