Chromium Code Reviews Chromium Code Reviews
Issue 7038038:
CrOS - Add certificate support to VPN UI. (Closed)
Base URL: http://git.chromium.org/git/chromium.git@trunk| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/options/vpn_config_view.h" | 5 #include "chrome/browser/chromeos/options/vpn_config_view.h" |
| 6 | 6 |
| 7 #include "base/string_util.h" | 7 #include "base/string_util.h" |
| 8 #include "base/utf_string_conversions.h" | 8 #include "base/utf_string_conversions.h" |
| 9 #include "chrome/browser/chromeos/cros/cros_library.h" | 9 #include "chrome/browser/chromeos/cros/cros_library.h" |
| 10 #include "chrome/browser/chromeos/login/user_manager.h" | 10 #include "chrome/browser/chromeos/login/user_manager.h" |
| (...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 102 x509_certificate_model::GetCertNameOrNickname(cert->os_cert_handle()); | 102 x509_certificate_model::GetCertNameOrNickname(cert->os_cert_handle()); |
| 103 return UTF8ToUTF16(name); | 103 return UTF8ToUTF16(name); |
| 104 } | 104 } |
| 105 return string16(); | 105 return string16(); |
| 106 } | 106 } |
| 107 | 107 |
| 108 bool HaveCerts() { | 108 bool HaveCerts() { |
| 109 return !user_certs_.empty(); | 109 return !user_certs_.empty(); |
| 110 } | 110 } |
| 111 | 111 |
| 112 // Gets PKCS#11 certificate ID, or empty string on failure. | |
| 112 std::string GetCertID(int index) { | 113 std::string GetCertID(int index) { |
| 113 if (0 <= index && index < static_cast<int>(user_certs_.size())) { | 114 if (0 <= index && index < static_cast<int>(user_certs_.size())) { |
| 114 // TODO(jamescook): Return the proper ID for flimflam, perhaps PKCS#11? | 115 net::X509Certificate* cert = user_certs_[index].get(); |
| 115 return "/tmp/ca.pem"; | 116 net::X509Certificate::OSCertHandle cert_handle = cert->os_cert_handle(); |
| 117 return x509_certificate_model::GetPkcs11Id(cert_handle); | |
|
Charlie Lee
2011/05/20 21:44:46
easier to just inline cert->os_cert_handle()
| |
| 116 } | 118 } |
| 117 return std::string(); | 119 return std::string(); |
| 118 } | 120 } |
| 119 | 121 |
| 120 private: | 122 private: |
| 121 net::CertificateList user_certs_; | 123 net::CertificateList user_certs_; |
| 122 DISALLOW_COPY_AND_ASSIGN(UserCertComboboxModel); | 124 DISALLOW_COPY_AND_ASSIGN(UserCertComboboxModel); |
| 123 }; | 125 }; |
| 124 | 126 |
| 125 VPNConfigView::VPNConfigView(NetworkConfigView* parent, VirtualNetwork* vpn) | 127 VPNConfigView::VPNConfigView(NetworkConfigView* parent, VirtualNetwork* vpn) |
| (...skipping 15 matching lines...) Expand all Loading... | |
| 141 | 143 |
| 142 string16 VPNConfigView::GetTitle() { | 144 string16 VPNConfigView::GetTitle() { |
| 143 return l10n_util::GetStringUTF16(IDS_OPTIONS_SETTINGS_ADD_VPN); | 145 return l10n_util::GetStringUTF16(IDS_OPTIONS_SETTINGS_ADD_VPN); |
| 144 } | 146 } |
| 145 | 147 |
| 146 bool VPNConfigView::CanLogin() { | 148 bool VPNConfigView::CanLogin() { |
| 147 // TODO(stevenjb): min kMinPassphraseLen length? | 149 // TODO(stevenjb): min kMinPassphraseLen length? |
