1// Copyright 2019 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// This API is used for configuring network connections (Cellular, Ethernet,
6// VPN, WiFi, or Tether). See the Open Network Configuration
7// (ONC) documentation for detailed descriptions of properties:
8// components/onc/docs/onc_spec.md.
9
10// Currently this service is implemented in the Chrome Browser process with
11// clients in Chrome and WebUI.
12
13module chromeos.network_config.mojom;
14
15import "chromeos/services/network_config/public/mojom/network_types.mojom";
16import "mojo/public/mojom/base/time.mojom";
17import "services/network/public/mojom/ip_address.mojom";
18
19// Activation state for Cellular networks.
20enum ActivationStateType {
21  kUnknown,
22  kNotActivated,
23  kActivating,
24  kPartiallyActivated,
25  kActivated,
26  // A cellular modem exists, but no network service is available.
27  kNoService,
28};
29
30// The authentication type for Ethernet networks.
31enum AuthenticationType {
32  kNone,
33  k8021x,
34};
35
36enum ProxyMode {
37  // Direct connection to the network.
38  kDirect,
39  // Try to retrieve a PAC script from http://wpad/wpad.dat.
40  kAutoDetect,
41  // Try to retrieve a PAC script from kProxyPacURL.
42  kPacScript,
43  // Use a specified list of servers.
44  kFixedServers,
45  // Use the system's proxy settings.
46  kSystem,
47};
48
49// The security type for WiFi Ethernet networks.
50enum SecurityType {
51  kNone,
52  kWep8021x,
53  kWepPsk,
54  kWpaEap,
55  kWpaPsk,
56};
57
58// The configuration type for virtual networks.
59enum VpnType {
60  // Internal VPN types.
61  kL2TPIPsec,
62  kOpenVPN,
63  // VPN provided by a Chrome Extension.
64  kExtension,
65  // VPN provided by an Arc++ app.
66  kArc,
67};
68
69// Filter used for requesting lists of network states.
70enum FilterType {
71  // Return active (Connected or Connecting) networks.
72  kActive,
73  // Return visible (active, physically connected or in-range) networks.
74  // Active networks will be listed first.
75  kVisible,
76  // Only include configured (saved) networks.
77  kConfigured,
78  // Include all networks.
79  kAll,
80};
81
82enum StartConnectResult {
83  // The request was successfully sent.
84  kSuccess,
85  // The provided GUID is not associated with an existing network configuration.
86  kInvalidGuid,
87  // The network is not in a connectable state (e.g. already connected or
88  // connecting, or a required service is unavailable).
89  kInvalidState,
90  // The connect request was cancelled before being sent, e.g. due to another
91  // connect request.
92  kCanceled,
93  // The network is in an error state because invalid credentials were provided
94  // or a certificate is unavailable.
95  kNotConfigured,
96  // Connecting to the network is blocked, e.g. by policy.
97  kBlocked,
98  // Unknown or other error.
99  kUnknown,
100};
101
102enum CertificateType {
103  kServerCA,
104  kUserCert,
105};
106
107// The SIM card lock status for Cellular networks.
108struct SIMLockStatus {
109  // The status of SIM lock. Possible values are 'sim-pin', 'sim-puk' or empty.
110  string lock_type;
111  // Whether SIM lock is enabled.
112  bool lock_enabled;
113  // Number of PIN lock tries allowed before PUK is required to unlock the SIM.
114  int32 retries_left;
115};
116
117struct CellularStateProperties {
118  // Enumerated ONC activation state.
119  ActivationStateType activation_state = kUnknown;
120  // ONC NetworkTechnology value.
121  string network_technology;
122  // True when in a roaming state and the provider is not always roaming.
123  bool roaming = false;
124  // The signal strength of the cellular connection.
125  int32 signal_strength;
126  // True when a SIM is present and locked.
127  bool sim_locked = false;
128};
129
130struct EthernetStateProperties {
131  // This represents the actual authentication type for a connected Ethernet
132  // network. Note: An EAP configuration may exist but not be applied (e.g. if
133  // no certificate is installed), in which case the value will be kNone.
134  AuthenticationType authentication;
135};
136
137struct TetherStateProperties {
138  // The battery percentage of the tethered device.
139  int32 battery_percentage;
140  // The cellular carrier for the tethered device.
