1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chromeos/network/onc/onc_normalizer.h"
9 #include "base/logging.h"
10 #include "base/values.h"
11 #include "chromeos/network/onc/onc_signature.h"
12 #include "components/onc/onc_constants.h"
17 Normalizer::Normalizer(bool remove_recommended_fields)
18 : remove_recommended_fields_(remove_recommended_fields) {
21 Normalizer::~Normalizer() {
24 scoped_ptr<base::DictionaryValue> Normalizer::NormalizeObject(
25 const OncValueSignature* object_signature,
26 const base::DictionaryValue& onc_object) {
27 CHECK(object_signature != NULL);
29 scoped_ptr<base::DictionaryValue> result =
30 MapObject(*object_signature, onc_object, &error);
35 scoped_ptr<base::DictionaryValue> Normalizer::MapObject(
36 const OncValueSignature& signature,
37 const base::DictionaryValue& onc_object,
39 scoped_ptr<base::DictionaryValue> normalized =
40 Mapper::MapObject(signature, onc_object, error);
42 if (normalized.get() == NULL)
43 return scoped_ptr<base::DictionaryValue>();
45 if (remove_recommended_fields_)
46 normalized->RemoveWithoutPathExpansion(::onc::kRecommended, NULL);
48 if (&signature == &kCertificateSignature)
49 NormalizeCertificate(normalized.get());
50 else if (&signature == &kEAPSignature)
51 NormalizeEAP(normalized.get());
52 else if (&signature == &kEthernetSignature)
53 NormalizeEthernet(normalized.get());
54 else if (&signature == &kIPsecSignature)
55 NormalizeIPsec(normalized.get());
56 else if (&signature == &kNetworkConfigurationSignature)
57 NormalizeNetworkConfiguration(normalized.get());
58 else if (&signature == &kOpenVPNSignature)
59 NormalizeOpenVPN(normalized.get());
60 else if (&signature == &kProxySettingsSignature)
61 NormalizeProxySettings(normalized.get());
62 else if (&signature == &kVPNSignature)
63 NormalizeVPN(normalized.get());
64 else if (&signature == &kWiFiSignature)
65 NormalizeWiFi(normalized.get());
67 return normalized.Pass();
72 void RemoveEntryUnless(base::DictionaryValue* dict,
73 const std::string& path,
76 dict->RemoveWithoutPathExpansion(path, NULL);
81 void Normalizer::NormalizeCertificate(base::DictionaryValue* cert) {
82 using namespace ::onc::certificate;
85 cert->GetBooleanWithoutPathExpansion(::onc::kRemove, &remove);
86 RemoveEntryUnless(cert, ::onc::certificate::kType, !remove);
89 cert->GetStringWithoutPathExpansion(::onc::certificate::kType, &type);
90 RemoveEntryUnless(cert, kPKCS12, type == kClient);
91 RemoveEntryUnless(cert, kTrustBits, type == kServer || type == kAuthority);
92 RemoveEntryUnless(cert, kX509, type == kServer || type == kAuthority);
95 void Normalizer::NormalizeEthernet(base::DictionaryValue* ethernet) {
96 using namespace ::onc::ethernet;
99 ethernet->GetStringWithoutPathExpansion(kAuthentication, &auth);
100 RemoveEntryUnless(ethernet, kEAP, auth == k8021X);
103 void Normalizer::NormalizeEAP(base::DictionaryValue* eap) {
104 using namespace ::onc::eap;
106 std::string clientcert_type;
107 eap->GetStringWithoutPathExpansion(::onc::client_cert::kClientCertType,
109 RemoveEntryUnless(eap,
110 ::onc::client_cert::kClientCertPattern,
111 clientcert_type == ::onc::client_cert::kPattern);
112 RemoveEntryUnless(eap,
113 ::onc::client_cert::kClientCertRef,
114 clientcert_type == ::onc::client_cert::kRef);
117 eap->GetStringWithoutPathExpansion(kOuter, &outer);
118 RemoveEntryUnless(eap, kAnonymousIdentity,
119 outer == kPEAP || outer == kEAP_TTLS);
120 RemoveEntryUnless(eap, kInner,
121 outer == kPEAP || outer == kEAP_TTLS || outer == kEAP_FAST);
124 void Normalizer::NormalizeIPsec(base::DictionaryValue* ipsec) {
125 using namespace ::onc::ipsec;
127 std::string auth_type;
128 ipsec->GetStringWithoutPathExpansion(kAuthenticationType, &auth_type);
130 ipsec, ::onc::client_cert::kClientCertType, auth_type == kCert);
131 RemoveEntryUnless(ipsec, kServerCARef, auth_type == kCert);
