[network-manager-applet/lr/pkcs11: 9/9] eap-tls
- From: Lubomir Rintel <lkundrak src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-applet/lr/pkcs11: 9/9] eap-tls
- Date: Wed, 22 Feb 2017 17:53:47 +0000 (UTC)
commit 8e45c36e49acd83387b175ab35b6c692a1184c74
Author: Lubomir Rintel <lkundrak v3 sk>
Date: Wed Feb 22 18:50:40 2017 +0100
eap-tls
src/wireless-security/eap-method-tls.c | 497 +++++++++++++++++--------------
src/wireless-security/eap-method-tls.ui | 112 +------
2 files changed, 283 insertions(+), 326 deletions(-)
---
diff --git a/src/wireless-security/eap-method-tls.c b/src/wireless-security/eap-method-tls.c
index 8d17fa4..1e178fe 100644
--- a/src/wireless-security/eap-method-tls.c
+++ b/src/wireless-security/eap-method-tls.c
@@ -29,15 +29,21 @@
#include "wireless-security.h"
#include "helpers.h"
#include "nma-ui-utils.h"
+#include "nma-cert-chooser.h"
#include "utils.h"
struct _EAPMethodTLS {
EAPMethod parent;
gboolean editing_connection;
+ GtkWidget *ca_cert_chooser;
+ GtkWidget *client_cert_chooser;
+ GError *ca_cert_error; // XXX: dispose
+ GError *client_cert_error; // XXX: dispose
};
+#if 0
static void
show_toggled_cb (GtkCheckButton *button, EAPMethod *method)
{
@@ -50,15 +56,14 @@ show_toggled_cb (GtkCheckButton *button, EAPMethod *method)
visible = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button));
gtk_entry_set_visibility (GTK_ENTRY (widget), visible);
}
+#endif
static gboolean
validate (EAPMethod *parent, GError **error)
{
- NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ EAPMethodTLS *method = (EAPMethodTLS *) parent;
GtkWidget *widget;
- const char *password, *identity;
- GError *local = NULL;
- gboolean ret = TRUE;
+ const char *identity;
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_identity_entry"));
g_assert (widget);
@@ -66,78 +71,42 @@ validate (EAPMethod *parent, GError **error)
if (!identity || !strlen (identity)) {
widget_set_error (widget);
g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("missing EAP-TLS identity"));
- ret = FALSE;
+ return FALSE;
} else {
widget_unset_error (widget);
}
- if (!eap_method_validate_filepicker (parent->builder, "eap_tls_ca_cert_button", TYPE_CA_CERT, NULL,
NULL, &local)) {
- widget_set_error (GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_tls_ca_cert_button")));
- if (ret) {
- g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid EAP-TLS CA certificate:
%s"), local->message);
- ret = FALSE;
- }
- g_clear_error (&local);
- } else if (eap_method_ca_cert_required (parent->builder, "eap_tls_ca_cert_not_required_checkbox",
"eap_tls_ca_cert_button")) {
- widget_set_error (GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_tls_ca_cert_button")));
- if (ret) {
- g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid EAP-TLS CA
certificate: no certificate specified"));
- ret = FALSE;
- }
+ if (method->ca_cert_error && gtk_widget_get_sensitive (GTK_WIDGET (method->ca_cert_chooser))) {
+ if (error)
+ *error = g_error_copy (method->ca_cert_error);
+ return FALSE;
}
- widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_private_key_password_entry"));
- g_assert (widget);
- password = gtk_entry_get_text (GTK_ENTRY (widget));
- if (!password || !strlen (password)) {
- widget_set_error (widget);
- if (ret) {
- g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid EAP-TLS
password: missing"));
- ret = FALSE;
- }
- } else {
- widget_unset_error (widget);
- }
-
- if (!eap_method_validate_filepicker (parent->builder,
- "eap_tls_private_key_button",
- TYPE_PRIVATE_KEY,
- password,
- &format,
- &local)) {
- if (ret) {
- g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid EAP-TLS private-key:
%s"), local->message);
- ret = FALSE;
- }
- g_clear_error (&local);
- widget_set_error (GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_tls_private_key_button")));
+ if (method->client_cert_error) {
+ if (error)
+ *error = g_error_copy (method->client_cert_error);
+ return FALSE;
}
- if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) {
- if (!eap_method_validate_filepicker (parent->builder, "eap_tls_user_cert_button",
TYPE_CLIENT_CERT, NULL, NULL, &local)) {
- if (ret) {
- g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid EAP-TLS
user-certificate: %s"), local->message);
- ret = FALSE;
- }
- g_clear_error (&local);
- widget_set_error (GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_tls_user_cert_button")));
- }
- }
-
- return ret;
+ return TRUE;
}
static void
