1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chromeos/network/onc/onc_signature.h"
6
7 #include "components/onc/onc_constants.h"
8 #include "third_party/cros_system_api/dbus/service_constants.h"
9
10 using base::Value;
11
12 namespace chromeos {
13 namespace onc {
14 namespace {
15
16 const OncValueSignature kBoolSignature = {
17 Value::TYPE_BOOLEAN, NULL
18 };
19 const OncValueSignature kStringSignature = {
20 Value::TYPE_STRING, NULL
21 };
22 const OncValueSignature kIntegerSignature = {
23 Value::TYPE_INTEGER, NULL
24 };
25 const OncValueSignature kStringListSignature = {
26 Value::TYPE_LIST, NULL, &kStringSignature
27 };
28 const OncValueSignature kIntegerListSignature = {
29 Value::TYPE_LIST, NULL, &kIntegerSignature
30 };
31 const OncValueSignature kIPConfigListSignature = {
32 Value::TYPE_LIST, NULL, &kIPConfigSignature
33 };
34 const OncValueSignature kCellularApnListSignature = {
35 Value::TYPE_LIST, NULL, &kCellularApnSignature
36 };
37
38 const OncFieldSignature issuer_subject_pattern_fields[] = {
39 { ::onc::certificate::kCommonName, &kStringSignature},
40 { ::onc::certificate::kLocality, &kStringSignature},
41 { ::onc::certificate::kOrganization, &kStringSignature},
42 { ::onc::certificate::kOrganizationalUnit, &kStringSignature},
43 {NULL}};
44
45 const OncFieldSignature certificate_pattern_fields[] = {
46 { ::onc::kRecommended, &kRecommendedSignature},
47 { ::onc::certificate::kEnrollmentURI, &kStringListSignature},
48 { ::onc::certificate::kIssuer, &kIssuerSubjectPatternSignature},
49 { ::onc::certificate::kIssuerCARef, &kStringListSignature},
50 // Used internally. Not officially supported.
51 { ::onc::certificate::kIssuerCAPEMs, &kStringListSignature},
52 { ::onc::certificate::kSubject, &kIssuerSubjectPatternSignature},
53 {NULL}};
54
55 const OncFieldSignature eap_fields[] = {
56 { ::onc::kRecommended, &kRecommendedSignature},
57 { ::onc::eap::kAnonymousIdentity, &kStringSignature},
58 { ::onc::eap::kClientCertPattern, &kCertificatePatternSignature},
59 { ::onc::eap::kClientCertRef, &kStringSignature},
60 { ::onc::eap::kClientCertType, &kStringSignature},
61 { ::onc::eap::kIdentity, &kStringSignature},
62 { ::onc::eap::kInner, &kStringSignature},
63 { ::onc::eap::kOuter, &kStringSignature},
64 { ::onc::eap::kPassword, &kStringSignature},
65 { ::onc::eap::kSaveCredentials, &kBoolSignature},
66 // Used internally. Not officially supported.
67 { ::onc::eap::kServerCAPEMs, &kStringListSignature},
68 { ::onc::eap::kServerCARef, &kStringSignature},
69 { ::onc::eap::kServerCARefs, &kStringListSignature},
70 { ::onc::eap::kUseSystemCAs, &kBoolSignature},
71 {NULL}};
72
73 const OncFieldSignature ipsec_fields[] = {
74 { ::onc::kRecommended, &kRecommendedSignature},
75 { ::onc::ipsec::kAuthenticationType, &kStringSignature},
76 { ::onc::vpn::kClientCertPattern, &kCertificatePatternSignature},
77 { ::onc::vpn::kClientCertRef, &kStringSignature},
78 { ::onc::vpn::kClientCertType, &kStringSignature},
79 { ::onc::ipsec::kGroup, &kStringSignature},
80 { ::onc::ipsec::kIKEVersion, &kIntegerSignature},
81 { ::onc::ipsec::kPSK, &kStringSignature},
82 { ::onc::vpn::kSaveCredentials, &kBoolSignature},
83 // Used internally. Not officially supported.
