// find trust anchor (informational only, verification is done by QSslSocket!) foreach(QSslCertificate rootCA, QSslSocket::systemCaCertificates()) { if (rootCA.issuerInfo(QSslCertificate::CommonName) == chain.last().issuerInfo(QSslCertificate::CommonName) && rootCA.issuerInfo(QSslCertificate::Organization) == chain.last().issuerInfo(QSslCertificate::Organization)) { chain.append(rootCA); break; } }
void CertView::setCert(const QList<QSslCertificate> &cert) { qlCert = cert; if (qlCert.isEmpty()) { qlSubjectName->setText(QString()); qlSubjectEmail->setText(QString()); qlIssuerName->setText(QString()); } else { QSslCertificate qscCert = qlCert.at(0); QStringList emails(qscCert.alternateSubjectNames().values(QSsl::EmailEntry)); const QString &name = qscCert.subjectInfo(QSslCertificate::CommonName); QString tmpName = name; tmpName = tmpName.replace(QLatin1String("\\x"), QLatin1String("%")); tmpName = QUrl::fromPercentEncoding(tmpName.toLatin1()); qlSubjectName->setText(tmpName); if (emails.count() > 0) qlSubjectEmail->setText(emails.join(QLatin1String("<br />"))); else qlSubjectEmail->setText(tr("(none)")); if (qlCert.count() > 1) qscCert = qlCert.last(); const QString &issuer = qscCert.issuerInfo(QSslCertificate::CommonName); qlIssuerName->setText((issuer == name) ? tr("Self-signed") : issuer); } }
bool FvUpdater::checkSslFingerPrint(QUrl urltoCheck) { if(urltoCheck.scheme()!="https") { qWarning()<<tr("SSL fingerprint check: The url %1 is not a ssl connection!").arg(urltoCheck.toString()); return false; } QSslSocket *socket = new QSslSocket(this); socket->connectToHostEncrypted(urltoCheck.host(), 443); if( !socket->waitForEncrypted(1000)) // waits until ssl emits encrypted(), max 1000msecs { qWarning()<<"SSL fingerprint check: Unable to connect SSL server: "<<socket->sslErrors(); return false; } QSslCertificate cert = socket->peerCertificate(); if(cert.isNull()) { qWarning()<<"SSL fingerprint check: Unable to retrieve SSL server certificate."; return false; } // COmpare digests if(cert.digest().toHex() != m_requiredSslFingerprint) { qWarning()<<"SSL fingerprint check: FINGERPRINT MISMATCH! Server digest="<<cert.digest().toHex()<<", requiered ssl digest="<<m_requiredSslFingerprint; return false; } return true; }
void PreferencesDialog::addClientCertToTable(const QString& path, const QSslCertificate& cert) { // Do nothing if the file doesn't even exist if(!QFile::exists(path)) return; // Add new row int row = ui->tableClientCerts->rowCount(); ui->tableClientCerts->setRowCount(row + 1); // Fill row with data QTableWidgetItem* cert_file = new QTableWidgetItem(path); cert_file->setFlags(Qt::ItemIsSelectable | Qt::ItemIsEnabled); ui->tableClientCerts->setItem(row, 0, cert_file); QTableWidgetItem* cert_subject_cn = new QTableWidgetItem(cert.subjectInfo(QSslCertificate::CommonName).at(0)); cert_subject_cn->setFlags(Qt::ItemIsSelectable | Qt::ItemIsEnabled); ui->tableClientCerts->setItem(row, 1, cert_subject_cn); QTableWidgetItem* cert_issuer_cn = new QTableWidgetItem(cert.issuerInfo(QSslCertificate::CommonName).at(0)); cert_issuer_cn->setFlags(Qt::ItemIsSelectable | Qt::ItemIsEnabled); ui->tableClientCerts->setItem(row, 2, cert_issuer_cn); QTableWidgetItem* cert_from = new QTableWidgetItem(cert.effectiveDate().toString()); cert_from->setFlags(Qt::ItemIsSelectable | Qt::ItemIsEnabled); ui->tableClientCerts->setItem(row, 3, cert_from); QTableWidgetItem* cert_to = new QTableWidgetItem(cert.expiryDate().toString()); cert_to->setFlags(Qt::ItemIsSelectable | Qt::ItemIsEnabled); ui->tableClientCerts->setItem(row, 4, cert_to); QTableWidgetItem* cert_serialno = new QTableWidgetItem(QString(cert.serialNumber())); cert_serialno->setFlags(Qt::ItemIsSelectable | Qt::ItemIsEnabled); ui->tableClientCerts->setItem(row, 5, cert_serialno); }
