[NetworkManager-openconnect/lr/gtk-4.0: 1/3] properties: use NmaCertChooser

From: Lubomir Rintel <lkundrak src gnome org>
To: commits-list gnome org
Cc:
Subject: [NetworkManager-openconnect/lr/gtk-4.0: 1/3] properties: use NmaCertChooser
Date: Mon, 17 Jan 2022 09:38:42 +0000 (UTC)

commit 5625eff6b05bbc735ed23a0e32310752d8dff93a
Author: Lubomir Rintel <lkundrak v3 sk>
Date:   Tue Oct 26 10:15:19 2021 +0200

    properties: use NmaCertChooser
    
    The GtkFileChooserButton is gone from Gtk4 and this is almost a good
    replacement.

 Makefile.am                         |   4 +-
 configure.ac                        |   1 +
 properties/auth-helpers.c           | 212 ++++++++----------------------------
 properties/auth-helpers.h           |   4 -
 properties/nm-openconnect-dialog.ui | 116 +++-----------------
 5 files changed, 61 insertions(+), 276 deletions(-)
---
diff --git a/Makefile.am b/Makefile.am
index de5f5b1..3ecf00c 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -137,11 +137,13 @@ properties_libnm_vpn_plugin_openconnect_editor_la_CFLAGS = \
        -DNETWORKMANAGER_COMPILATION=NM_NETWORKMANAGER_COMPILATION_LIB_EDITOR \
        $(properties_cppflags) \
        $(GTK_CFLAGS) \
-       $(LIBNM_CFLAGS)
+       $(LIBNM_CFLAGS) \
+       $(LIBNMA_CFLAGS)
 
 properties_libnm_vpn_plugin_openconnect_editor_la_LIBADD = \
        $(GTK_LIBS) \
        $(LIBNM_LIBS) \
+       $(LIBNMA_LIBS) \
        $(OPENCONNECT_LIBS)
 
 properties_libnm_vpn_plugin_openconnect_editor_la_LDFLAGS = \
diff --git a/configure.ac b/configure.ac
index d0e8866..7eddca0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -108,6 +108,7 @@ if test x"$with_gnome" != xno; then
        PKG_CHECK_MODULES(GTK, gtk+-3.0 >= 3.12)
        GTK_CFLAGS="$GTK_CFLAGS -DGDK_VERSION_MIN_REQUIRED=GDK_VERSION_3_12"
        GTK_CFLAGS="$GTK_CFLAGS -DGDK_VERSION_MAX_ALLOWED=GDK_VERSION_3_12"
+       PKG_CHECK_MODULES(LIBNMA, libnma >= 1.2.0)
        
        PKG_CHECK_MODULES(GCR, gcr-3 >= 3.4)
        GCR_CFLAGS="$GCR_CFLAGS -DGCR_API_SUBJECT_TO_CHANGE"
diff --git a/properties/auth-helpers.c b/properties/auth-helpers.c
index 906ad2e..d40f4ad 100644
--- a/properties/auth-helpers.c
+++ b/properties/auth-helpers.c
@@ -25,6 +25,7 @@
 
 #include "auth-helpers.h"
 
+#include <nma-cert-chooser.h>
 #include <string.h>
 #include <sys/types.h>
 #include <stdlib.h>
@@ -40,56 +41,20 @@ tls_pw_init_auth_widget (GtkBuilder *builder,
                          gpointer user_data)
 {
        GtkWidget *widget;
-       const char *value;
-       GtkFileFilter *filter;
+       GtkSizeGroup *group;
 
        g_return_if_fail (builder != NULL);
        g_return_if_fail (changed_cb != NULL);
 
-       widget = GTK_WIDGET (gtk_builder_get_object (builder, "ca_cert_chooser"));
+       group = GTK_SIZE_GROUP (gtk_builder_get_object (builder, "labels"));
 
