blob: 83610165eeb147357ac7827118918077fad70bfd [file] [log] [blame]
Paul Stewart0654ece2013-03-26 15:21:26 -07001// Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef SHILL_EAP_CREDENTIALS_H_
6#define SHILL_EAP_CREDENTIALS_H_
7
Paul Stewartc43cbbe2013-04-11 06:29:30 -07008#include <map>
Paul Stewart0654ece2013-03-26 15:21:26 -07009#include <string>
10#include <vector>
11
Paul Stewartc43cbbe2013-04-11 06:29:30 -070012#include <base/file_path.h>
13#include <dbus-c++/dbus.h>
14
15#include "shill/technology.h"
16
Paul Stewart0654ece2013-03-26 15:21:26 -070017namespace shill {
18
Paul Stewartc43cbbe2013-04-11 06:29:30 -070019class CertificateFile;
20class Error;
21class KeyValueStore;
22class Metrics;
23class NSS;
24class PropertyStore;
25class StoreInterface;
26
27class EapCredentials {
28 public:
29 // TODO(pstew): Storage constants shouldn't need to be public
30 // crosbug.com/25813
31 static const char kStorageEapAnonymousIdentity[];
32 static const char kStorageEapCACert[];
33 static const char kStorageEapCACertID[];
34 static const char kStorageEapCACertNSS[];
35 static const char kStorageEapCACertPEM[];
36 static const char kStorageEapCertID[];
37 static const char kStorageEapClientCert[];
38 static const char kStorageEapEap[];
39 static const char kStorageEapIdentity[];
40 static const char kStorageEapInnerEap[];
41 static const char kStorageEapKeyID[];
42 static const char kStorageEapKeyManagement[];
43 static const char kStorageEapPIN[];
44 static const char kStorageEapPassword[];
45 static const char kStorageEapPrivateKey[];
46 static const char kStorageEapPrivateKeyPassword[];
47 static const char kStorageEapSubjectMatch[];
48 static const char kStorageEapUseSystemCAs[];
49
50 EapCredentials();
51 virtual ~EapCredentials();
52
53 // Add property accessors to the EAP credential parameters in |this| to
54 // |store|.
55 void InitPropertyStore(PropertyStore *store);
56
57 // Returns true if |property| is used for authentication in EapCredentials.
58 static bool IsEapAuthenticationProperty(const std::string property);
59
60 // Returns true if a connection can be made with |this| credentials using
61 // either passphrase or certificates.
62 virtual bool IsConnectable() const;
63
64 // Returns true if a connection can be made with |this| credentials using
65 // only passphrase properties.
66 virtual bool IsConnectableUsingPassphrase() const;
67
68 // Loads EAP properties from |storage| in group |id|.
69 virtual void Load(StoreInterface *store, const std::string &id);
70
71 // Output metrics about this EAP connection to |metrics| with technology
72 // |technology|.
73 virtual void OutputConnectionMetrics(Metrics *metrics,
74 Technology::Identifier technology) const;
75
76 // Populate the wpa_supplicant DBus parameter map |params| with the
77 // credentials in |this|. To do so, this function may use |certificate_file|
78 // or |nss| to export CA certificates to be passed to wpa_supplicant.
79 virtual void PopulateSupplicantProperties(
80 CertificateFile *certificate_file,
81 NSS *nss,
82 const std::vector<char> nss_identifier,
83 std::map<std::string, DBus::Variant> *params) const;
84
85 // Populate the WiMax connection parameters |params| with the
86 // credentials in |this|.
87 virtual void PopulateWiMaxProperties(
88 KeyValueStore *params) const;
89
90 // Save EAP properties to |storage| in group |id|. If |save_credentials|
91 // is true, passwords and identities that are a part of the credentials are
92 // also saved.
93 virtual void Save(StoreInterface *store, const std::string &id,
94 bool save_credentials) const;
95
96 // Restore EAP properties to their initial state.
97 virtual void Reset();
98
99 // Setter that guards against emptying the "Key Management" value.
mukesh agrawalbebf1b82013-04-23 15:06:33 -0700100 virtual bool SetKeyManagement(const std::string &key_management,
Paul Stewartc43cbbe2013-04-11 06:29:30 -0700101 Error *error);
102
103 // Getters and setters.
104 virtual const std::string &identity() const { return identity_; }
105 void set_identity(const std::string &identity) {
106 identity_ = identity;
107 }
108 virtual const std::string &key_management() const { return key_management_; }
109 virtual void set_password(const std::string &password) {
110 password_ = password;
111 }
112
113 private:
114 friend class EapCredentialsTest;
115
116 // Expose a property in |store|, with the name |name|.