ca_cert_not_required_toggled (GtkWidget *ignored, gpointer user_data)
{
- EAPMethod *parent = user_data;
+ EAPMethodTLS *method = (EAPMethodTLS *) user_data;
+ gtk_widget_set_sensitive (method->ca_cert_chooser,
+ !gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (ignored)));
+#if 0
eap_method_ca_cert_not_required_toggled (parent->builder, "eap_tls_ca_cert_not_required_checkbox",
"eap_tls_ca_cert_button");
+#endif
}
static void
add_to_size_group (EAPMethod *parent, GtkSizeGroup *group)
{
+ EAPMethodTLS *method = (EAPMethodTLS *) parent;
GtkWidget *widget;
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_tls_ca_cert_not_required_checkbox"));
@@ -148,21 +117,8 @@ add_to_size_group (EAPMethod *parent, GtkSizeGroup *group)
g_assert (widget);
gtk_size_group_add_widget (group, widget);
- widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_user_cert_label"));
- g_assert (widget);
- gtk_size_group_add_widget (group, widget);
-
- widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_ca_cert_label"));
- g_assert (widget);
- gtk_size_group_add_widget (group, widget);
-
- widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_private_key_label"));
- g_assert (widget);
- gtk_size_group_add_widget (group, widget);
-
- widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_private_key_password_label"));
- g_assert (widget);
- gtk_size_group_add_widget (group, widget);
+ nma_cert_chooser_add_to_size_group (NMA_CERT_CHOOSER (method->client_cert_chooser), group);
+ nma_cert_chooser_add_to_size_group (NMA_CERT_CHOOSER (method->ca_cert_chooser), group);
}
static void
@@ -173,10 +129,11 @@ fill_connection (EAPMethod *parent, NMConnection *connection, NMSettingSecretFla
NMSetting8021x *s_8021x;
NMSettingSecretFlags secret_flags;
GtkWidget *widget, *passwd_entry;
- char *ca_filename, *pk_filename, *cc_filename;
+ char *value;
const char *password = NULL;
GError *error = NULL;
gboolean ca_cert_error = FALSE;
+ NMSetting8021xCKScheme scheme;
s_8021x = nm_connection_get_setting_802_1x (connection);
g_assert (s_8021x);
@@ -191,30 +148,22 @@ fill_connection (EAPMethod *parent, NMConnection *connection, NMSettingSecretFla
g_object_set (s_8021x, NM_SETTING_802_1X_IDENTITY, gtk_entry_get_text (GTK_ENTRY (widget)), NULL);
/* TLS private key */
- widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_private_key_password_entry"));
- g_assert (widget);
- password = gtk_entry_get_text (GTK_ENTRY (widget));
- g_assert (password);
- passwd_entry = widget;
-
- widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_private_key_button"));
- g_assert (widget);
- pk_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
- g_assert (pk_filename);
+ password = g_strdup (nma_cert_chooser_get_key_password (NMA_CERT_CHOOSER
(method->client_cert_chooser)));
+ value = nma_cert_chooser_get_key (NMA_CERT_CHOOSER (method->client_cert_chooser), &scheme);
if (parent->phase2) {
- if (!nm_setting_802_1x_set_phase2_private_key (s_8021x, pk_filename, password,
NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
- g_warning ("Couldn't read phase2 private key '%s': %s", pk_filename, error ?
error->message : "(unknown)");
+ if (!nm_setting_802_1x_set_phase2_private_key (s_8021x, value, password, scheme, &format,
&error)) {
+ g_warning ("Couldn't read phase2 private key '%s': %s", value, error ? error->message
: "(unknown)");
g_clear_error (&error);
}
} else {
- if (!nm_setting_802_1x_set_private_key (s_8021x, pk_filename, password,
NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
- g_warning ("Couldn't read private key '%s': %s", pk_filename, error ? error->message
: "(unknown)");
+ if (!nm_setting_802_1x_set_private_key (s_8021x, value, password, scheme, &format, &error)) {
+ g_warning ("Couldn't read private key '%s': %s", value, error ? error->message :
"(unknown)");
g_clear_error (&error);
}
}
- g_free (pk_filename);
+#if 0
/* Save 802.1X password flags to the connection */
secret_flags = nma_utils_menu_to_secret_flags (passwd_entry);
nm_setting_set_secret_flags (NM_SETTING (s_8021x), parent->password_flags_name,
@@ -225,186 +174,243 @@ fill_connection (EAPMethod *parent, NMConnection *connection, NMSettingSecretFla
nma_utils_update_password_storage (passwd_entry, secret_flags,
NM_SETTING (s_8021x), parent->password_flags_name);
}
+#endif
/* TLS client certificate */
if (format != NM_SETTING_802_1X_CK_FORMAT_PKCS12) {
/* If the key is pkcs#12 nm_setting_802_1x_set_private_key() already
* set the client certificate for us.
