OLD | NEW |
---|---|
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chromeos/network/network_connection_handler.h" | 5 #include "chromeos/network/network_connection_handler.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
9 #include "base/json/json_reader.h" | 9 #include "base/json/json_reader.h" |
10 #include "chromeos/chromeos_switches.h" | 10 #include "chromeos/chromeos_switches.h" |
11 #include "chromeos/dbus/dbus_thread_manager.h" | 11 #include "chromeos/dbus/dbus_thread_manager.h" |
12 #include "chromeos/dbus/shill_manager_client.h" | 12 #include "chromeos/dbus/shill_manager_client.h" |
13 #include "chromeos/dbus/shill_service_client.h" | 13 #include "chromeos/dbus/shill_service_client.h" |
14 #include "chromeos/network/certificate_pattern_matcher.h" | 14 #include "chromeos/network/client_cert_util.h" |
15 #include "chromeos/network/managed_network_configuration_handler.h" | 15 #include "chromeos/network/managed_network_configuration_handler.h" |
16 #include "chromeos/network/network_configuration_handler.h" | 16 #include "chromeos/network/network_configuration_handler.h" |
17 #include "chromeos/network/network_event_log.h" | 17 #include "chromeos/network/network_event_log.h" |
18 #include "chromeos/network/network_handler_callbacks.h" | 18 #include "chromeos/network/network_handler_callbacks.h" |
19 #include "chromeos/network/network_state.h" | 19 #include "chromeos/network/network_state.h" |
20 #include "chromeos/network/network_state_handler.h" | 20 #include "chromeos/network/network_state_handler.h" |
21 #include "chromeos/network/network_ui_data.h" | 21 #include "chromeos/network/network_ui_data.h" |
22 #include "dbus/object_path.h" | 22 #include "dbus/object_path.h" |
23 #include "net/cert/x509_certificate.h" | 23 #include "net/cert/x509_certificate.h" |
24 #include "third_party/cros_system_api/dbus/service_constants.h" | 24 #include "third_party/cros_system_api/dbus/service_constants.h" |
(...skipping 388 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
413 if (!CertificateIsConfigured(ui_data.get(), &pkcs11_id)) { | 413 if (!CertificateIsConfigured(ui_data.get(), &pkcs11_id)) { |
414 ErrorCallbackForPendingRequest(service_path, kErrorCertificateRequired); | 414 ErrorCallbackForPendingRequest(service_path, kErrorCertificateRequired); |
415 return; | 415 return; |
416 } | 416 } |
417 | 417 |
418 // The network may not be 'Connectable' because the certificate data is | 418 // The network may not be 'Connectable' because the certificate data is |
419 // not set up, so configure tpm slot/pin and pkcs11_id before connecting. | 419 // not set up, so configure tpm slot/pin and pkcs11_id before connecting. |
420 // TODO(stevenjb): Remove this code once NetworkConfigurationHandler | 420 // TODO(stevenjb): Remove this code once NetworkConfigurationHandler |
421 // handles this. | 421 // handles this. |
422 NET_LOG_EVENT("Configuring Network", service_path); | 422 NET_LOG_EVENT("Configuring Network", service_path); |
423 const std::string& tpm_slot = cert_loader_->tpm_token_slot(); | |
424 const std::string& tpm_pin = cert_loader_->tpm_user_pin(); | |
425 base::DictionaryValue config_properties; | 423 base::DictionaryValue config_properties; |
426 // Set configuration properties required by Shill to identify the network. | 424 // Set configuration properties required by Shill to identify the network. |
427 config_properties.SetStringWithoutPathExpansion( | 425 config_properties.SetStringWithoutPathExpansion( |
428 flimflam::kTypeProperty, type); | 426 flimflam::kTypeProperty, type); |
429 CopyStringFromDictionary(service_properties, flimflam::kNameProperty, | 427 CopyStringFromDictionary(service_properties, flimflam::kNameProperty, |
430 &config_properties); | 428 &config_properties); |
431 CopyStringFromDictionary(service_properties, flimflam::kSecurityProperty, | 429 CopyStringFromDictionary(service_properties, flimflam::kSecurityProperty, |
432 &config_properties); | 430 &config_properties); |
433 CopyStringFromDictionary(service_properties, flimflam::kGuidProperty, | 431 CopyStringFromDictionary(service_properties, flimflam::kGuidProperty, |
434 &config_properties); | 432 &config_properties); |
435 | 433 |
434 client_cert::ConfigType client_cert_type = | |
435 client_cert::CONFIG_TYPE_OPENVPN; // Initialize to arbitrary | |
436 // value. | |
stevenjb
2013/08/07 19:24:47
nit: Only 2 spaces before cpmment, and maybe use "
pneubeck (no reviews)
2013/08/08 11:28:29
Done.
