Add an ONC property for the third-party VPN provider extension ID

This CL maps the third-party VPN provider extension ID (which is
stored in shill's |Provider.Host| field) to an ONC property.

BUG=460428
TEST=Extended unit tests and API test

Review URL: https://codereview.chromium.org/1019033002

Cr-Commit-Position: refs/heads/master@{#321238}

9 files changed, 82 insertions, 13 deletions

diff --git a/chromeos/network/onc/onc_normalizer.cc b/chromeos/network/onc/onc_normalizer.cc
index 4ec5ddf..627835a 100644
--- a/chromeos/network/onc/onc_normalizer.cc
+++ b/chromeos/network/onc/onc_normalizer.cc
@@ -232,6 +232,7 @@ void Normalizer::NormalizeVPN(base::DictionaryValue* vpn) {
   RemoveEntryUnless(vpn, kOpenVPN, type == kOpenVPN);
   RemoveEntryUnless(vpn, kIPsec, type == kIPsec || type == kTypeL2TP_IPsec);
   RemoveEntryUnless(vpn, kL2TP, type == kTypeL2TP_IPsec);
+  RemoveEntryUnless(vpn, kThirdPartyVpn, type == kThirdPartyVpn);
 }
 
 void Normalizer::NormalizeWiFi(base::DictionaryValue* wifi) {
diff --git a/chromeos/network/onc/onc_signature.cc b/chromeos/network/onc/onc_signature.cc
index a421909..ad05682 100644
--- a/chromeos/network/onc/onc_signature.cc
+++ b/chromeos/network/onc/onc_signature.cc
@@ -151,6 +151,11 @@ const OncFieldSignature openvpn_fields[] = {
     { ::onc::openvpn::kVerifyX509, &kVerifyX509Signature},
     {NULL}};
 
+const OncFieldSignature third_party_vpn_fields[] = {
+    { ::onc::kRecommended, &kRecommendedSignature},
+    { ::onc::third_party_vpn::kExtensionID, &kStringSignature},
+    {NULL}};
+
 const OncFieldSignature verify_x509_fields[] = {
     { ::onc::verify_x509::kName, &kStringSignature},
     { ::onc::verify_x509::kType, &kStringSignature},
@@ -163,6 +168,7 @@ const OncFieldSignature vpn_fields[] = {
     { ::onc::vpn::kIPsec, &kIPsecSignature},
     { ::onc::vpn::kL2TP, &kL2TPSignature},
     { ::onc::vpn::kOpenVPN, &kOpenVPNSignature},
+    { ::onc::vpn::kThirdPartyVpn, &kThirdPartyVPNSignature},
     { ::onc::vpn::kType, &kStringSignature},
     {NULL}};
 
@@ -385,6 +391,9 @@ const OncValueSignature kL2TPSignature = {
 const OncValueSignature kOpenVPNSignature = {
   base::Value::TYPE_DICTIONARY, openvpn_fields, NULL
 };
+const OncValueSignature kThirdPartyVPNSignature = {
+  base::Value::TYPE_DICTIONARY, third_party_vpn_fields, NULL
+};
 const OncValueSignature kVerifyX509Signature = {
   base::Value::TYPE_DICTIONARY, verify_x509_fields, NULL
 };
diff --git a/chromeos/network/onc/onc_signature.h b/chromeos/network/onc/onc_signature.h
index acb8406..316ee86 100644
--- a/chromeos/network/onc/onc_signature.h
+++ b/chromeos/network/onc/onc_signature.h
@@ -43,6 +43,7 @@ CHROMEOS_EXPORT extern const OncValueSignature kIPsecSignature;
 CHROMEOS_EXPORT extern const OncValueSignature kL2TPSignature;
 CHROMEOS_EXPORT extern const OncValueSignature kXAUTHSignature;
 CHROMEOS_EXPORT extern const OncValueSignature kOpenVPNSignature;
+CHROMEOS_EXPORT extern const OncValueSignature kThirdPartyVPNSignature;
 CHROMEOS_EXPORT extern const OncValueSignature kVerifyX509Signature;
 CHROMEOS_EXPORT extern const OncValueSignature kVPNSignature;
 CHROMEOS_EXPORT extern const OncValueSignature kEthernetSignature;
diff --git a/chromeos/network/onc/onc_translator_onc_to_shill.cc b/chromeos/network/onc/onc_translator_onc_to_shill.cc
index fdd8fbd..3cf9789f 100644
--- a/chromeos/network/onc/onc_translator_onc_to_shill.cc
+++ b/chromeos/network/onc/onc_translator_onc_to_shill.cc
@@ -188,10 +188,28 @@ void LocalTranslator::TranslateIPsec() {
 }
 
