1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/chromeos/options/vpn_config_view.h" 6 7 #include "ash/system/chromeos/network/network_connect.h" 8 #include "base/bind.h" 9 #include "base/strings/string_util.h" 10 #include "base/strings/stringprintf.h" 11 #include "base/strings/utf_string_conversions.h" 12 #include "chrome/browser/chromeos/enrollment_dialog_view.h" 13 #include "chrome/browser/chromeos/net/onc_utils.h" 14 #include "chrome/browser/profiles/profile_manager.h" 15 #include "chrome/common/net/x509_certificate_model.h" 16 #include "chrome/grit/generated_resources.h" 17 #include "chromeos/login/login_state.h" 18 #include "chromeos/network/network_configuration_handler.h" 19 #include "chromeos/network/network_event_log.h" 20 #include "chromeos/network/network_state.h" 21 #include "chromeos/network/network_state_handler.h" 22 #include "chromeos/network/network_ui_data.h" 23 #include "components/onc/onc_constants.h" 24 #include "third_party/cros_system_api/dbus/service_constants.h" 25 #include "ui/base/l10n/l10n_util.h" 26 #include "ui/base/models/combobox_model.h" 27 #include "ui/events/event.h" 28 #include "ui/views/controls/button/checkbox.h" 29 #include "ui/views/controls/combobox/combobox.h" 30 #include "ui/views/controls/label.h" 31 #include "ui/views/controls/textfield/textfield.h" 32 #include "ui/views/layout/grid_layout.h" 33 #include "ui/views/layout/layout_constants.h" 34 #include "ui/views/widget/widget.h" 35 #include "ui/views/window/dialog_client_view.h" 36 37 namespace { 38 39 enum ProviderTypeIndex { 40 PROVIDER_TYPE_INDEX_L2TP_IPSEC_PSK = 0, 41 PROVIDER_TYPE_INDEX_L2TP_IPSEC_USER_CERT = 1, 42 PROVIDER_TYPE_INDEX_OPEN_VPN = 2, 43 PROVIDER_TYPE_INDEX_MAX = 3, 44 }; 45 46 base::string16 ProviderTypeIndexToString(int index) { 47 switch (index) { 48 case PROVIDER_TYPE_INDEX_L2TP_IPSEC_PSK: 49 return l10n_util::GetStringUTF16( 50 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_L2TP_IPSEC_PSK); 51 case PROVIDER_TYPE_INDEX_L2TP_IPSEC_USER_CERT: 52 return l10n_util::GetStringUTF16( 53 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_L2TP_IPSEC_USER_CERT); 54 case PROVIDER_TYPE_INDEX_OPEN_VPN: 55 return l10n_util::GetStringUTF16( 56 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_OPEN_VPN); 57 } 58 NOTREACHED(); 59 return base::string16(); 60 } 61 62 int ProviderTypeToIndex(const std::string& provider_type, 63 const std::string& client_cert_id) { 64 if (provider_type == shill::kProviderL2tpIpsec) { 65 if (!client_cert_id.empty()) 66 return PROVIDER_TYPE_INDEX_L2TP_IPSEC_USER_CERT; 67 else 68 return PROVIDER_TYPE_INDEX_L2TP_IPSEC_PSK; 69 } else { 70 DCHECK(provider_type == shill::kProviderOpenVpn); 71 return PROVIDER_TYPE_INDEX_OPEN_VPN; 72 } 73 } 74 75 // Translates the provider type to the name of the respective ONC dictionary 76 // containing configuration data for the type. 77 std::string ProviderTypeIndexToONCDictKey(int provider_type_index) { 78 switch (provider_type_index) { 79 case PROVIDER_TYPE_INDEX_L2TP_IPSEC_PSK: 80 case PROVIDER_TYPE_INDEX_L2TP_IPSEC_USER_CERT: 81 return onc::vpn::kIPsec; 82 case PROVIDER_TYPE_INDEX_OPEN_VPN: 83 return onc::vpn::kOpenVPN; 84 } 85 NOTREACHED() << "Unhandled provider type index " << provider_type_index; 86 return std::string(); 87 } 88 89 std::string GetPemFromDictionary( 90 const base::DictionaryValue* provider_properties, 91 const std::string& key) { 92 const base::ListValue* pems = NULL; 93 if (!provider_properties->GetListWithoutPathExpansion(key, &pems)) 94 return std::string(); 95 std::string pem; 96 pems->GetString(0, &pem); 97 return pem; 98 } 99 100 } // namespace 101 102 namespace chromeos { 103 104 namespace internal { 105 106 class ProviderTypeComboboxModel : public ui::ComboboxModel { 107 public: 108 ProviderTypeComboboxModel(); 109 virtual ~ProviderTypeComboboxModel(); 110 111 // Overridden from ui::ComboboxModel: 112 virtual int GetItemCount() const OVERRIDE; 113 virtual base::string16 GetItemAt(int index) OVERRIDE; 114 115 private: 116 DISALLOW_COPY_AND_ASSIGN(ProviderTypeComboboxModel); 117 }; 118 119 class VpnServerCACertComboboxModel : public ui::ComboboxModel { 120 public: 121 VpnServerCACertComboboxModel(); 122 virtual ~VpnServerCACertComboboxModel(); 123 124 // Overridden from ui::ComboboxModel: 125 virtual int GetItemCount() const OVERRIDE; 126 virtual base::string16 GetItemAt(int index) OVERRIDE; 127 128 private: 129 DISALLOW_COPY_AND_ASSIGN(VpnServerCACertComboboxModel); 130 }; 131 132 class VpnUserCertComboboxModel : public ui::ComboboxModel { 133 public: 134 VpnUserCertComboboxModel(); 135 virtual ~VpnUserCertComboboxModel(); 136 137 // Overridden from ui::ComboboxModel: 138 virtual int GetItemCount() const OVERRIDE; 139 virtual base::string16 GetItemAt(int index) OVERRIDE; 140 141 private: 142 DISALLOW_COPY_AND_ASSIGN(VpnUserCertComboboxModel); 143 }; 144 145 // ProviderTypeComboboxModel --------------------------------------------------- 146 147 ProviderTypeComboboxModel::ProviderTypeComboboxModel() { 148 } 149 150 ProviderTypeComboboxModel::~ProviderTypeComboboxModel() { 151 } 152 153 int ProviderTypeComboboxModel::GetItemCount() const { 154 return PROVIDER_TYPE_INDEX_MAX; 155 } 156 157 base::string16 ProviderTypeComboboxModel::GetItemAt(int index) { 158 return ProviderTypeIndexToString(index); 159 } 160 161 // VpnServerCACertComboboxModel ------------------------------------------------ 162 163 VpnServerCACertComboboxModel::VpnServerCACertComboboxModel() { 164 } 165 166 VpnServerCACertComboboxModel::~VpnServerCACertComboboxModel() { 167 } 168 169 int VpnServerCACertComboboxModel::GetItemCount() const { 170 if (CertLibrary::Get()->CertificatesLoading()) 171 return 1; // "Loading" 172 // "Default" + certs. 173 return CertLibrary::Get()->NumCertificates( 174 CertLibrary::CERT_TYPE_SERVER_CA) + 1; 175 } 176 177 base::string16 VpnServerCACertComboboxModel::GetItemAt(int index) { 178 if (CertLibrary::Get()->CertificatesLoading()) 179 return l10n_util::GetStringUTF16( 180 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_CERT_LOADING); 181 if (index == 0) 182 return l10n_util::GetStringUTF16( 183 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_CERT_SERVER_CA_DEFAULT); 184 int cert_index = index - 1; 185 return CertLibrary::Get()->GetCertDisplayStringAt( 186 CertLibrary::CERT_TYPE_SERVER_CA, cert_index); 187 } 188 189 // VpnUserCertComboboxModel ---------------------------------------------------- 190 191 VpnUserCertComboboxModel::VpnUserCertComboboxModel() { 192 } 193 194 VpnUserCertComboboxModel::~VpnUserCertComboboxModel() { 195 } 196 197 int VpnUserCertComboboxModel::GetItemCount() const { 198 if (CertLibrary::Get()->CertificatesLoading()) 199 return 1; // "Loading" 200 int num_certs = 201 CertLibrary::Get()->NumCertificates(CertLibrary::CERT_TYPE_USER); 202 if (num_certs == 0) 203 return 1; // "None installed" 204 return num_certs; 205 } 206 207 base::string16 VpnUserCertComboboxModel::GetItemAt(int index) { 208 if (CertLibrary::Get()->CertificatesLoading()) { 209 return l10n_util::GetStringUTF16( 210 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_CERT_LOADING); 211 } 212 if (CertLibrary::Get()->NumCertificates(CertLibrary::CERT_TYPE_USER) == 0) { 213 return l10n_util::GetStringUTF16( 214 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_USER_CERT_NONE_INSTALLED); 215 } 216 return CertLibrary::Get()->GetCertDisplayStringAt( 217 CertLibrary::CERT_TYPE_USER, index); 218 } 219 220 } // namespace internal 221 222 VPNConfigView::VPNConfigView(NetworkConfigView* parent, 223 const std::string& service_path) 224 : ChildNetworkConfigView(parent, service_path), 225 service_text_modified_(false), 226 enable_psk_passphrase_(false), 227 enable_user_cert_(false), 228 enable_server_ca_cert_(false), 229 enable_otp_(false), 230 enable_group_name_(false), 231 title_(0), 232 layout_(NULL), 233 server_textfield_(NULL), 234 service_text_(NULL), 235 service_textfield_(NULL), 236 provider_type_combobox_(NULL), 237 provider_type_text_label_(NULL), 238 psk_passphrase_label_(NULL), 239 psk_passphrase_textfield_(NULL), 240 user_cert_label_(NULL), 241 user_cert_combobox_(NULL), 242 server_ca_cert_label_(NULL), 243 server_ca_cert_combobox_(NULL), 244 username_textfield_(NULL), 245 user_passphrase_textfield_(NULL), 246 otp_label_(NULL), 247 otp_textfield_(NULL), 248 group_name_label_(NULL), 249 group_name_textfield_(NULL), 250 save_credentials_checkbox_(NULL), 251 error_label_(NULL), 252 provider_type_index_(PROVIDER_TYPE_INDEX_MAX), 253 weak_ptr_factory_(this) { 254 Init(); 255 } 256 257 VPNConfigView::~VPNConfigView() { 258 RemoveAllChildViews(true); // Destroy children before models 259 CertLibrary::Get()->RemoveObserver(this); 260 } 261 262 base::string16 VPNConfigView::GetTitle() const { 263 DCHECK_NE(title_, 0); 264 return l10n_util::GetStringUTF16(title_); 265 } 266 267 views::View* VPNConfigView::GetInitiallyFocusedView() { 268 if (service_path_.empty()) { 269 // Put focus in the first editable field. 270 if (server_textfield_) 271 return server_textfield_; 272 else if (service_textfield_) 273 return service_textfield_; 274 else if (provider_type_combobox_) 275 return provider_type_combobox_; 276 else if (psk_passphrase_textfield_ && psk_passphrase_textfield_->enabled()) 277 return psk_passphrase_textfield_; 278 else if (user_cert_combobox_ && user_cert_combobox_->enabled()) 279 return user_cert_combobox_; 280 else if (server_ca_cert_combobox_ && server_ca_cert_combobox_->enabled()) 281 return server_ca_cert_combobox_; 282 } 283 if (user_passphrase_textfield_) 284 return user_passphrase_textfield_; 285 else if (otp_textfield_) 286 return otp_textfield_; 287 return NULL; 288 } 289 290 bool VPNConfigView::CanLogin() { 291 // Username is always required. 