| Index: chromeos/network/network_connection_handler.cc
|
| diff --git a/chromeos/network/network_connection_handler.cc b/chromeos/network/network_connection_handler.cc
|
| index f7ec8932948ed9095cd386605c78fb1966af94ef..83915d0dd0ca6fd832aeead303dc07879323f059 100644
|
| --- a/chromeos/network/network_connection_handler.cc
|
| +++ b/chromeos/network/network_connection_handler.cc
|
| @@ -11,7 +11,7 @@
|
| #include "chromeos/dbus/dbus_thread_manager.h"
|
| #include "chromeos/dbus/shill_manager_client.h"
|
| #include "chromeos/dbus/shill_service_client.h"
|
| -#include "chromeos/network/certificate_pattern_matcher.h"
|
| +#include "chromeos/network/client_cert_util.h"
|
| #include "chromeos/network/managed_network_configuration_handler.h"
|
| #include "chromeos/network/network_configuration_handler.h"
|
| #include "chromeos/network/network_event_log.h"
|
| @@ -401,82 +401,63 @@ void NetworkConnectionHandler::VerifyConfiguredAndConnect(
|
| }
|
| }
|
|
|
| - // These will be set if they need to be configured, otherwise they will
|
| - // be left empty and the properties will not be set.
|
| - std::string pkcs11_id, tpm_slot, tpm_pin;
|
| -
|
| - // Check certificate properties in kUIDataProperty if configured.
|
| - // Note: Wifi/VPNConfigView set these properties explicitly.
|
| - scoped_ptr<NetworkUIData> ui_data =
|
| - ManagedNetworkConfigurationHandler::GetUIData(service_properties);
|
| - if (ui_data && ui_data->certificate_type() == CLIENT_CERT_TYPE_PATTERN) {
|
| - // User must be logged in to connect to a network requiring a certificate.
|
| - if (!logged_in_ || !cert_loader_) {
|
| - ErrorCallbackForPendingRequest(service_path, kErrorCertificateRequired);
|
| - return;
|
| - }
|
| -
|
| - // If certificates have not been loaded yet, queue the connect request.
|
| - if (!certificates_loaded_) {
|
| - ConnectRequest* request = pending_request(service_path);
|
| - DCHECK(request);
|
| - NET_LOG_EVENT("Connect Request Queued", service_path);
|
| - queued_connect_.reset(new ConnectRequest(
|
| - service_path, request->success_callback, request->error_callback));
|
| - pending_requests_.erase(service_path);
|
| - return;
|
| - }
|
| -
|
| - // Ensure the certificate is available and configured.
|
| - if (!CertificateIsConfigured(ui_data.get(), &pkcs11_id)) {
|
| - ErrorCallbackForPendingRequest(service_path, kErrorCertificateRequired);
|
| - return;
|
| - }
|
| - }
|
| -
|
| - // The network may not be 'Connectable' because the TPM properties are
|
| - // not set up, so configure tpm slot/pin before connecting.
|
| - if (cert_loader_) {
|
| - tpm_slot = cert_loader_->tpm_token_slot();
|
| - tpm_pin = cert_loader_->tpm_user_pin();
|
| + client_cert::ConfigType client_cert_type = client_cert::CONFIG_TYPE_NONE;
|
| + if (type == flimflam::kTypeVPN) {
|
| + if (vpn_provider_type == flimflam::kProviderOpenVpn)
|
| + client_cert_type = client_cert::CONFIG_TYPE_OPENVPN;
|
| + else
|
| + client_cert_type = client_cert::CONFIG_TYPE_IPSEC;
|
| + } else if (type == flimflam::kTypeWifi) {
|
| + client_cert_type = client_cert::CONFIG_TYPE_EAP;
|
| }
|
|
|
| base::DictionaryValue config_properties;
|
| -
|
| - if (type == flimflam::kTypeVPN) {
|
| - if (vpn_provider_type == flimflam::kProviderOpenVpn) {
|
| - if (!pkcs11_id.empty()) {
|
| - config_properties.SetStringWithoutPathExpansion(
|
| - flimflam::kOpenVPNClientCertIdProperty, pkcs11_id);
|
| - }
|
| - if (!tpm_pin.empty()) {
|
| - config_properties.SetStringWithoutPathExpansion(
|
| - flimflam::kOpenVPNPinProperty, tpm_pin);
|
| + if (client_cert_type != client_cert::CONFIG_TYPE_NONE) {
|
| + // If the client certificate must be configured, this will be set to a
|
| + // non-empty string.
|
| + std::string pkcs11_id;
|
| +
|
| + // Check certificate properties in kUIDataProperty if configured.
