chromeos/components/onc/onc_utils.h - chromium/src.git - Git at Google

 // Copyright 2021 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CHROMEOS_COMPONENTS_ONC_ONC_UTILS_H_
 #define CHROMEOS_COMPONENTS_ONC_ONC_UTILS_H_

 #include <map>
 #include <string>

 #include "base/component_export.h"
 #include "base/values.h"
 #include "components/onc/onc_constants.h"
 #include "third_party/abseil-cpp/absl/types/optional.h"

 namespace chromeos {

 class VariableExpander;

 namespace onc {

 struct OncValueSignature;

 using CertPEMsByGUIDMap = std::map<std::string, std::string>;

 // Parses |json| according to the JSON format. If |json| is a JSON formatted
 // dictionary, the function populates |dict| and returns true, otherwise returns
 // false and |dict| is unchanged.
 COMPONENT_EXPORT(CHROMEOS_ONC)
 absl::optional<base::Value::Dict> ReadDictionaryFromJson(
     const std::string& json);

 // Decrypts the given EncryptedConfiguration |onc| (see the ONC specification)
 // using |passphrase|. The resulting UnencryptedConfiguration is returned. If an
 // error occurs, returns nullopt.
 COMPONENT_EXPORT(CHROMEOS_ONC)
 absl::optional<base::Value::Dict> Decrypt(const std::string& passphrase,
                                           const base::Value::Dict& onc);

 // For logging only: strings not user facing.
 COMPONENT_EXPORT(CHROMEOS_ONC)
 std::string GetSourceAsString(::onc::ONCSource source);

 // Replaces all expandable fields that are mentioned in the ONC
 // specification. The object of |onc_object| is modified in place.
 // The substitution is performed using the passed |variable_expander|, which
 // defines the placeholder-value mapping.
 COMPONENT_EXPORT(CHROMEOS_ONC)
 void ExpandStringsInOncObject(const OncValueSignature& signature,
                               const VariableExpander& variable_expander,
                               base::Value::Dict* onc_object);

 // Replaces expandable fields in the networks of |network_configs|, which must
 // be a list of ONC NetworkConfigurations. See ExpandStringsInOncObject above.
 COMPONENT_EXPORT(CHROMEOS_ONC)
 void ExpandStringsInNetworks(const VariableExpander& variable_expander,
                              base::Value::List& network_configs);

 // Fills in all missing HexSSID fields that are mentioned in the ONC
 // specification. The object of |onc_object| is modified in place.
 COMPONENT_EXPORT(CHROMEOS_ONC)
 void FillInHexSSIDFieldsInOncObject(const OncValueSignature& signature,
                                     base::Value::Dict& onc_object);

 // If the SSID field is set, but HexSSID is not, converts the contents of the
 // SSID field to UTF-8 encoding, creates the hex representation and assigns the
 // result to HexSSID.
 COMPONENT_EXPORT(CHROMEOS_ONC)
 void FillInHexSSIDField(base::Value::Dict& wifi_fields);

 // Sets missing HiddenSSID fields to default value that is specified in the ONC
 // specification. The object of |onc_object| is modified in place.
 COMPONENT_EXPORT(CHROMEOS_ONC)
 void SetHiddenSSIDFieldInOncObject(const OncValueSignature& signature,
                                    base::Value::Dict& onc_object);

 // If the HiddenSSID field is not set, sets it to default value(false). If the
 // HiddenSSID field is set already, does nothing.
 COMPONENT_EXPORT(CHROMEOS_ONC)
 void SetHiddenSSIDField(base::Value::Dict& wifi_fields);

 // Creates a copy of |onc_object| with all values of sensitive fields replaced
 // by |mask|. To find sensitive fields, signature and field name are checked
 // with the function FieldIsCredential().
 COMPONENT_EXPORT(CHROMEOS_ONC)
 base::Value::Dict MaskCredentialsInOncObject(
     const OncValueSignature& signature,
     const base::Value::Dict& onc_object,
     const std::string& mask);

