wireless-security/ttls: use the certificate chooser widget

Reduces code duplication.
author: Lubomir Rintel <lkundrak@v3.sk> 2017-06-09 18:39:23 +0200
committer: Lubomir Rintel <lkundrak@v3.sk> 2017-06-13 15:02:26 +0200
commit: 6c2af17fd6067223d642587e0f9794d2c20739a2 (patch)
tree: 1a22a0726ce85fa441955dece743a9a5f0190d4c /src/wireless-security
parent: 9f6e1b68d8bce3d1efa4bc9b3412f657119874a1 (diff)
download: network-manager-applet-6c2af17fd6067223d642587e0f9794d2c20739a2.tar.gz
2 files changed, 99 insertions, 82 deletions
diff --git a/src/wireless-security/eap-method-ttls.c b/src/wireless-security/eap-method-ttls.c
index 2598cb4f..17cfe350 100644
--- a/src/wireless-security/eap-method-ttls.c
+++ b/src/wireless-security/eap-method-ttls.c
@@ -17,7 +17,7 @@
  * with this program; if not, write to the Free Software Foundation, Inc.,
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  *
- * Copyright 2007 - 2014 Red Hat, Inc.
+ * Copyright 2007 - 2017 Red Hat, Inc.
  */
 
 #include "nm-default.h"
@@ -27,6 +27,7 @@
 
 #include "eap-method.h"
 #include "wireless-security.h"
+#include "nma-cert-chooser.h"
 #include "utils.h"
 
 #define I_NAME_COLUMN   0
@@ -39,6 +40,8 @@ struct _EAPMethodTTLS {
 	GtkSizeGroup *size_group;
 	WirelessSecurity *sec_parent;
 	gboolean is_editor;
+
+        GtkWidget *ca_cert_chooser;
 };
 
 static void
@@ -53,22 +56,16 @@ destroy (EAPMethod *parent)
 static gboolean
 validate (EAPMethod *parent, GError **error)
 {
+	EAPMethodTTLS *method = (EAPMethodTTLS *) parent;
 	GtkWidget *widget;
 	GtkTreeModel *model;
 	GtkTreeIter iter;
 	EAPMethod *eap = NULL;
 	gboolean valid = FALSE;
-	GError *local = NULL;
 
-	if (!eap_method_validate_filepicker (parent->builder, "eap_ttls_ca_cert_button", TYPE_CA_CERT, NULL, NULL, &local)) {
-		g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid EAP-TTLS CA certificate: %s"), local->message);
-		g_clear_error (&local);
-		return FALSE;
-	}
-	if (eap_method_ca_cert_required (parent->builder, "eap_ttls_ca_cert_not_required_checkbox", "eap_ttls_ca_cert_button")) {
-		g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid EAP-TTLS CA certificate: no certificate specified"));
+	if (   gtk_widget_get_sensitive (method->ca_cert_chooser)
+	    && !nma_cert_chooser_validate (NMA_CERT_CHOOSER (method->ca_cert_chooser), error))
 		return FALSE;
-	}
 
 	widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
 	g_assert (widget);
@@ -85,9 +82,10 @@ validate (EAPMethod *parent, GError **error)
 static void
 ca_cert_not_required_toggled (GtkWidget *ignored, gpointer user_data)
 {
-	EAPMethod *parent = user_data;
+	EAPMethodTTLS *method = (EAPMethodTTLS *) user_data;
 
-	eap_method_ca_cert_not_required_toggled (parent->builder, "eap_ttls_ca_cert_not_required_checkbox", "eap_ttls_ca_cert_button");
+	gtk_widget_set_sensitive (method->ca_cert_chooser,
+	                          !gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (ignored)));
 }
 
 static void
@@ -111,9 +109,7 @@ add_to_size_group (EAPMethod *parent, GtkSizeGroup *group)
 	g_assert (widget);
 	gtk_size_group_add_widget (group, widget);
 
-	widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_label"));
-	g_assert (widget);
-	gtk_size_group_add_widget (group, widget);
+	nma_cert_chooser_add_to_size_group (NMA_CERT_CHOOSER (method->ca_cert_chooser), group);
 
 	widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_label"));
 	g_assert (widget);
@@ -133,15 +129,20 @@ add_to_size_group (EAPMethod *parent, GtkSizeGroup *group)
 static void
 fill_connection (EAPMethod *parent, NMConnection *connection)
 {
+	EAPMethodTTLS *method = (EAPMethodTTLS *) parent;
 	NMSetting8021x *s_8021x;
 	NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+#if LIBNM_BUILD
+	NMSettingSecretFlags secret_flags;
+#endif
 	GtkWidget *widget;
 	const char *text;
-	char *filename;
+	char *value = NULL;
 	EAPMethod *eap = NULL;
 	GtkTreeModel *model;
 	GtkTreeIter iter;
 	GError *error = NULL;
+	NMSetting8021xCKScheme scheme;
 	gboolean ca_cert_error = FALSE;
 
 	s_8021x = nm_connection_get_setting_802_1x (connection);
@@ -155,16 +156,31 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
 	if (text && strlen (text))
 		g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, text, NULL);
 
