chromeos/network/client_cert_util.h - chromium/src - Git at Google

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_
 #define CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_

 #include <string>
 #include <vector>

 #include "base/component_export.h"
 #include "base/memory/ref_counted.h"
 #include "chromeos/network/onc/onc_certificate_pattern.h"
 #include "components/onc/onc_constants.h"

 namespace base {
 class Value;
 class DictionaryValue;
 }

 namespace chromeos {

 namespace client_cert {

 COMPONENT_EXPORT(CHROMEOS_NETWORK) extern const char kDefaultTPMPin[];

 enum ConfigType {
   CONFIG_TYPE_NONE,
   CONFIG_TYPE_OPENVPN,
   CONFIG_TYPE_IPSEC,
   CONFIG_TYPE_EAP
 };

 struct COMPONENT_EXPORT(CHROMEOS_NETWORK) ClientCertConfig {
   ClientCertConfig();
   ClientCertConfig(const ClientCertConfig& other);
   ~ClientCertConfig();

   // Independent of whether the client cert (pattern or reference) is
   // configured, the location determines whether this network configuration
   // supports client certs and what kind of configuration it requires.
   ConfigType location;

   // One of the ClientCertTypes defined in ONC: |kNone|, |kRef|, or |kPattern|.
   std::string client_cert_type;

   // If |client_cert_type| equals |kPattern|, this contains the pattern.
   OncCertificatePattern pattern;

   // If |client_cert_type| equals |kRef|, this contains the GUID of the
   // referenced certificate.
   std::string guid;

   // The value of |kIdentity|, to enable substitutions.
   std::string policy_identity;

   // source of this ClientCertConfig.
   ::onc::ONCSource onc_source;
 };

 // Returns the PKCS11 and slot ID of |cert_id|, which is expected to be a
 // value of the Shill property |kEapCertIdProperty| or |kEapKeyIdProperty|,
 // either of format "<pkcs11_id>" or "<slot_id>:<pkcs11_id>".
 COMPONENT_EXPORT(CHROMEOS_NETWORK)
 std::string GetPkcs11AndSlotIdFromEapCertId(const std::string& cert_id,
                                             int* slot_id);

 // Reads the client certificate configuration from the Shill Service properties
 // |shill_properties|.
 // If such a configuration is found, the values |cert_config_type|, |tpm_slot|
 // and |pkcs11_id| are filled accordingly. In case of OpenVPN or because the
 // property was not set, |tpm_slot| will be set to -1.
 // If an error occurred or no client configuration is found, |cert_config_type|
 // will be set to CONFIG_TYPE_NONE, |tpm_slot| to -1 and |pkcs11_id| to the
 // empty string.
 COMPONENT_EXPORT(CHROMEOS_NETWORK)
 void GetClientCertFromShillProperties(
     const base::DictionaryValue& shill_properties,
     ConfigType* cert_config_type,
     int* tpm_slot,
     std::string* pkcs11_id);

 // Sets the properties of a client cert and the TPM slot that it's contained in.
 // |cert_config_type| determines which dictionary entries to set.
 COMPONENT_EXPORT(CHROMEOS_NETWORK)
 void SetShillProperties(const ConfigType cert_config_type,
                         const int tpm_slot,
                         const std::string& pkcs11_id,
                         base::Value* properties);

 // Like SetShillProperties but instead sets the properties to empty strings.
 // This should be used to clear previously set client certificate properties.
 COMPONENT_EXPORT(CHROMEOS_NETWORK)
 void SetEmptyShillProperties(const ConfigType cert_config_type,
                              base::Value* properties);

 // Determines the type of the OncCertificatePattern configuration, i.e. is it a
 // pattern within an EAP, IPsec or OpenVPN configuration.
 COMPONENT_EXPORT(CHROMEOS_NETWORK)
 void OncToClientCertConfig(::onc::ONCSource onc_source,
                            const base::DictionaryValue& network_config,
                            ClientCertConfig* cert_config);

 }  // namespace client_cert

 }  // namespace chromeos

 #endif  // CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_
	// Copyright (c) 2012 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_
	#define CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_

