src/moonshot-identity-dialog.vala

   1 /*
   2  * Copyright (c) 2016, JANET(UK)
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  *
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  *
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * 3. Neither the name of JANET(UK) nor the names of its contributors
  17  *    may be used to endorse or promote products derived from this software
  18  *    without specific prior written permission.
  19  *
  20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31 */
  32
  33 using Gee;
  34 using Gtk;
  35
  36
  37 // Defined here as workaround for emacs vala-mode indentation failure.
  38 #if VALA_0_12
  39 static const string CANCEL = Stock.CANCEL;
  40 #else
  41 static const string CANCEL = STOCK_CANCEL;
  42 #endif
  43
  44
  45 // For use when exporting certificates.
  46 static string export_directory = null;
  47
  48 class IdentityDialog : Dialog
  49 {
  50     private static Gdk.Color white = make_color(65535, 65535, 65535);
  51     private static Gdk.Color selected_color = make_color(0xd9 << 8, 0xf7 << 8, 65535);
  52
  53     private static MoonshotLogger logger = get_logger("IdentityDialog");
  54
  55     static const string displayname_labeltext = _("Display Name");
  56     static const string realm_labeltext = _("Realm");
  57     static const string username_labeltext = _("Username");
  58     static const string password_labeltext = _("Password");
  59
  60     private Entry displayname_entry;
  61     private Label displayname_label;
  62     private Entry realm_entry;
  63     private Label realm_label;
  64     private Entry username_entry;
  65     private Label username_label;
  66     private Entry password_entry;
  67     private Label password_label;
  68     private CheckButton remember_checkbutton;
  69     private Label message_label;
  70     public bool complete;
  71     private IdCard card;
  72     private ArrayList<string> services;
  73
  74     private Label selected_item = null;
  75
  76     // Whether to clear the card's TrustAnchor after the user selects OK
  77     internal bool clear_trust_anchor = false;
  78
  79     public string display_name {
  80         get { return displayname_entry.get_text(); }
  81     }
  82
  83     public string issuer {
  84         get { return realm_entry.get_text(); }
  85     }
  86
  87     public string username {
  88         get { return username_entry.get_text(); }
  89     }
  90
  91     public string password {
  92         get { return password_entry.get_text(); }
  93     }
  94
  95     public bool store_password {
  96         get { return remember_checkbutton.active; }
  97     }
  98
  99     /**
 100      * Don't leave passwords in memory longer than necessary.
 101      * This may not actually erase the password data bytes, but it seems to be the best we can do.
 102      */
 103     public void clear_password() {
 104         clear_password_entry(password_entry);
 105     }
 106
 107     internal ArrayList<string> get_services()
 108     {
 109         return services;
 110     }
 111
 112     public IdentityDialog(IdentityManagerView parent)
 113     {
 114         this.with_idcard(null, _("Add ID Card"), parent);
 115     }
 116
 117     public IdentityDialog.with_idcard(IdCard? a_card, string title, IdentityManagerView parent)
 118     {
 119         bool is_new_card = false;
 120         if (a_card == null)
 121         {
 122             is_new_card = true;
 123         }
 124
 125         card = a_card ?? new IdCard();
 126         this.set_title(title);
 127         this.set_modal(true);
 128         this.set_transient_for(parent);
 129
 130         this.add_buttons(CANCEL, ResponseType.CANCEL, _("OK"), ResponseType.OK);
 131         Box content_area = (Box) this.get_content_area();
 132
 133         displayname_label = new Label(@"$displayname_labeltext:");
 134         displayname_label.set_alignment(0, (float) 0.5);
 135         displayname_entry = new Entry();
 136         displayname_entry.set_text(card.display_name);
 137         displayname_entry.set_width_chars(40);
 138
 139         realm_label = new Label(@"$realm_labeltext:");
 140         realm_label.set_alignment(0, (float) 0.5);
 141         realm_entry = new Entry();
 142         realm_entry.set_text(card.issuer);
 143         realm_entry.set_width_chars(60);
 144
 145         username_label = new Label(@"$username_labeltext:");
 146         username_label.set_alignment(0, (float) 0.5);
 147         username_entry = new Entry();
 148         username_entry.set_text(card.username);
 149         username_entry.set_width_chars(40);
