41
enum Certs {ClientCert = 0, CACert, PrivateKey};
43
bool showAdvancedSettings;
44
QRegExpValidator *altSubjectValidator;
45
QRegExpValidator *serversValidator;
44
48
TlsWidget::TlsWidget(bool isInnerMethod, Knm::Connection* connection, QWidget * parent)
45
49
: EapMethod(*new TlsWidgetPrivate(isInnerMethod), connection, parent)
48
connect(chkUseSystemCaCerts,SIGNAL(toggled(bool)),this,SLOT(toggleSystemCa(bool)));
50
connect(clientCertLoad,SIGNAL(clicked()),this,SLOT(loadCert()));
51
connect(caCertLoad,SIGNAL(clicked()),this,SLOT(loadCert()));
52
connect(privateKeyLoad,SIGNAL(clicked()),this,SLOT(loadCert()));
53
clientCertLoad->setIcon(KIcon("document-open"));
54
caCertLoad->setIcon(KIcon("document-open"));
55
privateKeyLoad->setIcon(KIcon("document-open"));
53
d->altSubjectValidator = new QRegExpValidator(QRegExp(QLatin1String("^(DNS:[a-zA-Z0-9_-]+\\.[a-zA-Z0-9_.-]+|EMAIL:[a-zA-Z0-9._-]+@[a-zA-Z0-9_-]+\\.[a-zA-Z0-9_.-]+|URI:[a-zA-Z0-9._-]+:.+)$")), this);
54
d->serversValidator = new QRegExpValidator(QRegExp(QLatin1String("^[a-zA-Z0-9_-]+\\.[a-zA-Z0-9_.-]+$")), this);
56
ListValidator *altSubjectValidator = new ListValidator(this);
57
altSubjectValidator->setInnerValidator(d->altSubjectValidator);
58
leAltSubjectMatches->setValidator(altSubjectValidator);
60
ListValidator *serversValidator = new ListValidator(this);
61
serversValidator->setInnerValidator(d->serversValidator);
62
leConnectToTheseServers->setValidator(d->serversValidator);
64
KNetworkManagerServicePrefs::instance(Knm::NETWORKMANAGEMENT_RCFILE);
65
KNetworkManagerServicePrefs::self()->readConfig();
66
d->showAdvancedSettings = KNetworkManagerServicePrefs::self()->showAdvancedSettings();
67
if (d->showAdvancedSettings) {
68
lblConnectToTheseServers->hide();
69
leConnectToTheseServers->hide();
70
connectToTheseServersMoreBtn->hide();
71
connect(altSubjectMatchesMoreBtn, SIGNAL(clicked()), this, SLOT(showAltSubjectMatchesEditor()));
73
lblSubjectMatch->hide();
74
leSubjectMatch->hide();
75
lblAltSubjectMatches->hide();
76
leAltSubjectMatches->hide();
77
altSubjectMatchesMoreBtn->hide();
78
connect(connectToTheseServersMoreBtn, SIGNAL(clicked()), this, SLOT(showServersEditor()));
81
connect(cmbPrivateKeyPasswordStorage, SIGNAL(currentIndexChanged(int)), this, SLOT(privateKeyPasswordStorageChanged(int)));
58
84
TlsWidget::~TlsWidget()
73
99
if (d->setting->useSystemCaCerts()) {
74
100
chkUseSystemCaCerts->setChecked(true);
75
caCertLoad->setEnabled(false);
101
kurCaCert->setEnabled(false);
102
kurClientCert->clear();
77
if (!d->setting->cacert().isEmpty()) {
78
setText(d->CACert,true);
106
value = d->setting->phase2cacertasstring();
80
setText(d->CACert,false);
84
if (!d->setting->clientcert().isEmpty()) {
85
setText(d->ClientCert,true);
87
setText(d->ClientCert,false);
90
if (!d->setting->privatekey().isEmpty()) {
91
setText(d->PrivateKey,true);
93
setText(d->PrivateKey,false);
108
value = d->setting->cacertasstring();
110
if (!value.isEmpty())
111
kurCaCert->setUrl(value);
115
value = d->setting->phase2clientcertasstring();
117
value = d->setting->clientcertasstring();
119
if (!value.isEmpty())
120
kurClientCert->setUrl(value);
123
