shill-test-proxy: Parse XML RPC security data structures

am: abb515e841

* commit 'abb515e84150d7a3189f96630907ab1190d75ea4':
  shill-test-proxy: Parse XML RPC security data structures

2 files changed, 301 insertions, 0 deletions

diff --git a/test-rpc-proxy/proxy_rpc_security_types.cc b/test-rpc-proxy/proxy_rpc_security_types.cc
new file mode 100644
index 00000000..89a75965
--- /dev/null
+++ b/test-rpc-proxy/proxy_rpc_security_types.cc
@@ -0,0 +1,127 @@
+//
+// Copyright (C) 2015 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#include <base/logging.h>
+#include <base/strings/stringprintf.h>
+#include <service_constants.h>
+
+#include "proxy_rpc_security_types.h"
+#include "proxy_util.h"
+
+// Autotest Server test encodes the object type in this key.
+static const char kXmlRpcStructTypeKey[] = "xmlrpc_struct_type_key";
+const char SecurityConfig::kDefaultSecurity[] = "none";
+const int WPAConfig::kMaxPskSize = 64;
+const char EAPConfig::kDefaultEapUsers[] = "* TLS";
+const char EAPConfig::kDefaultEAPIdentity[] = "brillo";
+int EAPConfig::last_tmp_id = 8800;
+const int DynamicWEPConfig::kDefaultKeyPeriod = 20;
+const char Tunneled1xConfig::kTTLSPrefix[] = "TTLS-";
+const char Tunneled1xConfig::kLayer1TypePEAP[] = "PEAP";
+const char Tunneled1xConfig::kLayer1TypeTTLS[] = "TTLS";
+const char Tunneled1xConfig::kLayer2TypeGTC[] = "GTC";
+const char Tunneled1xConfig::kLayer2TypeMSCHAPV2[] = "MSCHAPV2";
+const char Tunneled1xConfig::kLayer2TypeMD5[] = "MD5";
+const char Tunneled1xConfig::kLayer2TypeTTLSMSCHAPV2[] = "TTLS-MSCHAPV2";
+const char Tunneled1xConfig::kLayer2TypeTTLSMSCHAP[] = "TTLS-MSCHAP";
+const char Tunneled1xConfig::kLayer2TypeTTLSPAP[] = "TTLS-PAP";
+
+std::unique_ptr<SecurityConfig> SecurityConfig::CreateSecurityConfigObject(
+    XmlRpc::XmlRpcValue* xml_rpc_value_in) {
+  const std::string& security_type = (*xml_rpc_value_in)[kXmlRpcStructTypeKey];
+  if (security_type == "SecurityConfig") {
+    return std::unique_ptr<SecurityConfig>(new SecurityConfig(xml_rpc_value_in));
+  }
+  if (security_type == "WEPConfig") {
+    return std::unique_ptr<SecurityConfig>(new WEPConfig(xml_rpc_value_in));
+  }
+  if (security_type == "WPAConfig") {
+    return std::unique_ptr<SecurityConfig>(new WPAConfig(xml_rpc_value_in));
+  }
+  LOG(FATAL) << "Unexpected object received. Received: " << security_type;
+  return nullptr;
+}
+
+SecurityConfig::SecurityConfig(
+    XmlRpc::XmlRpcValue* xml_rpc_value_in) {
+  GetStringValueFromXmlRpcValueStructMember(
+      xml_rpc_value_in, "security", kDefaultSecurity, &security_);
+}
+
+void SecurityConfig::GetServiceProperties(brillo::VariantDictionary* properties) {
+  // The base class represents a connection with no security. So, no security
+  // properties to be sent to Shill.