*/
- widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_user_cert_button"));
- g_assert (widget);
- cc_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
- g_assert (cc_filename);
-
+ value = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->client_cert_chooser), &scheme);
format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
if (parent->phase2) {
- if (!nm_setting_802_1x_set_phase2_client_cert (s_8021x, cc_filename,
NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
- g_warning ("Couldn't read phase2 client certificate '%s': %s", cc_filename,
error ? error->message : "(unknown)");
+ if (!nm_setting_802_1x_set_phase2_client_cert (s_8021x, value, scheme, &format,
&error)) {
+ g_warning ("Couldn't read phase2 client certificate '%s': %s", value, error ?
error->message : "(unknown)");
g_clear_error (&error);
}
} else {
- if (!nm_setting_802_1x_set_client_cert (s_8021x, cc_filename,
NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
- g_warning ("Couldn't read client certificate '%s': %s", cc_filename, error ?
error->message : "(unknown)");
+ if (!nm_setting_802_1x_set_client_cert (s_8021x, value, scheme, &format, &error)) {
+ g_warning ("Couldn't read client certificate '%s': %s", value, error ?
error->message : "(unknown)");
g_clear_error (&error);
}
}
- g_free (cc_filename);
+ g_free (value);
}
/* TLS CA certificate */
- widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_ca_cert_button"));
- g_assert (widget);
- ca_filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
-
+ value = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme);
format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
if (parent->phase2) {
- if (!nm_setting_802_1x_set_phase2_ca_cert (s_8021x, ca_filename,
NM_SETTING_802_1X_CK_SCHEME_PATH, &format, &error)) {
- g_warning ("Couldn't read phase2 CA certificate '%s': %s", ca_filename, error ?
error->message : "(unknown)");
+ if (!nm_setting_802_1x_set_phase2_ca_cert (s_8021x, value, scheme, &format, &error)) {
+ g_warning ("Couldn't read phase2 CA certificate '%s': %s", value, error ?
error->message : "(unknown)");
g_clear_error (&error);
ca_cert_error = TRUE;
}
} else {
- if (!nm_setting_802_1x_set_ca_cert (s_8021x, ca_filename, NM_SETTING_802_1X_CK_SCHEME_PATH,
&format, &error)) {
- g_warning ("Couldn't read CA certificate '%s': %s", ca_filename, error ?
error->message : "(unknown)");
+ if (!nm_setting_802_1x_set_ca_cert (s_8021x, value, scheme, &format, &error)) {
+ g_warning ("Couldn't read CA certificate '%s': %s", value, error ? error->message :
"(unknown)");
g_clear_error (&error);
ca_cert_error = TRUE;
}
}
- eap_method_ca_cert_ignore_set (parent, connection, ca_filename, ca_cert_error);
- g_free (ca_filename);
+ eap_method_ca_cert_ignore_set (parent, connection, value, ca_cert_error);
+ g_free (value);
}
-static void
-private_key_picker_helper (EAPMethod *parent, const char *filename, gboolean changed)
+static gboolean
+client_cert_changed_cb (NMACertChooser *cert_chooser, gpointer user_data)
{
- NMSetting8021x *setting;
- NMSetting8021xCKFormat cert_format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
- const char *password;
- GtkWidget *widget;
-
- widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_private_key_password_entry"));
- g_assert (widget);
- password = gtk_entry_get_text (GTK_ENTRY (widget));
+ EAPMethod *parent = user_data;
+ EAPMethodTLS *method = (EAPMethodTLS *) parent;
+ NMSetting8021xCKScheme scheme;
+ NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ gs_unref_object NMSetting8021x *setting = NULL;
+ gs_free char *value = NULL;
+ g_clear_error (&method->client_cert_error);
setting = (NMSetting8021x *) nm_setting_802_1x_new ();
- nm_setting_802_1x_set_private_key (setting, filename, password, NM_SETTING_802_1X_CK_SCHEME_PATH,
&cert_format, NULL);
- g_object_unref (setting);
