Make VPN UI to show masked PSK and user passphrase only when they are set.

flimflam now uses the PassphraseRequired and L2TPIPsec.PSKRequired
property to indicate whether the PSK or user passphrase is missing in a
VPN profile. Related CLs:
    https://gerrit.chromium.org/gerrit/17340
    https://gerrit.chromium.org/gerrit/17341

This CL modifies the VPN configuration dialog to only show masked PSK
and user passphrase when they are set.

BUG=chromium-os:27042
TEST=Tested the following:
1. emerge-x86-generic chromeos-chrome
2. Import the following ONC L2TP/IPsec VPN profiles:
   - Both PSK and user passphrase are set
   - Only PSK is set
   - Only user passphrase is set
   - Neither PSK nor user passphrase is set
   Verify that the PSK/user passphrase field in the VPN configuration
   dialog show a masked value only when the PSK/user passphrase is set.
3. Import the following ONC OpenVPN profiles:
   - User passphrase is set
   - User passphrase is not set
   Verify that the user passphrase field in the VPN configuration
   dialog show a masked value only when the user passphrase is set.

Review URL: http://codereview.chromium.org/9553004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@125129 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 50 insertions, 7 deletions

diff --git a/chrome/browser/chromeos/cros/native_network_parser.cc b/chrome/browser/chromeos/cros/native_network_parser.cc
index 0d113bf..672be1d 100644
--- a/chrome/browser/chromeos/cros/native_network_parser.cc
+++ b/chrome/browser/chromeos/cros/native_network_parser.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -87,6 +87,8 @@ EnumMapper<PropertyIndex>::Pair property_index_table[] = {
   { flimflam::kL2tpIpsecIkeVersion, PROPERTY_INDEX_IPSEC_IKEVERSION },
   { flimflam::kL2tpIpsecPinProperty, PROPERTY_INDEX_L2TPIPSEC_PIN },
   { flimflam::kL2tpIpsecPskProperty, PROPERTY_INDEX_L2TPIPSEC_PSK },
+  { flimflam::kL2tpIpsecPskRequiredProperty,
+    PROPERTY_INDEX_L2TPIPSEC_PSK_REQUIRED },
   { flimflam::kL2tpIpsecPasswordProperty, PROPERTY_INDEX_L2TPIPSEC_PASSWORD },
   { flimflam::kL2tpIpsecUserProperty, PROPERTY_INDEX_L2TPIPSEC_USER },
   { flimflam::kL2tpIpsecGroupNameProperty,
@@ -133,8 +135,6 @@ EnumMapper<PropertyIndex>::Pair property_index_table[] = {
   { flimflam::kTypeProperty, PROPERTY_INDEX_TYPE },
   { flimflam::kUIDataProperty, PROPERTY_INDEX_UI_DATA },
   { flimflam::kUsageURLProperty, PROPERTY_INDEX_USAGE_URL },
-  { flimflam::kOpenVPNUserProperty, PROPERTY_INDEX_OPEN_VPN_USER },
-  { flimflam::kOpenVPNPasswordProperty, PROPERTY_INDEX_OPEN_VPN_PASSWORD },
   { flimflam::kOpenVPNClientCertIdProperty,
     PROPERTY_INDEX_OPEN_VPN_CLIENT_CERT_ID },
   { flimflam::kOpenVPNAuthProperty, PROPERTY_INDEX_OPEN_VPN_AUTH },
@@ -1264,6 +1264,13 @@ bool NativeVirtualNetworkParser::ParseProviderValue(PropertyIndex index,
       network->set_psk_passphrase(psk_passphrase);
       return true;
     }
+    case PROPERTY_INDEX_L2TPIPSEC_PSK_REQUIRED: {
+      bool psk_passphrase_required;
+      if (!value.GetAsBoolean(&psk_passphrase_required))
+        break;
+      network->set_psk_passphrase_required(psk_passphrase_required);
+      return true;
+    }
     case PROPERTY_INDEX_L2TPIPSEC_CLIENT_CERT_ID:
     case PROPERTY_INDEX_OPEN_VPN_CLIENT_CERT_ID: {
       std::string client_cert_id;
@@ -1288,6 +1295,13 @@ bool NativeVirtualNetworkParser::ParseProviderValue(PropertyIndex index,
       network->set_user_passphrase(user_passphrase);
       return true;
     }
+    case PROPERTY_INDEX_PASSPHRASE_REQUIRED: {
+      bool user_passphrase_required;
+      if (!value.GetAsBoolean(&user_passphrase_required))
+        break;
+      network->set_user_passphrase_required(user_passphrase_required);
+      return true;
+    }
     case PROPERTY_INDEX_L2TPIPSEC_GROUP_NAME: {
       std::string group_name;
       if (!value.GetAsString(&group_name))
diff --git a/chrome/browser/chromeos/cros/network_library.cc b/chrome/browser/chromeos/cros/network_library.cc
index cafd443..2687140 100644
--- a/chrome/browser/chromeos/cros/network_library.cc
+++ b/chrome/browser/chromeos/cros/network_library.cc
@@ -746,6 +746,9 @@ EthernetNetwork::EthernetNetwork(const std::string& service_path)
 VirtualNetwork::VirtualNetwork(const std::string& service_path)
     : Network(service_path, TYPE_VPN),
       provider_type_(PROVIDER_TYPE_L2TP_IPSEC_PSK),
+      // Assume PSK and user passphrase are not available initially
+      psk_passphrase_required_(true),
+      user_passphrase_required_(true),
       client_cert_type_(CLIENT_CERT_TYPE_NONE) {
   init_client_cert_pattern();
 }
@@ -790,13 +793,14 @@ void VirtualNetwork::CopyCredentialsFromRemembered(Network* remembered) {
 }
 