| |
436 if (type == flimflam::kTypeVPN) { | 437 if (type == flimflam::kTypeVPN) { |
437 // VPN Provider values are read from the "Provider" dictionary, not the | 438 // VPN Provider values are read from the "Provider" dictionary, not the |
438 // "Provider.Type", etc keys (which are used only to set the values). | 439 // "Provider.Type", etc keys (which are used only to set the values). |
439 std::string provider_type; | 440 std::string provider_type; |
440 const base::DictionaryValue* provider_properties; | 441 const base::DictionaryValue* provider_properties = NULL; |
441 if (service_properties.GetDictionaryWithoutPathExpansion( | 442 service_properties.GetDictionaryWithoutPathExpansion( |
442 flimflam::kProviderProperty, &provider_properties)) { | 443 flimflam::kProviderProperty, &provider_properties); |
444 if (provider_properties) { | |
443 provider_properties->GetStringWithoutPathExpansion( | 445 provider_properties->GetStringWithoutPathExpansion( |
444 flimflam::kTypeProperty, &provider_type); | 446 flimflam::kTypeProperty, &provider_type); |
445 } | 447 } |
446 if (provider_type.empty()) { | 448 if (provider_type.empty()) { |
447 ErrorCallbackForPendingRequest(service_path, kErrorMissingProviderType); | 449 ErrorCallbackForPendingRequest(service_path, kErrorMissingProviderType); |
448 return; | 450 return; |
449 } | 451 } |
450 if (provider_type == flimflam::kProviderOpenVpn) { | 452 if (provider_type == flimflam::kProviderOpenVpn) |
451 config_properties.SetStringWithoutPathExpansion( | 453 client_cert_type = client_cert::CONFIG_TYPE_OPENVPN; |
452 flimflam::kOpenVPNClientCertSlotProperty, tpm_slot); | 454 else |
453 config_properties.SetStringWithoutPathExpansion( | 455 client_cert_type = client_cert::CONFIG_TYPE_IPSEC; |
454 flimflam::kOpenVPNPinProperty, tpm_pin); | |
455 config_properties.SetStringWithoutPathExpansion( | |
456 flimflam::kOpenVPNClientCertIdProperty, pkcs11_id); | |
457 } else { | |
458 config_properties.SetStringWithoutPathExpansion( | |
459 flimflam::kL2tpIpsecClientCertSlotProperty, tpm_slot); | |
460 config_properties.SetStringWithoutPathExpansion( | |
461 flimflam::kL2tpIpsecPinProperty, tpm_pin); | |
462 config_properties.SetStringWithoutPathExpansion( | |
463 flimflam::kL2tpIpsecClientCertIdProperty, pkcs11_id); | |
464 } | |
465 } else if (type == flimflam::kTypeWifi) { | 456 } else if (type == flimflam::kTypeWifi) { |
466 config_properties.SetStringWithoutPathExpansion( | 457 client_cert_type = client_cert::CONFIG_TYPE_EAP; |
467 flimflam::kEapPinProperty, cert_loader_->tpm_user_pin()); | |
468 config_properties.SetStringWithoutPathExpansion( | |
469 flimflam::kEapCertIdProperty, pkcs11_id); | |
470 config_properties.SetStringWithoutPathExpansion( | |
471 flimflam::kEapKeyIdProperty, pkcs11_id); | |
472 } | 458 } |
459 client_cert::SetShillProperties(client_cert_type, | |
460 cert_loader_->tpm_token_slot(), | |
461 cert_loader_->tpm_user_pin(), | |
462 pkcs11_id, | |
463 &config_properties); | |
473 network_configuration_handler_->SetProperties( | 464 network_configuration_handler_->SetProperties( |
474 service_path, | 465 service_path, |
475 config_properties, | 466 config_properties, |