117 //
118 // Reads of the property will be handled by invoking |get|.
119 // Writes to the property will be handled by invoking |set|.
120 void HelpRegisterDerivedString(
121 PropertyStore *store,
122 const std::string &name,
123 std::string(EapCredentials::*get)(Error *error),
mukesh agrawalbebf1b82013-04-23 15:06:33 -0700124 bool(EapCredentials::*set)(const std::string &value, Error *error));
Paul Stewartc43cbbe2013-04-11 06:29:30 -0700125
126 // Expose a property in |store|, with the name |name|.
127 //
128 // Reads of the property will be handled by invoking |get|.
129 //
130 // Clearing the property will be handled by invoking |clear|, or
131 // calling |set| with |default_value| (whichever is non-NULL). It
132 // is an error to call this method with both |clear| and
133 // |default_value| non-NULL.
134 void HelpRegisterWriteOnlyDerivedString(
135 PropertyStore *store,
136 const std::string &name,
mukesh agrawalbebf1b82013-04-23 15:06:33 -0700137 bool(EapCredentials::*set)(const std::string &value, Error *error),
Paul Stewartc43cbbe2013-04-11 06:29:30 -0700138 void(EapCredentials::*clear)(Error *error),
139 const std::string *default_value);
140
141 // Assigns |value| to |key| in |storage| if |value| is non-empty and |save| is
142 // true. Otherwise, removes |key| from |storage|. If |crypted| is true, the
143 // value is encrypted.
144 static void SaveString(StoreInterface *storage,
145 const std::string &id,
146 const std::string &key,
147 const std::string &value,
148 bool crypted,
149 bool save);
150
151 // Setters for write-only RPC properties.
mukesh agrawalbebf1b82013-04-23 15:06:33 -0700152 bool SetEapPassword(const std::string &password, Error *error);
153 bool SetEapPrivateKeyPassword(const std::string &password, Error *error);
Paul Stewartc43cbbe2013-04-11 06:29:30 -0700154
155 // RPC getter for key_management_.
156 std::string GetKeyManagement(Error *error);
157
Paul Stewart0654ece2013-03-26 15:21:26 -0700158 // When there is an inner EAP type, use this identity for the outer.
Paul Stewartc43cbbe2013-04-11 06:29:30 -0700159 std::string anonymous_identity_;
Paul Stewart0654ece2013-03-26 15:21:26 -0700160 // Locator for the client certificate within the security token.
Paul Stewartc43cbbe2013-04-11 06:29:30 -0700161 std::string cert_id_;
162 // Filename of the client certificate.
163 std::string client_cert_;
164 // Who we identify ourselves as to the EAP authenticator.
165 std::string identity_;
Paul Stewart0654ece2013-03-26 15:21:26 -0700166 // Locator for the client private key within the security token.
Paul Stewartc43cbbe2013-04-11 06:29:30 -0700167 std::string key_id_;
Paul Stewart0654ece2013-03-26 15:21:26 -0700168 // Key management algorithm to use after EAP succeeds.
Paul Stewartc43cbbe2013-04-11 06:29:30 -0700169 std::string key_management_;
170 // Password to use for EAP methods which require one.
171 std::string password_;
172 // PIN code for accessing the security token.
173 std::string pin_;
174 // Filename of the client private key.
175 std::string private_key_;
176 // Password for decrypting the client private key file.
177 std::string private_key_password_;
178
179 // Filename of the certificate authority (CA) certificate.
180 std::string ca_cert_;
181 // Locator for the CA certificate within the security token.
182 std::string ca_cert_id_;
183 // Locator for the CA certificate within the user NSS database.
184 std::string ca_cert_nss_;
185 // Raw PEM contents of the CA certificate.
Paul Stewartb3008ea2013-06-28 14:51:54 -0700186 std::vector<std::string> ca_cert_pem_;
Paul Stewartc43cbbe2013-04-11 06:29:30 -0700187 // The outer or only EAP authetnication type.
188 std::string eap_;
189 // The inner EAP authentication type.
190 std::string inner_eap_;
Paul Stewart0654ece2013-03-26 15:21:26 -0700191 // If non-empty, string to match remote subject against before connecting.
Paul Stewartc43cbbe2013-04-11 06:29:30 -0700192 std::string subject_match_;
193 // If true, use the system-wide CA database to authenticate the remote.
194 bool use_system_cas_;
195
196 DISALLOW_COPY_AND_ASSIGN(EapCredentials);
Paul Stewart0654ece2013-03-26 15:21:26 -0700197};
198
199} // namespace shill
200
201#endif // SHILL_EAP_CREDENTIALS_H_