292 if (GetUsername().empty()) 293 return false; 294 295 // TODO(stevenjb): min kMinPassphraseLen length? 296 if (service_path_.empty() && 297 (GetService().empty() || GetServer().empty())) 298 return false; 299 300 // Block login if certs are required but user has none. 301 bool cert_required = 302 GetProviderTypeIndex() == PROVIDER_TYPE_INDEX_L2TP_IPSEC_USER_CERT; 303 if (cert_required && (!HaveUserCerts() || !IsUserCertValid())) 304 return false; 305 306 return true; 307 } 308 309 void VPNConfigView::ContentsChanged(views::Textfield* sender, 310 const base::string16& new_contents) { 311 if (sender == server_textfield_ && !service_text_modified_) { 312 // Set the service name to the server name up to '.', unless it has 313 // been explicitly set by the user. 314 base::string16 server = server_textfield_->text(); 315 base::string16::size_type n = server.find_first_of(L'.'); 316 service_name_from_server_ = server.substr(0, n); 317 service_textfield_->SetText(service_name_from_server_); 318 } 319 if (sender == service_textfield_) { 320 if (new_contents.empty()) 321 service_text_modified_ = false; 322 else if (new_contents != service_name_from_server_) 323 service_text_modified_ = true; 324 } 325 UpdateCanLogin(); 326 } 327 328 bool VPNConfigView::HandleKeyEvent(views::Textfield* sender, 329 const ui::KeyEvent& key_event) { 330 if ((sender == psk_passphrase_textfield_ || 331 sender == user_passphrase_textfield_) && 332 key_event.key_code() == ui::VKEY_RETURN) { 333 parent_->GetDialogClientView()->AcceptWindow(); 334 } 335 return false; 336 } 337 338 void VPNConfigView::ButtonPressed(views::Button* sender, 339 const ui::Event& event) { 340 } 341 342 void VPNConfigView::OnPerformAction(views::Combobox* combobox) { 343 UpdateControls(); 344 UpdateErrorLabel(); 345 UpdateCanLogin(); 346 } 347 348 void VPNConfigView::OnCertificatesLoaded(bool initial_load) { 349 Refresh(); 350 } 351 352 bool VPNConfigView::Login() { 353 if (service_path_.empty()) { 354 base::DictionaryValue properties; 355 // Identifying properties 356 properties.SetStringWithoutPathExpansion( 357 shill::kTypeProperty, shill::kTypeVPN); 358 properties.SetStringWithoutPathExpansion( 359 shill::kNameProperty, GetService()); 360 properties.SetStringWithoutPathExpansion( 361 shill::kProviderHostProperty, GetServer()); 362 properties.SetStringWithoutPathExpansion( 363 shill::kProviderTypeProperty, GetProviderTypeString()); 364 365 SetConfigProperties(&properties); 366 bool shared = false; 367 bool modifiable = false; 368 ChildNetworkConfigView::GetShareStateForLoginState(&shared, &modifiable); 369 370 bool only_policy_autoconnect = 371 onc::PolicyAllowsOnlyPolicyNetworksToAutoconnect(!shared); 372 if (only_policy_autoconnect) { 373 properties.SetBooleanWithoutPathExpansion(shill::kAutoConnectProperty, 374 false); 375 } 376 377 ash::network_connect::CreateConfigurationAndConnect(&properties, shared); 378 } else { 379 const NetworkState* vpn = NetworkHandler::Get()->network_state_handler()-> 380 GetNetworkState(service_path_); 381 if (!vpn) { 382 // Shill no longer knows about this network (edge case). 383 // TODO(stevenjb): Add notification for this. 384 NET_LOG_ERROR("Network not found", service_path_); 385 return true; // Close dialog 386 } 387 base::DictionaryValue properties; 388 SetConfigProperties(&properties); 389 ash::network_connect::ConfigureNetworkAndConnect( 390 service_path_, properties, false /* not shared */); 391 } 392 return true; // Close dialog. 393 } 394 395 void VPNConfigView::Cancel() { 396 } 397 398 void VPNConfigView::InitFocus() { 399 views::View* view_to_focus = GetInitiallyFocusedView(); 400 if (view_to_focus) 401 view_to_focus->RequestFocus(); 402 } 403 404 const std::string VPNConfigView::GetService() const { 405 if (service_textfield_ != NULL) 406 return GetTextFromField(service_textfield_, true); 407 return service_path_; 408 } 409 410 const std::string VPNConfigView::GetServer() const { 411 if (server_textfield_ != NULL) 412 return GetTextFromField(server_textfield_, true); 413 return std::string(); 414 } 415 416 const std::string VPNConfigView::GetPSKPassphrase() const { 417 if (psk_passphrase_textfield_ && 418 enable_psk_passphrase_ && 419 psk_passphrase_textfield_->visible()) 420 return GetPassphraseFromField(psk_passphrase_textfield_); 421 return std::string(); 422 } 423 424 const std::string VPNConfigView::GetUsername() const { 425 return GetTextFromField(username_textfield_, true); 426 } 427 428 const std::string VPNConfigView::GetUserPassphrase() const { 429 return GetPassphraseFromField(user_passphrase_textfield_); 430 } 431 432 const std::string VPNConfigView::GetGroupName() const { 433 return GetTextFromField(group_name_textfield_, false); 434 } 435 436 const std::string VPNConfigView::GetOTP() const { 437 return GetTextFromField(otp_textfield_, true); 438 } 439 440 const std::string VPNConfigView::GetServerCACertPEM() const { 441 int index = server_ca_cert_combobox_ ? 