ONC: Add ExtraHosts property to OpenVPN

This is needed to support multiple fallback hosts.

BUG=742666
TEST=Modified translator and validator unit tests to include
checks for ExtraHosts

Change-Id: I3faa20fb5d3f3ca490340527ad0a40a7fe9f837a
Reviewed-on: https://chromium-review.googlesource.com/720138Reviewed-by: Kevin Cernekee <cernekee@chromium.org>
Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Commit-Queue: Matthew Wang <matthewmwang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#509536}

chromeos/network/onc/onc_signature.cc

@@ -110,6 +110,7 @@ const OncFieldSignature openvpn_fields[] = {
     {::onc::client_cert::kClientCertType, &kStringSignature},
     {::onc::openvpn::kCompLZO, &kStringSignature},
     {::onc::openvpn::kCompNoAdapt, &kBoolSignature},
+    {::onc::openvpn::kExtraHosts, &kStringListSignature},
     {::onc::openvpn::kIgnoreDefaultRoute, &kBoolSignature},
     {::onc::openvpn::kKeyDirection, &kStringSignature},
     {::onc::openvpn::kNsCertType, &kStringSignature},

chromeos/network/onc/onc_translation_tables.cc

@@ -77,6 +77,7 @@ const FieldTranslationEntry openvpn_fields[] = {
     //  shill::kOpenVPNClientCertIdProperty},
     {::onc::openvpn::kCompLZO, shill::kOpenVPNCompLZOProperty},
     {::onc::openvpn::kCompNoAdapt, shill::kOpenVPNCompNoAdaptProperty},
+    {::onc::openvpn::kExtraHosts, shill::kOpenVPNExtraHostsProperty},
     {::onc::openvpn::kIgnoreDefaultRoute,
      shill::kOpenVPNIgnoreDefaultRouteProperty},
     {::onc::openvpn::kKeyDirection, shill::kOpenVPNKeyDirectionProperty},

chromeos/network/onc/onc_translator_onc_to_shill.cc

@@ -208,7 +208,8 @@ void LocalTranslator::TranslateOpenVPN() {
     std::string key = it.key();
     std::unique_ptr<base::Value> translated;
     if (key == ::onc::openvpn::kRemoteCertKU ||
-        key == ::onc::openvpn::kServerCAPEMs) {
+        key == ::onc::openvpn::kServerCAPEMs ||
+        key == ::onc::openvpn::kExtraHosts) {
       translated.reset(it.value().DeepCopy());
     } else {
       // Shill wants all Provider/VPN fields to be strings.

chromeos/test/data/network/openvpn_clientcert_with_cert_pems.onc

@@ -22,6 +22,10 @@
                 }
             },
             "ClientCertType": "Pattern",
+            "ExtraHosts": [
+                "0.0.0.1",
+                "123.com"
+            ],
             "Password": "some password",
             "Port": 1234,
             "Proto": "udp",

chromeos/test/data/network/openvpn_with_password.onc

@@ -8,6 +8,9 @@
         "Type": "OpenVPN",
         "OpenVPN": {
             "ClientCertType": "None",
+            "ExtraHosts": [
+                "vpn.my.domain.com"
+            ],
             "Password": "some password",
             "Port": 443,
             "Proto": "udp",

chromeos/test/data/network/shill_openvpn.json

@@ -8,6 +8,10 @@
     "pem2"
   ],
   "OpenVPN.CompLZO":"true",
+  "OpenVPN.ExtraHosts":[
+    "www.abc.com",
+    "1.2.3.4"
+  ],
   "OpenVPN.KeyDirection":"1",
   "OpenVPN.Token":"some OTP",
   "OpenVPN.Port":"443",

chromeos/test/data/network/shill_openvpn_clientcert.json

 {
    "GUID": "{84391467-dd8b-4c66-9b52-860583038351}",
    "Name": "TestOpenVPN",
+   "OpenVPN.ExtraHosts": [
+      "0.0.0.1",
+      "123.com"
+   ],
    "OpenVPN.Password": "some password",
    "OpenVPN.Port": "1234",
    "OpenVPN.Proto": "udp",

chromeos/test/data/network/valid_openvpn_with_cert_pems.onc

@@ -10,6 +10,7 @@
             "AuthRetry": "interact",
             "ClientCertType": "None",
             "CompLZO": "true",
+            "ExtraHosts": [ "www.abc.com", "1.2.3.4" ],
             "KeyDirection": "1",
             "OTP": "some OTP",
             "Password": "some password",

components/onc/docs/onc_spec.md

@@ -750,6 +750,11 @@ L2TP over IPsec with pre-shared key:
     * (optional, defaults to *false*) - **boolean**
     * Disables adaptive compression.
 
+* **ExtraHosts**
+    * (optional) - **array of string**
+    * List of hosts to try in order if client is unable to connect to the
+    * primary host.
+
 * **IgnoreDefaultRoute**
     * (optional, defaults to *false*) - **boolean**
     * Omits a default route to the VPN gateway while the connection is active.

components/onc/onc_constants.cc

@@ -361,6 +361,7 @@ const char kAuth[] = "Auth";
 const char kCipher[] = "Cipher";
 const char kCompLZO[] = "CompLZO";
 const char kCompNoAdapt[] = "CompNoAdapt";
+const char kExtraHosts[] = "ExtraHosts";
 const char kIgnoreDefaultRoute[] = "IgnoreDefaultRoute";
 const char kInteract[] = "interact";
 const char kKeyDirection[] = "KeyDirection";

components/onc/onc_constants.h

@@ -374,6 +374,7 @@ ONC_EXPORT extern const char kAuth[];
 ONC_EXPORT extern const char kCipher[];
 ONC_EXPORT extern const char kCompLZO[];
 ONC_EXPORT extern const char kCompNoAdapt[];
+ONC_EXPORT extern const char kExtraHosts[];
 ONC_EXPORT extern const char kIgnoreDefaultRoute[];
 ONC_EXPORT extern const char kInteract[];
 ONC_EXPORT extern const char kKeyDirection[];