	#include <string>
	#include <vector>

	#include "base/component_export.h"
	#include "base/memory/ref_counted.h"
	#include "chromeos/network/onc/onc_certificate_pattern.h"
	#include "components/onc/onc_constants.h"

	namespace base {
	class Value;
	class DictionaryValue;
	}

	namespace chromeos {

	namespace client_cert {

	COMPONENT_EXPORT(CHROMEOS_NETWORK) extern const char kDefaultTPMPin[];

	enum ConfigType {
	CONFIG_TYPE_NONE,
	CONFIG_TYPE_OPENVPN,
	CONFIG_TYPE_IPSEC,
	CONFIG_TYPE_EAP
	};

	struct COMPONENT_EXPORT(CHROMEOS_NETWORK) ClientCertConfig {
	ClientCertConfig();
	ClientCertConfig(const ClientCertConfig& other);
	~ClientCertConfig();

	// Independent of whether the client cert (pattern or reference) is
	// configured, the location determines whether this network configuration
	// supports client certs and what kind of configuration it requires.
	ConfigType location;

	// One of the ClientCertTypes defined in ONC: \|kNone\|, \|kRef\|, or \|kPattern\|.
	std::string client_cert_type;

	// If \|client_cert_type\| equals \|kPattern\|, this contains the pattern.
	OncCertificatePattern pattern;

	// If \|client_cert_type\| equals \|kRef\|, this contains the GUID of the
	// referenced certificate.
	std::string guid;

	// The value of \|kIdentity\|, to enable substitutions.
	std::string policy_identity;

	// source of this ClientCertConfig.
	::onc::ONCSource onc_source;
	};

	// Returns the PKCS11 and slot ID of \|cert_id\|, which is expected to be a
	// value of the Shill property \|kEapCertIdProperty\| or \|kEapKeyIdProperty\|,
	// either of format "<pkcs11_id>" or "<slot_id>:<pkcs11_id>".
	COMPONENT_EXPORT(CHROMEOS_NETWORK)
	std::string GetPkcs11AndSlotIdFromEapCertId(const std::string& cert_id,
	int* slot_id);

	// Reads the client certificate configuration from the Shill Service properties
	// \|shill_properties\|.
	// If such a configuration is found, the values \|cert_config_type\|, \|tpm_slot\|
	// and \|pkcs11_id\| are filled accordingly. In case of OpenVPN or because the
	// property was not set, \|tpm_slot\| will be set to -1.
	// If an error occurred or no client configuration is found, \|cert_config_type\|
	// will be set to CONFIG_TYPE_NONE, \|tpm_slot\| to -1 and \|pkcs11_id\| to the
	// empty string.
	COMPONENT_EXPORT(CHROMEOS_NETWORK)
	void GetClientCertFromShillProperties(
	const base::DictionaryValue& shill_properties,
	ConfigType* cert_config_type,
	int* tpm_slot,
	std::string* pkcs11_id);

	// Sets the properties of a client cert and the TPM slot that it's contained in.
	// \|cert_config_type\| determines which dictionary entries to set.
	COMPONENT_EXPORT(CHROMEOS_NETWORK)
	void SetShillProperties(const ConfigType cert_config_type,
	const int tpm_slot,
	const std::string& pkcs11_id,
	base::Value* properties);

	// Like SetShillProperties but instead sets the properties to empty strings.
	// This should be used to clear previously set client certificate properties.
	COMPONENT_EXPORT(CHROMEOS_NETWORK)
	void SetEmptyShillProperties(const ConfigType cert_config_type,
	base::Value* properties);

	// Determines the type of the OncCertificatePattern configuration, i.e. is it a
	// pattern within an EAP, IPsec or OpenVPN configuration.
	COMPONENT_EXPORT(CHROMEOS_NETWORK)
	void OncToClientCertConfig(::onc::ONCSource onc_source,
	const base::DictionaryValue& network_config,
	ClientCertConfig* cert_config);

	} // namespace client_cert

	} // namespace chromeos

	#endif // CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_