This source file includes following definitions.
- NormalizeObject
- MapObject
- RemoveEntryUnless
- NormalizeCertificate
- NormalizeEthernet
- NormalizeEAP
- NormalizeIPsec
- NormalizeNetworkConfiguration
- NormalizeOpenVPN
- NormalizeProxySettings
- NormalizeVPN
- NormalizeWiFi
#include "chromeos/network/onc/onc_normalizer.h"
#include <string>
#include "base/logging.h"
#include "base/values.h"
#include "chromeos/network/onc/onc_signature.h"
#include "components/onc/onc_constants.h"
namespace chromeos {
namespace onc {
Normalizer::Normalizer(bool remove_recommended_fields)
: remove_recommended_fields_(remove_recommended_fields) {
}
Normalizer::~Normalizer() {
}
scoped_ptr<base::DictionaryValue> Normalizer::NormalizeObject(
const OncValueSignature* object_signature,
const base::DictionaryValue& onc_object) {
CHECK(object_signature != NULL);
bool error = false;
scoped_ptr<base::DictionaryValue> result =
MapObject(*object_signature, onc_object, &error);
DCHECK(!error);
return result.Pass();
}
scoped_ptr<base::DictionaryValue> Normalizer::MapObject(
const OncValueSignature& signature,
const base::DictionaryValue& onc_object,
bool* error) {
scoped_ptr<base::DictionaryValue> normalized =
Mapper::MapObject(signature, onc_object, error);
if (normalized.get() == NULL)
return scoped_ptr<base::DictionaryValue>();
if (remove_recommended_fields_)
normalized->RemoveWithoutPathExpansion(::onc::kRecommended, NULL);
if (&signature == &kCertificateSignature)
NormalizeCertificate(normalized.get());
else if (&signature == &kEAPSignature)
NormalizeEAP(normalized.get());
else if (&signature == &kEthernetSignature)
NormalizeEthernet(normalized.get());
else if (&signature == &kIPsecSignature)
NormalizeIPsec(normalized.get());
else if (&signature == &kNetworkConfigurationSignature)
NormalizeNetworkConfiguration(normalized.get());
else if (&signature == &kOpenVPNSignature)
NormalizeOpenVPN(normalized.get());
else if (&signature == &kProxySettingsSignature)
NormalizeProxySettings(normalized.get());
else if (&signature == &kVPNSignature)
NormalizeVPN(normalized.get());
else if (&signature == &kWiFiSignature)
NormalizeWiFi(normalized.get());
return normalized.Pass();
}
namespace {
void RemoveEntryUnless(base::DictionaryValue* dict,
const std::string& path,
bool condition) {
if (!condition)
dict->RemoveWithoutPathExpansion(path, NULL);
}
}
void Normalizer::NormalizeCertificate(base::DictionaryValue* cert) {
using namespace ::onc::certificate;
bool remove = false;
cert->GetBooleanWithoutPathExpansion(::onc::kRemove, &remove);
RemoveEntryUnless(cert, ::onc::certificate::kType, !remove);
std::string type;
cert->GetStringWithoutPathExpansion(::onc::certificate::kType, &type);
RemoveEntryUnless(cert, kPKCS12, type == kClient);
RemoveEntryUnless(cert, kTrustBits, type == kServer || type == kAuthority);
RemoveEntryUnless(cert, kX509, type == kServer || type == kAuthority);
}
void Normalizer::NormalizeEthernet(base::DictionaryValue* ethernet) {
using namespace ::onc::ethernet;
std::string auth;
ethernet->GetStringWithoutPathExpansion(kAuthentication, &auth);
RemoveEntryUnless(ethernet, kEAP, auth == k8021X);
}
void Normalizer::NormalizeEAP(base::DictionaryValue* eap) {
using namespace ::onc::eap;
std::string clientcert_type;
eap->GetStringWithoutPathExpansion(kClientCertType, &clientcert_type);
RemoveEntryUnless(
eap, kClientCertPattern, clientcert_type == ::onc::certificate::kPattern);
RemoveEntryUnless(
eap, kClientCertRef, clientcert_type == ::onc::certificate::kRef);
std::string outer;
eap->GetStringWithoutPathExpansion(kOuter, &outer);
RemoveEntryUnless(eap, kAnonymousIdentity,
