NetworkManager::Security8021xSetting::Security8021xSetting(const Ptr &other)
    : Setting(other)
    , d_ptr(new Security8021xSettingPrivate())
{
    setEapMethods(other->eapMethods());
    setIdentity(other->identity());
    setAnonymousIdentity(other->anonymousIdentity());
    setPacFile(other->pacFile());
    setCaCertificate(other->caCertificate());
    setCaPath(other->caPath());
    setSubjectMatch(other->subjectMatch());
    setAltSubjectMatches(other->altSubjectMatches());
    setClientCertificate(other->clientCertificate());
    setPhase1PeapVersion(other->phase1PeapVersion());
    setPhase1PeapLabel(other->phase1PeapLabel());
    setPhase1FastProvisioning(other->phase1FastProvisioning());
    setPhase2AuthMethod(other->phase2AuthMethod());
    setPhase2AuthEapMethod(other->phase2AuthEapMethod());
    setPhase2CaCertificate(other->phase2CaCertificate());
    setPhase2CaPath(other->phase2CaPath());
    setPhase2SubjectMatch(other->phase2SubjectMatch());
    setPhase2AltSubjectMatches(other->phase2AltSubjectMatches());
    setPassword(other->password());
    setPasswordFlags(other->passwordFlags());
    setPasswordRaw(other->passwordRaw());
    setPasswordRawFlags(other->passwordRawFlags());
    setPrivateKey(other->privateKey());
    setPrivateKeyPassword(other->privateKeyPassword());
    setPrivateKeyPasswordFlags(other->privateKeyPasswordFlags());
    setPhase2PrivateKey(other->phase2PrivateKey());
    setPhase2PrivateKeyPassword(other->phase2PrivateKeyPassword());
    setPhase2PrivateKeyPasswordFlags(other->phase2PrivateKeyPasswordFlags());
    setSystemCaCertificates(other->systemCaCertificates());
}
Example #2
0
void
SslSocketBase::setPKI(const QSslKey &privateKey,
                      const QSslCertificate &localCertificate) {

    setPrivateKey(privateKey);
    setLocalCertificate(localCertificate);
}
Example #3
0
void
SslSocketBase::setPKI(const QString &keyFilePath,
                      const QString &certFilePath) {

    setPrivateKey(keyFilePath);
    setLocalCertificate(certFilePath);
}
Example #4
0
 Connection::Connection(int socketDescriptor, const QString &cert, const QString &key)
   : serverMode(true), readSize(0)
 {
   setSocketDescriptor(socketDescriptor);
   setLocalCertificate(cert);
   setPrivateKey(key);
 
   init();
   handshake();
 }
Example #5
0
GroupSocket::GroupSocket(GroupAuthority *authority, QObject *parent)
    : QObject(parent)
    , socket{this}
    , timer{this}
    , authority(authority)
{
    timer.setInterval(FIVE_SECOND_TIMEOUT);
    timer.setSingleShot(true);
    connect(&timer, &QTimer::timeout, this, &GroupSocket::onTimeout);

    const auto get_ssl_config = [this, authority]() {
        auto config = socket.sslConfiguration();
        config.setCaCertificates({});
        config.setLocalCertificate(authority->getLocalCertificate());
        config.setPrivateKey(authority->getPrivateKey());
        config.setPeerVerifyMode(QSslSocket::QueryPeer);

        // CVE-2012-4929 forced the below option to be enabled by default but we can disable it because
        // the vulernability only impacts browsers
        config.setSslOption(QSsl::SslOption::SslOptionDisableCompression, false);
        return config;
    };
    socket.setSslConfiguration(get_ssl_config());
    socket.setPeerVerifyName(GROUP_COMMON_NAME);
    connect(&socket, &QAbstractSocket::hostFound, this, [this]() { emit sendLog("Host found..."); });
    connect(&socket, &QAbstractSocket::connected, this, [this]() {
        socket.setSocketOption(QAbstractSocket::LowDelayOption, true);
        socket.setSocketOption(QAbstractSocket::KeepAliveOption, true);
        if (io::tuneKeepAlive(socket.socketDescriptor())) {
            emit sendLog("Tuned TCP keep alive parameters for socket");
        }
        setProtocolState(ProtocolState::AwaitingLogin);
        emit sendLog("Connection established...");
        emit connectionEstablished(this);
    });
    connect(&socket, &QSslSocket::encrypted, this, [this]() {
        timer.stop();
        secret
            = socket.peerCertificate().digest(QCryptographicHash::Algorithm::Sha1).toHex().toLower();
        emit sendLog("Connection successfully encrypted...");
        emit connectionEncrypted(this);
    });
    connect(&socket, &QAbstractSocket::disconnected, this, [this]() {
        timer.stop();
        emit connectionClosed(this);
    });
    connect(&socket, &QIODevice::readyRead, this, &GroupSocket::onReadyRead);
    connect(&socket,
            static_cast<void (QAbstractSocket::*)(QAbstractSocket::SocketError)>(
                &QAbstractSocket::error),
            this,
            &GroupSocket::onError);
    connect(&socket, &QSslSocket::peerVerifyError, this, &GroupSocket::onPeerVerifyError);
}
Example #6
0
void Session::setAsymmetricCryptoOp(AsymmetricAlgorithm *asymmetricCryptoOp)
{
	if (this->asymmetricCryptoOp != NULL)
	{
		setPublicKey(NULL);
		setPrivateKey(NULL);
		CryptoFactory::i()->recycleAsymmetricAlgorithm(asymmetricCryptoOp);
	}

