void SettingsDialog::updateCert()
{
QSslCertificate c = AccessCert::cert();
if( !c.isNull() )
d->p12Error->setText( tr("Issued to: %1<br />Valid to: %2 %3")
.arg( SslCertificate(c).subjectInfo( QSslCertificate::CommonName ) )
.arg( c.expiryDate().toString("dd.MM.yyyy") )
.arg( !c.isValid() ? "<font color='red'>(" + tr("expired") + ")</font>" : "" ) );
else
d->p12Error->setText( "<b>" + tr("Server access certificate is not installed.") + "</b>" );
d->showP12Cert->setEnabled( !c.isNull() );
d->showP12Cert->setProperty( "cert", QVariant::fromValue( c ) );
}
void NetworkManager::setSSLConfiguration(QNetworkReply* reply)
{
if (!reply->sslConfiguration().isNull()) {
QSslCertificate cert = reply->sslConfiguration().peerCertificate();
if (!cert.isValid() || reply->property("downReply").toBool()) {
return;
}
QNetworkRequest request = reply->request();
QVariant v = request.attribute((QNetworkRequest::Attribute)(QNetworkRequest::User + 100));
WebPage* webPage = static_cast<WebPage*>(v.value<void*>());
if (!webPage) {
return;
}
if (webPage->url().host() == reply->url().host()) {
webPage->setSSLCertificate(cert);
}
}
}
QString dumpCertificate(const QSslCertificate &cert)
{
if (cert.isNull())
return "\n-\n";
QString s = "\n";
#if (QT_VERSION >= QT_VERSION_CHECK(5, 0, 0))
s += cert.toText();
#else
QString s_none = QObject::tr("<Not Part of Certificate>");
#define CERTIFICATE_STR(x) ( ((x) == "" ) ? s_none : (x) )
s += "Certificate:\n";
s += "\nIssued To:\n";
s += "CommonName(CN): " + CERTIFICATE_STR(cert.subjectInfo(QSslCertificate::CommonName)) + "\n";
s += "Organization(O): " + CERTIFICATE_STR(cert.subjectInfo(QSslCertificate::Organization)) + "\n";
s += "OrganizationalUnitName(OU): " + CERTIFICATE_STR(cert.subjectInfo(QSslCertificate::OrganizationalUnitName)) + "\n";
s += "Serial Number: " + dumpHexPresentation(cert.serialNumber()) + "\n";
s += "\nIssued By:\n";
s += "CommonName(CN): " + CERTIFICATE_STR(cert.issuerInfo(QSslCertificate::CommonName)) + "\n";
s += "Organization(O): " + CERTIFICATE_STR(cert.issuerInfo(QSslCertificate::Organization)) + "\n";
s += "OrganizationalUnitName(OU): " + CERTIFICATE_STR(cert.issuerInfo(QSslCertificate::OrganizationalUnitName)) + "\n";
s += "\nPeriod Of Validity\n";
s += "Begins On: " + cert.effectiveDate().toString() + "\n";
s += "Expires On: " + cert.expiryDate().toString() + "\n";
s += "IsValid: " + (cert.isValid() ? QString("Yes") : QString("No")) + "\n";
s += "\nFingerprints\n";
s += "SHA1 Fingerprint:\n" + dumpCertificateFingerprint(cert, QCryptographicHash::Sha1) + "\n";
s += "MD5 Fingerprint:\n" + dumpCertificateFingerprint(cert, QCryptographicHash::Md5) + "\n";
#endif
s += "\n\n";
s += cert.toPem();
return s;
}
void LeechCraft::SslErrorsDialog::PopulateTree (const QSslError& error)
{
QTreeWidgetItem *item = new QTreeWidgetItem (Ui_.Errors_,
QStringList ("Error:") << error.errorString ());
QSslCertificate cer = error.certificate ();
if (cer.isNull ())
{
new QTreeWidgetItem (item,
QStringList (tr ("Certificate")) <<
tr ("(No certificate available for this error)"));
return;
}
new QTreeWidgetItem (item, QStringList (tr ("Valid:")) <<
(cer.isValid () ? tr ("yes") : tr ("no")));
new QTreeWidgetItem (item, QStringList (tr ("Effective date:")) <<
cer.effectiveDate ().toString ());
new QTreeWidgetItem (item, QStringList (tr ("Expiry date:")) <<
cer.expiryDate ().toString ());
new QTreeWidgetItem (item, QStringList (tr ("Version:")) <<
cer.version ());
new QTreeWidgetItem (item, QStringList (tr ("Serial number:")) <<
cer.serialNumber ());
new QTreeWidgetItem (item, QStringList (tr ("MD5 digest:")) <<
cer.digest ().toHex ());
new QTreeWidgetItem (item, QStringList (tr ("SHA1 digest:")) <<
cer.digest (QCryptographicHash::Sha1).toHex ());
QTreeWidgetItem *issuer = new QTreeWidgetItem (item,
QStringList (tr ("Issuer info")));
QString tmpString;
#if QT_VERSION >= 0x050000
auto cvt = [] (const QStringList& list) { return list.join ("; "); };
#else
auto cvt = [] (const QString& str) { return str; };
#endif
tmpString = cvt (cer.issuerInfo (QSslCertificate::Organization));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (issuer,
QStringList (tr ("Organization:")) << tmpString);
tmpString = cvt (cer.issuerInfo (QSslCertificate::CommonName));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (issuer,
QStringList (tr ("Common name:")) << tmpString);
tmpString = cvt (cer.issuerInfo (QSslCertificate::LocalityName));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (issuer,
QStringList (tr ("Locality:")) << tmpString);
