1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chromeos/network/onc/onc_signature.h"
6
7 #include "components/onc/onc_constants.h"
8 #include "third_party/cros_system_api/dbus/service_constants.h"
9
10 using base::Value;
11
12 namespace chromeos {
13 namespace onc {
14 namespace {
15
16 const OncValueSignature kBoolSignature = {
17 base::Value::TYPE_BOOLEAN, NULL
18 };
19 const OncValueSignature kStringSignature = {
20 base::Value::TYPE_STRING, NULL
21 };
22 const OncValueSignature kIntegerSignature = {
23 base::Value::TYPE_INTEGER, NULL
24 };
25 const OncValueSignature kStringListSignature = {
26 base::Value::TYPE_LIST, NULL, &kStringSignature
27 };
28 const OncValueSignature kIntegerListSignature = {
29 base::Value::TYPE_LIST, NULL, &kIntegerSignature
30 };
31 const OncValueSignature kIPConfigListSignature = {
32 base::Value::TYPE_LIST, NULL, &kIPConfigSignature
33 };
34 const OncValueSignature kCellularApnListSignature = {
35 base::Value::TYPE_LIST, NULL, &kCellularApnSignature
36 };
37
38 const OncFieldSignature issuer_subject_pattern_fields[] = {
39 { ::onc::certificate::kCommonName, &kStringSignature},
40 { ::onc::certificate::kLocality, &kStringSignature},
41 { ::onc::certificate::kOrganization, &kStringSignature},
42 { ::onc::certificate::kOrganizationalUnit, &kStringSignature},
43 {NULL}};
44
45 const OncFieldSignature certificate_pattern_fields[] = {
46 { ::onc::kRecommended, &kRecommendedSignature},
47 { ::onc::certificate::kEnrollmentURI, &kStringListSignature},
48 { ::onc::certificate::kIssuer, &kIssuerSubjectPatternSignature},
49 { ::onc::certificate::kIssuerCARef, &kStringListSignature},
50 // Used internally. Not officially supported.
51 { ::onc::certificate::kIssuerCAPEMs, &kStringListSignature},
52 { ::onc::certificate::kSubject, &kIssuerSubjectPatternSignature},
53 {NULL}};
54
55 const OncFieldSignature eap_fields[] = {
56 { ::onc::kRecommended, &kRecommendedSignature},
57 { ::onc::eap::kAnonymousIdentity, &kStringSignature},
58 { ::onc::eap::kClientCertPattern, &kCertificatePatternSignature},
59 { ::onc::eap::kClientCertRef, &kStringSignature},
60 { ::onc::eap::kClientCertType, &kStringSignature},
61 { ::onc::eap::kIdentity, &kStringSignature},
62 { ::onc::eap::kInner, &kStringSignature},
63 { ::onc::eap::kOuter, &kStringSignature},
64 { ::onc::eap::kPassword, &kStringSignature},
65 { ::onc::eap::kSaveCredentials, &kBoolSignature},
66 // Used internally. Not officially supported.
67 { ::onc::eap::kServerCAPEMs, &kStringListSignature},
68 { ::onc::eap::kServerCARef, &kStringSignature},
69 { ::onc::eap::kServerCARefs, &kStringListSignature},
70 { ::onc::eap::kUseSystemCAs, &kBoolSignature},
71 {NULL}};
72
73 const OncFieldSignature ipsec_fields[] = {
74 { ::onc::kRecommended, &kRecommendedSignature},
75 { ::onc::ipsec::kAuthenticationType, &kStringSignature},
76 { ::onc::vpn::kClientCertPattern, &kCertificatePatternSignature},
77 { ::onc::vpn::kClientCertRef, &kStringSignature},
78 { ::onc::vpn::kClientCertType, &kStringSignature},
79 { ::onc::ipsec::kGroup, &kStringSignature},
80 { ::onc::ipsec::kIKEVersion, &kIntegerSignature},
81 { ::onc::ipsec::kPSK, &kStringSignature},
82 { ::onc::vpn::kSaveCredentials, &kBoolSignature},
83 // Used internally. Not officially supported.