	this->asymmetricCryptoOp = asymmetricCryptoOp;
}
Example #7
0
 void S3::setup(kerberos::StringMap & settings)
 {
     Cloud::setup(settings);
     
     // -------------------------
     // Initialize S3 credentials
     
     setBucket(settings.at("clouds.S3.bucket"));
     setFolder(settings.at("clouds.S3.folder"));
     setPublicKey(settings.at("clouds.S3.publicKey"));
     setPrivateKey(settings.at("clouds.S3.privateKey"));
 }
Example #8
0
//Permet de renseigner le client avec qui le socket doit communiquer
bool Socket::setDescriptor(int socketDescriptor)
{
	if(this->state()==QAbstractSocket::ConnectedState) return false;
	if(!this->setSocketDescriptor(socketDescriptor)) return false;


	//On récupère la clé privée du serveur
	QFile file(PRIVATEKEY_FILE);
	if(!file.open(QIODevice::ReadOnly))
	{
		qDebug("La clé privée du serveur est introuvable.");
		return false;
	}

        QSslKey key(&file, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey, "pass");
	if (key.isNull())
	{
		qDebug("La clé privée du serveur est nulle");
		return false;
	}
	file.close();
	setPrivateKey(key);

	//on charge le certificat du client
	setLocalCertificate( LOCALCERTIFICATE_FILE );

	//on charge le certificat de notre ca
	if(!addCaCertificates(CACERTIFICATES_FILE))
	{
		qDebug("Impossible de charger le certificat du CA.");
		return false;
	}

        //on supprime la vérification des certificats des clients
        //seuls ces derniers vérifient les clés et certificat du serveur
        setPeerVerifyMode(QSslSocket::VerifyNone);

	//on ignore les erreurs car on a un certificat auto signé
        ignoreSslErrors();

	//on se connecte au serveur
	startServerEncryption();

	//On attends au plus 30secondes pour que la connexion s'établisse
	bool result = waitForConnected();
	if(!result) return result;

	result=waitForEncrypted();

	return result;
}
Example #9
0
sslConnection::sslConnection( int socketDescriptor, QObject *parent ) : QSslSocket( parent )
{
  if( !setSocketDescriptor( socketDescriptor ) )
   {
     qDebug() << "Couldn't set socket descriptor";
     deleteLater();
     return;
   }
  
  setPeerVerifyMode(QSslSocket::VerifyPeer);
  setLocalCertificate( "mycert.pem" );
  setPrivateKey("mycert.pem");
  startServerEncryption();
}
Example #10
0
void GKeyPair::generateKeyPair(unsigned int uintCount, const unsigned int* pRawCryptographicBytes1, const unsigned int* pRawCryptographicBytes2, const unsigned int* pRawCryptographicBytes3)
{
	// Make places to put the data
	GBigInt* pOutPublicKey = new GBigInt();
	GBigInt* pOutPrivateKey = new GBigInt();
	GBigInt* pOutN = new GBigInt();

	// Find two primes
	GBigInt p;
	GBigInt q;
	int n;
	for(n = (int)uintCount - 1; n >= 0; n--)
		p.setUInt(n, pRawCryptographicBytes1[n]);
	for(n = uintCount - 1; n >= 0; n--)
		q.setUInt(n, pRawCryptographicBytes2[n]);
	p.setBit(0, true);
	q.setBit(0, true);
	int nTries = 0;
	while(!p.isPrime())
	{
		p.increment();
		p.increment();
		nTries++;
	}
	nTries = 0;
	while(!q.isPrime())
	{
		q.increment();
		q.increment();
		nTries++;
	}

	// Calculate N (the product of the two primes)
	pOutN->multiply(&p, &q);

	// Calculate prod ((p - 1) * (q - 1))
	p.decrement();
	q.decrement();
	GBigInt prod;
	prod.multiply(&p, &q);

	// Calculate public and private keys
	pOutPublicKey->selectPublicKey(pRawCryptographicBytes3, uintCount, &prod);
	pOutPrivateKey->calculatePrivateKey(pOutPublicKey, &prod);

