wireless-security/eap: move cert picker setup and validation to common location

It is now used by the TLS method, but makes sense for TTLS and PEAP too.

4 files changed, 152 insertions, 143 deletions

diff --git a/Makefile.am b/Makefile.am
index 5cf9efff..be5cc3f8 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -393,6 +393,7 @@ src_libnm_gtk_libnm_gtk_la_CFLAGS = \
 	"-I$(srcdir)/src/utils" \
 	"-I$(srcdir)/src/wireless-security" \
 	"-I$(srcdir)/src/libnm-gtk" \
+	"-I$(srcdir)/src/libnma" \
 	-Isrc/libnma \
 	$(GTK_CFLAGS) \
 	$(LIBNM_GLIB_CFLAGS) \
diff --git a/src/wireless-security/eap-method-tls.c b/src/wireless-security/eap-method-tls.c
index 83c64f5f..b22357d3 100644
--- a/src/wireless-security/eap-method-tls.c
+++ b/src/wireless-security/eap-method-tls.c
@@ -298,35 +298,6 @@ client_key_password_validate_cb (NMACertChooser *cert_chooser, gpointer user_dat
 	return NULL;
 }
 
-static GError *
-ca_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data)
-{
-	NMSetting8021xCKScheme scheme;
-        NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
-	gs_unref_object NMSetting8021x *setting = NULL;
-	gs_free char *value = NULL;
-	GError *local = NULL;
-
-	setting = (NMSetting8021x *) nm_setting_802_1x_new ();
-
-	value = nma_cert_chooser_get_cert (cert_chooser, &scheme);
-	if (!value) {
-		return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC,
-		                            _("no CA certificate selected"));
-	}
-	if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) {
-		if (!g_file_test (value, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) {
-			return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC,
-			                            _("selected CA certificate file does not exist"));
-		}
-	}
-
-	if (!nm_setting_802_1x_set_ca_cert (setting, value, scheme, &format, &local))
-		return local;
-
-	return NULL;
-}
-
 static void
 client_cert_fixup_pkcs12 (NMACertChooser *cert_chooser, gpointer user_data)
 {
@@ -349,106 +320,21 @@ client_cert_fixup_pkcs12 (NMACertChooser *cert_chooser, gpointer user_data)
 		nma_cert_chooser_set_key (cert_chooser, cert_value, cert_scheme);
 }
 
-typedef const char * (*PathFunc) (NMSetting8021x *setting);
-typedef const char * (*UriFunc) (NMSetting8021x *setting);
-typedef NMSetting8021xCKScheme (*SchemeFunc)  (NMSetting8021x *setting);
-typedef const char * (*PasswordFunc) (NMSetting8021x *setting);
-
-static void
-setup_cert_chooser (NMACertChooser *cert_chooser,
-                    NMSetting8021x *s_8021x,
-                    SchemeFunc cert_scheme_func,
-                    PathFunc cert_path_func,
-                    UriFunc cert_uri_func,
-                    PasswordFunc cert_password_func,
-                    SchemeFunc key_scheme_func,
-                    PathFunc key_path_func,
-                    UriFunc key_uri_func,
-                    PasswordFunc key_password_func)
-{
-	NMSetting8021xCKScheme scheme = NM_SETTING_802_1X_CK_SCHEME_UNKNOWN;
-	const char *value = NULL;
-
-
-	if (s_8021x && cert_path_func && cert_uri_func && cert_scheme_func) {
-		scheme = cert_scheme_func (s_8021x);
-		switch (scheme) {
-		case NM_SETTING_802_1X_CK_SCHEME_PATH:
-			value = cert_path_func (s_8021x);
-			break;
-#if LIBNM_BUILD
-/* Not available in libnm-glib */
-		case NM_SETTING_802_1X_CK_SCHEME_PKCS11:
-			value = cert_uri_func (s_8021x);
-			if (cert_password_func)
-				nma_cert_chooser_set_cert_password (cert_chooser, cert_password_func (s_8021x));
-			break;
-#endif
-		case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN:
-			/* No CA set. */
-			break;
-		default:
-			g_warning ("unhandled certificate scheme %d", scheme);
-		}
-
-	}
-	nma_cert_chooser_set_cert (cert_chooser, value, scheme);
-
-	if (s_8021x && key_path_func && key_uri_func && key_scheme_func) {
-		scheme = key_scheme_func (s_8021x);
-		switch (scheme) {
-		case NM_SETTING_802_1X_CK_SCHEME_PATH:
-			value = key_path_func (s_8021x);
-			break;
-#if LIBNM_BUILD
-/* Not available in libnm-glib */
-		case NM_SETTING_802_1X_CK_SCHEME_PKCS11:
-			value = key_uri_func (s_8021x);
-			break;
-#endif
-		case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN:
-			/* No certificate set. */
-			break;
-		default:
-			g_warning ("unhandled key scheme %d", scheme);
-		}
-
-		nma_cert_chooser_set_key (cert_chooser, value, scheme);
-	}
-
-	if (s_8021x && key_password_func)
-		nma_cert_chooser_set_key_password (cert_chooser, key_password_func (s_8021x));
-}
-
-#if !LIBNM_BUILD
-/* Not available in libnm-glib */
-#define nm_setting_802_1x_get_ca_cert_password             NULL
-#define nm_setting_802_1x_get_ca_cert_uri                  NULL
-#define nm_setting_802_1x_get_client_cert_password         NULL
-#define nm_setting_802_1x_get_client_cert_uri              NULL
-#define nm_setting_802_1x_get_private_key_uri              NULL
-#define nm_setting_802_1x_get_phase2_ca_cert_password      NULL
-#define nm_setting_802_1x_get_phase2_ca_cert_uri           NULL
-#define nm_setting_802_1x_get_phase2_client_cert_password  NULL
-#define nm_setting_802_1x_get_phase2_client_cert_uri       NULL
-#define nm_setting_802_1x_get_phase2_private_key_uri       NULL
-#endif
-
 static void
 update_secrets (EAPMethod *parent, NMConnection *connection)
 {
 	EAPMethodTLS *method = (EAPMethodTLS *) parent;
 