-       filter = tls_file_chooser_filter_new ();
-       gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);
-       gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE);
-       gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget),
-                                          _("Choose a Certificate Authority certificate…"));
-       g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (changed_cb), user_data);
+       widget = GTK_WIDGET (gtk_builder_get_object (builder, "ca_chooser"));
+       nma_cert_chooser_add_to_size_group (NMA_CERT_CHOOSER (widget), group);
+       g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (changed_cb), user_data);
 
-       if (s_vpn) {
-               value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_CACERT);
-               if (value && strlen (value))
-                       gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
-       }
-
-       widget = GTK_WIDGET (gtk_builder_get_object (builder, "cert_user_cert_chooser"));
-
-       filter = tls_file_chooser_filter_new ();
-       gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);
-       gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE);
-       gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget),
-                                          _("Choose your personal certificate…"));
-       g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (changed_cb), user_data);
-
-       if (s_vpn) {
-               value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_USERCERT);
-               if (value && strlen (value))
-                       gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
-       }
-
-       widget = GTK_WIDGET (gtk_builder_get_object (builder, "cert_private_key_chooser"));
-
-       filter = tls_file_chooser_filter_new ();
-       gtk_file_chooser_add_filter (GTK_FILE_CHOOSER (widget), filter);
-       gtk_file_chooser_set_local_only (GTK_FILE_CHOOSER (widget), TRUE);
-       gtk_file_chooser_button_set_title (GTK_FILE_CHOOSER_BUTTON (widget),
-                                          _("Choose your private key…"));
-       g_signal_connect (G_OBJECT (widget), "selection-changed", G_CALLBACK (changed_cb), user_data);
-
-       if (s_vpn) {
-               value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_PRIVKEY);
-               if (value && strlen (value))
-                       gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (widget), value);
-       }
+       widget = GTK_WIDGET (gtk_builder_get_object (builder, "cert_chooser"));
+       nma_cert_chooser_add_to_size_group (NMA_CERT_CHOOSER (widget), group);
+       g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (changed_cb), user_data);
 }
 
 gboolean
@@ -99,10 +64,10 @@ auth_widget_check_validity (GtkBuilder *builder, GError **error)
 }
 
 static void
-update_from_filechooser (GtkBuilder *builder,
-                         const char *key,
-                         const char *widget_name,
-                         NMSettingVpn *s_vpn)
+update_cert_from_filechooser (GtkBuilder *builder,
+                              const char *key,
+                              const char *widget_name,
+                              NMSettingVpn *s_vpn)
 {
        GtkWidget *widget;
        char *filename;
@@ -115,7 +80,7 @@ update_from_filechooser (GtkBuilder *builder,
 
        widget = GTK_WIDGET (gtk_builder_get_object (builder, widget_name));
 
-       filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (widget));
+       filename = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (widget), NULL);
        if (filename && strlen(filename)) {
                nm_setting_vpn_add_data_item (s_vpn, key, filename);
                authtype = "cert";
@@ -129,132 +94,41 @@ update_from_filechooser (GtkBuilder *builder,
        g_free (filename);
 }
 
