AnyConnect Secure Mobility Client 5.0.00556

include/ClientIfcBase.h

00001 /**************************************************************************
00002 *   Copyright (c) 2006, 2021 Cisco Systems, Inc.
00003 *   All Rights Reserved. Cisco Highly Confidential.
00004 ***************************************************************************
00005 *
00006 *   File:   ClientIfcBase.h
00007 *   Author: Chris Fitzgerald
00008 *   Date:   08/2007
00009 *
00010 ***************************************************************************
00011 *   Client Interface Base class implementation for the Client API.
00012 ***************************************************************************/
00013 
00014 // The ClientIfcBase class contains the majority of private methods and members.
00015 // The purpose of this class is to hide all but the necessary methods from
00016 // being exposed.
00017 //
00018 
00019 #ifndef _CLIENTIFCBASE_
00020 #define _CLIENTIFCBASE_
00021 
00022 #include <list>
00023 #include <vector>
00024 #include <memory>
00025 
00026 
00027 /*
00028  * SCRIPTING_SUPPORTED, INTERPROCESS_COMMUNICATION_SUPPORTED macro is a copy of corresponding
00029  * #define from GenDefs.h. Any change in #define for the macro in GenDefs.h must propogated to
00030  * this header file too. We duplicate this definition here due to the manner in which we distribute
00031  * our code to partners; we cannot include GenDefs.h from here.
00032  */
00033 #if !defined(PLATFORM_APPLE_SSLVPN) && !defined(PLATFORM_ANDROID) && !defined(PLATFORM_WIN_APP)
00034 #define SCRIPTING_SUPPORTED
00035 #endif
00036 #if !defined(PLATFORM_WIN_APP)
00037 #define INTERPROCESS_COMMUNICATION_SUPPORTED
00038 #endif
00039 
00040 /*
00041  * SCEP_CERTIFICATE_ENROLLMENT_SUPPORTED macro is a copy of corresponding #define from GenDefs.h.
00042  * Any change in #define for the macro in GenDefs.h must propogated to this header file too. We
00043  * duplicate this definition here due to the manner in which we distribute our code to partners;
00044  * we cannot include GenDefs.h from here.
00045  */
00046 #if defined(_WIN32) || defined(_WIN32_WCE) || defined(PLATFORM_DARWIN) || defined(PLATFORM_LINUX) || defined(PLATFORM_ANDROID) || defined(PLATFORM_APPLE_SSLVPN)
00047 #define SCEP_CERTIFICATE_ENROLLMENT_SUPPORTED
00048 #endif
00049 
00050 /*
00051  * HOST_DATA_SUPPORTED macro is a copy of corresponding #define from GenDefs.h. Any change
00052  * in #define for the macro in GenDefs.h must propogated to this header file too. We duplicate
00053  * this definition here due to the manner in which we distribute our code to partners;
00054  * we cannot include GenDefs.h from here.
00055  */
00056 #if defined(PLATFORM_ANDROID) || defined(PLATFORM_APPLE_SSLVPN) || defined(PLATFORM_CHROMEBOOK)
00057 #define HOST_DATA_SUPPORTED
00058 #endif
00059 
00060 /*
00061  * MANUAL_PKCS12_IMPORT_SUPPORTED macro is a copy of corresponding #define from GenDefs.h.
00062  * Any change in #define for the macro in GenDefs.h must propogated to this header file too.
00063  * We duplicate this definition here due to the manner in which we distribute our
00064  * code to partners; we cannot include GenDefs.h from here.
00065  */
00066 #if defined(PLATFORM_APPLE_SSLVPN) || defined(PLATFORM_ANDROID) || defined(PRODUCT_TYPE_SSA)
00067 #define MANUAL_PKCS12_IMPORT_SUPPORTED
00068 #endif
00069 
00070 /*
00071  * PROGRAM_DATA_IMPORT_SUPPORTED macro is a copy of corresponding #define from GenDefs.h.
00072  * Any change in #define for the macro in GenDefs.h must propogated to this header file too.
00073  * We duplicate this definition here due to the manner in which we distribute our
00074  * code to partners; we cannot include GenDefs.h from here.
00075  */
00076 #if defined(PLATFORM_ANDROID)
00077 #define PROGRAM_DATA_IMPORT_SUPPORTED
00078 #endif
00079 
00080 /*
00081  * CREDENTIAL_PREFILL_SUPPORTED macro is a copy of corresponding #define from GenDefs.h.
00082  * Any change in #define for the macro in GenDefs.h must propogated to this header file too.
00083  * We duplicate this definition here due to the manner in which we distribute our
00084  * code to partners; we cannot include GenDefs.h from here.
