chromeos/network/client_cert_util.cc - Issue 370623002: Remove most of NetworkUIData.

Side by Side Diff: chromeos/network/client_cert_util.cc

Issue 370623002: Remove most of NetworkUIData. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Removed yet-another unused function. Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chromeos/network/client_cert_util.h"	5 #include "chromeos/network/client_cert_util.h"

6	6

7 #include <cert.h>	7 #include <cert.h>

8 #include <pk11pub.h>	8 #include <pk11pub.h>

9	9

10 #include <list>	10 #include <list>

11 #include <string>	11 #include <string>

12 #include <vector>	12 #include <vector>

13	13

14 #include "base/values.h"	14 #include "base/values.h"

15 #include "chromeos/network/certificate_pattern.h"	15 #include "chromeos/network/certificate_pattern.h"

16 #include "chromeos/network/network_event_log.h"	16 #include "chromeos/network/network_event_log.h"

	17 #include "components/onc/onc_constants.h"

17 #include "net/base/net_errors.h"	18 #include "net/base/net_errors.h"

18 #include "net/cert/cert_database.h"	19 #include "net/cert/cert_database.h"

19 #include "net/cert/nss_cert_database.h"	20 #include "net/cert/nss_cert_database.h"

20 #include "net/cert/scoped_nss_types.h"	21 #include "net/cert/scoped_nss_types.h"

21 #include "net/cert/x509_cert_types.h"	22 #include "net/cert/x509_cert_types.h"

22 #include "net/cert/x509_certificate.h"	23 #include "net/cert/x509_certificate.h"

23 #include "third_party/cros_system_api/dbus/service_constants.h"	24 #include "third_party/cros_system_api/dbus/service_constants.h"

24	25

25 namespace chromeos {	26 namespace chromeos {

26	27

(...skipping 67 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
94 const std::vector<std::string>& issuer_ca_pems_;	95 const std::vector<std::string>& issuer_ca_pems_;

95 };	96 };

96	97

97 std::string GetStringFromDictionary(const base::DictionaryValue& dict,	98 std::string GetStringFromDictionary(const base::DictionaryValue& dict,

98 const std::string& key) {	99 const std::string& key) {

99 std::string s;	100 std::string s;

100 dict.GetStringWithoutPathExpansion(key, &s);	101 dict.GetStringWithoutPathExpansion(key, &s);

101 return s;	102 return s;

102 }	103 }

103	104

	105 void GetClientCertTypeAndPattern(

	106 const base::DictionaryValue& dict_with_client_cert,

	107 ClientCertConfig* cert_config) {

	108 using namespace ::onc::client_cert;

	109 dict_with_client_cert.GetStringWithoutPathExpansion(

	110 kClientCertType, &cert_config->client_cert_type);

	111

	112 if (cert_config->client_cert_type == kPattern) {

	113 const base::DictionaryValue* pattern = NULL;

	114 dict_with_client_cert.GetDictionaryWithoutPathExpansion(kClientCertPattern,

	115 &pattern);

	116 if (pattern) {

	117 bool success = cert_config->pattern.ReadFromONCDictionary(*pattern);

	118 DCHECK(success);

	119 }

	120 }

	121 }

	122

104 } // namespace	123 } // namespace

105	124

106 // Returns true only if any fields set in this pattern match exactly with	125 // Returns true only if any fields set in this pattern match exactly with

107 // similar fields in the principal. If organization_ or organizational_unit_	126 // similar fields in the principal. If organization_ or organizational_unit_

108 // are set, then at least one of the organizations or units in the principal	127 // are set, then at least one of the organizations or units in the principal

109 // must match.	128 // must match.

110 bool CertPrincipalMatches(const IssuerSubjectPattern& pattern,	129 bool CertPrincipalMatches(const IssuerSubjectPattern& pattern,

111 const net::CertPrincipal& principal) {	130 const net::CertPrincipal& principal) {

112 if (!pattern.common_name().empty() &&	131 if (!pattern.common_name().empty() &&

113 pattern.common_name() != principal.common_name) {	132 pattern.common_name() != principal.common_name) {

(...skipping 78 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
192 // Iterate over the rest looking for the one that was issued latest.	211 // Iterate over the rest looking for the one that was issued latest.

193 for (CertificateStlList::iterator iter = matching_certs.begin();	212 for (CertificateStlList::iterator iter = matching_certs.begin();

194 iter != matching_certs.end(); ++iter) {	213 iter != matching_certs.end(); ++iter) {

195 if (!latest.get() \|\| (*iter)->valid_start() > latest->valid_start())	214 if (!latest.get() \|\| (*iter)->valid_start() > latest->valid_start())

196 latest = *iter;	215 latest = *iter;

197 }	216 }

198	217

199 return latest;	218 return latest;

200 }	219 }

201	220

202 void SetShillProperties(const client_cert::ConfigType cert_config_type,	221 void SetShillProperties(const ConfigType cert_config_type,

203 const std::string& tpm_slot,	222 const std::string& tpm_slot,

204 const std::string& tpm_pin,	223 const std::string& tpm_pin,

205 const std::string* pkcs11_id,	224 const std::string* pkcs11_id,

206 base::DictionaryValue* properties) {	225 base::DictionaryValue* properties) {

207 const char* tpm_pin_property = NULL;	226 const char* tpm_pin_property = NULL;