| 148 if (service_path_.empty() && | 150 if (service_path_.empty() && |
| 149 (GetService().empty() || GetServer().empty())) | 151 (GetService().empty() || GetServer().empty())) |
| 150 return false; | 152 return false; |
| 151 if (UserCertRequired() && GetUserCertID().empty()) | 153 if (UserCertRequired() && !HaveUserCerts()) |
| 152 return false; | 154 return false; |
| 153 if (GetUsername().empty()) | 155 if (GetUsername().empty()) |
| 154 return false; | 156 return false; |
| 155 return true; | 157 return true; |
| 156 } | 158 } |
| 157 | 159 |
| 158 void VPNConfigView::UpdateErrorLabel() { | 160 void VPNConfigView::UpdateErrorLabel() { |
| 159 std::string error_msg; | 161 std::string error_msg; |
| 160 if (UserCertRequired() && GetUserCertID().empty()) | 162 if (UserCertRequired() && !HaveUserCerts()) |
| 161 error_msg = l10n_util::GetStringUTF8( | 163 error_msg = l10n_util::GetStringUTF8( |
| 162 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_VPN_PLEASE_INSTALL_USER_CERT); | 164 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_VPN_PLEASE_INSTALL_USER_CERT); |
| 163 if (!service_path_.empty()) { | 165 if (!service_path_.empty()) { |
| 164 // TODO(kuan): differentiate between bad psk and user passphrases. | 166 // TODO(kuan): differentiate between bad psk and user passphrases. |
| 165 NetworkLibrary* cros = CrosLibrary::Get()->GetNetworkLibrary(); | 167 NetworkLibrary* cros = CrosLibrary::Get()->GetNetworkLibrary(); |
| 166 VirtualNetwork* vpn = cros->FindVirtualNetworkByPath(service_path_); | 168 VirtualNetwork* vpn = cros->FindVirtualNetworkByPath(service_path_); |
| 167 if (vpn && vpn->failed()) { | 169 if (vpn && vpn->failed()) { |
| 168 if (vpn->error() == ERROR_BAD_PASSPHRASE) { | 170 if (vpn->error() == ERROR_BAD_PASSPHRASE) { |
| 169 error_msg = l10n_util::GetStringUTF8( | 171 error_msg = l10n_util::GetStringUTF8( |
| 170 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_BAD_PASSPHRASE); | 172 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_BAD_PASSPHRASE); |
| 171 } else { | 173 } else { |
| 172 error_msg = vpn->GetErrorString(); | 174 error_msg = vpn->GetErrorString(); |
| 173 } | 175 } |
| 174 } | 176 } |
| 175 } | 177 } |
| 176 if (!error_msg.empty()) { | 178 if (!error_msg.empty()) { |
| 177 error_label_->SetText(UTF8ToWide(error_msg)); | 179 error_label_->SetText(UTF8ToWide(error_msg)); |
| 178 error_label_->SetVisible(true); | 180 error_label_->SetVisible(true); |
| 179 } else { | 181 } else { |
| 180 error_label_->SetVisible(false); | 182 error_label_->SetVisible(false); |
| 181 } | 183 } |
| 182 } | 184 } |
| 183 | 185 |
| 184 bool VPNConfigView::UserCertRequired() const { | 186 bool VPNConfigView::UserCertRequired() const { |
| 185 return provider_type_ == VirtualNetwork::PROVIDER_TYPE_L2TP_IPSEC_USER_CERT | 187 return provider_type_ == VirtualNetwork::PROVIDER_TYPE_L2TP_IPSEC_USER_CERT |
| 186 || provider_type_ == VirtualNetwork::PROVIDER_TYPE_OPEN_VPN; | 188 || provider_type_ == VirtualNetwork::PROVIDER_TYPE_OPEN_VPN; |
| 187 } | 189 } |
| 188 | 190 |