tmpString = cvt (cer.issuerInfo (QSslCertificate::OrganizationalUnitName));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (issuer,
QStringList (tr ("Organizational unit name:")) << tmpString);
tmpString = cvt (cer.issuerInfo (QSslCertificate::CountryName));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (issuer,
QStringList (tr ("Country name:")) << tmpString);
tmpString = cvt (cer.issuerInfo (QSslCertificate::StateOrProvinceName));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (issuer,
QStringList (tr ("State or province name:")) << tmpString);
QTreeWidgetItem *subject = new QTreeWidgetItem (item,
QStringList (tr ("Subject info")));
tmpString = cvt (cer.subjectInfo (QSslCertificate::Organization));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (subject,
QStringList (tr ("Organization:")) << tmpString);
tmpString = cvt (cer.subjectInfo (QSslCertificate::CommonName));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (subject,
QStringList (tr ("Common name:")) << tmpString);
tmpString = cvt (cer.subjectInfo (QSslCertificate::LocalityName));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (subject,
QStringList (tr ("Locality:")) << tmpString);
tmpString = cvt (cer.subjectInfo (QSslCertificate::OrganizationalUnitName));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (subject,
QStringList (tr ("Organizational unit name:")) << tmpString);
tmpString = cvt (cer.subjectInfo (QSslCertificate::CountryName));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (subject,
QStringList (tr ("Country name:")) << tmpString);
tmpString = cvt (cer.subjectInfo (QSslCertificate::StateOrProvinceName));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (subject,
QStringList (tr ("State or province name:")) << tmpString);
}
bool SslServer::setCertificate(const QString &path, const QString &keyPath)
{
// Don't reset _isCertValid here, in case an older but valid certificate is still loaded.
// Use temporary variables in order to avoid overwriting the existing certificates until
// everything is confirmed good.
QSslCertificate untestedCert;
QList<QSslCertificate> untestedCA;
QSslKey untestedKey;
if (path.isEmpty())
return false;
QFile certFile(path);
if (!certFile.exists()) {
quWarning() << "SslServer: Certificate file" << qPrintable(path) << "does not exist";
return false;
}
if (!certFile.open(QIODevice::ReadOnly)) {
quWarning()
<< "SslServer: Failed to open certificate file" << qPrintable(path)
<< "error:" << certFile.error();
return false;
}
QList<QSslCertificate> certList = QSslCertificate::fromDevice(&certFile);
if (certList.isEmpty()) {
quWarning() << "SslServer: Certificate file doesn't contain a certificate";
return false;
}
untestedCert = certList[0];
certList.removeFirst(); // remove server cert
// store CA and intermediates certs
untestedCA = certList;
if (!certFile.reset()) {
quWarning() << "SslServer: IO error reading certificate file";
return false;
}
// load key from keyPath if it differs from path, otherwise load key from path
if(path != keyPath) {
QFile keyFile(keyPath);
if(!keyFile.exists()) {
quWarning() << "SslServer: Key file" << qPrintable(keyPath) << "does not exist";
return false;
}
if (!keyFile.open(QIODevice::ReadOnly)) {
quWarning()
<< "SslServer: Failed to open key file" << qPrintable(keyPath)
<< "error:" << keyFile.error();
return false;
}
untestedKey = QSslKey(&keyFile, QSsl::Rsa);
keyFile.close();
} else {
untestedKey = QSslKey(&certFile, QSsl::Rsa);
}
certFile.close();
if (untestedCert.isNull()) {
quWarning() << "SslServer:" << qPrintable(path) << "contains no certificate data";
return false;
}
// We allow the core to offer SSL anyway, so no "return false" here. Client will warn about the cert being invalid.
const QDateTime now = QDateTime::currentDateTime();
if (now < untestedCert.effectiveDate())
quWarning() << "SslServer: Certificate won't be valid before" << untestedCert.effectiveDate().toString();
else if (now > untestedCert.expiryDate())
quWarning() << "SslServer: Certificate expired on" << untestedCert.expiryDate().toString();
else { // Qt4's isValid() checks for time range and blacklist; avoid a double warning, hence the else block
#if QT_VERSION < 0x050000
if (!untestedCert.isValid())
#else
if (untestedCert.isBlacklisted())
#endif
quWarning() << "SslServer: Certificate blacklisted";
}
if (untestedKey.isNull()) {
quWarning() << "SslServer:" << qPrintable(keyPath) << "contains no key data";
return false;
}
_isCertValid = true;
// All keys are valid, update the externally visible copy used for new connections.
