Chromium Code Reviews Chromium Code Reviews
Issue 22588002:
Refactor the client certificate code in chromeos/network/. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/network_connection_handler.h" | 5 #include "chromeos/network/network_connection_handler.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
| 9 #include "base/json/json_reader.h" | 9 #include "base/json/json_reader.h" |
| 10 #include "chromeos/chromeos_switches.h" | 10 #include "chromeos/chromeos_switches.h" |
| 11 #include "chromeos/dbus/dbus_thread_manager.h" | 11 #include "chromeos/dbus/dbus_thread_manager.h" |
| 12 #include "chromeos/dbus/shill_manager_client.h" | 12 #include "chromeos/dbus/shill_manager_client.h" |
| 13 #include "chromeos/dbus/shill_service_client.h" | 13 #include "chromeos/dbus/shill_service_client.h" |
| 14 #include "chromeos/network/certificate_pattern_matcher.h" | 14 #include "chromeos/network/client_cert_util.h" |
| 15 #include "chromeos/network/managed_network_configuration_handler.h" | 15 #include "chromeos/network/managed_network_configuration_handler.h" |
| 16 #include "chromeos/network/network_configuration_handler.h" | 16 #include "chromeos/network/network_configuration_handler.h" |
| 17 #include "chromeos/network/network_event_log.h" | 17 #include "chromeos/network/network_event_log.h" |
| 18 #include "chromeos/network/network_handler_callbacks.h" | 18 #include "chromeos/network/network_handler_callbacks.h" |
| 19 #include "chromeos/network/network_state.h" | 19 #include "chromeos/network/network_state.h" |
| 20 #include "chromeos/network/network_state_handler.h" | 20 #include "chromeos/network/network_state_handler.h" |
| 21 #include "chromeos/network/network_ui_data.h" | 21 #include "chromeos/network/network_ui_data.h" |
| 22 #include "dbus/object_path.h" | 22 #include "dbus/object_path.h" |
| 23 #include "net/cert/x509_certificate.h" | 23 #include "net/cert/x509_certificate.h" |
| 24 #include "third_party/cros_system_api/dbus/service_constants.h" | 24 #include "third_party/cros_system_api/dbus/service_constants.h" |
| (...skipping 388 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 413 if (!CertificateIsConfigured(ui_data.get(), &pkcs11_id)) { | 413 if (!CertificateIsConfigured(ui_data.get(), &pkcs11_id)) { |
| 414 ErrorCallbackForPendingRequest(service_path, kErrorCertificateRequired); | 414 ErrorCallbackForPendingRequest(service_path, kErrorCertificateRequired); |
| 415 return; | 415 return; |
| 416 } | 416 } |
| 417 | 417 |
| 418 // The network may not be 'Connectable' because the certificate data is | 418 // The network may not be 'Connectable' because the certificate data is |
| 419 // not set up, so configure tpm slot/pin and pkcs11_id before connecting. | 419 // not set up, so configure tpm slot/pin and pkcs11_id before connecting. |
| 420 // TODO(stevenjb): Remove this code once NetworkConfigurationHandler | 420 // TODO(stevenjb): Remove this code once NetworkConfigurationHandler |
| 421 // handles this. | 421 // handles this. |
| 422 NET_LOG_EVENT("Configuring Network", service_path); | 422 NET_LOG_EVENT("Configuring Network", service_path); |
| 423 const std::string& tpm_slot = cert_loader_->tpm_token_slot(); | |
| 424 const std::string& tpm_pin = cert_loader_->tpm_user_pin(); | |
| 425 base::DictionaryValue config_properties; | 423 base::DictionaryValue config_properties; |
| 426 // Set configuration properties required by Shill to identify the network. | 424 // Set configuration properties required by Shill to identify the network. |
| 427 config_properties.SetStringWithoutPathExpansion( | 425 config_properties.SetStringWithoutPathExpansion( |
| 428 flimflam::kTypeProperty, type); | 426 flimflam::kTypeProperty, type); |
| 429 CopyStringFromDictionary(service_properties, flimflam::kNameProperty, | 427 CopyStringFromDictionary(service_properties, flimflam::kNameProperty, |
| 430 &config_properties); | 428 &config_properties); |
| 431 CopyStringFromDictionary(service_properties, flimflam::kSecurityProperty, | 429 CopyStringFromDictionary(service_properties, flimflam::kSecurityProperty, |
| 432 &config_properties); | 430 &config_properties); |
| 433 CopyStringFromDictionary(service_properties, flimflam::kGuidProperty, | 431 CopyStringFromDictionary(service_properties, flimflam::kGuidProperty, |
| 434 &config_properties); | 432 &config_properties); |
| 435 | 433 |
| 434 client_cert::ConfigType client_cert_type = | |
| 435 client_cert::CONFIG_TYPE_OPENVPN; // Initialize to arbitrary | |
| 436 // value. | |
|
stevenjb
2013/08/07 19:24:47
nit: Only 2 spaces before cpmment, and maybe use "
pneubeck (no reviews)
2013/08/08 11:28:29
Done.
