Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(567)

Side by Side Diff: chromeos/network/network_connection_handler.cc

Issue 22588002: Refactor the client certificate code in chromeos/network/. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chromeos/network/network_connection_handler.h" 5 #include "chromeos/network/network_connection_handler.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/command_line.h" 8 #include "base/command_line.h"
9 #include "base/json/json_reader.h" 9 #include "base/json/json_reader.h"
10 #include "chromeos/chromeos_switches.h" 10 #include "chromeos/chromeos_switches.h"
11 #include "chromeos/dbus/dbus_thread_manager.h" 11 #include "chromeos/dbus/dbus_thread_manager.h"
12 #include "chromeos/dbus/shill_manager_client.h" 12 #include "chromeos/dbus/shill_manager_client.h"
13 #include "chromeos/dbus/shill_service_client.h" 13 #include "chromeos/dbus/shill_service_client.h"
14 #include "chromeos/network/certificate_pattern_matcher.h" 14 #include "chromeos/network/client_cert_util.h"
15 #include "chromeos/network/managed_network_configuration_handler.h" 15 #include "chromeos/network/managed_network_configuration_handler.h"
16 #include "chromeos/network/network_configuration_handler.h" 16 #include "chromeos/network/network_configuration_handler.h"
17 #include "chromeos/network/network_event_log.h" 17 #include "chromeos/network/network_event_log.h"
18 #include "chromeos/network/network_handler_callbacks.h" 18 #include "chromeos/network/network_handler_callbacks.h"
19 #include "chromeos/network/network_state.h" 19 #include "chromeos/network/network_state.h"
20 #include "chromeos/network/network_state_handler.h" 20 #include "chromeos/network/network_state_handler.h"
21 #include "chromeos/network/network_ui_data.h" 21 #include "chromeos/network/network_ui_data.h"
22 #include "dbus/object_path.h" 22 #include "dbus/object_path.h"
23 #include "net/cert/x509_certificate.h" 23 #include "net/cert/x509_certificate.h"
24 #include "third_party/cros_system_api/dbus/service_constants.h" 24 #include "third_party/cros_system_api/dbus/service_constants.h"
(...skipping 388 matching lines...) Expand 10 before | Expand all | Expand 10 after
413 if (!CertificateIsConfigured(ui_data.get(), &pkcs11_id)) { 413 if (!CertificateIsConfigured(ui_data.get(), &pkcs11_id)) {
414 ErrorCallbackForPendingRequest(service_path, kErrorCertificateRequired); 414 ErrorCallbackForPendingRequest(service_path, kErrorCertificateRequired);
415 return; 415 return;
416 } 416 }
417 417
418 // The network may not be 'Connectable' because the certificate data is 418 // The network may not be 'Connectable' because the certificate data is
419 // not set up, so configure tpm slot/pin and pkcs11_id before connecting. 419 // not set up, so configure tpm slot/pin and pkcs11_id before connecting.
420 // TODO(stevenjb): Remove this code once NetworkConfigurationHandler 420 // TODO(stevenjb): Remove this code once NetworkConfigurationHandler
421 // handles this. 421 // handles this.
422 NET_LOG_EVENT("Configuring Network", service_path); 422 NET_LOG_EVENT("Configuring Network", service_path);
423 const std::string& tpm_slot = cert_loader_->tpm_token_slot();
424 const std::string& tpm_pin = cert_loader_->tpm_user_pin();
425 base::DictionaryValue config_properties; 423 base::DictionaryValue config_properties;
426 // Set configuration properties required by Shill to identify the network. 424 // Set configuration properties required by Shill to identify the network.