476 base::Bind(&NetworkConnectionHandler::CallShillConnect, | 467 base::Bind(&NetworkConnectionHandler::CallShillConnect, |
477 AsWeakPtr(), service_path), | 468 AsWeakPtr(), service_path), |
478 base::Bind(&NetworkConnectionHandler::HandleConfigurationFailure, | 469 base::Bind(&NetworkConnectionHandler::HandleConfigurationFailure, |
479 AsWeakPtr(), service_path)); | 470 AsWeakPtr(), service_path)); |
480 return; | 471 return; |
481 } | 472 } |
482 | 473 |
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
590 } | 581 } |
591 } | 582 } |
592 | 583 |
593 bool NetworkConnectionHandler::CertificateIsConfigured(NetworkUIData* ui_data, | 584 bool NetworkConnectionHandler::CertificateIsConfigured(NetworkUIData* ui_data, |
594 std::string* pkcs11_id) { | 585 std::string* pkcs11_id) { |
595 if (ui_data->certificate_pattern().Empty()) | 586 if (ui_data->certificate_pattern().Empty()) |
596 return false; | 587 return false; |
597 | 588 |
598 // Find the matching certificate. | 589 // Find the matching certificate. |
599 scoped_refptr<net::X509Certificate> matching_cert = | 590 scoped_refptr<net::X509Certificate> matching_cert = |
600 certificate_pattern::GetCertificateMatch(ui_data->certificate_pattern()); | 591 client_cert::GetCertificateMatch(ui_data->certificate_pattern()); |
601 if (!matching_cert.get()) | 592 if (!matching_cert.get()) |
602 return false; | 593 return false; |
603 *pkcs11_id = cert_loader_->GetPkcs11IdForCert(*matching_cert.get()); | 594 if (cert_loader_->IsHardwareBacked()) |
595 *pkcs11_id = CertLoader::GetPkcs11IdForCert(*matching_cert.get()); | |
604 return true; | 596 return true; |
605 } | 597 } |
606 | 598 |
607 void NetworkConnectionHandler::ErrorCallbackForPendingRequest( | 599 void NetworkConnectionHandler::ErrorCallbackForPendingRequest( |
608 const std::string& service_path, | 600 const std::string& service_path, |
609 const std::string& error_name) { | 601 const std::string& error_name) { |
610 ConnectRequest* request = pending_request(service_path); | 602 ConnectRequest* request = pending_request(service_path); |
611 DCHECK(request); | 603 DCHECK(request); |
612 // Remove the entry before invoking the callback in case it triggers a retry. | 604 // Remove the entry before invoking the callback in case it triggers a retry. |
613 network_handler::ErrorCallback error_callback = request->error_callback; | 605 network_handler::ErrorCallback error_callback = request->error_callback; |
(...skipping 18 matching lines...) Expand all Loading... | |
632 | 624 |
633 void NetworkConnectionHandler::HandleShillDisconnectSuccess( | 625 void NetworkConnectionHandler::HandleShillDisconnectSuccess( |
634 const std::string& service_path, | 626 const std::string& service_path, |
635 const base::Closure& success_callback) { | 627 const base::Closure& success_callback) { |
636 NET_LOG_EVENT("Disconnect Request Sent", service_path); | 628 NET_LOG_EVENT("Disconnect Request Sent", service_path); |
637 if (!success_callback.is_null()) | 629 if (!success_callback.is_null()) |
638 success_callback.Run(); | 630 success_callback.Run(); |
639 } | 631 } |
640 | 632 |
641 } // namespace chromeos | 633 } // namespace chromeos |
OLD | NEW |