 150
 151         password_label = new Label(@"$password_labeltext:");
 152         password_label.set_alignment(0, (float) 0.5);
 153
 154         remember_checkbutton = new CheckButton.with_label(_("Remember password"));
 155         remember_checkbutton.active = card.store_password;
 156
 157         password_entry = new Entry();
 158         password_entry.set_invisible_char('*');
 159         password_entry.set_visibility(false);
 160         password_entry.set_width_chars(40);
 161         password_entry.set_text(card.password);
 162
 163         message_label = new Label("");
 164         message_label.set_visible(false);
 165
 166         set_atk_relation(displayname_label, displayname_entry, Atk.RelationType.LABEL_FOR);
 167         set_atk_relation(realm_label, realm_entry, Atk.RelationType.LABEL_FOR);
 168         set_atk_relation(username_label, username_entry, Atk.RelationType.LABEL_FOR);
 169         set_atk_relation(password_label, password_entry, Atk.RelationType.LABEL_FOR);
 170
 171         content_area.pack_start(message_label, false, false, 6);
 172         add_as_vbox(content_area, displayname_label, displayname_entry);
 173         add_as_vbox(content_area, username_label, username_entry);
 174         add_as_vbox(content_area, realm_label, realm_entry);
 175         add_as_vbox(content_area, password_label, password_entry);
 176
 177         var remember_hbox = new HBox(false, 40);
 178         remember_hbox.pack_start(new HBox(false, 0), false, false, 0);
 179         remember_hbox.pack_start(remember_checkbutton, false, false, 0);
 180         content_area.pack_start(remember_hbox, false, false, 2);
 181
 182         this.response.connect(on_response);
 183         content_area.set_border_width(6);
 184
 185         this.services = new ArrayList<string>();
 186         this.services.add_all(card.services);
 187
 188         if (!is_new_card)
 189         {
 190             Widget trust_anchor_box = make_trust_anchor_box(card);
 191             content_area.pack_start(trust_anchor_box, false, false, 15);
 192
 193             var services_vbox = make_services_vbox();
 194             content_area.pack_start(services_vbox);
 195             var services_vbox_bottom_spacer = new Alignment(0, 0, 0, 0);
 196             services_vbox_bottom_spacer.set_size_request(0, 12);
 197             content_area.pack_start(services_vbox_bottom_spacer, false, false, 0);
 198         }
 199
 200         if (card.is_no_identity())
 201         {
 202             displayname_entry.set_sensitive(false);
 203             realm_entry.set_sensitive(false);
 204             username_entry.set_sensitive(false);
 205             password_entry.set_sensitive(false);
 206             remember_checkbutton.set_sensitive(false);
 207         }
 208
 209         this.destroy.connect(() => {
 210                 logger.trace("Destroying IdentityDialog; clearing its password.");
 211                 this.clear_password();
 212             });
 213
 214
 215         this.set_border_width(6);
 216         this.set_resizable(false);
 217         set_bg_color(this);
 218         this.show_all();
 219     }
 220
 221     private Widget make_trust_anchor_box(IdCard id)
 222     {
 223
 224         int nrows = 7;
 225         int ncolumns = 2;
 226         string ta_label_prefix = _("Trust anchor: ");
 227         string none = _("None");
 228
 229         HBox trust_anchor_box = new HBox(false, 0);
 230
 231         Label ta_label = new Label(ta_label_prefix
 232                                    + (id.trust_anchor.is_empty() ? none : _("Enterprise provisioned")));
 233         ta_label.set_alignment(0, 0.5f);
 234
 235         if (id.trust_anchor.is_empty()) {
 236             trust_anchor_box.pack_start(ta_label, false, false, 0);
 237             return trust_anchor_box;
 238         }
 239
 240
 241         AttachOptions fill_and_expand = AttachOptions.EXPAND | AttachOptions.FILL;
 242         AttachOptions fill = AttachOptions.FILL;
 243
 244         Table ta_table = new Table(nrows, ncolumns, false);
 245         int row = 0;
 246
 247         var ta_clear_button = new Button.with_label(_("Clear Trust Anchor"));
 248         ta_clear_button.clicked.connect((w) => {
 249                 var result = WarningDialog.confirm(this,
 250                                                    Markup.printf_escaped(
 251                                                        "<span font-weight='heavy'>"
 252                                                        + _("You are about to clear the trust anchor fingerprint for '%s'.")