427 config_properties.SetStringWithoutPathExpansion( 425 config_properties.SetStringWithoutPathExpansion(
428 flimflam::kTypeProperty, type); 426 flimflam::kTypeProperty, type);
429 CopyStringFromDictionary(service_properties, flimflam::kNameProperty, 427 CopyStringFromDictionary(service_properties, flimflam::kNameProperty,
430 &config_properties); 428 &config_properties);
431 CopyStringFromDictionary(service_properties, flimflam::kSecurityProperty, 429 CopyStringFromDictionary(service_properties, flimflam::kSecurityProperty,
432 &config_properties); 430 &config_properties);
433 CopyStringFromDictionary(service_properties, flimflam::kGuidProperty, 431 CopyStringFromDictionary(service_properties, flimflam::kGuidProperty,
434 &config_properties); 432 &config_properties);
435 433
434 client_cert::ConfigType client_cert_type =
435 client_cert::CONFIG_TYPE_OPENVPN; // Initialize to arbitrary
436 // value.
stevenjb 2013/08/07 19:24:47 nit: Only 2 spaces before cpmment, and maybe use "
pneubeck (no reviews) 2013/08/08 11:28:29 Done.
436 if (type == flimflam::kTypeVPN) { 437 if (type == flimflam::kTypeVPN) {
437 // VPN Provider values are read from the "Provider" dictionary, not the 438 // VPN Provider values are read from the "Provider" dictionary, not the
438 // "Provider.Type", etc keys (which are used only to set the values). 439 // "Provider.Type", etc keys (which are used only to set the values).
439 std::string provider_type; 440 std::string provider_type;
440 const base::DictionaryValue* provider_properties; 441 const base::DictionaryValue* provider_properties = NULL;
441 if (service_properties.GetDictionaryWithoutPathExpansion( 442 service_properties.GetDictionaryWithoutPathExpansion(
442 flimflam::kProviderProperty, &provider_properties)) { 443 flimflam::kProviderProperty, &provider_properties);
444 if (provider_properties) {
443 provider_properties->GetStringWithoutPathExpansion( 445 provider_properties->GetStringWithoutPathExpansion(
444 flimflam::kTypeProperty, &provider_type); 446 flimflam::kTypeProperty, &provider_type);
445 } 447 }
446 if (provider_type.empty()) { 448 if (provider_type.empty()) {
447 ErrorCallbackForPendingRequest(service_path, kErrorMissingProviderType); 449 ErrorCallbackForPendingRequest(service_path, kErrorMissingProviderType);
448 return; 450 return;
449 } 451 }
450 if (provider_type == flimflam::kProviderOpenVpn) { 452 if (provider_type == flimflam::kProviderOpenVpn)
451 config_properties.SetStringWithoutPathExpansion( 453 client_cert_type = client_cert::CONFIG_TYPE_OPENVPN;
452 flimflam::kOpenVPNClientCertSlotProperty, tpm_slot); 454 else
453 config_properties.SetStringWithoutPathExpansion( 455 client_cert_type = client_cert::CONFIG_TYPE_IPSEC;
454 flimflam::kOpenVPNPinProperty, tpm_pin);
455 config_properties.SetStringWithoutPathExpansion(
456 flimflam::kOpenVPNClientCertIdProperty, pkcs11_id);
457 } else {
458 config_properties.SetStringWithoutPathExpansion(
459 flimflam::kL2tpIpsecClientCertSlotProperty, tpm_slot);
460 config_properties.SetStringWithoutPathExpansion(
461 flimflam::kL2tpIpsecPinProperty, tpm_pin);
462 config_properties.SetStringWithoutPathExpansion(
463 flimflam::kL2tpIpsecClientCertIdProperty, pkcs11_id);
464 }
465 } else if (type == flimflam::kTypeWifi) { 456 } else if (type == flimflam::kTypeWifi) {
466 config_properties.SetStringWithoutPathExpansion( 457 client_cert_type = client_cert::CONFIG_TYPE_EAP;
467 flimflam::kEapPinProperty, cert_loader_->tpm_user_pin());
468 config_properties.SetStringWithoutPathExpansion(
469 flimflam::kEapCertIdProperty, pkcs11_id);
