[network-manager-applet/lr/tls-domain-suffix-match-rh1457542: 5/12] wireless-security/ttls: use the certificate chooser widget
- From: Lubomir Rintel <lkundrak src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-applet/lr/tls-domain-suffix-match-rh1457542: 5/12] wireless-security/ttls: use the certificate chooser widget
- Date: Fri, 9 Jun 2017 18:43:20 +0000 (UTC)
commit 43840f365d420d6e3788166df67339138d98f006
Author: Lubomir Rintel <lkundrak v3 sk>
Date: Fri Jun 9 18:39:23 2017 +0200
wireless-security/ttls: use the certificate chooser widget
Reduces code duplication.
src/wireless-security/eap-method-ttls.c | 140 +++++++++++++++++++-----------
src/wireless-security/eap-method-ttls.ui | 41 +++-------
2 files changed, 99 insertions(+), 82 deletions(-)
---
diff --git a/src/wireless-security/eap-method-ttls.c b/src/wireless-security/eap-method-ttls.c
index 2598cb4..17cfe35 100644
--- a/src/wireless-security/eap-method-ttls.c
+++ b/src/wireless-security/eap-method-ttls.c
@@ -17,7 +17,7 @@
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
- * Copyright 2007 - 2014 Red Hat, Inc.
+ * Copyright 2007 - 2017 Red Hat, Inc.
*/
#include "nm-default.h"
@@ -27,6 +27,7 @@
#include "eap-method.h"
#include "wireless-security.h"
+#include "nma-cert-chooser.h"
#include "utils.h"
#define I_NAME_COLUMN 0
@@ -39,6 +40,8 @@ struct _EAPMethodTTLS {
GtkSizeGroup *size_group;
WirelessSecurity *sec_parent;
gboolean is_editor;
+
+ GtkWidget *ca_cert_chooser;
};
static void
@@ -53,22 +56,16 @@ destroy (EAPMethod *parent)
static gboolean
validate (EAPMethod *parent, GError **error)
{
+ EAPMethodTTLS *method = (EAPMethodTTLS *) parent;
GtkWidget *widget;
GtkTreeModel *model;
GtkTreeIter iter;
EAPMethod *eap = NULL;
gboolean valid = FALSE;
- GError *local = NULL;
- if (!eap_method_validate_filepicker (parent->builder, "eap_ttls_ca_cert_button", TYPE_CA_CERT, NULL,
NULL, &local)) {
- g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid EAP-TTLS CA certificate: %s"),
local->message);
- g_clear_error (&local);
- return FALSE;
- }
- if (eap_method_ca_cert_required (parent->builder, "eap_ttls_ca_cert_not_required_checkbox",
"eap_ttls_ca_cert_button")) {
- g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("invalid EAP-TTLS CA certificate:
no certificate specified"));
+ if ( gtk_widget_get_sensitive (method->ca_cert_chooser)
+ && !nma_cert_chooser_validate (NMA_CERT_CHOOSER (method->ca_cert_chooser), error))
return FALSE;
- }
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
g_assert (widget);
@@ -85,9 +82,10 @@ validate (EAPMethod *parent, GError **error)
static void
ca_cert_not_required_toggled (GtkWidget *ignored, gpointer user_data)
{
- EAPMethod *parent = user_data;
+ EAPMethodTTLS *method = (EAPMethodTTLS *) user_data;
- eap_method_ca_cert_not_required_toggled (parent->builder, "eap_ttls_ca_cert_not_required_checkbox",
"eap_ttls_ca_cert_button");
+ gtk_widget_set_sensitive (method->ca_cert_chooser,
+ !gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (ignored)));
}
static void
@@ -111,9 +109,7 @@ add_to_size_group (EAPMethod *parent, GtkSizeGroup *group)
g_assert (widget);
gtk_size_group_add_widget (group, widget);
- widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_label"));
- g_assert (widget);
- gtk_size_group_add_widget (group, widget);
+ nma_cert_chooser_add_to_size_group (NMA_CERT_CHOOSER (method->ca_cert_chooser), group);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_label"));
g_assert (widget);
@@ -133,15 +129,20 @@ add_to_size_group (EAPMethod *parent, GtkSizeGroup *group)
static void
fill_connection (EAPMethod *parent, NMConnection *connection)
{
+ EAPMethodTTLS *method = (EAPMethodTTLS *) parent;
NMSetting8021x *s_8021x;
NMSetting8021xCKFormat format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+#if LIBNM_BUILD
+ NMSettingSecretFlags secret_flags;
+#endif
GtkWidget *widget;
const char *text;
- char *filename;
+ char *value = NULL;
EAPMethod *eap = NULL;
