Lubuntu/lubuntu-connection-editor
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Tons more 802.1x security work

Browse Source
This commit is contained in:
Aaron Rainbolt 2023-10-29 21:35:10 -05:00
parent 65f6ab68d7
commit f8a2c45843
5 changed files with 418 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

293
connectionsettingsengine.cpp
View File

@ -18,6 +18,47 @@ QString ConnectionSettingsEngine::targetConnUuidStr = QString();
* clonedMacAddress: QString
* mtu: int
*
* All things 802.1x:
*
* 802.1xEnabled: bool
* 802.1xAuthMode: ConnectionSettingsEngine::Security802_1xAuthMode
* 802.1xPasswordStore: ConnectionSettingsEngine::Security802_1xPasswordStoreMode
* MD5:
* 802.1xMd5Username: QString
* 802.1xMd5Password: QString
* TLS:
* 802.1xTlsIdentity: QString
* 802.1xTlsDomain: QString
* 802.1xTlsCaCertificate: QString (file path)
* 802.1xTlsUserCertificate: QString (file path)
* 802.1xTlsUserPrivateKey: QString (file path)
* 802.1xTlsUserKeyPassword: QString
* PWD:
* 802.1xPwdUsername: QString
* 802.1xPwdPassword: QString
* FAST:
* 802.1xFastAnonymousIdentity: QString
* 802.1xFastProvisioningMode: ConnectionSettingsEngine::Security802_1xFastProvisioningMode
* 802.1xFastPacFile: QString
* 802.1xFastAuthMethod: ConnectionSettingsEngine::Security802_1xAuthMethod
* 802.1xFastUsername: QString
* 802.1xFastPassword: QString
* Tunneled TLS:
* 802.1xTtlsAnonymousIdentity: QString
* 802.1xTtlsDomain: QString
* 802.1xTtlsCaCertificate: QString (file path)
* 802.1xTtlsAuthMethod: ConnectionSettingsEngine::Security802_1xAuthMethod
* 802.1xTtlsUsername: QString
* 802.1xTtlePassword: QString
* Protected EAP:
* 802.1xPeapAnonymousIdentity: QString
* 802.1xPeapDomain: QString
* 802.1xPeapCaCertificate: QByteArray (file path)
* 802.1xPeapVersion: ConnectionSettingsEngine::Security802_1xPeapVersion
* 802.1xPeapAuthMethod: ConnectionSettingsEngine::Security802_1xAuthMethod
* 802.1xPeapUsername: QString
* 802.1xPeapPassword: QString
*
* For Ethernet devices only:
* autoLinkNegotiation: ConnectionSettingsEngine::LinkNegotiation
* linkSpeed: ConnectionSettingsEngine::LinkSpeed
@ -33,6 +74,7 @@ QVariantMap ConnectionSettingsEngine::readConnectionSettings(QString connUuidStr
// Contains adapted code from plasma-nm
NetworkManager::Connection::Ptr conn = NetworkManager::findConnectionByUuid(connUuidStr);
NetworkManager::ConnectionSettings::Ptr connSettings = conn->settings();
NetworkManager::Security8021xSetting::Ptr connSecurity802_1xSetting = connSettings->setting(NetworkManager::Setting::Security8021x).dynamicCast<NetworkManager::Security8021xSetting>();
NetworkManager::WiredSetting::Ptr connWiredSetting = connSettings->setting(NetworkManager::Setting::Wired).dynamicCast<NetworkManager::WiredSetting>();
NetworkManager::WirelessSetting::Ptr connWirelessSetting = connSettings->setting(NetworkManager::Setting::Wireless).dynamicCast<NetworkManager::WirelessSetting>();
QVariantMap result;
@ -41,6 +83,8 @@ QVariantMap ConnectionSettingsEngine::readConnectionSettings(QString connUuidStr
result.insert("autoconnectPriority", connSettings->autoconnectPriority());
result.insert("allUsersMayConnect", connSettings->permissions().isEmpty() ? true : false);
qWarning() << connSettings->toMap();
QStringList secondaryConns = connSettings->secondaries();
NetworkManager::Connection::List list = NetworkManager::listConnections();
@ -83,6 +127,128 @@ QVariantMap ConnectionSettingsEngine::readConnectionSettings(QString connUuidStr
result.insert("device", connSettings->interfaceName());
if (!connSecurity802_1xSetting.isNull()) {
