Paul Stewart | 0654ece | 2013-03-26 15:21:26 -0700 | [diff] [blame] | 1 | // Copyright (c) 2013 The Chromium OS Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef SHILL_EAP_CREDENTIALS_H_ |
| 6 | #define SHILL_EAP_CREDENTIALS_H_ |
| 7 | |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 8 | #include <map> |
Paul Stewart | 0654ece | 2013-03-26 15:21:26 -0700 | [diff] [blame] | 9 | #include <string> |
| 10 | #include <vector> |
| 11 | |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 12 | #include <base/file_path.h> |
| 13 | #include <dbus-c++/dbus.h> |
| 14 | |
| 15 | #include "shill/technology.h" |
| 16 | |
Paul Stewart | 0654ece | 2013-03-26 15:21:26 -0700 | [diff] [blame] | 17 | namespace shill { |
| 18 | |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 19 | class CertificateFile; |
| 20 | class Error; |
| 21 | class KeyValueStore; |
| 22 | class Metrics; |
| 23 | class NSS; |
| 24 | class PropertyStore; |
| 25 | class StoreInterface; |
| 26 | |
| 27 | class EapCredentials { |
| 28 | public: |
| 29 | // TODO(pstew): Storage constants shouldn't need to be public |
Paul Stewart | ee6b3d7 | 2013-07-12 16:07:51 -0700 | [diff] [blame] | 30 | // crbug.com/208736 |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 31 | static const char kStorageEapAnonymousIdentity[]; |
| 32 | static const char kStorageEapCACert[]; |
| 33 | static const char kStorageEapCACertID[]; |
| 34 | static const char kStorageEapCACertNSS[]; |
| 35 | static const char kStorageEapCACertPEM[]; |
| 36 | static const char kStorageEapCertID[]; |
| 37 | static const char kStorageEapClientCert[]; |
| 38 | static const char kStorageEapEap[]; |
| 39 | static const char kStorageEapIdentity[]; |
| 40 | static const char kStorageEapInnerEap[]; |
| 41 | static const char kStorageEapKeyID[]; |
| 42 | static const char kStorageEapKeyManagement[]; |
| 43 | static const char kStorageEapPIN[]; |
| 44 | static const char kStorageEapPassword[]; |
| 45 | static const char kStorageEapPrivateKey[]; |
| 46 | static const char kStorageEapPrivateKeyPassword[]; |
| 47 | static const char kStorageEapSubjectMatch[]; |
| 48 | static const char kStorageEapUseSystemCAs[]; |
| 49 | |
| 50 | EapCredentials(); |
| 51 | virtual ~EapCredentials(); |
| 52 | |
| 53 | // Add property accessors to the EAP credential parameters in |this| to |
| 54 | // |store|. |
| 55 | void InitPropertyStore(PropertyStore *store); |
| 56 | |
| 57 | // Returns true if |property| is used for authentication in EapCredentials. |
| 58 | static bool IsEapAuthenticationProperty(const std::string property); |
| 59 | |
| 60 | // Returns true if a connection can be made with |this| credentials using |
| 61 | // either passphrase or certificates. |
| 62 | virtual bool IsConnectable() const; |
| 63 | |
| 64 | // Returns true if a connection can be made with |this| credentials using |
| 65 | // only passphrase properties. |
| 66 | virtual bool IsConnectableUsingPassphrase() const; |
| 67 | |
| 68 | // Loads EAP properties from |storage| in group |id|. |
| 69 | virtual void Load(StoreInterface *store, const std::string &id); |
| 70 | |
| 71 | // Output metrics about this EAP connection to |metrics| with technology |
| 72 | // |technology|. |
| 73 | virtual void OutputConnectionMetrics(Metrics *metrics, |
| 74 | Technology::Identifier technology) const; |
| 75 | |
| 76 | // Populate the wpa_supplicant DBus parameter map |params| with the |
| 77 | // credentials in |this|. To do so, this function may use |certificate_file| |
| 78 | // or |nss| to export CA certificates to be passed to wpa_supplicant. |
| 79 | virtual void PopulateSupplicantProperties( |
| 80 | CertificateFile *certificate_file, |
| 81 | NSS *nss, |
| 82 | const std::vector<char> nss_identifier, |
| 83 | std::map<std::string, DBus::Variant> *params) const; |
| 84 | |
| 85 | // Populate the WiMax connection parameters |params| with the |
| 86 | // credentials in |this|. |
| 87 | virtual void PopulateWiMaxProperties( |
| 88 | KeyValueStore *params) const; |
| 89 | |
| 90 | // Save EAP properties to |storage| in group |id|. If |save_credentials| |
| 91 | // is true, passwords and identities that are a part of the credentials are |
| 92 | // also saved. |
| 93 | virtual void Save(StoreInterface *store, const std::string &id, |
| 94 | bool save_credentials) const; |
| 95 | |
| 96 | // Restore EAP properties to their initial state. |
| 97 | virtual void Reset(); |
| 98 | |
| 99 | // Setter that guards against emptying the "Key Management" value. |
mukesh agrawal | bebf1b8 | 2013-04-23 15:06:33 -0700 | [diff] [blame] | 100 | virtual bool SetKeyManagement(const std::string &key_management, |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 101 | Error *error); |
| 102 | |
| 103 | // Getters and setters. |
| 104 | virtual const std::string &identity() const { return identity_; } |
| 105 | void set_identity(const std::string &identity) { |
| 106 | identity_ = identity; |
| 107 | } |
| 108 | virtual const std::string &key_management() const { return key_management_; } |
| 109 | virtual void set_password(const std::string &password) { |
| 110 | password_ = password; |
| 111 | } |
| 112 | |
| 113 | private: |