value = d->setting->phase2privatekeyasstring();
125
value = d->setting->privatekeyasstring();
127
if (!value.isEmpty())
128
kurPrivateKey->setUrl(value);
130
QStringList altsubjectmatches;
132
leSubjectMatch->setText(d->setting->phase2subjectmatch());
133
altsubjectmatches = d->setting->phase2altsubjectmatches();
136
leSubjectMatch->setText(d->setting->subjectmatch());
137
altsubjectmatches = d->setting->altsubjectmatches();
139
leAltSubjectMatches->setText(altsubjectmatches.join(QLatin1String(", ")));
140
if (!d->showAdvancedSettings) {
142
foreach (const QString &match, altsubjectmatches) {
143
if (match.startsWith(QLatin1String("DNS:")))
144
servers.append(match.right(match.length()-4));
146
leConnectToTheseServers->setText(servers.join(QLatin1String(", ")));
102
155
d->setting->setEapFlags(Knm::Security8021xSetting::tls);
103
d->setting->addToCertToDelete(Knm::Security8021xSetting::Phase2CACert);
104
d->setting->addToCertToDelete(Knm::Security8021xSetting::Phase2ClientCert);
105
d->setting->addToCertToDelete(Knm::Security8021xSetting::Phase2PrivateKey);
106
d->setting->setPhase2cacerttoimport("");
107
d->setting->setPhase2clientcerttoimport("");
108
d->setting->setPhase2privatekeytoimport("");
109
156
d->setting->setPrivatekeypassword(lePrivateKeyPassword->text());
111
d->setting->addToCertToDelete(Knm::Security8021xSetting::CACert);
112
d->setting->addToCertToDelete(Knm::Security8021xSetting::ClientCert);
113
d->setting->addToCertToDelete(Knm::Security8021xSetting::PrivateKey);
114
d->setting->setCacerttoimport("");
115
d->setting->setClientcerttoimport("");
116
d->setting->setPrivatekeytoimport("");
117
158
d->setting->setPhase2privatekeypassword(lePrivateKeyPassword->text());
125
166
if (chkUseSystemCaCerts->isChecked()) {
126
167
d->setting->setUseSystemCaCerts(true);
127
d->setting->addToCertToDelete(Knm::Security8021xSetting::CACert);
128
d->setting->addToCertToDelete(Knm::Security8021xSetting::Phase2CACert);
130
d->setting->setUseSystemCaCerts(false);
168
d->setting->setPhase2capath(QByteArray());
169
d->setting->setCapath(QByteArray());
171
url = kurCaCert->url();
172
if (!url.directory().isEmpty() && !url.fileName().isEmpty()) {
173
QString path = url.path();
175
d->setting->setPhase2cacert(path);
177
d->setting->setCacert(path);
182
url = kurClientCert->url();
183
if (!url.directory().isEmpty() && !url.fileName().isEmpty()) {
184
QString path = url.path();
186
d->setting->setPhase2clientcert(path);
188
d->setting->setClientcert(path);
192
url = kurPrivateKey->url();
193
if (!url.directory().isEmpty() && !url.fileName().isEmpty()) {
194
QString path = url.path();
196
d->setting->setPhase2privatekey(path);
198
d->setting->setPrivatekey(path);
202
switch (cmbPrivateKeyPasswordStorage->currentIndex()) {
203
case EapMethodPrivate::Store:
205
d->setting->setPhase2privatekeypassword(lePrivateKeyPassword->text());
206
if (!d->connection->permissions().isEmpty())
207
d->setting->setPhase2privatekeypasswordflags(Knm::Setting::AgentOwned);
209
d->setting->setPhase2privatekeypasswordflags(Knm::Setting::None);
211
d->setting->setPrivatekeypassword(lePrivateKeyPassword->text());
212
if (!d->connection->permissions().isEmpty())