- /* With PKCS#12, the client cert must be the same as the private key */
- widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_user_cert_button"));
- if (cert_format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) {
- gtk_file_chooser_unselect_all (GTK_FILE_CHOOSER (widget));
- gtk_widget_set_sensitive (widget, FALSE);
- } else if (changed)
- gtk_widget_set_sensitive (widget, TRUE);
-
- /* Warn the user if the private key is unencrypted */
- if (!eap_method_is_encrypted_private_key (filename)) {
- GtkWidget *dialog;
- GtkWidget *toplevel;
- GtkWindow *parent_window = NULL;
-
- toplevel = gtk_widget_get_toplevel (parent->ui_widget);
- if (gtk_widget_is_toplevel (toplevel))
- parent_window = GTK_WINDOW (toplevel);
-
- dialog = gtk_message_dialog_new (parent_window,
- GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT,
- GTK_MESSAGE_WARNING,
- GTK_BUTTONS_OK,
- "%s",
- _("Unencrypted private keys are insecure"));
- gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG (dialog),
- "%s",
- _("The selected private key does not appear to be
protected by a password. This could allow your security credentials to be compromised. Please select a
password-protected private key.\n\n(You can password-protect your private key with openssl)"));
- gtk_dialog_run (GTK_DIALOG (dialog));
- gtk_widget_destroy (dialog);
+ value = nma_cert_chooser_get_cert (cert_chooser, &scheme);
+ if (!value) {
+ g_set_error_literal (&method->client_cert_error, NMA_ERROR, NMA_ERROR_GENERIC,
+ _("no user certificate selected"));
+ return TRUE;
}
+ if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) {
+ if (!g_file_test (value, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) {
+ g_set_error_literal (&method->client_cert_error, NMA_ERROR, NMA_ERROR_GENERIC,
+ _("selected user certificate file does not exist"));
+ return TRUE;
+ }
+ }
+
+ if (!nm_setting_802_1x_set_client_cert (setting, value, scheme, &format, &method->client_cert_error))
+ return TRUE;
+
+ if (format == NM_SETTING_802_1X_CK_FORMAT_PKCS12)
+ nma_cert_chooser_set_key (cert_chooser, value, scheme);
+
+ return FALSE;
}
-static void
-private_key_picker_file_set_cb (GtkWidget *chooser, gpointer user_data)
+static gboolean
+client_key_changed_cb (NMACertChooser *cert_chooser, gpointer user_data)
+{
+ EAPMethod *parent = user_data;
+ EAPMethodTLS *method = (EAPMethodTLS *) parent;
+ NMSetting8021xCKScheme scheme;
+ gs_free char *value = NULL;
+
+ g_clear_error (&method->client_cert_error);
+
+ value = nma_cert_chooser_get_key (cert_chooser, &scheme);
+ if (!value) {
+ g_set_error_literal (&method->client_cert_error, NMA_ERROR, NMA_ERROR_GENERIC,
+ _("no key selected"));
+ return TRUE;
+ }
+ if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) {
+ if (!g_file_test (value, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) {
+ g_set_error_literal (&method->client_cert_error, NMA_ERROR, NMA_ERROR_GENERIC,
+ _("selected key file does not exist"));
+ return TRUE;
+ }
+ }
+
+ return FALSE;
+}
+
+static gboolean
+client_key_password_changed_cb (NMACertChooser *cert_chooser, gpointer user_data)
{
- EAPMethod *parent = (EAPMethod *) user_data;
- char *filename;
+ EAPMethod *parent = user_data;
+ EAPMethodTLS *method = (EAPMethodTLS *) parent;
+ NMSetting8021xCKScheme scheme;
+ gs_unref_object NMSetting8021x *setting = NULL;
+ gs_free char *value = NULL;
+ const char *password = NULL;
+
+ g_clear_error (&method->client_cert_error);
+ setting = (NMSetting8021x *) nm_setting_802_1x_new ();
+
+ value = nma_cert_chooser_get_key (cert_chooser, &scheme);
+ password = nma_cert_chooser_get_key_password (cert_chooser);
+ if (!nm_setting_802_1x_set_private_key (setting, value, password, scheme, NULL,
&method->client_cert_error))
+ return TRUE;
- filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (chooser));
- if (filename)