| 191 bool VPNConfigView::HaveUserCerts() const { | |
| 192 UserCertComboboxModel* model = static_cast<UserCertComboboxModel*>( | |
| 193 user_cert_combobox_->model()); | |
| 194 return model->HaveCerts(); | |
| 195 } | |
| 196 | |
| 189 void VPNConfigView::ContentsChanged(views::Textfield* sender, | 197 void VPNConfigView::ContentsChanged(views::Textfield* sender, |
| 190 const string16& new_contents) { | 198 const string16& new_contents) { |
| 191 if (sender == server_textfield_ && !service_text_modified_) { | 199 if (sender == server_textfield_ && !service_text_modified_) { |
| 192 // Set the service name to the server name up to '.', unless it has | 200 // Set the service name to the server name up to '.', unless it has |
| 193 // been explicitly set by the user. | 201 // been explicitly set by the user. |
| 194 string16 server = server_textfield_->text(); | 202 string16 server = server_textfield_->text(); |
| 195 string16::size_type n = server.find_first_of(L'.'); | 203 string16::size_type n = server.find_first_of(L'.'); |
| 196 service_name_from_server_ = server.substr(0, n); | 204 service_name_from_server_ = server.substr(0, n); |
| 197 service_textfield_->SetText(service_name_from_server_); | 205 service_textfield_->SetText(service_name_from_server_); |
| 198 } | 206 } |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 239 NetworkLibrary* cros = CrosLibrary::Get()->GetNetworkLibrary(); | 247 NetworkLibrary* cros = CrosLibrary::Get()->GetNetworkLibrary(); |
| 240 if (service_path_.empty()) { | 248 if (service_path_.empty()) { |
| 241 switch (provider_type_) { | 249 switch (provider_type_) { |
| 242 case VirtualNetwork::PROVIDER_TYPE_L2TP_IPSEC_PSK: | 250 case VirtualNetwork::PROVIDER_TYPE_L2TP_IPSEC_PSK: |
| 243 cros->ConnectToVirtualNetworkPSK(GetService(), | 251 cros->ConnectToVirtualNetworkPSK(GetService(), |
| 244 GetServer(), | 252 GetServer(), |
| 245 GetPSKPassphrase(), | 253 GetPSKPassphrase(), |
| 246 GetUsername(), | 254 GetUsername(), |
| 247 GetUserPassphrase()); | 255 GetUserPassphrase()); |
| 248 break; | 256 break; |
| 249 case VirtualNetwork::PROVIDER_TYPE_L2TP_IPSEC_USER_CERT: | 257 case VirtualNetwork::PROVIDER_TYPE_L2TP_IPSEC_USER_CERT: { |
| 258 cros->ConnectToVirtualNetworkCert(GetService(), | |
| 259 GetServer(), | |
| 260 GetUserCertID(), | |
| 261 GetUsername(), | |
| 262 GetUserPassphrase()); | |
| 263 break; | |
| 264 } | |
| 250 case VirtualNetwork::PROVIDER_TYPE_OPEN_VPN: | 265 case VirtualNetwork::PROVIDER_TYPE_OPEN_VPN: |
| 251 // TODO(stevenjb): Add support for OpenVPN and user certs. | 266 // TODO(stevenjb): Add support for OpenVPN. |
| 252 LOG(WARNING) << "Unsupported provider type: " << provider_type_; | 267 LOG(WARNING) << "Unsupported provider type: " << provider_type_; |
| 253 break; | 268 break; |
| 254 case VirtualNetwork::PROVIDER_TYPE_MAX: | 269 case VirtualNetwork::PROVIDER_TYPE_MAX: |
| 255 break; | 270 break; |
| 256 } | 271 } |
| 257 } else { | 272 } else { |
| 258 VirtualNetwork* vpn = cros->FindVirtualNetworkByPath(service_path_); | 273 VirtualNetwork* vpn = cros->FindVirtualNetworkByPath(service_path_); |
