Example #1
0
int SsuRepoManager::add(QString repo, QString repoUrl){
  SsuCoreConfig *ssuSettings = SsuCoreConfig::instance();

  // adding a repo is a noop when device is in update mode...
  if ((ssuSettings->deviceMode() & Ssu::UpdateMode) == Ssu::UpdateMode)
    return -1;

  // ... or in AppInstallMode
  if ((ssuSettings->deviceMode() & Ssu::AppInstallMode) == Ssu::AppInstallMode)
    return -1;

  if (repoUrl == ""){
    // just enable a repository which has URL in repos.ini
    QStringList enabledRepos;
    if (ssuSettings->contains("enabled-repos"))
      enabledRepos = ssuSettings->value("enabled-repos").toStringList();

    enabledRepos.append(repo);
    enabledRepos.removeDuplicates();
    ssuSettings->setValue("enabled-repos", enabledRepos);
  } else
    ssuSettings->setValue("repository-urls/" + repo, repoUrl);

  ssuSettings->sync();
  return 0;
}
Example #2
0
int SsuRepoManager::remove(QString repo){
  SsuCoreConfig *ssuSettings = SsuCoreConfig::instance();

  // removing a repo is a noop when device is in update mode...
  if ((ssuSettings->deviceMode() & Ssu::UpdateMode) == Ssu::UpdateMode)
    return -1;

  // ... or AppInstallMode
  if ((ssuSettings->deviceMode() & Ssu::AppInstallMode) == Ssu::AppInstallMode)
    return -1;

  if (ssuSettings->contains("repository-urls/" + repo))
    ssuSettings->remove("repository-urls/" + repo);

  if (ssuSettings->contains("enabled-repos")){
    QStringList enabledRepos = ssuSettings->value("enabled-repos").toStringList();
    if (enabledRepos.contains(repo)){
      enabledRepos.removeAll(repo);
      enabledRepos.removeDuplicates();
      ssuSettings->setValue("enabled-repos", enabledRepos);
    }
  }

  ssuSettings->sync();

  return 0;
}
Example #3
0
int SsuRepoManager::enable(QString repo){
  SsuCoreConfig *ssuSettings = SsuCoreConfig::instance();
  QStringList disabledRepos;

  if (ssuSettings->contains("disabled-repos"))
    disabledRepos = ssuSettings->value("disabled-repos").toStringList();

  disabledRepos.removeAll(repo);
  disabledRepos.removeDuplicates();

  ssuSettings->setValue("disabled-repos", disabledRepos);
  ssuSettings->sync();

  return 0;
}
Example #4
0
QString SsuRepoManager::caCertificatePath(QString domain){
  SsuCoreConfig *settings = SsuCoreConfig::instance();
  SsuSettings repoSettings(SSU_REPO_CONFIGURATION, QSettings::IniFormat);

  if (domain.isEmpty())
    domain = settings->domain();

  QString ca = SsuVariables::variable(&repoSettings, domain + "-domain",
                                      "_ca-certificate").toString();
  if (!ca.isEmpty())
    return ca;

  // compat setting, can go away after some time
  if (settings->contains("ca-certificate"))
    return settings->value("ca-certificate").toString();

  return "";
}
Example #5
0
File: ssu.cpp Project: lbt/ssu
void Ssu::updateCredentials(bool force){
  SsuCoreConfig *settings = SsuCoreConfig::instance();
  errorFlag = false;

  SsuLog *ssuLog = SsuLog::instance();

  if (deviceInfo.deviceUid() == ""){
    setError("No valid UID available for your device. For phones: is your modem online?");
    return;
  }

  QString ssuCaCertificate, ssuCredentialsUrl;
  if (!settings->contains("ca-certificate")){
    setError("CA certificate for SSU not set (config key 'ca-certificate')");
    return;
  } else
    ssuCaCertificate = settings->value("ca-certificate").toString();

  if (!settings->contains("credentials-url")){
    ssuCredentialsUrl = repoUrl("credentials-url");
    if (ssuCredentialsUrl.isEmpty()){
      setError("URL for credentials update not set (config key 'credentials-url')");
      return;
    }
  } else
    ssuCredentialsUrl = settings->value("credentials-url").toString();

  if (!isRegistered()){
    setError("Device is not registered.");
    return;
  }

  if (!force){
    // skip updating if the last update was less than 30 minutes ago
    QDateTime now = QDateTime::currentDateTime();

    if (settings->contains("lastCredentialsUpdate")){
      QDateTime last = settings->value("lastCredentialsUpdate").toDateTime();
      if (last >= now.addSecs(-1800)){
        ssuLog->print(LOG_DEBUG, QString("Skipping credentials update, last update was at %1")
                     .arg(last.toString()));
        emit done();
        return;
      }
    }
  }

  // check when the last update was, decide if an update is required
  QSslConfiguration sslConfiguration;
  if (!useSslVerify())
    sslConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone);

  QSslKey privateKey(settings->value("privateKey").toByteArray(), QSsl::Rsa);
  QSslCertificate certificate(settings->value("certificate").toByteArray());