 253                                                        + "</span>",
 254                                                        id.display_name)
 255                                                    + _("\n\nAre you sure you want to do this?"),
 256                                                    "clear_trust_anchor");
 257
 258                 if (result)
 259                 {
 260                     clear_trust_anchor = true;
 261
 262                     // Clearing the trust_anchor_box's children, and then re-packing
 263                     // a label into it, doesn't seem to work. Instead, let's clear out
 264                     // the table's children, and then re-insert a label into it.
 265                     var children = ta_table.get_children();
 266                     foreach (var child in children) {
 267                         ta_table.remove(child);
 268                     }
 269
 270                     ta_table.resize(1, ncolumns);
 271                     ta_label.set_text(ta_label_prefix + none);
 272                     ta_table.attach(ta_label, 0, 1, 0, 1,
 273                                     fill_and_expand, fill_and_expand, 0, 0);
 274
 275                 }
 276             }
 277             );
 278
 279         ta_table.attach(ta_label, 0, 1, row, row + 1, fill_and_expand, fill_and_expand, 0, 0);
 280         ta_table.attach(ta_clear_button, 1, 2, row, row + 1, fill, fill, 0, 0);
 281         row++;
 282
 283         Label added_label = new Label(_("Added: " + id.trust_anchor.datetime_added));
 284         added_label.set_alignment(0, 0.5f);
 285         ta_table.attach(added_label, 0, 1, row, row + 1, fill_and_expand, fill_and_expand, 20, 5);
 286         row++;
 287
 288         if (id.trust_anchor.get_anchor_type() == TrustAnchor.TrustAnchorType.SERVER_CERT) {
 289             Widget fingerprint = make_ta_fingerprint_widget(id.trust_anchor.server_cert);
 290             ta_table.attach(fingerprint, 0, 2, row, row + 2, fill_and_expand, fill_and_expand, 5, 5);
 291         }
 292         else {
 293             Label ca_cert_label = new Label(_("CA Certificate:"));
 294             ca_cert_label.set_alignment(0, 0.5f);
 295             var export_button = new Button.with_label(_("Export Certificate"));
 296             export_button.clicked.connect((w) => {export_certificate(id);});
 297
 298             ta_table.attach(ca_cert_label, 0, 1, row, row + 1, fill_and_expand, fill_and_expand, 20, 0);
 299             ta_table.attach(export_button, 1, 2, row, row + 1, fill, fill, 0, 0);
 300             row++;
 301
 302             if (id.trust_anchor.subject != "") {
 303                 Label subject_label = new Label(_("Subject: ") + id.trust_anchor.subject);
 304                 subject_label.set_alignment(0, 0.5f);
 305                 ta_table.attach(subject_label, 0, 1, row, row + 1, fill_and_expand, fill_and_expand, 40, 5);
 306                 row++;
 307             }
 308
 309             if (id.trust_anchor.subject_alt != "") {
 310                 Label subject_alt_label = new Label(_("Subject-Alt: ") + id.trust_anchor.subject_alt);
 311                 subject_alt_label.set_alignment(0, 0.5f);
 312                 ta_table.attach(subject_alt_label, 0, 1, row, row + 1, fill_and_expand, fill_and_expand, 40, 5);
 313                 row++;
 314             }
 315
 316             Label expiration_label = new Label(_("Expiration date: ") + id.trust_anchor.get_expiration_date());
 317             expiration_label.set_alignment(0, 0.5f);
 318             ta_table.attach(expiration_label, 0, 1, row, row + 1, fill_and_expand, fill_and_expand, 40, 5);
 319             row++;
 320
 321             //!!TODO: What goes here?