static QString certToFormattedString(QSslCertificate cert) { QString resultstring = QLatin1String("<p>"); QStringList tmplist; resultstring += cert.subjectInfo(QSslCertificate::CommonName); resultstring += QString::fromLatin1("<br/>Issuer: %1") .arg(cert.issuerInfo(QSslCertificate::CommonName)); resultstring += QString::fromLatin1("<br/>Not valid before: %1<br/>Valid Until: %2") .arg(cert.effectiveDate().toString(Qt::ISODate)) .arg(cert.expiryDate().toString(Qt::ISODate)); QMultiMap<QSsl::AlternateNameEntryType, QString> names = cert.alternateSubjectNames(); if (names.count() > 0) { tmplist = names.values(QSsl::DnsEntry); resultstring += QLatin1String("<br/>Alternate Names:<ul><li>") + tmplist.join(QLatin1String("</li><li>")) + QLatin1String("</li><</ul>"); } resultstring += QLatin1String("</p>"); return resultstring; }
bool Server::isKeyForCert(const QSslKey &key, const QSslCertificate &cert) { if (key.isNull() || cert.isNull() || (key.type() != QSsl::PrivateKey)) return false; QByteArray qbaKey = key.toDer(); QByteArray qbaCert = cert.toDer(); X509 *x509 = NULL; EVP_PKEY *pkey = NULL; BIO *mem = NULL; mem = BIO_new_mem_buf(qbaKey.data(), qbaKey.size()); Q_UNUSED(BIO_set_close(mem, BIO_NOCLOSE)); pkey = d2i_PrivateKey_bio(mem, NULL); BIO_free(mem); mem = BIO_new_mem_buf(qbaCert.data(), qbaCert.size()); Q_UNUSED(BIO_set_close(mem, BIO_NOCLOSE)); x509 = d2i_X509_bio(mem, NULL); BIO_free(mem); mem = NULL; if (x509 && pkey && X509_check_private_key(x509, pkey)) { EVP_PKEY_free(pkey); X509_free(x509); return true; } if (pkey) EVP_PKEY_free(pkey); if (x509) X509_free(x509); return false; }
QList<QSslCertificate> Connection::peerCertificateChain() const { const QSslCertificate cert = qtsSocket->peerCertificate(); if (cert.isNull()) return QList<QSslCertificate>(); else return qtsSocket->peerCertificateChain() << cert; }
// in Qt5, subjectInfo returns a QStringList(); turn this into a comma-separated string instead QString SslInfoDlg::subjectInfo(const QSslCertificate &cert, QSslCertificate::SubjectInfo subjectInfo) const { #if QT_VERSION < 0x050000 return cert.subjectInfo(subjectInfo); #else return cert.subjectInfo(subjectInfo).join(", "); #endif }
QString subjectInfoHelper(const QSslCertificate& cert, const QByteArray &qa) { #if QT_VERSION < QT_VERSION_CHECK(5,0,0) return cert.subjectInfo(qa); #else return cert.subjectInfo(qa).join(QLatin1Char('/')); #endif }
bool InstallChecker::verifyPackage( const QString &filePath, bool ) { QProcess proc; proc.start( "hdiutil", QStringList() << "verify" << filePath ); proc.waitForFinished(); if( proc.exitCode() ) return false; QString path = mountPackage( filePath ); if( path.isEmpty() ) return false; xar_t xar = xar_open( path.toUtf8().constData(), 0 ); if( !xar ) return false; QSslCertificate cert; xar_signature_t sig = xar_signature_first( xar ); int32_t count = xar_signature_get_x509certificate_count( sig ); for( int32_t i = 0; i < count; ++i ) { uint32_t size = 0; const uint8_t *data = 0; if( xar_signature_get_x509certificate_data( sig, i, &data, &size ) ) continue; QSslCertificate c( QByteArray( (const char*)data, size ), QSsl::Der ); #if QT_VERSION >= 0x050000 QString cn = c.subjectInfo( QSslCertificate::CommonName ).value(0); #else QString cn = c.subjectInfo( QSslCertificate::CommonName ); #endif if( cn == "Estonian Informatics Centre" || cn == "Developer ID Installer: Riigi Infosüsteemi Amet" ) cert = c; } if( cert.isNull() ) { xar_close( xar ); return false; } uint8_t *data = 0, *signature = 0; uint32_t dataSize = 0, signatureSize = 0; off_t offset = 0; if( xar_signature_copy_signed_data( sig, &data, &dataSize, &signature, &signatureSize, &offset ) ) { xar_close( xar ); return false; } int result = RSA_verify( NID_sha1, data, dataSize, signature, signatureSize, (RSA*)cert.publicKey().handle() ); xar_close( xar ); free( data ); free( signature ); return result; }
void SettingsDialog::updateCert() { QSslCertificate c = AccessCert::cert(); if( !c.isNull() ) d->p12Error->setText( tr("Issued to: %1\nValid to: %2").arg( c.subjectInfo( QSslCertificate::CommonName ), c.expiryDate().toString("dd.MM.yyyy") ) ); else d->p12Error->setText( tr("Server access certificate is not installed.")); d->showP12Cert->setEnabled( !c.isNull() ); d->showP12Cert->setProperty( "cert", QVariant::fromValue( c ) ); }
void SSLConnect::setToken( const QSslCertificate &cert, Qt::HANDLE key ) { if( !d->ssl ) return d->setError( tr("SSL context is missing") ); if( cert.isNull() ) return d->setError( tr("Certificate is empty") ); if( !SSL_use_certificate( d->ssl, X509_dup( (X509*)cert.handle() ) ) || !SSL_use_PrivateKey( d->ssl, (EVP_PKEY*)key ) ) d->setError(); }
void SeafileApiClient::onSslErrors(const QList<QSslError>& errors) { QUrl url = reply_->url(); QSslCertificate cert = reply_->sslConfiguration().peerCertificate(); if (cert.isNull()) { // The server has no ssl certificate, we do nothing and let the // request fail qDebug("the certificate for %s is null", url.toString().toUtf8().data()); return; } CertsManager *mgr = seafApplet->certsManager(); QSslCertificate saved_cert = mgr->getCertificate(url.toString()); if (saved_cert.isNull()) { // This is the first time when the client connects to the server. QString question = tr("<b>Warning:</b> The ssl certificate of this server is not trusted, proceed anyway?"); if (seafApplet->yesOrNoBox(question)) { mgr->saveCertificate(url, cert); reply_->ignoreSslErrors(); } return; } else if (saved_cert == cert) { // The user has choosen to trust the certificate before reply_->ignoreSslErrors(); return; } else { /** * The cert which the user had chosen to trust has been changed. It * may be either: * * 1. The server has changed its ssl certificate * 2. The user's connection is under security attack * * Anyway, we'll prompt the user */ SslConfirmDialog dialog(url, seafApplet->mainWindow()); if (dialog.exec() == QDialog::Accepted) { reply_->ignoreSslErrors(); if (dialog.rememberChoice()) { mgr->saveCertificate(url, cert); } } else { reply_->abort(); } return; } // SslConfirmDialog *dialog = new SslConfirmDialog(url, cert, errors, seafApplet->mainWindow()); // dialog->show(); // dialog->raise(); // dialog->activateWindow(); }
QString CertificateInfoWidget::certificateItemText(const QSslCertificate &cert) { QString commonName = cert.subjectInfo(QSslCertificate::CommonName); QString organization = cert.subjectInfo(QSslCertificate::Organization); if (commonName.isEmpty()) { return clearCertSpecialSymbols(organization); } return clearCertSpecialSymbols(commonName); }
bool QSslCertificatePrivate::isBlacklisted(const QSslCertificate &certificate) { for (int a = 0; certificate_blacklist[a] != 0; a++) { QString blacklistedCommonName = QString::fromUtf8(certificate_blacklist[(a+1)]); if (certificate.serialNumber() == certificate_blacklist[a++] && (certificate.subjectInfo(QSslCertificate::CommonName).contains(blacklistedCommonName) || certificate.issuerInfo(QSslCertificate::CommonName).contains(blacklistedCommonName))) return true; } return false; }
