Beispiel #1
0
bool FvUpdater::checkSslFingerPrint(QUrl urltoCheck)
{
	if(urltoCheck.scheme()!="https")
	{
		qWarning()<<tr("SSL fingerprint check: The url %1 is not a ssl connection!").arg(urltoCheck.toString());
		return false;
	}

	QSslSocket *socket = new QSslSocket(this);
	socket->connectToHostEncrypted(urltoCheck.host(), 443);
	if( !socket->waitForEncrypted(1000))	// waits until ssl emits encrypted(), max 1000msecs
	{
		qWarning()<<"SSL fingerprint check: Unable to connect SSL server: "<<socket->sslErrors();
		return false;
	}

	QSslCertificate cert = socket->peerCertificate();

	if(cert.isNull())
	{
		qWarning()<<"SSL fingerprint check: Unable to retrieve SSL server certificate.";
		return false;
	}

	// COmpare digests
	if(cert.digest().toHex() != m_requiredSslFingerprint)
	{
		qWarning()<<"SSL fingerprint check: FINGERPRINT MISMATCH! Server digest="<<cert.digest().toHex()<<", requiered ssl digest="<<m_requiredSslFingerprint;
		return false;
	}
	
	return true;
}
Beispiel #2
0
void SslInfoDlg::setCurrentCert(int index)
{
    QSslCertificate cert = socket()->peerCertificateChain().at(index);
    ui.subjectCommonName->setText(cert.subjectInfo(QSslCertificate::CommonName));
    ui.subjectOrganization->setText(cert.subjectInfo(QSslCertificate::Organization));
    ui.subjectOrganizationalUnit->setText(cert.subjectInfo(QSslCertificate::OrganizationalUnitName));
    ui.subjectCountry->setText(cert.subjectInfo(QSslCertificate::CountryName));
    ui.subjectState->setText(cert.subjectInfo(QSslCertificate::StateOrProvinceName));
    ui.subjectCity->setText(cert.subjectInfo(QSslCertificate::LocalityName));

    ui.issuerCommonName->setText(cert.issuerInfo(QSslCertificate::CommonName));
    ui.issuerOrganization->setText(cert.issuerInfo(QSslCertificate::Organization));
    ui.issuerOrganizationalUnit->setText(cert.issuerInfo(QSslCertificate::OrganizationalUnitName));
    ui.issuerCountry->setText(cert.issuerInfo(QSslCertificate::CountryName));
    ui.issuerState->setText(cert.issuerInfo(QSslCertificate::StateOrProvinceName));
    ui.issuerCity->setText(cert.issuerInfo(QSslCertificate::LocalityName));

    if (socket()->sslErrors().isEmpty())
        ui.trusted->setText(tr("Yes"));
    else {
        QString errorString = tr("No, for the following reasons:<ul>");
        foreach(const QSslError &error, socket()->sslErrors())
        errorString += "<li>" + error.errorString() + "</li>";
        errorString += "</ul>";
        ui.trusted->setText(errorString);
    }

    ui.validity->setText(tr("%1 to %2").arg(cert.effectiveDate().date().toString(Qt::ISODate), cert.expiryDate().date().toString(Qt::ISODate)));
    ui.md5Digest->setText(prettyDigest(cert.digest(QCryptographicHash::Md5)));
    ui.sha1Digest->setText(prettyDigest(cert.digest(QCryptographicHash::Sha1)));
}
Beispiel #3
0
void QWebdav::sslErrors(QNetworkReply *reply, const QList<QSslError> &errors)
{
#ifdef DEBUG_WEBDAV
    qDebug() << "QWebdav::sslErrors()   reply->url == " << reply->url().toString(QUrl::RemoveUserInfo);
#endif