	// Fill in "this" GKeyPair object
	setPublicKey(pOutPublicKey);
	setPrivateKey(pOutPrivateKey);
	setN(pOutN);
}
Example #11
0
RSAZCryptor::RSAZCryptor(const char* privatekey, const char* passphrase)
{
    init();
    setPrivateKey(privatekey, passphrase);
}
Example #12
0
/*!
 * This is an overloaded function, provided for convenience.
 *
 * Sets the private key used for encryption to the key contained in the file specified by
 * \a path. The specified algorithm, format, and pass phrase are used to decrypt the key.
 *
 * \sa privateKey
 */
void QxtSslServer::setPrivateKey(const QString& path, QSsl::KeyAlgorithm algo, QSsl::EncodingFormat format, const QByteArray& passPhrase)
{
    QFile file(path);
    if(!file.open(QIODevice::ReadOnly)) return;
    setPrivateKey(QSslKey(&file, algo, format, QSsl::PrivateKey, passPhrase));
}
void NetworkManager::Security8021xSetting::fromMap(const QVariantMap &setting)
{
    if (setting.contains(QLatin1String(NM_SETTING_802_1X_EAP))) {
        const QStringList methods = setting.value(QLatin1String(NM_SETTING_802_1X_EAP)).toStringList();
        QList<EapMethod> eapMethods;
        Q_FOREACH (const QString & method, methods) {
            if (method == "leap") {
                eapMethods << EapMethodLeap;
            } else if (method == "md5") {
                eapMethods << EapMethodMd5;
            } else if (method == "tls") {
                eapMethods << EapMethodTls;
            } else if (method == "peap") {
                eapMethods << EapMethodPeap;
            } else if (method == "ttls") {
                eapMethods << EapMethodTtls;
            } else if (method == "sim") {
                eapMethods << EapMethodSim;
            } else if (method == "fast") {
                eapMethods << EapMethodFast;
            }
        }

        setEapMethods(eapMethods);
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_IDENTITY))) {
        setIdentity(setting.value(QLatin1String(NM_SETTING_802_1X_IDENTITY)).toString());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_ANONYMOUS_IDENTITY))) {
        setAnonymousIdentity(setting.value(QLatin1String(NM_SETTING_802_1X_ANONYMOUS_IDENTITY)).toString());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PAC_FILE))) {
        setPacFile(setting.value(QLatin1String(NM_SETTING_802_1X_PAC_FILE)).toString());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_CA_CERT))) {
        setCaCertificate(setting.value(QLatin1String(NM_SETTING_802_1X_CA_CERT)).toByteArray());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_CA_PATH))) {
        setCaPath(setting.value(QLatin1String(NM_SETTING_802_1X_CA_PATH)).toString());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_SUBJECT_MATCH))) {
        setSubjectMatch(setting.value(QLatin1String(NM_SETTING_802_1X_SUBJECT_MATCH)).toString());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_ALTSUBJECT_MATCHES))) {
        setAltSubjectMatches(setting.value(QLatin1String(NM_SETTING_802_1X_ALTSUBJECT_MATCHES)).toStringList());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_CLIENT_CERT))) {
        setClientCertificate(setting.value(QLatin1String(NM_SETTING_802_1X_CLIENT_CERT)).toByteArray());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PHASE1_PEAPVER))) {
        const QString version = setting.value(QLatin1String(NM_SETTING_802_1X_PHASE1_PEAPVER)).toString();

        if (version == "0") {
            setPhase1PeapVersion(PeapVersionZero);
        } else if (version == "1") {
            setPhase1PeapVersion(PeapVersionOne);
        }
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PHASE1_PEAPLABEL))) {
        const QString label = setting.value(QLatin1String(NM_SETTING_802_1X_PHASE1_PEAPLABEL)).toString();

        if (label == "1") {
            setPhase1PeapLabel(PeapLabelForce);
        }
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING))) {
        const QString provisioning = setting.value(QLatin1String(NM_SETTING_802_1X_PHASE1_FAST_PROVISIONING)).toString();

        if (provisioning == "0") {
            setPhase1FastProvisioning(FastProvisioningDisabled);
        } else if (provisioning == "1") {
            setPhase1FastProvisioning(FastProvisioningAllowUnauthenticated);
        } else if (provisioning == "2") {
            setPhase1FastProvisioning(FastProvisioningAllowAuthenticated);
        } else if (provisioning == "3") {
            setPhase1FastProvisioning(FastProvisioningAllowBoth);
        }
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PHASE2_AUTH))) {
        const QString authMethod = setting.value(QLatin1String(NM_SETTING_802_1X_PHASE2_AUTH)).toString();

