[network-manager-openvpn/jk/key-password-require-bgo756638] properties: do not require password for always-ask, not-required (bgo #756638)

[Jiří Klimeš <jklimes src gnome org>]

commit e3de6bc5b3f756584d0cda4711f04edb24df1fbf
Author: Jiří Klimeš <jklimes redhat com>
Date:   Fri Oct 16 14:42:11 2015 +0200

    properties: do not require password for always-ask, not-required (bgo #756638)
    
    If password is marked as always-ask or not-required, do not insist on having a
    password.
    Actually we might detect password requirement incorrectly, because we regard
    all PKCS#12 private keys as encrypted. Thus we require a password even if
    the private key is not really encrypted. This commit allows user to override
    the bad detection.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=756638

 properties/auth-helpers.c |   22 ++++++++++++++--------
 1 files changed, 14 insertions(+), 8 deletions(-)
---
diff --git a/properties/auth-helpers.c b/properties/auth-helpers.c
index 209cc03..40049e1 100644
--- a/properties/auth-helpers.c
+++ b/properties/auth-helpers.c
@@ -434,7 +434,8 @@ validate_tls (GtkBuilder *builder, const char *prefix, GError **error)
        char *tmp;
        gboolean valid, encrypted = FALSE;
        GtkWidget *widget;
-       char *str;
+       NMSettingSecretFlags pw_flags;
+       gboolean secrets_required = TRUE;
 
        tmp = g_strdup_printf ("%s_ca_cert_chooser", prefix);
        valid = validate_file_chooser (builder, tmp);
@@ -471,14 +472,19 @@ validate_tls (GtkBuilder *builder, const char *prefix, GError **error)
        }
 
        /* Encrypted certificates require a password */
-       str = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
-       encrypted = is_encrypted (str);
-       g_free (str);
-       if (encrypted) {
-               tmp = g_strdup_printf ("%s_private_key_password_entry", prefix);
-               widget = GTK_WIDGET (gtk_builder_get_object (builder, tmp));
-               g_free (tmp);
+       tmp = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
+       encrypted = is_encrypted (tmp);
+       g_free (tmp);
+
+       tmp = g_strdup_printf ("%s_private_key_password_entry", prefix);
+       widget = GTK_WIDGET (gtk_builder_get_object (builder, tmp));
+       g_free (tmp);
+       pw_flags = nma_utils_menu_to_secret_flags (widget);
+       if (   pw_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED
+           || pw_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED)
+               secrets_required = FALSE;
 
+       if (encrypted && secrets_required) {
                if (!gtk_entry_get_text_length (GTK_ENTRY (widget))) {
                        g_set_error (error,
                                     OPENVPN_PLUGIN_UI_ERROR,