    QSslCertificate sslcert = errors[0].certificate();

    if ( ( sslcert.digest(QCryptographicHash::Md5) == m_sslCertDigestMd5 ) &&
         ( sslcert.digest(QCryptographicHash::Sha1) == m_sslCertDigestSha1) )
    {
        // user accepted this SSL certifcate already ==> ignore SSL errors
        reply->ignoreSslErrors();
    } else {
        // user has to check the SSL certificate and has to accept manually
        emit checkSslCertifcate(errors);
        reply->abort();
    }
}
bool DVRServer::isKnownCertificate(const QSslCertificate &certificate) const
{
    if (m_configuration.sslDigest().isEmpty())
    {
        /* If we don't know a certificate yet, we treat the first one we see as
         * correct. This is insecure, obviously, but it's a much nicer way to behave
         * for what we're doing here. */
        const_cast<DVRServer*>(this)->setKnownCertificate(certificate);
        return true;
    }

    return (certificate.digest(QCryptographicHash::Sha1) == m_configuration.sslDigest());
}
Beispiel #5
0
QDebug operator<<(QDebug debug, const QSslCertificate &certificate)
{
    debug << "QSslCertificate("
          << certificate.version()
          << "," << certificate.serialNumber()
          << "," << certificate.digest()
          << "," << certificate.issuerInfo(QSslCertificate::Organization)
          << "," << certificate.subjectInfo(QSslCertificate::Organization)
          << "," << certificate.alternateSubjectNames()
#ifndef QT_NO_TEXTSTREAM
          << "," << certificate.effectiveDate()
          << "," << certificate.expiryDate()
#endif
          << ")";
    return debug;
}
QDebug operator<<(QDebug debug, const QSslCertificate &certificate)
{
    debug << "QSslCertificate("
          << certificate.version()
          << ',' << certificate.serialNumber()
          << ',' << certificate.digest().toBase64()
          << ',' << certificate.issuerInfo(QSslCertificate::Organization)
          << ',' << certificate.subjectInfo(QSslCertificate::Organization)
          << ',' << certificate.subjectAlternativeNames()
#ifndef QT_NO_DATESTRING
          << ',' << certificate.effectiveDate()
          << ',' << certificate.expiryDate()
#endif
          << ')';
    return debug;
}
void CheckCloudConnection::sslErrors(QList<QSslError> errorList)
{
	if (verbose) {
		qDebug() << "Received error response trying to set up https connection with cloud storage backend:";
		Q_FOREACH (QSslError err, errorList) {
			qDebug() << err.errorString();
		}
	}
	QSslConfiguration conf = reply->sslConfiguration();
	QSslCertificate cert = conf.peerCertificate();
	QByteArray hexDigest = cert.digest().toHex();
	if (reply->url().toString().contains(prefs.cloud_base_url) &&
	    hexDigest == "13ff44c62996cfa5cd69d6810675490e") {
		if (verbose)
			qDebug() << "Overriding SSL check as I recognize the certificate digest" << hexDigest;
		reply->ignoreSslErrors();
	} else {
		if (verbose)
			qDebug() << "got invalid SSL certificate with hex digest" << hexDigest;
	}
}
Beispiel #8
0
void LeechCraft::SslErrorsDialog::PopulateTree (const QSslError& error)
{
	QTreeWidgetItem *item = new QTreeWidgetItem (Ui_.Errors_,
			QStringList ("Error:") << error.errorString ());

	QSslCertificate cer = error.certificate ();
	if (cer.isNull ())
	{
		new QTreeWidgetItem (item,
				QStringList (tr ("Certificate")) <<
					tr ("(No certificate available for this error)"));
		return;
	}

	new QTreeWidgetItem (item, QStringList (tr ("Valid:")) <<
				(cer.isValid () ? tr ("yes") : tr ("no")));
	new QTreeWidgetItem (item, QStringList (tr ("Effective date:")) <<
				cer.effectiveDate ().toString ());
	new QTreeWidgetItem (item, QStringList (tr ("Expiry date:")) <<
				cer.expiryDate ().toString ());
	new QTreeWidgetItem (item, QStringList (tr ("Version:")) <<
				cer.version ());
	new QTreeWidgetItem (item, QStringList (tr ("Serial number:")) <<
				cer.serialNumber ());
	new QTreeWidgetItem (item, QStringList (tr ("MD5 digest:")) <<
				cer.digest ().toHex ());
	new QTreeWidgetItem (item, QStringList (tr ("SHA1 digest:")) <<
				cer.digest (QCryptographicHash::Sha1).toHex ());

	QTreeWidgetItem *issuer = new QTreeWidgetItem (item,
			QStringList (tr ("Issuer info")));

	QString tmpString;
#if QT_VERSION >= 0x050000
	auto cvt = [] (const QStringList& list) { return list.join ("; "); };
#else
	auto cvt = [] (const QString& str) { return str; };
#endif
	tmpString = cvt (cer.issuerInfo (QSslCertificate::Organization));
	if (!tmpString.isEmpty ())
		new QTreeWidgetItem (issuer,
				QStringList (tr ("Organization:")) << tmpString);

	tmpString = cvt (cer.issuerInfo (QSslCertificate::CommonName));
	if (!tmpString.isEmpty ())
		new QTreeWidgetItem (issuer,
				QStringList (tr ("Common name:")) << tmpString);

	tmpString = cvt (cer.issuerInfo (QSslCertificate::LocalityName));
	if (!tmpString.isEmpty ())
		new QTreeWidgetItem (issuer,
				QStringList (tr ("Locality:")) << tmpString);

	tmpString = cvt (cer.issuerInfo (QSslCertificate::OrganizationalUnitName));
	if (!tmpString.isEmpty ())
		new QTreeWidgetItem (issuer,
				QStringList (tr ("Organizational unit name:")) << tmpString);

	tmpString = cvt (cer.issuerInfo (QSslCertificate::CountryName));
	if (!tmpString.isEmpty ())
		new QTreeWidgetItem (issuer,
				QStringList (tr ("Country name:")) << tmpString);

	tmpString = cvt (cer.issuerInfo (QSslCertificate::StateOrProvinceName));
	if (!tmpString.isEmpty ())
		new QTreeWidgetItem (issuer,
				QStringList (tr ("State or province name:")) << tmpString);

	QTreeWidgetItem *subject = new QTreeWidgetItem (item,
			QStringList (tr ("Subject info")));

	tmpString = cvt (cer.subjectInfo (QSslCertificate::Organization));
	if (!tmpString.isEmpty ())
		new QTreeWidgetItem (subject,
				QStringList (tr ("Organization:")) << tmpString);

	tmpString = cvt (cer.subjectInfo (QSslCertificate::CommonName));
	if (!tmpString.isEmpty ())
		new QTreeWidgetItem (subject,
				QStringList (tr ("Common name:")) << tmpString);

	tmpString = cvt (cer.subjectInfo (QSslCertificate::LocalityName));
	if (!tmpString.isEmpty ())
		new QTreeWidgetItem (subject,
				QStringList (tr ("Locality:")) << tmpString);

	tmpString = cvt (cer.subjectInfo (QSslCertificate::OrganizationalUnitName));
	if (!tmpString.isEmpty ())
		new QTreeWidgetItem (subject,
				QStringList (tr ("Organizational unit name:")) << tmpString);

	tmpString = cvt (cer.subjectInfo (QSslCertificate::CountryName));
	if (!tmpString.isEmpty ())
		new QTreeWidgetItem (subject,
				QStringList (tr ("Country name:")) << tmpString);

	tmpString = cvt (cer.subjectInfo (QSslCertificate::StateOrProvinceName));
	if (!tmpString.isEmpty ())
		new QTreeWidgetItem (subject,
				QStringList (tr ("State or province name:")) << tmpString);
}
Beispiel #9
0
void CertificateDialog::updateValue()
{
	const QSslCertificate certificate(m_certificates.value(m_ui->chainItemView->currentIndex().data(Qt::UserRole).toInt()));
	const CertificateField field(static_cast<CertificateField>(m_ui->detailsItemView->currentIndex().data(Qt::UserRole).toInt()));