00085  */
00086 #if defined(PLATFORM_ANDROID)
00087 #define CREDENTIAL_PREFILL_SUPPORTED
00088 #endif
00089 
00090 #if defined(MANUAL_PKCS12_IMPORT_SUPPORTED) && !defined(__GENDEFS_H)
00091 #if defined(HAVE_STDINT_H)
00092 #include <stdint.h>
00093 #else
00094 typedef unsigned char uint8_t;
00095 #endif // HAVE_STDINT_H
00096 #endif // MANUAL_PKCS12_IMPORT_SUPPORTED
00097 
00098 #include "api.h"
00099 #include "PreferenceUpdate.h"
00100 
00101 #if defined(PLATFORM_WIN_APP)
00102 typedef unsigned char uint8_t;
00103 #endif
00104 
00105 #if defined(HOST_DATA_SUPPORTED)
00106 #include "IHostData.h"
00107 #endif
00108 
00109 #if defined(ANYCONNECT_USE_SNAK)
00110 #include "Utility/PluginLoader.h"
00111 #include "SNAK_CertPlugin.h"
00112 #include "SNAK_SocketPlugin.h"
00113 #include "SNAK_StoragePlugin.h"
00114 #endif 
00115 
00116 class ConnectPromptInfo;
00117 class ConnectMgr;
00118 class MsgWithArg;
00119 class VPNStats;
00120 class AgentIfc;
00121 class ProfileMgr;
00122 class ApiThread;
00123 class EventMgr;
00124 class PreferenceMgr;
00125 class PreferenceInfo;
00126 class UserPreferences;
00127 class CScriptingMgr;
00128 class CManualLock;
00129 class ProxyIfc;
00130 class CIpcMessage;
00131 class SCEPIfc;
00132 class CertObj;
00133 class CExecutionContext;
00134 class HostEntry;
00135 class CAppLog;
00136 
00137 #if defined(CREDENTIAL_PREFILL_SUPPORTED)
00138 class CredentialPrefill;
00139 #endif
00140 
00141 #if !defined(PLATFORM_APPLE_SSLVPN)
00142 class CStoragePath;
00143 #endif
00144 
00145 #ifdef ANYCONNECT_USE_SNAK
00146 class PluginLoader;
00147 class SNAK_StoragePlugin;
00148 class SNAK_CertPlugin;
00149 class SNAK_SocketPlugin;
00150 class SNAK_DeviceInfoPlugin;
00151 class SNAKDeviceInfoPluginCBImpl;
00152 #endif // ANYCONNECT_USE_SNAK
00153 
00154 #if defined(ANYCONNECT_USE_SNAK) || defined(PLATFORM_APPLE_SSLVPN)
00155 class ManagedCertificate;
00156 class ManagedCertHandle;
00157 #endif // ANYCONNECT_USE_SNAK || PLATFORM_APPLE_SSLVPN
00158 
00159 #if defined(PROGRAM_DATA_IMPORT_SUPPORTED)
00160 class IACImporterAsync;
00161 class IACImporterAsyncCB;
00162 #endif
00163 
00164 class VPN_VPNAPI ClientIfcBase : private IPreferenceUpdateCB
00165 {
00166     friend class EventMgr;
00167 
00168     protected:
00169 
00170         /**
00171         * Callback used to deliver new statistics related to the VPN
00172         * connection.
00173         *
00174         * When a connection is active, a new set of statistics is
00175         * delivered each second.
00176         *
00177         * @see resetStats(), stopStats() and startStats()
00178         *
00179         */
00180         virtual void StatsCB(VPNStats &stats) = 0;
00181 
00182 
00183         /**
00184         * Callback used to deliver VPN state and state change string.
00185         * The stateString delivered by this method is localized.
00186         *
00187         * See the ::VPNState enum found in api.h for set of valid states.
00188         */
00189         virtual void StateCB(const VPNState state,
00190                              const VPNSubState subState,
00191                              const tstring stateString) = 0;
00192 
00193 
00194         /**
00195         * If a banner needs to be acknowledged, this CB delivers the banner
00196         * to the client.
00197         *
00198         * NOTE: Connection establishment will block until the method
00199         * setBannerResponse() is called.
00200         *
00201         * In a GUI, a banner would typically be displayed in a modal dialog
00202         * with an accept or decline button selection.
00203         *
00204         * @see setBannerResponse() to set the user response to the banner.
00205         */
00206         virtual void BannerCB(const tstring &banner) = 0;
00207 
00208         /**
00209          * If a pre-connect reminder needs to be acknowledged, this CB delivers
00210          * the pre-connect reminder to the client. 
00211          *
00212          * NOTE: Connection establishment will block until the method
00213          * setPreConnectReminderResponse() is called.
00214          *
00215          * In a GUI, a pre-connect reminder would typically be displayed in a modal
00216          * dialog with an OK button selection.
00217          *
00218          * @see setPreConnectReminderResponse() to set the user acknowledgement to
00219          * the pre-connect reminder message.
00220          */  
00221         virtual void PreConnectReminderCB(const tstring &rtstrPreConnectReminder);
00222 
00223         /**
00224         * Messages are delivered via the NoticeCB and can come from multiple
00225         * sources.  There are four message types (error, warning, info and
00226         * status).  See the ::MessageType enum in api.h for the list.
00227         *
00228         * Clients using the API as an embedded application (not
00229         * user visible) might want to further characterize
00230         * messages.  One option here is to use the AnyConnect message
00231         * catalog and assign message codes as the translations for
00232         * various messages.  An application could then track messages based
00233         * on its own error code scheme.
00234         */    
00235         virtual void NoticeCB(const tstring &notice,
00236                               const MessageType type,
00237                               const bool bSensitive = false) = 0;
00238 
00239 #if defined(PLATFORM_APPLE_SSLVPN) || defined(PLATFORM_ANDROID) || defined(PLATFORM_CHROMEBOOK)
00240         virtual void CertBannerCB(const tstring &certBannerSummary,
00241                                   const uint32_t nCertBannerCertLen,
00242                                   const uint8_t *pCertBannerCertDer,
00243                                   const std::list<tstring> &confirmReasons,
00244                                   const std::list<CertConfirmReason> &confirmReasonEnums,
00245                                   bool bImportAllowed = true) = 0;
00246 #endif
00247 
00248         /**
00249         * This CB would likely occur only during a connection when it was
00250         * detected that the software needed to be upgraded, or when Start
00251         * Before Logon (SBL) is being used.
00252         *
00253         * Unlike the other callback methods, this method provides a default
00254         * implementation (calling the system's exit() function).
00255         * If clients of the API wish to override this behavior, they are
00256         * responsible for ensuring that the current running process exits with
00257         * the return code specified by returnCode.
00258         *
00259         * <b>Caution</b>: IF YOU OVERRIDE THIS METHOD AND DO NOT EXIT WITH
00260         * THE PROPER CODE SOFTWARE UPDATE FUNCTIONALITY IN YOUR CLIENT WILL
00261         * BREAK
00262         */
00263         virtual void ExitNoticeCB(const tstring &tstrNotice,
00264                                   const int returnCode);
00265 
00266 
00267         /**
00268         * Under normal operating conditions, this CB is called as soon
00269         * as the attach method completes.  In case the service (vpn agent)
00270         * is not ready, this CB is not called until it is.
00271         *
00272         * Any API calls made prior to this CB being called will result in a
00273         * NoticeCB error message.
00274         */
00275         virtual void ServiceReadyCB() = 0;
00276 
00277 
00278 
00279         /**
00280         * This method supports prompting for single or multiple values.  All
00281         * prompts are considered mandatory.
00282         *
00283         * The ConnectPromptInfo object contains a list of PromptEntry
00284         * instances.  The labels and their default values (if any) can be
00285         * found in these instances.  After the data has been collected from the user
00286         * it can be set into these same instances.  When ready, the client
00287         * application should call the method UserSubmit() to have the
00288         * responses read by the API.
00289         */
00290         virtual void UserPromptCB(ConnectPromptInfo &ConnectPrompt) = 0;
00291 
00292 
00293         /**
00294         * Use this method to provide Window Manager hints to GUI
00295         * applications.  To receive these hints, the application must
00296         * identify itself as a GUI in the attach method.  In addition, this
00297         * method should be overriden to receive any generated events.
00298         *
00299         * Event that can be received include those indicating that a user is
00300         * starting a second instance of the GUI application.  This information
00301         * can be used to tell the already running application to un-minimize
00302         * itself and let the new program know that it should Quit (since a GUI
00303         * is already running).
00304         */
00305         virtual void WMHintCB(const WMHint hint,
00306                               const WMHintReason reason);
00307 
00308 
00309         /**
00310         * This method is useful when the connection to the secure gateway
00311         * has been established as part of a web-launch of the VPN tunnel.
00312         *
00313         * If the client application wishes to be notified of the secure
00314         * gateway to which the VPN has been established, this method should
00315         * be overriden.
00316         *
00317         * If the client application is started and a tunnel is already active,
00318         * this method also delivers the name of the secure gateway host.
00319         */
00320         virtual void deliverWebLaunchHostCB(const tstring &activeHost);
00321 
00322         /**
00323         * This method is called when the preference to block untrusted
00324         * servers is enabled and the current VPN server being connected
00325         * to is untrusted. Clients should present an error to the user
00326         * notifying them that the current connection to rtstrUntrustedServer
00327         * is being blocked. The client should also provide a way for the
00328         * user to change the preference to block untrusted servers.
