Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / chromeos / network / client_cert_util.h
blobc1fd42bb599cf2116dff3097febdf0cb73f3c20b
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_
6 #define CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_
8 #include <string>
9 #include <vector>
11 #include "base/memory/ref_counted.h"
12 #include "chromeos/chromeos_export.h"
13 #include "chromeos/network/certificate_pattern.h"
15 namespace base {
16 class DictionaryValue;
19 namespace net {
20 struct CertPrincipal;
21 class X509Certificate;
22 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
25 namespace chromeos {
27 namespace client_cert {
29 enum ConfigType {
30 CONFIG_TYPE_NONE,
31 CONFIG_TYPE_OPENVPN,
32 CONFIG_TYPE_IPSEC,
33 CONFIG_TYPE_EAP
36 struct CHROMEOS_EXPORT ClientCertConfig {
37 ClientCertConfig();
39 // Independent of whether the client cert (pattern or reference) is
40 // configured, the location determines whether this network configuration
41 // supports client certs and what kind of configuration it requires.
42 ConfigType location;
44 // One of the ClientCertTypes defined in ONC: kNone, kRef, or kPattern.
45 std::string client_cert_type;
47 // If |client_cert_type| equals kPattern, this contains the pattern.
48 CertificatePattern pattern;
51 // Returns true only if any fields set in this pattern match exactly with
52 // similar fields in the principal. If organization_ or organizational_unit_
53 // are set, then at least one of the organizations or units in the principal
54 // must match.
55 bool CertPrincipalMatches(const IssuerSubjectPattern& pattern,
56 const net::CertPrincipal& principal);
58 // Returns the PKCS11 and slot ID of |cert_id|, which is expected to be a
59 // value of the Shill property kEapCertIdProperty or kEapKeyIdProperty, either
60 // of format "<pkcs11_id>" or "<slot_id>:<pkcs11_id>".
61 CHROMEOS_EXPORT std::string GetPkcs11AndSlotIdFromEapCertId(
62 const std::string& cert_id,
63 int* slot_id);
65 // Reads the client certificate configuration from the Shill Service properties
66 // |shill_properties|.
67 // If such a configuration is found, the values |cert_config_type|, |tpm_slot|
68 // and |pkcs11_id| are filled accordingly. In case of OpenVPN or because the
69 // property was not set, |tpm_slot| will be set to -1.
70 // If an error occurred or no client configuration is found, |cert_config_type|
71 // will be set to CONFIG_TYPE_NONE, |tpm_slot| to -1 and |pkcs11_id| to the
72 // empty string.
73 CHROMEOS_EXPORT void GetClientCertFromShillProperties(
74 const base::DictionaryValue& shill_properties,
75 ConfigType* cert_config_type,
76 int* tpm_slot,
77 std::string* pkcs11_id);
79 // Sets the properties of a client cert and the TPM slot that it's contained in.
80 // |cert_config_type| determines which dictionary entries to set.
81 CHROMEOS_EXPORT void SetShillProperties(const ConfigType cert_config_type,
82 const int tpm_slot,
83 const std::string& pkcs11_id,
84 base::DictionaryValue* properties);
86 // Like SetShillProperties but instead sets the properties to empty strings.
87 // This should be used to clear previously set client certificate properties.
88 CHROMEOS_EXPORT void SetEmptyShillProperties(const ConfigType cert_config_type,
89 base::DictionaryValue* properties);
91 // Returns true if all required configuration properties are set and not empty.
92 bool IsCertificateConfigured(const client_cert::ConfigType cert_config_type,
93 const base::DictionaryValue& service_properties);
95 // Determines the type of the CertificatePattern configuration, i.e. is it a
96 // pattern within an EAP, IPsec or OpenVPN configuration.
97 CHROMEOS_EXPORT void OncToClientCertConfig(
98 const base::DictionaryValue& network_config,
99 ClientCertConfig* cert_config);
101 } // namespace client_cert
103 } // namespace chromeos
105 #endif // CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_