141  string carrier;
142  // Whether the tethered device has already been connected to.
143  bool has_connected_to_host;
144  // The signal strength of the tethered device's cellular connection.
145  int32 signal_strength;
146};
147
148struct VPNStateProperties {
149  VpnType type;
150  string provider_id;
151  string provider_name;
152};
153
154struct WiFiStateProperties {
155  // The id of the basic service set (access point) associated with the network.
156  string bssid;
157  // The WiFi service operating frequency in MHz. For connected networks, the
158  // current frequency, otherwise, the frequency of the best available BSS.
159  int32 frequency;
160  // The hex encoded SSID (name) of the network.
161  string hex_ssid;
162  SecurityType security;
163  // The signal strength for visible networks.
164  int32 signal_strength;
165  // The network SSID.
166  string ssid;
167};
168
169union NetworkTypeStateProperties {
170  CellularStateProperties cellular;
171  EthernetStateProperties ethernet;
172  TetherStateProperties tether;
173  VPNStateProperties vpn;
174  WiFiStateProperties wifi;
175};
176
177struct NetworkStateProperties {
178  // True if the network is configured and may be connectable.
179  bool connectable = false;
180  // True if an explicit connect was requested. The network state may not be
181  // Connecting yet.
182  bool connect_requested = false;
183  ConnectionStateType connection_state;
184  // A string describing the network error state. TODO(stevenjb): Use an enum.
185  string? error_state;
186  // The unique identifier for the network.
187  string guid;
188  // The human readable name of the network, e.g. WiFi SSID or network type.
189  string name;
190  // The captive portal state when connectionState == kPortal.
191  PortalState portal_state = kUnknown;
192  // The relative priority of the network. Larger values have higher priority.
193  int32 priority;
194  // The proxy mode affecting this network. Includes any settings that affect
195  // this network (i.e. global proxy settings are also considered).
196  ProxyMode proxy_mode;
197  // True for visible networks that are blocked / disallowed by policy.
198  bool prohibited_by_policy = false;
199  OncSource source;
200  // |type| is explicitly provided here to simplify UI code and will always
201  // match the type of |type_state|, which will always be provided.
202  NetworkType type;
203  NetworkTypeStateProperties type_state;
204};
205
206struct DeviceStateProperties {
207  // IP address for the primary network corresponding to the device type. If no
208  // network is in a connected state, or the address type is not available,
209  // these will be null. When there are multiple IP addresses, only the first
210  // is provided.
211  network.mojom.IPAddress? ipv4_address;
212  network.mojom.IPAddress? ipv6_address;
213  // AA:BB formatted MAC address for the device. Use for display purposes only.
214  // May be null if no MAC address is available for the device.
215  string? mac_address;
216  // Set if the device is currently scanning.
217  bool scanning = false;
218  // The SIM lock status if Type = Cellular and a SIM is present.
219  SIMLockStatus? sim_lock_status;
220  // True when a SIM is required and not present.
221  bool sim_absent = false;
222  DeviceStateType device_state;
223  NetworkType type;
224  // Whether or not any managed networks are available.
225  bool managed_network_available = false;
226};
227
228const int32 kNoLimit = 0;
229
230struct NetworkFilter {
231  // Which networks to return (active, visible, etc).
232  FilterType filter;
233  // The type of networks to return.
234  NetworkType network_type;
235  // Maximum number of networks to return. 0 indicates no limit.
236  int32 limit = kNoLimit;
237};
238
239// Specialized unmanaged property types.
240
241struct ApnProperties {
242  string access_point_name;
243  string? authentication;
244  string? language;
245  string? localized_name;
246  string? name;
247  string? password;
248  string? username;
249};
250
251struct CellularProviderProperties {
252  string name;
253  string code;
254  string? country;
255};
256
257struct FoundNetworkProperties {
258  string status;
259  string network_id;
260  string technology;
261  string? short_name;
262  string? long_name;
263};
264
265// A routing prefix can not be 0. Use 0 to indicate an unset value.
266const int32 kNoRoutingPrefix = 0;
267
268struct IPConfigProperties {
269  string? gateway;
270  // The IP address represented as a string, as provided by the configuration
271  // manager (e.g. Shill) and/or the policy provider. It should be used for
272  // display purposes only.