-	setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser),
-	                    nm_connection_get_setting_802_1x (connection),
-	                    NULL,
-	                    NULL,
-	                    NULL,
-	                    parent->phase2 ? nm_setting_802_1x_get_phase2_client_cert_password : nm_setting_802_1x_get_client_cert_password,
-	                    parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme : nm_setting_802_1x_get_private_key_scheme,
-	                    parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_path : nm_setting_802_1x_get_private_key_path,
-	                    parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_uri : nm_setting_802_1x_get_private_key_uri,
-	                    parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_password : nm_setting_802_1x_get_private_key_password);
+	eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser),
+	                               nm_connection_get_setting_802_1x (connection),
+	                               NULL,
+	                               NULL,
+	                               NULL,
+	                               parent->phase2 ? nm_setting_802_1x_get_phase2_client_cert_password : nm_setting_802_1x_get_client_cert_password,
+	                               parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme : nm_setting_802_1x_get_private_key_scheme,
+	                               parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_path : nm_setting_802_1x_get_private_key_path,
+	                               parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_uri : nm_setting_802_1x_get_private_key_uri,
+	                               parent->phase2 ? nm_setting_802_1x_get_phase2_private_key_password : nm_setting_802_1x_get_private_key_password);
 }
 
 EAPMethodTLS *
@@ -539,15 +425,15 @@ eap_method_tls_new (WirelessSecurity *ws_parent,
 	                  G_CALLBACK (wireless_security_changed_cb),
 	                  ws_parent);
 
-	setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser), s_8021x,
-	                    phase2 ? nm_setting_802_1x_get_phase2_client_cert_scheme : nm_setting_802_1x_get_client_cert_scheme,
-	                    phase2 ? nm_setting_802_1x_get_phase2_client_cert_path : nm_setting_802_1x_get_client_cert_path,
-	                    phase2 ? nm_setting_802_1x_get_phase2_client_cert_uri : nm_setting_802_1x_get_client_cert_uri,
-	                    phase2 ? nm_setting_802_1x_get_phase2_client_cert_password : nm_setting_802_1x_get_client_cert_password,
-	                    phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme : nm_setting_802_1x_get_private_key_scheme,
-	                    phase2 ? nm_setting_802_1x_get_phase2_private_key_path : nm_setting_802_1x_get_private_key_path,
-	                    phase2 ? nm_setting_802_1x_get_phase2_private_key_uri : nm_setting_802_1x_get_private_key_uri,
-	                    phase2 ? nm_setting_802_1x_get_phase2_private_key_password : nm_setting_802_1x_get_private_key_password);
+	eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser), s_8021x,
+	                               phase2 ? nm_setting_802_1x_get_phase2_client_cert_scheme : nm_setting_802_1x_get_client_cert_scheme,
+	                               phase2 ? nm_setting_802_1x_get_phase2_client_cert_path : nm_setting_802_1x_get_client_cert_path,
+	                               phase2 ? nm_setting_802_1x_get_phase2_client_cert_uri : nm_setting_802_1x_get_client_cert_uri,
+	                               phase2 ? nm_setting_802_1x_get_phase2_client_cert_password : nm_setting_802_1x_get_client_cert_password,
+	                               phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme : nm_setting_802_1x_get_private_key_scheme,
+	                               phase2 ? nm_setting_802_1x_get_phase2_private_key_path : nm_setting_802_1x_get_private_key_path,
+	                               phase2 ? nm_setting_802_1x_get_phase2_private_key_uri : nm_setting_802_1x_get_private_key_uri,
+	                               phase2 ? nm_setting_802_1x_get_phase2_private_key_password : nm_setting_802_1x_get_private_key_password);
 
