| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/network_connection_handler.h" | 5 #include "chromeos/network/network_connection_handler.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/json/json_reader.h" | 8 #include "base/json/json_reader.h" |
| 9 #include "base/location.h" | 9 #include "base/location.h" |
| 10 #include "base/message_loop/message_loop_proxy.h" | 10 #include "base/message_loop/message_loop_proxy.h" |
| 11 #include "base/strings/string_number_conversions.h" | 11 #include "base/strings/string_number_conversions.h" |
| 12 #include "chromeos/cert_loader.h" | 12 #include "chromeos/cert_loader.h" |
| 13 #include "chromeos/dbus/dbus_thread_manager.h" | 13 #include "chromeos/dbus/dbus_thread_manager.h" |
| 14 #include "chromeos/dbus/shill_manager_client.h" | 14 #include "chromeos/dbus/shill_manager_client.h" |
| 15 #include "chromeos/dbus/shill_service_client.h" | 15 #include "chromeos/dbus/shill_service_client.h" |
| 16 #include "chromeos/network/certificate_pattern.h" |
| 16 #include "chromeos/network/client_cert_util.h" | 17 #include "chromeos/network/client_cert_util.h" |
| 17 #include "chromeos/network/managed_network_configuration_handler.h" | 18 #include "chromeos/network/managed_network_configuration_handler.h" |
| 18 #include "chromeos/network/network_configuration_handler.h" | 19 #include "chromeos/network/network_configuration_handler.h" |
| 19 #include "chromeos/network/network_event_log.h" | 20 #include "chromeos/network/network_event_log.h" |
| 20 #include "chromeos/network/network_handler_callbacks.h" | 21 #include "chromeos/network/network_handler_callbacks.h" |
| 21 #include "chromeos/network/network_profile_handler.h" | 22 #include "chromeos/network/network_profile_handler.h" |
| 22 #include "chromeos/network/network_state.h" | 23 #include "chromeos/network/network_state.h" |
| 23 #include "chromeos/network/network_state_handler.h" | 24 #include "chromeos/network/network_state_handler.h" |
| 24 #include "chromeos/network/network_ui_data.h" | |
| 25 #include "chromeos/network/shill_property_util.h" | 25 #include "chromeos/network/shill_property_util.h" |
| 26 #include "chromeos/tpm_token_loader.h" | 26 #include "chromeos/tpm_token_loader.h" |
| 27 #include "dbus/object_path.h" | 27 #include "dbus/object_path.h" |
| 28 #include "net/cert/x509_certificate.h" | 28 #include "net/cert/x509_certificate.h" |
| 29 #include "third_party/cros_system_api/dbus/service_constants.h" | 29 #include "third_party/cros_system_api/dbus/service_constants.h" |
| 30 | 30 |
| 31 namespace chromeos { | 31 namespace chromeos { |
| 32 | 32 |
| 33 namespace { | 33 namespace { |
| 34 | 34 |
| (...skipping 377 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 412 shill::kHostProperty, &vpn_provider_host); | 412 shill::kHostProperty, &vpn_provider_host); |
| 413 provider_properties->GetStringWithoutPathExpansion( | 413 provider_properties->GetStringWithoutPathExpansion( |
| 414 shill::kL2tpIpsecClientCertIdProperty, &vpn_client_cert_id); | 414 shill::kL2tpIpsecClientCertIdProperty, &vpn_client_cert_id); |
| 415 } | 415 } |
| 416 if (vpn_provider_type.empty() || vpn_provider_host.empty()) { | 416 if (vpn_provider_type.empty() || vpn_provider_host.empty()) { |
| 417 ErrorCallbackForPendingRequest(service_path, kErrorConfigurationRequired); | 417 ErrorCallbackForPendingRequest(service_path, kErrorConfigurationRequired); |
| 418 return; | 418 return; |
| 419 } | 419 } |
| 420 } | 420 } |
| 421 | 421 |
| 422 scoped_ptr<NetworkUIData> ui_data = | 422 std::string guid; |
| 423 shill_property_util::GetUIDataFromProperties(service_properties); | 423 service_properties.GetStringWithoutPathExpansion(shill::kGuidProperty, &guid); |
| 424 std::string profile; |
| 425 service_properties.GetStringWithoutPathExpansion(shill::kProfileProperty, |
| 426 &profile); |
| 427 const base::DictionaryValue* user_policy = |
| 428 managed_configuration_handler_->FindPolicyByGuidAndProfile(guid, profile); |
| 429 |
| 430 client_cert::ClientCertConfig cert_config_from_policy; |
| 431 if (user_policy) |
| 432 client_cert::OncToClientCertConfig(*user_policy, &cert_config_from_policy); |
| 424 | 433 |
| 425 client_cert::ConfigType client_cert_type = client_cert::CONFIG_TYPE_NONE; | 434 client_cert::ConfigType client_cert_type = client_cert::CONFIG_TYPE_NONE; |