  QList<QSslCertificate> caCertificates;
  caCertificates << QSslCertificate::fromPath(ssuCaCertificate);
  sslConfiguration.setCaCertificates(caCertificates);

  sslConfiguration.setPrivateKey(privateKey);
  sslConfiguration.setLocalCertificate(certificate);

  QNetworkRequest request;
  request.setUrl(QUrl(ssuCredentialsUrl.arg(deviceInfo.deviceUid())));

  ssuLog->print(LOG_DEBUG, QString("Sending credential update request to %1")
               .arg(request.url().toString()));
  request.setSslConfiguration(sslConfiguration);

  pendingRequests++;
  manager->get(request);
}
Example #6
0
File: ssu.cpp Project: lbt/ssu
void Ssu::sendRegistration(QString usernameDomain, QString password){
  errorFlag = false;

  QString ssuCaCertificate, ssuRegisterUrl;
  QString username, domainName;

  SsuLog *ssuLog = SsuLog::instance();
  SsuCoreConfig *settings = SsuCoreConfig::instance();

  // Username can include also domain, (user@domain), separate those
  if (usernameDomain.contains('@')) {
      // separate domain/username and set domain
      username = usernameDomain.section('@', 0, 0);
      domainName = usernameDomain.section('@', 1, 1);
      setDomain(domainName);
  } else {
      // No domain defined
      username = usernameDomain;
  }

  if (!settings->contains("ca-certificate")){
    setError("CA certificate for SSU not set (config key 'ca-certificate')");
    return;
  } else
    ssuCaCertificate = settings->value("ca-certificate").toString();

  if (!settings->contains("register-url")){
    ssuRegisterUrl = repoUrl("register-url");
    if (ssuRegisterUrl.isEmpty()){
      setError("URL for SSU registration not set (config key 'register-url')");
      return;
    }
  } else
    ssuRegisterUrl = settings->value("register-url").toString();

  QString IMEI = deviceInfo.deviceUid();
  if (IMEI == ""){
    setError("No valid UID available for your device. For phones: is your modem online?");
    return;
  }

  QSslConfiguration sslConfiguration;
  if (!useSslVerify())
    sslConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone);

  sslConfiguration.setCaCertificates(QSslCertificate::fromPath(ssuCaCertificate));

  QNetworkRequest request;
  request.setUrl(QUrl(QString(ssuRegisterUrl)
                      .arg(IMEI)
                   ));
  request.setSslConfiguration(sslConfiguration);
  request.setRawHeader("Authorization", "Basic " +
                       QByteArray(QString("%1:%2")
                                  .arg(username).arg(password)
                                  .toAscii()).toBase64());
  request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");

  QUrl form;
  form.addQueryItem("protocolVersion", SSU_PROTOCOL_VERSION);
  form.addQueryItem("deviceModel", deviceInfo.deviceModel());
  if (!domain().isEmpty()){
    form.addQueryItem("domain", domain());
  }

  qDebug() << "Sending request to " << request.url();
  qDebug() << form.encodedQueryItems();

  QNetworkReply *reply;

  pendingRequests++;
  reply = manager->post(request, form.encodedQuery());
  // we could expose downloadProgress() from reply in case we want progress info

  QString homeUrl = settings->value("home-url").toString().arg(username);
  if (!homeUrl.isEmpty()){
    // clear header, the other request bits are reusable
    request.setHeader(QNetworkRequest::ContentTypeHeader, 0);
    request.setUrl(homeUrl + "/authorized_keys");
    ssuLog->print(LOG_DEBUG, QString("Trying to get SSH keys from %1").arg(request.url().toString()));
    pendingRequests++;
    manager->get(request);
  }
}
Example #7
0
File: ssu.cpp Project: lbt/ssu
void Ssu::requestFinished(QNetworkReply *reply){
  QSslConfiguration sslConfiguration = reply->sslConfiguration();
  SsuLog *ssuLog = SsuLog::instance();
  SsuCoreConfig *settings = SsuCoreConfig::instance();

  ssuLog->print(LOG_DEBUG, QString("Certificate used was issued for '%1' by '%2'. Complete chain:")
               .arg(sslConfiguration.peerCertificate().subjectInfo(QSslCertificate::CommonName))
               .arg(sslConfiguration.peerCertificate().issuerInfo(QSslCertificate::CommonName)));

  foreach (const QSslCertificate cert, sslConfiguration.peerCertificateChain()){
    ssuLog->print(LOG_DEBUG, QString("-> %1").arg(cert.subjectInfo(QSslCertificate::CommonName)));
  }

  // what sucks more, this or goto?
  do {
    if (settings->contains("home-url")){
      QString homeUrl = settings->value("home-url").toString().arg("");
      homeUrl.remove(QRegExp("//+$"));
      QNetworkRequest request = reply->request();

      if (request.url().toString().startsWith(homeUrl, Qt::CaseInsensitive)){
        // we don't care about errors on download request
        if (reply->error() > 0) break;
        QByteArray data = reply->readAll();
        storeAuthorizedKeys(data);
        break;
      }
    }

    if (reply->error() > 0){
      pendingRequests--;
      setError(reply->errorString());
      return;
    } else {
      QByteArray data = reply->readAll();
      qDebug() << "RequestOutput" << data;