442 server_ca_cert_combobox_->selected_index() : 0; 443 if (index == 0) { 444 // First item is "Default". 445 return std::string(); 446 } else { 447 int cert_index = index - 1; 448 return CertLibrary::Get()->GetServerCACertPEMAt(cert_index); 449 } 450 } 451 452 void VPNConfigView::SetUserCertProperties( 453 chromeos::client_cert::ConfigType client_cert_type, 454 base::DictionaryValue* properties) const { 455 if (!HaveUserCerts()) { 456 // No certificate selected or not required. 457 chromeos::client_cert::SetEmptyShillProperties(client_cert_type, 458 properties); 459 } else { 460 // Certificates are listed in the order they appear in the model. 461 int index = user_cert_combobox_ ? user_cert_combobox_->selected_index() : 0; 462 int slot_id = -1; 463 const std::string pkcs11_id = 464 CertLibrary::Get()->GetUserCertPkcs11IdAt(index, &slot_id); 465 chromeos::client_cert::SetShillProperties( 466 client_cert_type, slot_id, pkcs11_id, properties); 467 } 468 } 469 470 bool VPNConfigView::GetSaveCredentials() const { 471 return save_credentials_checkbox_->checked(); 472 } 473 474 int VPNConfigView::GetProviderTypeIndex() const { 475 if (provider_type_combobox_) 476 return provider_type_combobox_->selected_index(); 477 return provider_type_index_; 478 } 479 480 std::string VPNConfigView::GetProviderTypeString() const { 481 int index = GetProviderTypeIndex(); 482 switch (index) { 483 case PROVIDER_TYPE_INDEX_L2TP_IPSEC_PSK: 484 case PROVIDER_TYPE_INDEX_L2TP_IPSEC_USER_CERT: 485 return shill::kProviderL2tpIpsec; 486 case PROVIDER_TYPE_INDEX_OPEN_VPN: 487 return shill::kProviderOpenVpn; 488 } 489 NOTREACHED(); 490 return std::string(); 491 } 492 493 void VPNConfigView::Init() { 494 const NetworkState* vpn = NULL; 495 if (!service_path_.empty()) { 496 vpn = NetworkHandler::Get()->network_state_handler()-> 497 GetNetworkState(service_path_); 498 DCHECK(vpn && vpn->type() == shill::kTypeVPN); 499 } 500 layout_ = views::GridLayout::CreatePanel(this); 501 SetLayoutManager(layout_); 502 503 // Observer any changes to the certificate list. 504 CertLibrary::Get()->AddObserver(this); 505 506 views::ColumnSet* column_set = layout_->AddColumnSet(0); 507 // Label. 508 column_set->AddColumn(views::GridLayout::LEADING, views::GridLayout::FILL, 1, 509 views::GridLayout::USE_PREF, 0, 0); 510 column_set->AddPaddingColumn(0, views::kRelatedControlSmallHorizontalSpacing); 511 // Textfield, combobox. 512 column_set->AddColumn(views::GridLayout::FILL, views::GridLayout::FILL, 1, 513 views::GridLayout::USE_PREF, 0, 514 ChildNetworkConfigView::kInputFieldMinWidth); 515 column_set->AddPaddingColumn(0, views::kRelatedControlSmallHorizontalSpacing); 516 // Policy indicator. 517 column_set->AddColumn(views::GridLayout::CENTER, views::GridLayout::CENTER, 0, 518 views::GridLayout::USE_PREF, 0, 0); 519 520 // Initialize members. 521 service_text_modified_ = false; 522 title_ = vpn ? IDS_OPTIONS_SETTINGS_JOIN_VPN : IDS_OPTIONS_SETTINGS_ADD_VPN; 523 524 // By default enable all controls. 525 enable_psk_passphrase_ = true; 526 enable_user_cert_ = true; 527 enable_server_ca_cert_ = true; 528 enable_otp_ = true; 529 enable_group_name_ = true; 530 531 // Server label and input. 532 layout_->StartRow(0, 0); 533 views::View* server_label = 534 new views::Label(l10n_util::GetStringUTF16( 535 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_VPN_SERVER_HOSTNAME)); 536 layout_->AddView(server_label); 537 server_textfield_ = new views::Textfield(); 538 server_textfield_->set_controller(this); 539 layout_->AddView(server_textfield_); 540 layout_->AddPaddingRow(0, views::kRelatedControlVerticalSpacing); 541 if (!service_path_.empty()) { 542 server_label->SetEnabled(false); 543 server_textfield_->SetEnabled(false); 544 } 545 546 // Service label and name or input. 547 layout_->StartRow(0, 0); 548 layout_->AddView(new views::Label(l10n_util::GetStringUTF16( 549 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_VPN_SERVICE_NAME))); 550 if (service_path_.empty()) { 551 service_textfield_ = new views::Textfield(); 552 service_textfield_->set_controller(this); 553 layout_->AddView(service_textfield_); 554 service_text_ = NULL; 555 } else { 556 service_text_ = new views::Label(); 557 service_text_->SetHorizontalAlignment(gfx::ALIGN_LEFT); 558 layout_->AddView(service_text_); 559 service_textfield_ = NULL; 560 } 561 layout_->AddPaddingRow(0, views::kRelatedControlVerticalSpacing); 562 563 // Provider type label and select. 