1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chromeos/network/onc/onc_signature.h"
6
7 #include "components/onc/onc_constants.h"
8 #include "third_party/cros_system_api/dbus/service_constants.h"
9
10 using base::Value;
11
12 namespace chromeos {
13 namespace onc {
14 namespace {
15
16 const OncValueSignature kBoolSignature = {base::Value::Type::BOOLEAN, NULL};
17 const OncValueSignature kStringSignature = {base::Value::Type::STRING, NULL};
18 const OncValueSignature kIntegerSignature = {base::Value::Type::INTEGER, NULL};
19 const OncValueSignature kStringListSignature = {base::Value::Type::LIST, NULL,
20 &kStringSignature};
21 const OncValueSignature kIntegerListSignature = {base::Value::Type::LIST, NULL,
22 &kIntegerSignature};
23 const OncValueSignature kIPConfigListSignature = {base::Value::Type::LIST, NULL,
24 &kIPConfigSignature};
25 const OncValueSignature kCellularApnListSignature = {
26 base::Value::Type::LIST, NULL, &kCellularApnSignature};
27 const OncValueSignature kCellularFoundNetworkListSignature = {
28 base::Value::Type::LIST, NULL, &kCellularFoundNetworkSignature};
29 const OncValueSignature kEAPSubjectAlternativeNameMatchListSignature = {
30 base::Value::Type::LIST, nullptr,
31 &kEAPSubjectAlternativeNameMatchSignature};
32
33 const OncFieldSignature issuer_subject_pattern_fields[] = {
34 {::onc::client_cert::kCommonName, &kStringSignature},
35 {::onc::client_cert::kLocality, &kStringSignature},
36 {::onc::client_cert::kOrganization, &kStringSignature},
37 {::onc::client_cert::kOrganizationalUnit, &kStringSignature},
38 {NULL}};
39
40 const OncFieldSignature certificate_pattern_fields[] = {
41 {::onc::kRecommended, &kRecommendedSignature},
42 {::onc::client_cert::kEnrollmentURI, &kStringListSignature},
43 {::onc::client_cert::kIssuer, &kIssuerSubjectPatternSignature},
44 {::onc::client_cert::kIssuerCARef, &kStringListSignature},
45 // Used internally. Not officially supported.
46 {::onc::client_cert::kIssuerCAPEMs, &kStringListSignature},
47 {::onc::client_cert::kSubject, &kIssuerSubjectPatternSignature},
48 {NULL}};
49
50 const OncFieldSignature eap_fields[] = {
51 {::onc::kRecommended, &kRecommendedSignature},
52 {::onc::eap::kAnonymousIdentity, &kStringSignature},
53 {::onc::client_cert::kClientCertPKCS11Id, &kStringSignature},
54 {::onc::client_cert::kClientCertPattern, &kCertificatePatternSignature},
55 {::onc::client_cert::kClientCertRef, &kStringSignature},
56 {::onc::client_cert::kClientCertType, &kStringSignature},
57 {::onc::eap::kIdentity, &kStringSignature},
58 {::onc::eap::kInner, &kStringSignature},
59 {::onc::eap::kOuter, &kStringSignature},
60 {::onc::eap::kPassword, &kStringSignature},
61 {::onc::eap::kSaveCredentials, &kBoolSignature},
62 // Used internally. Not officially supported.
63 {::onc::eap::kServerCAPEMs, &kStringListSignature},
64 // Deprecated.
