Remove most of NetworkUIData.

chromeos/network/client_cert_util.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chromeos/network/client_cert_util.h"
 
 #include <cert.h>
 #include <pk11pub.h>
 
 #include <list>
 #include <string>
 #include <vector>
 
 #include "base/values.h"
 #include "chromeos/network/certificate_pattern.h"
 #include "chromeos/network/network_event_log.h"
+#include "components/onc/onc_constants.h"
 #include "net/base/net_errors.h"
 #include "net/cert/cert_database.h"
 #include "net/cert/nss_cert_database.h"
 #include "net/cert/scoped_nss_types.h"
 #include "net/cert/x509_cert_types.h"
 #include "net/cert/x509_certificate.h"
 #include "third_party/cros_system_api/dbus/service_constants.h"
 
 namespace chromeos {
 
@@ skipping 67 matching lines @@
   const std::vector<std::string>& issuer_ca_pems_;
 };
 
 std::string GetStringFromDictionary(const base::DictionaryValue& dict,
                                     const std::string& key) {
   std::string s;
   dict.GetStringWithoutPathExpansion(key, &s);
   return s;
 }
 
+void GetClientCertTypeAndPattern(
+    const base::DictionaryValue& dict_with_client_cert,
+    ClientCertConfig* cert_config) {
+  using namespace ::onc::client_cert;
+  dict_with_client_cert.GetStringWithoutPathExpansion(
+      kClientCertType, &cert_config->client_cert_type);
+
+  if (cert_config->client_cert_type == kPattern) {
+    const base::DictionaryValue* pattern = NULL;
+    dict_with_client_cert.GetDictionaryWithoutPathExpansion(kClientCertPattern,
+                                                            &pattern);
+    if (pattern) {
+      bool success = cert_config->pattern.ReadFromONCDictionary(*pattern);
+      DCHECK(success);
+    }
+  }
+}
+
 }  // namespace
 
 // Returns true only if any fields set in this pattern match exactly with
 // similar fields in the principal.  If organization_ or organizational_unit_
 // are set, then at least one of the organizations or units in the principal
 // must match.
 bool CertPrincipalMatches(const IssuerSubjectPattern& pattern,
                           const net::CertPrincipal& principal) {
   if (!pattern.common_name().empty() &&
       pattern.common_name() != principal.common_name) {
@@ skipping 78 matching lines @@
   // Iterate over the rest looking for the one that was issued latest.
   for (CertificateStlList::iterator iter = matching_certs.begin();
        iter != matching_certs.end(); ++iter) {
     if (!latest.get() || (*iter)->valid_start() > latest->valid_start())
       latest = *iter;
   }
 
   return latest;
 }
 
-void SetShillProperties(const client_cert::ConfigType cert_config_type,
+void SetShillProperties(const ConfigType cert_config_type,
                         const std::string& tpm_slot,
                         const std::string& tpm_pin,
                         const std::string* pkcs11_id,
                         base::DictionaryValue* properties) {
   const char* tpm_pin_property = NULL;
   switch (cert_config_type) {
     case CONFIG_TYPE_NONE: {
       return;
     }
     case CONFIG_TYPE_OPENVPN: {
@@ skipping 34 matching lines @@
                                                   key_id);
       }
       break;
     }
   }
   DCHECK(tpm_pin_property);
   if (!tpm_pin.empty())
     properties->SetStringWithoutPathExpansion(tpm_pin_property, tpm_pin);
 }
 
-bool IsCertificateConfigured(const client_cert::ConfigType cert_config_type,
+ClientCertConfig::ClientCertConfig()
+    : location(CONFIG_TYPE_NONE), client_cert_type(onc::client_cert::kNone) {

[stevenjb, 2014/07/07 19:34:05]

nit: one arg per line

[pneubeck (no reviews), 2014/07/09 07:51:26]

Done.

+}
+
+void OncToClientCertConfig(const base::DictionaryValue& network_config,
+                           ClientCertConfig* cert_config) {
+  using namespace ::onc;
+
+  *cert_config = ClientCertConfig();

[stevenjb, 2014/07/07 19:34:05]

nit: If we're clearing this anyway, maybe just return the value?

+
+  const base::DictionaryValue* dict_with_client_cert = NULL;
+
+  const base::DictionaryValue* wifi = NULL;
+  network_config.GetDictionaryWithoutPathExpansion(network_config::kWiFi,
+                                                   &wifi);
+  if (wifi) {
+    const base::DictionaryValue* eap = NULL;
+    wifi->GetDictionaryWithoutPathExpansion(wifi::kEAP, &eap);
+    if (!eap)
+      return;
+
+    dict_with_client_cert = eap;
+    cert_config->location = CONFIG_TYPE_EAP;
+  }
+
+  const base::DictionaryValue* vpn = NULL;
+  network_config.GetDictionaryWithoutPathExpansion(network_config::kVPN, &vpn);
+  if (vpn) {
+    const base::DictionaryValue* openvpn = NULL;
+    vpn->GetDictionaryWithoutPathExpansion(vpn::kOpenVPN, &openvpn);
+    const base::DictionaryValue* ipsec = NULL;
+    vpn->GetDictionaryWithoutPathExpansion(vpn::kIPsec, &ipsec);
+    if (openvpn) {
+      dict_with_client_cert = openvpn;
+      cert_config->location = CONFIG_TYPE_OPENVPN;
+    } else if (ipsec) {
+      dict_with_client_cert = ipsec;
+      cert_config->location = CONFIG_TYPE_IPSEC;
+    } else {
+      return;
+    }
+  }
+
+  const base::DictionaryValue* ethernet = NULL;
+  network_config.GetDictionaryWithoutPathExpansion(network_config::kEthernet,
+                                                   &ethernet);
+  if (ethernet) {
+    const base::DictionaryValue* eap = NULL;
+    ethernet->GetDictionaryWithoutPathExpansion(wifi::kEAP, &eap);
+    if (!eap)
+      return;
+    dict_with_client_cert = eap;
+    cert_config->location = CONFIG_TYPE_EAP;
+  }
+
+  if (dict_with_client_cert)
+    GetClientCertTypeAndPattern(*dict_with_client_cert, cert_config);
+}
+
+bool IsCertificateConfigured(const ConfigType cert_config_type,
                              const base::DictionaryValue& service_properties) {
   // VPN certificate properties are read from the Provider dictionary.
   const base::DictionaryValue* provider_properties = NULL;
   service_properties.GetDictionaryWithoutPathExpansion(
       shill::kProviderProperty, &provider_properties);
   switch (cert_config_type) {
     case CONFIG_TYPE_NONE:
       return true;
     case CONFIG_TYPE_OPENVPN:
       // OpenVPN generally requires a passphrase and we don't know whether or
@@ skipping 18 matching lines @@
       return !cert_id.empty() && !key_id.empty() && !identity.empty();
     }
   }
   NOTREACHED();
   return false;
 }
 
 }  // namespace client_cert
 
 }  // namespace chromeos