00329         *
00330         * The user response must be indicated using setCertBlockedResponse
00331         */
00332         virtual void CertBlockedCB(const tstring &rtstrUntrustedServer) = 0;
00333 
00334         /**
00335         * This method is called when connections to untrusted VPN servers
00336         * is allowed by policies and the current VPN server being connected
00337         * to is untrusted. Clients should present a warning to the user
00338         * notifying them that the current connection to rtstrUntrustedServer
00339         * is unsafe. The reason the VPN server is untrusted is provided in
00340         * rltstrCertErrors. The client should provide a way for the user to
00341         * connect once, connect and always trust or cancel the connection.
00342         * If bAllowImport is set to false then the always trust option should
00343         * not be presented to users.
00344         *
00345         * The user response must be indicated using setCertWarningResponse
00346         */
00347         virtual void CertWarningCB(const tstring &rtstrUntrustedServer,
00348                                    const std::list<tstring> &rltstrCertErrors,
00349                                    bool bAllowImport) = 0;
00350 
00351 #if defined(PLATFORM_WIN_APP)
00352         /**
00353         * Same as above but also passes the Server certificate DER for details display
00354         */
00355         virtual void CertWarningCB(const tstring &rtstrUntrustedServer,
00356                                    const std::list<tstring> &rltstrCertErrors,
00357                                    const std::vector<uint8_t> &rvServerCertDER,
00358                                    bool bAllowImport) = 0;
00359 #endif
00360 
00361         /**
00362         * This method can be overriden if the client application wishes to
00363         * exercise some control over the delivery of events from the other
00364         * protected methods in this class.
00365         *
00366         * This might be necessary in cases where a GUI is being written and
00367         * the data from this API needs to be delivered in the GUI or main
00368         * thread.  In this case, you should override this method and when it
00369         * is called by the API post an event to your event queue (message
00370         * pump, etc.).  After this event executes in your GUI or main thread,
00371         * call the method ClientIfc::ProcessEvents to have events delivered
00372         * to your client application.
00373         */
00374         virtual void EventAvailable();
00375 
00376 #ifdef MANUAL_PKCS12_IMPORT_SUPPORTED
00377         virtual void ImportPKCS12ResultCB(const std::vector<uint8_t> &certHash, const tstring &tstrError);
00378 #endif        
00379 #ifdef PLATFORM_ANDROID
00380         virtual void ClientCertificateCB(std::vector< std::pair<uint32_t, uint8_t*> > certList) = 0;
00381         virtual void AgentDetachedCB();
00382 #endif
00383 
00384         AgentIfc &getAgentIfc();
00385 
00386         ClientIfcBase();
00387 
00388 
00389     public:
00390 
00391         virtual bool attach(ClientType clientType = ClientType_GUI,
00392                             bool requestFullCapabilities = true,
00393                             bool suppressAutoConnect = true);
00394 
00395         virtual void detach();
00396 
00397         virtual void ProcessEvents();
00398 
00399         virtual bool hasFullCapabilities();
00400 
00401         virtual bool isConnected();
00402 
00403         virtual bool isAvailable();
00404 
00405         virtual std::list<tstring> getHostNames();
00406 
00407         virtual std::list<HostEntry> getHostEntries();
00408 
00409         virtual tstring getDefaultHostName();
00410 
00411 #if defined(HOST_DATA_SUPPORTED)
00412         virtual bool connect(const IHostData& hostData);
00413                 
00414         bool connect(const IHostData& hostData,
00415                      unsigned int origin);
00416 #else
00417         virtual bool connect(tstring host);
00418 
00419         bool connect(tstring host,
00420                      unsigned int origin);
00421 #endif
00422 
00423         virtual bool setNewTunnelGroup(const tstring & group);
00424 
00425         virtual void disconnect();
00426 
00427         virtual void cancel();
00428 
00429         virtual void resetStats();
00430 
00431         virtual void getState();
00432 
00433         VPNState getCurrentState();
00434         VPNSubState getCurrentSubState();
00435         VPNSubState getPreviousSubState();
00436 
00437         tstring getStateText();
00438         static tstring getNoticeTypeText(MessageType msgType);
00439 