65 {::onc::eap::kServerCARef, &kStringSignature},
66 {::onc::eap::kServerCARefs, &kStringListSignature},
67 {::onc::eap::kSubjectMatch, &kStringSignature},
68 {::onc::eap::kSubjectAlternativeNameMatch,
69 &kEAPSubjectAlternativeNameMatchListSignature},
70 {::onc::eap::kTLSVersionMax, &kStringSignature},
71 {::onc::eap::kUseProactiveKeyCaching, &kBoolSignature},
72 {::onc::eap::kUseSystemCAs, &kBoolSignature},
73 {NULL}};
74
75 const OncFieldSignature ipsec_fields[] = {
76 {::onc::kRecommended, &kRecommendedSignature},
77 {::onc::ipsec::kAuthenticationType, &kStringSignature},
78 {::onc::client_cert::kClientCertPKCS11Id, &kStringSignature},
79 {::onc::client_cert::kClientCertPattern, &kCertificatePatternSignature},
80 {::onc::client_cert::kClientCertRef, &kStringSignature},
81 {::onc::client_cert::kClientCertType, &kStringSignature},
82 {::onc::ipsec::kGroup, &kStringSignature},
83 {::onc::ipsec::kIKEVersion, &kIntegerSignature},
84 {::onc::ipsec::kPSK, &kStringSignature},
85 {::onc::vpn::kSaveCredentials, &kBoolSignature},
86 // Used internally. Not officially supported.
87 {::onc::ipsec::kServerCAPEMs, &kStringListSignature},
88 {::onc::ipsec::kServerCARef, &kStringSignature},
89 {::onc::ipsec::kServerCARefs, &kStringListSignature},
90 {::onc::ipsec::kXAUTH, &kXAUTHSignature},
91 // Not yet supported.
92 // { ipsec::kEAP, &kEAPSignature },
93 {NULL}};
94
95 const OncFieldSignature xauth_fields[] = {
96 {::onc::vpn::kPassword, &kStringSignature},
97 {::onc::vpn::kUsername, &kStringSignature},
98 {NULL}};
99
100 const OncFieldSignature l2tp_fields[] = {
101 {::onc::kRecommended, &kRecommendedSignature},
102 {::onc::l2tp::kPassword, &kStringSignature},
103 {::onc::l2tp::kSaveCredentials, &kBoolSignature},
104 {::onc::l2tp::kUsername, &kStringSignature},
105 {::onc::l2tp::kLcpEchoDisabled, &kBoolSignature},
106 {NULL}};
107
108 const OncFieldSignature openvpn_fields[] = {
109 {::onc::kRecommended, &kRecommendedSignature},
110 {::onc::openvpn::kAuth, &kStringSignature},
111 {::onc::openvpn::kAuthNoCache, &kBoolSignature},
112 {::onc::openvpn::kAuthRetry, &kStringSignature},
113 {::onc::openvpn::kCipher, &kStringSignature},
114 {::onc::client_cert::kClientCertPKCS11Id, &kStringSignature},
115 {::onc::client_cert::kClientCertPattern, &kCertificatePatternSignature},
116 {::onc::client_cert::kClientCertRef, &kStringSignature},
117 {::onc::client_cert::kClientCertType, &kStringSignature},
118 {::onc::openvpn::kCompLZO, &kStringSignature},
119 {::onc::openvpn::kCompNoAdapt, &kBoolSignature},
120 {::onc::openvpn::kCompressionAlgorithm, &kStringSignature},
121 {::onc::openvpn::kExtraHosts, &kStringListSignature},
122 {::onc::openvpn::kIgnoreDefaultRoute, &kBoolSignature},
123 {::onc::openvpn::kKeyDirection, &kStringSignature},
124 {::onc::openvpn::kNsCertType, &kStringSignature},
125 {::onc::openvpn::kOTP, &kStringSignature},
126 {::onc::openvpn::kPassword, &kStringSignature},
127 {::onc::openvpn::kPort, &kIntegerSignature},
128 {::onc::openvpn::kProto, &kStringSignature},
129 {::onc::openvpn::kPushPeerInfo, &kBoolSignature},
130 {::onc::openvpn::kRemoteCertEKU, &kStringSignature},
131 {::onc::openvpn::kRemoteCertKU, &kStringListSignature},
132 {::onc::openvpn::kRemoteCertTLS, &kStringSignature},
133 {::onc::openvpn::kRenegSec, &kIntegerSignature},
134 {::onc::vpn::kSaveCredentials, &kBoolSignature},
135 // Used internally. Not officially supported.