273  string? ip_address;
274  array<string>? excluded_routes;
275  array<string>? included_routes;
276  array<string>? name_servers;
277  array<string>? search_domains;
278  int32 routing_prefix = kNoRoutingPrefix;
279  string? type;
280  string? web_proxy_auto_discovery_url;
281};
282
283struct PaymentPortalProperties {
284  string method;
285  string? post_data;
286  string? url;
287};
288
289// Managed property types. These types all share a common structure.
290// The structure differs from the structure used in //components/onc which
291// relies on optional boolean and integer values which are unsupported in mojo,
292// and provides more detail than is required by the UI.
293
294// active_value: The value provided by the configuration manager (e.g. Shill).
295//     This will match |policy_value| when |policy_source| is enforced.
296// policy_source: The source of the value provided by policy when available,
297//     or kNone (see PolicySource in network_types.mojom).
298// policy_value: The value provided by policy when available.
299
300// Fundamental managed types.
301
302struct ManagedBoolean {
303  bool active_value;
304  PolicySource policy_source = kNone;
305  bool policy_value = false;
306};
307
308struct ManagedInt32 {
309  int32 active_value = 0;
310  PolicySource policy_source = kNone;
311  int32 policy_value = 0;
312};
313
314struct ManagedString {
315  string active_value;
316  PolicySource policy_source = kNone;
317  string? policy_value;
318};
319
320struct ManagedStringList {
321  array<string> active_value;
322  PolicySource policy_source = kNone;
323  array<string>? policy_value;
324};
325
326// Specialized managed types.
327
328struct ManagedApnProperties {
329  ManagedString access_point_name;
330  ManagedString? authentication;
331  ManagedString? language;
332  ManagedString? localized_name;
333  ManagedString? name;
334  ManagedString? password;
335  ManagedString? username;
336};
337
338struct ManagedApnList {
339  array<ApnProperties> active_value;
340  PolicySource policy_source = kNone;
341  array<ApnProperties>? policy_value;
342};
343
344struct ManagedIssuerSubjectPattern {
345  ManagedString? common_name;
346  ManagedString? locality;
347  ManagedString? organization;
348  ManagedString? organizational_unit;
349};
350
351struct ManagedCertificatePattern {
352  ManagedStringList? enrollment_uri;
353  ManagedIssuerSubjectPattern? issuer;
354  ManagedStringList? issuer_ca_ref;
355  ManagedIssuerSubjectPattern? subject;
356};
357
358struct ManagedEAPProperties {
359  ManagedString? anonymous_identity;
360  ManagedCertificatePattern? client_cert_pattern;
361  ManagedString? client_cert_pkcs11_id;
362  ManagedString? client_cert_ref;
363  ManagedString? client_cert_type;
364  ManagedString? identity;
365  ManagedString? inner;
366  ManagedString? outer;
367  // Note: |password| contains a placeholder if set to avoid leaking secrets.
368  ManagedString? password;
369  ManagedBoolean? save_credentials;
370  ManagedStringList? server_ca_pems;
371  ManagedStringList? server_ca_refs;
372  ManagedString? subject_match;
373  ManagedString? tls_version_max;
374  ManagedBoolean? use_proactive_key_caching;
375  ManagedBoolean? use_system_cas;
376};
377
378struct ManagedIPConfigProperties {
379  ManagedString? gateway;
380  // See comment for IPConfigProperties.
381  ManagedString? ip_address;
382  ManagedStringList? name_servers;
383  ManagedInt32? routing_prefix;
384  ManagedString? type;
385  ManagedString? web_proxy_auto_discovery_url;
386};
387
388struct ManagedIPSecProperties {
389  ManagedString authentication_type;
390  ManagedCertificatePattern? client_cert_pattern;
391  ManagedString? client_cert_pkcs11_id;
392  ManagedString? client_cert_ref;
393  ManagedString? client_cert_type;
394  ManagedEAPProperties? eap;
395  ManagedString? group;
396  ManagedInt32? ike_version;
397  // Note: |psk| contains a placeholder if set to avoid leaking secrets.
398  ManagedString? psk;
399  ManagedBoolean? save_credentials;
400  ManagedStringList? server_ca_pems;
401  ManagedStringList? server_ca_refs;
402};
403
404struct ManagedL2TPProperties {
405  ManagedBoolean? lcp_echo_disabled;
406  // Note: |password| contains a placeholder if set to avoid leaking secrets.
