1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CHROMEOS_NETWORK_ONC_ONC_UTILS_H_
6 #define CHROMEOS_NETWORK_ONC_ONC_UTILS_H_
7 
8 #include <map>
9 #include <memory>
10 #include <string>
11 #include <vector>
12 
13 #include "base/component_export.h"
14 #include "base/memory/ref_counted.h"
15 #include "chromeos/network/network_type_pattern.h"
16 #include "chromeos/network/onc/variable_expander.h"
17 #include "components/onc/onc_constants.h"
18 #include "net/cert/scoped_nss_types.h"
19 
20 class PrefService;
21 
22 namespace base {
23 class DictionaryValue;
24 class ListValue;
25 }
26 
27 namespace user_manager {
28 class User;
29 }
30 
31 namespace chromeos {
32 
33 class NetworkState;
34 
35 namespace onc {
36 
37 struct OncValueSignature;
38 
39 // A valid but empty (no networks and no certificates) and unencrypted
40 // configuration.
41 COMPONENT_EXPORT(CHROMEOS_NETWORK)
42 extern const char kEmptyUnencryptedConfiguration[];
43 
44 typedef std::map<std::string, std::string> CertPEMsByGUIDMap;
45 
46 // Parses |json| according to the JSON format. If |json| is a JSON formatted
47 // dictionary, the function returns the dictionary value, otherwise returns
48 // an empty Value.
49 COMPONENT_EXPORT(CHROMEOS_NETWORK)
50 base::Value ReadDictionaryFromJson(const std::string& json);
51 
52 // Decrypts the given EncryptedConfiguration |onc| (see the ONC specification)
53 // using |passphrase|. The resulting UnencryptedConfiguration is returned. If an
54 // error occurs, returns an empty Value.
55 COMPONENT_EXPORT(CHROMEOS_NETWORK)
56 base::Value Decrypt(const std::string& passphrase, const base::Value& onc);
57 
58 // For logging only: strings not user facing.
59 COMPONENT_EXPORT(CHROMEOS_NETWORK)
60 std::string GetSourceAsString(::onc::ONCSource source);
61 
62 // Replaces all expandable fields that are mentioned in the ONC
63 // specification. The object of |onc_object| is modified in place.
64 // The substitution is performed using the passed |variable_expander|, which
65 // defines the placeholder-value mapping.
66 COMPONENT_EXPORT(CHROMEOS_NETWORK)
67 void ExpandStringsInOncObject(const OncValueSignature& signature,
68                               const VariableExpander& variable_expander,
69                               base::DictionaryValue* onc_object);
70 
71 // Replaces expandable fields in the networks of |network_configs|, which must
72 // be a list of ONC NetworkConfigurations. See ExpandStringsInOncObject above.
73 COMPONENT_EXPORT(CHROMEOS_NETWORK)
74 void ExpandStringsInNetworks(const VariableExpander& variable_expander,
75                              base::ListValue* network_configs);
76 
77 // Fills in all missing HexSSID fields that are mentioned in the ONC
78 // specification. The object of |onc_object| is modified in place.
79 COMPONENT_EXPORT(CHROMEOS_NETWORK)
80 void FillInHexSSIDFieldsInOncObject(const OncValueSignature& signature,
81                                     base::Value* onc_object);
82 
83 // If the SSID field is set, but HexSSID is not, converts the contents of the
84 // SSID field to UTF-8 encoding, creates the hex representation and assigns the
85 // result to HexSSID.
86 COMPONENT_EXPORT(CHROMEOS_NETWORK)
87 void FillInHexSSIDField(base::Value* wifi_fields);
88 
89 // Creates a copy of |onc_object| with all values of sensitive fields replaced
90 // by |mask|. To find sensitive fields, signature and field name are checked
91 // with the function FieldIsCredential().
92 COMPONENT_EXPORT(CHROMEOS_NETWORK)
93 base::Value MaskCredentialsInOncObject(const OncValueSignature& signature,
94                                        const base::Value& onc_object,
95                                        const std::string& mask);
96 
97 // Decrypts |onc_blob| with |passphrase| if necessary. Clears |network_configs|,
98 // |global_network_config| and |certificates| and fills them with the validated
99 // NetworkConfigurations, GlobalNetworkConfiguration and Certificates of
100 // |onc_blob|. Callers can pass nullptr as any of |network_configs|,
101 // |global_network_config|, |certificates| if they're not interested in the
102 // respective values. Returns false if any validation errors or warnings
103 // occurred in any segments (i.e. not only those requested by the caller). Even
104 // if false is returned, some configuration might be added to the output
105 // arguments and should be further processed by the caller.
106 COMPONENT_EXPORT(CHROMEOS_NETWORK)
107 bool ParseAndValidateOncForImport(const std::string& onc_blob,
108                                   ::onc::ONCSource onc_source,
109                                   const std::string& passphrase,
110                                   base::ListValue* network_configs,
111                                   base::DictionaryValue* global_network_config,
112                                   base::ListValue* certificates);
113 
114 // Parse the given PEM encoded certificate |pem_encoded| and return the
115 // contained DER encoding. Returns an empty string on failure.
116 std::string DecodePEM(const std::string& pem_encoded);
117 
118 // Parse the given PEM encoded certificate |pem_encoded| and create a
119 // CERTCertificate from it.
