2 * Copyright (c) 2016, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 // Defined here as workaround for emacs vala-mode indentation failure.
39 static const string CANCEL = Stock.CANCEL;
41 static const string CANCEL = STOCK_CANCEL;
45 // For use when exporting certificates.
46 static string export_directory = null;
48 class IdentityDialog : Dialog
50 private static Gdk.Color white = make_color(65535, 65535, 65535);
51 private static Gdk.Color selected_color = make_color(0xd9 << 8, 0xf7 << 8, 65535);
53 private static MoonshotLogger logger = get_logger("IdentityDialog");
55 static const string displayname_labeltext = _("Display Name");
56 static const string realm_labeltext = _("Realm");
57 static const string username_labeltext = _("Username");
58 static const string password_labeltext = _("Password");
60 private Entry displayname_entry;
61 private Label displayname_label;
62 private Entry realm_entry;
63 private Label realm_label;
64 private Entry username_entry;
65 private Label username_label;
66 private Entry password_entry;
67 private Label password_label;
68 private CheckButton remember_checkbutton;
69 private Label message_label;
72 private ArrayList<string> services;
74 private Label selected_item = null;
76 // Whether to clear the card's TrustAnchor after the user selects OK
77 internal bool clear_trust_anchor = false;
79 public string display_name {
80 get { return displayname_entry.get_text(); }
83 public string issuer {
84 get { return realm_entry.get_text(); }
87 public string username {
88 get { return username_entry.get_text(); }
91 public string password {
92 get { return password_entry.get_text(); }
95 public bool store_password {
96 get { return remember_checkbutton.active; }
100 * Don't leave passwords in memory longer than necessary.
101 * This may not actually erase the password data bytes, but it seems to be the best we can do.
103 public void clear_password() {
104 clear_password_entry(password_entry);
107 internal ArrayList<string> get_services()
112 public IdentityDialog(IdentityManagerView parent)
114 this.with_idcard(null, _("Add ID Card"), parent);
117 public IdentityDialog.with_idcard(IdCard? a_card, string title, IdentityManagerView parent)
119 bool is_new_card = false;
125 card = a_card ?? new IdCard();
126 this.set_title(title);
127 this.set_modal(true);
128 this.set_transient_for(parent);
130 this.add_buttons(CANCEL, ResponseType.CANCEL, _("OK"), ResponseType.OK);
131 Box content_area = (Box) this.get_content_area();
133 displayname_label = new Label(@"$displayname_labeltext:");
134 displayname_label.set_alignment(0, (float) 0.5);
135 displayname_entry = new Entry();
136 displayname_entry.set_text(card.display_name);
137 displayname_entry.set_width_chars(40);
139 realm_label = new Label(@"$realm_labeltext:");
140 realm_label.set_alignment(0, (float) 0.5);
141 realm_entry = new Entry();
142 realm_entry.set_text(card.issuer);
143 realm_entry.set_width_chars(60);
145 username_label = new Label(@"$username_labeltext:");
146 username_label.set_alignment(0, (float) 0.5);
147 username_entry = new Entry();
148 username_entry.set_text(card.username);
149 username_entry.set_width_chars(40);
151 password_label = new Label(@"$password_labeltext:");
152 password_label.set_alignment(0, (float) 0.5);
154 remember_checkbutton = new CheckButton.with_label(_("Remember password"));
155 remember_checkbutton.active = card.store_password;