      QDomDocument doc;
      QString xmlError;
      if (!doc.setContent(data, &xmlError)){
        pendingRequests--;
        setError(tr("Unable to parse server response (%1)").arg(xmlError));
        return;
      }

      QString action = doc.elementsByTagName("action").at(0).toElement().text();

      if (!verifyResponse(&doc)) break;

      if (action == "register"){
        if (!registerDevice(&doc)) break;
      } else if (action == "credentials"){
        if (!setCredentials(&doc)) break;
      } else {
        pendingRequests--;
        setError(tr("Response to unknown action encountered: %1").arg(action));
        return;
      }
    }
  } while (false);

  pendingRequests--;

  ssuLog->print(LOG_DEBUG, QString("Request finished, pending requests: %1").arg(pendingRequests));
  if (pendingRequests == 0)
    emit done();
}
Example #8
0
File: ssu.cpp Project: jvihrial/ssu
void Ssu::requestFinished(QNetworkReply *reply){
  QSslConfiguration sslConfiguration = reply->sslConfiguration();
  SsuLog *ssuLog = SsuLog::instance();
  SsuCoreConfig *settings = SsuCoreConfig::instance();
  QNetworkRequest request = reply->request();
  QVariant originalDomainVariant = request.attribute(SSU_NETWORK_REQUEST_DOMAIN_DATA);

#if QT_VERSION >= QT_VERSION_CHECK(5, 0, 0)
  ssuLog->print(LOG_DEBUG, QString("Certificate used was issued for '%1' by '%2'. Complete chain:")
                .arg(sslConfiguration.peerCertificate().subjectInfo(QSslCertificate::CommonName).join(""))
                .arg(sslConfiguration.peerCertificate().issuerInfo(QSslCertificate::CommonName).join("")));

  foreach (const QSslCertificate cert, sslConfiguration.peerCertificateChain()){
    ssuLog->print(LOG_DEBUG, QString("-> %1").arg(cert.subjectInfo(QSslCertificate::CommonName).join("")));
  }
#else
  ssuLog->print(LOG_DEBUG, QString("Certificate used was issued for '%1' by '%2'. Complete chain:")
               .arg(sslConfiguration.peerCertificate().subjectInfo(QSslCertificate::CommonName))
               .arg(sslConfiguration.peerCertificate().issuerInfo(QSslCertificate::CommonName)));

  foreach (const QSslCertificate cert, sslConfiguration.peerCertificateChain()){
    ssuLog->print(LOG_DEBUG, QString("-> %1").arg(cert.subjectInfo(QSslCertificate::CommonName)));
  }
#endif

  pendingRequests--;

  QString action;
  QByteArray data;
  QDomDocument doc;
  QString xmlError;

  /// @TODO: indicate that the device is not registered if there's a 404 on credentials update url
  if (settings->contains("home-url")){
    QString homeUrl = settings->value("home-url").toString().arg("");
    homeUrl.remove(QRegExp("//+$"));

    if (request.url().toString().startsWith(homeUrl, Qt::CaseInsensitive)){
      // we don't care about errors on download request
      if (reply->error() == 0) {
          QByteArray data = reply->readAll();
          storeAuthorizedKeys(data);
      }

      goto success;
    }
  }

  if (reply->error() > 0){
    setError(reply->errorString());
    goto failure;
  }

  data = reply->readAll();
  ssuLog->print(LOG_DEBUG, QString("RequestOutput %1")
                .arg(data.data()));

  if (!doc.setContent(data, &xmlError)){
    setError(tr("Unable to parse server response (%1)").arg(xmlError));
    goto failure;
  }

  action = doc.elementsByTagName("action").at(0).toElement().text();

  if (!verifyResponse(&doc)) {
    goto failure;
  }

  ssuLog->print(LOG_DEBUG, QString("Handling request of type %1")
                .arg(action));
  if (action == "register") {
    if (registerDevice(&doc)) {
      goto success;
    }
  } else if (action == "credentials") {
    if (setCredentials(&doc)) {
      goto success;
    }
  } else {
    setError(tr("Response to unknown action encountered: %1").arg(action));
  }

failure:
  // Restore the original domain in case of failures with the registration
  if (!originalDomainVariant.isNull()) {
    QString originalDomain = originalDomainVariant.toString();
    ssuLog->print(LOG_DEBUG, QString("Restoring domain on error: '%1'").arg(originalDomain));
    setDomain(originalDomain);
  }

  // Fall through to cleanup handling in success from failure label
success:
  ssuLog->print(LOG_DEBUG, QString("Request finished, pending requests: %1").arg(pendingRequests));
  if (pendingRequests == 0) {
    emit done();
  }
}