[libnma] Fix clearing password when restoring a valid configuration to be displayed to a user
- From: Thomas Haller <thaller src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libnma] Fix clearing password when restoring a valid configuration to be displayed to a user
- Date: Thu, 18 Mar 2021 16:54:59 +0000 (UTC)
commit 2a307a36b0efc4bb4fe898143e9709767b7eb8f3
Author: Eivind Naess <eivnaes yahoo com>
Date: Thu Mar 18 09:00:04 2021 -0700
Fix clearing password when restoring a valid configuration to be displayed to a user
The handling of the various input and cases, and to get these right is difficult; partially because of
the number of inputs and the
various states the component can be in. I've taken the pre-caution by creating a State Machine laid out
by the text below that will
adequately describe the current state, the action taken and the result of each user action as listed
below.
I've methodically gone through and tested each state with my change.
Tested the following scenarios:
The seven states, except for 1, 3, and 5 (as they cannot be saved), as spelled out below describe the
initial state when restoring a
configuration using network-manager-openvpn plugin. For each of the starting state (0, 2, 4, 6),
sufficient input has been made to
transition between each of these states.
The states:
State 0: When starting from from all blank fields, Cert is enabled, Key and Password are disabled
* Set PKCS12 for certificate
- Key gets PKCS12 value,
- Password entry is enabled
- Goto 5
* Set X509 for Certificate
- Key becomes enabled
- Goto 1
State 1: When using X509 for certificate, Key is blank, Password is empty and disabled
* Change Cert to PCKS12
- Key gets PKCS12 value
- Password is enabled
- Goto 5
* Change Key to PKCS12
- Cert gets PKCS12 value
- Password is enabled
- Goto 5
* Change key to use an un-encrypted RSA key
- No change
- Goto 2
* Change key to use an encrypted RSA key
- Password is enabled
- Goto 3
State 2: When using X509 for Certificate, Key has an un-encrypted RSA key, Password is empty and disabled
* Change Cert to PKCS12
- Key gets PKCS12 value
- Password is enabled
- Goto 5
* Change Key to PKCS12
- Cert gets PKCS12 value
- Password is enabled
- Goto 5
* Change Cert to different X509 certificate
- No change
- Goto 2
* Change Key to encrypted RSA key
- Password is enabled
- Goto 3
* Change Key to different un-encrypted RSA key
- No change
- Goto 2
State 3: When using X509 for Certificate, Key has an *encrypted* RSA key, Password is empty and enabled
* Change Cert to PKCS12
- Key gets PKCS12 value
- Goto 5
* Change Key to PKCS12
- Cert gets PKCS12 value
- Goto 5
* Change Cert to different X509 certificate
- No change
- Goto 3
* Change Key to un-encrypted RSA key
- Password is disabled
- Goto 2
* Change Key to different encrypted RSA key
- No change
- Goto 3
* Enter password
- No change
- Goto 4
State 4: When using X509 for Certificate, Key has an *encrypted* RSA key, Password has value and is
enabled
* Change Cert to PKCS12
- Key gets PKCS12 value
- Password is cleared
- Goto 5
* Change Key to PKCS12
- Cert gets PKCS12 value
- Password is cleared
- Goto 5
* Change Key to invalid RSA value (e.g. X509 certificate)
- Password is cleared
- Key is marked with error (GTK bug, error marking not visible to end-user in FileChooser component)
- Goto 2
* Change Cert to different X509 certificate
- No change
- Goto 4
* Change Key to un-encrypted RSA key
- Password is cleared
- Password is disabled
- Goto 2
* Change Key to different encrypted RSA key
- No Change, see Note 1
- Goto 4
State 5: When using PKCS12 for Certificate and Key, Key is disabled, Password is empty and enabled
* Change Cert to use X509 certificate
- Key is cleared
- Password is disabled
- Goto 1
* Enter password
- No change
- Goto 6
State 6: When using PKCS12 for Certificate and Key, Key is disabled, Password has a value and is enabled
* Change Cert to use X509 certificate
- Key is cleared
- Password is cleared
- Password is disabled
- Goto 1
* Clear password
- No change
- Goto 5
Notes:
1) To clear password here, we can't destinguish if user set a different key or if network-manager-openvpn
restored an existing configuration.