|
| + // Note: Wifi/VPNConfigView set these properties explicitly, in which case
|
| + // only the TPM must be configured.
|
| + scoped_ptr<NetworkUIData> ui_data =
|
| + ManagedNetworkConfigurationHandler::GetUIData(service_properties);
|
| + if (ui_data && ui_data->certificate_type() == CLIENT_CERT_TYPE_PATTERN) {
|
| + // User must be logged in to connect to a network requiring a certificate.
|
| + if (!logged_in_ || !cert_loader_) {
|
| + ErrorCallbackForPendingRequest(service_path, kErrorCertificateRequired);
|
| + return;
|
| }
|
| - } else {
|
| - if (!pkcs11_id.empty()) {
|
| - config_properties.SetStringWithoutPathExpansion(
|
| - flimflam::kL2tpIpsecClientCertIdProperty, pkcs11_id);
|
| - }
|
| - if (!tpm_slot.empty()) {
|
| - config_properties.SetStringWithoutPathExpansion(
|
| - flimflam::kL2tpIpsecClientCertSlotProperty, tpm_slot);
|
| +
|
| + // If certificates have not been loaded yet, queue the connect request.
|
| + if (!certificates_loaded_) {
|
| + ConnectRequest* request = pending_request(service_path);
|
| + DCHECK(request);
|
| + NET_LOG_EVENT("Connect Request Queued", service_path);
|
| + queued_connect_.reset(new ConnectRequest(
|
| + service_path, request->success_callback, request->error_callback));
|
| + pending_requests_.erase(service_path);
|
| + return;
|
| }
|
| - if (!tpm_pin.empty()) {
|
| - config_properties.SetStringWithoutPathExpansion(
|
| - flimflam::kL2tpIpsecPinProperty, tpm_pin);
|
| +
|
| + pkcs11_id = CertificateIsConfigured(ui_data.get());
|
| + // Ensure the certificate is available and configured.
|
| + if (!cert_loader_->IsHardwareBacked() || pkcs11_id.empty()) {
|
| + ErrorCallbackForPendingRequest(service_path, kErrorCertificateRequired);
|
| + return;
|
| }
|
| }
|
| - } else if (type == flimflam::kTypeWifi) {
|
| - if (!pkcs11_id.empty()) {
|
| - config_properties.SetStringWithoutPathExpansion(
|
| - flimflam::kEapCertIdProperty, pkcs11_id);
|
| - config_properties.SetStringWithoutPathExpansion(
|
| - flimflam::kEapKeyIdProperty, pkcs11_id);
|
| - }
|
| - if (!tpm_pin.empty()) {
|
| - config_properties.SetStringWithoutPathExpansion(
|
| - flimflam::kEapPinProperty, tpm_pin);
|
| +
|
| + // The network may not be 'Connectable' because the TPM properties are not
|
| + // set up, so configure tpm slot/pin before connecting.
|
| + if (cert_loader_ && cert_loader_->IsHardwareBacked()) {
|
| + // Pass NULL if pkcs11_id is empty, so that it doesn't clear any
|
| + // previously configured client cert.
|
| + client_cert::SetShillProperties(client_cert_type,
|
| + cert_loader_->tpm_token_slot(),
|
| + cert_loader_->tpm_user_pin(),
|
| + pkcs11_id.empty() ? NULL : &pkcs11_id,
|
| + &config_properties);
|
| }
|
| }
|
|
|
| @@ -626,18 +607,16 @@ void NetworkConnectionHandler::CheckAllPendingRequests() {
|
| }
|
| }
|
|
|
| -bool NetworkConnectionHandler::CertificateIsConfigured(NetworkUIData* ui_data,
|
| - std::string* pkcs11_id) {
|
| +std::string NetworkConnectionHandler::CertificateIsConfigured(
|
| + NetworkUIData* ui_data) {
|
| if (ui_data->certificate_pattern().Empty())
|
| - return false;
|
| -
|
| + return std::string();
|
| // Find the matching certificate.
|
| scoped_refptr<net::X509Certificate> matching_cert =
|
| - certificate_pattern::GetCertificateMatch(ui_data->certificate_pattern());
|
| + client_cert::GetCertificateMatch(ui_data->certificate_pattern());
|
| if (!matching_cert.get())
|
| - return false;
|
| - *pkcs11_id = cert_loader_->GetPkcs11IdForCert(*matching_cert.get());
|
| - return true;
|
| + return std::string();
|
| + return CertLoader::GetPkcs11IdForCert(*matching_cert.get());
|
| }
|
|
|
| void NetworkConnectionHandler::ErrorCallbackForPendingRequest(
|
|
|
Chromium Code Reviews
Issue 22588002:
Refactor the client certificate code in chromeos/network/. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src