+}
+
+WEPConfig::WEPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in)
+  : SecurityConfig::SecurityConfig(xml_rpc_value_in) {
+  GetStringVectorFromXmlRpcValueStructMember(
+      xml_rpc_value_in, "wep_keys", std::vector<std::string>(), &wep_keys_);
+  GetIntValueFromXmlRpcValueStructMember(
+        xml_rpc_value_in, "wep_default_key", 0, &wep_default_key_index_);
+  GetIntValueFromXmlRpcValueStructMember(
+        xml_rpc_value_in, "auth_algorithm", (int)kAuthAlgorithmTypeDefault,
+        &auth_algorithm_);
+  if (wep_default_key_index_ > static_cast<int>(wep_keys_.size())) {
+    LOG(FATAL) << "Error in received wep_default_key: "
+               << wep_default_key_index_;
+  }
+}
+
+void WEPConfig::GetServiceProperties(brillo::VariantDictionary* properties) {
+  std::string passphrase = base::StringPrintf(
+      "%d:%s", wep_default_key_index_,
+      wep_keys_[wep_default_key_index_].c_str());
+  (*properties)[shill::kPassphraseProperty] = passphrase;
+}
+
+WPAConfig::WPAConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in)
+  : SecurityConfig::SecurityConfig(xml_rpc_value_in) {
+  GetStringValueFromXmlRpcValueStructMember(
+      xml_rpc_value_in, "psk", std::string(), &psk_);
+  GetIntValueFromXmlRpcValueStructMember(
+        xml_rpc_value_in, "wpa_mode", kWpaModeDefault, &wpa_mode_);
+  GetStringVectorFromXmlRpcValueStructMember(
+      xml_rpc_value_in, "wpa_ciphers", std::vector<std::string>(),
+      &wpa_ciphers_);
+  GetStringVectorFromXmlRpcValueStructMember(
+      xml_rpc_value_in, "wpa2_ciphers", std::vector<std::string>(),
+      &wpa2_ciphers_);
+  GetIntValueFromXmlRpcValueStructMember(
+      xml_rpc_value_in, "wpa_ptk_rekey_period", 0,
+      &wpa_ptk_rekey_period_seconds_);
+  GetIntValueFromXmlRpcValueStructMember(
+      xml_rpc_value_in, "wpa_gtk_rekey_period", 0,
+      &wpa_gtk_rekey_period_seconds_);
+  GetIntValueFromXmlRpcValueStructMember(
+      xml_rpc_value_in, "wpa_gmk_rekey_period", 0,
+      &wpa_gmk_rekey_period_seconds_);
+  GetBoolValueFromXmlRpcValueStructMember(
+      xml_rpc_value_in, "use_strict_rekey", 0, &use_strict_rekey_);
+
+  if (psk_.size() > kMaxPskSize) {
+    LOG(FATAL) << "WPA passphrases can be no longer than 63 characters"
+                  "(or 64 hex digits). PSK: " << psk_;
+  }
+  if ((psk_.size() == kMaxPskSize) &&
+      (psk_.find_first_not_of("0123456789abcdef") != std::string::npos)) {
+    LOG(FATAL) << "Invalid PSK: " << psk_;
+  }
+}
+
+void WPAConfig::GetServiceProperties(brillo::VariantDictionary* properties) {
+  (*properties)[shill::kPassphraseProperty] = psk_;
+}
diff --git a/test-rpc-proxy/proxy_rpc_security_types.h b/test-rpc-proxy/proxy_rpc_security_types.h
new file mode 100644
index 00000000..d9e599d6
--- /dev/null
+++ b/test-rpc-proxy/proxy_rpc_security_types.h
@@ -0,0 +1,174 @@
+//
+// Copyright (C) 2015 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#ifndef PROXY_RPC_SECURITY_TYPES_H
+#define PROXY_RPC_SECURITY_TYPES_H
+
+#include <string>
+
+#include <XmlRpcValue.h>
+
+#include <brillo/variant_dictionary.h>
+
+// Abstracts the security configuration for a WiFi network.
+// This bundle of credentials can be passed to both HostapConfig and
+// AssociationParameters so that both shill and hostapd can set up and connect
+// to an encrypted WiFi network. By default, we'll assume we're connecting
+// to an open network.
+class SecurityConfig {
+ public:
+  enum WpaModeType {
+    kWpaModePure = 1,
+    kWpaModePure_2 = 2,
+    kWpaModeMixed = kWpaModePure | kWpaModePure_2,
+    kWpaModeDefault = kWpaModeMixed,
+  };
+  enum AuthAlgorithmType {
+    kAuthAlgorithmTypeOpen = 1,
+    kAuthAlgorithmTypeShared = 2,
+    kAuthAlgorithmTypeDefault = kAuthAlgorithmTypeOpen
+  };
+  static const char kDefaultSecurity[];
+
+  // This function creates the appropriate |SecurityConfig| subclass
+  // object from the incoming RPC data.
+  static std::unique_ptr<SecurityConfig> CreateSecurityConfigObject(
+      XmlRpc::XmlRpcValue* xml_rpc_value_in);
+  SecurityConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
+  virtual ~SecurityConfig() = default;
+  virtual void GetServiceProperties(brillo::VariantDictionary* properties);
+
+  std::string security_;
+};
+
+// Abstracts security configuration for a WiFi network using static WEP.