157 password_entry = new Entry();
158 password_entry.set_invisible_char('*');
159 password_entry.set_visibility(false);
160 password_entry.set_width_chars(40);
161 password_entry.set_text(card.password);
163 message_label = new Label("");
164 message_label.set_visible(false);
166 set_atk_relation(displayname_label, displayname_entry, Atk.RelationType.LABEL_FOR);
167 set_atk_relation(realm_label, realm_entry, Atk.RelationType.LABEL_FOR);
168 set_atk_relation(username_label, username_entry, Atk.RelationType.LABEL_FOR);
169 set_atk_relation(password_label, password_entry, Atk.RelationType.LABEL_FOR);
171 content_area.pack_start(message_label, false, false, 6);
172 add_as_vbox(content_area, displayname_label, displayname_entry);
173 add_as_vbox(content_area, username_label, username_entry);
174 add_as_vbox(content_area, realm_label, realm_entry);
175 add_as_vbox(content_area, password_label, password_entry);
177 var remember_hbox = new HBox(false, 40);
178 remember_hbox.pack_start(new HBox(false, 0), false, false, 0);
179 remember_hbox.pack_start(remember_checkbutton, false, false, 0);
180 content_area.pack_start(remember_hbox, false, false, 2);
182 this.response.connect(on_response);
183 content_area.set_border_width(6);
185 this.services = new ArrayList<string>();
186 this.services.add_all(card.services);
190 Widget trust_anchor_box = make_trust_anchor_box(card);
191 content_area.pack_start(trust_anchor_box, false, false, 15);
193 var services_vbox = make_services_vbox();
194 content_area.pack_start(services_vbox);
195 var services_vbox_bottom_spacer = new Alignment(0, 0, 0, 0);
196 services_vbox_bottom_spacer.set_size_request(0, 12);
197 content_area.pack_start(services_vbox_bottom_spacer, false, false, 0);
200 if (card.is_no_identity())
202 displayname_entry.set_sensitive(false);
203 realm_entry.set_sensitive(false);
204 username_entry.set_sensitive(false);
205 password_entry.set_sensitive(false);
206 remember_checkbutton.set_sensitive(false);
209 this.destroy.connect(() => {
210 logger.trace("Destroying IdentityDialog; clearing its password.");
211 this.clear_password();
215 this.set_border_width(6);
216 this.set_resizable(false);
221 private Widget make_trust_anchor_box(IdCard id)
226 string ta_label_prefix = _("Trust anchor: ");
227 string none = _("None");
229 HBox trust_anchor_box = new HBox(false, 0);
231 Label ta_label = new Label(ta_label_prefix
232 + (id.trust_anchor.is_empty() ? none : _("Enterprise provisioned")));
233 ta_label.set_alignment(0, 0.5f);
235 if (id.trust_anchor.is_empty()) {
236 trust_anchor_box.pack_start(ta_label, false, false, 0);
237 return trust_anchor_box;
241 AttachOptions fill_and_expand = AttachOptions.EXPAND | AttachOptions.FILL;
242 AttachOptions fill = AttachOptions.FILL;
244 Table ta_table = new Table(nrows, ncolumns, false);
247 var ta_clear_button = new Button.with_label(_("Clear Trust Anchor"));
248 ta_clear_button.clicked.connect((w) => {
249 var result = WarningDialog.confirm(this,
250 Markup.printf_escaped(
251 "<span font-weight='heavy'>"
252 + _("You are about to clear the trust anchor fingerprint for '%s'.")
255 + _("\n\nAre you sure you want to do this?"),
256 "clear_trust_anchor");
260 clear_trust_anchor = true;
262 // Clearing the trust_anchor_box's children, and then re-packing
263 // a label into it, doesn't seem to work. Instead, let's clear out
264 // the table's children, and then re-insert a label into it.