213
d->setting->setPrivatekeypasswordflags(Knm::Setting::AgentOwned);
215
d->setting->setPrivatekeypasswordflags(Knm::Setting::None);
218
case EapMethodPrivate::AlwaysAsk:
219
d->inner ? d->setting->setPhase2privatekeypasswordflags(Knm::Setting::NotSaved) : d->setting->setPrivatekeypasswordflags(Knm::Setting::NotSaved);
221
case EapMethodPrivate::NotRequired:
222
d->inner ? d->setting->setPhase2privatekeypasswordflags(Knm::Setting::NotRequired) : d->setting->setPrivatekeypasswordflags(Knm::Setting::NotRequired);
226
QStringList altsubjectmatches = leAltSubjectMatches->text().remove(QLatin1Char(' ')).split(QLatin1Char(','), QString::SkipEmptyParts);
227
if (!d->showAdvancedSettings) {
228
foreach (const QString &match, leConnectToTheseServers->text().remove(QLatin1Char(' ')).split(QLatin1Char(','), QString::SkipEmptyParts)) {
229
QString tempstr = QLatin1String("DNS:") + match;
230
if (!altsubjectmatches.contains(tempstr))
231
altsubjectmatches.append(tempstr);
235
d->setting->setPhase2subjectmatch(leSubjectMatch->text());
236
d->setting->setPhase2altsubjectmatches(altsubjectmatches);
238
d->setting->setSubjectmatch(leSubjectMatch->text());
239
d->setting->setAltsubjectmatches(altsubjectmatches);
134
243
void TlsWidget::readSecrets()
247
Knm::Setting::secretsTypes flags;
138
lePrivateKeyPassword->setText(d->setting->phase2privatekeypassword());
249
password = d->setting->phase2privatekeypassword();
250
flags = d->setting->phase2privatekeypasswordflags();
140
lePrivateKeyPassword->setText(d->setting->privatekeypassword());
252
password = d->setting->privatekeypassword();
253
flags = d->setting->privatekeypasswordflags();
255
if (flags.testFlag(Knm::Setting::AgentOwned) || flags.testFlag(Knm::Setting::None)) {
256
lePrivateKeyPassword->setText(password);
257
cmbPrivateKeyPasswordStorage->setCurrentIndex(EapMethodPrivate::Store);
258
} else if (flags.testFlag(Knm::Setting::NotSaved)) {
259
cmbPrivateKeyPasswordStorage->setCurrentIndex(EapMethodPrivate::AlwaysAsk);
260
} else if (flags.testFlag(Knm::Setting::NotRequired)) {
261
cmbPrivateKeyPasswordStorage->setCurrentIndex(EapMethodPrivate::NotRequired);
146
267
lePrivateKeyPassword->setPasswordMode(!on);
149
void TlsWidget::loadCert()
152
QString objectname = sender()->objectName();
154
if (objectname == QLatin1String("clientCertLoad")) {
155
QString newcert = KFileDialog::getOpenFileName(KUser().homeDir(),"",this,i18nc("File chooser dialog title for certificate loading","Load Certificate"));
156
if (!newcert.isEmpty()) {
157
d->setting->setPhase2clientcerttoimport(newcert);
158
setText(d->ClientCert,true);
160
} else if (objectname == QLatin1String("caCertLoad")) {
161
QString newcert = KFileDialog::getOpenFileName(KUser().homeDir(),"",this,i18nc("File chooser dialog title for certificate loading","Load Certificate"));
162
if (!newcert.isEmpty()) {
163
d->setting->setPhase2cacerttoimport(newcert);
164
setText(d->CACert,true);
166
} else if (objectname == QLatin1String("privateKeyLoad")) {
167
QString newcert = KFileDialog::getOpenFileName(KUser().homeDir(),"",this,i18nc("File chooser dialog title for certificate loading","Load Certificate"));