120 COMPONENT_EXPORT(CHROMEOS_NETWORK)
121 net::ScopedCERTCertificate DecodePEMCertificate(const std::string& pem_encoded);
122 
123 // Replaces all references by GUID to Server or CA certs by their PEM
124 // encoding. Returns true if all references could be resolved. Otherwise returns
125 // false and network configurations with unresolveable references are removed
126 // from |network_configs|. |network_configs| must be a list of ONC
127 // NetworkConfiguration dictionaries.
128 COMPONENT_EXPORT(CHROMEOS_NETWORK)
129 bool ResolveServerCertRefsInNetworks(const CertPEMsByGUIDMap& certs_by_guid,
130                                      base::ListValue* network_configs);
131 
132 // Replaces all references by GUID to Server or CA certs by their PEM
133 // encoding. Returns true if all references could be resolved. |network_config|
134 // must be a ONC NetworkConfiguration.
135 COMPONENT_EXPORT(CHROMEOS_NETWORK)
136 bool ResolveServerCertRefsInNetwork(const CertPEMsByGUIDMap& certs_by_guid,
137                                     base::DictionaryValue* network_config);
138 
139 // Returns a network type pattern for matching the ONC type string.
140 COMPONENT_EXPORT(CHROMEOS_NETWORK)
141 NetworkTypePattern NetworkTypePatternFromOncType(const std::string& type);
142 
143 // Translates |onc_proxy_settings|, which must be a valid ONC ProxySettings
144 // dictionary, to a ProxyConfig dictionary (see proxy_config_dictionary.h).
145 COMPONENT_EXPORT(CHROMEOS_NETWORK)
146 base::Value ConvertOncProxySettingsToProxyConfig(
147     const base::Value& onc_proxy_settings);
148 
149 // Translates |proxy_config_value|, which must be a valid ProxyConfig dictionary
150 // (see proxy_config_dictionary.h) to an ONC ProxySettings dictionary.
151 COMPONENT_EXPORT(CHROMEOS_NETWORK)
152 base::Value ConvertProxyConfigToOncProxySettings(
153     const base::Value& proxy_config_value);
154 
155 // Replaces user-specific string placeholders in |network_configs|, which must
156 // be a list of ONC NetworkConfigurations. Currently only user name placeholders
157 // are implemented, which are replaced by attributes from |user|.
158 COMPONENT_EXPORT(CHROMEOS_NETWORK)
159 void ExpandStringPlaceholdersInNetworksForUser(
160     const user_manager::User* user,
161     base::ListValue* network_configs);
162 
163 // Returns the number of networks successfully imported.
164 COMPONENT_EXPORT(CHROMEOS_NETWORK)
165 int ImportNetworksForUser(const user_manager::User* user,
166                           const base::ListValue& network_configs,
167                           std::string* error);
168 
169 // Looks up the policy for |guid| for the current active user and sets
170 // |global_config| (if not NULL) and |onc_source| (if not NULL) accordingly. If
171 // |guid| is empty, returns NULL and sets the |global_config| and |onc_source|
172 // if a policy is found.
173 COMPONENT_EXPORT(CHROMEOS_NETWORK)
174 const base::DictionaryValue* FindPolicyForActiveUser(
175     const std::string& guid,
176     ::onc::ONCSource* onc_source);
177 
178 // Convenvience function to retrieve the "AllowOnlyPolicyNetworksToAutoconnect"
179 // setting from the global network configuration (see
180 // GetGlobalConfigFromPolicy).
181 COMPONENT_EXPORT(CHROMEOS_NETWORK)
182 bool PolicyAllowsOnlyPolicyNetworksToAutoconnect(bool for_active_user);
183 
184 // Returns the effective (user or device) policy for network |network|. Both
185 // |profile_prefs| and |local_state_prefs| might be NULL. Returns NULL if no
186 // applicable policy is found. Sets |onc_source| accordingly.
187 COMPONENT_EXPORT(CHROMEOS_NETWORK)
188 const base::DictionaryValue* GetPolicyForNetwork(
189     const PrefService* profile_prefs,
190     const PrefService* local_state_prefs,
191     const NetworkState& network,
192     ::onc::ONCSource* onc_source);
193 
194 // Convenience function to check only whether a policy for a network exists.
195 COMPONENT_EXPORT(CHROMEOS_NETWORK)
196 bool HasPolicyForNetwork(const PrefService* profile_prefs,
197                          const PrefService* local_state_prefs,
198                          const NetworkState& network);
199 
200 // Checks whether a WiFi dictionary object has the ${PASSWORD} substitution
201 // variable set as the password.
202 COMPONENT_EXPORT(CHROMEOS_NETWORK)
203 bool HasUserPasswordSubsitutionVariable(const OncValueSignature& signature,
204                                         base::DictionaryValue* onc_object);
205 
206 // Checks whether a list of network objects has at least one network with the
207 // ${PASSWORD} substitution variable set as the password.
208 COMPONENT_EXPORT(CHROMEOS_NETWORK)
209 bool HasUserPasswordSubsitutionVariable(base::ListValue* network_configs);
210 
211 }  // namespace onc
212 }  // namespace chromeos
213 
214 #endif  // CHROMEOS_NETWORK_ONC_ONC_UTILS_H_
215