407  ManagedString? password;
408  ManagedBoolean? save_credentials;
409  ManagedString? username;
410};
411
412struct ManagedProxyLocation {
413  ManagedString host;
414  ManagedInt32 port;
415};
416
417struct ManagedManualProxySettings {
418  ManagedProxyLocation? http_proxy;
419  ManagedProxyLocation? secure_http_proxy;
420  ManagedProxyLocation? ftp_proxy;
421  ManagedProxyLocation? socks;
422};
423
424struct ManagedProxySettings {
425  ManagedString type;
426  ManagedManualProxySettings? manual;
427  ManagedStringList? exclude_domains;
428  ManagedString? pac;
429};
430
431struct ManagedVerifyX509Properties {
432  ManagedString? name;
433  ManagedString? type;
434};
435
436struct ManagedOpenVPNProperties {
437  ManagedString? auth;
438  ManagedString? auth_retry;
439  ManagedBoolean? auth_no_cache;
440  ManagedString? cipher;
441  ManagedString? client_cert_pkcs11_id;
442  ManagedCertificatePattern? client_cert_pattern;
443  ManagedString? client_cert_ref;
444  ManagedString? client_cert_type;
445  ManagedString? compression_algorithm;
446  ManagedStringList? extra_hosts;
447  ManagedBoolean? ignore_default_route;
448  ManagedString? key_direction;
449  ManagedString? ns_cert_type;
450  // Note: |password| contains a placeholder if set to avoid leaking secrets.
451  ManagedString? password;
452  ManagedInt32? port;
453  ManagedString? proto;
454  ManagedBoolean? push_peer_info;
455  ManagedString? remote_cert_eku;
456  ManagedStringList? remote_cert_ku;
457  ManagedString? remote_cert_tls;
458  ManagedInt32? reneg_sec;
459  ManagedBoolean? save_credentials;
460  ManagedStringList? server_ca_pems;
461  ManagedStringList? server_ca_refs;
462  ManagedString? server_cert_ref;
463  ManagedInt32? server_poll_timeout;
464  ManagedInt32? shaper;
465  ManagedString? static_challenge;
466  ManagedString? tls_auth_contents;
467  ManagedString? tls_remote;
468  ManagedString? tls_version_min;
469  ManagedString? user_authentication_type;
470  ManagedString? username;
471  ManagedString? verb;
472  ManagedString? verify_hash;
473  ManagedVerifyX509Properties? verify_x509;
474};
475
476// Managed NetworkType specific dictionaries.
477
478struct ManagedCellularProperties {
479  ManagedBoolean? auto_connect;
480  // The current user selected APN. This corresponds to APN field
481  // in ONC.
482  ManagedApnProperties? selected_apn;
483  ManagedApnList? apn_list;
484  // List of user-entered custom APN entries. Note: This field is not
485  // part of ONC spec.
486  array<ApnProperties>? custom_apn_list;
487  ActivationStateType activation_state;
488  bool allow_roaming = false;
489  string? esn;
490  string? family;
491  string? firmware_revision;
492  array<FoundNetworkProperties>? found_networks;
493  string? hardware_revision;
494  CellularProviderProperties? home_provider;
495  string? iccid;
496  string? imei;
497  ApnProperties? last_good_apn;
498  string? manufacturer;
499  string? mdn;
500  string? meid;
501  string? min;
502  string? model_id;
503  string? network_technology;
504  PaymentPortalProperties? payment_portal;
505  string? roaming_state;
506  CellularProviderProperties? serving_operator;
507  int32 signal_strength = 0;
508  bool support_network_scan = false;
509};
510
511struct ManagedEthernetProperties {
512  // This represents the configured authentication type for an Ethernet network.
513  // Note: This might not match the State value (which uses an enum instead of
514  // a managed string) if the EAP configuration can not be applied (e.g. when
515  // no certificate is installed).