| |
| 436 if (type == flimflam::kTypeVPN) { | 437 if (type == flimflam::kTypeVPN) { |
| 437 // VPN Provider values are read from the "Provider" dictionary, not the | 438 // VPN Provider values are read from the "Provider" dictionary, not the |
| 438 // "Provider.Type", etc keys (which are used only to set the values). | 439 // "Provider.Type", etc keys (which are used only to set the values). |
| 439 std::string provider_type; | 440 std::string provider_type; |
| 440 const base::DictionaryValue* provider_properties; | 441 const base::DictionaryValue* provider_properties = NULL; |
| 441 if (service_properties.GetDictionaryWithoutPathExpansion( | 442 service_properties.GetDictionaryWithoutPathExpansion( |
| 442 flimflam::kProviderProperty, &provider_properties)) { | 443 flimflam::kProviderProperty, &provider_properties); |
| 444 if (provider_properties) { | |
| 443 provider_properties->GetStringWithoutPathExpansion( | 445 provider_properties->GetStringWithoutPathExpansion( |
| 444 flimflam::kTypeProperty, &provider_type); | 446 flimflam::kTypeProperty, &provider_type); |
| 445 } | 447 } |
| 446 if (provider_type.empty()) { | 448 if (provider_type.empty()) { |
| 447 ErrorCallbackForPendingRequest(service_path, kErrorMissingProviderType); | 449 ErrorCallbackForPendingRequest(service_path, kErrorMissingProviderType); |
| 448 return; | 450 return; |
| 449 } | 451 } |
| 450 if (provider_type == flimflam::kProviderOpenVpn) { | 452 if (provider_type == flimflam::kProviderOpenVpn) |
| 451 config_properties.SetStringWithoutPathExpansion( | 453 client_cert_type = client_cert::CONFIG_TYPE_OPENVPN; |
| 452 flimflam::kOpenVPNClientCertSlotProperty, tpm_slot); | 454 else |
| 453 config_properties.SetStringWithoutPathExpansion( | 455 client_cert_type = client_cert::CONFIG_TYPE_IPSEC; |
| 454 flimflam::kOpenVPNPinProperty, tpm_pin); | |
| 455 config_properties.SetStringWithoutPathExpansion( | |
| 456 flimflam::kOpenVPNClientCertIdProperty, pkcs11_id); | |
| 457 } else { | |
| 458 config_properties.SetStringWithoutPathExpansion( | |
| 459 flimflam::kL2tpIpsecClientCertSlotProperty, tpm_slot); | |
| 460 config_properties.SetStringWithoutPathExpansion( | |
| 461 flimflam::kL2tpIpsecPinProperty, tpm_pin); | |
| 462 config_properties.SetStringWithoutPathExpansion( | |
| 463 flimflam::kL2tpIpsecClientCertIdProperty, pkcs11_id); | |
| 464 } | |
| 465 } else if (type == flimflam::kTypeWifi) { | 456 } else if (type == flimflam::kTypeWifi) { |
| 466 config_properties.SetStringWithoutPathExpansion( | 457 client_cert_type = client_cert::CONFIG_TYPE_EAP; |
| 467 flimflam::kEapPinProperty, cert_loader_->tpm_user_pin()); | |
| 468 config_properties.SetStringWithoutPathExpansion( | |
| 469 flimflam::kEapCertIdProperty, pkcs11_id); | |
| 470 config_properties.SetStringWithoutPathExpansion( | |
| 471 flimflam::kEapKeyIdProperty, pkcs11_id); | |
| 472 } | 458 } |
| 459 client_cert::SetShillProperties(client_cert_type, | |
| 460 cert_loader_->tpm_token_slot(), | |
| 461 cert_loader_->tpm_user_pin(), | |
| 462 pkcs11_id, | |
| 463 &config_properties); | |
| 473 network_configuration_handler_->SetProperties( | 464 network_configuration_handler_->SetProperties( |
| 474 service_path, | 465 service_path, |
| 475 config_properties, | 466 config_properties, |