-gboolean
-auth_widget_update_connection (GtkBuilder *builder,
-                               const char *contype,
-                               NMSettingVpn *s_vpn)
-{
-       update_from_filechooser (builder, NM_OPENCONNECT_KEY_CACERT, "ca_cert_chooser", s_vpn);
-       update_from_filechooser (builder, NM_OPENCONNECT_KEY_USERCERT, "cert_user_cert_chooser", s_vpn);
-       update_from_filechooser (builder, NM_OPENCONNECT_KEY_PRIVKEY, "cert_private_key_chooser", s_vpn);
-       return TRUE;
-}
-
-static const char *
-find_tag (const char *tag, const char *buf, gsize len)
-{
-       gsize i, taglen;
-
-       taglen = strlen (tag);
-       if (len < taglen)
-               return NULL;
-
-       for (i = 0; i < len - taglen + 1; i++) {
-               if (memcmp (buf + i, tag, taglen) == 0)
-                       return buf + i;
-       }
-       return NULL;
-}
-
-static const char *pem_rsa_key_begin = "-----BEGIN RSA PRIVATE KEY-----";
-static const char *pem_dsa_key_begin = "-----BEGIN DSA PRIVATE KEY-----";
-static const char *pem_key_begin = "-----BEGIN PRIVATE KEY-----";
-static const char *pem_enc_key_begin = "-----BEGIN ENCRYPTED PRIVATE KEY-----";
-static const char *pem_tss_keyblob_begin = "-----BEGIN TSS KEY BLOB-----";
-static const char *pem_tss2_keyblob_begin = "-----BEGIN TSS2 KEY BLOB-----";
-static const char *pem_tss2_privkey_begin = "-----BEGIN TSS2 PRIVATE KEY-----";
-static const char *pem_cert_begin = "-----BEGIN CERTIFICATE-----";
-
-static gboolean
-tls_default_filter (const GtkFileFilterInfo *filter_info, gpointer data)
+static void
+update_key_from_filechooser (GtkBuilder *builder,
+                             const char *key,
+                             const char *widget_name,
+                             NMSettingVpn *s_vpn)
 {
-       char *contents = NULL, *p, *ext;
-       gsize bytes_read = 0;
-       gboolean show = FALSE;
-       struct stat statbuf;
-
-       if (!filter_info->filename)
-               return FALSE;
-
-       p = strrchr (filter_info->filename, '.');
-       if (!p)
-               return FALSE;
-
-       ext = g_ascii_strdown (p, -1);
-       if (!ext)
-               return FALSE;
-       if (strcmp (ext, ".pem") && strcmp (ext, ".crt") && strcmp (ext, ".key")) {
-               g_free (ext);
-               return FALSE;
-       }
-       g_free (ext);
-
-       /* Ignore files that are really large */
-       if (!stat (filter_info->filename, &statbuf)) {
-               if (statbuf.st_size > 500000)
-                       return FALSE;
-       }
-
-       if (!g_file_get_contents (filter_info->filename, &contents, &bytes_read, NULL))
-               return FALSE;
-
-       if (bytes_read < 400)  /* needs to be lower? */
-               goto out;
-
-       /* Check for PEM signatures */
-       if (find_tag (pem_rsa_key_begin, (const char *) contents, bytes_read)) {
-               show = TRUE;
-               goto out;
-       }
-
-       if (find_tag (pem_dsa_key_begin, (const char *) contents, bytes_read)) {
-               show = TRUE;
-               goto out;
-       }
-
-       if (find_tag (pem_key_begin, (const char *) contents, bytes_read)) {
-               show = TRUE;
-               goto out;
-       }
-
-       if (find_tag (pem_enc_key_begin, (const char *) contents, bytes_read)) {
-               show = TRUE;
-               goto out;
-       }
-
-       if (find_tag (pem_tss_keyblob_begin, (const char *) contents, bytes_read)) {
-               show = TRUE;
-               goto out;
-       }
+       GtkWidget *widget;
+       char *filename;
+       char *authtype;
 
-       if (find_tag (pem_tss2_keyblob_begin, (const char *) contents, bytes_read)) {
-               show = TRUE;
-               goto out;
-       }
+       g_return_if_fail (builder != NULL);
+       g_return_if_fail (key != NULL);
+       g_return_if_fail (widget_name != NULL);
+       g_return_if_fail (s_vpn != NULL);
 
-       if (find_tag (pem_tss2_privkey_begin, (const char *) contents, bytes_read)) {
-               show = TRUE;
-               goto out;
-       }
+       widget = GTK_WIDGET (gtk_builder_get_object (builder, widget_name));
 