+// Open system authentication means that we don"t do a 4 way AUTH handshake,
+// and simply start using the WEP keys after association finishes.
+class WEPConfig : public SecurityConfig {
+ public:
+  WEPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
+  virtual void GetServiceProperties(brillo::VariantDictionary* properties) override;
+
+ private:
+  std::vector<std::string> wep_keys_;
+  int wep_default_key_index_;
+  int auth_algorithm_;
+};
+
+// Abstracts security configuration for a WPA encrypted WiFi network.
+class WPAConfig : public SecurityConfig {
+ public:
+  WPAConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
+  void GetServiceProperties(brillo::VariantDictionary* properties) override;
+
+  static const int kMaxPskSize;
+
+ private:
+  std::string psk_;
+  int wpa_mode_;
+  std::vector<std::string> wpa_ciphers_;
+  std::vector<std::string> wpa2_ciphers_;
+  int wpa_ptk_rekey_period_seconds_;
+  int wpa_gtk_rekey_period_seconds_;
+  int wpa_gmk_rekey_period_seconds_;
+  bool use_strict_rekey_;
+};
+
+// Abstract superclass that implements certificate/key installation.
+class EAPConfig : public SecurityConfig {
+ public:
+  static const char kDefaultEapUsers[];
+  static const char kDefaultEAPIdentity[];
+  static int last_tmp_id;
+
+  EAPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
+  void GetServiceProperties(brillo::VariantDictionary* properties) override;
+
+ private:
+  bool use_system_cas_;
+  std::string server_ca_cert_;
+  std::string server_cert_;
+  std::string server_key_;
+  std::string server_eap_users;
+  std::string client_ca_cert_;
+  std::string client_cert_;
+  std::string client_key_;
+  std::string server_ca_cert_file_path_;
+  std::string server_cert_file_path_;
+  std::string server_key_file_path_;
+  std::string server_eap_user_file_path_;
+  std::string file_path_suffix_;
+  std::string client_cert_id_;
+  std::string client_key_id_;
+  std::string pin_;
+  std::string client_cert_slot_id_;
+  std::string client_key_slot_id_;
+  std::string eap_identity_;
+};
+
+// Configuration settings bundle for dynamic WEP.
+// This is a WEP encrypted connection where the keys are negotiated after the
+// client authenticates via 802.1x.
+class DynamicWEPConfig : public EAPConfig {
+ public:
+  static const int kDefaultKeyPeriod;
+
+  DynamicWEPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
+  void GetServiceProperties(brillo::VariantDictionary* properties) override;
+
+ private:
+  bool use_short_keys_;
+  int wep_rekey_period_seconds_;
+};
+
+// Security type to set up a WPA connection via EAP-TLS negotiation.
+class WPAEAPConfig : public EAPConfig {
+ public:
+  WPAEAPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
+  void GetServiceProperties(brillo::VariantDictionary* properties) override;
+
+ private:
+  bool use_short_keys_;
+  WpaModeType wpa_mode_;
+};
+
+// Security type to set up a TTLS/PEAP connection.
+// Both PEAP and TTLS are tunneled protocols which use EAP inside of a TLS
+// secured tunnel.  The secured tunnel is a symmetric key encryption scheme
+// negotiated under the protection of a public key in the server certificate.
+// Thus, we"ll see server credentials in the form of certificates, but client
+// credentials in the form of passwords and a CA Cert to root the trust chain.
+class Tunneled1xConfig : public WPAEAPConfig {
+ public:
+  static const char kTTLSPrefix[];
+  static const char kLayer1TypePEAP[];
+  static const char kLayer1TypeTTLS[];
+  static const char kLayer2TypeGTC[];
+  static const char kLayer2TypeMSCHAPV2[];
+  static const char kLayer2TypeMD5[];
+  static const char kLayer2TypeTTLSMSCHAPV2[];
+  static const char kLayer2TypeTTLSMSCHAP[];
+  static const char kLayer2TypeTTLSPAP[];
+
+  Tunneled1xConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
+  void GetServiceProperties(brillo::VariantDictionary* properties) override;
+
+ private:
+  std::string password_;
+  std::string inner_protocol_;
+};
+
+#endif // PROXY_RPC_SECURITY_TYPES_H