516  ManagedString? authentication;
517  ManagedEAPProperties? eap;
518};
519
520struct ManagedVPNProperties {
521  ManagedBoolean? auto_connect;
522  ManagedString? host;
523  ManagedIPSecProperties? ip_sec;
524  ManagedL2TPProperties? l2tp;
525  ManagedOpenVPNProperties? open_vpn;
526  ManagedString? provider_id;
527  string provider_name;
528  VpnType type;
529};
530
531struct ManagedWiFiProperties {
532  ManagedBoolean? allow_gateway_arp_polling;
533  ManagedBoolean? auto_connect;
534  string? bssid;
535  ManagedEAPProperties? eap;
536  int32 frequency = 0;
537  array<int32>? frequency_list;
538  ManagedString? hex_ssid;
539  ManagedBoolean? hidden_ssid;
540  // Note: |passphrase| contains a placeholder if set to avoid leaking secrets.
541  ManagedString? passphrase;
542  ManagedString ssid;
543  SecurityType security;
544  int32 signal_strength = 0;
545  string? tethering_state;
546  // Indicates whether the network is eligible to be included in Chrome Sync.
547  bool is_syncable;
548  // True for unshared networks and for shared networks configured by the
549  // active user.  Updated whenever the passphrase is modified.
550  bool is_configured_by_active_user;
551};
552
553union NetworkTypeManagedProperties {
554  ManagedCellularProperties cellular;
555  ManagedEthernetProperties ethernet;
556  // Tether has no managed properties. Provide TetherStateProperties for display
557  // purposes.
558  TetherStateProperties tether;
559  ManagedVPNProperties vpn;
560  ManagedWiFiProperties wifi;
561};
562
563// Managed properties provided by getManagedProperties. See onc_spec.md for
564// details about each property.
565struct ManagedProperties {
566  // Typed properties for compatibility with NetworkStateProperties.
567  ConnectionStateType connection_state = kNotConnected;
568  OncSource source;
569  // Other properties and property dictionaries use ONC strings for values.
570  bool connectable = false;
571  string? error_state;
572  string guid;
573  ManagedString ip_address_config_type;
574  array<IPConfigProperties>? ip_configs;
575  ManagedBoolean? metered;
576  ManagedString? name;
577  ManagedString name_servers_config_type;
578  ManagedInt32? priority;
579  ManagedProxySettings? proxy_settings;
580  PortalState portal_state = kUnknown;
581  ManagedIPConfigProperties? static_ip_config;
582  IPConfigProperties? saved_ip_config;
583  // |type| is explicitly provided here to simplify UI code and will always
584  // match the type of |type_properties|, which will always be provided.
585  NetworkType type;
586  NetworkTypeManagedProperties type_properties;
587};
588
589// Properties for SetProperties and ConfigureNetwork. All of the top level
590// properties and many nested properties are optional so that sparse
591// configurations can be provided, e.g. just the |auto_connect| property can
592// be changed. The ONC validation code (chromeos/network/onc/onc_validator.cc)
593// ensures that configurations are valid before translating and passing them to
594// Shill.
595
596// Wrapper to allow optional auto_connect configuration.
597struct AutoConnectConfig {
598  bool value;
599};
600
601// Wrapper to allow optional metered configuration.
602struct MeteredConfig {
603  bool value;
604};
605
606// Wrapper to allow optional priority configuration.
607struct PriorityConfig {
608  int32 value;
609};
610
611// Wrapper to allow optional VpnType configuration. Note: only configuration of
612// internal VPN types (kOpenVPN and kL2TPIPsec) is supported.
613// TODO(657632): Remove wrapper once optional enums are supported.
614struct VpnTypeConfig {
615  VpnType value;
616};
617
618struct ProxyLocation {
619  string host;
620  int32 port;
621};
622
623struct ManualProxySettings {
624  ProxyLocation? http_proxy;
625  ProxyLocation? secure_http_proxy;
626  ProxyLocation? ftp_proxy;
627  ProxyLocation? socks;
628};
629
630struct ProxySettings {
631  string type;
632  ManualProxySettings? manual;
633  array<string>? exclude_domains;
634  string? pac;
635};
636
637struct EAPConfigProperties {
638  string? anonymous_identity;
639  string? client_cert_pkcs11_id;
640  string? client_cert_type;
641  string? identity;
642  string? inner;
643  string? outer;
644  string? password;
645  bool save_credentials = false;
646  array<string>? server_ca_pems;
647  string? subject_match;
648  bool use_system_cas = false;
649};
650
651// Subset of currently implemented config properties in the UI. Additional
652// optional propreties from onc_spec.md may be added as needed.