136 {::onc::openvpn::kServerCAPEMs, &kStringListSignature},
137 {::onc::openvpn::kServerCARef, &kStringSignature},
138 {::onc::openvpn::kServerCARefs, &kStringListSignature},
139 // Not supported, yet.
140 {::onc::openvpn::kServerCertPEM, &kStringSignature},
141 {::onc::openvpn::kServerCertRef, &kStringSignature},
142 {::onc::openvpn::kServerPollTimeout, &kIntegerSignature},
143 {::onc::openvpn::kShaper, &kIntegerSignature},
144 {::onc::openvpn::kStaticChallenge, &kStringSignature},
145 {::onc::openvpn::kTLSAuthContents, &kStringSignature},
146 {::onc::openvpn::kTLSRemote, &kStringSignature},
147 {::onc::openvpn::kTLSVersionMin, &kStringSignature},
148 {::onc::openvpn::kUserAuthenticationType, &kStringSignature},
149 {::onc::vpn::kUsername, &kStringSignature},
150 {::onc::openvpn::kVerb, &kStringSignature},
151 {::onc::openvpn::kVerifyHash, &kStringSignature},
152 {::onc::openvpn::kVerifyX509, &kVerifyX509Signature},
153 {NULL}};
154
155 const OncFieldSignature third_party_vpn_fields[] = {
156 {::onc::kRecommended, &kRecommendedSignature},
157 {::onc::third_party_vpn::kExtensionID, &kStringSignature},
158 {NULL}};
159
160 const OncFieldSignature arc_vpn_fields[] = {
161 {::onc::kRecommended, &kRecommendedSignature},
162 {::onc::arc_vpn::kTunnelChrome, &kStringSignature},
163 {NULL}};
164
165 const OncFieldSignature verify_x509_fields[] = {
166 {::onc::verify_x509::kName, &kStringSignature},
167 {::onc::verify_x509::kType, &kStringSignature},
168 {NULL}};
169
170 const OncFieldSignature vpn_fields[] = {
171 {::onc::kRecommended, &kRecommendedSignature},
172 {::onc::vpn::kAutoConnect, &kBoolSignature},
173 {::onc::vpn::kHost, &kStringSignature},
174 {::onc::vpn::kIPsec, &kIPsecSignature},
175 {::onc::vpn::kL2TP, &kL2TPSignature},
176 {::onc::vpn::kOpenVPN, &kOpenVPNSignature},
177 {::onc::vpn::kThirdPartyVpn, &kThirdPartyVPNSignature},
178 {::onc::vpn::kArcVpn, &kARCVPNSignature},
179 {::onc::vpn::kType, &kStringSignature},
180 {NULL}};
181
182 const OncFieldSignature ethernet_fields[] = {
183 {::onc::kRecommended, &kRecommendedSignature},
184 {::onc::ethernet::kAuthentication, &kStringSignature},
185 {::onc::ethernet::kEAP, &kEAPSignature},
186 {NULL}};
187
188 const OncFieldSignature tether_fields[] = {{NULL}};
189
190 const OncFieldSignature tether_with_state_fields[] = {
191 {::onc::tether::kBatteryPercentage, &kIntegerSignature},
192 {::onc::tether::kCarrier, &kStringSignature},
193 {::onc::tether::kHasConnectedToHost, &kBoolSignature},
194 {::onc::tether::kSignalStrength, &kIntegerSignature},
195 {NULL}};
196
197 const OncFieldSignature ipconfig_fields[] = {
198 {::onc::kRecommended, &kRecommendedSignature},
199 {::onc::ipconfig::kGateway, &kStringSignature},
200 {::onc::ipconfig::kIPAddress, &kStringSignature},
201 {::onc::ipconfig::kNameServers, &kStringListSignature},
202 {::onc::ipconfig::kRoutingPrefix, &kIntegerSignature},
203 {::onc::ipconfig::kSearchDomains, &kStringListSignature},
204 {::onc::ipconfig::kIncludedRoutes, &kStringListSignature},
205 {::onc::ipconfig::kExcludedRoutes, &kStringListSignature},
206 {::onc::ipconfig::kType, &kStringSignature},
207 {::onc::ipconfig::kWebProxyAutoDiscoveryUrl, &kStringSignature},
208 {NULL}};