GtkTreeModel *model;
GtkTreeIter iter;
GError *error = NULL;
+ NMSetting8021xCKScheme scheme;
gboolean ca_cert_error = FALSE;
s_8021x = nm_connection_get_setting_802_1x (connection);
@@ -155,16 +156,31 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
if (text && strlen (text))
g_object_set (s_8021x, NM_SETTING_802_1X_ANONYMOUS_IDENTITY, text, NULL);
- widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button"));
- g_assert (widget);
- filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
- if (!nm_setting_802_1x_set_ca_cert (s_8021x, filename, NM_SETTING_802_1X_CK_SCHEME_PATH, &format,
&error)) {
- g_warning ("Couldn't read CA certificate '%s': %s", filename, error ? error->message :
"(unknown)");
+#if LIBNM_BUILD
+/* libnm-glib doesn't support this. */
+ /* Save CA certificate PIN password flags to the connection */
+ secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->ca_cert_chooser));
+ nm_setting_set_secret_flags (NM_SETTING (s_8021x), NM_SETTING_802_1X_CA_CERT_PASSWORD,
+ secret_flags, NULL);
+ if (method->is_editor) {
+ /* Update secret flags and popup when editing the connection */
+ nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser),
+ secret_flags, NM_SETTING (s_8021x),
+ NM_SETTING_802_1X_CA_CERT_PASSWORD);
+ }
+#endif
+
+ /* TLS CA certificate */
+ if (gtk_widget_get_sensitive (method->ca_cert_chooser))
+ value = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme);
+ format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
+ if (!nm_setting_802_1x_set_ca_cert (s_8021x, value, scheme, &format, &error)) {
+ g_warning ("Couldn't read CA certificate '%s': %s", value, error ? error->message :
"(unknown)");
g_clear_error (&error);
ca_cert_error = TRUE;
}
- eap_method_ca_cert_ignore_set (parent, connection, filename, ca_cert_error);
- g_free (filename);
+ eap_method_ca_cert_ignore_set (parent, connection, value, ca_cert_error);
+ g_free (value);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_combo"));
model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget));
@@ -388,10 +404,9 @@ eap_method_ttls_new (WirelessSecurity *ws_parent,
{
EAPMethod *parent;
EAPMethodTTLS *method;
- GtkWidget *widget, *widget_ca_not_required_checkbox;
- GtkFileFilter *filter;
+ GtkWidget *widget;
NMSetting8021x *s_8021x = NULL;
- const char *filename;
+ gboolean ca_not_required = FALSE;
parent = eap_method_init (sizeof (EAPMethodTTLS),
validate,
@@ -414,6 +429,46 @@ eap_method_ttls_new (WirelessSecurity *ws_parent,
if (connection)
s_8021x = nm_connection_get_setting_802_1x (connection);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_grid"));
+ g_assert (widget);
+
+ method->ca_cert_chooser = nma_cert_chooser_new ("CA",
+ NMA_CERT_CHOOSER_FLAG_CERT
+ | (secrets_only ? NMA_CERT_CHOOSER_FLAG_PASSWORDS :
0));
+ gtk_grid_attach (GTK_GRID (widget), method->ca_cert_chooser, 0, 1, 2, 1);
+ gtk_widget_show (method->ca_cert_chooser);
+
+ g_signal_connect (method->ca_cert_chooser,
+ "cert-validate",
+ G_CALLBACK (eap_method_ca_cert_validate_cb),
+ NULL);
+ g_signal_connect (method->ca_cert_chooser,
+ "changed",
+ G_CALLBACK (wireless_security_changed_cb),
+ ws_parent);
+
+ eap_method_setup_cert_chooser (NMA_CERT_CHOOSER (method->ca_cert_chooser), s_8021x,
+ nm_setting_802_1x_get_ca_cert_scheme,
+ nm_setting_802_1x_get_ca_cert_path,
+ nm_setting_802_1x_get_ca_cert_uri,
+ nm_setting_802_1x_get_ca_cert_password,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+
+ if (connection && eap_method_ca_cert_ignore_get (parent, connection)) {
+ gchar *ca_cert;
+ NMSetting8021xCKScheme scheme;
+
+ ca_cert = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme);
+ if (ca_cert)
+ g_free (ca_cert);
+ else
+ ca_not_required = TRUE;
+ }
+
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_ttls_ca_cert_not_required_checkbox"));
g_assert (widget);
g_signal_connect (G_OBJECT (widget), "toggled",
@@ -422,28 +477,7 @@ eap_method_ttls_new (WirelessSecurity *ws_parent,