- private_key_picker_helper (parent, filename, TRUE);
- g_free (filename);
+ return FALSE;
}
-static void reset_filter (GtkWidget *widget, GParamSpec *spec, gpointer user_data)
+static gboolean
+ca_cert_changed_cb (NMACertChooser *cert_chooser, gpointer user_data)
{
- if (!gtk_file_chooser_get_filter (GTK_FILE_CHOOSER (widget))) {
- g_signal_handlers_block_by_func (widget, reset_filter, user_data);
- gtk_file_chooser_set_filter (GTK_FILE_CHOOSER (widget), GTK_FILE_FILTER (user_data));
- g_signal_handlers_unblock_by_func (widget, reset_filter, user_data);
+ EAPMethod *parent = user_data;
+ EAPMethodTLS *method = (EAPMethodTLS *) parent;
+ NMSetting8021xCKScheme scheme;
+ NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ gs_unref_object NMSetting8021x *setting = NULL;
+ gs_free char *value = NULL;
+
+ g_clear_error (&method->ca_cert_error);
+ setting = (NMSetting8021x *) nm_setting_802_1x_new ();
+
+ value = nma_cert_chooser_get_cert (cert_chooser, &scheme);
+ if (!value) {
+ g_set_error_literal (&method->ca_cert_error, NMA_ERROR, NMA_ERROR_GENERIC,
+ _("no CA certificate selected"));
+ return TRUE;
}
+ if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) {
+ if (!g_file_test (value, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) {
+ g_set_error_literal (&method->ca_cert_error, NMA_ERROR, NMA_ERROR_GENERIC,
+ _("selected CA certificate file does not exist"));
+ return TRUE;
+ }
+ }
+
+ if (!nm_setting_802_1x_set_ca_cert (setting, value, scheme, &format, &method->ca_cert_error))
+ return TRUE;
+
+ return FALSE;
}
typedef const char * (*PathFunc) (NMSetting8021x *setting);
+typedef const char * (*UriFunc) (NMSetting8021x *setting);
typedef NMSetting8021xCKScheme (*SchemeFunc) (NMSetting8021x *setting);
+typedef const char * (*PasswordFunc) (NMSetting8021x *setting);
static void
-setup_filepicker (GtkBuilder *builder,
- const char *name,
- const char *title,
- WirelessSecurity *ws_parent,
- EAPMethod *parent,
- NMSetting8021x *s_8021x,
- SchemeFunc scheme_func,
- PathFunc path_func,
- gboolean privkey,
- gboolean client_cert)
+setup_cert_chooser (NMACertChooser *cert_chooser,
+ WirelessSecurity *ws_parent,
+ EAPMethod *parent,
+ NMSetting8021x *s_8021x,
+ SchemeFunc cert_scheme_func,
+ PathFunc cert_path_func,
+ UriFunc cert_uri_func,
+ PasswordFunc cert_password_func,
+ SchemeFunc key_scheme_func,
+ PathFunc key_path_func,
+ UriFunc key_uri_func,
+ PasswordFunc key_password_func)
{
- GtkWidget *widget;
- GtkFileFilter *filter;
- const char *filename = NULL;
-
- widget = GTK_WIDGET (gtk_builder_get_object (builder, name));
- g_assert (widget);
- gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE);
- gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget), title);
-
- if (s_8021x && path_func && scheme_func) {
- if (scheme_func (s_8021x) == NM_SETTING_802_1X_CK_SCHEME_PATH) {
- filename = path_func (s_8021x);
- if (filename)
- gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), filename);
+ NMSetting8021xCKScheme scheme = NM_SETTING_802_1X_CK_SCHEME_UNKNOWN;
+ const char *value = NULL;
+
+
+ if (s_8021x && cert_path_func && cert_uri_func && cert_scheme_func) {
+ scheme = cert_scheme_func (s_8021x);
+ switch (scheme) {
+ case NM_SETTING_802_1X_CK_SCHEME_PATH:
+ value = cert_path_func (s_8021x);
+ break;
+#ifdef NM_SETTING_802_1X_CERT_SCHEME_PREFIX_PKCS11
+/* Not available in libnm-glib */
+ case NM_SETTING_802_1X_CK_SCHEME_PKCS11:
+ value = cert_uri_func (s_8021x);
+ if (cert_password_func)
+ nma_cert_chooser_set_cert_password (cert_chooser, cert_password_func
(s_8021x));
+ break;
+#endif
+ case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN:
+ /* No CA set. */
+ break;
+ default:
+ g_warning ("unhandled certificate scheme %d", scheme);
}
- }
- /* Connect a special handler for private keys to intercept PKCS#12 key types
- * and desensitize the user cert button.