00440         static tstring getStateText(VPNState state,
00441                                     VPNSubState subState = VPNSS_NORMAL,
00442                                     NETENV_STATE netEnvState = NES_NETWORK_ACCESSIBLE,
00443                                     const tstring& tstrConnectedHost = tstring());
00444 
00445         void setNetworkStates(NETENV_STATE netEnvState, 
00446                               NETCTRL_STATE netCtrlState,
00447                               NETWORK_TYPE netType,
00448                               bool bACBrowserForCPRemediation,
00449                               bool bUpdateUI);
00450         void refreshOperatingModeForCurrentNetStates();
00451         NETENV_STATE getCurrentNetEnvState();
00452         NETENV_STATE getPreviousNetEnvState();
00453         NETCTRL_STATE getCurrentNetCtrlState();
00454         NETWORK_TYPE getCurrentNetType();
00455         bool isACBrowserForCPRemediation();
00456 
00457         static tstring getNetCtrlText(NETCTRL_STATE netCtrlState);
00458         static tstring getNetEnvText(NETENV_STATE netEnvState,
00459                                      bool bSimple = false);
00460         static tstring getNetTypeText(NETWORK_TYPE netType);
00461         static tstring getQuarantinedStatusText();
00462         static tstring getNetworkStatusSimpleText(const NETENV_STATE netEnvState,
00463                                                   const NETCTRL_STATE netCtrlState);
00464 
00465         // can't be static due to requiring operating mode information
00466         tstring getNetworkStatusText(const VPNState state,
00467                                      const VPNSubState subState,
00468                                      const NETENV_STATE netEnvState,
00469                                      const NETCTRL_STATE netCtrlState);
00470 
00471         PreferenceInfo &getPreferences();
00472 
00473         bool savePreferences();
00474 
00475         virtual void startStats();
00476 
00477         virtual void stopStats();
00478 
00479         virtual void UserSubmit();
00480 
00481         void setBanner(const tstring &banner);
00482         void setBannerResponse(bool bResponse);
00483 
00484         void setPreConnectReminder(const tstring &tstrPreConnectReminder);
00485         void setPreConnectReminderResponse();
00486 
00487         bool getUserResponse();
00488         bool isUserResponseSet();
00489 
00490         void setCertBlocked(const tstring &tstrUntrustedServer);
00491         void setCertWarning(const tstring &rtstrUntrustedServer,
00492                             const std::list<tstring> &rltstrCertErrors,
00493                             bool bAllowImport);
00494 #if defined(PLATFORM_WIN_APP)
00495         void setCertWarning(const tstring &rtstrUntrustedServer,
00496                             const std::list<tstring> &rltstrCertErrors,
00497                             const std::vector<uint8_t>& rvServerCertDER,
00498                             bool bAllowImport);
00499 #endif
00500         bool getCertImportResponse();
00501 
00502 #if defined(PLATFORM_APPLE_SSLVPN) || defined(PLATFORM_ANDROID) || defined(PLATFORM_CHROMEBOOK)
00503         void setCertBanner(tstring tstrCertBannerSummary,
00504                            uint32_t nCertBannerCertLen,
00505                            const uint8_t *pCertBannerCertDer,
00506                            const std::list<tstring> &confirmReasons,
00507                            const std::list<CertConfirmReason> &confirmReasonEnums,
00508                            bool bImportAllowed);
00509 
00510         void setCertBannerResponse(bool bResponse, bool bImportCert);
00511         void importServerCert(std::vector<uint8_t> certData);
00512         bool setFipsMode(bool bEnableFips);
00513 #if defined(PLATFORM_ANDROID)
00514         bool setStrictMode(bool bEnableStrictMode);
00515         bool setRevocationEnabled(bool bRevocationEnabled);
00516         bool IsRevocationEnabled();
00517 #endif // currently supported only for android
00518 #endif
00519 
00520         void setUserPrompt(ConnectPromptInfo &ConnectPrompt);
00521 
00522 #ifdef PLATFORM_ANDROID
00523         void setClientCertResponse(std::vector< std::pair<uint32_t, uint8_t*> > &derList);
00524         void setAgentDetached();
00525         bool getClientCertificates();
00526 #endif
00527 
00528 #if defined(PLATFORM_APPLE_SSLVPN) || defined(PLATFORM_ANDROID)
00529         void setSCEPEnrollInProgress(bool bInProgress);
00530         bool isSCEPEnrollInProgress();
00531 #endif // PLATFORM_APPLE_SSLVPN || PLATFORM_ANDROID
00532 
00533 #ifdef MANUAL_PKCS12_IMPORT_SUPPORTED
00534         void setImportPKCS12Result(const std::vector<uint8_t> &certHash, const tstring &tstrError);