void SettingsDialog::updateCert() { QSslCertificate c = AccessCert::cert(); if( !c.isNull() ) d->p12Error->setText( tr("Issued to: %1<br />Valid to: %2 %3") .arg( SslCertificate(c).subjectInfo( QSslCertificate::CommonName ) ) .arg( c.expiryDate().toString("dd.MM.yyyy") ) .arg( !c.isValid() ? "<font color='red'>(" + tr("expired") + ")</font>" : "" ) ); else d->p12Error->setText( "<b>" + tr("Server access certificate is not installed.") + "</b>" ); d->showP12Cert->setEnabled( !c.isNull() ); d->showP12Cert->setProperty( "cert", QVariant::fromValue( c ) ); }
void FileServerTask::onSslErrors(const QList<QSslError>& errors) { if (canceled_) { return; } QUrl url = reply_->url(); QSslCertificate cert = reply_->sslConfiguration().peerCertificate(); CertsManager *mgr = seafApplet->certsManager(); if (!cert.isNull() && cert == mgr->getCertificate(url.toString())) { reply_->ignoreSslErrors(); return; } }
void CertView::setCert(const QList<QSslCertificate> &cert) { qlCert = cert; if (qlCert.isEmpty()) { qlSubjectName->setText(QString()); qlSubjectEmail->setText(QString()); qlIssuerName->setText(QString()); qlExpiry->setText(QString()); } else { QSslCertificate qscCert = qlCert.at(0); #if QT_VERSION >= QT_VERSION_CHECK(5, 0, 0) const QStringList &names = qscCert.subjectInfo(QSslCertificate::CommonName); QString name; if (names.count() > 0) { name = names.at(0); } QStringList emails = qscCert.subjectAlternativeNames().values(QSsl::EmailEntry); #else const QString &name = qscCert.subjectInfo(QSslCertificate::CommonName); QStringList emails(qscCert.alternateSubjectNames().values(QSsl::EmailEntry)); #endif QString tmpName = name; tmpName = tmpName.replace(QLatin1String("\\x"), QLatin1String("%")); tmpName = QUrl::fromPercentEncoding(tmpName.toLatin1()); qlSubjectName->setText(tmpName); if (emails.count() > 0) qlSubjectEmail->setText(emails.join(QLatin1String("\n"))); else qlSubjectEmail->setText(tr("(none)")); if (qscCert.expiryDate() <= QDateTime::currentDateTime()) qlExpiry->setText(QString::fromLatin1("<font color=\"red\"><b>%1</b></font>").arg(Qt::escape(qscCert.expiryDate().toString(Qt::SystemLocaleDate)))); else qlExpiry->setText(qscCert.expiryDate().toString(Qt::SystemLocaleDate)); if (qlCert.count() > 1) qscCert = qlCert.last(); #if QT_VERSION >= QT_VERSION_CHECK(5, 0, 0) const QStringList &issuerNames = qscCert.issuerInfo(QSslCertificate::CommonName); QString issuerName; if (issuerNames.count() > 0) { issuerName = issuerName.at(0); } #else const QString &issuerName = qscCert.issuerInfo(QSslCertificate::CommonName); #endif qlIssuerName->setText((issuerName == name) ? tr("Self-signed") : issuerName); } }
QSslCertificate IdentityEditWidget::certByFilename(const QString &filename) { QSslCertificate cert; QFile certFile(filename); certFile.open(QIODevice::ReadOnly); QByteArray certRaw = certFile.read(2 << 20); certFile.close(); for (int i = 0; i < 2; i++) { cert = QSslCertificate(certRaw, (QSsl::EncodingFormat)i); if (!cert.isNull()) break; } return cert; }