QList<NetworkManager::Security8021xSetting::EapMethod> eapMethods = connSecurity802_1xSetting->eapMethods();
if (eapMethods.length() != 0) {
result.insert("802.1xEnabled", true);
switch (eapMethods[0]) {
case NetworkManager::Security8021xSetting::EapMethodMd5:
result.insert("802.1xAuthMode", ConnectionSettingsEngine::Security802_1xAuthMd5);
result.insert("802.1xMd5Username", connSecurity802_1xSetting->identity());
result.insert("802.1xMd5Password", connSecurity802_1xSetting->password());
break;
case NetworkManager::Security8021xSetting::EapMethodTls:
result.insert("802.1xAuthMode", ConnectionSettingsEngine::Security802_1xAuthTls);
result.insert("802.1xTlsIdentity", connSecurity802_1xSetting->identity());
result.insert("802.1xTlsDomain", connSecurity802_1xSetting->domainSuffixMatch());
result.insert("802.1xTlsCaCertificate", QString(connSecurity802_1xSetting->caCertificate()));
result.insert("802.1xTlsUserCertificate", QString(connSecurity802_1xSetting->clientCertificate()));
result.insert("802.1xTlsUserPrivateKey", QString(connSecurity802_1xSetting->privateKey()));
result.insert("802.1xTlsUserKeyPassword", connSecurity802_1xSetting->privateKeyPassword());
break;
case NetworkManager::Security8021xSetting::EapMethodPwd:
result.insert("802.1xAuthMode", ConnectionSettingsEngine::Security802_1xAuthPwd);
result.insert("802.1xPwdUsername", connSecurity802_1xSetting->identity());
result.insert("802.1xPwdPassword", connSecurity802_1xSetting->password());
break;
case NetworkManager::Security8021xSetting::EapMethodFast:
result.insert("802.1xAuthMode", ConnectionSettingsEngine::Security802_1xAuthFast);
result.insert("802.1xFastAnonymousIdentity", connSecurity802_1xSetting->anonymousIdentity());
switch (connSecurity802_1xSetting->phase1FastProvisioning()) {
case NetworkManager::Security8021xSetting::FastProvisioningAllowUnauthenticated:
result.insert("802.1xFastProvisioningMode", ConnectionSettingsEngine::Security802_1xFastProvisioningAnonymous);
break;
case NetworkManager::Security8021xSetting::FastProvisioningAllowAuthenticated:
result.insert("802.1xFastProvisioningMode", ConnectionSettingsEngine::Security802_1xFastProvisioningAuthenticated);
break;
case NetworkManager::Security8021xSetting::FastProvisioningAllowBoth:
result.insert("802.1xFastProvisioningMode", ConnectionSettingsEngine::Security802_1xFastProvisioningBoth);
break;
default:
result.insert("802.1xFastProvisioningMode", ConnectionSettingsEngine::Security802_1xFastProvisioningOff);
break;
}
result.insert("802.1xFastPacFile", connSecurity802_1xSetting->pacFile());
switch (connSecurity802_1xSetting->phase2AuthMethod()) {
case NetworkManager::Security8021xSetting::AuthMethodGtc:
result.insert("802.1xFastAuthMethod", ConnectionSettingsEngine::Security802_1xAuthMethodGtc);
break;
case NetworkManager::Security8021xSetting::AuthMethodMschapv2:
result.insert("802.1xFastAuthMethod", ConnectionSettingsEngine::Security802_1xAuthMethodMschapv2);
break;
default:
result.insert("802.1xFastAuthMethod", ConnectionSettingsEngine::Security802_1xAuthMethodUnknown);
break;
}
result.insert("802.1xFastUsername", connSecurity802_1xSetting->identity());
result.insert("802.1xFastPassword", connSecurity802_1xSetting->password());
break;
case NetworkManager::Security8021xSetting::EapMethodTtls:
result.insert("802.1xAuthMode", ConnectionSettingsEngine::Security802_1xAuthTtls);
result.insert("802.1xTtlsAnonymousIdentity", connSecurity802_1xSetting->anonymousIdentity());
result.insert("802.1xTtlsDomain", connSecurity802_1xSetting->domainSuffixMatch());