 // Decrypts |onc_blob| with |passphrase| if necessary. Clears |network_configs|,
 // |global_network_config| and |certificates| and fills them with the validated
 // NetworkConfigurations, GlobalNetworkConfiguration and Certificates of
 // |onc_blob|. Callers can pass nullptr as any of |network_configs|,
 // |global_network_config|, |certificates| if they're not interested in the
 // respective values. Returns false if any validation errors or warnings
 // occurred in any segments (i.e. not only those requested by the caller). Even
 // if false is returned, some configuration might be added to the output
 // arguments and should be further processed by the caller.
 COMPONENT_EXPORT(CHROMEOS_ONC)
 bool ParseAndValidateOncForImport(const std::string& onc_blob,
                                   ::onc::ONCSource onc_source,
                                   const std::string& passphrase,
                                   base::Value::List* network_configs,
                                   base::Value::Dict* global_network_config,
                                   base::Value::List* certificates);

 // Parse the given PEM encoded certificate |pem_encoded| and return the
 // contained DER encoding. Returns an empty string on failure.
 std::string DecodePEM(const std::string& pem_encoded);

 // Replaces all references by GUID to Server or CA certs by their PEM
 // encoding. Returns true if all references could be resolved. Otherwise returns
 // false and network configurations with unresolvable references are removed
 // from |network_configs|. |network_configs| must be a list of ONC
 // NetworkConfiguration dictionaries.
 COMPONENT_EXPORT(CHROMEOS_ONC)
 bool ResolveServerCertRefsInNetworks(const CertPEMsByGUIDMap& certs_by_guid,
                                      base::Value::List& network_configs);

 // Replaces all references by GUID to Server or CA certs by their PEM
 // encoding. Returns true if all references could be resolved. |network_config|
 // must be a ONC NetworkConfiguration.
 COMPONENT_EXPORT(CHROMEOS_ONC)
 bool ResolveServerCertRefsInNetwork(const CertPEMsByGUIDMap& certs_by_guid,
                                     base::Value::Dict& network_config);

 }  // namespace onc
 }  // namespace chromeos

 #endif  // CHROMEOS_COMPONENTS_ONC_ONC_UTILS_H_
	// Copyright 2021 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CHROMEOS_COMPONENTS_ONC_ONC_UTILS_H_
	#define CHROMEOS_COMPONENTS_ONC_ONC_UTILS_H_

	#include <map>
	#include <string>

	#include "base/component_export.h"
	#include "base/values.h"
	#include "components/onc/onc_constants.h"
	#include "third_party/abseil-cpp/absl/types/optional.h"

	namespace chromeos {

	class VariableExpander;

	namespace onc {

	struct OncValueSignature;

	using CertPEMsByGUIDMap = std::map<std::string, std::string>;

	// Parses \|json\| according to the JSON format. If \|json\| is a JSON formatted
	// dictionary, the function populates \|dict\| and returns true, otherwise returns
	// false and \|dict\| is unchanged.
	COMPONENT_EXPORT(CHROMEOS_ONC)
	absl::optional<base::Value::Dict> ReadDictionaryFromJson(
	const std::string& json);

	// Decrypts the given EncryptedConfiguration \|onc\| (see the ONC specification)
	// using \|passphrase\|. The resulting UnencryptedConfiguration is returned. If an
	// error occurs, returns nullopt.
	COMPONENT_EXPORT(CHROMEOS_ONC)
	absl::optional<base::Value::Dict> Decrypt(const std::string& passphrase,
	const base::Value::Dict& onc);

	// For logging only: strings not user facing.
	COMPONENT_EXPORT(CHROMEOS_ONC)
	std::string GetSourceAsString(::onc::ONCSource source);

	// Replaces all expandable fields that are mentioned in the ONC
	// specification. The object of \|onc_object\| is modified in place.
	// The substitution is performed using the passed \|variable_expander\|, which
	// defines the placeholder-value mapping.
	COMPONENT_EXPORT(CHROMEOS_ONC)
	void ExpandStringsInOncObject(const OncValueSignature& signature,
	const VariableExpander& variable_expander,
	base::Value::Dict* onc_object);