84 { ::onc::ipsec::kServerCAPEMs, &kStringListSignature},
85 { ::onc::ipsec::kServerCARef, &kStringSignature},
86 { ::onc::ipsec::kServerCARefs, &kStringListSignature},
87 { ::onc::ipsec::kXAUTH, &kXAUTHSignature},
88 // Not yet supported.
89 // { ipsec::kEAP, &kEAPSignature },
90 {NULL}};
91
92 const OncFieldSignature xauth_fields[] = {
93 { ::onc::vpn::kPassword, &kStringSignature},
94 { ::onc::vpn::kUsername, &kStringSignature},
95 {NULL}};
96
97 const OncFieldSignature l2tp_fields[] = {
98 { ::onc::kRecommended, &kRecommendedSignature},
99 { ::onc::vpn::kPassword, &kStringSignature},
100 { ::onc::vpn::kSaveCredentials, &kBoolSignature},
101 { ::onc::vpn::kUsername, &kStringSignature},
102 {NULL}};
103
104 const OncFieldSignature openvpn_fields[] = {
105 { ::onc::kRecommended, &kRecommendedSignature},
106 { ::onc::openvpn::kAuth, &kStringSignature},
107 { ::onc::openvpn::kAuthNoCache, &kBoolSignature},
108 { ::onc::openvpn::kAuthRetry, &kStringSignature},
109 { ::onc::openvpn::kCipher, &kStringSignature},
110 { ::onc::vpn::kClientCertPattern, &kCertificatePatternSignature},
111 { ::onc::vpn::kClientCertRef, &kStringSignature},
112 { ::onc::vpn::kClientCertType, &kStringSignature},
113 { ::onc::openvpn::kCompLZO, &kStringSignature},
114 { ::onc::openvpn::kCompNoAdapt, &kBoolSignature},
115 { ::onc::openvpn::kIgnoreDefaultRoute, &kBoolSignature},
116 { ::onc::openvpn::kKeyDirection, &kStringSignature},
117 { ::onc::openvpn::kNsCertType, &kStringSignature},
118 { ::onc::vpn::kPassword, &kStringSignature},
119 { ::onc::openvpn::kPort, &kIntegerSignature},
120 { ::onc::openvpn::kProto, &kStringSignature},
121 { ::onc::openvpn::kPushPeerInfo, &kBoolSignature},
122 { ::onc::openvpn::kRemoteCertEKU, &kStringSignature},
123 { ::onc::openvpn::kRemoteCertKU, &kStringListSignature},
124 { ::onc::openvpn::kRemoteCertTLS, &kStringSignature},
125 { ::onc::openvpn::kRenegSec, &kIntegerSignature},
126 { ::onc::vpn::kSaveCredentials, &kBoolSignature},
127 // Used internally. Not officially supported.
128 { ::onc::openvpn::kServerCAPEMs, &kStringListSignature},
129 { ::onc::openvpn::kServerCARef, &kStringSignature},
130 { ::onc::openvpn::kServerCARefs, &kStringListSignature},
131 // Not supported, yet.
132 { ::onc::openvpn::kServerCertPEM, &kStringSignature},
133 { ::onc::openvpn::kServerCertRef, &kStringSignature},
134 { ::onc::openvpn::kServerPollTimeout, &kIntegerSignature},
135 { ::onc::openvpn::kShaper, &kIntegerSignature},
136 { ::onc::openvpn::kStaticChallenge, &kStringSignature},
137 { ::onc::openvpn::kTLSAuthContents, &kStringSignature},
138 { ::onc::openvpn::kTLSRemote, &kStringSignature},
139 { ::onc::vpn::kUsername, &kStringSignature},
140 // Not supported, yet.