- */
- if (privkey) {
- g_signal_connect (G_OBJECT (widget), "selection-changed",
- (GCallback) private_key_picker_file_set_cb,
- parent);
- if (filename)
- private_key_picker_helper (parent, filename, FALSE);
}
+ nma_cert_chooser_set_cert (cert_chooser, value, scheme);
+
+ if (s_8021x && key_path_func && key_uri_func && key_scheme_func) {
+ scheme = key_scheme_func (s_8021x);
+ switch (scheme) {
+ case NM_SETTING_802_1X_CK_SCHEME_PATH:
+ value = key_path_func (s_8021x);
+ break;
+#ifdef NM_SETTING_802_1X_CERT_SCHEME_PREFIX_PKCS11
+/* Not available in libnm-glib */
+ case NM_SETTING_802_1X_CK_SCHEME_PKCS11:
+ value = key_uri_func (s_8021x);
+ break;
+#endif
+ case NM_SETTING_802_1X_CK_SCHEME_UNKNOWN:
+ /* No certificate set. */
+ break;
+ default:
+ g_warning ("unhandled key scheme %d", scheme);
+ }
- g_signal_connect (G_OBJECT (widget), "selection-changed",
- (GCallback) wireless_security_changed_cb,
- ws_parent);
-
- filter = eap_method_default_file_chooser_filter_new (privkey);
- gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);
+ nma_cert_chooser_set_key (cert_chooser, value, scheme);
+ }
- /* For some reason, GTK+ calls set_current_filter (..., NULL) from
- * gtkfilechooserdefault.c::show_and_select_files_finished_loading() on our
- * dialog; so force-reset the filter to what we want it to be whenever
- * it gets cleared.
- */
- if (client_cert)
- g_signal_connect (G_OBJECT (widget), "notify::filter", (GCallback) reset_filter, filter);
+ if (s_8021x && key_password_func)
+ nma_cert_chooser_set_key_password (cert_chooser, key_password_func (s_8021x));
}
static void
update_secrets (EAPMethod *parent, NMConnection *connection)
{
+#if 0
NMSetting8021x *s_8021x;
HelperSecretFunc password_func;
SchemeFunc scheme_func;
@@ -438,8 +444,19 @@ update_secrets (EAPMethod *parent, NMConnection *connection)
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), filename);
}
}
+#endif
}
+#ifndef NM_SETTING_802_1X_CERT_SCHEME_PREFIX_PKCS11
+/* Not available in libnm-glib */
+#define nm_setting_802_1x_get_phase2_client_cert_uri NULL
+#define nm_setting_802_1x_get_client_cert_uri NULL
+#define nm_setting_802_1x_get_phase2_ca_cert_uri NULL
+#define nm_setting_802_1x_get_ca_cert_uri NULL
+#define nm_setting_802_1x_get_phase2_private_key_uri NULL
+#define nm_setting_802_1x_get_private_key_uri NULL
+#endif
+
EAPMethodTLS *
eap_method_tls_new (WirelessSecurity *ws_parent,
NMConnection *connection,
@@ -491,24 +508,48 @@ eap_method_tls_new (WirelessSecurity *ws_parent,
if (s_8021x && nm_setting_802_1x_get_identity (s_8021x))
gtk_entry_set_text (GTK_ENTRY (widget), nm_setting_802_1x_get_identity (s_8021x));
- setup_filepicker (parent->builder, "eap_tls_user_cert_button",
- _("Choose your personal certificate"),
- ws_parent, parent, s_8021x,
- phase2 ? nm_setting_802_1x_get_phase2_client_cert_scheme :
nm_setting_802_1x_get_client_cert_scheme,
- phase2 ? nm_setting_802_1x_get_phase2_client_cert_path :
nm_setting_802_1x_get_client_cert_path,
- FALSE, TRUE);
- setup_filepicker (parent->builder, "eap_tls_ca_cert_button",
- _("Choose a Certificate Authority certificate"),
- ws_parent, parent, s_8021x,
- phase2 ? nm_setting_802_1x_get_phase2_ca_cert_scheme :
nm_setting_802_1x_get_ca_cert_scheme,
- phase2 ? nm_setting_802_1x_get_phase2_ca_cert_path :
nm_setting_802_1x_get_ca_cert_path,
- FALSE, FALSE);
- setup_filepicker (parent->builder, "eap_tls_private_key_button",
- _("Choose your private key"),
- ws_parent, parent, s_8021x,
- phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme :
nm_setting_802_1x_get_private_key_scheme,
- phase2 ? nm_setting_802_1x_get_phase2_private_key_path :
nm_setting_802_1x_get_private_key_path,
- TRUE, FALSE);
+
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_grid"));
+ g_assert (widget);
+
+ method->client_cert_chooser = nma_cert_chooser_new ("User certificate", 0);
+ gtk_grid_attach (GTK_GRID (widget), method->client_cert_chooser, 0, 1, 2, 1);
+ gtk_widget_show (method->client_cert_chooser);
+
+ g_signal_connect (method->client_cert_chooser, "cert-changed", G_CALLBACK (client_cert_changed_cb),
parent);