84 { ::onc::ipsec::kServerCAPEMs, &kStringListSignature},
85 { ::onc::ipsec::kServerCARef, &kStringSignature},
86 { ::onc::ipsec::kServerCARefs, &kStringListSignature},
87 // Not yet supported.
88 // { ipsec::kEAP, &kEAPSignature },
89 // { ipsec::kXAUTH, &kXAUTHSignature },
90 {NULL}};
91
92 const OncFieldSignature l2tp_fields[] = {
93 { ::onc::kRecommended, &kRecommendedSignature},
94 { ::onc::vpn::kPassword, &kStringSignature},
95 { ::onc::vpn::kSaveCredentials, &kBoolSignature},
96 { ::onc::vpn::kUsername, &kStringSignature},
97 {NULL}};
98
99 const OncFieldSignature openvpn_fields[] = {
100 { ::onc::kRecommended, &kRecommendedSignature},
101 { ::onc::openvpn::kAuth, &kStringSignature},
102 { ::onc::openvpn::kAuthNoCache, &kBoolSignature},
103 { ::onc::openvpn::kAuthRetry, &kStringSignature},
104 { ::onc::openvpn::kCipher, &kStringSignature},
105 { ::onc::vpn::kClientCertPattern, &kCertificatePatternSignature},
106 { ::onc::vpn::kClientCertRef, &kStringSignature},
107 { ::onc::vpn::kClientCertType, &kStringSignature},
108 { ::onc::openvpn::kCompLZO, &kStringSignature},
109 { ::onc::openvpn::kCompNoAdapt, &kBoolSignature},
110 { ::onc::openvpn::kKeyDirection, &kStringSignature},
111 { ::onc::openvpn::kNsCertType, &kStringSignature},
112 { ::onc::vpn::kPassword, &kStringSignature},
113 { ::onc::openvpn::kPort, &kIntegerSignature},
114 { ::onc::openvpn::kProto, &kStringSignature},
115 { ::onc::openvpn::kPushPeerInfo, &kBoolSignature},
116 { ::onc::openvpn::kRemoteCertEKU, &kStringSignature},
117 { ::onc::openvpn::kRemoteCertKU, &kStringListSignature},
118 { ::onc::openvpn::kRemoteCertTLS, &kStringSignature},
119 { ::onc::openvpn::kRenegSec, &kIntegerSignature},
120 { ::onc::vpn::kSaveCredentials, &kBoolSignature},
121 // Used internally. Not officially supported.
122 { ::onc::openvpn::kServerCAPEMs, &kStringListSignature},
123 { ::onc::openvpn::kServerCARef, &kStringSignature},
124 { ::onc::openvpn::kServerCARefs, &kStringListSignature},
125 // Not supported, yet.
126 { ::onc::openvpn::kServerCertPEM, &kStringSignature},
127 { ::onc::openvpn::kServerCertRef, &kStringSignature},
128 { ::onc::openvpn::kServerPollTimeout, &kIntegerSignature},
129 { ::onc::openvpn::kShaper, &kIntegerSignature},
130 { ::onc::openvpn::kStaticChallenge, &kStringSignature},
131 { ::onc::openvpn::kTLSAuthContents, &kStringSignature},
132 { ::onc::openvpn::kTLSRemote, &kStringSignature},
133 { ::onc::vpn::kUsername, &kStringSignature},
134 // Not supported, yet.