564 layout_->StartRow(0, 0); 565 layout_->AddView(new views::Label(l10n_util::GetStringUTF16( 566 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_VPN_PROVIDER_TYPE))); 567 if (service_path_.empty()) { 568 provider_type_combobox_model_.reset( 569 new internal::ProviderTypeComboboxModel); 570 provider_type_combobox_ = new views::Combobox( 571 provider_type_combobox_model_.get()); 572 provider_type_combobox_->set_listener(this); 573 layout_->AddView(provider_type_combobox_); 574 provider_type_text_label_ = NULL; 575 } else { 576 provider_type_text_label_ = new views::Label(); 577 provider_type_text_label_->SetHorizontalAlignment(gfx::ALIGN_LEFT); 578 layout_->AddView(provider_type_text_label_); 579 provider_type_combobox_ = NULL; 580 } 581 layout_->AddPaddingRow(0, views::kRelatedControlVerticalSpacing); 582 583 // PSK passphrase label, input and visible button. 584 layout_->StartRow(0, 0); 585 psk_passphrase_label_ = new views::Label(l10n_util::GetStringUTF16( 586 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_VPN_PSK_PASSPHRASE)); 587 layout_->AddView(psk_passphrase_label_); 588 psk_passphrase_textfield_ = new PassphraseTextfield(); 589 psk_passphrase_textfield_->set_controller(this); 590 layout_->AddView(psk_passphrase_textfield_); 591 layout_->AddView( 592 new ControlledSettingIndicatorView(psk_passphrase_ui_data_)); 593 layout_->AddPaddingRow(0, views::kRelatedControlVerticalSpacing); 594 595 // Server CA certificate 596 if (service_path_.empty()) { 597 layout_->StartRow(0, 0); 598 server_ca_cert_label_ = new views::Label(l10n_util::GetStringUTF16( 599 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_CERT_SERVER_CA)); 600 layout_->AddView(server_ca_cert_label_); 601 server_ca_cert_combobox_model_.reset( 602 new internal::VpnServerCACertComboboxModel()); 603 server_ca_cert_combobox_ = new views::Combobox( 604 server_ca_cert_combobox_model_.get()); 605 layout_->AddView(server_ca_cert_combobox_); 606 layout_->AddView(new ControlledSettingIndicatorView(ca_cert_ui_data_)); 607 layout_->AddPaddingRow(0, views::kRelatedControlVerticalSpacing); 608 } else { 609 server_ca_cert_label_ = NULL; 610 server_ca_cert_combobox_ = NULL; 611 } 612 613 // User certificate label and input. 614 layout_->StartRow(0, 0); 615 user_cert_label_ = new views::Label(l10n_util::GetStringUTF16( 616 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_VPN_USER_CERT)); 617 layout_->AddView(user_cert_label_); 618 user_cert_combobox_model_.reset( 619 new internal::VpnUserCertComboboxModel()); 620 user_cert_combobox_ = new views::Combobox(user_cert_combobox_model_.get()); 621 user_cert_combobox_->set_listener(this); 622 layout_->AddView(user_cert_combobox_); 623 layout_->AddView(new ControlledSettingIndicatorView(user_cert_ui_data_)); 624 layout_->AddPaddingRow(0, views::kRelatedControlVerticalSpacing); 625 626 // Username label and input. 627 layout_->StartRow(0, 0); 628 layout_->AddView(new views::Label(l10n_util::GetStringUTF16( 629 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_VPN_USERNAME))); 630 username_textfield_ = new views::Textfield(); 631 username_textfield_->set_controller(this); 632 username_textfield_->SetEnabled(username_ui_data_.IsEditable()); 633 layout_->AddView(username_textfield_); 634 layout_->AddView(new ControlledSettingIndicatorView(username_ui_data_)); 635 layout_->AddPaddingRow(0, views::kRelatedControlVerticalSpacing); 636 637 // User passphrase label, input and visble button. 638 layout_->StartRow(0, 0); 639 layout_->AddView(new views::Label(l10n_util::GetStringUTF16( 640 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_VPN_USER_PASSPHRASE))); 641 user_passphrase_textfield_ = new PassphraseTextfield(); 642 user_passphrase_textfield_->set_controller(this); 643 user_passphrase_textfield_->SetEnabled(user_passphrase_ui_data_.IsEditable()); 644 layout_->AddView(user_passphrase_textfield_); 645 layout_->AddView( 646 new ControlledSettingIndicatorView(user_passphrase_ui_data_)); 647 layout_->AddPaddingRow(0, views::kRelatedControlVerticalSpacing); 648 649 // OTP label and input. 650 layout_->StartRow(0, 0); 651 otp_label_ = new views::Label(l10n_util::GetStringUTF16( 652 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_VPN_OTP)); 653 layout_->AddView(otp_label_); 654 otp_textfield_ = new views::Textfield(); 655 otp_textfield_->set_controller(this); 656 layout_->AddView(otp_textfield_); 657 layout_->AddPaddingRow(0, views::kRelatedControlVerticalSpacing); 658 659 // Group Name label and input. 660 layout_->StartRow(0, 0); 661 group_name_label_ = new views::Label(l10n_util::GetStringUTF16( 662 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_VPN_GROUP_NAME)); 663 layout_->AddView(group_name_label_); 664 group_name_textfield_ = 665 new views::Textfield(); 666 group_name_textfield_->set_controller(this); 667 layout_->AddView(group_name_textfield_); 668 layout_->AddView(new ControlledSettingIndicatorView(group_name_ui_data_)); 669 layout_->AddPaddingRow(0, views::kRelatedControlVerticalSpacing); 670 671 // Save credentials 672 layout_->StartRow(0, 0); 673 save_credentials_checkbox_ = new views::Checkbox( 674 l10n_util::GetStringUTF16( 675 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_SAVE_CREDENTIALS)); 676 save_credentials_checkbox_->SetEnabled( 677 save_credentials_ui_data_.IsEditable()); 678 layout_->SkipColumns(1); 679 layout_->AddView(save_credentials_checkbox_); 680 layout_->AddView( 681 new ControlledSettingIndicatorView(save_credentials_ui_data_)); 682 683 // Error label. 