209
210 const OncFieldSignature proxy_location_fields[] = {
211 {::onc::proxy::kHost, &kStringSignature},
212 {::onc::proxy::kPort, &kIntegerSignature},
213 {NULL}};
214
215 const OncFieldSignature proxy_manual_fields[] = {
216 {::onc::proxy::kFtp, &kProxyLocationSignature},
217 {::onc::proxy::kHttp, &kProxyLocationSignature},
218 {::onc::proxy::kHttps, &kProxyLocationSignature},
219 {::onc::proxy::kSocks, &kProxyLocationSignature},
220 {NULL}};
221
222 const OncFieldSignature proxy_settings_fields[] = {
223 {::onc::kRecommended, &kRecommendedSignature},
224 {::onc::proxy::kExcludeDomains, &kStringListSignature},
225 {::onc::proxy::kManual, &kProxyManualSignature},
226 {::onc::proxy::kPAC, &kStringSignature},
227 {::onc::proxy::kType, &kStringSignature},
228 {NULL}};
229
230 const OncFieldSignature wifi_fields[] = {
231 {::onc::kRecommended, &kRecommendedSignature},
232 {::onc::wifi::kAllowGatewayARPPolling, &kBoolSignature},
233 {::onc::wifi::kAutoConnect, &kBoolSignature},
234 {::onc::wifi::kEAP, &kEAPSignature},
235 {::onc::wifi::kHexSSID, &kStringSignature},
236 {::onc::wifi::kHiddenSSID, &kBoolSignature},
237 {::onc::wifi::kPassphrase, &kStringSignature},
238 {::onc::wifi::kSSID, &kStringSignature},
239 {::onc::wifi::kSecurity, &kStringSignature},
240 {NULL}};
241
242 const OncFieldSignature wifi_with_state_fields[] = {
243 {::onc::wifi::kBSSID, &kStringSignature},
244 {::onc::wifi::kFrequency, &kIntegerSignature},
245 {::onc::wifi::kFrequencyList, &kIntegerListSignature},
246 {::onc::wifi::kSignalStrength, &kIntegerSignature},
247 {::onc::wifi::kTetheringState, &kStringSignature},
248 {NULL}};
249
250 const OncFieldSignature cellular_payment_portal_fields[] = {
251 {::onc::cellular_payment_portal::kMethod, &kStringSignature},
252 {::onc::cellular_payment_portal::kPostData, &kStringSignature},
253 {::onc::cellular_payment_portal::kUrl, &kStringSignature},
254 {NULL}};
255
256 const OncFieldSignature cellular_provider_fields[] = {
257 {::onc::cellular_provider::kCode, &kStringSignature},
258 {::onc::cellular_provider::kCountry, &kStringSignature},
259 {::onc::cellular_provider::kName, &kStringSignature},
260 {NULL}};
261
262 const OncFieldSignature cellular_apn_fields[] = {
263 {::onc::cellular_apn::kAccessPointName, &kStringSignature},
264 {::onc::cellular_apn::kName, &kStringSignature},
265 {::onc::cellular_apn::kUsername, &kStringSignature},
266 {::onc::cellular_apn::kPassword, &kStringSignature},
267 {::onc::cellular_apn::kAuthentication, &kStringSignature},
268 {::onc::cellular_apn::kLocalizedName, &kStringSignature},
269 {::onc::cellular_apn::kLanguage, &kStringSignature},
270 {NULL}};
271
272 const OncFieldSignature cellular_found_network_fields[] = {
273 {::onc::cellular_found_network::kStatus, &kStringSignature},
274 {::onc::cellular_found_network::kNetworkId, &kStringSignature},
275 {::onc::cellular_found_network::kShortName, &kStringSignature},
276 {::onc::cellular_found_network::kLongName, &kStringSignature},
277 {::onc::cellular_found_network::kTechnology, &kStringSignature},
278 {NULL}};
279
280 const OncFieldSignature sim_lock_status_fields[] = {
281 {::onc::sim_lock_status::kLockEnabled, &kBoolSignature},