168
if (!newcert.isEmpty()) {
169
d->setting->setPhase2privatekeytoimport(newcert);
170
setText(d->PrivateKey,true);
174
if (objectname == QLatin1String("clientCertLoad")) {
175
QString newcert = KFileDialog::getOpenFileName(KUser().homeDir(),"",this,i18nc("File chooser dialog title for certificate loading","Load Certificate"));
176
if (!newcert.isEmpty()) {
177
d->setting->setClientcerttoimport(newcert);
178
setText(d->ClientCert,true);
180
} else if (objectname == QLatin1String("caCertLoad")) {
181
QString newcert = KFileDialog::getOpenFileName(KUser().homeDir(),"",this,i18nc("File chooser dialog title for certificate loading","Load Certificate"));
182
if (!newcert.isEmpty()) {
183
d->setting->setCacerttoimport(newcert);
184
setText(d->CACert,true);
186
} else if (objectname == QLatin1String("privateKeyLoad")) {
187
QString newcert = KFileDialog::getOpenFileName(KUser().homeDir(),"",this,i18nc("File chooser dialog title for certificate loading","Load Certificate"));
188
if (!newcert.isEmpty()) {
189
d->setting->setPrivatekeytoimport(newcert);
190
setText(d->PrivateKey,true);
196
void TlsWidget::toggleSystemCa(bool toggled)
200
setText(TlsWidgetPrivate::CACert,false);
201
else if (d->inner && !d->setting->phase2cacert().isEmpty())
202
setText(TlsWidgetPrivate::CACert,true);
203
else if (!d->setting->cacert().isEmpty())
204
setText(TlsWidgetPrivate::CACert,true);
207
void TlsWidget::setText(int cert, bool loaded)
270
void TlsWidget::privateKeyPasswordStorageChanged(int type)
214
case TlsWidgetPrivate::ClientCert:
215
button = clientCertLoad;
216
label = clientCertLoadedLabel;
219
case TlsWidgetPrivate::CACert:
221
label = caCertLoadedLabel;
224
case TlsWidgetPrivate::PrivateKey:
274
case EapMethodPrivate::Store:
275
lePrivateKeyPassword->setEnabled(true);
226
button = privateKeyLoad;
227
label = privateKeyLoadedLabel;
278
lePrivateKeyPassword->setEnabled(false);
232
button->setText(i18nc("Text to display on certificate button a certificate is already loaded","Load new"));
233
label->setText(i18nc("Text to display on CA certificate LED label when certificate is already loaded","Loaded"));
234
led->setState(KLed::On);
236
button->setText(i18nc("Text to display on CA certificate button when no certificate is loaded yet","Load"));
238
led->setState(KLed::Off);
283
void TlsWidget::showAltSubjectMatchesEditor()
286
EditListDialog editor;
287
editor.setItems(leAltSubjectMatches->text().remove(QLatin1Char(' ')).split(QLatin1Char(','), QString::SkipEmptyParts));
288
editor.setCaption(i18n("Alternative Subject Matches"));
289
editor.setValidator(d->altSubjectValidator);
290
if (editor.exec() == QDialog::Accepted) {
291
leAltSubjectMatches->setText(editor.items().join(QLatin1String(", ")));
295
void TlsWidget::showServersEditor()
298
EditListDialog editor;
299
editor.setItems(leConnectToTheseServers->text().remove(QLatin1Char(' ')).split(QLatin1Char(','), QString::SkipEmptyParts));
300
editor.setCaption(i18n("Connect to these Servers"));
301
editor.setValidator(d->serversValidator);
302
if (editor.exec() == QDialog::Accepted) {
303
leConnectToTheseServers->setText(editor.items().join(QLatin1String(", ")));