Identify and repair ONC files with duplicate GUIDs.

The patch identifies network configurations and certificates with duplicate GUIDs and repairs the ONC such that the first occurrence is retained as a unique network configuration or certificate.

BUG=211421

Review URL: https://codereview.chromium.org/166903002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@251748 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 47 insertions, 0 deletions

diff --git a/chromeos/network/onc/onc_validator.cc b/chromeos/network/onc/onc_validator.cc
index 6755390..fcc6cac 100644
--- a/chromeos/network/onc/onc_validator.cc
+++ b/chromeos/network/onc/onc_validator.cc
@@ -387,6 +387,21 @@ bool Validator::RequireField(const base::DictionaryValue& dict,
   return false;
 }
 
+bool Validator::CheckGuidIsUniqueAndAddToSet(const base::DictionaryValue& dict,
+                                             const std::string& key_guid,
+                                             std::set<std::string> *guids) {
+  std::string guid;
+  if (dict.GetStringWithoutPathExpansion(key_guid, &guid)) {
+    if (guids->count(guid) != 0) {
+      error_or_warning_found_ = true;
+      LOG(ERROR) << MessageHeader() << "Found a duplicate GUID " << guid << ".";
+      return false;
+    }
+    guids->insert(guid);
+  }
+  return true;
+}
+
 bool Validator::IsCertPatternInDevicePolicy(const std::string& cert_type) {
   if (cert_type == ::onc::certificate::kPattern &&
       onc_source_ == ::onc::ONC_SOURCE_DEVICE_POLICY) {
@@ -458,6 +473,9 @@ bool Validator::ValidateNetworkConfiguration(base::DictionaryValue* result) {
     return false;
   }
 
+  if (!CheckGuidIsUniqueAndAddToSet(*result, kGUID, &network_guids_))
+    return false;
+
   bool all_required_exist = RequireField(*result, kGUID);
 
   bool remove = false;
@@ -812,6 +830,9 @@ bool Validator::ValidateCertificate(base::DictionaryValue* result) {
     return false;
   }
 
+  if (!CheckGuidIsUniqueAndAddToSet(*result, kGUID, &certificate_guids_))
+    return false;
+
   bool all_required_exist = RequireField(*result, kGUID);
 
   bool remove = false;
diff --git a/chromeos/network/onc/onc_validator.h b/chromeos/network/onc/onc_validator.h
index 8d8efee..d406853c 100644
--- a/chromeos/network/onc/onc_validator.h
+++ b/chromeos/network/onc/onc_validator.h
@@ -5,6 +5,7 @@
 #ifndef CHROMEOS_NETWORK_ONC_ONC_VALIDATOR_H_
 #define CHROMEOS_NETWORK_ONC_ONC_VALIDATOR_H_
 
+#include <set>
 #include <string>
 #include <vector>
 
@@ -174,6 +175,13 @@ class CHROMEOS_EXPORT Validator : public Mapper {
 
   bool RequireField(const base::DictionaryValue& dict, const std::string& key);
 
+  // Returns true if the GUID is unique or if the GUID is not a string
+  // and false otherwise. The function also adds the GUID to a set in
+  // order to identify duplicates.
+  bool CheckGuidIsUniqueAndAddToSet(const base::DictionaryValue& dict,
+                                    const std::string& kGUID,
+                                    std::set<std::string> *guids);
+
   // Prohibit certificate patterns for device policy ONC so that an unmanaged
   // user won't have a certificate presented for them involuntarily.
   bool IsCertPatternInDevicePolicy(const std::string& cert_type);
@@ -195,6 +203,14 @@ class CHROMEOS_EXPORT Validator : public Mapper {
   // are stored as strings in decimal notation.
   std::vector<std::string> path_;
 
+  // Accumulates all network GUIDs during validation. Used to identify
+  // duplicate GUIDs.
+  std::set<std::string> network_guids_;
+
+  // Accumulates all certificate GUIDs during validation. Used to identify
+  // duplicate GUIDs.
+  std::set<std::string> certificate_guids_;
+
   // Tracks if an error or warning occurred within validation initiated by
   // function ValidateAndRepairObject.
   bool error_or_warning_found_;
diff --git a/chromeos/network/onc/onc_validator_unittest.cc b/chromeos/network/onc/onc_validator_unittest.cc
index 7722676..4108d2f 100644
--- a/chromeos/network/onc/onc_validator_unittest.cc
+++ b/chromeos/network/onc/onc_validator_unittest.cc
@@ -334,6 +334,16 @@ INSTANTIATE_TEST_CASE_P(
                                   false),
                         RepairParams("toplevel-repaired",
                                      "toplevel-repaired")),
+         std::make_pair(OncParams("duplicate-network-guid",
+                                  &kToplevelConfigurationSignature,
+                                  false),
+                        RepairParams("repaired-duplicate-network-guid",
+                                     "repaired-duplicate-network-guid")),
+         std::make_pair(OncParams("duplicate-cert-guid",
+                                  &kToplevelConfigurationSignature,
+                                  false),
+                        RepairParams("repaired-duplicate-cert-guid",
+                                     "repaired-duplicate-cert-guid")),
          std::make_pair(OncParams("toplevel-invalid-network",
                                   &kToplevelConfigurationSignature,
                                   true),