282 {::onc::sim_lock_status::kLockType, &kStringSignature},
283 {::onc::sim_lock_status::kRetriesLeft, &kIntegerSignature},
284 {NULL}};
285
286 const OncFieldSignature cellular_fields[] = {
287 {::onc::kRecommended, &kRecommendedSignature},
288 {::onc::cellular::kAPN, &kCellularApnSignature},
289 {::onc::cellular::kAPNList, &kCellularApnListSignature},
290 {::onc::cellular::kCarrier, &kStringSignature},
291 {::onc::cellular::kAutoConnect, &kBoolSignature},
292 {NULL}};
293
294 const OncFieldSignature cellular_with_state_fields[] = {
295 {::onc::cellular::kActivationType, &kStringSignature},
296 {::onc::cellular::kActivationState, &kStringSignature},
297 {::onc::cellular::kAllowRoaming, &kBoolSignature},
298 {::onc::cellular::kESN, &kStringSignature},
299 {::onc::cellular::kFamily, &kStringSignature},
300 {::onc::cellular::kFirmwareRevision, &kStringSignature},
301 {::onc::cellular::kFoundNetworks, &kCellularFoundNetworkListSignature},
302 {::onc::cellular::kHardwareRevision, &kStringSignature},
303 {::onc::cellular::kHomeProvider, &kCellularProviderSignature},
304 {::onc::cellular::kICCID, &kStringSignature},
305 {::onc::cellular::kIMEI, &kStringSignature},
306 {::onc::cellular::kIMSI, &kStringSignature},
307 {::onc::cellular::kLastGoodAPN, &kCellularApnSignature},
308 {::onc::cellular::kManufacturer, &kStringSignature},
309 {::onc::cellular::kMDN, &kStringSignature},
310 {::onc::cellular::kMEID, &kStringSignature},
311 {::onc::cellular::kMIN, &kStringSignature},
312 {::onc::cellular::kModelID, &kStringSignature},
313 {::onc::cellular::kNetworkTechnology, &kStringSignature},
314 {::onc::cellular::kPaymentPortal, &kCellularPaymentPortalSignature},
315 {::onc::cellular::kRoamingState, &kStringSignature},
316 {::onc::cellular::kScanning, &kBoolSignature},
317 {::onc::cellular::kServingOperator, &kCellularProviderSignature},
318 {::onc::cellular::kSignalStrength, &kIntegerSignature},
319 {::onc::cellular::kSIMLockStatus, &kSIMLockStatusSignature},
320 {::onc::cellular::kSIMPresent, &kBoolSignature},
321 {::onc::cellular::kSupportNetworkScan, &kBoolSignature},
322 {NULL}};
323
324 const OncFieldSignature network_configuration_fields[] = {
325 {::onc::network_config::kCellular, &kCellularSignature},
326 {::onc::network_config::kEthernet, &kEthernetSignature},
327 {::onc::network_config::kGUID, &kStringSignature},
328 {::onc::network_config::kIPAddressConfigType, &kStringSignature,
__anon948de9e10202() 329 []() { return base::Value(::onc::network_config::kIPConfigTypeDHCP); }},
330 {::onc::network_config::kMetered, &kBoolSignature},
331 {::onc::network_config::kName, &kStringSignature},
332 {::onc::network_config::kNameServersConfigType, &kStringSignature,
__anon948de9e10302() 333 []() { return base::Value(::onc::network_config::kIPConfigTypeDHCP); }},
334 {::onc::network_config::kPriority, &kIntegerSignature},
335 {::onc::network_config::kProxySettings, &kProxySettingsSignature},
336 {::onc::kRecommended, &kRecommendedSignature},
337 {::onc::kRemove, &kBoolSignature},
338 {::onc::network_config::kStaticIPConfig, &kStaticIPConfigSignature},
339 {::onc::network_config::kTether, &kTetherSignature},
340 {::onc::network_config::kType, &kStringSignature},