141 { ::onc::openvpn::kVerb, &kStringSignature},
142 { ::onc::openvpn::kVerifyHash, &kStringSignature},
143 { ::onc::openvpn::kVerifyX509, &kVerifyX509Signature},
144 {NULL}};
145
146 const OncFieldSignature verify_x509_fields[] = {
147 { ::onc::verify_x509::kName, &kStringSignature},
148 { ::onc::verify_x509::kType, &kStringSignature},
149 {NULL}};
150
151 const OncFieldSignature vpn_fields[] = {
152 { ::onc::kRecommended, &kRecommendedSignature},
153 { ::onc::vpn::kAutoConnect, &kBoolSignature},
154 { ::onc::vpn::kHost, &kStringSignature},
155 { ::onc::vpn::kIPsec, &kIPsecSignature},
156 { ::onc::vpn::kL2TP, &kL2TPSignature},
157 { ::onc::vpn::kOpenVPN, &kOpenVPNSignature},
158 { ::onc::vpn::kType, &kStringSignature},
159 {NULL}};
160
161 const OncFieldSignature ethernet_fields[] = {
162 { ::onc::kRecommended, &kRecommendedSignature},
163 { ::onc::ethernet::kAuthentication, &kStringSignature},
164 { ::onc::ethernet::kEAP, &kEAPSignature},
165 {NULL}};
166
167 // Not supported for policy but for reading network state.
168 const OncFieldSignature ipconfig_fields[] = {
169 { ::onc::ipconfig::kGateway, &kStringSignature},
170 { ::onc::ipconfig::kIPAddress, &kStringSignature},
171 { ::onc::ipconfig::kNameServers, &kStringListSignature},
172 { ::onc::ipconfig::kRoutingPrefix, &kIntegerSignature},
173 { ::onc::network_config::kSearchDomains, &kStringListSignature},
174 { ::onc::ipconfig::kType, &kStringSignature},
175 {NULL}};
176
177 const OncFieldSignature proxy_location_fields[] = {
178 { ::onc::proxy::kHost, &kStringSignature},
179 { ::onc::proxy::kPort, &kIntegerSignature}, {NULL}};
180
181 const OncFieldSignature proxy_manual_fields[] = {
182 { ::onc::proxy::kFtp, &kProxyLocationSignature},
183 { ::onc::proxy::kHttp, &kProxyLocationSignature},
184 { ::onc::proxy::kHttps, &kProxyLocationSignature},
185 { ::onc::proxy::kSocks, &kProxyLocationSignature},
186 {NULL}};
187
188 const OncFieldSignature proxy_settings_fields[] = {
189 { ::onc::kRecommended, &kRecommendedSignature},
190 { ::onc::proxy::kExcludeDomains, &kStringListSignature},
191 { ::onc::proxy::kManual, &kProxyManualSignature},
192 { ::onc::proxy::kPAC, &kStringSignature},
193 { ::onc::proxy::kType, &kStringSignature},
194 {NULL}};
195
196 const OncFieldSignature wifi_fields[] = {
197 { ::onc::kRecommended, &kRecommendedSignature},
198 { ::onc::wifi::kAutoConnect, &kBoolSignature},
199 { ::onc::wifi::kEAP, &kEAPSignature},
200 { ::onc::wifi::kHiddenSSID, &kBoolSignature},
201 { ::onc::wifi::kPassphrase, &kStringSignature},
202 { ::onc::wifi::kSSID, &kStringSignature},
203 { ::onc::wifi::kSecurity, &kStringSignature},
204 {NULL}};
205
206 const OncFieldSignature wifi_with_state_fields[] = {
207 { ::onc::wifi::kBSSID, &kStringSignature},
208 { ::onc::wifi::kFrequency, &kIntegerSignature},
209 { ::onc::wifi::kFrequencyList, &kIntegerListSignature},
210 { ::onc::wifi::kSignalStrength, &kIntegerSignature},
211 {NULL}};
212
213 const OncFieldSignature cellular_provider_fields[] = {
214 { ::onc::cellular_provider::kCode, &kStringSignature},
