Fix for issue #6 for when network-manager-openvpn clears password when...

Fix for issue #6 (closed) for when network-manager-openvpn clears password when restoring a valid configuration to be displayed to a user

The handling of the various input and cases, and to get these right is difficult; partially because of the number of inputs and the various states the component can be in. I've taken the precaution by creating a State Machine laid out by the text below that will adequately describe the current state, the action taken and the result of each user action as listed below.

I've methodically gone through and tested each state with my change.

Tested the following scenarios:

The seven states, except for 1, 3, and 5 (as they cannot be saved), as spelled out below describe the initial state when restoring a configuration using network-manager-openvpn plugin. For each of the starting state (0, 2, 4, 6), sufficient input has been made to transition between each of these states.

The states:

State 0: When starting from from all blank fields, Cert is enabled, Key and Password are disabled

• Set PKCS12 for certificate
  • Key gets PKCS12 value,
  • Password entry is enabled
  • Goto 5
• Set X509 for Certificate
  • Key becomes enabled
  • Goto 1

State 1: When using X509 for certificate, Key is blank, Password is empty and disabled

• Change Cert to PCKS12
  • Key gets PKCS12 value
  • Password is enabled
  • Goto 5
• Change Key to PKCS12
  • Cert gets PKCS12 value
  • Password is enabled
  • Goto 5
• Change key to use an un-encrypted RSA key
  • No change
  • Goto 2
• Change key to use an encrypted RSA key
  • Password is enabled
  • Goto 3

State 2: When using X509 for Certificate, Key has an un-encrypted RSA key, Password is empty and disabled

• Change Cert to PKCS12
  • Key gets PKCS12 value
  • Password is enabled
  • Goto 5
• Change Key to PKCS12
  • Cert gets PKCS12 value
  • Password is enabled
  • Goto 5
• Change Cert to different X509 certificate
  • No change
  • Goto 2
• Change Key to encrypted RSA key
  • Password is enabled
  • Goto 3
• Change Key to different un-encrypted RSA key
  • No change
  • Goto 2

State 3: When using X509 for Certificate, Key has an encrypted RSA key, Password is empty and enabled

• Change Cert to PKCS12
  • Key gets PKCS12 value
  • Goto 5
• Change Key to PKCS12
  • Cert gets PKCS12 value
  • Goto 5
• Change Cert to different X509 certificate
  • No change
  • Goto 3
• Change Key to un-encrypted RSA key
  • Password is disabled
  • Goto 2
• Change Key to different encrypted RSA key
  • No change
  • Goto 3
• Enter password
  • No change
  • Goto 4

State 4: When using X509 for Certificate, Key has an encrypted RSA key, Password has value and is enabled

• Change Cert to PKCS12
  • Key gets PKCS12 value
  • Password is cleared
  • Goto 5
• Change Key to PKCS12
  • Cert gets PKCS12 value
  • Password is cleared
  • Goto 5
• Change Key to invalid RSA value (e.g. X509 certificate)
  • Password is cleared
  • Key is marked with error (GTK bug, error marking not visible to end-user in FileChooser component)
  • Goto 2
• Change Cert to different X509 certificate
  • No change
  • Goto 4
• Change Key to un-encrypted RSA key
  • Password is cleared
  • Password is disabled
  • Goto 2
• Change Key to different encrypted RSA key
  • No Change, see Note 1
  • Goto 4

State 5: When using PKCS12 for Certificate and Key, Key is disabled, Password is empty and enabled

• Change Cert to use X509 certificate
  • Key is cleared
  • Password is disabled
  • Goto 1
• Enter password
  • No change
  • Goto 6

State 6: When using PKCS12 for Certificate and Key, Key is disabled, Password has a value and is enabled

• Change Cert to use X509 certificate
  • Key is cleared
  • Password is cleared
  • Password is disabled
  • Goto 1
• Clear password
  • No change
  • Goto 5

Notes:

1. To clear password here, we can't distinguish if user set a different key or if network-manager-openvpn restored an existing configuration.

Signed-off-by: Eivind Naess eivnaes@yahoo.com