470 config_properties.SetStringWithoutPathExpansion(
471 flimflam::kEapKeyIdProperty, pkcs11_id);
472 } 458 }
459 client_cert::SetShillProperties(client_cert_type,
460 cert_loader_->tpm_token_slot(),
461 cert_loader_->tpm_user_pin(),
462 pkcs11_id,
463 &config_properties);
473 network_configuration_handler_->SetProperties( 464 network_configuration_handler_->SetProperties(
474 service_path, 465 service_path,
475 config_properties, 466 config_properties,
476 base::Bind(&NetworkConnectionHandler::CallShillConnect, 467 base::Bind(&NetworkConnectionHandler::CallShillConnect,
477 AsWeakPtr(), service_path), 468 AsWeakPtr(), service_path),
478 base::Bind(&NetworkConnectionHandler::HandleConfigurationFailure, 469 base::Bind(&NetworkConnectionHandler::HandleConfigurationFailure,
479 AsWeakPtr(), service_path)); 470 AsWeakPtr(), service_path));
480 return; 471 return;
481 } 472 }
482 473
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after
590 } 581 }
591 } 582 }
592 583
593 bool NetworkConnectionHandler::CertificateIsConfigured(NetworkUIData* ui_data, 584 bool NetworkConnectionHandler::CertificateIsConfigured(NetworkUIData* ui_data,
594 std::string* pkcs11_id) { 585 std::string* pkcs11_id) {
595 if (ui_data->certificate_pattern().Empty()) 586 if (ui_data->certificate_pattern().Empty())
596 return false; 587 return false;
597 588
598 // Find the matching certificate. 589 // Find the matching certificate.
599 scoped_refptr<net::X509Certificate> matching_cert = 590 scoped_refptr<net::X509Certificate> matching_cert =
600 certificate_pattern::GetCertificateMatch(ui_data->certificate_pattern()); 591 client_cert::GetCertificateMatch(ui_data->certificate_pattern());
601 if (!matching_cert.get()) 592 if (!matching_cert.get())
602 return false; 593 return false;
603 *pkcs11_id = cert_loader_->GetPkcs11IdForCert(*matching_cert.get()); 594 if (cert_loader_->IsHardwareBacked())
595 *pkcs11_id = CertLoader::GetPkcs11IdForCert(*matching_cert.get());
604 return true; 596 return true;
605 } 597 }
606 598
607 void NetworkConnectionHandler::ErrorCallbackForPendingRequest( 599 void NetworkConnectionHandler::ErrorCallbackForPendingRequest(
608 const std::string& service_path, 600 const std::string& service_path,
609 const std::string& error_name) { 601 const std::string& error_name) {
610 ConnectRequest* request = pending_request(service_path); 602 ConnectRequest* request = pending_request(service_path);
611 DCHECK(request); 603 DCHECK(request);
612 // Remove the entry before invoking the callback in case it triggers a retry. 604 // Remove the entry before invoking the callback in case it triggers a retry.
613 network_handler::ErrorCallback error_callback = request->error_callback; 605 network_handler::ErrorCallback error_callback = request->error_callback;
(...skipping 18 matching lines...) Expand all
632 624
633 void NetworkConnectionHandler::HandleShillDisconnectSuccess( 625 void NetworkConnectionHandler::HandleShillDisconnectSuccess(
634 const std::string& service_path, 626 const std::string& service_path,
635 const base::Closure& success_callback) { 627 const base::Closure& success_callback) {
636 NET_LOG_EVENT("Disconnect Request Sent", service_path); 628 NET_LOG_EVENT("Disconnect Request Sent", service_path);
637 if (!success_callback.is_null()) 629 if (!success_callback.is_null())
638 success_callback.Run(); 630 success_callback.Run();
639 } 631 }
640 632
641 } // namespace chromeos 633 } // namespace chromeos
OLDNEW
« chromeos/network/client_cert_util.cc ('K') | « chromeos/network/client_cert_util.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698