00535         bool requestImportPKCS12(const std::vector<uint8_t> &data);
00536         std::vector<uint8_t> importPKCS12WithPassword(const std::vector<uint8_t> &data, const tstring &password);
00537 #endif
00538 
00539         void setCertBlockedResponse(bool bUnlock);
00540         void setCertWarningResponse(bool bConnect, bool bImportCert);
00541 
00542         void insertStateToConnectPrompt(ConnectPromptInfo &ConnectPrompt);
00543 
00544         void ExitNotice(const tstring &tstrNotice, const int code = 0);
00545 
00546         void notice(const tstring &tstrNotice,
00547                     const MessageType type = MsgType_Info,
00548                     bool bClearLastMsg = false,
00549                     bool bForce = false,
00550                     bool bStateMsg = false,
00551                     bool bSensitiveMsg = false);
00552 
00553         void notice(MsgWithArg &notice,
00554                     const MessageType type = MsgType_Info,
00555                     bool bClearLastMsg = false,
00556                     bool bForce = false,
00557                     bool bStateMsg = false,
00558                     bool bSensitiveMsg = false);
00559 
00560         void getStats(void);
00561 
00562         void setStats(VPNStats &stats);
00563 
00564         void exportStats(const tstring &tstrFilePath);
00565 
00566         void setState(VPNState state,
00567                       VPNState previousState,
00568                       VPNSubState subState = VPNSS_NORMAL,
00569                       bool bUpdateStateMsg = true,
00570                       bool bOnlyUpdateUI = false);
00571 
00572 #ifdef PROGRAM_DATA_IMPORT_SUPPORTED
00573         IACImporterAsync *createACImporter(IACImporterAsyncCB *pCallback);
00574 #endif
00575 
00576         void setWMHint(WMHint hint,
00577                        WMHintReason reason);
00578 
00579         bool isLastConnectType (const ConnectPromptType connPromptType);
00580 
00581         bool isOperatingMode(OperatingMode opMode);
00582         void setOperatingMode(OperatingMode opMode);
00583         void unsetOperatingMode(OperatingMode opMode);
00584 
00585         bool CanRemediateCaptivePortal();
00586         bool policyAllowsCaptivePortalRemediation();
00587 
00588         bool isEventShutdown();
00589 
00590         bool isUsingEventModel();
00591 
00592         time_t getLastDisconnectTime();
00593 
00594         ConnectPromptInfo getConnectPromptInfo();
00595         void resetConnectPromptPasswordData();
00596 
00597         void setStandaloneConnection(bool isStandalone);
00598 
00599         void deliverActiveHost(const tstring &activeHost,
00600                                ConnectProtocolType vpnProtocol = PROTOCOL_TYPE_UNKNOWN,
00601                                bool bActiveHostFriendlyName = false);
00602 
00603         bool isVPNServiceReady();
00604 
00605         // reset last disconnect time indicator.
00606         //
00607         void resetLastDisconnectTime(time_t time = 1);
00608 
00609         void processMinimize();
00610         
00611         // cert enrollment
00612         void setEnrollClientCert(CertObj* pCert);
00613 
00614         // Show user banner for cert import warning on linux
00615         // SCEPIfc to ConnectMgr
00616         void linuxCertImportWarnUser();
00617 
00618         // Response to cert warning on linux
00619         // ConnectMgr to SCEPIfc
00620         void linuxCertImportWarnUserResponse(bool bAccept);
00621 
00622         void setDefaultHost(tstring &host);
00623 
00624 #if defined(HOST_DATA_SUPPORTED)
00625         void setDefaultHostProfile(const IHostData &hostProfile);
00626         IHostData* getDefaultHostData();
00627 #endif // HOST_DATA_SUPPORTED
00628 
00629         void setLastVpnError(VPNError vpnError);
00630         VPNError getLastVpnError();
00631 
00632 #ifdef PLATFORM_ANDROID
00633         bool requestClientCertificates();
00634 #endif
00635 
00636         bool requestImportLocalization(const tstring tstrLocale,
00637                                        const std::vector<unsigned char> &MoFileData);
00638 
00639         // Start the Automatic Headend Selection operation
00640         void startAHS(const unsigned int uiReason, 
00641                       const ProxyIfc& proxy);
00642         // statusReturnCode is a long to match the current type of STATUSCODE.
00643         // It is not using a STATUSCODE directly so that we do not have to
00644         // expose the header files for STATUSCODEs to ClientIfcBase.h
00645         void AHSSelectedHost(const unsigned int uiReason,
00646                              const std::vector<tstring> &headendList,