208 switch (cert_config_type) {	227 switch (cert_config_type) {

209 case CONFIG_TYPE_NONE: {	228 case CONFIG_TYPE_NONE: {

210 return;	229 return;

211 }	230 }

212 case CONFIG_TYPE_OPENVPN: {	231 case CONFIG_TYPE_OPENVPN: {

(...skipping 38 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
251 key_id);	270 key_id);

252 }	271 }

253 break;	272 break;

254 }	273 }

255 }	274 }

256 DCHECK(tpm_pin_property);	275 DCHECK(tpm_pin_property);

257 if (!tpm_pin.empty())	276 if (!tpm_pin.empty())

258 properties->SetStringWithoutPathExpansion(tpm_pin_property, tpm_pin);	277 properties->SetStringWithoutPathExpansion(tpm_pin_property, tpm_pin);

259 }	278 }

260	279

261 bool IsCertificateConfigured(const client_cert::ConfigType cert_config_type,	280 ClientCertConfig::ClientCertConfig()

	281 : location(CONFIG_TYPE_NONE),

	282 client_cert_type(onc::client_cert::kClientCertTypeNone) {

	283 }

	284

	285 void OncToClientCertConfig(const base::DictionaryValue& network_config,

	286 ClientCertConfig* cert_config) {

	287 using namespace ::onc;

	288

	289 *cert_config = ClientCertConfig();

	290

	291 const base::DictionaryValue* dict_with_client_cert = NULL;

	292

	293 const base::DictionaryValue* wifi = NULL;

	294 network_config.GetDictionaryWithoutPathExpansion(network_config::kWiFi,

	295 &wifi);

	296 if (wifi) {

	297 const base::DictionaryValue* eap = NULL;

	298 wifi->GetDictionaryWithoutPathExpansion(wifi::kEAP, &eap);

	299 if (!eap)

	300 return;

	301

	302 dict_with_client_cert = eap;

	303 cert_config->location = CONFIG_TYPE_EAP;

	304 }

	305

	306 const base::DictionaryValue* vpn = NULL;

	307 network_config.GetDictionaryWithoutPathExpansion(network_config::kVPN, &vpn);

	308 if (vpn) {

	309 const base::DictionaryValue* openvpn = NULL;

	310 vpn->GetDictionaryWithoutPathExpansion(vpn::kOpenVPN, &openvpn);

	311 const base::DictionaryValue* ipsec = NULL;

	312 vpn->GetDictionaryWithoutPathExpansion(vpn::kIPsec, &ipsec);

	313 if (openvpn) {

	314 dict_with_client_cert = openvpn;

	315 cert_config->location = CONFIG_TYPE_OPENVPN;

	316 } else if (ipsec) {

	317 dict_with_client_cert = ipsec;

	318 cert_config->location = CONFIG_TYPE_IPSEC;

	319 } else {

	320 return;

	321 }

	322 }

	323

	324 const base::DictionaryValue* ethernet = NULL;

	325 network_config.GetDictionaryWithoutPathExpansion(network_config::kEthernet,

	326 &ethernet);

	327 if (ethernet) {

	328 const base::DictionaryValue* eap = NULL;

	329 ethernet->GetDictionaryWithoutPathExpansion(wifi::kEAP, &eap);

	330 if (!eap)

	331 return;

	332 dict_with_client_cert = eap;

	333 cert_config->location = CONFIG_TYPE_EAP;

	334 }

	335

	336 if (dict_with_client_cert)

	337 GetClientCertTypeAndPattern(*dict_with_client_cert, cert_config);

	338 }

	339

	340 bool IsCertificateConfigured(const ConfigType cert_config_type,

262 const base::DictionaryValue& service_properties) {	341 const base::DictionaryValue& service_properties) {

263 // VPN certificate properties are read from the Provider dictionary.	342 // VPN certificate properties are read from the Provider dictionary.

264 const base::DictionaryValue* provider_properties = NULL;	343 const base::DictionaryValue* provider_properties = NULL;

265 service_properties.GetDictionaryWithoutPathExpansion(	344 service_properties.GetDictionaryWithoutPathExpansion(

266 shill::kProviderProperty, &provider_properties);	345 shill::kProviderProperty, &provider_properties);

267 switch (cert_config_type) {	346 switch (cert_config_type) {

268 case CONFIG_TYPE_NONE:	347 case CONFIG_TYPE_NONE:

269 return true;	348 return true;

270 case CONFIG_TYPE_OPENVPN:	349 case CONFIG_TYPE_OPENVPN:

271 // OpenVPN generally requires a passphrase and we don't know whether or	350 // OpenVPN generally requires a passphrase and we don't know whether or

(...skipping 18 matching lines...) Expand all Loading...
290 return !cert_id.empty() && !key_id.empty() && !identity.empty();	369 return !cert_id.empty() && !key_id.empty() && !identity.empty();

291 }	370 }

292 }	371 }

293 NOTREACHED();	372 NOTREACHED();

294 return false;	373 return false;

295 }	374 }

296	375

297 } // namespace client_cert	376 } // namespace client_cert

298	377

299 } // namespace chromeos	378 } // namespace chromeos

OLD	NEW

« no previous file with comments | « chromeos/network/client_cert_util.h ('k') | chromeos/network/network_connection_handler.h » ('j') | no next file with comments »