684 layout_->StartRow(0, 0); 685 layout_->SkipColumns(1); 686 error_label_ = new views::Label(); 687 error_label_->SetHorizontalAlignment(gfx::ALIGN_LEFT); 688 error_label_->SetEnabledColor(SK_ColorRED); 689 layout_->AddView(error_label_); 690 691 // Set or hide the UI, update comboboxes and error labels. 692 Refresh(); 693 694 if (vpn) { 695 NetworkHandler::Get()->network_configuration_handler()->GetProperties( 696 service_path_, 697 base::Bind(&VPNConfigView::InitFromProperties, 698 weak_ptr_factory_.GetWeakPtr()), 699 base::Bind(&VPNConfigView::GetPropertiesError, 700 weak_ptr_factory_.GetWeakPtr())); 701 } 702 } 703 704 void VPNConfigView::InitFromProperties( 705 const std::string& service_path, 706 const base::DictionaryValue& service_properties) { 707 const NetworkState* vpn = NetworkHandler::Get()->network_state_handler()-> 708 GetNetworkState(service_path); 709 if (!vpn) { 710 NET_LOG_ERROR("Shill Error getting properties VpnConfigView", service_path); 711 return; 712 } 713 714 std::string provider_type, server_hostname, username, group_name; 715 bool psk_passphrase_required = false; 716 bool user_passphrase_required = true; 717 const base::DictionaryValue* provider_properties; 718 if (service_properties.GetDictionaryWithoutPathExpansion( 719 shill::kProviderProperty, &provider_properties)) { 720 provider_properties->GetStringWithoutPathExpansion( 721 shill::kTypeProperty, &provider_type); 722 provider_properties->GetStringWithoutPathExpansion( 723 shill::kHostProperty, &server_hostname); 724 if (provider_type == shill::kProviderL2tpIpsec) { 725 provider_properties->GetStringWithoutPathExpansion( 726 shill::kL2tpIpsecClientCertIdProperty, &client_cert_id_); 727 ca_cert_pem_ = GetPemFromDictionary( 728 provider_properties, shill::kL2tpIpsecCaCertPemProperty); 729 provider_properties->GetBooleanWithoutPathExpansion( 730 shill::kL2tpIpsecPskRequiredProperty, &psk_passphrase_required); 731 provider_properties->GetStringWithoutPathExpansion( 732 shill::kL2tpIpsecUserProperty, &username); 733 provider_properties->GetStringWithoutPathExpansion( 734 shill::kL2tpIpsecTunnelGroupProperty, &group_name); 735 } else if (provider_type == shill::kProviderOpenVpn) { 736 provider_properties->GetStringWithoutPathExpansion( 737 shill::kOpenVPNClientCertIdProperty, &client_cert_id_); 738 ca_cert_pem_ = GetPemFromDictionary( 739 provider_properties, shill::kOpenVPNCaCertPemProperty); 740 provider_properties->GetStringWithoutPathExpansion( 741 shill::kOpenVPNUserProperty, &username); 742 provider_properties->GetBooleanWithoutPathExpansion( 743 shill::kPassphraseRequiredProperty, &user_passphrase_required); 744 } 745 } 746 bool save_credentials = false; 747 service_properties.GetBooleanWithoutPathExpansion( 748 shill::kSaveCredentialsProperty, &save_credentials); 749 750 provider_type_index_ = ProviderTypeToIndex(provider_type, client_cert_id_); 751 752 if (service_text_) 753 service_text_->SetText(base::ASCIIToUTF16(vpn->name())); 754 if (provider_type_text_label_) 755 provider_type_text_label_->SetText( 756 ProviderTypeIndexToString(provider_type_index_)); 757 758 if (server_textfield_ && !server_hostname.empty()) 759 server_textfield_->SetText(base::UTF8ToUTF16(server_hostname)); 760 if (username_textfield_ && !username.empty()) 761 username_textfield_->SetText(base::UTF8ToUTF16(username)); 762 if (group_name_textfield_ && !group_name.empty()) 763 group_name_textfield_->SetText(base::UTF8ToUTF16(group_name)); 764 if (psk_passphrase_textfield_) 765 psk_passphrase_textfield_->SetShowFake(!psk_passphrase_required); 766 if (user_passphrase_textfield_) 767 user_passphrase_textfield_->SetShowFake(!user_passphrase_required); 768 if (save_credentials_checkbox_) 769 save_credentials_checkbox_->SetChecked(save_credentials); 770 771 Refresh(); 772 UpdateCanLogin(); 773 } 774 775 void VPNConfigView::ParseUIProperties(const NetworkState* vpn) { 776 std::string type_dict_name = 777 ProviderTypeIndexToONCDictKey(provider_type_index_); 778 if (provider_type_index_ == PROVIDER_TYPE_INDEX_L2TP_IPSEC_PSK) { 779 ParseVPNUIProperty(vpn, type_dict_name, ::onc::ipsec::kServerCARef, 780 &ca_cert_ui_data_); 781 ParseVPNUIProperty(vpn, type_dict_name, ::onc::ipsec::kPSK, 782 &psk_passphrase_ui_data_); 783 ParseVPNUIProperty(vpn, type_dict_name, ::onc::ipsec::kGroup, 784 &group_name_ui_data_); 785 } else if (provider_type_index_ == PROVIDER_TYPE_INDEX_OPEN_VPN) { 786 ParseVPNUIProperty(vpn, type_dict_name, ::onc::openvpn::kServerCARef, 787 &ca_cert_ui_data_); 788 } 789 ParseVPNUIProperty(vpn, type_dict_name, ::onc::client_cert::kClientCertRef, 790 &user_cert_ui_data_); 791 792 const std::string credentials_dict_name( 793 provider_type_index_ == PROVIDER_TYPE_INDEX_L2TP_IPSEC_PSK ? 