-       if (find_tag (pem_cert_begin, (const char *) contents, bytes_read)) {
-               show = TRUE;
-               goto out;
+       filename = nma_cert_chooser_get_key (NMA_CERT_CHOOSER (widget), NULL);
+       if (filename && strlen(filename)) {
+               nm_setting_vpn_add_data_item (s_vpn, key, filename);
+               authtype = "cert";
+       } else {
+               nm_setting_vpn_remove_data_item (s_vpn, key);
+               authtype = "password";
        }
-
-out:
-       g_free (contents);
-       return show;
+       g_free (filename);
 }
 
-GtkFileFilter *
-tls_file_chooser_filter_new (void)
+gboolean
+auth_widget_update_connection (GtkBuilder *builder,
+                               const char *contype,
+                               NMSettingVpn *s_vpn)
 {
-       GtkFileFilter *filter;
-
-       filter = gtk_file_filter_new ();
-       gtk_file_filter_add_custom (filter, GTK_FILE_FILTER_FILENAME, tls_default_filter, NULL, NULL);
-       gtk_file_filter_set_name (filter, _("PEM certificates (*.pem, *.crt, *.key)"));
-       return filter;
+       update_cert_from_filechooser (builder, NM_OPENCONNECT_KEY_CACERT, "ca_chooser", s_vpn);
+       update_cert_from_filechooser (builder, NM_OPENCONNECT_KEY_USERCERT, "cert_chooser", s_vpn);
+       update_key_from_filechooser (builder, NM_OPENCONNECT_KEY_PRIVKEY, "cert_chooser", s_vpn);
+       return TRUE;
 }
-
diff --git a/properties/auth-helpers.h b/properties/auth-helpers.h
index 02e438d..b9f4693 100644
--- a/properties/auth-helpers.h
+++ b/properties/auth-helpers.h
@@ -43,10 +43,6 @@ gboolean auth_widget_update_connection (GtkBuilder *builder,
                                         const char *contype,
                                         NMSettingVpn *s_vpn);
 
-GtkFileFilter *tls_file_chooser_filter_new (void);
-
-GtkFileFilter *sk_file_chooser_filter_new (void);
-
 GtkWidget *advanced_dialog_new (GHashTable *hash, const char *contype);
 