| 476 base::Bind(&NetworkConnectionHandler::CallShillConnect, | 467 base::Bind(&NetworkConnectionHandler::CallShillConnect, |
| 477 AsWeakPtr(), service_path), | 468 AsWeakPtr(), service_path), |
| 478 base::Bind(&NetworkConnectionHandler::HandleConfigurationFailure, | 469 base::Bind(&NetworkConnectionHandler::HandleConfigurationFailure, |
| 479 AsWeakPtr(), service_path)); | 470 AsWeakPtr(), service_path)); |
| 480 return; | 471 return; |
| 481 } | 472 } |
| 482 | 473 |
| (...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 590 } | 581 } |
| 591 } | 582 } |
| 592 | 583 |
| 593 bool NetworkConnectionHandler::CertificateIsConfigured(NetworkUIData* ui_data, | 584 bool NetworkConnectionHandler::CertificateIsConfigured(NetworkUIData* ui_data, |
| 594 std::string* pkcs11_id) { | 585 std::string* pkcs11_id) { |
| 595 if (ui_data->certificate_pattern().Empty()) | 586 if (ui_data->certificate_pattern().Empty()) |
| 596 return false; | 587 return false; |
| 597 | 588 |
| 598 // Find the matching certificate. | 589 // Find the matching certificate. |
| 599 scoped_refptr<net::X509Certificate> matching_cert = | 590 scoped_refptr<net::X509Certificate> matching_cert = |
| 600 certificate_pattern::GetCertificateMatch(ui_data->certificate_pattern()); | 591 client_cert::GetCertificateMatch(ui_data->certificate_pattern()); |
| 601 if (!matching_cert.get()) | 592 if (!matching_cert.get()) |
| 602 return false; | 593 return false; |
| 603 *pkcs11_id = cert_loader_->GetPkcs11IdForCert(*matching_cert.get()); | 594 if (cert_loader_->IsHardwareBacked()) |
| 595 *pkcs11_id = CertLoader::GetPkcs11IdForCert(*matching_cert.get()); | |
| 604 return true; | 596 return true; |
| 605 } | 597 } |
| 606 | 598 |
| 607 void NetworkConnectionHandler::ErrorCallbackForPendingRequest( | 599 void NetworkConnectionHandler::ErrorCallbackForPendingRequest( |
| 608 const std::string& service_path, | 600 const std::string& service_path, |
| 609 const std::string& error_name) { | 601 const std::string& error_name) { |
| 610 ConnectRequest* request = pending_request(service_path); | 602 ConnectRequest* request = pending_request(service_path); |
| 611 DCHECK(request); | 603 DCHECK(request); |
| 612 // Remove the entry before invoking the callback in case it triggers a retry. | 604 // Remove the entry before invoking the callback in case it triggers a retry. |
| 613 network_handler::ErrorCallback error_callback = request->error_callback; | 605 network_handler::ErrorCallback error_callback = request->error_callback; |
| (...skipping 18 matching lines...) Expand all Loading... | |
| 632 | 624 |
| 633 void NetworkConnectionHandler::HandleShillDisconnectSuccess( | 625 void NetworkConnectionHandler::HandleShillDisconnectSuccess( |
| 634 const std::string& service_path, | 626 const std::string& service_path, |
| 635 const base::Closure& success_callback) { | 627 const base::Closure& success_callback) { |
| 636 NET_LOG_EVENT("Disconnect Request Sent", service_path); | 628 NET_LOG_EVENT("Disconnect Request Sent", service_path); |
| 637 if (!success_callback.is_null()) | 629 if (!success_callback.is_null()) |
| 638 success_callback.Run(); | 630 success_callback.Run(); |
| 639 } | 631 } |
| 640 | 632 |
| 641 } // namespace chromeos | 633 } // namespace chromeos |
| OLD | NEW |