-	widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button"));
-	g_assert (widget);
-	filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
-	if (!nm_setting_802_1x_set_ca_cert (s_8021x, filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
-		g_warning ("Couldn't read CA certificate '%s': %s", filename, error ? error->message : "(unknown)");
+#if LIBNM_BUILD
+/* libnm-glib doesn't support this. */
+	/* Save CA certificate PIN password flags to the connection */
+	secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->ca_cert_chooser));
+	nm_setting_set_secret_flags (NM_SETTING (s_8021x), NM_SETTING_802_1X_CA_CERT_PASSWORD,
+	                             secret_flags, NULL);
+	if (method->is_editor) {
+		/* Update secret flags and popup when editing the connection */
+		nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser),
+		                                               secret_flags, NM_SETTING (s_8021x),
+		                                               NM_SETTING_802_1X_CA_CERT_PASSWORD);
+	}
+#endif
+
+	/* TLS CA certificate */
+	if (gtk_widget_get_sensitive (method->ca_cert_chooser))
+		value = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme);
+	format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+	if (!nm_setting_802_1x_set_ca_cert (s_8021x, value, scheme, &format, &error)) {
+		g_warning ("Couldn't read CA certificate '%s': %s", value, error ? error->message : "(unknown)");
 		g_clear_error (&error);
 		ca_cert_error = TRUE;
 	}
-	eap_method_ca_cert_ignore_set (parent, connection, filename, ca_cert_error);
-	g_free (filename);
+	eap_method_ca_cert_ignore_set (parent, connection, value, ca_cert_error);
+	g_free (value);
 
 	widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
 	model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
@@ -388,10 +404,9 @@ eap_method_ttls_new (WirelessSecurity *ws_parent,
 {
 	EAPMethod *parent;
 	EAPMethodTTLS *method;
-	GtkWidget *widget, *widget_ca_not_required_checkbox;
-	GtkFileFilter *filter;
+	GtkWidget *widget;
 	NMSetting8021x *s_8021x = NULL;
-	const char *filename;
+	gboolean ca_not_required = FALSE;
 
 	parent = eap_method_init (sizeof (EAPMethodTTLS),
 	                          validate,
@@ -414,6 +429,46 @@ eap_method_ttls_new (WirelessSecurity *ws_parent,
 	if (connection)
 		s_8021x = nm_connection_get_setting_802_1x (connection);
 
+
+        widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_grid"));
+        g_assert (widget);
+
+	method->ca_cert_chooser = nma_cert_chooser_new ("CA",
+	                                                  NMA_CERT_CHOOSER_FLAG_CERT
+	                                                | (secrets_only ? NMA_CERT_CHOOSER_FLAG_PASSWORDS : 0));
+	gtk_grid_attach (GTK_GRID (widget), method->ca_cert_chooser, 0, 1, 2, 1);
+	gtk_widget_show (method->ca_cert_chooser);
+
+	g_signal_connect (method->ca_cert_chooser,
+	                  "cert-validate",
+	                  G_CALLBACK (eap_method_ca_cert_validate_cb),
+	                  NULL);
+	g_signal_connect (method->ca_cert_chooser,
+	                  "changed",
+	                  G_CALLBACK (wireless_security_changed_cb),
+	                  ws_parent);
+
+	eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x,
+	                               nm_setting_802_1x_get_ca_cert_scheme,
+	                               nm_setting_802_1x_get_ca_cert_path,
+	                               nm_setting_802_1x_get_ca_cert_uri,
+	                               nm_setting_802_1x_get_ca_cert_password,
+	                               NULL,
+	                               NULL,
+	                               NULL,
+	                               NULL);
+
+	if (connection && eap_method_ca_cert_ignore_get (parent, connection)) {
+		gchar *ca_cert;
+		NMSetting8021xCKScheme scheme;
+
+		ca_cert = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme);
+		if (ca_cert)
+			g_free (ca_cert);
+		else
+			ca_not_required = TRUE;
+	}
+
 	widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_not_required_checkbox"));
 	g_assert (widget);
 	g_signal_connect (G_OBJECT (widget), "toggled",
@@ -422,28 +477,7 @@ eap_method_ttls_new (WirelessSecurity *ws_parent,
 	g_signal_connect (G_OBJECT (widget), "toggled",
 	                  (GCallback) wireless_security_changed_cb,
 	                  ws_parent);
-	widget_ca_not_required_checkbox = widget;
-
-	widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button"));
-	g_assert (widget);
-	gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE);
-	gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget),
-	                                   _("Choose a Certificate Authority certificate"));
-	g_signal_connect (G_OBJECT (widget), "selection-changed",
-	                  (GCallback) wireless_security_changed_cb,
-	                  ws_parent);
-	filter = eap_method_default_file_chooser_filter_new (FALSE);
-	gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);
-	if (connection && s_8021x) {
-		filename = NULL;
-		if (nm_setting_802_1x_get_ca_cert_scheme (s_8021x) == NM_SETTING_802_1X_CK_SCHEME_PATH) {
-			filename = nm_setting_802_1x_get_ca_cert_path (s_8021x);
-			if (filename)
-				gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), filename);
-		}
-		gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget_ca_not_required_checkbox),
-		                              !filename && eap_method_ca_cert_ignore_get (parent, connection));
-	}
+        gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), ca_not_required);
 