result.insert("802.1xTtlsCaCertificate", QString(connSecurity802_1xSetting->caCertificate()));
switch (connSecurity802_1xSetting->phase2AuthMethod()) {
case NetworkManager::Security8021xSetting::AuthMethodPap:
result.insert("802.1xTtlsAuthMethod", ConnectionSettingsEngine::Security802_1xAuthMethodPap);
break;
case NetworkManager::Security8021xSetting::AuthMethodChap:
result.insert("802.1xTtlsAuthMethod", ConnectionSettingsEngine::Security802_1xAuthMethodChap);
break;
case NetworkManager::Security8021xSetting::AuthMethodMschap:
result.insert("802.1xTtlsAuthMethod", ConnectionSettingsEngine::Security802_1xAuthMethodMschap);
break;
case NetworkManager::Security8021xSetting::AuthMethodMschapv2:
result.insert("802.1xTtlsAuthMethod", ConnectionSettingsEngine::Security802_1xAuthMethodMschapv2);
break;
default:
;
}
result.insert("802.1xTtlsUsername", connSecurity802_1xSetting->identity());
result.insert("802.1xTtlsPassword", connSecurity802_1xSetting->password());
break;
case NetworkManager::Security8021xSetting::EapMethodPeap:
result.insert("802.1xAuthMode", ConnectionSettingsEngine::Security802_1xAuthPeap);
result.insert("802.1xPeapAnonymousIdentity", connSecurity802_1xSetting->anonymousIdentity());
result.insert("802.1xPeapDomain", connSecurity802_1xSetting->domainSuffixMatch());
result.insert("802.1xPeapCaCertificate", QString(connSecurity802_1xSetting->caCertificate()));
switch (connSecurity802_1xSetting->phase1PeapVersion()) {
case NetworkManager::Security8021xSetting::PeapVersionUnknown:
result.insert("802.1xPeapVersion", ConnectionSettingsEngine::Security802_1xPeapVersionUnknown);
break;
case NetworkManager::Security8021xSetting::PeapVersionZero:
result.insert("802.1xPeapVersion", ConnectionSettingsEngine::Security802_1xPeapVersionZero);
break;
case NetworkManager::Security8021xSetting::PeapVersionOne:
result.insert("802.1xPeapVersion", ConnectionSettingsEngine::Security802_1xPeapVersionOne);
break;
}
switch (connSecurity802_1xSetting->phase2AuthMethod()) {
case NetworkManager::Security8021xSetting::AuthMethodMschapv2:
result.insert("802.1xPeapAuthMethod", ConnectionSettingsEngine::Security802_1xAuthMethodMschapv2);
break;
case NetworkManager::Security8021xSetting::AuthMethodMd5:
result.insert("802.1xPeapAuthMethod", ConnectionSettingsEngine::Security802_1xAuthMethodMd5);
break;
case NetworkManager::Security8021xSetting::AuthMethodGtc:
result.insert("802.1xPeapAuthMethod", ConnectionSettingsEngine::Security802_1xAuthMethodGtc);
break;
default:
;
}
result.insert("802.1xPeapUsername", connSecurity802_1xSetting->identity());
result.insert("802.1xPeapPassword", connSecurity802_1xSetting->password());
break;
default:
;
}
} else {
result.insert("802.1xEnabled", false);
}
} else {
result.insert("802.1xEnabled", false);
}
if (!connWiredSetting.isNull()) {
result.insert("clonedMacAddress", NetworkManager::macAddressAsString(connWiredSetting->clonedMacAddress()));
result.insert("mtu", connWiredSetting->mtu());
@ -150,10 +316,12 @@ void ConnectionSettingsEngine::modifyConnectionSettings(QString connUuidStr, QVa
{
// Contains adapted code from plasma-nm
wipeClonedMacAddress = false;
bool ensure802_1xSettings = false;
NetworkManager::Connection::Ptr conn = NetworkManager::findConnectionByUuid(connUuidStr);
NetworkManager::ConnectionSettings::Ptr connSettings = conn->settings();
NetworkManager::WiredSetting::Ptr connWiredSetting = connSettings->setting(NetworkManager::Setting::Wired).dynamicCast<NetworkManager::WiredSetting>();