341 {::onc::network_config::kVPN, &kVPNSignature},
342 {::onc::network_config::kWiFi, &kWiFiSignature},
343 {NULL}};
344
345 const OncFieldSignature network_with_state_fields[] = {
346 {::onc::network_config::kCellular, &kCellularWithStateSignature},
347 {::onc::network_config::kConnectionState, &kStringSignature},
348 {::onc::network_config::kConnectable, &kBoolSignature},
349 {::onc::network_config::kErrorState, &kStringSignature},
350 {::onc::network_config::kIPConfigs, &kIPConfigListSignature},
351 {::onc::network_config::kMacAddress, &kStringSignature},
352 {::onc::network_config::kRestrictedConnectivity, &kBoolSignature},
353 {::onc::network_config::kSavedIPConfig, &kSavedIPConfigSignature},
354 {::onc::network_config::kSource, &kStringSignature},
355 {::onc::network_config::kTether, &kTetherWithStateSignature},
356 {::onc::network_config::kWiFi, &kWiFiWithStateSignature},
357 {NULL}};
358
359 const OncFieldSignature global_network_configuration_fields[] = {
360 {::onc::global_network_config::kAllowOnlyPolicyNetworksToAutoconnect,
361 &kBoolSignature},
362 {::onc::global_network_config::kAllowOnlyPolicyNetworksToConnect,
363 &kBoolSignature},
364 {::onc::global_network_config::kAllowOnlyPolicyNetworksToConnectIfAvailable,
365 &kBoolSignature},
366 {/* Deprecated */ ::onc::global_network_config::kBlacklistedHexSSIDs,
367 &kStringListSignature},
368 {::onc::global_network_config::kBlockedHexSSIDs, &kStringListSignature},
369 {::onc::global_network_config::kDisableNetworkTypes, &kStringListSignature},
370 {NULL}};
371
372 const OncFieldSignature certificate_fields[] = {
373 {::onc::certificate::kGUID, &kStringSignature},
374 {::onc::certificate::kScope, &kScopeSignature},
375 {::onc::certificate::kPKCS12, &kStringSignature},
376 {::onc::kRemove, &kBoolSignature},
377 {::onc::certificate::kTrustBits, &kStringListSignature},
378 {::onc::certificate::kType, &kStringSignature},
379 {::onc::certificate::kX509, &kStringSignature},
380 {NULL}};
381
382 const OncFieldSignature scope_fields[] = {
383 {::onc::scope::kType, &kStringSignature},
384 {::onc::scope::kId, &kStringSignature},
385 {nullptr}};
386
387 const OncFieldSignature toplevel_configuration_fields[] = {
388 {::onc::toplevel_config::kCertificates, &kCertificateListSignature},
389 {::onc::toplevel_config::kNetworkConfigurations,
390 &kNetworkConfigurationListSignature},
391 {::onc::toplevel_config::kGlobalNetworkConfiguration,
392 &kGlobalNetworkConfigurationSignature},
393 {::onc::toplevel_config::kType, &kStringSignature},
394 {::onc::encrypted::kCipher, &kStringSignature},
395 {::onc::encrypted::kCiphertext, &kStringSignature},
396 {::onc::encrypted::kHMAC, &kStringSignature},
397 {::onc::encrypted::kHMACMethod, &kStringSignature},
398 {::onc::encrypted::kIV, &kStringSignature},
399 {::onc::encrypted::kIterations, &kIntegerSignature},
400 {::onc::encrypted::kSalt, &kStringSignature},
401 {::onc::encrypted::kStretch, &kStringSignature},
402 {NULL}};
403
404 const OncFieldSignature eap_subject_alternative_name_match_fields[] = {
405 {::onc::eap_subject_alternative_name_match::kType, &kStringSignature},
406 {::onc::eap_subject_alternative_name_match::kValue, &kStringSignature},
407 {nullptr}};
408