 void LocalTranslator::TranslateVPN() {
-  CopyFieldFromONCToShill(::onc::vpn::kHost, shill::kProviderHostProperty);
-  std::string type;
-  if (onc_object_->GetStringWithoutPathExpansion(::onc::vpn::kType, &type))
-    TranslateWithTableAndSet(type, kVPNTypeTable, shill::kProviderTypeProperty);
+  std::string onc_type;
+  if (onc_object_->GetStringWithoutPathExpansion(::onc::vpn::kType,
+                                                 &onc_type)) {
+    TranslateWithTableAndSet(onc_type, kVPNTypeTable,
+                             shill::kProviderTypeProperty);
+  }
+  if (onc_type == ::onc::vpn::kThirdPartyVpn) {
+    // For third-party VPNs, |shill::kProviderHostProperty| is used to store the
+    // provider's extension ID.
+    const base::DictionaryValue* onc_third_party_vpn = nullptr;
+    onc_object_->GetDictionaryWithoutPathExpansion(::onc::vpn::kThirdPartyVpn,
+                                                   &onc_third_party_vpn);
+    std::string onc_extension_id;
+    if (onc_third_party_vpn &&
+        onc_third_party_vpn->GetStringWithoutPathExpansion(
+            ::onc::third_party_vpn::kExtensionID, &onc_extension_id)) {
+      shill_dictionary_->SetStringWithoutPathExpansion(
+          shill::kProviderHostProperty, onc_extension_id);
+    }
+  } else {
+    CopyFieldFromONCToShill(::onc::vpn::kHost, shill::kProviderHostProperty);
+  }
 
   CopyFieldsAccordingToSignature();
 }
diff --git a/chromeos/network/onc/onc_translator_shill_to_onc.cc b/chromeos/network/onc/onc_translator_shill_to_onc.cc
index 1ec647a..43e7b3a 100644
--- a/chromeos/network/onc/onc_translator_shill_to_onc.cc
+++ b/chromeos/network/onc/onc_translator_shill_to_onc.cc
@@ -77,6 +77,7 @@ class ShillToONCTranslator {
   void TranslateEthernet();
   void TranslateOpenVPN();
   void TranslateIPsec();
+  void TranslateThirdPartyVPN();
   void TranslateVPN();
   void TranslateWiFiWithState();
   void TranslateWiMAXWithState();
@@ -159,6 +160,8 @@ ShillToONCTranslator::CreateTranslatedONCObject() {
     TranslateOpenVPN();
   } else if (onc_signature_ == &kIPsecSignature) {
     TranslateIPsec();
+  } else if (onc_signature_ == &kThirdPartyVPNSignature) {
+    TranslateThirdPartyVPN();
   } else if (onc_signature_ == &kWiFiWithStateSignature) {
     TranslateWiFiWithState();
   } else if (onc_signature_ == &kWiMAXWithStateSignature) {
@@ -266,6 +269,18 @@ void ShillToONCTranslator::TranslateIPsec() {
                                              authentication_type);
 }
 
+void ShillToONCTranslator::TranslateThirdPartyVPN() {
+  CopyPropertiesAccordingToSignature();
+
+  // For third-party VPNs, |shill::kProviderHostProperty| is used to store the
+  // provider's extension ID.
+  std::string shill_extension_id;
+  shill_dictionary_->GetStringWithoutPathExpansion(shill::kHostProperty,
+                                                   &shill_extension_id);
+  onc_object_->SetStringWithoutPathExpansion(
+      ::onc::third_party_vpn::kExtensionID, shill_extension_id);
+}
+
 void ShillToONCTranslator::TranslateVPN() {
   CopyPropertiesAccordingToSignature();
 