+ g_signal_connect (method->client_cert_chooser, "key-changed", G_CALLBACK (client_key_changed_cb),
parent);
+ g_signal_connect (method->client_cert_chooser, "key-password-changed", G_CALLBACK
(client_key_password_changed_cb), parent);
+ g_signal_connect (method->client_cert_chooser, "changed", G_CALLBACK (wireless_security_changed_cb),
ws_parent);
+
+ setup_cert_chooser (NMA_CERT_CHOOSER (method->client_cert_chooser),
+ ws_parent, parent, s_8021x,
+ phase2 ? nm_setting_802_1x_get_phase2_client_cert_scheme :
nm_setting_802_1x_get_client_cert_scheme,
+ phase2 ? nm_setting_802_1x_get_phase2_client_cert_path :
nm_setting_802_1x_get_client_cert_path,
+ phase2 ? nm_setting_802_1x_get_phase2_client_cert_uri :
nm_setting_802_1x_get_client_cert_uri,
+ phase2 ? nm_setting_802_1x_get_phase2_client_cert_password :
nm_setting_802_1x_get_client_cert_password,
+ phase2 ? nm_setting_802_1x_get_phase2_private_key_scheme :
nm_setting_802_1x_get_private_key_scheme,
+ phase2 ? nm_setting_802_1x_get_phase2_private_key_path :
nm_setting_802_1x_get_private_key_path,
+ phase2 ? nm_setting_802_1x_get_phase2_private_key_uri :
nm_setting_802_1x_get_private_key_uri,
+ phase2 ? nm_setting_802_1x_get_phase2_private_key_password :
nm_setting_802_1x_get_private_key_password);
+
+ method->ca_cert_chooser = nma_cert_chooser_new ("CA certificate", NMA_CERT_CHOOSER_FLAG_CERT);
+ gtk_grid_attach (GTK_GRID (widget), method->ca_cert_chooser, 0, 2, 2, 1);
+ gtk_widget_show (method->ca_cert_chooser);
+
+ g_signal_connect (method->ca_cert_chooser, "cert-changed", G_CALLBACK (ca_cert_changed_cb), parent);
+ g_signal_connect (method->ca_cert_chooser, "changed", G_CALLBACK (wireless_security_changed_cb),
ws_parent);
+
+ setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser),
+ ws_parent, parent, s_8021x,
+ phase2 ? nm_setting_802_1x_get_phase2_ca_cert_scheme :
nm_setting_802_1x_get_ca_cert_scheme,
+ phase2 ? nm_setting_802_1x_get_phase2_ca_cert_path :
nm_setting_802_1x_get_ca_cert_path,
+ phase2 ? nm_setting_802_1x_get_phase2_ca_cert_uri :
nm_setting_802_1x_get_ca_cert_uri,
+ phase2 ? nm_setting_802_1x_get_phase2_ca_cert_password :
nm_setting_802_1x_get_ca_cert_password,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
if (connection && eap_method_ca_cert_ignore_get (parent, connection)) {
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_ca_cert_button"));
@@ -521,6 +562,7 @@ eap_method_tls_new (WirelessSecurity *ws_parent,
if (connection)
update_secrets (parent, connection);
+#if 0
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_private_key_password_entry"));
g_assert (widget);
g_signal_connect (G_OBJECT (widget), "changed",
@@ -536,8 +578,10 @@ eap_method_tls_new (WirelessSecurity *ws_parent,
g_signal_connect (G_OBJECT (widget), "toggled",
(GCallback) show_toggled_cb,
parent);
+#endif
if (secrets_only) {
+#if 0
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_identity_entry"));
gtk_widget_set_sensitive (widget, FALSE);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_tls_user_cert_label"));
@@ -554,6 +598,7 @@ eap_method_tls_new (WirelessSecurity *ws_parent,
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_tls_ca_cert_not_required_checkbox"));
gtk_widget_hide (widget);
+#endif
}
return method;
diff --git a/src/wireless-security/eap-method-tls.ui b/src/wireless-security/eap-method-tls.ui
index 94bad98..ccdc730 100644
--- a/src/wireless-security/eap-method-tls.ui
+++ b/src/wireless-security/eap-method-tls.ui
@@ -8,7 +8,7 @@
<property name="show_tabs">False</property>
<property name="show_border">False</property>
<child>
- <object class="GtkGrid">
+ <object class="GtkGrid" id="eap_tls_grid">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="row_spacing">6</property>
@@ -40,59 +40,26 @@
</packing>
</child>
<child>
- <object class="GtkFileChooserButton" id="eap_tls_ca_cert_button">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="hexpand">True</property>
- </object>
- <packing>
- <property name="left_attach">1</property>
- <property name="top_attach">2</property>
- </packing>
- </child>
- <child>
- <object class="GtkCheckButton" id="eap_tls_ca_cert_not_required_checkbox">