653struct IPSecConfigProperties {
654  string authentication_type;
655  string? client_cert_pkcs11_id;
656  string? client_cert_type;
657  string? group;
658  int32 ike_version = 1;
659  string? psk;
660  bool save_credentials = false;
661  array<string>? server_ca_pems;
662  array<string>? server_ca_refs;
663};
664
665// Subset of currently implemented config properties in the UI. Additional
666// optional propreties from onc_spec.md may be added as needed.
667struct L2TPConfigProperties {
668  bool lcp_echo_disabled = false;
669  string? password;
670  bool save_credentials = false;
671  string? username;
672};
673
674// Subset of currently implemented config properties in the UI. Additional
675// optional propreties from onc_spec.md may be added as needed.
676struct OpenVPNConfigProperties {
677  string? client_cert_pkcs11_id;
678  string? client_cert_type;
679  array<string>? extra_hosts;
680  string? otp;
681  string? password;
682  bool save_credentials = false;
683  array<string>? server_ca_pems;
684  array<string>? server_ca_refs;
685  string? username;
686  string? user_authentication_type;
687};
688
689// Only one of {Cellular|Ethernet|VPN|Wifi}ConfigProperties is allowed.
690// TODO(stevenjb): Make these a union.
691struct CellularConfigProperties {
692  ApnProperties? apn;
693};
694
695struct EthernetConfigProperties {
696  // |authentication| will default to "none" if not provided for new configs.
697  // TODO(657632): Use AuthenticationType here.
698  string? authentication;
699  EAPConfigProperties? eap;
700};
701
702struct VPNConfigProperties {
703  string? host;
704  IPSecConfigProperties? ip_sec;
705  L2TPConfigProperties? l2tp;
706  OpenVPNConfigProperties? open_vpn;
707  // |type| is required for new configs, optional otherwise.
708  VpnTypeConfig? type;
709};
710
711struct WiFiConfigProperties {
712  EAPConfigProperties? eap;
713  string? passphrase;
714  // |ssid| is required for new configurations, optional otherwise.
715  string? ssid;
716  SecurityType security = kNone;
717};
718
719union NetworkTypeConfigProperties {
720  CellularConfigProperties cellular;
721  EthernetConfigProperties ethernet;
722  VPNConfigProperties vpn;
723  WiFiConfigProperties wifi;
724};
725
726struct ConfigProperties {
727  AutoConnectConfig? auto_connect;
728  // An optional guid may be provided when configuring a visible network to
729  // preserve the existing guid.
730  string? guid;
731  string? ip_address_config_type;
732  MeteredConfig? metered;
733  // Name is only required for new configurations.
734  string? name;
735  string? name_servers_config_type;
736  PriorityConfig? priority;
737  ProxySettings? proxy_settings;
738  IPConfigProperties? static_ip_config;
739  // NetworkType is inferred from |type_config|.
740  NetworkTypeConfigProperties type_config;
741};
742
743// Properties provided to SetCellularSimState.
744struct CellularSimState {
745  // The current PIN or PUK. Required for unlocking the SIM, or when setting
746  // |require_pin|.
747  string current_pin_or_puk;
748  // If provided change the PIN to |new_pin|. Required if the SIM is PUK locked.
749  string? new_pin;
750  // Whether a PIN should be required. Ignored when unlocking a locked SIM.
751  bool require_pin;
752};
753
754// Properties provided by GetGlobalPolicy. These properties affect network
755// configuration as a whole instead of individual network configurations.
756struct GlobalPolicy {
757  // If true, only policy networks may auto connect.
758  bool allow_only_policy_networks_to_autoconnect = false;
759
760  // If true, only policy networks may be connected to and no new networks may
761  // be added or configured.
762  bool allow_only_policy_networks_to_connect = false;
763
764  // If true and a managed network is available in the visible network list,
765  // only policy networks may be connected to and no new networks may be added
766  // or configured.
767  bool allow_only_policy_networks_to_connect_if_available = false;
768
769  // List of blocked networks which can not be connected to.
770  array<string> blocked_hex_ssids;
771};
772
773// VPN providers for type kExtension and kArc are set via SetVpnProviders and
774// stored in the service implementation. Clients may retrieve the current list
775// and receive observer events to track changes to the list. The list of
776// providers is only used by UI code, they are not sent to the connection
777// manager (Shill).