215 { ::onc::cellular_provider::kCountry, &kStringSignature},
216 { ::onc::cellular_provider::kName, &kStringSignature},
217 {NULL}};
218
219 const OncFieldSignature cellular_apn_fields[] = {
220 { ::onc::cellular_apn::kName, &kStringSignature},
221 { ::onc::cellular_apn::kUsername, &kStringSignature},
222 { ::onc::cellular_apn::kPassword, &kStringSignature},
223 {NULL}};
224
225 const OncFieldSignature cellular_fields[] = {
226 { ::onc::kRecommended, &kRecommendedSignature},
227 { ::onc::cellular::kAPN, &kCellularApnSignature },
228 { ::onc::cellular::kAPNList, &kCellularApnListSignature},
229 {NULL}};
230
231 const OncFieldSignature cellular_with_state_fields[] = {
232 { ::onc::cellular::kActivateOverNonCellularNetwork, &kBoolSignature},
233 { ::onc::cellular::kActivationState, &kStringSignature},
234 { ::onc::cellular::kAllowRoaming, &kBoolSignature},
235 { ::onc::cellular::kCarrier, &kStringSignature},
236 { ::onc::cellular::kESN, &kStringSignature},
237 { ::onc::cellular::kFamily, &kStringSignature},
238 { ::onc::cellular::kFirmwareRevision, &kStringSignature},
239 { ::onc::cellular::kFoundNetworks, &kStringSignature},
240 { ::onc::cellular::kHardwareRevision, &kStringSignature},
241 { ::onc::cellular::kHomeProvider, &kCellularProviderSignature},
242 { ::onc::cellular::kICCID, &kStringSignature},
243 { ::onc::cellular::kIMEI, &kStringSignature},
244 { ::onc::cellular::kIMSI, &kStringSignature},
245 { ::onc::cellular::kManufacturer, &kStringSignature},
246 { ::onc::cellular::kMDN, &kStringSignature},
247 { ::onc::cellular::kMEID, &kStringSignature},
248 { ::onc::cellular::kMIN, &kStringSignature},
249 { ::onc::cellular::kModelID, &kStringSignature},
250 { ::onc::cellular::kNetworkTechnology, &kStringSignature},
251 { ::onc::cellular::kPRLVersion, &kStringSignature},
252 { ::onc::cellular::kProviderRequiresRoaming, &kBoolSignature},
253 { ::onc::cellular::kRoamingState, &kStringSignature},
254 { ::onc::cellular::kSelectedNetwork, &kStringSignature},
255 { ::onc::cellular::kServingOperator, &kCellularProviderSignature},
256 { ::onc::cellular::kSIMLockEnabled, &kBoolSignature},
257 { ::onc::cellular::kSIMLockStatus, &kStringSignature},
258 { ::onc::cellular::kSIMLockType, &kStringSignature},
259 { ::onc::cellular::kSIMPresent, &kStringSignature},
260 { ::onc::cellular::kSupportedCarriers, &kStringSignature},
261 { ::onc::cellular::kSupportNetworkScan, &kStringSignature},
262 {NULL}};
263
264 const OncFieldSignature network_configuration_fields[] = {
265 { ::onc::kRecommended, &kRecommendedSignature},
266 { ::onc::network_config::kEthernet, &kEthernetSignature},
267 { ::onc::network_config::kGUID, &kStringSignature},
268 // Not supported for policy but for reading network state.
269 { ::onc::network_config::kIPConfigs, &kIPConfigListSignature},
270 { ::onc::network_config::kName, &kStringSignature},
271 // Not supported, yet.
272 { ::onc::network_config::kNameServers, &kStringListSignature},
273 { ::onc::network_config::kProxySettings, &kProxySettingsSignature},
274 { ::onc::kRemove, &kBoolSignature},
275 // Not supported, yet.
