Remove most of NetworkUIData.

chromeos/network/client_cert_resolver.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chromeos/network/client_cert_resolver.h"
 
 #include <cert.h>
 #include <certt.h>  // for (SECCertUsageEnum) certUsageAnyCA
 #include <pk11pub.h>
 
 #include <algorithm>
 #include <string>
 
 #include "base/bind.h"
 #include "base/location.h"
 #include "base/stl_util.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/task_runner.h"
 #include "base/threading/worker_pool.h"
 #include "base/time/time.h"
 #include "chromeos/cert_loader.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/dbus/shill_service_client.h"
 #include "chromeos/network/certificate_pattern.h"
 #include "chromeos/network/client_cert_util.h"
 #include "chromeos/network/managed_network_configuration_handler.h"
 #include "chromeos/network/network_state.h"
-#include "chromeos/network/network_ui_data.h"
 #include "chromeos/tpm_token_loader.h"
 #include "components/onc/onc_constants.h"
 #include "dbus/object_path.h"
 #include "net/cert/scoped_nss_types.h"
 #include "net/cert/x509_certificate.h"
 
 namespace chromeos {
 
 // Describes a network |network_path| for which a matching certificate |cert_id|
 // was found or for which no certificate was found (|cert_id| will be empty).
 struct ClientCertResolver::NetworkAndMatchingCert {
   NetworkAndMatchingCert(const std::string& network_path,
                          client_cert::ConfigType config_type,
                          const std::string& cert_id)
       : service_path(network_path),
         cert_config_type(config_type),
         pkcs11_id(cert_id) {}
 
   std::string service_path;
   client_cert::ConfigType cert_config_type;
+
   // The id of the matching certificate or empty if no certificate was found.
   std::string pkcs11_id;
 };
 
 typedef std::vector<ClientCertResolver::NetworkAndMatchingCert>
     NetworkCertMatches;
 
 namespace {
 
 // Returns true if |vector| contains |value|.
@@ skipping 25 matching lines @@
 
 bool CompareCertExpiration(const CertAndIssuer& a,
                            const CertAndIssuer& b) {
   return (a.cert->valid_expiry() > b.cert->valid_expiry());
 }
 
 // Describes a network that is configured with the certificate pattern
 // |client_cert_pattern|.
 struct NetworkAndCertPattern {
   NetworkAndCertPattern(const std::string& network_path,
-                        client_cert::ConfigType config_type,
-                        const CertificatePattern& pattern)
+                        const client_cert::ClientCertConfig& client_cert_config)
       : service_path(network_path),
-        cert_config_type(config_type),
-        client_cert_pattern(pattern) {}
+        cert_config(client_cert_config) {}
+
   std::string service_path;
-  client_cert::ConfigType cert_config_type;
-  CertificatePattern client_cert_pattern;
+  client_cert::ClientCertConfig cert_config;
 };
 
 // A unary predicate that returns true if the given CertAndIssuer matches the
 // certificate pattern of the NetworkAndCertPattern.
 struct MatchCertWithPattern {
   explicit MatchCertWithPattern(const NetworkAndCertPattern& pattern)
       : net_and_pattern(pattern) {}
 
   bool operator()(const CertAndIssuer& cert_and_issuer) {
-    const CertificatePattern& pattern = net_and_pattern.client_cert_pattern;
+    const CertificatePattern& pattern = net_and_pattern.cert_config.pattern;
     if (!pattern.issuer().Empty() &&
         !client_cert::CertPrincipalMatches(pattern.issuer(),
                                            cert_and_issuer.cert->issuer())) {
       return false;
     }
     if (!pattern.subject().Empty() &&
         !client_cert::CertPrincipalMatches(pattern.subject(),
                                            cert_and_issuer.cert->subject())) {
       return false;
     }
@@ skipping 64 matching lines @@
     } else {
       pkcs11_id = CertLoader::GetPkcs11IdForCert(*cert_it->cert);
       if (pkcs11_id.empty()) {
         LOG(ERROR) << "Couldn't determine PKCS#11 ID.";
         // So far this error is not expected to happen. We can just continue, in
         // the worst case the user can remove the problematic cert.
         continue;
       }
     }
     matches->push_back(ClientCertResolver::NetworkAndMatchingCert(
-        it->service_path, it->cert_config_type, pkcs11_id));
+        it->service_path, it->cert_config.location, pkcs11_id));
   }
 }
 