@@ -285,11 +300,12 @@ void ShillToONCTranslator::TranslateVPN() {
   }
   onc_object_->SetStringWithoutPathExpansion(::onc::vpn::kType,
                                              onc_provider_type);
-  std::string provider_host;
-  if (provider->GetStringWithoutPathExpansion(shill::kHostProperty,
-                                              &provider_host)) {
+  std::string shill_provider_host;
+  if (onc_provider_type != ::onc::vpn::kThirdPartyVpn &&
+      provider->GetStringWithoutPathExpansion(shill::kHostProperty,
+                                              &shill_provider_host)) {
     onc_object_->SetStringWithoutPathExpansion(::onc::vpn::kHost,
-                                               provider_host);
+                                               shill_provider_host);
   }
 
   // Translate the nested dictionary.
@@ -298,13 +314,14 @@ void ShillToONCTranslator::TranslateVPN() {
     TranslateAndAddNestedObject(::onc::vpn::kIPsec, *provider);
     TranslateAndAddNestedObject(::onc::vpn::kL2TP, *provider);
     provider_type_dictionary = ::onc::vpn::kIPsec;
-  } else if (onc_provider_type != ::onc::vpn::kThirdPartyVpn) {
+  } else {
     TranslateAndAddNestedObject(onc_provider_type, *provider);
     provider_type_dictionary = onc_provider_type;
   }
 
   bool save_credentials;
-  if (shill_dictionary_->GetBooleanWithoutPathExpansion(
+  if (onc_provider_type != ::onc::vpn::kThirdPartyVpn &&
+      shill_dictionary_->GetBooleanWithoutPathExpansion(
           shill::kSaveCredentialsProperty, &save_credentials)) {
     SetNestedOncValue(provider_type_dictionary,
                       ::onc::vpn::kSaveCredentials,
diff --git a/chromeos/network/onc/onc_translator_unittest.cc b/chromeos/network/onc/onc_translator_unittest.cc
index 9444614..f637761 100644
--- a/chromeos/network/onc/onc_translator_unittest.cc
+++ b/chromeos/network/onc/onc_translator_unittest.cc
@@ -61,7 +61,8 @@ INSTANTIATE_TEST_CASE_P(
         std::make_pair("openvpn_clientcert_with_cert_pems.onc",
                        "shill_openvpn_clientcert.json"),
         std::make_pair("cellular.onc", "shill_cellular.json"),
-        std::make_pair("wimax.onc", "shill_wimax.json")));
+        std::make_pair("wimax.onc", "shill_wimax.json"),
+        std::make_pair("third_party_vpn.onc", "shill_third_party_vpn.json")));
 
 // First parameter: Filename of source Shill json.
 // Second parameter: Filename of expected translated ONC network part.
@@ -113,7 +114,9 @@ INSTANTIATE_TEST_CASE_P(
         std::make_pair("shill_cellular_with_state.json",
                        "translation_of_shill_cellular_with_state.onc"),
         std::make_pair("shill_wimax_with_state.json",
-                       "translation_of_shill_wimax_with_state.onc")));
+                       "translation_of_shill_wimax_with_state.onc"),
+        std::make_pair("shill_output_third_party_vpn.json",
+                       "third_party_vpn.onc")));
 
 }  // namespace onc
 }  // namespace chromeos
diff --git a/chromeos/network/onc/onc_validator.cc b/chromeos/network/onc/onc_validator.cc
index c3cd2bb..e3ea49a 100644
--- a/chromeos/network/onc/onc_validator.cc
+++ b/chromeos/network/onc/onc_validator.cc
@@ -122,6 +122,8 @@ scoped_ptr<base::DictionaryValue> Validator::MapObject(
       valid = ValidateIPsec(repaired.get());
     } else if (&signature == &kOpenVPNSignature) {
       valid = ValidateOpenVPN(repaired.get());
+    } else if (&signature == &kThirdPartyVPNSignature) {
+      valid = ValidateThirdPartyVPN(repaired.get());
     } else if (&signature == &kVerifyX509Signature) {
       valid = ValidateVerifyX509(repaired.get());
     } else if (&signature == &kCertificatePatternSignature) {
@@ -683,7 +685,8 @@ bool Validator::ValidateWiFi(base::DictionaryValue* result) {
 bool Validator::ValidateVPN(base::DictionaryValue* result) {
   using namespace ::onc::vpn;
 