 322             Label constraint_label = new Label(_("Constraint: "));
 323             constraint_label.set_alignment(0, 0.5f);
 324             ta_table.attach(constraint_label, 0, 1, row, row + 1, fill_and_expand, fill_and_expand, 20, 0);
 325             row++;
 326         }
 327
 328         trust_anchor_box.pack_start(ta_table, false, false, 0);
 329         return trust_anchor_box;
 330     }
 331
 332     private static void add_as_vbox(Box content_area, Label label, Entry entry)
 333     {
 334         VBox vbox = new VBox(false, 2);
 335
 336         vbox.pack_start(label, false, false, 0);
 337         vbox.pack_start(entry, false, false, 0);
 338
 339         // Hack to prevent the text entries from stretching horizontally
 340         HBox hbox = new HBox(false, 0);
 341         hbox.pack_start(vbox, false, false, 0);
 342         content_area.pack_start(hbox, false, false, 6);
 343     }
 344
 345     private static string update_preamble(string preamble)
 346     {
 347         if (preamble == "")
 348             return _("Missing required field: ");
 349         return _("Missing required fields: ");
 350     }
 351
 352     private static string update_message(string old_message, string new_item)
 353     {
 354         string message;
 355         if (old_message == "")
 356             message = new_item;
 357         else
 358             message = old_message + ", " + new_item;
 359         return message;
 360     }
 361
 362     private static void check_field(string field, Label label, string fieldname, ref string preamble, ref string message)
 363     {
 364         if (field != "") {
 365             label.set_markup(@"$fieldname:");
 366             return;
 367         }
 368         label.set_markup(@"<span foreground=\"red\">$fieldname:</span>");
 369         preamble = update_preamble(preamble);
 370         message = update_message(message, fieldname);
 371     }
 372
 373     private bool check_fields()
 374     {
 375         string preamble = "";
 376         string message = "";
 377         string password_test = store_password ? password : "not required";
 378         if (!card.is_no_identity())
 379         {
 380             check_field(display_name, displayname_label, displayname_labeltext, ref preamble, ref message);
 381             check_field(username, username_label, username_labeltext, ref preamble, ref message);
 382             check_field(issuer, realm_label, realm_labeltext, ref preamble, ref message);
 383             check_field(password_test, password_label, password_labeltext, ref preamble, ref message);
 384         }
 385         if (message != "") {
 386             message_label.set_visible(true);
 387             message_label.set_markup(@"<span foreground=\"red\">$preamble$message</span>");
 388             return false;
 389         }
 390         return true;
 391     }
 392
 393     private void on_response(Dialog source, int response_id)
 394     {
 395         switch (response_id) {
 396         case ResponseType.OK:
 397             complete = check_fields();
 398             break;
 399         case ResponseType.CANCEL:
 400             complete = true;
 401             break;
 402         }
 403     }
 404
 405     private VBox make_services_vbox()
 406     {
 407         logger.trace("make_services_vbox");
 408
 409         var services_vbox_alignment = new Alignment(0, 0, 1, 0);
 410         var services_vscroll = new ScrolledWindow(null, null);
 411         services_vscroll.set_policy(PolicyType.NEVER, PolicyType.AUTOMATIC);
 412         services_vscroll.set_shadow_type(ShadowType.IN);
 413         services_vscroll.set_size_request(0, 60);
 414         services_vscroll.add_with_viewport(services_vbox_alignment);
 415
 416 #if VALA_0_12
 417         var remove_button = new Button.from_stock(Stock.REMOVE);
 418 #else
 419         var remove_button = new Button.from_stock(STOCK_REMOVE);
 420 #endif
 421         remove_button.set_sensitive(false);
 422
 423
 424         var services_table = new Table(card.services.size, 1, false);
 425         services_table.set_row_spacings(1);
 426         services_table.set_col_spacings(0);
 427         set_bg_color(services_table);
 428
 429         var table_button_hbox = new HBox(false, 6);
 430         table_button_hbox.pack_start(services_vscroll, true, true, 4);
 431
 432         // Hack to prevent the button from growing vertically
 433         VBox fixed_height = new VBox(false, 0);
 434         fixed_height.pack_start(remove_button, false, false, 0);
 435         table_button_hbox.pack_start(fixed_height, false, false, 0);
 436
 437         // A table doesn't have a background color, so put it in an EventBox, and
 438         // set the EventBox's background color instead.