	m_ui->valueTextEdit->clear();

	switch (field)
	{
		case ValidityField:
		case PublicKeyField:
		case ExtensionsField:
		case DigestField:
			break;
		case VersionField:
			m_ui->valueTextEdit->setPlainText(QString(certificate.version()));

			break;
		case SerialNumberField:
			m_ui->valueTextEdit->setPlainText(formatHex(QString(certificate.serialNumber()), QLatin1Char(':')));

			break;
		case SignatureAlgorithmField:
			m_ui->valueTextEdit->setPlainText(QRegularExpression(QLatin1String("Signature Algorithm:(.+)")).match(certificate.toText()).captured(1).trimmed());

			break;
		case IssuerField:
			{
				const QList<QByteArray> attributes(certificate.issuerInfoAttributes());

				for (int i = 0; i < attributes.count(); ++i)
				{
					m_ui->valueTextEdit->appendPlainText(QStringLiteral("%1 = %2").arg(QString(attributes.at(i))).arg(certificate.issuerInfo(attributes.at(i)).join(QLatin1String(", "))));
				}
			}

			break;
		case ValidityNotBeforeField:
			m_ui->valueTextEdit->setPlainText(certificate.effectiveDate().toString(QLatin1String("yyyy-MM-dd hh:mm:ss t")));

			break;
		case ValidityNotAfterField:
			m_ui->valueTextEdit->setPlainText(certificate.expiryDate().toString(QLatin1String("yyyy-MM-dd hh:mm:ss t")));

			break;
		case SubjectField:
			{
				const QList<QByteArray> attributes(certificate.subjectInfoAttributes());

				for (int i = 0; i < attributes.count(); ++i)
				{
					m_ui->valueTextEdit->appendPlainText(QStringLiteral("%1 = %2").arg(QString(attributes.at(i))).arg(certificate.subjectInfo(attributes.at(i)).join(QLatin1String(", "))));
				}
			}

			break;
		case PublicKeyValueField:
			{
				const QRegularExpression expression(QLatin1String("Public-Key:[.\\s\\S]+Modulus:([.\\s\\S]+)Exponent:(.+)"), QRegularExpression::MultilineOption);
				const QRegularExpressionMatch match(expression.match(certificate.toText()));

				if (match.hasMatch())
				{
					m_ui->valueTextEdit->setPlainText(tr("Modulus:\n%1\n\nExponent: %2").arg(formatHex(match.captured(1).trimmed().mid(3))).arg(match.captured(2).trimmed()));
				}
			}

			break;
		case PublicKeyAlgorithmField:
			m_ui->valueTextEdit->setPlainText(QRegularExpression(QLatin1String("Public Key Algorithm:(.+)")).match(certificate.toText()).captured(1).trimmed());

			break;
		case ExtensionField:
			{
				const QSslCertificateExtension extension(certificate.extensions().value(m_ui->detailsItemView->currentIndex().data(Qt::UserRole + 1).toInt()));

				m_ui->valueTextEdit->setPlainText(extension.isCritical() ? tr("Critical") : tr("Not Critical"));
				m_ui->valueTextEdit->appendPlainText(tr("OID: %1").arg(extension.oid()));

				if (!extension.value().isNull())
				{
					m_ui->valueTextEdit->appendPlainText(tr("Value:"));

					if (extension.value().type() == QVariant::List)
					{
						const QVariantList list(extension.value().toList());

						for (int i = 0; i < list.count(); ++i)
						{
							m_ui->valueTextEdit->appendPlainText(list.at(i).toString());
						}
					}
					else if (extension.value().type() == QVariant::Map)
					{
						const QVariantMap map(extension.value().toMap());
						QVariantMap::const_iterator iterator;

						for (iterator = map.constBegin(); iterator != map.constEnd(); ++iterator)
						{
							m_ui->valueTextEdit->appendPlainText(QStringLiteral("%1 = %2").arg(iterator.key()).arg(iterator.value().toString()));
						}
					}
					else
					{
						m_ui->valueTextEdit->appendPlainText(extension.value().toString());
					}
				}
			}

			break;
		case DigestSha1Field:
			m_ui->valueTextEdit->setPlainText(formatHex(QString(certificate.digest(QCryptographicHash::Sha1).toHex())));

			break;
		case DigestSha256Field:
			m_ui->valueTextEdit->setPlainText(formatHex(QString(certificate.digest(QCryptographicHash::Sha256).toHex())));

			break;
		default:
			break;
	}

	QTextCursor cursor(m_ui->valueTextEdit->textCursor());
	cursor.setPosition(0);

	m_ui->valueTextEdit->setTextCursor(cursor);
}
Beispiel #10
0
QString dumpCertificateFingerprint(const QSslCertificate &cert, const QCryptographicHash::Algorithm &algorithm)
{
    if(cert.isNull())
      return "";
    return dumpHexPresentation(cert.digest(algorithm).toHex());
}
void DVRServer::setKnownCertificate(const QSslCertificate &certificate)
{
    m_configuration.setSslDigest(certificate.digest(QCryptographicHash::Sha1));
}
bool WebDavCommandEntity::startWork()
{
    if (!CommandEntity::startWork()) {
        abortWork();
        return false;
    }

    if (!this->m_client) {
        qWarning() << "No valid client object available, aborting";
        abortWork();
        return false;
    }

    if (this->m_reply) {
        QObject::connect(this->m_reply, &QNetworkReply::destroyed, this, [=](){
            QObject::disconnect(this->m_reply, 0, 0, 0);
            this->m_reply = Q_NULLPTR;
        });

        QObject::connect(this->m_reply,
                         static_cast<void(QNetworkReply::*)(QNetworkReply::NetworkError)>(&QNetworkReply::error), this,
                         [=](QNetworkReply::NetworkError error) {
            qWarning() << "Aborting due to network error:" << error;
            // TODO: stale files when aborting?
            // Aborting due to network error: QNetworkReply::ContentNotFoundError
            // abortWork();
            Q_EMIT aborted();
        });

        QObject::connect(this->m_reply, &QNetworkReply::finished, this, [=]() {
            qDebug() << "WebDav request complete:" << this->m_reply->url().toString();
            qDebug() << this->m_reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
            if (this->m_reply->error() != QNetworkReply::NoError)
                return;

            Q_EMIT done();
        });

        QObject::connect(this->m_reply, &QNetworkReply::downloadProgress,
                         this, [=](qint64 bytesReceived, qint64 bytesTotal) {
            if (bytesTotal < 1)
                return;
            const qreal newProgress = ((qreal)bytesReceived/(qreal)bytesTotal);
            setProgress(newProgress);
        });
        QObject::connect(this->m_reply, &QNetworkReply::uploadProgress,
                         this, [=](qint64 bytesSent, qint64 bytesTotal) {
            if (bytesTotal < 1)
                return;
            const qreal newProgress = ((qreal)bytesSent/(qreal)bytesTotal);
            setProgress(newProgress);
        });
    }

    QObject::connect(this->m_client, &QWebdav::checkSslCertifcate,
                     this, [=](const QList<QSslError> &errors) {
        qWarning() << "SSL error occured";

        if (errors.length() > 0) {
            QSslCertificate sslcert = errors[0].certificate();
            const QString md5Digest = sslcert.digest(QCryptographicHash::Md5);
            const QString sha1Digest = sslcert.digest(QCryptographicHash::Sha1);

            Q_EMIT sslErrorOccured(md5Digest, sha1Digest);
        }
        abortWork();
    });

    return true;
}