135 { ::onc::openvpn::kVerb, &kStringSignature},
136 { ::onc::openvpn::kVerifyHash, &kStringSignature},
137 { ::onc::openvpn::kVerifyX509, &kVerifyX509Signature},
138 {NULL}};
139
140 const OncFieldSignature verify_x509_fields[] = {
141 { ::onc::verify_x509::kName, &kStringSignature},
142 { ::onc::verify_x509::kType, &kStringSignature},
143 {NULL}};
144
145 const OncFieldSignature vpn_fields[] = {
146 { ::onc::kRecommended, &kRecommendedSignature},
147 { ::onc::vpn::kAutoConnect, &kBoolSignature},
148 { ::onc::vpn::kHost, &kStringSignature},
149 { ::onc::vpn::kIPsec, &kIPsecSignature},
150 { ::onc::vpn::kL2TP, &kL2TPSignature},
151 { ::onc::vpn::kOpenVPN, &kOpenVPNSignature},
152 { ::onc::vpn::kType, &kStringSignature},
153 {NULL}};
154
155 const OncFieldSignature ethernet_fields[] = {
156 { ::onc::kRecommended, &kRecommendedSignature},
157 { ::onc::ethernet::kAuthentication, &kStringSignature},
158 { ::onc::ethernet::kEAP, &kEAPSignature},
159 {NULL}};
160
161 // Not supported, yet.
162 const OncFieldSignature ipconfig_fields[] = {
163 { ::onc::ipconfig::kGateway, &kStringSignature},
164 { ::onc::ipconfig::kIPAddress, &kStringSignature},
165 { ::onc::network_config::kNameServers, &kStringSignature},
166 { ::onc::ipconfig::kRoutingPrefix, &kIntegerSignature},
167 { ::onc::network_config::kSearchDomains, &kStringListSignature},
168 { ::onc::ipconfig::kType, &kStringSignature},
169 {NULL}};
170
171 const OncFieldSignature proxy_location_fields[] = {
172 { ::onc::proxy::kHost, &kStringSignature},
173 { ::onc::proxy::kPort, &kIntegerSignature}, {NULL}};
174
175 const OncFieldSignature proxy_manual_fields[] = {
176 { ::onc::proxy::kFtp, &kProxyLocationSignature},
177 { ::onc::proxy::kHttp, &kProxyLocationSignature},
178 { ::onc::proxy::kHttps, &kProxyLocationSignature},
179 { ::onc::proxy::kSocks, &kProxyLocationSignature},
180 {NULL}};
181
182 const OncFieldSignature proxy_settings_fields[] = {
183 { ::onc::kRecommended, &kRecommendedSignature},
184 { ::onc::proxy::kExcludeDomains, &kStringListSignature},
185 { ::onc::proxy::kManual, &kProxyManualSignature},
186 { ::onc::proxy::kPAC, &kStringSignature},
187 { ::onc::proxy::kType, &kStringSignature},
188 {NULL}};
189
190 const OncFieldSignature wifi_fields[] = {
191 { ::onc::kRecommended, &kRecommendedSignature},
192 { ::onc::wifi::kAutoConnect, &kBoolSignature},
193 { ::onc::wifi::kEAP, &kEAPSignature},
194 { ::onc::wifi::kHiddenSSID, &kBoolSignature},
195 { ::onc::wifi::kPassphrase, &kStringSignature},
196 { ::onc::wifi::kSSID, &kStringSignature},
197 { ::onc::wifi::kSecurity, &kStringSignature},
198 {NULL}};
199
200 const OncFieldSignature wifi_with_state_fields[] = {
201 { ::onc::wifi::kBSSID, &kStringSignature},
202 { ::onc::wifi::kFrequency, &kIntegerSignature},
203 { ::onc::wifi::kFrequencyList, &kIntegerListSignature},
204 { ::onc::wifi::kSignalStrength, &kIntegerSignature},
205 {NULL}};
206
207 const OncFieldSignature cellular_provider_fields[] = {