| 426 if (type == shill::kTypeVPN) { | 435 if (type == shill::kTypeVPN) { |
| 427 if (vpn_provider_type == shill::kProviderOpenVpn) { | 436 if (vpn_provider_type == shill::kProviderOpenVpn) { |
| 428 client_cert_type = client_cert::CONFIG_TYPE_OPENVPN; | 437 client_cert_type = client_cert::CONFIG_TYPE_OPENVPN; |
| 429 } else { | 438 } else { |
| 430 // L2TP/IPSec only requires a certificate if one is specified in ONC | 439 // L2TP/IPSec only requires a certificate if one is specified in ONC |
| 431 // or one was configured by the UI. Otherwise it is L2TP/IPSec with | 440 // or one was configured by the UI. Otherwise it is L2TP/IPSec with |
| 432 // PSK and doesn't require a certificate. | 441 // PSK and doesn't require a certificate. |
| 433 // | 442 // |
| 434 // TODO(benchan): Modify shill to specify the authentication type via | 443 // TODO(benchan): Modify shill to specify the authentication type via |
| 435 // the kL2tpIpsecAuthenticationType property, so that Chrome doesn't need | 444 // the kL2tpIpsecAuthenticationType property, so that Chrome doesn't need |
| 436 // to deduce the authentication type based on the | 445 // to deduce the authentication type based on the |
| 437 // kL2tpIpsecClientCertIdProperty here (and also in VPNConfigView). | 446 // kL2tpIpsecClientCertIdProperty here (and also in VPNConfigView). |
| 438 if (!vpn_client_cert_id.empty() || | 447 if (!vpn_client_cert_id.empty() || |
| 439 (ui_data && ui_data->certificate_type() != CLIENT_CERT_TYPE_NONE)) | 448 cert_config_from_policy.client_cert_type != onc::client_cert::kNone) { |
| 440 client_cert_type = client_cert::CONFIG_TYPE_IPSEC; | 449 client_cert_type = client_cert::CONFIG_TYPE_IPSEC; |
| 450 } |
| 441 } | 451 } |
| 442 } else if (type == shill::kTypeWifi && security == shill::kSecurity8021x) { | 452 } else if (type == shill::kTypeWifi && security == shill::kSecurity8021x) { |
| 443 client_cert_type = client_cert::CONFIG_TYPE_EAP; | 453 client_cert_type = client_cert::CONFIG_TYPE_EAP; |
| 444 } | 454 } |
| 445 | 455 |
| 446 base::DictionaryValue config_properties; | 456 base::DictionaryValue config_properties; |
| 447 if (client_cert_type != client_cert::CONFIG_TYPE_NONE) { | 457 if (client_cert_type != client_cert::CONFIG_TYPE_NONE) { |
| 448 // Note: if we get here then a certificate *may* be required, so we want | 458 // Note: if we get here then a certificate *may* be required, so we want |
| 449 // to ensure that certificates have loaded successfully before attempting | 459 // to ensure that certificates have loaded successfully before attempting |
| 450 // to connect. | 460 // to connect. |
| 451 | 461 |
| 452 // User must be logged in to connect to a network requiring a certificate. | 462 // User must be logged in to connect to a network requiring a certificate. |
| 453 if (!logged_in_ || !cert_loader_) { | 463 if (!logged_in_ || !cert_loader_) { |
| 454 NET_LOG_ERROR("User not logged in", ""); | 464 NET_LOG_ERROR("User not logged in", ""); |
| 455 ErrorCallbackForPendingRequest(service_path, kErrorCertificateRequired); | 465 ErrorCallbackForPendingRequest(service_path, kErrorCertificateRequired); |
| 456 return; | 466 return; |
| 457 } | 467 } |
| 458 // If certificates have not been loaded yet, queue the connect request. | 468 // If certificates have not been loaded yet, queue the connect request. |
| 459 if (!certificates_loaded_) { | 469 if (!certificates_loaded_) { |
| 460 NET_LOG_EVENT("Certificates not loaded", ""); | 470 NET_LOG_EVENT("Certificates not loaded", ""); |
| 461 QueueConnectRequest(service_path); | 471 QueueConnectRequest(service_path); |
| 462 return; | 472 return; |
| 463 } | 473 } |
| 464 | 474 |
| 465 // If the client certificate must be configured, this will be set to a | 475 // If the client certificate must be configured, this will be set to a |
| 466 // non-empty string. | 476 // non-empty string. |
| 467 std::string pkcs11_id; | 477 std::string pkcs11_id; |
| 468 | 478 |
| 469 // Check certificate properties in kUIDataProperty if configured. | 479 // Check certificate properties from policy. |
| 470 // Note: Wifi/VPNConfigView set these properties explicitly, in which case | 480 // Note: Wifi/VPNConfigView set the KeyID and CertID properties directly, |