NetworkManager::WirelessSetting::Ptr connWirelessSetting = connSettings->setting(NetworkManager::Setting::Wireless).dynamicCast<NetworkManager::WirelessSetting>();
NetworkManager::Security8021xSetting secSetting;
if (settings["connName"].isValid()) {
connSettings->setId(settings["connName"].toString());
@ -198,6 +366,124 @@ void ConnectionSettingsEngine::modifyConnectionSettings(QString connUuidStr, QVa
connSettings->setInterfaceName(settings["device"].toString());
}
if (settings["802.1xEnabled"].isValid() && settings["802.1xEnabled"].toBool()) {
NetworkManager::Security8021xSetting secSetting;
QList<NetworkManager::Security8021xSetting::EapMethod> eapMethodsList;
switch (settings["802.1xAuthMode"].toInt()) {
case ConnectionSettingsEngine::Security802_1xAuthMd5:
eapMethodsList.append(NetworkManager::Security8021xSetting::EapMethodMd5);
secSetting.setIdentity(settings["802.1xMd5Username"].toString());
secSetting.setPassword(settings["802.1xMd5Password"].toString());
break;
case ConnectionSettingsEngine::Security802_1xAuthTls:
eapMethodsList.append(NetworkManager::Security8021xSetting::EapMethodTls);
secSetting.setIdentity(settings["802.1xTlsIdentity"].toString());
secSetting.setDomainSuffixMatch(settings["802.1xTlsDomain"].toString());
secSetting.setCaCertificate(settings["802.1xTlsCaCertificate"].toString().toUtf8().append('\0'));
secSetting.setClientCertificate(settings["802.1xTlsUserCertificate"].toString().toUtf8().append('\0'));
secSetting.setPrivateKey(settings["802.1xTlsUserPrivateKey"].toString().toUtf8().append('\0'));
secSetting.setPrivateKeyPassword(settings["802.1xTlsUserKeyPassword"].toString());
break;
case ConnectionSettingsEngine::Security802_1xAuthPwd:
eapMethodsList.append(NetworkManager::Security8021xSetting::EapMethodPwd);
secSetting.setIdentity(settings["802.1xPwdUsername"].toString());
secSetting.setPassword(settings["802.1xPwdPassword"].toString());
break;
case ConnectionSettingsEngine::Security802_1xAuthFast:
eapMethodsList.append(NetworkManager::Security8021xSetting::EapMethodFast);
secSetting.setAnonymousIdentity(settings["802.1xFastAnonymousIdentity"].toString());
switch (settings["802.1xFastProvisioningMode"].toInt()) {
case ConnectionSettingsEngine::Security802_1xFastProvisioningAnonymous:
secSetting.setPhase1FastProvisioning(NetworkManager::Security8021xSetting::FastProvisioningAllowUnauthenticated);
break;
case ConnectionSettingsEngine::Security802_1xFastProvisioningAuthenticated:
secSetting.setPhase1FastProvisioning(NetworkManager::Security8021xSetting::FastProvisioningAllowAuthenticated);
break;
case ConnectionSettingsEngine::Security802_1xFastProvisioningBoth:
secSetting.setPhase1FastProvisioning(NetworkManager::Security8021xSetting::FastProvisioningAllowBoth);
break;
default:
secSetting.setPhase1FastProvisioning(NetworkManager::Security8021xSetting::FastProvisioningDisabled);
break;
}
secSetting.setPacFile(settings["802.1xFastPacFile"].toString());
switch (settings["802.1xFastAuthMethod"].toInt()) {
case ConnectionSettingsEngine::Security802_1xAuthMethodGtc:
secSetting.setPhase2AuthMethod(NetworkManager::Security8021xSetting::AuthMethodGtc);
break;
case ConnectionSettingsEngine::Security802_1xAuthMethodMschapv2:
secSetting.setPhase2AuthMethod(NetworkManager::Security8021xSetting::AuthMethodMschapv2);
break;
default:
secSetting.setPhase2AuthMethod(NetworkManager::Security8021xSetting::AuthMethodUnknown);
break;
}
secSetting.setIdentity(settings["802.1xFastUsername"].toString());
secSetting.setPassword(settings["802.1xFastPassword"].toString());
break;
case ConnectionSettingsEngine::Security802_1xAuthTtls:
eapMethodsList.append(NetworkManager::Security8021xSetting::EapMethodTtls);
secSetting.setAnonymousIdentity(settings["802.1xTtlsAnonymousIdentity"].toString());
secSetting.setDomainSuffixMatch(settings["802.1xTtleAnonymousIdentity"].toString());
secSetting.setCaCertificate(settings["802.1xTtlsCaCertificate"].toString().toUtf8().append('\0'));
switch (settings["802.1xTtlsAuthMethod"].toInt()) {
case ConnectionSettingsEngine::Security802_1xAuthMethodPap:
secSetting.setPhase2AuthMethod(NetworkManager::Security8021xSetting::AuthMethodPap);
break;
case ConnectionSettingsEngine::Security802_1xAuthMethodChap:
secSetting.setPhase2AuthMethod(NetworkManager::Security8021xSetting::AuthMethodChap);
break;
case ConnectionSettingsEngine::Security802_1xAuthMethodMschap:
secSetting.setPhase2AuthMethod(NetworkManager::Security8021xSetting::AuthMethodMschap);
break;
case ConnectionSettingsEngine::Security802_1xAuthMethodMschapv2:
secSetting.setPhase2AuthMethod(NetworkManager::Security8021xSetting::AuthMethodMschapv2);
break;
default:
;
}
secSetting.setIdentity(settings["802.1xTtlsUsername"].toString());
secSetting.setPassword(settings["802.1xTtlsPassword"].toString());
break;
case ConnectionSettingsEngine::Security802_1xAuthPeap:
eapMethodsList.append(NetworkManager::Security8021xSetting::EapMethodPeap);
secSetting.setAnonymousIdentity(settings["802.1xPeapAnonymousIdentity"].toString());
secSetting.setDomainSuffixMatch(settings["802.1xPeapAnonymousIdentity"].toString());
secSetting.setCaCertificate(settings["802.1xPeapCaCertificate"].toString().toUtf8().append('\0'));
switch (settings["802.1xPeapVersion"].toInt()) {
case ConnectionSettingsEngine::Security802_1xPeapVersionUnknown:
secSetting.setPhase1PeapVersion(NetworkManager::Security8021xSetting::PeapVersionUnknown);
break;
case ConnectionSettingsEngine::Security802_1xPeapVersionZero:
secSetting.setPhase1PeapVersion(NetworkManager::Security8021xSetting::PeapVersionZero);
break;
case ConnectionSettingsEngine::Security802_1xPeapVersionOne:
secSetting.setPhase1PeapVersion(NetworkManager::Security8021xSetting::PeapVersionOne);
break;
}
switch (settings["802.1xPeapAuthMethod"].toInt()) {
case ConnectionSettingsEngine::Security802_1xAuthMethodMschapv2:
secSetting.setPhase2AuthMethod(NetworkManager::Security8021xSetting::AuthMethodMschapv2);
break;
case ConnectionSettingsEngine::Security802_1xAuthMethodMd5:
secSetting.setPhase2AuthMethod(NetworkManager::Security8021xSetting::AuthMethodMd5);
break;
case ConnectionSettingsEngine::Security802_1xAuthMethodGtc:
secSetting.setPhase2AuthMethod(NetworkManager::Security8021xSetting::AuthMethodGtc);
break;
default:
;
}
secSetting.setIdentity(settings["802.1xPeapUsername"].toString());
secSetting.setPassword(settings["802.1xPeapPassword"].toString());
break;
}
secSetting.setEapMethods(eapMethodsList);
ensure802_1xSettings = true;
} else {
ensure802_1xSettings = false;
}
QByteArray macBin = NetworkManager::macAddressFromString(settings["clonedMacAddress"].toString());
if (settings["clonedMacAddress"].toString().length() != 17) {
wipeClonedMacAddress = true;
@ -275,7 +561,12 @@ void ConnectionSettingsEngine::modifyConnectionSettings(QString connUuidStr, QVa
// TODO: pick up here
targetConnUuidStr = connUuidStr;
QDBusPendingReply<> reply = conn->update(connSettings->toMap());
NMVariantMapMap connSettingsMap = connSettings->toMap();
connSettingsMap.remove("802-1x");
if (ensure802_1xSettings) {
connSettingsMap.insert("802-1x", secSetting.toMap());
}
QDBusPendingReply<> reply = conn->update(connSettingsMap);