-// Determines the type of the CertificatePattern configuration, i.e. is it a
-// pattern within an EAP, IPsec or OpenVPN configuration.
-client_cert::ConfigType OncToClientCertConfigurationType(
-    const base::DictionaryValue& network_config) {
-  using namespace ::onc;
-
-  const base::DictionaryValue* wifi = NULL;
-  network_config.GetDictionaryWithoutPathExpansion(network_config::kWiFi,
-                                                   &wifi);
-  if (wifi) {
-    const base::DictionaryValue* eap = NULL;
-    wifi->GetDictionaryWithoutPathExpansion(wifi::kEAP, &eap);
-    if (!eap)
-      return client_cert::CONFIG_TYPE_NONE;
-    return client_cert::CONFIG_TYPE_EAP;
-  }
-
-  const base::DictionaryValue* vpn = NULL;
-  network_config.GetDictionaryWithoutPathExpansion(network_config::kVPN, &vpn);
-  if (vpn) {
-    const base::DictionaryValue* openvpn = NULL;
-    vpn->GetDictionaryWithoutPathExpansion(vpn::kOpenVPN, &openvpn);
-    if (openvpn)
-      return client_cert::CONFIG_TYPE_OPENVPN;
-
-    const base::DictionaryValue* ipsec = NULL;
-    vpn->GetDictionaryWithoutPathExpansion(vpn::kIPsec, &ipsec);
-    if (ipsec)
-      return client_cert::CONFIG_TYPE_IPSEC;
-
-    return client_cert::CONFIG_TYPE_NONE;
-  }
-
-  const base::DictionaryValue* ethernet = NULL;
-  network_config.GetDictionaryWithoutPathExpansion(network_config::kEthernet,
-                                                   &ethernet);
-  if (ethernet) {
-    const base::DictionaryValue* eap = NULL;
-    ethernet->GetDictionaryWithoutPathExpansion(wifi::kEAP, &eap);
-    if (eap)
-      return client_cert::CONFIG_TYPE_EAP;
-    return client_cert::CONFIG_TYPE_NONE;
-  }
-
-  return client_cert::CONFIG_TYPE_NONE;
-}
-
 void LogError(const std::string& service_path,
               const std::string& dbus_error_name,
               const std::string& dbus_error_message) {
   network_handler::ShillErrorCallbackFunction(
       "ClientCertResolver.SetProperties failed",
       service_path,
       network_handler::ErrorCallback(),
       dbus_error_name,
       dbus_error_message);
 }
@@ skipping 141 matching lines @@
 
     if (!policy) {
       VLOG(1) << "The policy for network " << network->path() << " with GUID "
               << network->guid() << " is not available yet.";
       // Skip this network for now. Once the policy is loaded, PolicyApplied()
       // will retry.
       continue;
     }
 
     VLOG(2) << "Inspecting network " << network->path();
-    // TODO(pneubeck): Access the ClientCertPattern without relying on
-    //   NetworkUIData, which also parses other things that we don't need here.
-    // The ONCSource is irrelevant here.
-    scoped_ptr<NetworkUIData> ui_data(
-        NetworkUIData::CreateFromONC(onc::ONC_SOURCE_NONE, *policy));
+    client_cert::ClientCertConfig cert_config;
+    OncToClientCertConfig(*policy, &cert_config);
 
     // Skip networks that don't have a ClientCertPattern.
-    if (ui_data->certificate_type() != CLIENT_CERT_TYPE_PATTERN)
+    if (cert_config.client_cert_type != ::onc::client_cert::kPattern)
       continue;
 
-    client_cert::ConfigType config_type =
-        OncToClientCertConfigurationType(*policy);
-    if (config_type == client_cert::CONFIG_TYPE_NONE) {
-      LOG(ERROR) << "UIData contains a CertificatePattern, but the policy "
-                 << "doesn't. Network: " << network->path();
-      continue;
-    }
-
-    networks_with_pattern->push_back(NetworkAndCertPattern(
-        network->path(), config_type, ui_data->certificate_pattern()));
+    networks_with_pattern->push_back(
+        NetworkAndCertPattern(network->path(), cert_config));
   }
   if (networks_with_pattern->empty())
     return;
 
   VLOG(2) << "Start task for resolving client cert patterns.";
   base::TaskRunner* task_runner = slow_task_runner_for_test_.get();
   if (!task_runner)
     task_runner = base::WorkerPool::GetTaskRunner(true /* task is slow */);
 
   NetworkCertMatches* matches = new NetworkCertMatches;
@@ skipping 25 matching lines @@
     DBusThreadManager::Get()->GetShillServiceClient()->
         SetProperties(dbus::ObjectPath(it->service_path),
                         shill_properties,
                         base::Bind(&base::DoNothing),
                         base::Bind(&LogError, it->service_path));
     network_state_handler_->RequestUpdateForNetwork(it->service_path);
   }
 }
 
 }  // namespace chromeos