client_cert_util.h revision 116680a4aac90f2aa7413d9095a592090648e557
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_ 6#define CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_ 7 8#include <string> 9#include <vector> 10 11#include "base/memory/ref_counted.h" 12#include "chromeos/chromeos_export.h" 13#include "chromeos/network/certificate_pattern.h" 14 15namespace base { 16class DictionaryValue; 17} 18 19namespace net { 20struct CertPrincipal; 21class X509Certificate; 22typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; 23} 24 25namespace chromeos { 26 27class IssuerSubjectPattern; 28 29namespace client_cert { 30 31enum ConfigType { 32 CONFIG_TYPE_NONE, 33 CONFIG_TYPE_OPENVPN, 34 CONFIG_TYPE_IPSEC, 35 CONFIG_TYPE_EAP 36}; 37 38struct CHROMEOS_EXPORT ClientCertConfig { 39 ClientCertConfig(); 40 41 // Independent of whether the client cert (pattern or reference) is 42 // configured, the location determines whether this network configuration 43 // supports client certs and what kind of configuration it requires. 44 ConfigType location; 45 46 // One of the ClientCertTypes defined in ONC: kNone, kRef, or kPattern. 47 std::string client_cert_type; 48 49 // If |client_cert_type| equals kPattern, this contains the pattern. 50 CertificatePattern pattern; 51}; 52 53// Returns true only if any fields set in this pattern match exactly with 54// similar fields in the principal. If organization_ or organizational_unit_ 55// are set, then at least one of the organizations or units in the principal 56// must match. 57bool CertPrincipalMatches(const IssuerSubjectPattern& pattern, 58 const net::CertPrincipal& principal); 59 60// Fetches the matching certificate that has the latest valid start date. 61// Returns a NULL refptr if there is no such match. 62CHROMEOS_EXPORT scoped_refptr<net::X509Certificate> GetCertificateMatch( 63 const CertificatePattern& pattern, 64 const net::CertificateList& all_certs); 65 66// If not empty, sets the TPM properties in |properties|. If |pkcs11_id| is not 67// NULL, also sets the ClientCertID. |cert_config_type| determines which 68// dictionary entries to set. 69void SetShillProperties(const ConfigType cert_config_type, 70 const std::string& tpm_slot, 71 const std::string& tpm_pin, 72 const std::string* pkcs11_id, 73 base::DictionaryValue* properties); 74 75// Returns true if all required configuration properties are set and not empty. 76bool IsCertificateConfigured(const client_cert::ConfigType cert_config_type, 77 const base::DictionaryValue& service_properties); 78 79// Determines the type of the CertificatePattern configuration, i.e. is it a 80// pattern within an EAP, IPsec or OpenVPN configuration. 81CHROMEOS_EXPORT void OncToClientCertConfig( 82 const base::DictionaryValue& network_config, 83 ClientCertConfig* cert_config); 84 85} // namespace client_cert 86 87} // namespace chromeos 88 89#endif // CHROMEOS_NETWORK_CLIENT_CERT_UTIL_H_ 90