208 { ::onc::cellular_provider::kCode, &kStringSignature},
209 { ::onc::cellular_provider::kCountry, &kStringSignature},
210 { ::onc::cellular_provider::kName, &kStringSignature},
211 {NULL}};
212
213 const OncFieldSignature cellular_apn_fields[] = {
214 { ::onc::cellular_apn::kName, &kStringSignature},
215 { ::onc::cellular_apn::kUsername, &kStringSignature},
216 { ::onc::cellular_apn::kPassword, &kStringSignature},
217 {NULL}};
218
219 const OncFieldSignature cellular_fields[] = {
220 { ::onc::kRecommended, &kRecommendedSignature},
221 { ::onc::cellular::kAPN, &kCellularApnSignature },
222 { ::onc::cellular::kAPNList, &kCellularApnListSignature}, {NULL}};
223
224 const OncFieldSignature cellular_with_state_fields[] = {
225 { ::onc::cellular::kActivateOverNonCellularNetwork, &kBoolSignature},
226 { ::onc::cellular::kActivationState, &kStringSignature},
227 { ::onc::cellular::kAllowRoaming, &kStringSignature},
228 { ::onc::cellular::kCarrier, &kStringSignature},
229 { ::onc::cellular::kESN, &kStringSignature},
230 { ::onc::cellular::kFamily, &kStringSignature},
231 { ::onc::cellular::kFirmwareRevision, &kStringSignature},
232 { ::onc::cellular::kFoundNetworks, &kStringSignature},
233 { ::onc::cellular::kHardwareRevision, &kStringSignature},
234 { ::onc::cellular::kHomeProvider, &kCellularProviderSignature},
235 { ::onc::cellular::kICCID, &kStringSignature},
236 { ::onc::cellular::kIMEI, &kStringSignature},
237 { ::onc::cellular::kIMSI, &kStringSignature},
238 { ::onc::cellular::kManufacturer, &kStringSignature},
239 { ::onc::cellular::kMDN, &kStringSignature},
240 { ::onc::cellular::kMEID, &kStringSignature},
241 { ::onc::cellular::kMIN, &kStringSignature},
242 { ::onc::cellular::kModelID, &kStringSignature},
243 { ::onc::cellular::kNetworkTechnology, &kStringSignature},
244 { ::onc::cellular::kPRLVersion, &kStringSignature},
245 { ::onc::cellular::kProviderRequiresRoaming, &kStringSignature},
246 { ::onc::cellular::kRoamingState, &kStringSignature},
247 { ::onc::cellular::kSelectedNetwork, &kStringSignature},
248 { ::onc::cellular::kServingOperator, &kCellularProviderSignature},
249 { ::onc::cellular::kSIMLockStatus, &kStringSignature},
250 { ::onc::cellular::kSIMPresent, &kStringSignature},
251 { ::onc::cellular::kSupportedCarriers, &kStringSignature},
252 { ::onc::cellular::kSupportNetworkScan, &kStringSignature},
253 {NULL}};
254
255 const OncFieldSignature network_configuration_fields[] = {
256 { ::onc::kRecommended, &kRecommendedSignature},
257 { ::onc::network_config::kEthernet, &kEthernetSignature},
258 { ::onc::network_config::kGUID, &kStringSignature},
259 // Not supported, yet.
260 { ::onc::network_config::kIPConfigs, &kIPConfigListSignature},
261 { ::onc::network_config::kName, &kStringSignature},
262 // Not supported, yet.
263 { ::onc::network_config::kNameServers, &kStringListSignature},
264 { ::onc::network_config::kProxySettings, &kProxySettingsSignature},
265 { ::onc::kRemove, &kBoolSignature},
266 // Not supported, yet.
267 { ::onc::network_config::kSearchDomains, &kStringListSignature},
268 { ::onc::network_config::kType, &kStringSignature},
269 { ::onc::network_config::kVPN, &kVPNSignature},
270 { ::onc::network_config::kWiFi, &kWiFiSignature},
271 { ::onc::network_config::kCellular, &kCellularSignature},
272 {NULL}};
273
274 const OncFieldSignature network_with_state_fields[] = {
275 { ::onc::network_config::kCellular, &kCellularWithStateSignature},
276 { ::onc::network_config::kConnectionState, &kStringSignature},
277 { ::onc::network_config::kWiFi, &kWiFiWithStateSignature},
278 {NULL}};
279
280 const OncFieldSignature global_network_configuration_fields[] = {
281 { ::onc::global_network_config::kAllowOnlyPolicyNetworksToAutoconnect,
282 &kBoolSignature},
283 {NULL}};
284
285 const OncFieldSignature certificate_fields[] = {
286 { ::onc::certificate::kGUID, &kStringSignature},
287 { ::onc::certificate::kPKCS12, &kStringSignature},
288 { ::onc::kRemove, &kBoolSignature},
289 { ::onc::certificate::kTrustBits, &kStringListSignature},
290 { ::onc::certificate::kType, &kStringSignature},
291 { ::onc::certificate::kX509, &kStringSignature},
292 {NULL}};
293
294 const OncFieldSignature toplevel_configuration_fields[] = {
295 { ::onc::toplevel_config::kCertificates, &kCertificateListSignature},
296 { ::onc::toplevel_config::kNetworkConfigurations,
297 &kNetworkConfigurationListSignature},
298 { ::onc::toplevel_config::kGlobalNetworkConfiguration,
299 &kGlobalNetworkConfigurationSignature},
300 { ::onc::toplevel_config::kType, &kStringSignature},
301 { ::onc::encrypted::kCipher, &kStringSignature},
302 { ::onc::encrypted::kCiphertext, &kStringSignature},
303 { ::onc::encrypted::kHMAC, &kStringSignature},
304 { ::onc::encrypted::kHMACMethod, &kStringSignature},
305 { ::onc::encrypted::kIV, &kStringSignature},
306 { ::onc::encrypted::kIterations, &kIntegerSignature},
307 { ::onc::encrypted::kSalt, &kStringSignature},
308 { ::onc::encrypted::kStretch, &kStringSignature}, {NULL}};
309
310 } // namespace
311
312 const OncValueSignature kRecommendedSignature = {
313 Value::TYPE_LIST, NULL, &kStringSignature
314 };
315 const OncValueSignature kEAPSignature = {
316 Value::TYPE_DICTIONARY, eap_fields, NULL
317 };
318 const OncValueSignature kIssuerSubjectPatternSignature = {
319 Value::TYPE_DICTIONARY, issuer_subject_pattern_fields, NULL
320 };
321 const OncValueSignature kCertificatePatternSignature = {
322 Value::TYPE_DICTIONARY, certificate_pattern_fields, NULL
323 };
324 const OncValueSignature kIPsecSignature = {
325 Value::TYPE_DICTIONARY, ipsec_fields, NULL
326 };
327 const OncValueSignature kL2TPSignature = {
328 Value::TYPE_DICTIONARY, l2tp_fields, NULL
329 };
330 const OncValueSignature kOpenVPNSignature = {
331 Value::TYPE_DICTIONARY, openvpn_fields, NULL
332 };
333 const OncValueSignature kVerifyX509Signature = {
334 Value::TYPE_DICTIONARY, verify_x509_fields, NULL
335 };
336 const OncValueSignature kVPNSignature = {
337 Value::TYPE_DICTIONARY, vpn_fields, NULL
338 };
339 const OncValueSignature kEthernetSignature = {
340 Value::TYPE_DICTIONARY, ethernet_fields, NULL
341 };
342 const OncValueSignature kIPConfigSignature = {
343 Value::TYPE_DICTIONARY, ipconfig_fields, NULL
344 };
345 const OncValueSignature kProxyLocationSignature = {
346 Value::TYPE_DICTIONARY, proxy_location_fields, NULL
347 };
348 const OncValueSignature kProxyManualSignature = {
349 Value::TYPE_DICTIONARY, proxy_manual_fields, NULL
350 };
351 const OncValueSignature kProxySettingsSignature = {
352 Value::TYPE_DICTIONARY, proxy_settings_fields, NULL
353 };
354 const OncValueSignature kWiFiSignature = {
355 Value::TYPE_DICTIONARY, wifi_fields, NULL
356 };
357 const OncValueSignature kCertificateSignature = {
358 Value::TYPE_DICTIONARY, certificate_fields, NULL
359 };
360 const OncValueSignature kNetworkConfigurationSignature = {
361 Value::TYPE_DICTIONARY, network_configuration_fields, NULL
362 };
363 const OncValueSignature kGlobalNetworkConfigurationSignature = {
364 Value::TYPE_DICTIONARY, global_network_configuration_fields, NULL
365 };
366 const OncValueSignature kCertificateListSignature = {
367 Value::TYPE_LIST, NULL, &kCertificateSignature
368 };
369 const OncValueSignature kNetworkConfigurationListSignature = {
370 Value::TYPE_LIST, NULL, &kNetworkConfigurationSignature
371 };
372 const OncValueSignature kToplevelConfigurationSignature = {
373 Value::TYPE_DICTIONARY, toplevel_configuration_fields, NULL
374 };
375
376 // Derived "ONC with State" signatures.
