Google Git
Sign in
chromium / aosp / platform / system / connectivity / shill / factory-gale-8743.19.B / . / test-rpc-proxy / proxy_rpc_security_types.h
blob: d9e599d6ef78e77926b170138bf365586f52b872 [file] [log] [blame]
//
// Copyright (C) 2015 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
#ifndef PROXY_RPC_SECURITY_TYPES_H
#define PROXY_RPC_SECURITY_TYPES_H
#include <string>
#include <XmlRpcValue.h>
#include <brillo/variant_dictionary.h>
// Abstracts the security configuration for a WiFi network.
// This bundle of credentials can be passed to both HostapConfig and
// AssociationParameters so that both shill and hostapd can set up and connect
// to an encrypted WiFi network. By default, we'll assume we're connecting
// to an open network.
class SecurityConfig {
public:
enum WpaModeType {
kWpaModePure = 1,
kWpaModePure_2 = 2,
kWpaModeMixed = kWpaModePure | kWpaModePure_2,
kWpaModeDefault = kWpaModeMixed,
};
enum AuthAlgorithmType {
kAuthAlgorithmTypeOpen = 1,
kAuthAlgorithmTypeShared = 2,
kAuthAlgorithmTypeDefault = kAuthAlgorithmTypeOpen
};
static const char kDefaultSecurity[];
// This function creates the appropriate |SecurityConfig| subclass
// object from the incoming RPC data.
static std::unique_ptr<SecurityConfig> CreateSecurityConfigObject(
XmlRpc::XmlRpcValue* xml_rpc_value_in);
SecurityConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
virtual ~SecurityConfig() = default;
virtual void GetServiceProperties(brillo::VariantDictionary* properties);
std::string security_;
};
// Abstracts security configuration for a WiFi network using static WEP.
// Open system authentication means that we don"t do a 4 way AUTH handshake,
// and simply start using the WEP keys after association finishes.
class WEPConfig : public SecurityConfig {
public:
WEPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
virtual void GetServiceProperties(brillo::VariantDictionary* properties) override;
private:
std::vector<std::string> wep_keys_;
int wep_default_key_index_;
int auth_algorithm_;
};
// Abstracts security configuration for a WPA encrypted WiFi network.
class WPAConfig : public SecurityConfig {
public:
WPAConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
void GetServiceProperties(brillo::VariantDictionary* properties) override;
static const int kMaxPskSize;
private:
std::string psk_;
int wpa_mode_;
std::vector<std::string> wpa_ciphers_;
std::vector<std::string> wpa2_ciphers_;
int wpa_ptk_rekey_period_seconds_;
int wpa_gtk_rekey_period_seconds_;
int wpa_gmk_rekey_period_seconds_;
bool use_strict_rekey_;
};
// Abstract superclass that implements certificate/key installation.
class EAPConfig : public SecurityConfig {
public:
static const char kDefaultEapUsers[];
static const char kDefaultEAPIdentity[];
static int last_tmp_id;
EAPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
void GetServiceProperties(brillo::VariantDictionary* properties) override;
private:
bool use_system_cas_;
std::string server_ca_cert_;
std::string server_cert_;
std::string server_key_;
std::string server_eap_users;
std::string client_ca_cert_;
std::string client_cert_;
std::string client_key_;
std::string server_ca_cert_file_path_;
std::string server_cert_file_path_;
std::string server_key_file_path_;
std::string server_eap_user_file_path_;
std::string file_path_suffix_;
std::string client_cert_id_;
std::string client_key_id_;
std::string pin_;
std::string client_cert_slot_id_;
std::string client_key_slot_id_;
std::string eap_identity_;
};
// Configuration settings bundle for dynamic WEP.
// This is a WEP encrypted connection where the keys are negotiated after the
// client authenticates via 802.1x.
class DynamicWEPConfig : public EAPConfig {
public:
static const int kDefaultKeyPeriod;
DynamicWEPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
void GetServiceProperties(brillo::VariantDictionary* properties) override;
private:
bool use_short_keys_;
int wep_rekey_period_seconds_;
};
// Security type to set up a WPA connection via EAP-TLS negotiation.
class WPAEAPConfig : public EAPConfig {
public:
WPAEAPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
void GetServiceProperties(brillo::VariantDictionary* properties) override;
private:
bool use_short_keys_;
WpaModeType wpa_mode_;
};
// Security type to set up a TTLS/PEAP connection.
// Both PEAP and TTLS are tunneled protocols which use EAP inside of a TLS
// secured tunnel. The secured tunnel is a symmetric key encryption scheme
// negotiated under the protection of a public key in the server certificate.
// Thus, we"ll see server credentials in the form of certificates, but client
// credentials in the form of passwords and a CA Cert to root the trust chain.
class Tunneled1xConfig : public WPAEAPConfig {
public:
static const char kTTLSPrefix[];
static const char kLayer1TypePEAP[];
static const char kLayer1TypeTTLS[];
static const char kLayer2TypeGTC[];
static const char kLayer2TypeMSCHAPV2[];
static const char kLayer2TypeMD5[];
static const char kLayer2TypeTTLSMSCHAPV2[];
static const char kLayer2TypeTTLSMSCHAP[];
static const char kLayer2TypeTTLSPAP[];
Tunneled1xConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
void GetServiceProperties(brillo::VariantDictionary* properties) override;
private:
std::string password_;
std::string inner_protocol_;
};
#endif // PROXY_RPC_SECURITY_TYPES_H