• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 //
2 // Copyright (C) 2013 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #ifndef SHILL_EAP_CREDENTIALS_H_
18 #define SHILL_EAP_CREDENTIALS_H_
19 
20 #include <map>
21 #include <string>
22 #include <vector>
23 
24 #include <base/files/file_path.h>
25 
26 #include "shill/technology.h"
27 
28 namespace shill {
29 
30 class CertificateFile;
31 class Error;
32 class KeyValueStore;
33 class Metrics;
34 class PropertyStore;
35 class StoreInterface;
36 
37 class EapCredentials {
38  public:
39   // TODO(pstew): Storage constants shouldn't need to be public
40   // crbug.com/208736
41   static const char kStorageEapAnonymousIdentity[];
42   static const char kStorageEapCACert[];
43   static const char kStorageEapCACertID[];
44   static const char kStorageEapCACertNSS[];
45   static const char kStorageEapCACertPEM[];
46   static const char kStorageEapCertID[];
47   static const char kStorageEapClientCert[];
48   static const char kStorageEapEap[];
49   static const char kStorageEapIdentity[];
50   static const char kStorageEapInnerEap[];
51   static const char kStorageEapKeyID[];
52   static const char kStorageEapKeyManagement[];
53   static const char kStorageEapPIN[];
54   static const char kStorageEapPassword[];
55   static const char kStorageEapPrivateKey[];
56   static const char kStorageEapPrivateKeyPassword[];
57   static const char kStorageEapSubjectMatch[];
58   static const char kStorageEapUseProactiveKeyCaching[];
59   static const char kStorageEapUseSystemCAs[];
60 
61   EapCredentials();
62   virtual ~EapCredentials();
63 
64   // Add property accessors to the EAP credential parameters in |this| to
65   // |store|.
66   void InitPropertyStore(PropertyStore* store);
67 
68   // Returns true if |property| is used for authentication in EapCredentials.
69   static bool IsEapAuthenticationProperty(const std::string property);
70 
71   // Returns true if a connection can be made with |this| credentials using
72   // either passphrase or certificates.
73   virtual bool IsConnectable() const;
74 
75   // Returns true if a connection can be made with |this| credentials using
76   // only passphrase properties.
77   virtual bool IsConnectableUsingPassphrase() const;
78 
79   // Loads EAP properties from |storage| in group |id|.
80   virtual void Load(StoreInterface* store, const std::string& id);
81 
82   // Output metrics about this EAP connection to |metrics| with technology
83   // |technology|.
84   virtual void OutputConnectionMetrics(Metrics* metrics,
85                                        Technology::Identifier technology) const;
86 
87   // Populate the wpa_supplicant DBus parameter map |params| with the
88   // credentials in |this|.  To do so, this function may use |certificate_file|
89   // to export CA certificates to be passed to wpa_supplicant.
90   virtual void PopulateSupplicantProperties(
91       CertificateFile* certificate_file,
92       KeyValueStore* params) const;
93 
94   // Populate the WiMax connection parameters |params| with the
95   // credentials in |this|.
96   virtual void PopulateWiMaxProperties(
97       KeyValueStore* params) const;
98 
99   // Save EAP properties to |storage| in group |id|.  If |save_credentials|
100   // is true, passwords and identities that are a part of the credentials are
101   // also saved.
102   virtual void Save(StoreInterface* store, const std::string& id,
103                     bool save_credentials) const;
104 
105   // Restore EAP properties to their initial state.
106   virtual void Reset();
107 
108   // Setter that guards against emptying the "Key Management" value.