 	widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry"));
 	if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x))
@@ -460,10 +494,6 @@ eap_method_ttls_new (WirelessSecurity *ws_parent,
 		gtk_widget_hide (widget);
 		widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry"));
 		gtk_widget_hide (widget);
-		widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_label"));
-		gtk_widget_hide (widget);
-		widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button"));
-		gtk_widget_hide (widget);
 		widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_not_required_checkbox"));
 		gtk_widget_hide (widget);
 		widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_label"));
@@ -472,6 +502,12 @@ eap_method_ttls_new (WirelessSecurity *ws_parent,
 		gtk_widget_hide (widget);
 	}
 
+#if LIBNM_BUILD
+	nma_cert_chooser_setup_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser),
+	                                              0, (NMSetting *) s_8021x, NM_SETTING_802_1X_CA_CERT_PASSWORD,
+	                                              FALSE, secrets_only);
+#endif
+
 	return method;
 }
 
diff --git a/src/wireless-security/eap-method-ttls.ui b/src/wireless-security/eap-method-ttls.ui
index b8566908..2b156517 100644
--- a/src/wireless-security/eap-method-ttls.ui
+++ b/src/wireless-security/eap-method-ttls.ui
@@ -51,28 +51,18 @@
           </packing>
         </child>
         <child>
-          <object class="GtkLabel" id="eap_ttls_ca_cert_label">
+          <object class="GtkVBox" id="eap_ttls_inner_auth_vbox">
             <property name="visible">True</property>
             <property name="can_focus">False</property>
-            <property name="label" translatable="yes">C_A certificate:</property>
-            <property name="use_underline">True</property>
-            <property name="mnemonic_widget">eap_ttls_ca_cert_button</property>
-            <property name="xalign">0</property>
+            <property name="spacing">6</property>
+            <child>
+              <placeholder/>
+            </child>
           </object>
           <packing>
             <property name="left_attach">0</property>
-            <property name="top_attach">1</property>
-          </packing>
-        </child>
-        <child>
-          <object class="GtkFileChooserButton" id="eap_ttls_ca_cert_button">
-            <property name="visible">True</property>
-            <property name="can_focus">False</property>
-            <property name="hexpand">True</property>
-          </object>
-          <packing>
-            <property name="left_attach">1</property>
-            <property name="top_attach">1</property>
+            <property name="top_attach">4</property>
+            <property name="width">2</property>
           </packing>
         </child>
         <child>
@@ -124,19 +114,10 @@
           </packing>
         </child>
         <child>
-          <object class="GtkVBox" id="eap_ttls_inner_auth_vbox">
-            <property name="visible">True</property>
-            <property name="can_focus">False</property>
-            <property name="spacing">6</property>
-            <child>
-              <placeholder/>
-            </child>
-          </object>
-          <packing>
-            <property name="left_attach">0</property>
-            <property name="top_attach">4</property>
-            <property name="width">2</property>
-          </packing>
+          <placeholder/>
+        </child>
+        <child>
+          <placeholder/>
         </child>
         <child>
           <placeholder/>
author	Lubomir Rintel <lkundrak@v3.sk>	2017-06-09 18:39:23 +0200
committer	Lubomir Rintel <lkundrak@v3.sk>	2017-06-13 15:02:26 +0200
commit	6c2af17fd6067223d642587e0f9794d2c20739a2 (patch)
tree	1a22a0726ce85fa441955dece743a9a5f0190d4c /src/wireless-security
parent	9f6e1b68d8bce3d1efa4bc9b3412f657119874a1 (diff)
download	network-manager-applet-6c2af17fd6067223d642587e0f9794d2c20739a2.tar.gz