409 } // namespace
410
411 const OncValueSignature kRecommendedSignature = {base::Value::Type::LIST, NULL,
412 &kStringSignature};
413 const OncValueSignature kEAPSignature = {base::Value::Type::DICTIONARY,
414 eap_fields, NULL};
415 const OncValueSignature kIssuerSubjectPatternSignature = {
416 base::Value::Type::DICTIONARY, issuer_subject_pattern_fields, NULL};
417 const OncValueSignature kCertificatePatternSignature = {
418 base::Value::Type::DICTIONARY, certificate_pattern_fields, NULL};
419 const OncValueSignature kIPsecSignature = {base::Value::Type::DICTIONARY,
420 ipsec_fields, NULL};
421 const OncValueSignature kXAUTHSignature = {base::Value::Type::DICTIONARY,
422 xauth_fields, NULL};
423 const OncValueSignature kL2TPSignature = {base::Value::Type::DICTIONARY,
424 l2tp_fields, NULL};
425 const OncValueSignature kOpenVPNSignature = {base::Value::Type::DICTIONARY,
426 openvpn_fields, NULL};
427 const OncValueSignature kThirdPartyVPNSignature = {
428 base::Value::Type::DICTIONARY, third_party_vpn_fields, NULL};
429 const OncValueSignature kARCVPNSignature = {base::Value::Type::DICTIONARY,
430 arc_vpn_fields, NULL};
431 const OncValueSignature kVerifyX509Signature = {base::Value::Type::DICTIONARY,
432 verify_x509_fields, NULL};
433 const OncValueSignature kVPNSignature = {base::Value::Type::DICTIONARY,
434 vpn_fields, NULL};
435 const OncValueSignature kEthernetSignature = {base::Value::Type::DICTIONARY,
436 ethernet_fields, NULL};
437 const OncValueSignature kIPConfigSignature = {base::Value::Type::DICTIONARY,
438 ipconfig_fields, NULL};
439 const OncValueSignature kSavedIPConfigSignature = {
440 base::Value::Type::DICTIONARY, ipconfig_fields, NULL};
441 const OncValueSignature kStaticIPConfigSignature = {
442 base::Value::Type::DICTIONARY, ipconfig_fields, NULL};
443 const OncValueSignature kProxyLocationSignature = {
444 base::Value::Type::DICTIONARY, proxy_location_fields, NULL};
445 const OncValueSignature kProxyManualSignature = {base::Value::Type::DICTIONARY,
446 proxy_manual_fields, NULL};
447 const OncValueSignature kProxySettingsSignature = {
448 base::Value::Type::DICTIONARY, proxy_settings_fields, NULL};
449 const OncValueSignature kWiFiSignature = {base::Value::Type::DICTIONARY,
450 wifi_fields, NULL};
451 const OncValueSignature kCertificateSignature = {base::Value::Type::DICTIONARY,
452 certificate_fields, NULL};
453 const OncValueSignature kScopeSignature = {base::Value::Type::DICTIONARY,
454 scope_fields, nullptr};
455 const OncValueSignature kNetworkConfigurationSignature = {
456 base::Value::Type::DICTIONARY, network_configuration_fields, NULL};
457 const OncValueSignature kGlobalNetworkConfigurationSignature = {
458 base::Value::Type::DICTIONARY, global_network_configuration_fields, NULL};
459 const OncValueSignature kCertificateListSignature = {
460 base::Value::Type::LIST, NULL, &kCertificateSignature};
461 const OncValueSignature kNetworkConfigurationListSignature = {
462 base::Value::Type::LIST, NULL, &kNetworkConfigurationSignature};
463 const OncValueSignature kToplevelConfigurationSignature = {
464 base::Value::Type::DICTIONARY, toplevel_configuration_fields, NULL};
465
466 // Derived "ONC with State" signatures.