        if (authMethod == "pap") {
            setPhase2AuthMethod(AuthMethodPap);
        } else if (authMethod == "chap") {
            setPhase2AuthMethod(AuthMethodChap);
        } else if (authMethod == "mschap") {
            setPhase2AuthMethod(AuthMethodMschap);
        } else if (authMethod == "mschapv2") {
            setPhase2AuthMethod(AuthMethodMschapv2);
        } else if (authMethod == "gtc") {
            setPhase2AuthMethod(AuthMethodGtc);
        } else if (authMethod == "otp") {
            setPhase2AuthMethod(AuthMethodOtp);
        } else if (authMethod == "md5") {
            setPhase2AuthMethod(AuthMethodMd5);
        } else if (authMethod == "tls") {
            setPhase2AuthMethod(AuthMethodTls);
        }
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PHASE2_AUTHEAP))) {
        const QString authEapMethod = setting.value(QLatin1String(NM_SETTING_802_1X_PHASE2_AUTHEAP)).toString();

        if (authEapMethod == "md5") {
            setPhase2AuthEapMethod(AuthEapMethodMd5);
        } else if (authEapMethod == "mschapv2") {
            setPhase2AuthEapMethod(AuthEapMethodMschapv2);
        } else if (authEapMethod == "otp") {
            setPhase2AuthEapMethod(AuthEapMethodOtp);
        } else if (authEapMethod == "gtc") {
            setPhase2AuthEapMethod(AuthEapMethodGtc);
        } else if (authEapMethod == "tls") {
            setPhase2AuthEapMethod(AuthEapMethodTls);
        }
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PHASE2_CA_CERT))) {
        setPhase2CaCertificate(setting.value(QLatin1String(NM_SETTING_802_1X_PHASE2_CA_CERT)).toByteArray());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PHASE2_CA_PATH))) {
        setPhase2CaPath(setting.value(QLatin1String(NM_SETTING_802_1X_PHASE2_CA_PATH)).toString());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH))) {
        setPhase2SubjectMatch(setting.value(QLatin1String(NM_SETTING_802_1X_PHASE2_SUBJECT_MATCH)).toString());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES))) {
        setPhase2AltSubjectMatches(setting.value(QLatin1String(NM_SETTING_802_1X_PHASE2_ALTSUBJECT_MATCHES)).toStringList());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PHASE2_CLIENT_CERT))) {
        setPhase2ClientCertificate(setting.value(QLatin1String(NM_SETTING_802_1X_PHASE2_CLIENT_CERT)).toByteArray());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PASSWORD))) {
        setPassword(setting.value(QLatin1String(NM_SETTING_802_1X_PASSWORD)).toString());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PASSWORD_FLAGS))) {
        setPasswordFlags((Setting::SecretFlags)setting.value(QLatin1String(NM_SETTING_802_1X_PASSWORD_FLAGS)).toUInt());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PASSWORD_RAW))) {
        setPasswordRaw(setting.value(QLatin1String(NM_SETTING_802_1X_PASSWORD_RAW)).toByteArray());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PASSWORD_RAW_FLAGS))) {
        setPasswordRawFlags((Setting::SecretFlags)setting.value(QLatin1String(NM_SETTING_802_1X_PASSWORD_RAW_FLAGS)).toUInt());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PRIVATE_KEY))) {
        setPrivateKey(setting.value(QLatin1String(NM_SETTING_802_1X_PRIVATE_KEY)).toByteArray());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD))) {
        setPrivateKeyPassword(setting.value(QLatin1String(NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD)).toString());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD_FLAGS))) {
        setPrivateKeyPasswordFlags((Setting::SecretFlags)setting.value(QLatin1String(NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD_FLAGS)).toUInt());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PHASE2_PRIVATE_KEY))) {
        setPhase2PrivateKey(setting.value(QLatin1String(NM_SETTING_802_1X_PHASE2_PRIVATE_KEY)).toByteArray());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD))) {
        setPhase2PrivateKeyPassword(setting.value(QLatin1String(NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD)).toString());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD_FLAGS))) {
        setPhase2PrivateKeyPasswordFlags((Setting::SecretFlags)setting.value(QLatin1String(NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD_FLAGS)).toUInt());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PIN))) {
        setPin(setting.value(QLatin1String(NM_SETTING_802_1X_PIN)).toString());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_PIN_FLAGS))) {
        setPinFlags((Setting::SecretFlags)setting.value(QLatin1String(NM_SETTING_802_1X_PIN_FLAGS)).toUInt());
    }

    if (setting.contains(QLatin1String(NM_SETTING_802_1X_SYSTEM_CA_CERTS))) {
        setSystemCaCertificates(setting.value(QLatin1String(NM_SETTING_802_1X_SYSTEM_CA_CERTS)).toBool());
    }
}