276 { ::onc::network_config::kSearchDomains, &kStringListSignature},
277 { ::onc::network_config::kType, &kStringSignature},
278 { ::onc::network_config::kVPN, &kVPNSignature},
279 { ::onc::network_config::kWiFi, &kWiFiSignature},
280 { ::onc::network_config::kCellular, &kCellularSignature},
281 {NULL}};
282
283 const OncFieldSignature network_with_state_fields[] = {
284 { ::onc::network_config::kCellular, &kCellularWithStateSignature},
285 { ::onc::network_config::kConnectionState, &kStringSignature},
286 { ::onc::network_config::kConnectable, &kBoolSignature},
287 { ::onc::network_config::kErrorState, &kStringSignature},
288 { ::onc::network_config::kMacAddress, &kStringSignature},
289 { ::onc::network_config::kWiFi, &kWiFiWithStateSignature},
290 {NULL}};
291
292 const OncFieldSignature global_network_configuration_fields[] = {
293 { ::onc::global_network_config::kAllowOnlyPolicyNetworksToAutoconnect,
294 &kBoolSignature},
295 {NULL}};
296
297 const OncFieldSignature certificate_fields[] = {
298 { ::onc::certificate::kGUID, &kStringSignature},
299 { ::onc::certificate::kPKCS12, &kStringSignature},
300 { ::onc::kRemove, &kBoolSignature},
301 { ::onc::certificate::kTrustBits, &kStringListSignature},
302 { ::onc::certificate::kType, &kStringSignature},
303 { ::onc::certificate::kX509, &kStringSignature},
304 {NULL}};
305
306 const OncFieldSignature toplevel_configuration_fields[] = {
307 { ::onc::toplevel_config::kCertificates, &kCertificateListSignature},
308 { ::onc::toplevel_config::kNetworkConfigurations,
309 &kNetworkConfigurationListSignature},
310 { ::onc::toplevel_config::kGlobalNetworkConfiguration,
311 &kGlobalNetworkConfigurationSignature},
312 { ::onc::toplevel_config::kType, &kStringSignature},
313 { ::onc::encrypted::kCipher, &kStringSignature},
314 { ::onc::encrypted::kCiphertext, &kStringSignature},
315 { ::onc::encrypted::kHMAC, &kStringSignature},
316 { ::onc::encrypted::kHMACMethod, &kStringSignature},
317 { ::onc::encrypted::kIV, &kStringSignature},
318 { ::onc::encrypted::kIterations, &kIntegerSignature},
319 { ::onc::encrypted::kSalt, &kStringSignature},
320 { ::onc::encrypted::kStretch, &kStringSignature}, {NULL}};
321
322 } // namespace
323
324 const OncValueSignature kRecommendedSignature = {
325 base::Value::TYPE_LIST, NULL, &kStringSignature
326 };
327 const OncValueSignature kEAPSignature = {
328 base::Value::TYPE_DICTIONARY, eap_fields, NULL
329 };
330 const OncValueSignature kIssuerSubjectPatternSignature = {
331 base::Value::TYPE_DICTIONARY, issuer_subject_pattern_fields, NULL
332 };
333 const OncValueSignature kCertificatePatternSignature = {
334 base::Value::TYPE_DICTIONARY, certificate_pattern_fields, NULL
335 };
336 const OncValueSignature kIPsecSignature = {
337 base::Value::TYPE_DICTIONARY, ipsec_fields, NULL
338 };
339 const OncValueSignature kXAUTHSignature = {
340 base::Value::TYPE_DICTIONARY, xauth_fields, NULL
341 };
342 const OncValueSignature kL2TPSignature = {
343 base::Value::TYPE_DICTIONARY, l2tp_fields, NULL
344 };
345 const OncValueSignature kOpenVPNSignature = {
346 base::Value::TYPE_DICTIONARY, openvpn_fields, NULL
347 };
348 const OncValueSignature kVerifyX509Signature = {
349 base::Value::TYPE_DICTIONARY, verify_x509_fields, NULL
350 };
351 const OncValueSignature kVPNSignature = {
352 base::Value::TYPE_DICTIONARY, vpn_fields, NULL
353 };
354 const OncValueSignature kEthernetSignature = {
355 base::Value::TYPE_DICTIONARY, ethernet_fields, NULL
356 };
357 const OncValueSignature kIPConfigSignature = {
358 base::Value::TYPE_DICTIONARY, ipconfig_fields, NULL
359 };
360 const OncValueSignature kProxyLocationSignature = {
361 base::Value::TYPE_DICTIONARY, proxy_location_fields, NULL
362 };
363 const OncValueSignature kProxyManualSignature = {
364 base::Value::TYPE_DICTIONARY, proxy_manual_fields, NULL
365 };
366 const OncValueSignature kProxySettingsSignature = {
367 base::Value::TYPE_DICTIONARY, proxy_settings_fields, NULL
368 };
369 const OncValueSignature kWiFiSignature = {
370 base::Value::TYPE_DICTIONARY, wifi_fields, NULL
371 };
372 const OncValueSignature kCertificateSignature = {
373 base::Value::TYPE_DICTIONARY, certificate_fields, NULL
374 };
375 const OncValueSignature kNetworkConfigurationSignature = {
376 base::Value::TYPE_DICTIONARY, network_configuration_fields, NULL
377 };
378 const OncValueSignature kGlobalNetworkConfigurationSignature = {
379 base::Value::TYPE_DICTIONARY, global_network_configuration_fields, NULL
380 };
381 const OncValueSignature kCertificateListSignature = {
382 base::Value::TYPE_LIST, NULL, &kCertificateSignature
383 };
384 const OncValueSignature kNetworkConfigurationListSignature = {
385 base::Value::TYPE_LIST, NULL, &kNetworkConfigurationSignature
386 };
387 const OncValueSignature kToplevelConfigurationSignature = {
388 base::Value::TYPE_DICTIONARY, toplevel_configuration_fields, NULL
389 };
390
391 // Derived "ONC with State" signatures.