467 const OncValueSignature kNetworkWithStateSignature = {
468 base::Value::Type::DICTIONARY, network_with_state_fields, NULL,
469 &kNetworkConfigurationSignature};
470 const OncValueSignature kWiFiWithStateSignature = {
471 base::Value::Type::DICTIONARY, wifi_with_state_fields, NULL,
472 &kWiFiSignature};
473 const OncValueSignature kTetherSignature = {base::Value::Type::DICTIONARY,
474 tether_fields, NULL};
475 const OncValueSignature kTetherWithStateSignature = {
476 base::Value::Type::DICTIONARY, tether_with_state_fields, NULL,
477 &kTetherSignature};
478 const OncValueSignature kCellularSignature = {base::Value::Type::DICTIONARY,
479 cellular_fields, NULL};
480 const OncValueSignature kCellularWithStateSignature = {
481 base::Value::Type::DICTIONARY, cellular_with_state_fields, NULL,
482 &kCellularSignature};
483 const OncValueSignature kCellularPaymentPortalSignature = {
484 base::Value::Type::DICTIONARY, cellular_payment_portal_fields, NULL};
485 const OncValueSignature kCellularProviderSignature = {
486 base::Value::Type::DICTIONARY, cellular_provider_fields, NULL};
487 const OncValueSignature kCellularApnSignature = {base::Value::Type::DICTIONARY,
488 cellular_apn_fields, NULL};
489 const OncValueSignature kCellularFoundNetworkSignature = {
490 base::Value::Type::DICTIONARY, cellular_found_network_fields, NULL};
491 const OncValueSignature kSIMLockStatusSignature = {
492 base::Value::Type::DICTIONARY, sim_lock_status_fields, NULL};
493 const OncValueSignature kEAPSubjectAlternativeNameMatchSignature = {
494 base::Value::Type::DICTIONARY, eap_subject_alternative_name_match_fields,
495 nullptr};
496
GetFieldSignature(const OncValueSignature & signature,const std::string & onc_field_name)497 const OncFieldSignature* GetFieldSignature(const OncValueSignature& signature,
498 const std::string& onc_field_name) {
499 if (!signature.fields)
500 return NULL;
501 for (const OncFieldSignature* field_signature = signature.fields;
502 field_signature->onc_field_name != NULL; ++field_signature) {
503 if (onc_field_name == field_signature->onc_field_name)
504 return field_signature;
505 }
506 if (signature.base_signature)
507 return GetFieldSignature(*signature.base_signature, onc_field_name);
508 return NULL;
509 }
510
511 namespace {
512
513 struct CredentialEntry {
514 const OncValueSignature* value_signature;
515 const char* field_name;
516 };
517
518 const CredentialEntry credentials[] = {
519 {&kEAPSignature, ::onc::eap::kPassword},
520 {&kIPsecSignature, ::onc::ipsec::kPSK},
521 {&kXAUTHSignature, ::onc::vpn::kPassword},
522 {&kL2TPSignature, ::onc::vpn::kPassword},
523 {&kOpenVPNSignature, ::onc::vpn::kPassword},
524 {&kOpenVPNSignature, ::onc::openvpn::kTLSAuthContents},
525 {&kWiFiSignature, ::onc::wifi::kPassphrase},
526 {&kCellularApnSignature, ::onc::cellular_apn::kPassword},
527 // While not really a credential, PKCS12 blobs may contain unencrypted
528 // private keys.
529 {&kCertificateSignature, ::onc::certificate::kPKCS12},
530 {NULL}};
531
532 } // namespace
533
FieldIsCredential(const OncValueSignature & signature,const std::string & onc_field_name)534 bool FieldIsCredential(const OncValueSignature& signature,
535 const std::string& onc_field_name) {
536 for (const CredentialEntry* entry = credentials;
537 entry->value_signature != NULL; ++entry) {
538 if (&signature == entry->value_signature &&
539 onc_field_name == entry->field_name) {
540 return true;
541 }
542 }
543 return false;
544 }
545
546 } // namespace onc
547 } // namespace chromeos
548