265 var children = ta_table.get_children();
266 foreach (var child in children) {
267 ta_table.remove(child);
270 ta_table.resize(1, ncolumns);
271 ta_label.set_text(ta_label_prefix + none);
272 ta_table.attach(ta_label, 0, 1, 0, 1,
273 fill_and_expand, fill_and_expand, 0, 0);
279 ta_table.attach(ta_label, 0, 1, row, row + 1, fill_and_expand, fill_and_expand, 0, 0);
280 ta_table.attach(ta_clear_button, 1, 2, row, row + 1, fill, fill, 0, 0);
283 Label added_label = new Label(_("Added: " + id.trust_anchor.datetime_added));
284 added_label.set_alignment(0, 0.5f);
285 ta_table.attach(added_label, 0, 1, row, row + 1, fill_and_expand, fill_and_expand, 20, 5);
288 if (id.trust_anchor.get_anchor_type() == TrustAnchor.TrustAnchorType.SERVER_CERT) {
289 Widget fingerprint = make_ta_fingerprint_widget(id.trust_anchor.server_cert);
290 ta_table.attach(fingerprint, 0, 2, row, row + 2, fill_and_expand, fill_and_expand, 5, 5);
293 Label ca_cert_label = new Label(_("CA Certificate:"));
294 ca_cert_label.set_alignment(0, 0.5f);
295 var export_button = new Button.with_label(_("Export Certificate"));
296 export_button.clicked.connect((w) => {export_certificate(id);});
298 ta_table.attach(ca_cert_label, 0, 1, row, row + 1, fill_and_expand, fill_and_expand, 20, 0);
299 ta_table.attach(export_button, 1, 2, row, row + 1, fill, fill, 0, 0);
302 if (id.trust_anchor.subject != "") {
303 Label subject_label = new Label(_("Subject: ") + id.trust_anchor.subject);
304 subject_label.set_alignment(0, 0.5f);
305 ta_table.attach(subject_label, 0, 1, row, row + 1, fill_and_expand, fill_and_expand, 40, 5);
309 if (id.trust_anchor.subject_alt != "") {
310 Label subject_alt_label = new Label(_("Subject-Alt: ") + id.trust_anchor.subject_alt);
311 subject_alt_label.set_alignment(0, 0.5f);
312 ta_table.attach(subject_alt_label, 0, 1, row, row + 1, fill_and_expand, fill_and_expand, 40, 5);
316 Label expiration_label = new Label(_("Expiration date: ") + id.trust_anchor.get_expiration_date());
317 expiration_label.set_alignment(0, 0.5f);
318 ta_table.attach(expiration_label, 0, 1, row, row + 1, fill_and_expand, fill_and_expand, 40, 5);
321 //!!TODO: What goes here?
322 Label constraint_label = new Label(_("Constraint: "));
323 constraint_label.set_alignment(0, 0.5f);
324 ta_table.attach(constraint_label, 0, 1, row, row + 1, fill_and_expand, fill_and_expand, 20, 0);
328 trust_anchor_box.pack_start(ta_table, false, false, 0);
329 return trust_anchor_box;
332 private static void add_as_vbox(Box content_area, Label label, Entry entry)
334 VBox vbox = new VBox(false, 2);
336 vbox.pack_start(label, false, false, 0);
337 vbox.pack_start(entry, false, false, 0);
339 // Hack to prevent the text entries from stretching horizontally
340 HBox hbox = new HBox(false, 0);
341 hbox.pack_start(vbox, false, false, 0);
342 content_area.pack_start(hbox, false, false, 6);
345 private static string update_preamble(string preamble)
348 return _("Missing required field: ");
349 return _("Missing required fields: ");
352 private static string update_message(string old_message, string new_item)
355 if (old_message == "")
358 message = old_message + ", " + new_item;
362 private static void check_field(string field, Label label, string fieldname, ref string preamble, ref string message)
365 label.set_markup(@"$fieldname:");
368 label.set_markup(@"<span foreground=\"red\">$fieldname:</span>");
369 preamble = update_preamble(preamble);
370 message = update_message(message, fieldname);
373 private bool check_fields()
375 string preamble = "";
377 string password_test = store_password ? password : "not required";
378 if (!card.is_no_identity())
380 check_field(display_name, displayname_label, displayname_labeltext, ref preamble, ref message);
381 check_field(username, username_label, username_labeltext, ref preamble, ref message);
382 check_field(issuer, realm_label, realm_labeltext, ref preamble, ref message);
383 check_field(password_test, password_label, password_labeltext, ref preamble, ref message);
386 message_label.set_visible(true);
387 message_label.set_markup(@"<span foreground=\"red\">$preamble$message</span>");
393 private void on_response(Dialog source, int response_id)
395 switch (response_id) {
396 case ResponseType.OK:
397 complete = check_fields();
399 case ResponseType.CANCEL:
405 private VBox make_services_vbox()
407 logger.trace("make_services_vbox");
409 var services_vbox_alignment = new Alignment(0, 0, 1, 0);
410 var services_vscroll = new ScrolledWindow(null, null);
411 services_vscroll.set_policy(PolicyType.NEVER, PolicyType.AUTOMATIC);
412 services_vscroll.set_shadow_type(ShadowType.IN);
413 services_vscroll.set_size_request(0, 60);
414 services_vscroll.add_with_viewport(services_vbox_alignment);
417 var remove_button = new Button.from_stock(Stock.REMOVE);
419 var remove_button = new Button.from_stock(STOCK_REMOVE);
421 remove_button.set_sensitive(false);
424 var services_table = new Table(card.services.size, 1, false);
425 services_table.set_row_spacings(1);
426 services_table.set_col_spacings(0);
427 set_bg_color(services_table);
429 var table_button_hbox = new HBox(false, 6);
430 table_button_hbox.pack_start(services_vscroll, true, true, 4);
432 // Hack to prevent the button from growing vertically
433 VBox fixed_height = new VBox(false, 0);
434 fixed_height.pack_start(remove_button, false, false, 0);
435 table_button_hbox.pack_start(fixed_height, false, false, 0);
437 // A table doesn't have a background color, so put it in an EventBox, and
438 // set the EventBox's background color instead.
