[network-manager-applet/lr/tls-domain-suffix-match-rh1457542: 8/12] wireless-security/eap: drop dead code
- From: Lubomir Rintel <lkundrak src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-applet/lr/tls-domain-suffix-match-rh1457542: 8/12] wireless-security/eap: drop dead code
- Date: Tue, 13 Jun 2017 11:12:08 +0000 (UTC)
commit a4b206ea2cbd16e31a5254d9eff6b390b70f5cbb
Author: Lubomir Rintel <lkundrak v3 sk>
Date: Fri Jun 9 19:32:02 2017 +0200
wireless-security/eap: drop dead code
Now that all TLS, TTLS and PEAP use the certificate chooser widget, we can
drop the obsolete helpers. Yay!
src/wireless-security/eap-method.c | 256 ------------------------------------
src/wireless-security/eap-method.h | 22 ---
2 files changed, 0 insertions(+), 278 deletions(-)
---
diff --git a/src/wireless-security/eap-method.c b/src/wireless-security/eap-method.c
index f11bd22..0b11443 100644
--- a/src/wireless-security/eap-method.c
+++ b/src/wireless-security/eap-method.c
@@ -205,262 +205,6 @@ eap_method_unref (EAPMethod *method)
}
}
-gboolean
-eap_method_validate_filepicker (GtkBuilder *builder,
- const char *name,
- guint32 item_type,
- const char *password,
- NMSetting8021xCKFormat *out_format,
- GError **error)
-{
- GtkWidget *widget;
- gs_free char *filename = NULL;
- NMSetting8021x *setting;
- gboolean success;
-
- widget = GTK_WIDGET (gtk_builder_get_object (builder, name));
- g_assert (widget);
- filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
- if (!filename) {
- if (item_type != TYPE_CA_CERT) {
- success = FALSE;
- g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("no file selected"));
- } else
- success = TRUE;
- goto out;
- }
-
- if (!g_file_test (filename, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) {
- success = FALSE;
- g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("file ā%sā does not exist"), filename);
- goto out;
- }
-
- setting = (NMSetting8021x *) nm_setting_802_1x_new ();
-
- success = FALSE;
- if (item_type == TYPE_PRIVATE_KEY) {
- if (nm_setting_802_1x_set_private_key (setting, filename, password,
NM_SETTING_802_1X_CK_SCHEME_PATH, out_format, error))
- success = TRUE;
- } else if (item_type == TYPE_CLIENT_CERT) {
- if (nm_setting_802_1x_set_client_cert (setting, filename, NM_SETTING_802_1X_CK_SCHEME_PATH,
out_format, error))
- success = TRUE;
- } else if (item_type == TYPE_CA_CERT) {
- if (nm_setting_802_1x_set_ca_cert (setting, filename, NM_SETTING_802_1X_CK_SCHEME_PATH,
out_format, error))
- success = TRUE;
- } else
- g_warning ("%s: invalid item type %d.", __func__, item_type);
-
- g_object_unref (setting);
-
-out:
- if (!success && error && !*error)
- g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("unspecified error validating
eap-method file"));
-
- if (success)
- widget_unset_error (widget);
- else
- widget_set_error (widget);
- return success;
-}
-
-#if !LIBNM_BUILD
-static const char *
-find_tag (const char *tag, const char *buf, gsize len)
-{
- gsize i, taglen;
-
- taglen = strlen (tag);
- if (len < taglen)
- return NULL;
-
- for (i = 0; i < len - taglen + 1; i++) {
- if (memcmp (buf + i, tag, taglen) == 0)
- return buf + i;
- }
- return NULL;
-}
-
-static const char *pem_rsa_key_begin = "-----BEGIN RSA PRIVATE KEY-----";
-static const char *pem_dsa_key_begin = "-----BEGIN DSA PRIVATE KEY-----";
-static const char *pem_pkcs8_enc_key_begin = "-----BEGIN ENCRYPTED PRIVATE KEY-----";
-static const char *pem_pkcs8_dec_key_begin = "-----BEGIN PRIVATE KEY-----";
-static const char *pem_cert_begin = "-----BEGIN CERTIFICATE-----";
-static const char *proc_type_tag = "Proc-Type: 4,ENCRYPTED";
-static const char *dek_info_tag = "DEK-Info:";
-
-static gboolean
-pem_file_is_encrypted (const char *buffer, gsize bytes_read)
-{
- /* Check if the private key is encrypted or not by looking for the
- * old OpenSSL-style proc-type and dec-info tags.