 GHashTable *advanced_dialog_new_hash_from_connection (NMConnection *connection, GError **error);
diff --git a/properties/nm-openconnect-dialog.ui b/properties/nm-openconnect-dialog.ui
index bbcef82..9b55908 100644
--- a/properties/nm-openconnect-dialog.ui
+++ b/properties/nm-openconnect-dialog.ui
@@ -106,40 +106,16 @@
       </packing>
     </child>
     <child>
-      <object class="GtkLabel" id="ca_cert_label">
+      <object class="NmaCertChooser" id="ca_chooser">
+        <property name="flags">0x15</property>
+        <property name="title">CA</property>
         <property name="visible">True</property>
-        <property name="label" translatable="yes">CA C_ertificate</property>
-        <property name="use_underline">True</property>
-        <property name="use_markup">False</property>
-        <property name="justify">GTK_JUSTIFY_LEFT</property>
-        <property name="wrap">False</property>
-        <property name="selectable">False</property>
-        <property name="xalign">1</property>
-        <property name="yalign">0.5</property>
-        <property name="mnemonic_widget">ca_cert_chooser</property>
-        <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
-        <property name="width_chars">-1</property>
-        <property name="single_line_mode">False</property>
+        <property name="can-focus">False</property>
       </object>
       <packing>
-        <property name="left_attach">0</property>
-        <property name="top_attach">3</property>
-      </packing>
-    </child>
-    <child>
-      <object class="GtkFileChooserButton" id="ca_cert_chooser">
-        <property name="visible">True</property>
-        <property name="title" translatable="yes">Select A File</property>
-        <property name="action">GTK_FILE_CHOOSER_ACTION_OPEN</property>
-        <property name="local_only">True</property>
-        <property name="show_hidden">True</property>
-        <property name="do_overwrite_confirmation">False</property>
-        <property name="width_chars">-1</property>
-        <property name="hexpand">True</property>
-      </object>
-      <packing>
-        <property name="left_attach">1</property>
-        <property name="top_attach">3</property>
+        <property name="left-attach">0</property>
+        <property name="top-attach">3</property>
+        <property name="width">2</property>
       </packing>
     </child>
     <child>
@@ -302,77 +278,16 @@
       </packing>
     </child>
     <child>
-      <object class="GtkLabel" id="user_cert_label">
-        <property name="visible">True</property>
-        <property name="label" translatable="yes">_User Certificate</property>
-        <property name="use_underline">True</property>
-        <property name="use_markup">False</property>
-        <property name="justify">GTK_JUSTIFY_LEFT</property>
-        <property name="wrap">False</property>
-        <property name="selectable">False</property>
-        <property name="xalign">1</property>
-        <property name="yalign">0.5</property>
-        <property name="mnemonic_widget">cert_user_cert_chooser</property>
-        <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
-        <property name="width_chars">-1</property>
-        <property name="single_line_mode">False</property>
-      </object>
-      <packing>
-        <property name="left_attach">0</property>
-        <property name="top_attach">9</property>
-      </packing>
-    </child>
-    <child>
-      <object class="GtkFileChooserButton" id="cert_user_cert_chooser">
+      <object class="NmaCertChooser" id="cert_chooser">
+        <property name="flags">0x14</property>
+        <property name="title">User</property>
         <property name="visible">True</property>
-        <property name="title" translatable="yes">Select A File</property>
-        <property name="action">GTK_FILE_CHOOSER_ACTION_OPEN</property>
-        <property name="local_only">True</property>
-        <property name="show_hidden">False</property>
-        <property name="do_overwrite_confirmation">False</property>
-        <property name="width_chars">-1</property>
-        <property name="hexpand">True</property>
+        <property name="can-focus">False</property>
       </object>
       <packing>
-        <property name="left_attach">1</property>
-        <property name="top_attach">9</property>
-      </packing>
-    </child>
-    <child>
-      <object class="GtkLabel" id="private_key_label">
-        <property name="visible">True</property>
-        <property name="label" translatable="yes">Private _Key</property>
-        <property name="use_underline">True</property>
-        <property name="use_markup">False</property>
-        <property name="justify">GTK_JUSTIFY_LEFT</property>
-        <property name="wrap">False</property>
-        <property name="selectable">False</property>
-        <property name="xalign">1</property>
-        <property name="yalign">0.5</property>
-        <property name="mnemonic_widget">cert_private_key_chooser</property>
-        <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
-        <property name="width_chars">-1</property>
-        <property name="single_line_mode">False</property>
-      </object>
-      <packing>
-        <property name="left_attach">0</property>
-        <property name="top_attach">10</property>
-      </packing>
-    </child>
-    <child>
-      <object class="GtkFileChooserButton" id="cert_private_key_chooser">
-        <property name="visible">True</property>
-        <property name="title" translatable="yes">Select A File</property>
-        <property name="action">GTK_FILE_CHOOSER_ACTION_OPEN</property>
-        <property name="local_only">True</property>
-        <property name="show_hidden">False</property>
-        <property name="do_overwrite_confirmation">False</property>
-        <property name="width_chars">-1</property>
-        <property name="hexpand">True</property>
-      </object>
-      <packing>
-        <property name="left_attach">1</property>
-        <property name="top_attach">10</property>
+        <property name="left-attach">0</property>
+        <property name="top-attach">9</property>
+        <property name="width">2</property>
       </packing>
     </child>
     <child>
@@ -573,11 +488,8 @@
       <widget name="vpn_protocol_label"/>
       <widget name="gateway_label"/>
       <widget name="proxy_label"/>
-      <widget name="ca_cert_label"/>
       <widget name="csd_trojan_script_label"/>
       <widget name="reported_os_label"/>
-      <widget name="user_cert_label"/>
-      <widget name="private_key_label"/>
       <widget name="token_mode_label"/>
       <widget name="token_secret_label"/>
     </widgets>
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]