794 ::onc::vpn::kL2TP : type_dict_name); 795 ParseVPNUIProperty(vpn, credentials_dict_name, ::onc::vpn::kUsername, 796 &username_ui_data_); 797 ParseVPNUIProperty(vpn, credentials_dict_name, ::onc::vpn::kPassword, 798 &user_passphrase_ui_data_); 799 ParseVPNUIProperty(vpn, credentials_dict_name, ::onc::vpn::kSaveCredentials, 800 &save_credentials_ui_data_); 801 } 802 803 void VPNConfigView::GetPropertiesError( 804 const std::string& error_name, 805 scoped_ptr<base::DictionaryValue> error_data) { 806 NET_LOG_ERROR("Shill Error from VpnConfigView: " + error_name, ""); 807 } 808 809 void VPNConfigView::SetConfigProperties( 810 base::DictionaryValue* properties) { 811 int provider_type_index = GetProviderTypeIndex(); 812 std::string user_passphrase = GetUserPassphrase(); 813 std::string user_name = GetUsername(); 814 std::string group_name = GetGroupName(); 815 switch (provider_type_index) { 816 case PROVIDER_TYPE_INDEX_L2TP_IPSEC_PSK: { 817 std::string psk_passphrase = GetPSKPassphrase(); 818 if (!psk_passphrase.empty()) { 819 properties->SetStringWithoutPathExpansion( 820 shill::kL2tpIpsecPskProperty, GetPSKPassphrase()); 821 } 822 if (!group_name.empty()) { 823 properties->SetStringWithoutPathExpansion( 824 shill::kL2tpIpsecTunnelGroupProperty, group_name); 825 } 826 if (!user_name.empty()) { 827 properties->SetStringWithoutPathExpansion( 828 shill::kL2tpIpsecUserProperty, user_name); 829 } 830 if (!user_passphrase.empty()) { 831 properties->SetStringWithoutPathExpansion( 832 shill::kL2tpIpsecPasswordProperty, user_passphrase); 833 } 834 break; 835 } 836 case PROVIDER_TYPE_INDEX_L2TP_IPSEC_USER_CERT: { 837 if (server_ca_cert_combobox_) { 838 std::string ca_cert_pem = GetServerCACertPEM(); 839 base::ListValue* pem_list = new base::ListValue; 840 if (!ca_cert_pem.empty()) 841 pem_list->AppendString(ca_cert_pem); 842 properties->SetWithoutPathExpansion(shill::kL2tpIpsecCaCertPemProperty, 843 pem_list); 844 } 845 SetUserCertProperties(client_cert::CONFIG_TYPE_IPSEC, properties); 846 if (!group_name.empty()) { 847 properties->SetStringWithoutPathExpansion( 848 shill::kL2tpIpsecTunnelGroupProperty, GetGroupName()); 849 } 850 if (!user_name.empty()) { 851 properties->SetStringWithoutPathExpansion( 852 shill::kL2tpIpsecUserProperty, user_name); 853 } 854 if (!user_passphrase.empty()) { 855 properties->SetStringWithoutPathExpansion( 856 shill::kL2tpIpsecPasswordProperty, user_passphrase); 857 } 858 break; 859 } 860 case PROVIDER_TYPE_INDEX_OPEN_VPN: { 861 if (server_ca_cert_combobox_) { 862 std::string ca_cert_pem = GetServerCACertPEM(); 863 base::ListValue* pem_list = new base::ListValue; 864 if (!ca_cert_pem.empty()) 865 pem_list->AppendString(ca_cert_pem); 866 properties->SetWithoutPathExpansion(shill::kOpenVPNCaCertPemProperty, 867 pem_list); 868 } 869 SetUserCertProperties(client_cert::CONFIG_TYPE_OPENVPN, properties); 870 properties->SetStringWithoutPathExpansion( 871 shill::kOpenVPNUserProperty, GetUsername()); 872 if (!user_passphrase.empty()) { 873 properties->SetStringWithoutPathExpansion( 874 shill::kOpenVPNPasswordProperty, user_passphrase); 875 } 876 std::string otp = GetOTP(); 877 if (!otp.empty()) { 878 properties->SetStringWithoutPathExpansion( 879 shill::kOpenVPNOTPProperty, otp); 880 } 881 break; 882 } 883 case PROVIDER_TYPE_INDEX_MAX: 884 NOTREACHED(); 885 break; 886 } 887 properties->SetBooleanWithoutPathExpansion( 888 shill::kSaveCredentialsProperty, GetSaveCredentials()); 889 } 890 891 void VPNConfigView::Refresh() { 892 UpdateControls(); 893 894 // Set certificate combo boxes. 895 if (server_ca_cert_combobox_) { 896 server_ca_cert_combobox_->ModelChanged(); 897 if (enable_server_ca_cert_ && !ca_cert_pem_.empty()) { 898 // Select the current server CA certificate in the combobox. 899 int cert_index = 900 CertLibrary::Get()->GetServerCACertIndexByPEM(ca_cert_pem_); 901 if (cert_index >= 0) { 902 // Skip item for "Default" 903 server_ca_cert_combobox_->SetSelectedIndex(1 + cert_index); 904 } else { 905 server_ca_cert_combobox_->SetSelectedIndex(0); 906 } 907 } else { 908 server_ca_cert_combobox_->SetSelectedIndex(0); 909 } 910 } 911 912 if (user_cert_combobox_) { 913 user_cert_combobox_->ModelChanged(); 914 if (enable_user_cert_ && !client_cert_id_.empty()) { 915 int cert_index = 916 CertLibrary::Get()->GetUserCertIndexByPkcs11Id(client_cert_id_); 917 if (cert_index >= 0) 918 user_cert_combobox_->SetSelectedIndex(cert_index); 919 else 920 user_cert_combobox_->SetSelectedIndex(0); 921 } else { 922 user_cert_combobox_->SetSelectedIndex(0); 923 } 924 } 925 926 UpdateErrorLabel(); 927 } 928 929 void VPNConfigView::UpdateControlsToEnable() { 930 enable_psk_passphrase_ = false; 931 enable_user_cert_ = false; 932 enable_server_ca_cert_ = false; 933 enable_otp_ = false; 934 