Unverified Commit 2a307a36 authored by Eivind Næss's avatar Eivind Næss Committed by Thomas Haller
Browse files

Fix clearing password when restoring a valid configuration to be displayed to a user



The handling of the various input and cases, and to get these right is difficult; partially because of the number of inputs and the
various states the component can be in. I've taken the pre-caution by creating a State Machine laid out by the text below that will
adequately describe the current state, the action taken and the result of each user action as listed below.

I've methodically gone through and tested each state with my change.

Tested the following scenarios:

The seven states, except for 1, 3, and 5 (as they cannot be saved), as spelled out below describe the initial state when restoring a
configuration using network-manager-openvpn plugin. For each of the starting state (0, 2, 4, 6), sufficient input has been made to
transition between each of these states.

The states:

State 0: When starting from from all blank fields, Cert is enabled, Key and Password are disabled
  * Set PKCS12 for certificate
    - Key gets PKCS12 value,
    - Password entry is enabled
    - Goto 5
  * Set X509 for Certificate
    - Key becomes enabled
    - Goto 1

State 1: When using X509 for certificate, Key is blank, Password is empty and disabled
  * Change Cert to PCKS12
    - Key gets PKCS12 value
    - Password is enabled
    - Goto 5
  * Change Key to PKCS12
    - Cert gets PKCS12 value
    - Password is enabled
    - Goto 5
  * Change key to use an un-encrypted RSA key
    - No change
    - Goto 2
  * Change key to use an encrypted RSA key
    - Password is enabled
    - Goto 3

State 2: When using X509 for Certificate, Key has an un-encrypted RSA key, Password is empty and disabled
  * Change Cert to PKCS12
    - Key gets PKCS12 value
    - Password is enabled
    - Goto 5
  * Change Key to PKCS12
    - Cert gets PKCS12 value
    - Password is enabled
    - Goto 5
  * Change Cert to different X509 certificate
    - No change
    - Goto 2
  * Change Key to encrypted RSA key
    - Password is enabled
    - Goto 3
  * Change Key to different un-encrypted RSA key
    - No change
    - Goto 2

State 3: When using X509 for Certificate, Key has an *encrypted* RSA key, Password is empty and enabled
  * Change Cert to PKCS12
    - Key gets PKCS12 value
    - Goto 5
  * Change Key to PKCS12
    - Cert gets PKCS12 value
    - Goto 5
  * Change Cert to different X509 certificate
    - No change
    - Goto 3
  * Change Key to un-encrypted RSA key
    - Password is disabled
    - Goto 2
  * Change Key to different encrypted RSA key
    - No change
    - Goto 3
  * Enter password
    - No change
    - Goto 4

State 4: When using X509 for Certificate, Key has an *encrypted* RSA key, Password has value and is enabled
  * Change Cert to PKCS12
    - Key gets PKCS12 value
    - Password is cleared
    - Goto 5
  * Change Key to PKCS12
    - Cert gets PKCS12 value
    - Password is cleared
    - Goto 5
  * Change Key to invalid RSA value (e.g. X509 certificate)
    - Password is cleared
    - Key is marked with error (GTK bug, error marking not visible to end-user in FileChooser component)
    - Goto 2
  * Change Cert to different X509 certificate
    - No change
    - Goto 4
  * Change Key to un-encrypted RSA key
    - Password is cleared
    - Password is disabled
    - Goto 2
  * Change Key to different encrypted RSA key
    - No Change, see Note 1
    - Goto 4

State 5: When using PKCS12 for Certificate and Key, Key is disabled, Password is empty and enabled
  * Change Cert to use X509 certificate
    - Key is cleared
    - Password is disabled
    - Goto 1
  * Enter password
    - No change
    - Goto 6

State 6: When using PKCS12 for Certificate and Key, Key is disabled, Password has a value and is enabled
  * Change Cert to use X509 certificate
    - Key is cleared
    - Password is cleared
    - Password is disabled
    - Goto 1
  * Clear password
    - No change
    - Goto 5

Notes:
1) To clear password here, we can't destinguish if user set a different key or if network-manager-openvpn restored an existing configuration.
Signed-off-by: Eivind Næss's avatarEivind Naess <eivnaes@yahoo.com>

#6

!16
parent 2de3562e
Pipeline #267129 passed with stages
in 17 minutes and 13 seconds
......@@ -211,21 +211,28 @@ cert_changed_cb (GtkFileChooserButton *file_chooser_button, gpointer user_data)
NMAFileCertChooserPrivate *priv = NMA_FILE_CERT_CHOOSER_GET_PRIVATE (NMA_CERT_CHOOSER (user_data));
if (gtk_widget_get_visible (priv->key_button)) {
gboolean sensitive = FALSE;
gboolean sensitive = TRUE;
gs_free char *cert = NULL;
cert = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (priv->cert_button));
if (cert && *cert) {
if (nm_utils_file_is_pkcs12 (cert)) {
gs_free char *key = NULL;
gs_free char *key = NULL;
key = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (priv->key_button));
if (!nm_streq0 (cert, key))
key = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (priv->key_button));
if (nm_utils_file_is_pkcs12 (cert)) {
if (!nm_streq0 (cert, key)) {
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (priv->key_button), cert);
} else
sensitive = TRUE;
} else
gtk_editable_set_text (GTK_EDITABLE (priv->key_password), "");
}
sensitive = FALSE;
} else if (nm_utils_file_is_pkcs12 (key)) {
gtk_file_chooser_unselect_all (GTK_FILE_CHOOSER (priv->key_button));
gtk_editable_set_text (GTK_EDITABLE (priv->key_password), "");
}
} else {
gtk_file_chooser_unselect_all (GTK_FILE_CHOOSER (priv->key_button));
sensitive = FALSE;
}
gtk_widget_set_sensitive (priv->key_button, sensitive);
gtk_widget_set_sensitive (priv->key_button_label, sensitive);
......@@ -243,18 +250,27 @@ key_changed_cb (GtkFileChooserButton *file_chooser_button, gpointer user_data)
key = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (priv->key_button));
if (key && *key) {
gboolean encrypted = FALSE;
if (nm_utils_file_is_pkcs12 (key)) {
gs_free char *cert = NULL;
cert = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (priv->cert_button));
if (!nm_streq0 (cert, key))
if (!nm_streq0 (cert, key)) {
gtk_file_chooser_set_filename (GTK_FILE_CHOOSER (priv->cert_button), key);
gtk_editable_set_text (GTK_EDITABLE (priv->key_password), "");
}
gtk_widget_set_sensitive (priv->key_button, FALSE);
gtk_widget_set_sensitive (priv->key_button_label, FALSE);
sensitive = TRUE;
} else if (nm_utils_file_is_private_key (key, &encrypted)) {
sensitive = encrypted;
if (!encrypted) {
gtk_editable_set_text (GTK_EDITABLE (priv->key_password), "");
}
} else {
gtk_editable_set_text (GTK_EDITABLE (priv->key_password), "");
}
sensitive = TRUE;
}
gtk_editable_set_text (GTK_EDITABLE (priv->key_password), "");
gtk_widget_set_sensitive (priv->key_password, sensitive);
gtk_widget_set_sensitive (priv->key_password_label, sensitive);
widget_unset_error (priv->key_password);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment