This updates the config generator so that it doesn't fail when
specifying a password.

Also, fixed display of the cert selects to show "none" when no certs
are loaded, and fixed the values of the select items so that we can
use them as values for the output (instead of the i18n versions fo the
items).

BUG=none
TEST=Ran and observed better behavior.

Change-Id: I762b03de0017405eaa8abfb834bd0c383abe0b23
diff --git a/_locales/en/messages.json b/_locales/en/messages.json
index 293f0a2..246dee7 100644
--- a/_locales/en/messages.json
+++ b/_locales/en/messages.json
@@ -168,6 +168,9 @@
   "certificateList": {
     "message": "Certificate list"
   },
+  "certificateListClear": {
+    "message": "Remove All Certificates"
+  },
   "helpCertificateList": {
     "message": "List of certificates to install.  Drag and drop root certificate authorities and certificates to install on Chrome OS. You may drag and drop .pem and .der files."
   },
@@ -195,6 +198,9 @@
   "doNotCheckCA": {
     "message": "Do not check (insecure)"
   },
+  "certificateNone": {
+    "message": "None"
+  },
   "fileNotSupported": {
     "message": "File $1 is not supported",
     "description": "This error message is displayed when the given file could not be loaded"
diff --git a/main.html b/main.html
index 32e1a20..62dc3c5 100644
--- a/main.html
+++ b/main.html
@@ -175,11 +175,11 @@
   <h2 i18n="securityType"></h2>
   <p class="help" i18n="helpSecurityType"></p>
   <select id="security">
-    <option i18n="securityNone">
-    <option i18n="securityWep">
-    <option i18n="securityWpa">
-    <option i18n="securityWpa2">
-    <option i18n="securityWpa2Enterprise">
+    <option i18n="securityNone" value="None"></option>
+    <option i18n="securityWep" value="WEP"></option>
+    <option i18n="securityWpa" value="WPA"></option>
+    <option i18n="securityWpa2" value="WPA2"></option>
+    <option i18n="securityWpa2Enterprise" value="WPA2Enterprise"></option>
   </select>
   <div id="passphrase-div" style="display:none">
     <h2 i18n="wirelessPassphrase"></h2>
@@ -190,19 +190,19 @@
     <h2 i18n="extensibleAuthenticationProtocol"></h2>
     <p class="help" i18n="selectTheEapToPermit"></p>
     <select id="eap">
-      <option i18n="acronymPeap">
-      <option i18n="acronymEapTtls">
-      <option i18n="acronymEapTls">
-      <option i18n="acronymLeap">
+      <option i18n="acronymPeap" value="PEAP"></option>
+      <option i18n="acronymEapTtls" value="EAP-TTLS"></option>
+      <option i18n="acronymEapTls" value="EAP-TLS"></option>
+      <option i18n="acronymLeap" value="LEAP"></option>
     </select>
     <div id="phase2-div">
       <h2 i18n="innerProtocol"></h2>
       <p class="help" i18n="helpInnerProtocol"></p>
       <select id="phase2">
-        <option i18n="automatic">
-        <option i18n="acronymEapMschapV2">
-        <option i18n="acronymEapMd5">
-        <option i18n="acronymEapPap">
+        <option i18n="automatic" value="Automatic"></option>
+        <option i18n="acronymEapMschapV2" value="EAP-MSCHAP-V2"></option>
+        <option i18n="acronymEapMd5" value="EAP-MD5"></option>
+        <option i18n="acronymEapPap" value="EAP-PAP"></option>
       </select>
     </div>
     <div id="phase2-auth">
@@ -252,8 +252,8 @@
   <h2 i18n="vpnType"></h2>
   <p class="help" i18n="helpVpnType"></p>
   <select id="vpn-type">
-    <option i18n="l2tpIpsecPsk"></option>
-    <option i18n="l2tpIpsecCert"></option>
+    <option i18n="l2tpIpsecPsk" value="L2TP-IPSEC-PSK"></option>
+    <option i18n="l2tpIpsecCert" value="L2TP-IPSEC-CERT"></option>
   </select>
   <div class="checkable">
     <input type="checkbox" id="l2tp-specify-credentials"></input>
@@ -300,6 +300,9 @@
   </div>
   <div id="cert-errors" style="color:red"></div>
   <input type="file" id="cert-files" multiple />
+  <br/>
+  <button id="cert-clear" i18n="certificateListClear">
+  </button>
 </div>
 <div class="right-pane" id="load-pane">
   <h1 i18n="loadConfigurationTab"></h1>
diff --git a/main.js b/main.js
index 0fca9b9..4412e24 100644
--- a/main.js
+++ b/main.js
@@ -81,14 +81,14 @@
  * Based on current Wi-Fi security setting, set visible configuration.
  */
 main.setWifiSecurityVisible = function() {
-  var i18n = main.getSelectedI18n('#security');
-  if (i18n == 'securityWep' || i18n == 'securityWpa' ||
-      i18n == 'securityWpa2') {
+  var security = $('#security').val();
+  if (security == 'WEP' || security == 'WPA' ||
+      security == 'WPA2') {
     $('#passphrase-div').show();
   } else {
     $('#passphrase-div').hide();
   }
-  if (i18n == 'securityWpa2Enterprise') {
+  if (security == 'WPA2Enterprise') {
     $('#8021x-div').show();
   } else {
     $('#8021x-div').hide();
@@ -100,9 +100,8 @@
  * for connection.
  */
 main.wifiRequiresUsernamePassword = function() {
-  var i18n = main.getSelectedI18n('#eap');
-  return (i18n == 'acronymEapTtls' || i18n == 'acronymPeap' ||
-          i18n == 'acronymLeap');
+  var security = $('#eap').val();
+  return (security == 'EAP-TTLS' || security == 'PEAP' || security == 'LEAP');
 };
 
 /**
@@ -110,8 +109,8 @@
  * method setting is required.
  */
 main.wifiRequiresPhase2Method = function() {
-  var i18n = main.getSelectedI18n('#eap');
-  return i18n == 'acronymEapTtls' || i18n == 'acronymPeap';
+  var security = $('#eap').val();
+  return security == 'EAP-TTLS' || security == 'PEAP';
 };
 
 /**
@@ -119,9 +118,9 @@
  * required.
  */
 main.wifiRequiresServerCertificate = function() {
-  var i18n = main.getSelectedI18n('#eap');
-  return (i18n == 'acronymEapTtls' || i18n == 'acronymPeap' ||
-          i18n == 'acronymEapTls');
+  var security = $('#eap').val();
+  return (security == 'EAP-TTLS' || security == 'PEAP' ||
+          security == 'EAP-TLS');
 };
 
 /**
@@ -129,7 +128,7 @@
  * required.
  */
 main.wifiRequiresClientCertficate = function() {
-  return main.getSelectedI18n('#eap') == 'acronymEapTls';
+  return $('#eap').val() == 'EAP-TLS';
 };
 
 /**
@@ -167,7 +166,7 @@
 main.setVPNTypeVisible = function() {
   var setting = $('#vpn-type').val();
   var save = $('#l2tp-specify-credentials').is(':checked');
-  if (setting == 'l2tpipsec-psk') {
+  if (setting == 'L2TP-IPsec-PSK') {
     if (save) {
       $('#l2tpipsec-psk-div').show();
     } else {
@@ -248,38 +247,40 @@
   };
   if ($('#wifi-proxy-url').val())
     network.ProxyURL = $('#wifi-proxy-url').val();
-  network.WiFi.Security = 'None';
-  switch (main.getSelectedI18n('#security')) {
-    case 'securityWep':
-      network.WiFi.Security = "WEP";
+  network.WiFi.Security = $('#security').val();
+  switch (network.WiFi.Security) {
+    case 'WEP':
+    case 'WPA':
+    case 'WPA2':
       network.WiFi.Passphrase = $('#passphrase').val();
       break;
-    case 'securityWpa':
-      network.WiFi.Security = "WPA";
-      network.WiFi.Passphrase = $('#passphrase').val();
-      break;
-    case 'securityWpa2':
-      network.WiFi.Security = "WPA2";
-      network.WiFi.Passphrase = $('#passphrase').val();
-      break;
-    case 'securityWpa2Enterprise':
+    case 'WPA2Enterprise':
       network.WiFi.Security = 'WPA2';
       network.WiFi.EAP = {};
       network.WiFi.EAP.Outer = $('#eap').val();
       network.WiFi.EAP.UseSystemCAs =
-        $('#wifi-server-ca').val() != 'Do not check (insecure)';
+          main.getSelectedI18n('#wifi-server-ca') != 'doNotCheckCA';
       if ($('#specify-credentials').is(':checked')) {
-        network.WiFi.EAP.Identity = $('#wifi-username');
-        network.WiFi.EAP.Password = $('#wifi-password')
+        network.WiFi.EAP.Identity = $('#wifi-username').val();
+        network.WiFi.EAP.Password = $('#wifi-password').val();
       }
       if (main.wifiRequiresServerCertificate()) {
-        network.WiFi.EAP.ServerCARef = main.createCertReference(
-            $('#wifi-server-ca').val());
+        if (main.getSelectedI18n('#wifi-server-ca') != 'doNotCheckCA' &&
+            main.getSelectedI18n('#wifi-server-ca') != 'useAnyDefaultCA') {
+          network.WiFi.EAP.ServerCARef = main.createCertReference(
+              $('#wifi-server-ca').val());
+        } else if (main.getSelectedI18n('#wifi-server-ca') == 'doNotCheckCA') {