auto watcher = new QDBusPendingCallWatcher(reply);
QObject::connect(watcher, &QDBusPendingCallWatcher::finished, saveReplyFinished);
}

40
connectionsettingsengine.h
View File

@ -6,12 +6,14 @@
#include <NetworkManagerQt/Settings>
#include <NetworkManagerQt/Manager>
#include <NetworkManagerQt/Setting>
#include <NetworkManagerQt/Security8021xSetting>
#include <NetworkManagerQt/WiredSetting>
#include <NetworkManagerQt/WirelessSetting>
#include <NetworkManagerQt/Utils>
#include <QString>
#include <QVariant>
#include <QHash>
#include <QList>
#include <QProcess>
#include <QDBusPendingReply>
#include <QDBusPendingCallWatcher>
@ -49,6 +51,44 @@ public:
DuplexFull
};
enum Security802_1xAuthMode {
Security802_1xAuthMd5,
Security802_1xAuthTls,
Security802_1xAuthPwd,
Security802_1xAuthFast,
Security802_1xAuthTtls,
Security802_1xAuthPeap
};
enum Security802_1xPasswordStoreMode {
Security802_1xPasswordStoreForAllUsers,
Security802_1xPasswordStoreForOneUser,
Security802_1xPasswordStoreNotSaved
};
enum Security802_1xFastProvisioningMode {
Security802_1xFastProvisioningOff,
Security802_1xFastProvisioningAnonymous,
Security802_1xFastProvisioningAuthenticated,
Security802_1xFastProvisioningBoth
};
enum Security802_1xAuthMethod {
Security802_1xAuthMethodUnknown,
Security802_1xAuthMethodPap,
Security802_1xAuthMethodChap,
Security802_1xAuthMethodMschap,
Security802_1xAuthMethodMschapv2,
Security802_1xAuthMethodGtc,
Security802_1xAuthMethodMd5
};
enum Security802_1xPeapVersion {
Security802_1xPeapVersionUnknown,
Security802_1xPeapVersionZero,
Security802_1xPeapVersionOne
};
ConnectionSettingsEngine();
static QVariantMap readConnectionSettings(QString connUuidStr);

14
security802_1xtab.cpp
View File

@ -6,9 +6,23 @@ Security802_1xTab::Security802_1xTab(QWidget *parent) :
ui(new Ui::Security802_1xTab)
{
ui->setupUi(this);
connect(ui->enable802_1xCheckBox, &QCheckBox::stateChanged, this, &Security802_1xTab::onEnable802_1xCheckBoxToggled);
onEnable802_1xCheckBoxToggled(Qt::Unchecked);
}
Security802_1xTab::~Security802_1xTab()
{
delete ui;
}
void Security802_1xTab::onEnable802_1xCheckBoxToggled(int state)
{
switch (state) {
case Qt::Checked:
ui->authenticationModeTabs->setEnabled(true);
break;
case Qt::Unchecked:
ui->authenticationModeTabs->setEnabled(false);
break;
}
}

3
security802_1xtab.h
View File

@ -15,6 +15,9 @@ public:
explicit Security802_1xTab(QWidget *parent = nullptr);
~Security802_1xTab();
private slots:
void onEnable802_1xCheckBoxToggled(int state);
private:
Ui::Security802_1xTab *ui;
};

164
security802_1xtab.ui
View File

@ -29,9 +29,9 @@
</widget>
</item>
<item>
<widget class="QTabWidget" name="tabWidget">
<widget class="QTabWidget" name="authenticationModeTabs">
<property name="currentIndex">
<number>0</number>
<number>1</number>
</property>
<widget class="QWidget" name="md5Tab">
<attribute name="title">
@ -100,15 +100,44 @@
<string>TLS</string>
</attribute>
<layout class="QGridLayout" name="gridLayout_2">
<item row="8" column="1">
<widget class="QCheckBox" name="tlsShowPasswordsCheckBox">
<item row="3" column="0">
<widget class="QLabel" name="label_8">
<property name="text">
<string>Show passwords</string>
<string>User certificate</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="5" column="1">
<widget class="QLineEdit" name="tlsUserCertificatePasswordLineEdit"/>
<item row="4" column="0">
<widget class="QLabel" name="label_10">
<property name="text">
<string>User private key</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="8" column="1">
