1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROMEOS_NETWORK_ONC_ONC_UTILS_H_ 6 #define CHROMEOS_NETWORK_ONC_ONC_UTILS_H_ 7 8 #include <map> 9 #include <memory> 10 #include <string> 11 #include <vector> 12 13 #include "base/component_export.h" 14 #include "base/memory/ref_counted.h" 15 #include "chromeos/network/network_type_pattern.h" 16 #include "chromeos/network/onc/variable_expander.h" 17 #include "components/onc/onc_constants.h" 18 #include "net/cert/scoped_nss_types.h" 19 20 class PrefService; 21 22 namespace base { 23 class DictionaryValue; 24 class ListValue; 25 } 26 27 namespace user_manager { 28 class User; 29 } 30 31 namespace chromeos { 32 33 class NetworkState; 34 35 namespace onc { 36 37 struct OncValueSignature; 38 39 // A valid but empty (no networks and no certificates) and unencrypted 40 // configuration. 41 COMPONENT_EXPORT(CHROMEOS_NETWORK) 42 extern const char kEmptyUnencryptedConfiguration[]; 43 44 typedef std::map<std::string, std::string> CertPEMsByGUIDMap; 45 46 // Parses |json| according to the JSON format. If |json| is a JSON formatted 47 // dictionary, the function returns the dictionary value, otherwise returns 48 // an empty Value. 49 COMPONENT_EXPORT(CHROMEOS_NETWORK) 50 base::Value ReadDictionaryFromJson(const std::string& json); 51 52 // Decrypts the given EncryptedConfiguration |onc| (see the ONC specification) 53 // using |passphrase|. The resulting UnencryptedConfiguration is returned. If an 54 // error occurs, returns an empty Value. 55 COMPONENT_EXPORT(CHROMEOS_NETWORK) 56 base::Value Decrypt(const std::string& passphrase, const base::Value& onc); 57 58 // For logging only: strings not user facing. 59 COMPONENT_EXPORT(CHROMEOS_NETWORK) 60 std::string GetSourceAsString(::onc::ONCSource source); 61 62 // Replaces all expandable fields that are mentioned in the ONC 63 // specification. The object of |onc_object| is modified in place. 64 // The substitution is performed using the passed |variable_expander|, which 65 // defines the placeholder-value mapping. 66 COMPONENT_EXPORT(CHROMEOS_NETWORK) 67 void ExpandStringsInOncObject(const OncValueSignature& signature, 68 const VariableExpander& variable_expander, 69 base::DictionaryValue* onc_object); 70 71 // Replaces expandable fields in the networks of |network_configs|, which must 72 // be a list of ONC NetworkConfigurations. See ExpandStringsInOncObject above. 73 COMPONENT_EXPORT(CHROMEOS_NETWORK) 74 void ExpandStringsInNetworks(const VariableExpander& variable_expander, 75 base::ListValue* network_configs); 76 77 // Fills in all missing HexSSID fields that are mentioned in the ONC 78 // specification. The object of |onc_object| is modified in place. 79 COMPONENT_EXPORT(CHROMEOS_NETWORK) 80 void FillInHexSSIDFieldsInOncObject(const OncValueSignature& signature, 81 base::Value* onc_object); 82 83 // If the SSID field is set, but HexSSID is not, converts the contents of the 84 // SSID field to UTF-8 encoding, creates the hex representation and assigns the 85 // result to HexSSID. 86 COMPONENT_EXPORT(CHROMEOS_NETWORK) 87 void FillInHexSSIDField(base::Value* wifi_fields); 88 89 // Creates a copy of |onc_object| with all values of sensitive fields replaced 90 // by |mask|. To find sensitive fields, signature and field name are checked 91 // with the function FieldIsCredential(). 92 COMPONENT_EXPORT(CHROMEOS_NETWORK) 93 base::Value MaskCredentialsInOncObject(const OncValueSignature& signature, 94 const base::Value& onc_object, 95 const std::string& mask); 96 97 // Decrypts |onc_blob| with |passphrase| if necessary. Clears |network_configs|, 98 // |global_network_config| and |certificates| and fills them with the validated 99 // NetworkConfigurations, GlobalNetworkConfiguration and Certificates of 100 // |onc_blob|. Callers can pass nullptr as any of |network_configs|, 101 // |global_network_config|, |certificates| if they're not interested in the 102 // respective values. Returns false if any validation errors or warnings 103 // occurred in any segments (i.e. not only those requested by the caller). Even 104 // if false is returned, some configuration might be added to the output 105 // arguments and should be further processed by the caller. 106 COMPONENT_EXPORT(CHROMEOS_NETWORK) 107 bool ParseAndValidateOncForImport(const std::string& onc_blob, 108 ::onc::ONCSource onc_source, 109 const std::string& passphrase, 110 base::ListValue* network_configs, 111 base::DictionaryValue* global_network_config, 112 base::ListValue* certificates); 113 114 // Parse the given PEM encoded certificate |pem_encoded| and return the 115 // contained DER encoding. Returns an empty string on failure. 