132 RemoveEntryUnless(ipsec, kPSK, auth_type == kPSK);
133 RemoveEntryUnless(ipsec, ::onc::vpn::kSaveCredentials, auth_type == kPSK);
135 std::string clientcert_type;
136 ipsec->GetStringWithoutPathExpansion(::onc::client_cert::kClientCertType,
138 RemoveEntryUnless(ipsec,
139 ::onc::client_cert::kClientCertPattern,
140 clientcert_type == ::onc::client_cert::kPattern);
141 RemoveEntryUnless(ipsec,
142 ::onc::client_cert::kClientCertRef,
143 clientcert_type == ::onc::client_cert::kRef);
145 int ike_version = -1;
146 ipsec->GetIntegerWithoutPathExpansion(kIKEVersion, &ike_version);
147 RemoveEntryUnless(ipsec, kEAP, ike_version == 2);
148 RemoveEntryUnless(ipsec, kGroup, ike_version == 1);
149 RemoveEntryUnless(ipsec, kXAUTH, ike_version == 1);
152 void Normalizer::NormalizeNetworkConfiguration(base::DictionaryValue* network) {
154 network->GetBooleanWithoutPathExpansion(::onc::kRemove, &remove);
156 network->RemoveWithoutPathExpansion(::onc::network_config::kStaticIPConfig,
158 network->RemoveWithoutPathExpansion(::onc::network_config::kName, NULL);
159 network->RemoveWithoutPathExpansion(::onc::network_config::kNameServers,
161 network->RemoveWithoutPathExpansion(::onc::network_config::kProxySettings,
163 network->RemoveWithoutPathExpansion(::onc::network_config::kSearchDomains,
165 network->RemoveWithoutPathExpansion(::onc::network_config::kType, NULL);
166 // Fields dependent on kType are removed afterwards, too.
170 network->GetStringWithoutPathExpansion(::onc::network_config::kType, &type);
171 RemoveEntryUnless(network,
172 ::onc::network_config::kEthernet,
173 type == ::onc::network_type::kEthernet);
175 network, ::onc::network_config::kVPN, type == ::onc::network_type::kVPN);
176 RemoveEntryUnless(network,
177 ::onc::network_config::kWiFi,
178 type == ::onc::network_type::kWiFi);
181 void Normalizer::NormalizeOpenVPN(base::DictionaryValue* openvpn) {
182 std::string clientcert_type;
183 openvpn->GetStringWithoutPathExpansion(::onc::client_cert::kClientCertType,
185 RemoveEntryUnless(openvpn,
186 ::onc::client_cert::kClientCertPattern,
187 clientcert_type == ::onc::client_cert::kPattern);
188 RemoveEntryUnless(openvpn,
189 ::onc::client_cert::kClientCertRef,
190 clientcert_type == ::onc::client_cert::kRef);
192 std::string user_auth_type;
193 openvpn->GetStringWithoutPathExpansion(
194 ::onc::openvpn::kUserAuthenticationType, &user_auth_type);
197 ::onc::openvpn::kPassword,
198 user_auth_type == ::onc::openvpn_user_auth_type::kPassword ||
199 user_auth_type == ::onc::openvpn_user_auth_type::kPasswordAndOTP);
202 ::onc::openvpn::kOTP,
203 user_auth_type == ::onc::openvpn_user_auth_type::kOTP ||
204 user_auth_type == ::onc::openvpn_user_auth_type::kPasswordAndOTP);
207 void Normalizer::NormalizeProxySettings(base::DictionaryValue* proxy) {
208 using namespace ::onc::proxy;
211 proxy->GetStringWithoutPathExpansion(::onc::proxy::kType, &type);
212 RemoveEntryUnless(proxy, kManual, type == kManual);
213 RemoveEntryUnless(proxy, kExcludeDomains, type == kManual);
214 RemoveEntryUnless(proxy, kPAC, type == kPAC);
217 void Normalizer::NormalizeVPN(base::DictionaryValue* vpn) {
218 using namespace ::onc::vpn;
221 vpn->GetStringWithoutPathExpansion(::onc::vpn::kType, &type);
222 RemoveEntryUnless(vpn, kOpenVPN, type == kOpenVPN);
223 RemoveEntryUnless(vpn, kIPsec, type == kIPsec || type == kTypeL2TP_IPsec);
224 RemoveEntryUnless(vpn, kL2TP, type == kTypeL2TP_IPsec);
227 void Normalizer::NormalizeWiFi(base::DictionaryValue* wifi) {
228 using namespace ::onc::wifi;
230 std::string security;
231 wifi->GetStringWithoutPathExpansion(::onc::wifi::kSecurity, &security);
232 RemoveEntryUnless(wifi, kEAP, security == kWEP_8021X || security == kWPA_EAP);
233 RemoveEntryUnless(wifi, kPassphrase,
234 security == kWEP_PSK || security == kWPA_PSK);
238 } // namespace chromeos