enable_group_name_ = false; 935 int provider_type_index = GetProviderTypeIndex(); 936 if (provider_type_index == PROVIDER_TYPE_INDEX_L2TP_IPSEC_PSK) { 937 enable_psk_passphrase_ = true; 938 enable_group_name_ = true; 939 } else if (provider_type_index == PROVIDER_TYPE_INDEX_L2TP_IPSEC_USER_CERT) { 940 enable_server_ca_cert_ = true; 941 enable_user_cert_ = HaveUserCerts(); 942 enable_group_name_ = true; 943 } else { // PROVIDER_TYPE_INDEX_OPEN_VPN (default) 944 enable_server_ca_cert_ = true; 945 enable_user_cert_ = HaveUserCerts(); 946 enable_otp_ = true; 947 } 948 } 949 950 void VPNConfigView::UpdateControls() { 951 UpdateControlsToEnable(); 952 953 if (psk_passphrase_label_) 954 psk_passphrase_label_->SetEnabled(enable_psk_passphrase_); 955 if (psk_passphrase_textfield_) 956 psk_passphrase_textfield_->SetEnabled(enable_psk_passphrase_ && 957 psk_passphrase_ui_data_.IsEditable()); 958 959 if (user_cert_label_) 960 user_cert_label_->SetEnabled(enable_user_cert_); 961 if (user_cert_combobox_) 962 user_cert_combobox_->SetEnabled(enable_user_cert_ && 963 user_cert_ui_data_.IsEditable()); 964 965 if (server_ca_cert_label_) 966 server_ca_cert_label_->SetEnabled(enable_server_ca_cert_); 967 if (server_ca_cert_combobox_) 968 server_ca_cert_combobox_->SetEnabled(enable_server_ca_cert_ && 969 ca_cert_ui_data_.IsEditable()); 970 971 if (otp_label_) 972 otp_label_->SetEnabled(enable_otp_); 973 if (otp_textfield_) 974 otp_textfield_->SetEnabled(enable_otp_); 975 976 if (group_name_label_) 977 group_name_label_->SetEnabled(enable_group_name_); 978 if (group_name_textfield_) 979 group_name_textfield_->SetEnabled(enable_group_name_ && 980 group_name_ui_data_.IsEditable()); 981 } 982 983 void VPNConfigView::UpdateErrorLabel() { 984 // Error message. 985 base::string16 error_msg; 986 bool cert_required = 987 GetProviderTypeIndex() == PROVIDER_TYPE_INDEX_L2TP_IPSEC_USER_CERT; 988 if (cert_required && CertLibrary::Get()->CertificatesLoaded()) { 989 if (!HaveUserCerts()) { 990 error_msg = l10n_util::GetStringUTF16( 991 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_PLEASE_INSTALL_USER_CERT); 992 } else if (!IsUserCertValid()) { 993 error_msg = l10n_util::GetStringUTF16( 994 IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_REQUIRE_HARDWARE_BACKED); 995 } 996 } 997 if (error_msg.empty() && !service_path_.empty()) { 998 // TODO(kuan): differentiate between bad psk and user passphrases. 999 const NetworkState* vpn = NetworkHandler::Get()->network_state_handler()-> 1000 GetNetworkState(service_path_); 1001 if (vpn && vpn->connection_state() == shill::kStateFailure) 1002 error_msg = ash::network_connect::ErrorString( 1003 vpn->last_error(), vpn->path()); 1004 } 1005 if (!error_msg.empty()) { 1006 error_label_->SetText(error_msg); 1007 error_label_->SetVisible(true); 1008 } else { 1009 error_label_->SetVisible(false); 1010 } 1011 } 1012 1013 void VPNConfigView::UpdateCanLogin() { 1014 parent_->GetDialogClientView()->UpdateDialogButtons(); 1015 } 1016 1017 bool VPNConfigView::HaveUserCerts() const { 1018 return CertLibrary::Get()->NumCertificates(CertLibrary::CERT_TYPE_USER) > 0; 1019 } 1020 1021 bool VPNConfigView::IsUserCertValid() const { 1022 if (!user_cert_combobox_ || !enable_user_cert_) 1023 return false; 1024 int index = user_cert_combobox_->selected_index(); 1025 if (index < 0) 1026 return false; 1027 // Currently only hardware-backed user certificates are valid. 1028 if (CertLibrary::Get()->IsHardwareBacked() && 1029 !CertLibrary::Get()->IsCertHardwareBackedAt( 1030 CertLibrary::CERT_TYPE_USER, index)) 1031 return false; 1032 return true; 1033 } 1034 1035 const std::string VPNConfigView::GetTextFromField(views::Textfield* textfield, 1036 bool trim_whitespace) const { 1037 if (!textfield) 1038 return std::string(); 1039 std::string untrimmed = base::UTF16ToUTF8(textfield->text()); 1040 if (!trim_whitespace) 1041 return untrimmed; 1042 std::string result; 1043 base::TrimWhitespaceASCII(untrimmed, base::TRIM_ALL, &result); 1044 return result; 1045 } 1046 1047 const std::string VPNConfigView::GetPassphraseFromField( 1048 PassphraseTextfield* textfield) const { 1049 if (!textfield) 1050 return std::string(); 1051 return textfield->GetPassphrase(); 1052 } 1053 1054 void VPNConfigView::ParseVPNUIProperty( 1055 const NetworkState* network, 1056 const std::string& dict_key, 1057 const std::string& key, 1058 NetworkPropertyUIData* property_ui_data) { 1059 ::onc::ONCSource onc_source = ::onc::ONC_SOURCE_NONE; 1060 const base::DictionaryValue* onc = 1061 onc::FindPolicyForActiveUser(network->guid(), &onc_source); 1062 1063 VLOG_IF(1, !onc) << "No ONC found for VPN network " << network->guid(); 1064 property_ui_data->ParseOncProperty( 1065 onc_source, 1066 onc, 1067 base::StringPrintf("%s.%s.%s", 1068 ::onc::network_config::kVPN, 1069 dict_key.c_str(), 1070 key.c_str())); 1071 } 1072 1073 } // namespace chromeos 1074
