chromeos/network/client_cert_util.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_
   6 #define CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/memory/ref_counted.h"
  12 #include "chromeos/chromeos_export.h"
  13
  14 namespace base {
  15 class DictionaryValue;
  16 }
  17
  18 namespace net {
  19 struct CertPrincipal;
  20 class X509Certificate;
  21 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
  22 }
  23
  24 namespace chromeos {
  25
  26 class CertificatePattern;
  27 class IssuerSubjectPattern;
  28
  29 namespace client_cert {
  30
  31 enum ConfigType {
  32   CONFIG_TYPE_NONE,
  33   CONFIG_TYPE_OPENVPN,
  34   CONFIG_TYPE_IPSEC,
  35   CONFIG_TYPE_EAP
  36 };
  37
  38 // Returns true only if any fields set in this pattern match exactly with
  39 // similar fields in the principal.  If organization_ or organizational_unit_
  40 // are set, then at least one of the organizations or units in the principal
  41 // must match.
  42 bool CertPrincipalMatches(const IssuerSubjectPattern& pattern,
  43                           const net::CertPrincipal& principal);
  44
  45 // Fetches the matching certificate that has the latest valid start date.
  46 // Returns a NULL refptr if there is no such match.
  47 CHROMEOS_EXPORT scoped_refptr<net::X509Certificate> GetCertificateMatch(
  48     const CertificatePattern& pattern,
  49     const net::CertificateList& all_certs);
  50
  51 // If not empty, sets the TPM properties in |properties|. If |pkcs11_id| is not
  52 // NULL, also sets the ClientCertID. |cert_config_type| determines which
  53 // dictionary entries to set.
  54 void SetShillProperties(const ConfigType cert_config_type,
  55                         const std::string& tpm_slot,
  56                         const std::string& tpm_pin,
  57                         const std::string* pkcs11_id,
  58                         base::DictionaryValue* properties);
  59
  60 // Returns true if all required configuration properties are set and not empty.
  61 bool IsCertificateConfigured(const client_cert::ConfigType cert_config_type,
  62                              const base::DictionaryValue& service_properties);
  63
  64 }  // namespace client_cert
  65
  66 }  // namespace chromeos
  67
  68 #endif  // CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_