778struct VpnProvider {
779  // Only type kExtension and kArc should be used here. Other provider types
780  // are internal to Shill and implicit; VpnProvider properties will be ignored.
781  VpnType type;
782  // Extension id (GUID) or Arc package name, e.g. myvpn.app.package.
783  string provider_id;
784  // Extension provider name or Arc app name, e.g. MyVPN.
785  string provider_name;
786  // Extension id (GUID) or Arc app id (GUID), used to launch the VPN UI.
787  string app_id;
788  // Last launch time of the VPN.
789  mojo_base.mojom.Time last_launch_time;
790};
791
792// Information about a network certificate for the purpose of selecting an
793// available certificate in a UI and providing information in a ConfigProperties
794// struct to SetProperties or ConfigureNetwork. No private information should
795// be included here.
796struct NetworkCertificate {
797  CertificateType type;
798  // Unique hash for the certificate, used to uniquely identify certificates.
799  string hash;
800  // Certificate issuer common name for display in a UI.
801  string issued_by;
802  // Certificate name or nickname for display in a UI.
803  string issued_to;
804  // For server certificate authorities (type == kServerCA), this contains the
805  // public certificate in PEM format.
806  // For user certificates, this contains the  PKCS#11 id to be passed to the
807  // configuration manager (Shill) for retrieving the encrypted certificate.
808  // This will be used in the appropriate ConfigProperties dictionary.
809  // TODO(1006901): Use a union here instead once the issue is fixed.
810  string pem_or_id;
811  // Whether the certificate is hardware backed.
812  bool hardware_backed;
813  // Whether the certificate is device wide (i.e. stored in a shared profile,
814  // not a user specific profile).
815  bool device_wide;
816};
817
818// Interface for fetching and setting network configuration properties, e.g.
819// from Settings WebUI or the SystemTray.
820interface CrosNetworkConfig {
821  AddObserver(pending_remote<CrosNetworkConfigObserver> observer);
822
823  // Returns the state properties of the network matching |guid|. If the network
824  // is not available returns null.
825  GetNetworkState(string guid) => (NetworkStateProperties? result);
826
827  // Returns a list of Network properties matching |filter|. Networks are
828  // ordered by the system based on their priority, with active networks listed
829  // first.
830  GetNetworkStateList(NetworkFilter filter) =>
831    (array<NetworkStateProperties> result);
832
833  // Returns a list of Device properties.
834  GetDeviceStateList() => (array<DeviceStateProperties> result);
835
836  // Returns the managed properties of the network matching |guid|. The result
837  // is an ONC dictionary with well defined property keys and managed ONC value
838  // dictionaries (e.g. ManagedString). If the network properties are not
839  // available returns null.
840  GetManagedProperties(string guid) => (ManagedProperties? result);
841
842  // Sets properties for the network matching |guid|. |properties.guid| must be
843  // null or match |guid|, otherwise it will fail with an invalid input error.
844  // If |success| is false, |error_message| provides a string identifying the
845  // error. The string may be a Shill error, or an error token provided by the
846  // NetworkHandler layer. JS localization for a common subset of these is
847  // provided by network_element::AddErrorLocalizedStrings.
848  // TODO(1004434): Consider enumerating these.
849  SetProperties(string guid, ConfigProperties properties) =>
850    (bool success, string error_message);
851
852  // Configures a new network with |properties|. If |properties.guid| is
853  // provided, an existing configuration must exist and match the provided
854  // |properties|. Returns the guid of the new network configuration on success.
855  // A null guid indicates that the properties were invalid or incomplete. See
856  // SetProperties for notes on errorMessage.
857  ConfigureNetwork(ConfigProperties properties, bool shared) =>
858    (string? guid, string error_message);
859
860  // Forgets an existing network configuration matching |guid| by clearing all
861  // configured properties. Returns true if the network exists and is
862  // successfully removed.
863  ForgetNetwork(string guid) => (bool success);
864
865  // Sets a single network type (e.g. WiFi) to enabled or disabled. Types
866  // describing multiple technologies (e.g. kWireless) are not supported.
867  // Returns false if the type is invalid, unavailable, or can not be disabled.
868  // CrosNetworkConfigObserver::OnDeviceStateListChanged() can be used to be
869  // notified when the enabled state changes.