 bool VirtualNetwork::NeedMoreInfoToConnect() const {
-  if (server_hostname_.empty() || username_.empty() || user_passphrase_.empty())
+  if (server_hostname_.empty() || username_.empty() ||
+      IsUserPassphraseRequired())
     return true;
   if (error() != ERROR_NO_ERROR)
     return true;
   switch (provider_type_) {
     case PROVIDER_TYPE_L2TP_IPSEC_PSK:
-      if (psk_passphrase_.empty())
+      if (IsPSKPassphraseRequired())
         return true;
       break;
     case PROVIDER_TYPE_L2TP_IPSEC_USER_CERT:
@@ -840,6 +844,14 @@ std::string VirtualNetwork::GetProviderTypeString() const {
   }
 }
 
+bool VirtualNetwork::IsPSKPassphraseRequired() const {
+  return psk_passphrase_required_ && psk_passphrase_.empty();
+}
+
+bool VirtualNetwork::IsUserPassphraseRequired() const {
+  return user_passphrase_required_ && user_passphrase_.empty();
+}
+
 void VirtualNetwork::SetCACertNSS(const std::string& ca_cert_nss) {
   if (provider_type_ == PROVIDER_TYPE_OPEN_VPN) {
     SetStringProperty(
diff --git a/chrome/browser/chromeos/cros/network_library.h b/chrome/browser/chromeos/cros/network_library.h
index a7a4696..2a09190 100644
--- a/chrome/browser/chromeos/cros/network_library.h
+++ b/chrome/browser/chromeos/cros/network_library.h
@@ -108,6 +108,7 @@ enum PropertyIndex {
   PROPERTY_INDEX_L2TPIPSEC_PASSWORD,
   PROPERTY_INDEX_L2TPIPSEC_PIN,
   PROPERTY_INDEX_L2TPIPSEC_PSK,
+  PROPERTY_INDEX_L2TPIPSEC_PSK_REQUIRED,
   PROPERTY_INDEX_L2TPIPSEC_USER,
   PROPERTY_INDEX_MANUFACTURER,
   PROPERTY_INDEX_MDN,
@@ -989,10 +990,12 @@ class VirtualNetwork : public Network {
   ProviderType provider_type() const { return provider_type_; }
   const std::string& ca_cert_nss() const { return ca_cert_nss_; }
   const std::string& psk_passphrase() const { return psk_passphrase_; }
+  bool psk_passphrase_required() const { return psk_passphrase_required_; }
   const std::string& client_cert_id() const { return client_cert_id_; }
   const std::string& username() const { return username_; }
   ClientCertType client_cert_type() const { return client_cert_type_; }
   const std::string& user_passphrase() const { return user_passphrase_; }
+  bool user_passphrase_required() const { return user_passphrase_required_; }
   const std::string& group_name() const { return group_name_; }
 