-  const char* const kValidTypes[] = {kIPsec, kTypeL2TP_IPsec, kOpenVPN};
+  const char* const kValidTypes[] = {
+      kIPsec, kTypeL2TP_IPsec, kOpenVPN, kThirdPartyVpn};
   const std::vector<const char*> valid_types(toVector(kValidTypes));
   if (FieldExistsAndHasNoValidValue(*result, ::onc::vpn::kType, valid_types))
     return false;
@@ -698,6 +701,8 @@ bool Validator::ValidateVPN(base::DictionaryValue* result) {
   } else if (type == kTypeL2TP_IPsec) {
     all_required_exist &=
         RequireField(*result, kIPsec) && RequireField(*result, kL2TP);
+  } else if (type == kThirdPartyVpn) {
+    all_required_exist &= RequireField(*result, kThirdPartyVpn);
   }
 
   return !error_on_missing_field_ || all_required_exist;
@@ -802,6 +807,13 @@ bool Validator::ValidateOpenVPN(base::DictionaryValue* result) {
   return !error_on_missing_field_ || all_required_exist;
 }
 
+bool Validator::ValidateThirdPartyVPN(base::DictionaryValue* result) {
+  const bool all_required_exist =
+      RequireField(*result, ::onc::third_party_vpn::kExtensionID);
+
+  return !error_on_missing_field_ || all_required_exist;
+}
+
 bool Validator::ValidateVerifyX509(base::DictionaryValue* result) {
   using namespace ::onc::verify_x509;
 
diff --git a/chromeos/network/onc/onc_validator.h b/chromeos/network/onc/onc_validator.h
index b535f9f..424f7eb 100644
--- a/chromeos/network/onc/onc_validator.h
+++ b/chromeos/network/onc/onc_validator.h
@@ -160,6 +160,7 @@ class CHROMEOS_EXPORT Validator : public Mapper {
   bool ValidateVPN(base::DictionaryValue* result);
   bool ValidateIPsec(base::DictionaryValue* result);
   bool ValidateOpenVPN(base::DictionaryValue* result);
+  bool ValidateThirdPartyVPN(base::DictionaryValue* result);
   bool ValidateVerifyX509(base::DictionaryValue* result);
   bool ValidateCertificatePattern(base::DictionaryValue* result);
   bool ValidateProxySettings(base::DictionaryValue* result);
diff --git a/chromeos/network/onc/onc_validator_unittest.cc b/chromeos/network/onc/onc_validator_unittest.cc
index add3572..8517f71 100644
--- a/chromeos/network/onc/onc_validator_unittest.cc
+++ b/chromeos/network/onc/onc_validator_unittest.cc
@@ -208,6 +208,9 @@ INSTANTIATE_TEST_CASE_P(
                   false),
         OncParams("openvpn_with_password.onc",
                   &kNetworkConfigurationSignature,
+                  false),
+        OncParams("third_party_vpn.onc",
+                  &kNetworkConfigurationSignature,
                   false)));
 
 namespace {
@@ -348,6 +351,10 @@ INSTANTIATE_TEST_CASE_P(
         std::make_pair(OncParams("openvpn-missing-verify-x509-name",
                                  &kNetworkConfigurationSignature,
                                  false),
+                       ExpectStrictNotValid("")),
+        std::make_pair(OncParams("third-party-vpn-missing-extension-id",
+                                 &kNetworkConfigurationSignature,
+                                 false),
                        ExpectStrictNotValid(""))));
 
 // Strict validator returns INVALID. Liberal validator repairs.