void SslSocketBase::setPKI(const QSslKey &privateKey, const QSslCertificate &localCertificate) { setPrivateKey(privateKey); setLocalCertificate(localCertificate); }
void SslSocketBase::setPKI(const QString &keyFilePath, const QString &certFilePath) { setPrivateKey(keyFilePath); setLocalCertificate(certFilePath); }
Connection::Connection(int socketDescriptor, const QString &cert, const QString &key) : serverMode(true), readSize(0) { setSocketDescriptor(socketDescriptor); setLocalCertificate(cert); setPrivateKey(key); init(); handshake(); }
GroupSocket::GroupSocket(GroupAuthority *authority, QObject *parent) : QObject(parent) , socket{this} , timer{this} , authority(authority) { timer.setInterval(FIVE_SECOND_TIMEOUT); timer.setSingleShot(true); connect(&timer, &QTimer::timeout, this, &GroupSocket::onTimeout); const auto get_ssl_config = [this, authority]() { auto config = socket.sslConfiguration(); config.setCaCertificates({}); config.setLocalCertificate(authority->getLocalCertificate()); config.setPrivateKey(authority->getPrivateKey()); config.setPeerVerifyMode(QSslSocket::QueryPeer); // CVE-2012-4929 forced the below option to be enabled by default but we can disable it because // the vulernability only impacts browsers config.setSslOption(QSsl::SslOption::SslOptionDisableCompression, false); return config; }; socket.setSslConfiguration(get_ssl_config()); socket.setPeerVerifyName(GROUP_COMMON_NAME); connect(&socket, &QAbstractSocket::hostFound, this, [this]() { emit sendLog("Host found..."); }); connect(&socket, &QAbstractSocket::connected, this, [this]() { socket.setSocketOption(QAbstractSocket::LowDelayOption, true); socket.setSocketOption(QAbstractSocket::KeepAliveOption, true); if (io::tuneKeepAlive(socket.socketDescriptor())) { emit sendLog("Tuned TCP keep alive parameters for socket"); } setProtocolState(ProtocolState::AwaitingLogin); emit sendLog("Connection established..."); emit connectionEstablished(this); }); connect(&socket, &QSslSocket::encrypted, this, [this]() { timer.stop(); secret = socket.peerCertificate().digest(QCryptographicHash::Algorithm::Sha1).toHex().toLower(); emit sendLog("Connection successfully encrypted..."); emit connectionEncrypted(this); }); connect(&socket, &QAbstractSocket::disconnected, this, [this]() { timer.stop(); emit connectionClosed(this); }); connect(&socket, &QIODevice::readyRead, this, &GroupSocket::onReadyRead); connect(&socket, static_cast<void (QAbstractSocket::*)(QAbstractSocket::SocketError)>( &QAbstractSocket::error), this, &GroupSocket::onError); connect(&socket, &QSslSocket::peerVerifyError, this, &GroupSocket::onPeerVerifyError); }
//Permet de renseigner le client avec qui le socket doit communiquer bool Socket::setDescriptor(int socketDescriptor) { if(this->state()==QAbstractSocket::ConnectedState) return false; if(!this->setSocketDescriptor(socketDescriptor)) return false; //On récupère la clé privée du serveur QFile file(PRIVATEKEY_FILE); if(!file.open(QIODevice::ReadOnly)) { qDebug("La clé privée du serveur est introuvable."); return false; } QSslKey key(&file, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey, "pass"); if (key.isNull()) { qDebug("La clé privée du serveur est nulle"); return false; } file.close(); setPrivateKey(key); //on charge le certificat du client setLocalCertificate( LOCALCERTIFICATE_FILE ); //on charge le certificat de notre ca if(!addCaCertificates(CACERTIFICATES_FILE)) { qDebug("Impossible de charger le certificat du CA."); return false; } //on supprime la vérification des certificats des clients //seuls ces derniers vérifient les clés et certificat du serveur setPeerVerifyMode(QSslSocket::VerifyNone); //on ignore les erreurs car on a un certificat auto signé ignoreSslErrors(); //on se connecte au serveur startServerEncryption(); //On attends au plus 30secondes pour que la connexion s'établisse bool result = waitForConnected(); if(!result) return result; result=waitForEncrypted(); return result; }
sslConnection::sslConnection( int socketDescriptor, QObject *parent ) : QSslSocket( parent ) { if( !setSocketDescriptor( socketDescriptor ) ) { qDebug() << "Couldn't set socket descriptor"; deleteLater(); return; } setPeerVerifyMode(QSslSocket::VerifyPeer); setLocalCertificate( "mycert.pem" ); setPrivateKey("mycert.pem"); startServerEncryption(); }
/*! * This is an overloaded function, provided for convenience. * * Sets the certificate to be presented to clients during the SSL handshake to * the first certificate contained in the file specified by \a path. * * \sa localCertificate */ void QxtSslServer::setLocalCertificate(const QString& path, QSsl::EncodingFormat format) { QFile file(path); if(!file.open(QIODevice::ReadOnly)) return; setLocalCertificate(QSslCertificate(&file, format)); }