   // Sets the well-known PKCS#11 slot and PIN for accessing certificates.
@@ -1007,6 +1010,10 @@ class VirtualNetwork : public Network {
   // Public getters.
   bool NeedMoreInfoToConnect() const;
   std::string GetProviderTypeString() const;
+  // Returns true if a PSK passphrase is required to connect.
+  bool IsPSKPassphraseRequired() const;
+  // Returns true if a user passphrase is required to connect.
+  bool IsUserPassphraseRequired() const;
 
   // Public setters.
   void SetCACertNSS(const std::string& ca_cert_nss);
@@ -1055,6 +1062,9 @@ class VirtualNetwork : public Network {
   void set_psk_passphrase(const std::string& psk_passphrase) {
     psk_passphrase_ = psk_passphrase;
   }
+  void set_psk_passphrase_required(bool psk_passphrase_required) {
+    psk_passphrase_required_ = psk_passphrase_required;
+  }
   void set_client_cert_id(const std::string& client_cert_id) {
     client_cert_id_ = client_cert_id;
   }
@@ -1062,6 +1072,9 @@ class VirtualNetwork : public Network {
   void set_user_passphrase(const std::string& user_passphrase) {
     user_passphrase_ = user_passphrase;
   }
+  void set_user_passphrase_required(bool user_passphrase_required) {
+    user_passphrase_required_ = user_passphrase_required;
+  }
   void set_group_name(const std::string& group_name) {
     group_name_ = group_name;
   }
@@ -1088,10 +1101,12 @@ class VirtualNetwork : public Network {
   // NSS nickname for server CA certificate.
   std::string ca_cert_nss_;
   std::string psk_passphrase_;
+  bool psk_passphrase_required_;
   // PKCS#11 ID for client certificate.
   std::string client_cert_id_;
   std::string username_;
   std::string user_passphrase_;
+  bool user_passphrase_required_;
   std::string group_name_;
   ClientCertType client_cert_type_;
 
diff --git a/chrome/browser/chromeos/options/vpn_config_view.cc b/chrome/browser/chromeos/options/vpn_config_view.cc
index f9654d1..db218f9 100644
--- a/chrome/browser/chromeos/options/vpn_config_view.cc
+++ b/chrome/browser/chromeos/options/vpn_config_view.cc
@@ -481,7 +481,8 @@ void VPNConfigView::Init(VirtualNetwork* vpn) {
     psk_passphrase_label_ =  new views::Label(l10n_util::GetStringUTF16(
         IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_VPN_PSK_PASSPHRASE));
     layout->AddView(psk_passphrase_label_);
-    psk_passphrase_textfield_ = new PassphraseTextfield(vpn);
+    bool has_psk_passphrase = vpn && !vpn->IsPSKPassphraseRequired();
+    psk_passphrase_textfield_ = new PassphraseTextfield(has_psk_passphrase);
     psk_passphrase_textfield_->SetController(this);
     layout->AddView(psk_passphrase_textfield_);
     layout->AddView(
@@ -546,7 +547,8 @@ void VPNConfigView::Init(VirtualNetwork* vpn) {
   layout->StartRow(0, column_view_set_id);
   layout->AddView(new views::Label(l10n_util::GetStringUTF16(
       IDS_OPTIONS_SETTINGS_INTERNET_OPTIONS_VPN_USER_PASSPHRASE)));
-  user_passphrase_textfield_ = new PassphraseTextfield(vpn);
+  bool has_user_passphrase = vpn && !vpn->IsUserPassphraseRequired();
+  user_passphrase_textfield_ = new PassphraseTextfield(has_user_passphrase);
   user_passphrase_textfield_->SetController(this);
   user_passphrase_textfield_->SetEnabled(user_passphrase_ui_data_.editable());
   layout->AddView(user_passphrase_textfield_);