- */
- if (find_tag (proc_type_tag, (const char *) buffer, bytes_read)) {
- if (find_tag (dek_info_tag, (const char *) buffer, bytes_read))
- return TRUE;
- }
- return FALSE;
-}
-
-static gboolean
-file_is_der_or_pem (const char *filename,
- gboolean privkey,
- gboolean *out_privkey_encrypted)
-{
- int fd;
- unsigned char buffer[8192];
- ssize_t bytes_read;
- gboolean success = FALSE;
-
- fd = open (filename, O_RDONLY);
- if (fd < 0)
- return FALSE;
-
- bytes_read = read (fd, buffer, sizeof (buffer) - 1);
- if (bytes_read < 400) /* needs to be lower? */
- goto out;
- buffer[bytes_read] = '\0';
-
- /* Check for DER signature */
- if (bytes_read > 2 && buffer[0] == 0x30 && buffer[1] == 0x82) {
- success = TRUE;
- goto out;
- }
-
- /* Check for PEM signatures */
- if (privkey) {
- if (find_tag (pem_rsa_key_begin, (const char *) buffer, bytes_read)) {
- success = TRUE;
- if (out_privkey_encrypted)
- *out_privkey_encrypted = pem_file_is_encrypted ((const char *) buffer,
bytes_read);
- goto out;
- }
-
- if (find_tag (pem_dsa_key_begin, (const char *) buffer, bytes_read)) {
- success = TRUE;
- if (out_privkey_encrypted)
- *out_privkey_encrypted = pem_file_is_encrypted ((const char *) buffer,
bytes_read);
- goto out;
- }
-
- if (find_tag (pem_pkcs8_enc_key_begin, (const char *) buffer, bytes_read)) {
- success = TRUE;
- if (out_privkey_encrypted)
- *out_privkey_encrypted = TRUE;
- goto out;
- }
-
- if (find_tag (pem_pkcs8_dec_key_begin, (const char *) buffer, bytes_read)) {
- success = TRUE;
- if (out_privkey_encrypted)
- *out_privkey_encrypted = FALSE;
- goto out;
- }
- } else {
- if (find_tag (pem_cert_begin, (const char *) buffer, bytes_read)) {
- success = TRUE;
- goto out;
- }
- }
-
-out:
- close (fd);
- return success;
-}
-#endif
-
-GtkFileFilter *
-eap_method_default_file_chooser_filter_new (gboolean privkey)
-{
- if (privkey)
- return utils_key_filter ();
- else
- return utils_cert_filter ();
-}
-
-gboolean
-eap_method_is_encrypted_private_key (const char *path)
-{
- gboolean is_encrypted;
-
-#if LIBNM_BUILD
- is_encrypted = FALSE;
- if (!nm_utils_file_is_private_key (path, &is_encrypted))
- return FALSE;
-#else
- is_encrypted = TRUE;
- if ( !file_is_der_or_pem (path, TRUE, &is_encrypted)
- && !nm_utils_file_is_pkcs12 (path))
- return FALSE;
-#endif
- return is_encrypted;
-}
-
-/* Some methods (PEAP, TLS, TTLS) require a CA certificate. The user can choose
- * not to provide such a certificate. This method whether the checkbox
- * id_ca_cert_not_required_checkbutton is checked or id_ca_cert_chooser has a certificate
- * selected.