	// Replaces expandable fields in the networks of \|network_configs\|, which must
	// be a list of ONC NetworkConfigurations. See ExpandStringsInOncObject above.
	COMPONENT_EXPORT(CHROMEOS_ONC)
	void ExpandStringsInNetworks(const VariableExpander& variable_expander,
	base::Value::List& network_configs);

	// Fills in all missing HexSSID fields that are mentioned in the ONC
	// specification. The object of \|onc_object\| is modified in place.
	COMPONENT_EXPORT(CHROMEOS_ONC)
	void FillInHexSSIDFieldsInOncObject(const OncValueSignature& signature,
	base::Value::Dict& onc_object);

	// If the SSID field is set, but HexSSID is not, converts the contents of the
	// SSID field to UTF-8 encoding, creates the hex representation and assigns the
	// result to HexSSID.
	COMPONENT_EXPORT(CHROMEOS_ONC)
	void FillInHexSSIDField(base::Value::Dict& wifi_fields);

	// Sets missing HiddenSSID fields to default value that is specified in the ONC
	// specification. The object of \|onc_object\| is modified in place.
	COMPONENT_EXPORT(CHROMEOS_ONC)
	void SetHiddenSSIDFieldInOncObject(const OncValueSignature& signature,
	base::Value::Dict& onc_object);

	// If the HiddenSSID field is not set, sets it to default value(false). If the
	// HiddenSSID field is set already, does nothing.
	COMPONENT_EXPORT(CHROMEOS_ONC)
	void SetHiddenSSIDField(base::Value::Dict& wifi_fields);

	// Creates a copy of \|onc_object\| with all values of sensitive fields replaced
	// by \|mask\|. To find sensitive fields, signature and field name are checked
	// with the function FieldIsCredential().
	COMPONENT_EXPORT(CHROMEOS_ONC)
	base::Value::Dict MaskCredentialsInOncObject(
	const OncValueSignature& signature,
	const base::Value::Dict& onc_object,
	const std::string& mask);

	// Decrypts \|onc_blob\| with \|passphrase\| if necessary. Clears \|network_configs\|,
	// \|global_network_config\| and \|certificates\| and fills them with the validated
	// NetworkConfigurations, GlobalNetworkConfiguration and Certificates of
	// \|onc_blob\|. Callers can pass nullptr as any of \|network_configs\|,
	// \|global_network_config\|, \|certificates\| if they're not interested in the
	// respective values. Returns false if any validation errors or warnings
	// occurred in any segments (i.e. not only those requested by the caller). Even
	// if false is returned, some configuration might be added to the output
	// arguments and should be further processed by the caller.
	COMPONENT_EXPORT(CHROMEOS_ONC)
	bool ParseAndValidateOncForImport(const std::string& onc_blob,
	::onc::ONCSource onc_source,
	const std::string& passphrase,
	base::Value::List* network_configs,
	base::Value::Dict* global_network_config,
	base::Value::List* certificates);

	// Parse the given PEM encoded certificate \|pem_encoded\| and return the
	// contained DER encoding. Returns an empty string on failure.
	std::string DecodePEM(const std::string& pem_encoded);

	// Replaces all references by GUID to Server or CA certs by their PEM
	// encoding. Returns true if all references could be resolved. Otherwise returns
	// false and network configurations with unresolvable references are removed
	// from \|network_configs\|. \|network_configs\| must be a list of ONC
	// NetworkConfiguration dictionaries.
	COMPONENT_EXPORT(CHROMEOS_ONC)
	bool ResolveServerCertRefsInNetworks(const CertPEMsByGUIDMap& certs_by_guid,
	base::Value::List& network_configs);

	// Replaces all references by GUID to Server or CA certs by their PEM
	// encoding. Returns true if all references could be resolved. \|network_config\|
	// must be a ONC NetworkConfiguration.
	COMPONENT_EXPORT(CHROMEOS_ONC)
	bool ResolveServerCertRefsInNetwork(const CertPEMsByGUIDMap& certs_by_guid,
	base::Value::Dict& network_config);

	} // namespace onc
	} // namespace chromeos

	#endif // CHROMEOS_COMPONENTS_ONC_ONC_UTILS_H_