| 259 if (!vpn) { | 274 if (!vpn) { |
| 260 // TODO(stevenjb): Add notification for this. | 275 // TODO(stevenjb): Add notification for this. |
| 261 LOG(WARNING) << "VPN no longer exists: " << service_path_; | 276 LOG(WARNING) << "VPN no longer exists: " << service_path_; |
| 262 return true; // Close dialog. | 277 return true; // Close dialog. |
| 263 } | 278 } |
| 264 switch (provider_type_) { | 279 switch (provider_type_) { |
| 265 case VirtualNetwork::PROVIDER_TYPE_L2TP_IPSEC_PSK: | 280 case VirtualNetwork::PROVIDER_TYPE_L2TP_IPSEC_PSK: |
| 266 vpn->SetPSKPassphrase(GetPSKPassphrase()); | 281 vpn->SetPSKPassphrase(GetPSKPassphrase()); |
| 267 break; | 282 break; |
| 268 case VirtualNetwork::PROVIDER_TYPE_L2TP_IPSEC_USER_CERT: | 283 case VirtualNetwork::PROVIDER_TYPE_L2TP_IPSEC_USER_CERT: { |
| 284 vpn->SetClientCertID(GetUserCertID()); | |
| 285 break; | |
| 286 } | |
| 269 case VirtualNetwork::PROVIDER_TYPE_OPEN_VPN: { | 287 case VirtualNetwork::PROVIDER_TYPE_OPEN_VPN: { |
| 270 // TODO(jamescook): Figure out if flimflam consumes a cert path, | 288 LOG(WARNING) << "OpenVPN not yet supported."; |
| 271 // PKCS#11 ID or other identifier. Then do something like: | |
| 272 // vpn->SetUserCertID(GetUserCertID()); | |
| 273 LOG(WARNING) << "VPN user certs not yet supported."; | |
| 274 break; | 289 break; |
| 275 } | 290 } |
| 276 case VirtualNetwork::PROVIDER_TYPE_MAX: | 291 case VirtualNetwork::PROVIDER_TYPE_MAX: |
| 277 break; | 292 break; |
| 278 } | 293 } |
| 279 vpn->SetUsername(GetUsername()); | 294 vpn->SetUsername(GetUsername()); |
| 280 vpn->SetUserPassphrase(GetUserPassphrase()); | 295 vpn->SetUserPassphrase(GetUserPassphrase()); |
| 281 | 296 |
| 282 cros->ConnectToVirtualNetwork(vpn); | 297 cros->ConnectToVirtualNetwork(vpn); |
| 283 } | 298 } |
| (...skipping 153 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 437 if (vpn && !vpn->psk_passphrase().empty()) | 452 if (vpn && !vpn->psk_passphrase().empty()) |
| 438 psk_passphrase_textfield_->SetText(UTF8ToUTF16(vpn->psk_passphrase())); | 453 psk_passphrase_textfield_->SetText(UTF8ToUTF16(vpn->psk_passphrase())); |
| 439 layout->AddView(psk_passphrase_textfield_); | 454 layout->AddView(psk_passphrase_textfield_); |
| 440 layout->AddPaddingRow(0, views::kRelatedControlVerticalSpacing); | 455 layout->AddPaddingRow(0, views::kRelatedControlVerticalSpacing); |
| 441 | 456 |
| 442 // User certificate label and input. | 457 // User certificate label and input. |
| 443 layout->StartRow(0, column_view_set_id); | 458 layout->StartRow(0, column_view_set_id); |
| 444 user_cert_label_ = new views::Label(UTF16ToWide(l10n_util::GetStringUTF16( | 459 user_cert_label_ = new views::Label(UTF16ToWide(l10n_util::GetStringUTF16( |
| 445 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_VPN_USER_CERT))); | 460 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_VPN_USER_CERT))); |
| 446 layout->AddView(user_cert_label_); | 461 layout->AddView(user_cert_label_); |