Signed-off-by: Eivind Naess <eivnaes yahoo com>
https://gitlab.gnome.org/GNOME/libnma/-/issues/6
https://gitlab.gnome.org/GNOME/libnma/-/merge_requests/16
src/nma-file-cert-chooser.c | 38 +++++++++++++++++++++++++++-----------
1 file changed, 27 insertions(+), 11 deletions(-)
---
diff --git a/src/nma-file-cert-chooser.c b/src/nma-file-cert-chooser.c
index 27b764e8..2a1c9ca6 100644
--- a/src/nma-file-cert-chooser.c
+++ b/src/nma-file-cert-chooser.c
@@ -211,21 +211,28 @@ cert_changed_cb (GtkFileChooserButton *file_chooser_button, gpointer user_data)
NMAFileCertChooserPrivate *priv = NMA_FILE_CERT_CHOOSER_GET_PRIVATE (NMA_CERT_CHOOSER (user_data));
if (gtk_widget_get_visible (priv->key_button)) {
- gboolean sensitive = FALSE;
+ gboolean sensitive = TRUE;
gs_free char *cert = NULL;
cert = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (priv->cert_button));
if (cert && *cert) {
- if (nm_utils_file_is_pkcs12 (cert)) {
- gs_free char *key = NULL;
+ gs_free char *key = NULL;
- key = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (priv->key_button));
- if (!nm_streq0 (cert, key))
+ key = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (priv->key_button));
+ if (nm_utils_file_is_pkcs12 (cert)) {
+ if (!nm_streq0 (cert, key)) {
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (priv->key_button),
cert);
- } else
- sensitive = TRUE;
- } else
+ gtk_editable_set_text (GTK_EDITABLE (priv->key_password), "");
+ }
+ sensitive = FALSE;
+ } else if (nm_utils_file_is_pkcs12 (key)) {
+ gtk_file_chooser_unselect_all (GTK_FILE_CHOOSER (priv->key_button));
+ gtk_editable_set_text (GTK_EDITABLE (priv->key_password), "");
+ }
+ } else {
gtk_file_chooser_unselect_all (GTK_FILE_CHOOSER (priv->key_button));
+ sensitive = FALSE;
+ }
gtk_widget_set_sensitive (priv->key_button, sensitive);
gtk_widget_set_sensitive (priv->key_button_label, sensitive);
@@ -243,18 +250,27 @@ key_changed_cb (GtkFileChooserButton *file_chooser_button, gpointer user_data)
key = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (priv->key_button));
if (key && *key) {
+ gboolean encrypted = FALSE;
if (nm_utils_file_is_pkcs12 (key)) {
gs_free char *cert = NULL;
cert = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (priv->cert_button));
- if (!nm_streq0 (cert, key))
+ if (!nm_streq0 (cert, key)) {
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (priv->cert_button), key);
+ gtk_editable_set_text (GTK_EDITABLE (priv->key_password), "");
+ }
gtk_widget_set_sensitive (priv->key_button, FALSE);
gtk_widget_set_sensitive (priv->key_button_label, FALSE);
+ sensitive = TRUE;
+ } else if (nm_utils_file_is_private_key (key, &encrypted)) {
+ sensitive = encrypted;
+ if (!encrypted) {
+ gtk_editable_set_text (GTK_EDITABLE (priv->key_password), "");
+ }
+ } else {
+ gtk_editable_set_text (GTK_EDITABLE (priv->key_password), "");
}
- sensitive = TRUE;
}
- gtk_editable_set_text (GTK_EDITABLE (priv->key_password), "");
gtk_widget_set_sensitive (priv->key_password, sensitive);
gtk_widget_set_sensitive (priv->key_password_label, sensitive);
widget_unset_error (priv->key_password);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