<spacer name="verticalSpacer_2">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="1" column="1">
<widget class="QLineEdit" name="tlsDomainLineEdit"/>
</item>
<item row="7" column="1">
<widget class="QComboBox" name="tlsPasswordStoreComboBox"/>
</item>
<item row="2" column="0">
<widget class="QLabel" name="label_6">
@ -120,6 +149,16 @@
</property>
</widget>
</item>
<item row="5" column="0">
<widget class="QLabel" name="label_11">
<property name="text">
<string>User key password</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="0" column="0">
<widget class="QLabel" name="label_4">
<property name="text">
@ -130,80 +169,14 @@
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QLineEdit" name="tlsDomainLineEdit"/>
</item>
<item row="9" column="1">
<widget class="QComboBox" name="tlsPasswordStoreComboBox"/>
</item>
<item row="7" column="1">
<widget class="QLineEdit" name="tlsUserKeyPasswordLineEdit"/>
</item>
<item row="3" column="0">
<widget class="QLabel" name="label_7">
<item row="6" column="1">
<widget class="QCheckBox" name="tlsShowPasswordsCheckBox">
<property name="text">
<string>CA certificate password</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QLabel" name="label_5">
<property name="text">
<string>Domain</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="6" column="0">
<widget class="QLabel" name="label_10">
<property name="text">
<string>User private key</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
<string>Show passwords</string>
</property>
</widget>
</item>
<item row="4" column="1">
<layout class="QHBoxLayout" name="horizontalLayout_2">
<item>
<widget class="QLineEdit" name="tlsCaUserCertificateLineEdit"/>
</item>
<item>
<widget class="QPushButton" name="tlsUserCertificateOpenFileButton">
<property name="text">
<string>Open file...</string>
</property>
</widget>
</item>
</layout>
</item>
<item row="4" column="0">
<widget class="QLabel" name="label_8">
<property name="text">
<string>User certificate</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="5" column="0">
<widget class="QLabel" name="label_9">
<property name="text">
<string>User certificate password</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="6" column="1">
<layout class="QHBoxLayout" name="horizontalLayout_3">
<item>
<widget class="QLineEdit" name="userPrivateKeyLineEdit"/>
@ -217,22 +190,36 @@
</item>
</layout>
</item>
<item row="3" column="1">
<widget class="QLineEdit" name="tlsCaCertificatePasswordLineEdit"/>
</item>
<item row="0" column="1">
<widget class="QLineEdit" name="tlsIdentityLineEdit"/>
</item>
<item row="7" column="0">
<widget class="QLabel" name="label_11">
<item row="5" column="1">
<widget class="QLineEdit" name="tlsUserKeyPasswordLineEdit"/>
</item>
<item row="1" column="0">
<widget class="QLabel" name="label_5">
<property name="text">
<string>User key password</string>
<string>Domain</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="3" column="1">
<layout class="QHBoxLayout" name="horizontalLayout_2">
<item>
<widget class="QLineEdit" name="tlsCaUserCertificateLineEdit"/>
</item>
<item>
<widget class="QPushButton" name="tlsUserCertificateOpenFileButton">
<property name="text">
<string>Open file...</string>
</property>
</widget>
</item>
</layout>
</item>
<item row="2" column="1">
<layout class="QHBoxLayout" name="horizontalLayout">
<item>
@ -247,19 +234,6 @@
</item>
</layout>
</item>
<item row="10" column="1">
<spacer name="verticalSpacer_2">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
</layout>
</widget>
<widget class="QWidget" name="pwdTab">