377 const OncValueSignature kNetworkWithStateSignature = {
378 Value::TYPE_DICTIONARY, network_with_state_fields, NULL,
379 &kNetworkConfigurationSignature
380 };
381 const OncValueSignature kWiFiWithStateSignature = {
382 Value::TYPE_DICTIONARY, wifi_with_state_fields, NULL, &kWiFiSignature
383 };
384 const OncValueSignature kCellularSignature = {
385 Value::TYPE_DICTIONARY, cellular_fields, NULL
386 };
387 const OncValueSignature kCellularWithStateSignature = {
388 Value::TYPE_DICTIONARY, cellular_with_state_fields, NULL, &kCellularSignature
389 };
390 const OncValueSignature kCellularProviderSignature = {
391 Value::TYPE_DICTIONARY, cellular_provider_fields, NULL
392 };
393 const OncValueSignature kCellularApnSignature = {
394 Value::TYPE_DICTIONARY, cellular_apn_fields, NULL
395 };
396
GetFieldSignature(const OncValueSignature & signature,const std::string & onc_field_name)397 const OncFieldSignature* GetFieldSignature(const OncValueSignature& signature,
398 const std::string& onc_field_name) {
399 if (!signature.fields)
400 return NULL;
401 for (const OncFieldSignature* field_signature = signature.fields;
402 field_signature->onc_field_name != NULL; ++field_signature) {
403 if (onc_field_name == field_signature->onc_field_name)
404 return field_signature;
405 }
406 if (signature.base_signature)
407 return GetFieldSignature(*signature.base_signature, onc_field_name);
408 return NULL;
409 }
410
411 namespace {
412
413 struct CredentialEntry {
414 const OncValueSignature* value_signature;
415 const char* field_name;
416 };
417
418 const CredentialEntry credentials[] = {
419 {&kEAPSignature, ::onc::eap::kPassword},
420 {&kIPsecSignature, ::onc::ipsec::kPSK},
421 {&kL2TPSignature, ::onc::vpn::kPassword},
422 {&kOpenVPNSignature, ::onc::vpn::kPassword},
423 {&kOpenVPNSignature, ::onc::openvpn::kTLSAuthContents},
424 {&kWiFiSignature, ::onc::wifi::kPassphrase},
425 {&kCellularApnSignature, ::onc::cellular_apn::kPassword},
426 {NULL}};
427
428 } // namespace
429
FieldIsCredential(const OncValueSignature & signature,const std::string & onc_field_name)430 bool FieldIsCredential(const OncValueSignature& signature,
431 const std::string& onc_field_name) {
432 for (const CredentialEntry* entry = credentials;
433 entry->value_signature != NULL; ++entry) {
434 if (&signature == entry->value_signature &&
435 onc_field_name == entry->field_name) {
436 return true;
437 }
438 }
439 return false;
440 }
441
442 } // namespace onc
443 } // namespace chromeos
444