 439         EventBox table_bg = new EventBox();
 440         set_bg_color(table_bg);
 441         table_bg.add(services_table);
 442         services_vbox_alignment.add(table_bg);
 443
 444         var services_vbox_title = new Label(_("Services:"));
 445         services_vbox_title.set_alignment(0, 0.5f);
 446
 447         var services_vbox = new VBox(false, 6);
 448         services_vbox.pack_start(services_vbox_title, false, false, 0);
 449         services_vbox.pack_start(table_button_hbox, true, true, 0);
 450
 451         int i = 0;
 452         foreach (string service in services)
 453         {
 454             var label = new Label(service);
 455             label.set_alignment((float) 0, (float) 0);
 456             label.xpad = 3;
 457
 458             EventBox event_box = new EventBox();
 459             event_box.modify_bg(StateType.NORMAL, white);
 460             event_box.add(label);
 461             event_box.button_press_event.connect(() =>
 462                 {
 463                     var state = label.get_state();
 464                     logger.trace("button_press_callback: Label state=" + state.to_string() + " setting bg to " + white.to_string());
 465
 466                     if (selected_item == label)
 467                     {
 468                         // Deselect
 469                         selected_item.parent.modify_bg(state, white);
 470                         selected_item = null;
 471                         remove_button.set_sensitive(false);
 472                     }
 473                     else
 474                     {
 475                         if (selected_item != null)
 476                         {
 477                             // Deselect
 478                             selected_item.parent.modify_bg(state, white);
 479                             selected_item = null;
 480                         }
 481
 482                         // Select
 483                         selected_item = label;
 484                         selected_item.parent.modify_bg(state, selected_color);
 485                         remove_button.set_sensitive(true);
 486                     }
 487                     return false;
 488                 });
 489
 490             services_table.attach_defaults(event_box, 0, 1, i, i+1);
 491             i++;
 492         }
 493
 494         remove_button.clicked.connect((remove_button) =>
 495             {
 496                 var result = WarningDialog.confirm(this,
 497                                                    Markup.printf_escaped(
 498                                                        "<span font-weight='heavy'>"
 499                                                        + _("You are about to remove the service\n'%s'.")
 500                                                        + "</span>",
 501                                                        selected_item.label)
 502                                                    + _("\n\nAre you sure you want to do this?"),
 503                                                    "delete_service");
 504
 505                 if (result)
 506                 {
 507                     if (card != null) {
 508                         services.remove(selected_item.label);
 509                         services_table.remove(selected_item.parent);
 510                         selected_item = null;
 511                         remove_button.set_sensitive(false);
 512                     }
 513                 }
 514
 515             });
 516
 517         return services_vbox;
 518     }
 519
 520     private void export_certificate(IdCard id)
 521     {
 522         var dialog = new FileChooserDialog("Save File",
 523                                            this,
 524                                            FileChooserAction.SAVE,
 525                                            _("Cancel"),ResponseType.CANCEL,
 526                                            _("Save"), ResponseType.ACCEPT,
 527                                            null);
 528         dialog.set_do_overwrite_confirmation(true);
 529         if (export_directory != null) {
 530             dialog.set_current_folder(export_directory);
 531         }
 532         // Remove slashes from the default filename.
 533         string default_filename =
 534             (id.display_name + ".pem").replace(Path.DIR_SEPARATOR_S, "_");
 535         dialog.set_current_name(default_filename);
 536         if (dialog.run() == ResponseType.ACCEPT)
 537         {
 538             // Export the certificate in PEM format.
 539
 540             const string CERT_HEADER = "-----BEGIN CERTIFICATE-----\n";
 541             const string CERT_FOOTER = "\n-----END CERTIFICATE-----\n";
 542
 543             // Strip any embedded newlines in the certificate...
 544             string cert = id.trust_anchor.ca_cert.replace("\n", "");
 545
 546             // Re-embed newlines every 64 chars.
 547             string newcert = CERT_HEADER;
 548             while (cert.length > 63) {
 549                 newcert += cert[0:64];
 550                 newcert += "\n";
 551                 cert = cert[64:cert.length];
 552             }
 553             if (cert.length > 0) {
 554                 newcert += cert;
 555             }
 556             newcert += CERT_FOOTER;
 557
 558             string filename = dialog.get_filename();
 559             var file  = File.new_for_path(filename);
 560             var stream = file.replace(null, false, FileCreateFlags.PRIVATE);
 561             stream.write(newcert.data);
 562
 563             // Save the parent directory to use as default for next save
 564             export_directory = file.get_parent().get_path();
 565         }
 566         dialog.destroy();
 567     }
 568 }