_cert = untestedCert;
_ca = untestedCA;
_key = untestedKey;
return _isCertValid;
}
bool QgsAuthPkiPathsEdit::validateConfig()
{
// required components
QString certpath( lePkiPathsCert->text() );
QString keypath( lePkiPathsKey->text() );
bool certfound = QFile::exists( certpath );
bool keyfound = QFile::exists( keypath );
QgsAuthGuiUtils::fileFound( certpath.isEmpty() || certfound, lePkiPathsCert );
QgsAuthGuiUtils::fileFound( keypath.isEmpty() || keyfound, lePkiPathsKey );
if ( !certfound || !keyfound )
{
writePkiMessage( lePkiPathsMsg, tr( "Missing components" ), Invalid );
return validityChange( false );
}
// check for issue date validity, then notify status
QSslCertificate cert;
QFile file( certpath );
QFileInfo fileinfo( file );
QString ext( fileinfo.fileName().replace( fileinfo.completeBaseName(), "" ).toLower() );
if ( ext.isEmpty() )
{
writePkiMessage( lePkiPathsMsg, tr( "Certificate file has no extension" ), Invalid );
return validityChange( false );
}
QFile::OpenMode openflags( QIODevice::ReadOnly );
QSsl::EncodingFormat encformat( QSsl::Der );
if ( ext == ".pem" )
{
openflags |= QIODevice::Text;
encformat = QSsl::Pem;
}
if ( file.open( openflags ) )
{
cert = QSslCertificate( file.readAll(), encformat );
file.close();
}
else
{
writePkiMessage( lePkiPathsMsg, tr( "Failed to read certificate file" ), Invalid );
return validityChange( false );
}
if ( cert.isNull() )
{
writePkiMessage( lePkiPathsMsg, tr( "Failed to load certificate from file" ), Invalid );
return validityChange( false );
}
bool certvalid = cert.isValid();
QDateTime startdate( cert.effectiveDate() );
QDateTime enddate( cert.expiryDate() );
writePkiMessage( lePkiPathsMsg,
tr( "%1 thru %2" ).arg( startdate.toString(), enddate.toString() ),
( certvalid ? Valid : Invalid ) );
return validityChange( certvalid );
}
SSLWidget::SSLWidget(const QUrl &url, const WebSslInfo &info, QWidget *parent)
: QMenu(parent)
, m_url(url)
, m_info(info)
{
setAttribute(Qt::WA_DeleteOnClose);
setMinimumWidth(400);
QList<QSslCertificate> certList = m_info.certificateChain();
QSslCertificate cert;
if (!certList.isEmpty())
cert = certList.first();
QList<QStringList> certErrorList = SslInfoDialog::errorsFromString(m_info.certificateErrors());
QStringList firstCertErrorList;
if (!certErrorList.isEmpty())
firstCertErrorList = certErrorList.first();
QGridLayout *layout = new QGridLayout(this);
QLabel *label;
QLabel *imageLabel;
int rows = 0;
// ------------------------------------------------------------------------------------------------------
imageLabel = new QLabel(this);
layout->addWidget(imageLabel, rows , 0, Qt::AlignCenter);
label = new QLabel(this);
label->setWordWrap(true);
label->setText(i18n("Identity"));
QFont f1 = label->font();
f1.setBold(true);
label->setFont(f1);
layout->addWidget(label, rows++, 1);
label = new QLabel(this);
label->setWordWrap(true);
if (cert.isNull())
{
label->setText(i18n("Warning: this site is NOT carrying a certificate."));
imageLabel->setPixmap(KIcon("security-low").pixmap(32));
layout->addWidget(label, rows++, 1);
}
else
{
if (cert.isValid() && firstCertErrorList.isEmpty())
{
label->setText(i18n("The certificate for this site is valid and has been verified by:\n%1.",
Qt::escape(cert.issuerInfo(QSslCertificate::CommonName))));
imageLabel->setPixmap(KIcon("security-high").pixmap(32));
}
else
{
QString c = QL1S("<ul>");
Q_FOREACH(const QString & s, firstCertErrorList)
{
c += QL1S("<li>") + s + QL1S("</li>");
}
c += QL1S("</ul>");
label->setText(i18n("The certificate for this site is NOT valid, for the following reasons:\n%1.", c));
label->setTextFormat(Qt::RichText);
imageLabel->setPixmap(KIcon("security-low").pixmap(32));
}
layout->addWidget(label, rows++, 1);
label = new QLabel(this);
label->setWordWrap(true);
label->setText(QL1S("<a href=\"moresslinfos\">") + i18n("Certificate Information") + QL1S("</a>"));
connect(label, SIGNAL(linkActivated(QString)), this, SLOT(showMoreSslInfos(QString)));
layout->addWidget(label, rows++, 1);
}