109   virtual bool SetKeyManagement(const std::string& key_management,
110                                 Error* error);
111 
112   // Getters and setters.
identity()113   virtual const std::string& identity() const { return identity_; }
set_identity(const std::string & identity)114   void set_identity(const std::string& identity) {
115     identity_ = identity;
116   }
key_management()117   virtual const std::string& key_management() const { return key_management_; }
set_password(const std::string & password)118   virtual void set_password(const std::string& password) {
119     password_ = password;
120   }
pin()121   virtual const std::string& pin() const { return pin_; }
122 
123  private:
124   friend class EapCredentialsTest;
125 
126   // Returns true if the current EAP authentication type requires certificate
127   // authentication and any of the client credentials are provided via
128   // referencea cypto token.
129   bool ClientAuthenticationUsesCryptoToken() const;
130 
131   // Expose a property in |store|, with the name |name|.
132   //
133   // Reads of the property will be handled by invoking |get|.
134   // Writes to the property will be handled by invoking |set|.
135   void HelpRegisterDerivedString(
136       PropertyStore* store,
137       const std::string& name,
138       std::string(EapCredentials::*get)(Error* error),
139       bool(EapCredentials::*set)(const std::string& value, Error* error));
140 
141   // Expose a property in |store|, with the name |name|.
142   //
143   // Reads of the property will be handled by invoking |get|.
144   //
145   // Clearing the property will be handled by invoking |clear|, or
146   // calling |set| with |default_value| (whichever is non-NULL).  It
147   // is an error to call this method with both |clear| and
148   // |default_value| non-NULL.
149   void HelpRegisterWriteOnlyDerivedString(
150       PropertyStore* store,
151       const std::string& name,
152       bool(EapCredentials::*set)(const std::string& value, Error* error),
153       void(EapCredentials::*clear)(Error* error),
154       const std::string* default_value);
155 
156   // Assigns |value| to |key| in |storage| if |value| is non-empty and |save| is
157   // true. Otherwise, removes |key| from |storage|. If |crypted| is true, the
158   // value is encrypted.
159   static void SaveString(StoreInterface* storage,
160                          const std::string& id,
161                          const std::string& key,
162                          const std::string& value,
163                          bool crypted,
164                          bool save);
165 
166   // Setters for write-only RPC properties.
167   bool SetEapPassword(const std::string& password, Error* error);
168   bool SetEapPrivateKeyPassword(const std::string& password, Error* error);
169 
170   // RPC getter for key_management_.
171   std::string GetKeyManagement(Error* error);
172 
173   // When there is an inner EAP type, use this identity for the outer.
174   std::string anonymous_identity_;
175   // Locator for the client certificate within the security token.
176   std::string cert_id_;
177   // Filename of the client certificate.
178   std::string client_cert_;
179   // Who we identify ourselves as to the EAP authenticator.
180   std::string identity_;
181   // Locator for the client private key within the security token.
182   std::string key_id_;
183   // Key management algorithm to use after EAP succeeds.
184   std::string key_management_;
185   // Password to use for EAP methods which require one.
186   std::string password_;
187   // PIN code for accessing the security token.
188   std::string pin_;
189   // Filename of the client private key.
190   std::string private_key_;
191   // Password for decrypting the client private key file.
192   std::string private_key_password_;
193 
194   // Filename of the certificate authority (CA) certificate.
195   std::string ca_cert_;
196   // Locator for the CA certificate within the security token.
197   std::string ca_cert_id_;
198   // Locator for the CA certificate within the user NSS database.
199   std::string ca_cert_nss_;
200   // Raw PEM contents of the CA certificate.
201   std::vector<std::string> ca_cert_pem_;
202   // The outer or only EAP authetnication type.
203   std::string eap_;
204   // The inner EAP authentication type.
205   std::string inner_eap_;
206   // If non-empty, string to match remote subject against before connecting.
207   std::string subject_match_;
208   // If true, use the system-wide CA database to authenticate the remote.
209   bool use_system_cas_;
210   // If true, use per network proactive key caching.
211   bool use_proactive_key_caching_;
212 
213   DISALLOW_COPY_AND_ASSIGN(EapCredentials);
214 };
215 
216 }  // namespace shill
217 
218 #endif  // SHILL_EAP_CREDENTIALS_H_
219