116 std::string DecodePEM(const std::string& pem_encoded); 117 118 // Parse the given PEM encoded certificate |pem_encoded| and create a 119 // CERTCertificate from it. 120 COMPONENT_EXPORT(CHROMEOS_NETWORK) 121 net::ScopedCERTCertificate DecodePEMCertificate(const std::string& pem_encoded); 122 123 // Replaces all references by GUID to Server or CA certs by their PEM 124 // encoding. Returns true if all references could be resolved. Otherwise returns 125 // false and network configurations with unresolveable references are removed 126 // from |network_configs|. |network_configs| must be a list of ONC 127 // NetworkConfiguration dictionaries. 128 COMPONENT_EXPORT(CHROMEOS_NETWORK) 129 bool ResolveServerCertRefsInNetworks(const CertPEMsByGUIDMap& certs_by_guid, 130 base::ListValue* network_configs); 131 132 // Replaces all references by GUID to Server or CA certs by their PEM 133 // encoding. Returns true if all references could be resolved. |network_config| 134 // must be a ONC NetworkConfiguration. 135 COMPONENT_EXPORT(CHROMEOS_NETWORK) 136 bool ResolveServerCertRefsInNetwork(const CertPEMsByGUIDMap& certs_by_guid, 137 base::DictionaryValue* network_config); 138 139 // Returns a network type pattern for matching the ONC type string. 140 COMPONENT_EXPORT(CHROMEOS_NETWORK) 141 NetworkTypePattern NetworkTypePatternFromOncType(const std::string& type); 142 143 // Translates |onc_proxy_settings|, which must be a valid ONC ProxySettings 144 // dictionary, to a ProxyConfig dictionary (see proxy_config_dictionary.h). 145 COMPONENT_EXPORT(CHROMEOS_NETWORK) 146 base::Value ConvertOncProxySettingsToProxyConfig( 147 const base::Value& onc_proxy_settings); 148 149 // Translates |proxy_config_value|, which must be a valid ProxyConfig dictionary 150 // (see proxy_config_dictionary.h) to an ONC ProxySettings dictionary. 151 COMPONENT_EXPORT(CHROMEOS_NETWORK) 152 base::Value ConvertProxyConfigToOncProxySettings( 153 const base::Value& proxy_config_value); 154 155 // Replaces user-specific string placeholders in |network_configs|, which must 156 // be a list of ONC NetworkConfigurations. Currently only user name placeholders 157 // are implemented, which are replaced by attributes from |user|. 158 COMPONENT_EXPORT(CHROMEOS_NETWORK) 159 void ExpandStringPlaceholdersInNetworksForUser( 160 const user_manager::User* user, 161 base::ListValue* network_configs); 162 163 // Returns the number of networks successfully imported. 164 COMPONENT_EXPORT(CHROMEOS_NETWORK) 165 int ImportNetworksForUser(const user_manager::User* user, 166 const base::ListValue& network_configs, 167 std::string* error); 168 169 // Looks up the policy for |guid| for the current active user and sets 170 // |global_config| (if not NULL) and |onc_source| (if not NULL) accordingly. If 171 // |guid| is empty, returns NULL and sets the |global_config| and |onc_source| 172 // if a policy is found. 173 COMPONENT_EXPORT(CHROMEOS_NETWORK) 174 const base::DictionaryValue* FindPolicyForActiveUser( 175 const std::string& guid, 176 ::onc::ONCSource* onc_source); 177 178 // Convenvience function to retrieve the "AllowOnlyPolicyNetworksToAutoconnect" 179 // setting from the global network configuration (see 180 // GetGlobalConfigFromPolicy). 181 COMPONENT_EXPORT(CHROMEOS_NETWORK) 182 bool PolicyAllowsOnlyPolicyNetworksToAutoconnect(bool for_active_user); 183 184 // Returns the effective (user or device) policy for network |network|. Both 185 // |profile_prefs| and |local_state_prefs| might be NULL. Returns NULL if no 186 // applicable policy is found. Sets |onc_source| accordingly. 187 COMPONENT_EXPORT(CHROMEOS_NETWORK) 188 const base::DictionaryValue* GetPolicyForNetwork( 189 const PrefService* profile_prefs, 190 const PrefService* local_state_prefs, 191 const NetworkState& network, 192 ::onc::ONCSource* onc_source); 193 194 // Convenience function to check only whether a policy for a network exists. 195 COMPONENT_EXPORT(CHROMEOS_NETWORK) 196 bool HasPolicyForNetwork(const PrefService* profile_prefs, 197 const PrefService* local_state_prefs, 198 const NetworkState& network); 199 200 // Checks whether a WiFi dictionary object has the ${PASSWORD} substitution 201 // variable set as the password. 202 COMPONENT_EXPORT(CHROMEOS_NETWORK) 203 bool HasUserPasswordSubsitutionVariable(const OncValueSignature& signature, 204 base::DictionaryValue* onc_object); 205 206 // Checks whether a list of network objects has at least one network with the 207 // ${PASSWORD} substitution variable set as the password. 208 COMPONENT_EXPORT(CHROMEOS_NETWORK) 209 bool HasUserPasswordSubsitutionVariable(base::ListValue* network_configs); 210 211 } // namespace onc 212 } // namespace chromeos 213 214 #endif // CHROMEOS_NETWORK_ONC_ONC_UTILS_H_ 215