392 const OncValueSignature kNetworkWithStateSignature = {
393 base::Value::TYPE_DICTIONARY, network_with_state_fields, NULL,
394 &kNetworkConfigurationSignature
395 };
396 const OncValueSignature kWiFiWithStateSignature = {
397 base::Value::TYPE_DICTIONARY, wifi_with_state_fields, NULL, &kWiFiSignature
398 };
399 const OncValueSignature kCellularSignature = {
400 base::Value::TYPE_DICTIONARY, cellular_fields, NULL
401 };
402 const OncValueSignature kCellularWithStateSignature = {
403 base::Value::TYPE_DICTIONARY, cellular_with_state_fields, NULL,
404 &kCellularSignature
405 };
406 const OncValueSignature kCellularProviderSignature = {
407 base::Value::TYPE_DICTIONARY, cellular_provider_fields, NULL
408 };
409 const OncValueSignature kCellularApnSignature = {
410 base::Value::TYPE_DICTIONARY, cellular_apn_fields, NULL
411 };
412
GetFieldSignature(const OncValueSignature & signature,const std::string & onc_field_name)413 const OncFieldSignature* GetFieldSignature(const OncValueSignature& signature,
414 const std::string& onc_field_name) {
415 if (!signature.fields)
416 return NULL;
417 for (const OncFieldSignature* field_signature = signature.fields;
418 field_signature->onc_field_name != NULL; ++field_signature) {
419 if (onc_field_name == field_signature->onc_field_name)
420 return field_signature;
421 }
422 if (signature.base_signature)
423 return GetFieldSignature(*signature.base_signature, onc_field_name);
424 return NULL;
425 }
426
427 namespace {
428
429 struct CredentialEntry {
430 const OncValueSignature* value_signature;
431 const char* field_name;
432 };
433
434 const CredentialEntry credentials[] = {
435 {&kEAPSignature, ::onc::eap::kPassword},
436 {&kIPsecSignature, ::onc::ipsec::kPSK},
437 {&kXAUTHSignature, ::onc::vpn::kPassword},
438 {&kL2TPSignature, ::onc::vpn::kPassword},
439 {&kOpenVPNSignature, ::onc::vpn::kPassword},
440 {&kOpenVPNSignature, ::onc::openvpn::kTLSAuthContents},
441 {&kWiFiSignature, ::onc::wifi::kPassphrase},
442 {&kCellularApnSignature, ::onc::cellular_apn::kPassword},
443 {NULL}};
444
445 } // namespace
446
FieldIsCredential(const OncValueSignature & signature,const std::string & onc_field_name)447 bool FieldIsCredential(const OncValueSignature& signature,
448 const std::string& onc_field_name) {
449 for (const CredentialEntry* entry = credentials;
450 entry->value_signature != NULL; ++entry) {
451 if (&signature == entry->value_signature &&
452 onc_field_name == entry->field_name) {
453 return true;
454 }
455 }
456 return false;
457 }
458
459 } // namespace onc
460 } // namespace chromeos
461