| 471 // only the TPM must be configured. | 481 // in which case only the TPM must be configured. |
| 472 if (ui_data && ui_data->certificate_type() == CLIENT_CERT_TYPE_PATTERN) { | 482 if (cert_config_from_policy.client_cert_type == |
| 473 pkcs11_id = CertificateIsConfigured(ui_data.get()); | 483 onc::client_cert::kPattern) { |
| 484 pkcs11_id = CertificateIsConfigured(cert_config_from_policy.pattern); |
| 474 // Ensure the certificate is available and configured. | 485 // Ensure the certificate is available and configured. |
| 475 if (!cert_loader_->IsHardwareBacked() || pkcs11_id.empty()) { | 486 if (!cert_loader_->IsHardwareBacked() || pkcs11_id.empty()) { |
| 476 ErrorCallbackForPendingRequest(service_path, kErrorCertificateRequired); | 487 ErrorCallbackForPendingRequest(service_path, kErrorCertificateRequired); |
| 477 return; | 488 return; |
| 478 } | 489 } |
| 479 } else if (check_error_state && | 490 } else if (check_error_state && |
| 480 !client_cert::IsCertificateConfigured(client_cert_type, | 491 !client_cert::IsCertificateConfigured(client_cert_type, |
| 481 service_properties)) { | 492 service_properties)) { |
| 482 // Network may not be configured. | 493 // Network may not be configured. |
| 483 ErrorCallbackForPendingRequest(service_path, kErrorConfigurationRequired); | 494 ErrorCallbackForPendingRequest(service_path, kErrorConfigurationRequired); |
| (...skipping 243 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 727 } | 738 } |
| 728 | 739 |
| 729 void NetworkConnectionHandler::CheckAllPendingRequests() { | 740 void NetworkConnectionHandler::CheckAllPendingRequests() { |
| 730 for (std::map<std::string, ConnectRequest>::iterator iter = | 741 for (std::map<std::string, ConnectRequest>::iterator iter = |
| 731 pending_requests_.begin(); iter != pending_requests_.end(); ++iter) { | 742 pending_requests_.begin(); iter != pending_requests_.end(); ++iter) { |
| 732 CheckPendingRequest(iter->first); | 743 CheckPendingRequest(iter->first); |
| 733 } | 744 } |
| 734 } | 745 } |
| 735 | 746 |
| 736 std::string NetworkConnectionHandler::CertificateIsConfigured( | 747 std::string NetworkConnectionHandler::CertificateIsConfigured( |
| 737 NetworkUIData* ui_data) { | 748 const CertificatePattern& pattern) { |
| 738 if (ui_data->certificate_pattern().Empty()) | 749 if (pattern.Empty()) |
| 739 return std::string(); | 750 return std::string(); |
| 740 // Find the matching certificate. | 751 // Find the matching certificate. |
| 741 scoped_refptr<net::X509Certificate> matching_cert = | 752 scoped_refptr<net::X509Certificate> matching_cert = |
| 742 client_cert::GetCertificateMatch(ui_data->certificate_pattern(), | 753 client_cert::GetCertificateMatch(pattern, cert_loader_->cert_list()); |
| 743 cert_loader_->cert_list()); | |
| 744 if (!matching_cert.get()) | 754 if (!matching_cert.get()) |
| 745 return std::string(); | 755 return std::string(); |
| 746 return CertLoader::GetPkcs11IdForCert(*matching_cert.get()); | 756 return CertLoader::GetPkcs11IdForCert(*matching_cert.get()); |
| 747 } | 757 } |
| 748 | 758 |
| 749 void NetworkConnectionHandler::ErrorCallbackForPendingRequest( | 759 void NetworkConnectionHandler::ErrorCallbackForPendingRequest( |
| 750 const std::string& service_path, | 760 const std::string& service_path, |
| 751 const std::string& error_name) { | 761 const std::string& error_name) { |
| 752 ConnectRequest* request = GetPendingRequest(service_path); | 762 ConnectRequest* request = GetPendingRequest(service_path); |
| 753 if (!request) { | 763 if (!request) { |
| (...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 841 | 851 |
| 842 NET_LOG_EVENT("Disconnect Forced by Policy", network->path()); | 852 NET_LOG_EVENT("Disconnect Forced by Policy", network->path()); |
| 843 CallShillDisconnect( | 853 CallShillDisconnect( |
| 844 network->path(), base::Closure(), network_handler::ErrorCallback()); | 854 network->path(), base::Closure(), network_handler::ErrorCallback()); |
| 845 } | 855 } |
| 846 | 856 |
| 847 ConnectToBestNetworkAfterLogin(); | 857 ConnectToBestNetworkAfterLogin(); |
| 848 } | 858 } |
| 849 | 859 |
| 850 } // namespace chromeos | 860 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 370623002:
Remove most of NetworkUIData. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src