00647                              const long statusReturnCode,
00648                              const tstring& extraInfo);
00649         std::vector<tstring> getAHSHostList();
00650         unsigned int getAHSState();
00651         bool isAHSHasRun();
00652 
00653         bool suppressConnectionErrorPopups();
00654 
00655         tstring getCaptivePortalDetectedMsg();        
00656 
00657         void setProxyAuthPrompts(ProxyIfc* pProxy,
00658                                  const tstring& promptMsg);
00659 
00660 #if defined(INTERPROCESS_COMMUNICATION_SUPPORTED)
00661         bool handleIpcMessage(CIpcMessage *pIpcMessage);
00662 #endif
00663         bool IsCsdTokenVerified() const;
00664 
00665 #if defined(PLATFORM_APPLE_SSLVPN) || defined(PLATFORM_ANDROID)
00666         virtual void SCEPEnrollStartCB();
00667         virtual void SCEPEnrollExitCB();
00668 #endif // PLATFORM_APPLE_SSLVPN || PLATFORM_ANDROID
00669         
00670         void activateConnectMgrTunnelInitiationCompletionEvent();
00671         bool isConnectRequestActive();
00672 #if defined(PLATFORM_ANDROID) || defined(PLATFORM_CHROMEBOOK)
00673         bool deleteProfileByName(const tstring &profileName);
00674         tstring getProfileContents(const tstring &profileName);
00675         bool importProfile(const tstring &profileName, const tstring &profileContents);
00676 #endif // PLATFORM_ANDROID || PLATFORM_CHROMEBOOK
00677 
00678         bool syncProfileChange(const tstring &profileName);
00679 
00680 #if defined(CREDENTIAL_PREFILL_SUPPORTED)
00681         bool hasPrefilledCredentials();
00682         bool prefillCredentials(ConnectPromptInfo &connectPrompt);
00683         void setPrefilledCredentials(CredentialPrefill *prefill);
00684 #endif
00685 
00686 #if defined(PLATFORM_ANDROID) || defined(PLATFORM_APPLE_SSLVPN)
00687         std::list<ManagedCertificate *> enumerateCertificates(CertificateType certType);
00688         bool deleteCertificates(CertificateType certType, const std::list<std::string> &idList);
00689         bool deleteServerCertificates(const std::list<std::string> &idList);
00690 #endif // ANYCONNECT_USE_SNAK || PLATFORM_APPLE_SSLVPN        
00691 
00692 #if defined(ANYCONNECT_USE_SNAK)        
00693         std::list<ManagedCertificate *> enumerateSNAKCertificates(SNAK_CertType certType);
00694         SNAK_CertType getSNAKCertType(CertificateType certType);
00695         bool deleteClientCertificates(const std::list<std::string> &idList);
00696 #endif // ANYCONNECT_USE_SNAK
00697 
00698 #if defined(PLATFORM_APPLE_SSLVPN)
00699         bool canUseBackupServers();
00700     
00701 #endif //PLATFORM_APPLE_SSLVPN
00702     
00703         virtual ~ClientIfcBase();
00704 
00705         tstring getConnectHost();
00706 
00707         tstring getMgmtTunnelHostname();
00708 
00709         VPN_TUNNEL_SCOPE getVpnTunnelScope();
00710 
00711         bool isStandaloneConnection();
00712 
00713         void sendSSoLogoutPrompt(ConnectPromptInfo &cpi);
00714 
00715         void setExternalSSOLogoutUrlFromAgent(const tstring& logoutUrl);
00716 
00717     private:
00718 
00719         //
00720         // Private Member Data
00721         //
00722 
00723         CExecutionContext* m_pExecutionContext;
00724         CExecutionContext* m_pExecutionContextMgr;
00725 
00726         AgentIfc *mo_AgentIfc;
00727 
00728         ConnectMgr *mo_ConnectMgr;
00729 
00730         ApiThread  *mo_ConnectThread;
00731 
00732         EventMgr  *mo_EventMgr;
00733 
00734         PreferenceMgr *mo_PreferenceMgr;
00735 
00736         ConnectPromptInfo *mp_currentConnectPromptInfo;
00737 
00738         PreferenceInfo *mo_EditablePrefs;
00739 
00740 #if defined(SCRIPTING_SUPPORTED)
00741         CScriptingMgr *mo_ScriptingMgr;
00742 #endif // SCRIPTING_SUPPORTED
00743 
00744 #if defined(SCEP_CERTIFICATE_ENROLLMENT_SUPPORTED)
00745         SCEPIfc* m_pSCEPIfc;
00746         bool m_bInformedAgentOfSCEP;
00747 #endif // SCEP_CERTIFICATE_ENROLLMENT_SUPPORTED
00748 #ifndef PLATFORM_APPLE_SSLVPN
00749         CStoragePath* m_pStoragePath;
00750 #endif // !PLATFORM_APPLE_SSLVPN
00751 
00752 #ifdef ANYCONNECT_USE_SNAK
00753         PluginLoader *m_pPluginLoader;
00754         SNAK_CertPlugin *m_pSNAKCert;
00755         SNAK_SocketPlugin *m_pSNAKSocket;
00756         SNAK_StoragePlugin *m_pSNAKStorage;
00757         SNAK_DeviceInfoPlugin *m_pSNAKDeviceInfo;
00758         SNAKDeviceInfoPluginCBImpl *m_pSNAKDeviceInfoCB;
00759 
00760         bool mb_SNAKInitialized;
00761 #endif
00762 
00763 #if  defined(PLATFORM_ANDROID) || defined(PLATFORM_APPLE_SSLVPN)
00764         bool mb_SCEPEnrollInProgress;
00765 #endif // PLATFORM_ANDROID || PLATFORM_APPLE_SSLVPN
00766 
00767         bool mb_PreferenceMgrCreated;