+          network.WiFi.EAP.ServerCARef = 'none';
+        } else {
+          network.WiFi.EAP.ServerCARef = 'default';
+        }
       }
       if (main.wifiRequiresClientCertficate()) {
         network.Wifi.EAP.ClientCertPattern = {};
-        network.Wifi.EAP.ClientCertPattern.IssuerRef =
-            main.createCertReference($('#wifi-client-ca').val());
+        if (main.getSelectedI18n('#wifi-client-ca') != 'certificateNone') {
+          network.Wifi.EAP.ClientCertPattern.IssuerRef =
+              main.createCertReference($('#wifi-client-ca').val());
+        }
         network.Wifi.EAP.ClientCertPattern.EnrollmentUri =
             $('#wifi-enrollment-uri').val();
       }
@@ -304,11 +305,23 @@
     network.VPN.User = $('#l2tp-user').val();
     network.VPN.Password = $('#l2tp-password').val();
   }
-  if (main.getSelectedI18n('#vpn-type') == 'l2tpIpsecCert') {
-    network.VPN.ServerCARef = createCertReference($('#ipsec-server-ca').val());
-    network.VPN.ClientCertPattern = {
-      'IssuerRef': createCertReference($('#ipsec-client-ca').val())
-    };
+  if ($('#vpn-type').val() == 'L2TP-IPsec-RSA') {
+    if (main.getSelectedI18n('#ipsec-server-ca') != 'certificateNone') {
+      network.VPN.ServerCARef = createCertReference(
+          $('#ipsec-server-ca').val());
+    } else {
+      // TODO(gspencer): This is really an error case, and it really
+      // should tell the user why (i.e. because there's no valid
+      // server CA specified for a network that requires one).
+      return '';
+    }
+    if (main.getSelectedI18n('#ipsec-client-ca') != 'certificateNone') {
+      network.VPN.ClientCertPattern = {
+        'IssuerRef': createCertReference($('#ipsec-client-ca').val())
+      };
+    } else {
+      network.VPN.ClientCertPattern = { 'IssuerRef': ''}
+    }
   }
   config.NetworkConfigurations.push(network);
   config.Certificates = [];
@@ -339,7 +352,11 @@
  * Update the save link to the current UI configuration.
  */
 main.updateSaveLink = function() {
-  var configArray = main.saveConfig().split('').map(function(c) {
+  $('#save-link').attr('href','about:blank');  // In case something fails.
+  var rawConfig = main.saveConfig();
+  if (!rawConfig)
+    return;
+  var configArray = raw_config.split('').map(function(c) {
       return c.charCodeAt(0);
     });
   config = Base64.encode(main.arrayToUint8Array(configArray));
@@ -354,8 +371,15 @@
  */
 main.addCertificates = function(optionList, clearFirst) {
   if (clearFirst) optionList.options.length = 0;
-  for (var i = 0; i < certList.length; ++i) {
-    optionList.options.add(new Option(certList[i].subject.commonName));
+  if (certList.length == 0 && optionList.options.length == 0) {
+    optionList.options.add(new Option(
+        chrome.i18n.getMessage('certificateNone')));
+    optionList.disabled = true;
+  } else {
+    optionList.disabled = false;
+    for (var i = 0; i < certList.length; ++i) {
+      optionList.options.add(new Option(certList[i].subject.commonName));
+    }
   }
 };
 