- */
-gboolean
-eap_method_ca_cert_required (GtkBuilder *builder, const char *id_ca_cert_not_required_checkbutton, const
char *id_ca_cert_chooser)
-{
- char *filename;
- GtkWidget *widget;
-
- g_assert (builder && id_ca_cert_not_required_checkbutton && id_ca_cert_chooser);
-
- widget = GTK_WIDGET (gtk_builder_get_object (builder, id_ca_cert_not_required_checkbutton));
- g_assert (widget && GTK_IS_TOGGLE_BUTTON (widget));
-
- if (!gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
- widget = GTK_WIDGET (gtk_builder_get_object (builder, id_ca_cert_chooser));
- g_assert (widget && GTK_IS_FILE_CHOOSER (widget));
-
- filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
- if (!filename)
- return TRUE;
- g_free (filename);
- }
- return FALSE;
-}
-
-
-void
-eap_method_ca_cert_not_required_toggled (GtkBuilder *builder, const char
*id_ca_cert_not_required_checkbutton, const char *id_ca_cert_chooser)
-{
- char *filename, *filename_old;
- gboolean is_not_required;
- GtkWidget *widget;
-
- g_assert (builder && id_ca_cert_not_required_checkbutton && id_ca_cert_chooser);
-
- widget = GTK_WIDGET (gtk_builder_get_object (builder, id_ca_cert_not_required_checkbutton));
- g_assert (widget && GTK_IS_TOGGLE_BUTTON (widget));
- is_not_required = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget));
-
- widget = GTK_WIDGET (gtk_builder_get_object (builder, id_ca_cert_chooser));
- g_assert (widget && GTK_IS_FILE_CHOOSER (widget));
-
- filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
- filename_old = g_object_steal_data (G_OBJECT (widget), "filename-old");
- if (is_not_required) {
- g_free (filename_old);
- filename_old = filename;
- filename = NULL;
- } else {
- g_free (filename);
- filename = filename_old;
- filename_old = NULL;
- }
- gtk_widget_set_sensitive (widget, !is_not_required);
- if (filename)
- gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), filename);
- else
- gtk_file_chooser_unselect_all (GTK_FILE_CHOOSER (widget));
- g_free (filename);
- g_object_set_data_full (G_OBJECT (widget), "filename-old", filename_old, g_free);
-}
-
/* Used as both GSettings keys and GObject data tags */
#define IGNORE_CA_CERT_TAG "ignore-ca-cert"
#define IGNORE_PHASE2_CA_CERT_TAG "ignore-phase2-ca-cert"
diff --git a/src/wireless-security/eap-method.h b/src/wireless-security/eap-method.h
index 665d2d8..39cee40 100644
--- a/src/wireless-security/eap-method.h
+++ b/src/wireless-security/eap-method.h
@@ -91,33 +91,11 @@ EAPMethod *eap_method_init (gsize obj_size,
const char *default_field,
gboolean phase2);
-GtkFileFilter * eap_method_default_file_chooser_filter_new (gboolean privkey);
-
-gboolean eap_method_is_encrypted_private_key (const char *path);
-
-#define TYPE_CLIENT_CERT 0
-#define TYPE_CA_CERT 1
-#define TYPE_PRIVATE_KEY 2
-
-gboolean eap_method_validate_filepicker (GtkBuilder *builder,
- const char *name,
- guint32 item_type,
- const char *password,
- NMSetting8021xCKFormat *out_format,
- GError **error);
-
void eap_method_phase2_update_secrets_helper (EAPMethod *method,
NMConnection *connection,
const char *combo_name,
guint32 column);
-gboolean eap_method_ca_cert_required (GtkBuilder *builder,
- const char *id_ca_cert_is_not_required_checkbox,
- const char *id_ca_cert_chooser);
-void eap_method_ca_cert_not_required_toggled (GtkBuilder *builder,
- const char *id_ca_cert_is_not_required_checkbox,
- const char *id_ca_cert_chooser);
-
void eap_method_ca_cert_ignore_set (EAPMethod *method,
NMConnection *connection,
const char *filename,
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]