439 EventBox table_bg = new EventBox();
440 set_bg_color(table_bg);
441 table_bg.add(services_table);
442 services_vbox_alignment.add(table_bg);
444 var services_vbox_title = new Label(_("Services:"));
445 services_vbox_title.set_alignment(0, 0.5f);
447 var services_vbox = new VBox(false, 6);
448 services_vbox.pack_start(services_vbox_title, false, false, 0);
449 services_vbox.pack_start(table_button_hbox, true, true, 0);
452 foreach (string service in services)
454 var label = new Label(service);
455 label.set_alignment((float) 0, (float) 0);
458 EventBox event_box = new EventBox();
459 event_box.modify_bg(StateType.NORMAL, white);
460 event_box.add(label);
461 event_box.button_press_event.connect(() =>
463 var state = label.get_state();
464 logger.trace("button_press_callback: Label state=" + state.to_string() + " setting bg to " + white.to_string());
466 if (selected_item == label)
469 selected_item.parent.modify_bg(state, white);
470 selected_item = null;
471 remove_button.set_sensitive(false);
475 if (selected_item != null)
478 selected_item.parent.modify_bg(state, white);
479 selected_item = null;
483 selected_item = label;
484 selected_item.parent.modify_bg(state, selected_color);
485 remove_button.set_sensitive(true);
490 services_table.attach_defaults(event_box, 0, 1, i, i+1);
494 remove_button.clicked.connect((remove_button) =>
496 var result = WarningDialog.confirm(this,
497 Markup.printf_escaped(
498 "<span font-weight='heavy'>"
499 + _("You are about to remove the service\n'%s'.")
502 + _("\n\nAre you sure you want to do this?"),
508 services.remove(selected_item.label);
509 services_table.remove(selected_item.parent);
510 selected_item = null;
511 remove_button.set_sensitive(false);
517 return services_vbox;
520 private void export_certificate(IdCard id)
522 var dialog = new FileChooserDialog("Save File",
524 FileChooserAction.SAVE,
525 _("Cancel"),ResponseType.CANCEL,
526 _("Save"), ResponseType.ACCEPT,
528 dialog.set_do_overwrite_confirmation(true);
529 if (export_directory != null) {
530 dialog.set_current_folder(export_directory);
532 // Remove slashes from the default filename.
533 string default_filename =
534 (id.display_name + ".pem").replace(Path.DIR_SEPARATOR_S, "_");
535 dialog.set_current_name(default_filename);
536 if (dialog.run() == ResponseType.ACCEPT)
538 // Export the certificate in PEM format.
540 const string CERT_HEADER = "-----BEGIN CERTIFICATE-----\n";
541 const string CERT_FOOTER = "\n-----END CERTIFICATE-----\n";
543 // Strip any embedded newlines in the certificate...
544 string cert = id.trust_anchor.ca_cert.replace("\n", "");
546 // Re-embed newlines every 64 chars.
547 string newcert = CERT_HEADER;
548 while (cert.length > 63) {
549 newcert += cert[0:64];
551 cert = cert[64:cert.length];
553 if (cert.length > 0) {
556 newcert += CERT_FOOTER;
558 string filename = dialog.get_filename();
559 var file = File.new_for_path(filename);
560 var stream = file.replace(null, false, FileCreateFlags.PRIVATE);
561 stream.write(newcert.data);
563 // Save the parent directory to use as default for next save
564 export_directory = file.get_parent().get_path();