@@ -378,8 +402,9 @@
   main.addCertificates(serverCaDom, false);
   serverCaDom.options.add(new Option(
       chrome.i18n.getMessage('doNotCheckCA')));
-  main.addCertificates(document.getElementById('ipsec-server-ca'), true);
-  main.addCertificates(document.getElementById('ipsec-client-ca'), true);
+  main.addCertificates($('#wifi-client-ca')[0], true);
+  main.addCertificates($('#ipsec-server-ca')[0], true);
+  main.addCertificates($('#ipsec-client-ca')[0], true);
 };
 
 /**
@@ -432,6 +457,15 @@
 };
 
 /**
+ * Clear out the certificates in the certificate list.
+ */
+main.handleCertFileListClear = function() {
+  $('#cert-errors').html('');
+  certList = [];
+  main.updateCertLists();
+}
+
+/**
  * Configure the given DOM id as a drag and drop target for certificates.
  * @param {String} id  DOM id.
  */
@@ -457,6 +491,9 @@
   $('#cert-files').change(function(event) {
       main.handleCertFileList(event.target.files);
     });
+  $('#cert-clear').click(function(event) {
+      main.handleCertFileListClear();
+    });
 };
 
 /**
@@ -478,15 +515,15 @@
   $('#ssid').val('');
   $('#hidden-ssid')[0].checked = false;
   $('#auto-connect')[0].checked = false;
-  $('#security').val('None');
+  main.setSelectedI18n('#security', 'securityNone');
   $('#passphrase').val('');
   $('#wifi-proxy-url').val('');
-  $('#eap').val('PEAP');
-  $('#phase2').val('Automatic');
+  main.setSelectedI18n('#eap', 'acronymPeap');
+  main.setSelectedI18n('#phase2', 'automatic');
   $('#username').val('');
   $('#password').val('');
   $('#wifi-server-ca').val('');
-  $('#wifi-client-ca')[0].options.length = 0;
+  $('#wifi-client-ca').val('');
   $('#wifi-guid').val(main.createGuid());
   $('#ipsec-enrollment-uri').val('');
   $('#vpn-guid').val(main.createGuid());
@@ -564,21 +601,21 @@
             continue networkConfigurationsLoop;
           }
           switch (eapConfig.Outer) {
-          case 'PEAP':
-            main.setSelectedI18n('#eap', 'acronymPeap');
-            break;
-          case 'EAP-TTLS':
-            main.setSelectedI18n('#eap', 'acronymEapTtls');
-            break;
-          case 'EAP-TLS':
-            main.setSelectedI18n('#eap', 'acronymEapTls');
-            break;
-          case 'LEAP':
-            main.setSelectedI18n('#eap', 'acronymLeap');
-            break;
-          default:
-            main.setLoadError('Unhandled EAP type');
-            continue networkConfigurationsLoop;
+            case 'PEAP':
+              main.setSelectedI18n('#eap', 'acronymPeap');
+              break;
+            case 'EAP-TTLS':
+              main.setSelectedI18n('#eap', 'acronymEapTtls');
+              break;
+            case 'EAP-TLS':
+              main.setSelectedI18n('#eap', 'acronymEapTls');
+              break;
+            case 'LEAP':
+              main.setSelectedI18n('#eap', 'acronymLeap');
+              break;
+            default:
+              main.setLoadError('Unhandled EAP type');
+              continue networkConfigurationsLoop;
           }
           if ('UseSystemCAs' in eapConfig && !eapConfig.UseSystemCAs) {
             main.setSelectedI18n('#wifi-server-ca', 'useAnyDefaultCA');