- <property name="label" translatable="yes">No CA certificate is _required</property>
+ <object class="GtkCheckButton" id="show_checkbutton_eaptls">
+ <property name="label" translatable="yes">Sho_w passwords</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
<property name="halign">start</property>
+ <property name="valign">end</property>
<property name="hexpand">True</property>
+ <property name="vexpand">True</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
</object>
<packing>
<property name="left_attach">1</property>
- <property name="top_attach">3</property>
- </packing>
- </child>
- <child>
- <object class="GtkFileChooserButton" id="eap_tls_private_key_button">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="hexpand">True</property>
- </object>
- <packing>
- <property name="left_attach">1</property>
<property name="top_attach">4</property>
</packing>
</child>
<child>
- <object class="GtkEntry" id="eap_tls_private_key_password_entry">
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="hexpand">True</property>
- <property name="visibility">False</property>
- <property name="activates_default">True</property>
- </object>
- <packing>
- <property name="left_attach">1</property>
- <property name="top_attach">5</property>
- </packing>
- </child>
- <child>
- <object class="GtkCheckButton" id="show_checkbutton_eaptls">
- <property name="label" translatable="yes">Sho_w password</property>
+ <object class="GtkCheckButton" id="eap_tls_ca_cert_not_required_checkbox">
+ <property name="label" translatable="yes">No CA certificate is _required</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
@@ -103,75 +70,20 @@
</object>
<packing>
<property name="left_attach">1</property>
- <property name="top_attach">6</property>
- </packing>
- </child>
- <child>
- <object class="GtkFileChooserButton" id="eap_tls_user_cert_button">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="hexpand">True</property>
- </object>
- <packing>
- <property name="left_attach">1</property>
- <property name="top_attach">1</property>
+ <property name="top_attach">3</property>
</packing>
</child>
<child>
- <object class="GtkLabel" id="eap_tls_user_cert_label">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="label" translatable="yes">_User certificate:</property>
- <property name="use_underline">True</property>
- <property name="mnemonic_widget">eap_tls_user_cert_button</property>
- <property name="xalign">0</property>
- </object>
- <packing>
- <property name="left_attach">0</property>
- <property name="top_attach">1</property>
- </packing>
+ <placeholder/>
</child>
<child>
- <object class="GtkLabel" id="eap_tls_ca_cert_label">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="label" translatable="yes">C_A certificate:</property>
- <property name="use_underline">True</property>
- <property name="mnemonic_widget">eap_tls_ca_cert_button</property>
- <property name="xalign">0</property>
- </object>
- <packing>
- <property name="left_attach">0</property>
- <property name="top_attach">2</property>
- </packing>
+ <placeholder/>
</child>
<child>
- <object class="GtkLabel" id="eap_tls_private_key_label">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="label" translatable="yes">Private _key:</property>
- <property name="use_underline">True</property>
- <property name="mnemonic_widget">eap_tls_private_key_button</property>
- <property name="xalign">0</property>
- </object>
- <packing>
- <property name="left_attach">0</property>
- <property name="top_attach">4</property>
- </packing>
+ <placeholder/>
</child>
<child>
- <object class="GtkLabel" id="eap_tls_private_key_password_label">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="label" translatable="yes">_Private key password:</property>
- <property name="use_underline">True</property>
- <property name="mnemonic_widget">eap_tls_private_key_password_entry</property>
- <property name="xalign">0</property>
- </object>
- <packing>
- <property name="left_attach">0</property>
- <property name="top_attach">5</property>
- </packing>
+ <placeholder/>
</child>
<child>
<placeholder/>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