| 114 | friend class EapCredentialsTest; |
| 115 | |
| 116 | // Expose a property in |store|, with the name |name|. |
| 117 | // |
| 118 | // Reads of the property will be handled by invoking |get|. |
| 119 | // Writes to the property will be handled by invoking |set|. |
| 120 | void HelpRegisterDerivedString( |
| 121 | PropertyStore *store, |
| 122 | const std::string &name, |
| 123 | std::string(EapCredentials::*get)(Error *error), |
mukesh agrawal | bebf1b8 | 2013-04-23 15:06:33 -0700 | [diff] [blame] | 124 | bool(EapCredentials::*set)(const std::string &value, Error *error)); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 125 | |
| 126 | // Expose a property in |store|, with the name |name|. |
| 127 | // |
| 128 | // Reads of the property will be handled by invoking |get|. |
| 129 | // |
| 130 | // Clearing the property will be handled by invoking |clear|, or |
| 131 | // calling |set| with |default_value| (whichever is non-NULL). It |
| 132 | // is an error to call this method with both |clear| and |
| 133 | // |default_value| non-NULL. |
| 134 | void HelpRegisterWriteOnlyDerivedString( |
| 135 | PropertyStore *store, |
| 136 | const std::string &name, |
mukesh agrawal | bebf1b8 | 2013-04-23 15:06:33 -0700 | [diff] [blame] | 137 | bool(EapCredentials::*set)(const std::string &value, Error *error), |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 138 | void(EapCredentials::*clear)(Error *error), |
| 139 | const std::string *default_value); |
| 140 | |
| 141 | // Assigns |value| to |key| in |storage| if |value| is non-empty and |save| is |
| 142 | // true. Otherwise, removes |key| from |storage|. If |crypted| is true, the |
| 143 | // value is encrypted. |
| 144 | static void SaveString(StoreInterface *storage, |
| 145 | const std::string &id, |
| 146 | const std::string &key, |
| 147 | const std::string &value, |
| 148 | bool crypted, |
| 149 | bool save); |
| 150 | |
| 151 | // Setters for write-only RPC properties. |
mukesh agrawal | bebf1b8 | 2013-04-23 15:06:33 -0700 | [diff] [blame] | 152 | bool SetEapPassword(const std::string &password, Error *error); |
| 153 | bool SetEapPrivateKeyPassword(const std::string &password, Error *error); |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 154 | |
| 155 | // RPC getter for key_management_. |
| 156 | std::string GetKeyManagement(Error *error); |
| 157 | |
Paul Stewart | 0654ece | 2013-03-26 15:21:26 -0700 | [diff] [blame] | 158 | // When there is an inner EAP type, use this identity for the outer. |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 159 | std::string anonymous_identity_; |
Paul Stewart | 0654ece | 2013-03-26 15:21:26 -0700 | [diff] [blame] | 160 | // Locator for the client certificate within the security token. |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 161 | std::string cert_id_; |
| 162 | // Filename of the client certificate. |
| 163 | std::string client_cert_; |
| 164 | // Who we identify ourselves as to the EAP authenticator. |
| 165 | std::string identity_; |
Paul Stewart | 0654ece | 2013-03-26 15:21:26 -0700 | [diff] [blame] | 166 | // Locator for the client private key within the security token. |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 167 | std::string key_id_; |
Paul Stewart | 0654ece | 2013-03-26 15:21:26 -0700 | [diff] [blame] | 168 | // Key management algorithm to use after EAP succeeds. |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 169 | std::string key_management_; |
| 170 | // Password to use for EAP methods which require one. |
| 171 | std::string password_; |
| 172 | // PIN code for accessing the security token. |
| 173 | std::string pin_; |
| 174 | // Filename of the client private key. |
| 175 | std::string private_key_; |
| 176 | // Password for decrypting the client private key file. |
| 177 | std::string private_key_password_; |
| 178 | |
| 179 | // Filename of the certificate authority (CA) certificate. |
| 180 | std::string ca_cert_; |
| 181 | // Locator for the CA certificate within the security token. |
| 182 | std::string ca_cert_id_; |
| 183 | // Locator for the CA certificate within the user NSS database. |
| 184 | std::string ca_cert_nss_; |
| 185 | // Raw PEM contents of the CA certificate. |
Paul Stewart | b3008ea | 2013-06-28 14:51:54 -0700 | [diff] [blame] | 186 | std::vector<std::string> ca_cert_pem_; |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 187 | // The outer or only EAP authetnication type. |
| 188 | std::string eap_; |
| 189 | // The inner EAP authentication type. |
| 190 | std::string inner_eap_; |
Paul Stewart | 0654ece | 2013-03-26 15:21:26 -0700 | [diff] [blame] | 191 | // If non-empty, string to match remote subject against before connecting. |
Paul Stewart | c43cbbe | 2013-04-11 06:29:30 -0700 | [diff] [blame] | 192 | std::string subject_match_; |
| 193 | // If true, use the system-wide CA database to authenticate the remote. |
| 194 | bool use_system_cas_; |
| 195 | |
| 196 | DISALLOW_COPY_AND_ASSIGN(EapCredentials); |
Paul Stewart | 0654ece | 2013-03-26 15:21:26 -0700 | [diff] [blame] | 197 | }; |
| 198 | |
| 199 | } // namespace shill |
| 200 | |
| 201 | #endif // SHILL_EAP_CREDENTIALS_H_ |