870  SetNetworkTypeEnabledState(NetworkType type, bool enabled) => (bool success);
871
872  // Sets the SIM state for the primary Cellular device:
873  // * If no SIM is present, returns false.
874  // * If the SIM is PUK locked, attempts to unlock the SIM with the provided
875  //   |current_pin_or_puk| value and set a new SIM value to |new_pin| which
876  //   must be provided. |pin_required| is ignored. Returns true on success.
877  // * If the SIM is PIN locked, attempts to unlock the SIM with the provided
878  //   |current_pin_or_puk| value. |pin_required| is ignored. Returns true on
879  //   success.
880  // * If the SIM is unlocked, |current_pin_or_puk| must match the current PIN.
881  //   * If |new_pin| if provided, attempts to set the new PIN.
882  //   * Otherwise attempts to set the pin required state to |pin_required|.
883  //   * Returns true if the operation succeeded.
884  SetCellularSimState(CellularSimState state) => (bool success);
885
886  // Selects which Cellular mobile network to use. |network_id| must match a
887  // FoundNetworkProperties.network_id for an entry in the
888  // ManagedProperties.found_networks property for the specified Cellular
889  // network. Returns true if the operation succeeded.
890  SelectCellularMobileNetwork(string guid, string network_id) => (bool success);
891
892  // Requests a scan for new networks. If the list updates,
893  // CrosNetworkConfigObserver::OnNetworkStateListChanged() will be signaled.
894  // Note: If |type| is Cellular, a mobile network scan will be requested
895  // if supported. This is disruptive and should only be triggered by an
896  // explicit user action.
897  RequestNetworkScan(NetworkType type);
898
899  // Returns the global policy properties. These properties are not expected to
900  // change during a session.
901  GetGlobalPolicy() => (GlobalPolicy result);
902
903  // Starts a connection to the network matching |guid|. The response returns
904  // |result| when the connect request is sent or is determined unable to be
905  // sent, not when the operation completes. Use CrosNetworkConfigObserver to
906  // observe the connection state after a successful request. If the result is
907  // not kSuccess, |message| will contain a descriptive string for debugging.
908  StartConnect(string guid) => (StartConnectResult result, string message);
909
910  // Starts a disconnect from the network matching |guid|. The response returns
911  // true when the disconnect request is sent if the network exists and is
912  // connected, or false if not. Use CrosNetworkConfigObserver to observe the
913  // connection state after a successful request.
914  StartDisconnect(string guid) => (bool success);
915
916  // Provides a list of external VPN providers. Used to populate provider name
917  // in VPN properties, returned from GetVpnProviders, and sent to observers.
918  SetVpnProviders(array<VpnProvider> providers);
919
920  // Returns the list of external VPN providers.
921  GetVpnProviders() => (array<VpnProvider> providers);
922
923  // Returns the lists of server certificate authorities and user certificates
924  // available for network configuration. See NetworkCerificate for more info.
925  GetNetworkCertificates() => (array<NetworkCertificate> server_cas,
926                               array<NetworkCertificate> user_certs);
927};
928
929interface CrosNetworkConfigObserver {
930  // Fired when properties of any active network or previously active network
931  // change. Provides all currently active network states.
932  OnActiveNetworksChanged(array<NetworkStateProperties> networks);
933
934  // Fired when the properties of a specific network state change. For active
935  // networks this will be fired in addition to OnActiveNetworksChanged. For
936  // other networks it will fire when the configuration changes or a non
937  // active property changes (e.g. signal_strength).
938  OnNetworkStateChanged(NetworkStateProperties network);
939
940  // Fired when the list of networks changes.
941  // CrosNetworkConfig::GetNetworkStateList() can be used to get the network
942  // states.
943  OnNetworkStateListChanged();
944
945  // Fired when the list of devices changes or a device property changes.
946  // CrosNetworkConfig::GetDeviceStateList() can be used to retrieve the device
947  // states.
948  OnDeviceStateListChanged();
949
950  // Fired when the list of VPN providers changes. Use GetVpnProviders if the
951  // updated provider list is required.
952  OnVpnProvidersChanged();
953
954  // Fired when the server CA or user certificate lists change. Use
955  // GetNetworkCertificates if the updated certificate lists are required.
956  OnNetworkCertificatesChanged();
957};
958