| 447 user_cert_combobox_ = new views::Combobox(new UserCertComboboxModel()); | 462 UserCertComboboxModel* user_cert_model = new UserCertComboboxModel(); |
| 463 user_cert_combobox_ = new views::Combobox(user_cert_model); | |
| 448 user_cert_combobox_->set_listener(this); | 464 user_cert_combobox_->set_listener(this); |
| 449 if (vpn && !vpn->user_cert().empty()) { | 465 if (vpn && !vpn->client_cert_id().empty()) { |
| 450 string16 user_cert = UTF8ToUTF16(vpn->user_cert()); | 466 // Select the current user certificate in the combobox. |
| 451 for (int i = 0; i < user_cert_combobox_->model()->GetItemCount(); ++i) { | 467 for (int i = 0; i < user_cert_model->GetItemCount(); ++i) { |
| 452 // TODO(jamescook): Select the proper certificate based on the | 468 std::string cert_id = user_cert_model->GetCertID(i); |
| 453 // appropriate property from flimflam, perhaps PKCS#11 ID. | 469 if (cert_id == vpn->client_cert_id()) { |
| 454 if (user_cert_combobox_->model()->GetItemAt(i) == user_cert) { | |
| 455 user_cert_combobox_->SetSelectedItem(i); | 470 user_cert_combobox_->SetSelectedItem(i); |
| 456 break; | 471 break; |
| 457 } | 472 } |
| 458 } | 473 } |
| 459 } | 474 } |
| 460 layout->AddView(user_cert_combobox_); | 475 layout->AddView(user_cert_combobox_); |
| 461 layout->AddPaddingRow(0, views::kRelatedControlVerticalSpacing); | 476 layout->AddPaddingRow(0, views::kRelatedControlVerticalSpacing); |
| 462 | 477 |
| 463 // Username label and input. | 478 // Username label and input. |
| 464 layout->StartRow(0, column_view_set_id); | 479 layout->StartRow(0, column_view_set_id); |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 506 psk_passphrase_textfield_->SetEnabled(true); | 521 psk_passphrase_textfield_->SetEnabled(true); |
| 507 user_cert_label_->SetEnabled(false); | 522 user_cert_label_->SetEnabled(false); |
| 508 user_cert_combobox_->SetEnabled(false); | 523 user_cert_combobox_->SetEnabled(false); |
| 509 break; | 524 break; |
| 510 case VirtualNetwork::PROVIDER_TYPE_L2TP_IPSEC_USER_CERT: | 525 case VirtualNetwork::PROVIDER_TYPE_L2TP_IPSEC_USER_CERT: |
| 511 case VirtualNetwork::PROVIDER_TYPE_OPEN_VPN: { | 526 case VirtualNetwork::PROVIDER_TYPE_OPEN_VPN: { |
| 512 psk_passphrase_label_->SetEnabled(false); | 527 psk_passphrase_label_->SetEnabled(false); |
| 513 psk_passphrase_textfield_->SetEnabled(false); | 528 psk_passphrase_textfield_->SetEnabled(false); |
| 514 user_cert_label_->SetEnabled(true); | 529 user_cert_label_->SetEnabled(true); |
| 515 // Only enable the combobox if the user actually has a cert to select. | 530 // Only enable the combobox if the user actually has a cert to select. |
| 516 bool have_cert = !GetUserCertID().empty(); | 531 user_cert_combobox_->SetEnabled(HaveUserCerts()); |
| 517 user_cert_combobox_->SetEnabled(have_cert); | |
| 518 break; | 532 break; |
| 519 } | 533 } |
| 520 default: | 534 default: |
| 521 NOTREACHED(); | 535 NOTREACHED(); |
| 536 break; | |
| 522 } | 537 } |
| 523 } | 538 } |
| 524 | 539 |
| 525 } // namespace chromeos | 540 } // namespace chromeos |
| OLD | NEW |
