chromeos/network/client_cert_util.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_
   6 #define CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/memory/ref_counted.h"
  12 #include "chromeos/chromeos_export.h"
  13 #include "chromeos/network/certificate_pattern.h"
  14
  15 namespace base {
  16 class DictionaryValue;
  17 }
  18
  19 namespace net {
  20 struct CertPrincipal;
  21 class X509Certificate;
  22 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
  23 }
  24
  25 namespace chromeos {
  26
  27 class IssuerSubjectPattern;
  28
  29 namespace client_cert {
  30
  31 enum ConfigType {
  32   CONFIG_TYPE_NONE,
  33   CONFIG_TYPE_OPENVPN,
  34   CONFIG_TYPE_IPSEC,
  35   CONFIG_TYPE_EAP
  36 };
  37
  38 struct CHROMEOS_EXPORT ClientCertConfig {
  39   ClientCertConfig();
  40
  41   // Independent of whether the client cert (pattern or reference) is
  42   // configured, the location determines whether this network configuration
  43   // supports client certs and what kind of configuration it requires.
  44   ConfigType location;
  45
  46   // One of the ClientCertTypes defined in ONC: kNone, kRef, or kPattern.
  47   std::string client_cert_type;
  48
  49   // If |client_cert_type| equals kPattern, this contains the pattern.
  50   CertificatePattern pattern;
  51 };
  52
  53 // Returns true only if any fields set in this pattern match exactly with
  54 // similar fields in the principal.  If organization_ or organizational_unit_
  55 // are set, then at least one of the organizations or units in the principal
  56 // must match.
  57 bool CertPrincipalMatches(const IssuerSubjectPattern& pattern,
  58                           const net::CertPrincipal& principal);
  59
  60 // Fetches the matching certificate that has the latest valid start date.
  61 // Returns a NULL refptr if there is no such match.
  62 CHROMEOS_EXPORT scoped_refptr<net::X509Certificate> GetCertificateMatch(
  63     const CertificatePattern& pattern,
  64     const net::CertificateList& all_certs);
  65
  66 // If not empty, sets the TPM properties in |properties|. If |pkcs11_id| is not
  67 // NULL, also sets the ClientCertID. |cert_config_type| determines which
  68 // dictionary entries to set.
  69 void SetShillProperties(const ConfigType cert_config_type,
  70                         const std::string& tpm_slot,
  71                         const std::string& tpm_pin,
  72                         const std::string* pkcs11_id,
  73                         base::DictionaryValue* properties);
  74
  75 // Returns true if all required configuration properties are set and not empty.
  76 bool IsCertificateConfigured(const client_cert::ConfigType cert_config_type,
  77                              const base::DictionaryValue& service_properties);
  78
  79 // Determines the type of the CertificatePattern configuration, i.e. is it a
  80 // pattern within an EAP, IPsec or OpenVPN configuration.
  81 CHROMEOS_EXPORT void OncToClientCertConfig(
  82     const base::DictionaryValue& network_config,
  83     ClientCertConfig* cert_config);
  84
  85 }  // namespace client_cert
  86
  87 }  // namespace chromeos
  88
  89 #endif  // CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_