00768         bool mb_StandaloneConnection;
00769         bool mb_UsingEventModel;
00770         bool mb_UserResponse;
00771         bool mb_IsUserResponseSet;
00772         bool mb_PerformedAutoCertEnrollment;
00773         tstring ms_PostEnrollmentConnectHost;
00774         bool mb_CaptivePortalMsgDisplayed;
00775         bool m_bSuppressMinimizeOnConnect;
00776         bool m_bSuppressConnectionErrorPopups;
00777         bool m_bLastConnectionAutomatic;
00778         bool m_bImportCertResp;
00779                 bool m_bPrevMsgWasStateMsg;
00780 
00781         unsigned int mui_OperatingMode;
00782         NETENV_STATE m_currentNetEnvState;
00783         NETENV_STATE m_previousNetEnvState;
00784         NETCTRL_STATE m_currentNetCtrlState;
00785         NETWORK_TYPE m_currentNetType;
00786         bool m_bACBrowserForCPRemediation;
00787 
00788         tstring ms_message;
00789 
00790         time_t m_disconnectTime;
00791 
00792         static std::string ms_ThreadName;
00793 
00794         CManualLock* m_pClientIfcStateLock;
00795         CManualLock* m_pClientIfcLock;
00796         CManualLock* m_pClientIfcPromptsLock;
00797         CManualLock* m_pClientIfcOpModeLock;
00798         CManualLock* m_pClientIfcAHSLock;
00799         CManualLock* m_pClientIfcConnectModeLock;
00800         CManualLock* m_pClientIfcInformAgentOfSCEPLock;
00801 
00802         std::vector<tstring> msl_AHSSelectedHosts;
00803         ApiThread* m_pAHSThread;
00804         unsigned int m_uiAHSState;
00805 #if defined(CREDENTIAL_PREFILL_SUPPORTED)
00806         CredentialPrefill* m_pCredentialPrefill;
00807 #endif
00808 
00809         // m_AppLogStatus is a long to match the current type of STATUSCODE. It is not using the
00810         // type of STATUSCODE directly to not expose the header files for STATUSCODE here.
00811         long m_AppLogStatus;
00812         std::unique_ptr<CAppLog> m_upAppLogger;
00813 
00814         VPNError m_lastVpnError;
00815 
00816         static volatile bool mb_deleteFirstPass;
00817 
00818         //
00819         // Private Member Methods
00820         //
00821 
00822         ConnectMgr &getConnectMgr();
00823 
00824         ProfileMgr &getProfileMgr();
00825         UserPreferences &getUserPreferences();
00826 
00827         void displayAgentAttachMessage();
00828 
00829         void setLastDisconnectTime(time_t time);
00830 
00831         void setCurrentStatePrompts(const VPNState state, 
00832                                     const VPNState prevState,
00833                                     const VPNSubState subState,
00834                                     const bool bUpdateStateMsg);
00835         void setCurrentStateErrorMessage(VPNState state, CONNECT_FAILURE_REASON cfr);
00836         void getStateMessage(const VPNState state, 
00837                              const VPNState prevState,
00838                              const VPNSubState subState,
00839                              const NETENV_STATE neState,
00840                              /*out*/ MsgWithArg& stateMessage);
00841 
00842         // IPreferenceUpdateCB methods
00843         virtual void OnLoadPreferencesComplete();
00844         virtual bool IsPreferenceOverridable(const PreferenceId ePreferenceId);
00845         virtual void OverridePreferenceValue(const PreferenceId ePreferenceId,
00846                                              tstring& rPrefenceValue,
00847                                              bool& rbOverriden);
00848 
00849         void RefreshPreferences(void);
00850 
00851         void displayAHSPrompt(const bool isComplete);
00852         void handleAHSPreferences(const unsigned int uiReason);
00853         void setAHSState(const unsigned int ahsState);
00854 
00855         bool autoConnectIfEnabled(const bool suppressAutoConnect);
00856 
00857         void clearUserSetResponseFlag();
00858 
00859                 bool decodeSSOToken();
00860 
00861 #if defined(SCEP_CERTIFICATE_ENROLLMENT_SUPPORTED)
00862         bool processSCEPIpcMessage(CIpcMessage *pIpcMessage);
00863         bool isSCEPRedirect();
00864         void processSCEPRedirect();
00865 #endif // SCEP_CERTIFICATE_ENROLLMENT_SUPPORTED
00866 
00867         bool hasConnectCapabilities();
00868         bool hasMgmtCapabilities();
00869 
00870         ClientIfcBase(const ClientIfcBase& other);
00871         ClientIfcBase& operator=(const ClientIfcBase& other);
00872 
00873 #ifdef ANYCONNECT_USE_SNAK
00874         bool initializeSNAK(bool bUseExistingInstanceIfAvail);
00875         void destroySNAK();
00876         ManagedCertificate *convertSnakToManagedCertificate(const ManagedCertHandle &snakCert);
00877 #endif
00878 };
00879 
00880 
00881 #endif // _CLIENTIFCBASE_