// Copyright 2019 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "chrome/browser/net/secure_dns_policy_handler.h" #include <string> #include <string_view> #include "base/strings/string_number_conversions.h" #include "base/values.h" #include "chrome/browser/net/secure_dns_config.h" #include "chrome/browser/prefs/session_startup_pref.h" #include "chrome/common/pref_names.h" #include "components/policy/core/browser/policy_error_map.h" #include "components/policy/core/common/policy_map.h" #include "components/policy/policy_constants.h" #include "components/prefs/pref_value_map.h" #include "components/strings/grit/components_strings.h" #include "net/dns/public/dns_over_https_config.h" #include "net/dns/public/util.h" #if BUILDFLAG(IS_CHROMEOS_ASH) #include "ash/constants/ash_features.h" #endif namespace { #if BUILDFLAG(IS_CHROMEOS_ASH) constexpr int kMinDohSaltSize = 8; constexpr int kMaxDohSaltSize = 32; // Returns true if the policy `kDnsOverHttpsSalt` is not set or if it has a // valid value, otherwise returns false. kDnsOverHttpsSalt` is only valid if // `kDnsOverHttpsTemplatesWithIdentifiers` is set. If an error occurs, the error // message will be appended to `errors`. bool CheckDnsOverHttpsSaltPolicy(const policy::PolicyMap& policies, policy::PolicyErrorMap* errors) { if (!policies.IsPolicySet(policy::key::kDnsOverHttpsSalt)) { return true; } const base::Value* salt = policies.GetValueUnsafe(policy::key::kDnsOverHttpsSalt); if (!salt->is_string()) { errors->AddError(policy::key::kDnsOverHttpsSalt, IDS_POLICY_SECURE_DNS_SALT_INVALID_ERROR); return false; } // Salt is optional. if (salt->GetString().empty()) { return true; } if (salt->GetString().size() < kMinDohSaltSize || salt->GetString().size() > kMaxDohSaltSize) { errors->AddError(policy::key::kDnsOverHttpsSalt, IDS_POLICY_SECURE_DNS_SALT_INVALID_SIZE_ERROR); return false; } bool templates_set = false; if (policies.IsPolicySet( policy::key::kDnsOverHttpsTemplatesWithIdentifiers)) { const base::Value* templates = policies.GetValue(policy::key::kDnsOverHttpsTemplatesWithIdentifiers, base::Value::Type::STRING); templates_set = templates && !templates->GetString().empty(); } if (!templates_set) { errors->AddError(policy::key::kDnsOverHttpsSalt, IDS_POLICY_DEPENDENCY_ERROR_ANY_VALUE, policy::key::kDnsOverHttpsTemplatesWithIdentifiers); return false; } return true; } #endif // Returns true if the policy `policy_name` has a valid template URI value, // otherwise returns false. If an error occurs, the error message will be // appended to `errors`. bool CheckDnsOverHttpsTemplatePolicy(const policy::PolicyMap& policies, policy::PolicyErrorMap* errors, const std::string& policy_name, std::string_view mode) { … } } // namespace namespace policy { SecureDnsPolicyHandler::SecureDnsPolicyHandler() { … } SecureDnsPolicyHandler::~SecureDnsPolicyHandler() { … } // Verifies if the combination of policies which set the secure DNS mode and // the templates URI is valid. The templates URIs can be set via the cross // platform policy "DnsOverHttpsTemplates" and, on Chrome OS only, via the // policy "DnsOverHttpsTemplatesWithIdentifiers" which will override the cross // platform policy if both are set. bool SecureDnsPolicyHandler::CheckPolicySettings(const PolicyMap& policies, PolicyErrorMap* errors) { … } void SecureDnsPolicyHandler::ApplyPolicySettings(const PolicyMap& policies, PrefValueMap* prefs) { … } bool SecureDnsPolicyHandler::IsTemplatesPolicyNotSpecified( bool is_templates_policy_valid, std::string_view mode_str) { … } } // namespace policy
Codebase Browser
chromium