g_signal_connect (G_OBJECT (widget), "toggled",
(GCallback) wireless_security_changed_cb,
ws_parent);
- widget_ca_not_required_checkbox = widget;
-
- widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button"));
- g_assert (widget);
- gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE);
- gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget),
- _("Choose a Certificate Authority certificate"));
- g_signal_connect (G_OBJECT (widget), "selection-changed",
- (GCallback) wireless_security_changed_cb,
- ws_parent);
- filter = eap_method_default_file_chooser_filter_new (FALSE);
- gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);
- if (connection && s_8021x) {
- filename = NULL;
- if (nm_setting_802_1x_get_ca_cert_scheme (s_8021x) == NM_SETTING_802_1X_CK_SCHEME_PATH) {
- filename = nm_setting_802_1x_get_ca_cert_path (s_8021x);
- if (filename)
- gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), filename);
- }
- gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget_ca_not_required_checkbox),
- !filename && eap_method_ca_cert_ignore_get (parent,
connection));
- }
+ gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), ca_not_required);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_anon_identity_entry"));
if (s_8021x && nm_setting_802_1x_get_anonymous_identity (s_8021x))
@@ -460,10 +494,6 @@ eap_method_ttls_new (WirelessSecurity *ws_parent,
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_ttls_anon_identity_entry"));
gtk_widget_hide (widget);
- widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_label"));
- gtk_widget_hide (widget);
- widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_ca_cert_button"));
- gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"eap_ttls_ca_cert_not_required_checkbox"));
gtk_widget_hide (widget);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "eap_ttls_inner_auth_label"));
@@ -472,6 +502,12 @@ eap_method_ttls_new (WirelessSecurity *ws_parent,
gtk_widget_hide (widget);
}
+#if LIBNM_BUILD
+ nma_cert_chooser_setup_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser),
+ 0, (NMSetting *) s_8021x,
NM_SETTING_802_1X_CA_CERT_PASSWORD,
+ FALSE, secrets_only);
+#endif
+
return method;
}
diff --git a/src/wireless-security/eap-method-ttls.ui b/src/wireless-security/eap-method-ttls.ui
index b856690..2b15651 100644
--- a/src/wireless-security/eap-method-ttls.ui
+++ b/src/wireless-security/eap-method-ttls.ui
@@ -51,28 +51,18 @@
</packing>
</child>
<child>
- <object class="GtkLabel" id="eap_ttls_ca_cert_label">
+ <object class="GtkVBox" id="eap_ttls_inner_auth_vbox">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="label" translatable="yes">C_A certificate:</property>
- <property name="use_underline">True</property>
- <property name="mnemonic_widget">eap_ttls_ca_cert_button</property>
- <property name="xalign">0</property>
+ <property name="spacing">6</property>
+ <child>
+ <placeholder/>
+ </child>
</object>
<packing>
<property name="left_attach">0</property>
- <property name="top_attach">1</property>
- </packing>
- </child>
- <child>
- <object class="GtkFileChooserButton" id="eap_ttls_ca_cert_button">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="hexpand">True</property>
- </object>
- <packing>
- <property name="left_attach">1</property>
- <property name="top_attach">1</property>
+ <property name="top_attach">4</property>
+ <property name="width">2</property>
</packing>
</child>
<child>
@@ -124,19 +114,10 @@
</packing>
</child>
<child>
- <object class="GtkVBox" id="eap_ttls_inner_auth_vbox">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="spacing">6</property>
- <child>
- <placeholder/>
- </child>
- </object>
- <packing>
- <property name="left_attach">0</property>
- <property name="top_attach">4</property>
- <property name="width">2</property>
- </packing>
+ <placeholder/>
+ </child>
+ <child>
+ <placeholder/>
</child>
<child>
<placeholder/>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