 	method->ca_cert_chooser = nma_cert_chooser_new ("CA",
 	                                                  NMA_CERT_CHOOSER_FLAG_CERT
@@ -557,22 +443,22 @@ eap_method_tls_new (WirelessSecurity *ws_parent,
 
 	g_signal_connect (method->ca_cert_chooser,
 	                  "cert-validate",
-	                  G_CALLBACK (ca_cert_validate_cb),
+	                  G_CALLBACK (eap_method_ca_cert_validate_cb),
 	                  NULL);
 	g_signal_connect (method->ca_cert_chooser,
 	                  "changed",
 	                  G_CALLBACK (wireless_security_changed_cb),
 	                  ws_parent);
 
-	setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x,
-	                    phase2 ? nm_setting_802_1x_get_phase2_ca_cert_scheme : nm_setting_802_1x_get_ca_cert_scheme,
-	                    phase2 ? nm_setting_802_1x_get_phase2_ca_cert_path : nm_setting_802_1x_get_ca_cert_path,
-	                    phase2 ? nm_setting_802_1x_get_phase2_ca_cert_uri : nm_setting_802_1x_get_ca_cert_uri,
-	                    phase2 ? nm_setting_802_1x_get_phase2_ca_cert_password : nm_setting_802_1x_get_ca_cert_password,
-	                    NULL,
-	                    NULL,
-	                    NULL,
-	                    NULL);
+	eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x,
+	                               phase2 ? nm_setting_802_1x_get_phase2_ca_cert_scheme : nm_setting_802_1x_get_ca_cert_scheme,
+	                               phase2 ? nm_setting_802_1x_get_phase2_ca_cert_path : nm_setting_802_1x_get_ca_cert_path,
+	                               phase2 ? nm_setting_802_1x_get_phase2_ca_cert_uri : nm_setting_802_1x_get_ca_cert_uri,
+	                               phase2 ? nm_setting_802_1x_get_phase2_ca_cert_password : nm_setting_802_1x_get_ca_cert_password,
+	                               NULL,
+	                               NULL,
+	                               NULL,
+	                               NULL);
 
 	if (connection && eap_method_ca_cert_ignore_get (parent, connection)) {
 		gchar *ca_cert;
diff --git a/src/wireless-security/eap-method.c b/src/wireless-security/eap-method.c
index a5088f8a..f11bd22e 100644
--- a/src/wireless-security/eap-method.c
+++ b/src/wireless-security/eap-method.c
@@ -604,3 +604,97 @@ eap_method_ca_cert_ignore_load (NMConnection *connection)
 	g_object_unref (settings);
 }
 