outer == kPEAP || outer == kEAP_TTLS);
RemoveEntryUnless(eap, kInner,
outer == kPEAP || outer == kEAP_TTLS || outer == kEAP_FAST);
}
void Normalizer::NormalizeIPsec(base::DictionaryValue* ipsec) {
using namespace ::onc::ipsec;
std::string auth_type;
ipsec->GetStringWithoutPathExpansion(kAuthenticationType, &auth_type);
RemoveEntryUnless(ipsec, ::onc::vpn::kClientCertType, auth_type == kCert);
RemoveEntryUnless(ipsec, kServerCARef, auth_type == kCert);
RemoveEntryUnless(ipsec, kPSK, auth_type == kPSK);
RemoveEntryUnless(ipsec, ::onc::vpn::kSaveCredentials, auth_type == kPSK);
std::string clientcert_type;
ipsec->GetStringWithoutPathExpansion(::onc::vpn::kClientCertType,
&clientcert_type);
RemoveEntryUnless(ipsec,
::onc::vpn::kClientCertPattern,
clientcert_type == ::onc::certificate::kPattern);
RemoveEntryUnless(ipsec,
::onc::vpn::kClientCertRef,
clientcert_type == ::onc::certificate::kRef);
int ike_version = -1;
ipsec->GetIntegerWithoutPathExpansion(kIKEVersion, &ike_version);
RemoveEntryUnless(ipsec, kEAP, ike_version == 2);
RemoveEntryUnless(ipsec, kGroup, ike_version == 1);
RemoveEntryUnless(ipsec, kXAUTH, ike_version == 1);
}
void Normalizer::NormalizeNetworkConfiguration(base::DictionaryValue* network) {
bool remove = false;
network->GetBooleanWithoutPathExpansion(::onc::kRemove, &remove);
if (remove) {
network->RemoveWithoutPathExpansion(::onc::network_config::kIPConfigs,
NULL);
network->RemoveWithoutPathExpansion(::onc::network_config::kName, NULL);
network->RemoveWithoutPathExpansion(::onc::network_config::kNameServers,
NULL);
network->RemoveWithoutPathExpansion(::onc::network_config::kProxySettings,
NULL);
network->RemoveWithoutPathExpansion(::onc::network_config::kSearchDomains,
NULL);
network->RemoveWithoutPathExpansion(::onc::network_config::kType, NULL);
}
std::string type;
network->GetStringWithoutPathExpansion(::onc::network_config::kType, &type);
RemoveEntryUnless(network,
::onc::network_config::kEthernet,
type == ::onc::network_type::kEthernet);
RemoveEntryUnless(
network, ::onc::network_config::kVPN, type == ::onc::network_type::kVPN);
RemoveEntryUnless(network,
::onc::network_config::kWiFi,
type == ::onc::network_type::kWiFi);
}
void Normalizer::NormalizeOpenVPN(base::DictionaryValue* openvpn) {
using namespace ::onc::vpn;
std::string clientcert_type;
openvpn->GetStringWithoutPathExpansion(kClientCertType, &clientcert_type);
RemoveEntryUnless(openvpn,
kClientCertPattern,
clientcert_type == ::onc::certificate::kPattern);
RemoveEntryUnless(
openvpn, kClientCertRef, clientcert_type == ::onc::certificate::kRef);
}
void Normalizer::NormalizeProxySettings(base::DictionaryValue* proxy) {
using namespace ::onc::proxy;
std::string type;
proxy->GetStringWithoutPathExpansion(::onc::proxy::kType, &type);
RemoveEntryUnless(proxy, kManual, type == kManual);
RemoveEntryUnless(proxy, kExcludeDomains, type == kManual);
RemoveEntryUnless(proxy, kPAC, type == kPAC);
}
void Normalizer::NormalizeVPN(base::DictionaryValue* vpn) {
using namespace ::onc::vpn;
std::string type;
vpn->GetStringWithoutPathExpansion(::onc::vpn::kType, &type);
RemoveEntryUnless(vpn, kOpenVPN, type == kOpenVPN);
RemoveEntryUnless(vpn, kIPsec, type == kIPsec || type == kTypeL2TP_IPsec);
RemoveEntryUnless(vpn, kL2TP, type == kTypeL2TP_IPsec);
}
void Normalizer::NormalizeWiFi(base::DictionaryValue* wifi) {
using namespace ::onc::wifi;
std::string security;
wifi->GetStringWithoutPathExpansion(::onc::wifi::kSecurity, &security);
RemoveEntryUnless(wifi, kEAP, security == kWEP_8021X || security == kWPA_EAP);
RemoveEntryUnless(wifi, kPassphrase,
security == kWEP_PSK || security == kWPA_PSK);
}
}
}