Remove most of NetworkUIData.

chromeos/network/network_connection_handler.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chromeos/network/network_connection_handler.h"
 
 #include "base/bind.h"
 #include "base/json/json_reader.h"
 #include "base/location.h"
 #include "base/message_loop/message_loop_proxy.h"
 #include "base/strings/string_number_conversions.h"
 #include "chromeos/cert_loader.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/dbus/shill_manager_client.h"
 #include "chromeos/dbus/shill_service_client.h"
+#include "chromeos/network/certificate_pattern.h"
 #include "chromeos/network/client_cert_util.h"
 #include "chromeos/network/managed_network_configuration_handler.h"
 #include "chromeos/network/network_configuration_handler.h"
 #include "chromeos/network/network_event_log.h"
 #include "chromeos/network/network_handler_callbacks.h"
 #include "chromeos/network/network_profile_handler.h"
 #include "chromeos/network/network_state.h"
 #include "chromeos/network/network_state_handler.h"
-#include "chromeos/network/network_ui_data.h"
 #include "chromeos/network/shill_property_util.h"
 #include "chromeos/tpm_token_loader.h"
 #include "dbus/object_path.h"
 #include "net/cert/x509_certificate.h"
 #include "third_party/cros_system_api/dbus/service_constants.h"
 
 namespace chromeos {
 
 namespace {
 
@@ skipping 377 matching lines @@
           shill::kHostProperty, &vpn_provider_host);
       provider_properties->GetStringWithoutPathExpansion(
           shill::kL2tpIpsecClientCertIdProperty, &vpn_client_cert_id);
     }
     if (vpn_provider_type.empty() || vpn_provider_host.empty()) {
       ErrorCallbackForPendingRequest(service_path, kErrorConfigurationRequired);
       return;
     }
   }
 
-  scoped_ptr<NetworkUIData> ui_data =
-      shill_property_util::GetUIDataFromProperties(service_properties);
+  std::string guid;
+  service_properties.GetStringWithoutPathExpansion(shill::kGuidProperty, &guid);
+  std::string profile;
+  service_properties.GetStringWithoutPathExpansion(shill::kProfileProperty,
+                                                   &profile);
+  const base::DictionaryValue* user_policy =
+      managed_configuration_handler_->FindPolicyByGuidAndProfile(guid, profile);
+
+  client_cert::ClientCertConfig cert_config_from_policy;
+  if (user_policy)
+    client_cert::OncToClientCertConfig(*user_policy, &cert_config_from_policy);
 
   client_cert::ConfigType client_cert_type = client_cert::CONFIG_TYPE_NONE;
   if (type == shill::kTypeVPN) {
     if (vpn_provider_type == shill::kProviderOpenVpn) {
       client_cert_type = client_cert::CONFIG_TYPE_OPENVPN;
     } else {
       // L2TP/IPSec only requires a certificate if one is specified in ONC
       // or one was configured by the UI. Otherwise it is L2TP/IPSec with
       // PSK and doesn't require a certificate.
       //
       // TODO(benchan): Modify shill to specify the authentication type via
       // the kL2tpIpsecAuthenticationType property, so that Chrome doesn't need
       // to deduce the authentication type based on the
       // kL2tpIpsecClientCertIdProperty here (and also in VPNConfigView).
       if (!vpn_client_cert_id.empty() ||
-          (ui_data && ui_data->certificate_type() != CLIENT_CERT_TYPE_NONE))
+          cert_config_from_policy.client_cert_type !=
+              onc::client_cert::kClientCertTypeNone) {
         client_cert_type = client_cert::CONFIG_TYPE_IPSEC;
+      }
     }
   } else if (type == shill::kTypeWifi && security == shill::kSecurity8021x) {
     client_cert_type = client_cert::CONFIG_TYPE_EAP;
   }
 
   base::DictionaryValue config_properties;
   if (client_cert_type != client_cert::CONFIG_TYPE_NONE) {
     // Note: if we get here then a certificate *may* be required, so we want
     // to ensure that certificates have loaded successfully before attempting
     // to connect.
 
     // User must be logged in to connect to a network requiring a certificate.
     if (!logged_in_ || !cert_loader_) {
       NET_LOG_ERROR("User not logged in", "");
       ErrorCallbackForPendingRequest(service_path, kErrorCertificateRequired);
       return;
     }
     // If certificates have not been loaded yet, queue the connect request.
     if (!certificates_loaded_) {
       NET_LOG_EVENT("Certificates not loaded", "");
       QueueConnectRequest(service_path);
       return;
     }
 
     // If the client certificate must be configured, this will be set to a
     // non-empty string.
     std::string pkcs11_id;
 
-    // Check certificate properties in kUIDataProperty if configured.
-    // Note: Wifi/VPNConfigView set these properties explicitly, in which case
-    // only the TPM must be configured.
-    if (ui_data && ui_data->certificate_type() == CLIENT_CERT_TYPE_PATTERN) {
-      pkcs11_id = CertificateIsConfigured(ui_data.get());
+    // Check certificate properties from policy.
+    // Note: Wifi/VPNConfigView set the KeyID and CertID properties directly,
+    // in which case only the TPM must be configured.
+    if (cert_config_from_policy.client_cert_type ==
+        onc::client_cert::kPattern) {
+      pkcs11_id = CertificateIsConfigured(cert_config_from_policy.pattern);
       // Ensure the certificate is available and configured.
       if (!cert_loader_->IsHardwareBacked() || pkcs11_id.empty()) {
         ErrorCallbackForPendingRequest(service_path, kErrorCertificateRequired);
         return;
       }
     } else if (check_error_state &&
                !client_cert::IsCertificateConfigured(client_cert_type,
                                                      service_properties)) {
       // Network may not be configured.
       ErrorCallbackForPendingRequest(service_path, kErrorConfigurationRequired);
@@ skipping 243 matching lines @@
 }
 
 void NetworkConnectionHandler::CheckAllPendingRequests() {
   for (std::map<std::string, ConnectRequest>::iterator iter =
            pending_requests_.begin(); iter != pending_requests_.end(); ++iter) {
     CheckPendingRequest(iter->first);
   }
 }
 
 std::string NetworkConnectionHandler::CertificateIsConfigured(
-    NetworkUIData* ui_data) {
-  if (ui_data->certificate_pattern().Empty())
+    const CertificatePattern& pattern) {
+  if (pattern.Empty())
     return std::string();
   // Find the matching certificate.
   scoped_refptr<net::X509Certificate> matching_cert =
-      client_cert::GetCertificateMatch(ui_data->certificate_pattern(),
-                                       cert_loader_->cert_list());
+      client_cert::GetCertificateMatch(pattern, cert_loader_->cert_list());
   if (!matching_cert.get())
     return std::string();
   return CertLoader::GetPkcs11IdForCert(*matching_cert.get());
 }
 
 void NetworkConnectionHandler::ErrorCallbackForPendingRequest(
     const std::string& service_path,
     const std::string& error_name) {
   ConnectRequest* request = GetPendingRequest(service_path);
   if (!request) {
@@ skipping 87 matching lines @@
 
     NET_LOG_EVENT("Disconnect Forced by Policy", network->path());
     CallShillDisconnect(
         network->path(), base::Closure(), network_handler::ErrorCallback());
   }
 
   ConnectToBestNetworkAfterLogin();
 }
 
 }  // namespace chromeos