+GError *
+eap_method_ca_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data)
+{
+	NMSetting8021xCKScheme scheme;
+        NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+	gs_unref_object NMSetting8021x *setting = NULL;
+	gs_free char *value = NULL;
+	GError *local = NULL;
+
+	setting = (NMSetting8021x *) nm_setting_802_1x_new ();
+
+	value = nma_cert_chooser_get_cert (cert_chooser, &scheme);
+	if (!value) {
+		return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC,
+		                            _("no CA certificate selected"));
+	}
+	if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) {
+		if (!g_file_test (value, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) {
+			return g_error_new_literal (NMA_ERROR, NMA_ERROR_GENERIC,
+			                            _("selected CA certificate file does not exist"));
+		}
+	}
+
+	if (!nm_setting_802_1x_set_ca_cert (setting, value, scheme, &format, &local))
+		return local;
+
+	return NULL;
+}
+
+void
+eap_method_setup_cert_chooser (NMACertChooser *cert_chooser,
+                               NMSetting8021x *s_8021x,
+                               NMSetting8021xCKScheme (*cert_scheme_func) (NMSetting8021x *setting),
+                               const char *(*cert_path_func) (NMSetting8021x *setting),
+                               const char *(*cert_uri_func) (NMSetting8021x *setting),
+                               const char *(*cert_password_func) (NMSetting8021x *setting),
+                               NMSetting8021xCKScheme (*key_scheme_func) (NMSetting8021x *setting),
+                               const char *(*key_path_func) (NMSetting8021x *setting),
+                               const char *(*key_uri_func) (NMSetting8021x *setting),
+                               const char *(*key_password_func) (NMSetting8021x *setting))
+{
+	NMSetting8021xCKScheme scheme = NM_SETTING_802_1X_CK_SCHEME_UNKNOWN;
+	const char *value = NULL;
+
+
+	if (s_8021x && cert_path_func && cert_uri_func && cert_scheme_func) {
+		scheme = cert_scheme_func (s_8021x);
+		switch (scheme) {
+		case NM_SETTING_802_1X_CK_SCHEME_PATH:
+			value = cert_path_func (s_8021x);
+			break;
+#if LIBNM_BUILD
+/* Not available in libnm-glib */
+		case NM_SETTING_802_1X_CK_SCHEME_PKCS11:
+			value = cert_uri_func (s_8021x);
+			if (cert_password_func)
+				nma_cert_chooser_set_cert_password (cert_chooser, cert_password_func (s_8021x));
+			break;
+#endif
+		case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN:
+			/* No CA set. */
+			break;
+		default:
+			g_warning ("unhandled certificate scheme %d", scheme);
+		}
+
+	}
+	nma_cert_chooser_set_cert (cert_chooser, value, scheme);
+
+	if (s_8021x && key_path_func && key_uri_func && key_scheme_func) {
+		scheme = key_scheme_func (s_8021x);
+		switch (scheme) {
+		case NM_SETTING_802_1X_CK_SCHEME_PATH:
+			value = key_path_func (s_8021x);
+			break;
+#if LIBNM_BUILD
+/* Not available in libnm-glib */
+		case NM_SETTING_802_1X_CK_SCHEME_PKCS11:
+			value = key_uri_func (s_8021x);
+			break;
+#endif
+		case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN:
+			/* No certificate set. */
+			break;
+		default:
+			g_warning ("unhandled key scheme %d", scheme);
+		}
+
+		nma_cert_chooser_set_key (cert_chooser, value, scheme);
+	}
+
+	if (s_8021x && key_password_func)
+		nma_cert_chooser_set_key_password (cert_chooser, key_password_func (s_8021x));
+}
diff --git a/src/wireless-security/eap-method.h b/src/wireless-security/eap-method.h
index 333fa148..665d2d89 100644
--- a/src/wireless-security/eap-method.h
+++ b/src/wireless-security/eap-method.h
@@ -72,6 +72,7 @@ GType eap_method_get_type (void);
 
 /* Below for internal use only */
 
+#include "nma-cert-chooser.h"
 #include "eap-method-tls.h"
 #include "eap-method-leap.h"
 #include "eap-method-fast.h"
@@ -126,4 +127,31 @@ gboolean eap_method_ca_cert_ignore_get (EAPMethod *method, NMConnection *connect
 void eap_method_ca_cert_ignore_save (NMConnection *connection);
 void eap_method_ca_cert_ignore_load (NMConnection *connection);
 
+GError *eap_method_ca_cert_validate_cb (NMACertChooser *cert_chooser, gpointer user_data);
+
+#if !LIBNM_BUILD
+/* For mere convenience. These are not available in libnm-glib. */
+#define nm_setting_802_1x_get_ca_cert_password             NULL
+#define nm_setting_802_1x_get_ca_cert_uri                  NULL
+#define nm_setting_802_1x_get_client_cert_password         NULL
+#define nm_setting_802_1x_get_client_cert_uri              NULL
+#define nm_setting_802_1x_get_private_key_uri              NULL
+#define nm_setting_802_1x_get_phase2_ca_cert_password      NULL
+#define nm_setting_802_1x_get_phase2_ca_cert_uri           NULL
+#define nm_setting_802_1x_get_phase2_client_cert_password  NULL
+#define nm_setting_802_1x_get_phase2_client_cert_uri       NULL
+#define nm_setting_802_1x_get_phase2_private_key_uri       NULL
+#endif
+
+void eap_method_setup_cert_chooser (NMACertChooser *cert_chooser,
+                                    NMSetting8021x *s_8021x,
+                                    NMSetting8021xCKScheme (*cert_scheme_func) (NMSetting8021x *setting),
+                                    const char *(*cert_path_func) (NMSetting8021x *setting),
+                                    const char *(*cert_uri_func) (NMSetting8021x *setting),
+                                    const char *(*cert_password_func) (NMSetting8021x *setting),
+                                    NMSetting8021xCKScheme (*key_scheme_func) (NMSetting8021x *setting),
+                                    const char *(*key_path_func) (NMSetting8021x *setting),
+                                    const char *(*key_uri_func) (NMSetting8021x *setting),
+                                    const char *(*key_password_func) (NMSetting8021x *setting));
+
 #endif /* EAP_METHOD_H */