void SslCertificateMonitor::socketReady(QObject *sockobj) { QSslSocket *sock = qobject_cast<QSslSocket *>(sockobj); if (!sock) return; QString peerName = sock->peerName(); QSslCertificate certificate = sock->peerCertificate(); if (*(d->acceptedCache.object(peerName)) == certificate) return; // Fast path for most recently accepted certificates // Have we been here before? QSslCertificate previousCertificate = cachedCertificate(peerName); if (!previousCertificate.isNull()) { if (certificate == previousCertificate) { // We need to add the certificate to the cache here as well as when we add to // the on-disk cache so that we don't hit the disk again for this site. d->acceptedCache.insert(peerName,new QSslCertificate(certificate)); return; // All is well } // Cert has changed QString message = evaluateCertificateChange( peerName, previousCertificate, certificate, sock->sslErrors().isEmpty() ); d->acceptCurrent = false; emit certificateWarning(sock, message); } else { // The certificate is new. We don't show anything to user because then // we're simply training them to click through our warning message without // thinking. d->acceptCurrent = true; } // If the user has chosen to accept the certificate or the certficate is new // then we store the updated entry. if (d->acceptCurrent) { d->acceptedCache.insert(peerName,new QSslCertificate(certificate)); addCertificate(peerName, certificate); } else { // Certficate has been considered dangerous by the user sock->abort(); } }
void NetworkManager::addLocalCertificate(const QSslCertificate &cert) { // if (!cert.isValid()) { // return; // } m_localCerts.append(cert); QSslSocket::addDefaultCaCertificate(cert); QDir dir(mApp->getActiveProfilPath()); if (!dir.exists("certificates")) { dir.mkdir("certificates"); } QString certFileName = fileNameForCert(cert); QString fileName = qz_ensureUniqueFilename(mApp->getActiveProfilPath() + "certificates/" + certFileName); QFile file(fileName); if (file.open(QFile::WriteOnly)) { file.write(cert.toPem()); file.close(); } else { qWarning() << "NetworkManager::addLocalCertificate cannot write to file: " << fileName; } }
QString SslErrorDialog::certificateItemText(const QSslCertificate &cert) { #if QT_VERSION >= 0x050000 QString commonName = cert.subjectInfo(QSslCertificate::CommonName).isEmpty() ? QString() : cert.subjectInfo(QSslCertificate::CommonName).at(0); QString organization = cert.subjectInfo(QSslCertificate::Organization).isEmpty() ? QString() : cert.subjectInfo(QSslCertificate::Organization).at(0); #else QString commonName = cert.subjectInfo(QSslCertificate::CommonName); QString organization = cert.subjectInfo(QSslCertificate::Organization); #endif if (commonName.isEmpty()) { return clearCertSpecialSymbols(organization); } return clearCertSpecialSymbols(commonName); }
void CertIdentity::setSslCert(const QSslCertificate &cert) { if (cert.toPem() == _sslCert.toPem()) return; _sslCert = cert; _isDirty = true; }
void Pastebin::onSslErrors(QNetworkReply *reply, const QList<QSslError> &errors) { QStringList ignoreCerts = AppSettings::instance()->ignoreErrorCerts(); QList<QSslError> ignoreErrors; QList<QSslError> promptErrors; QSslCertificate cert; QStringList errorStrings; foreach(const QSslError &error, errors) { if(ignoreCerts.contains(QString(error.certificate().serialNumber()))) { ignoreErrors.append(error); } else { promptErrors.append(error); if(cert.isNull()) { cert = error.certificate(); } errorStrings << error.errorString(); } } if(!ignoreErrors.isEmpty()) { reply->ignoreSslErrors(ignoreErrors); } if(!promptErrors.isEmpty()) { QString bodyText = tr( "Issued to: %1\n" "Serial number: %2\n" "Issued by: %3\n" "Effective: %4\n" "Expires: %5\n" "\n%6\n\n" "Ignore this error?") .arg(cert.subjectInfo(QSslCertificate::CommonName)) .arg(QString(cert.serialNumber())) .arg(cert.issuerInfo(QSslCertificate::CommonName)) .arg(cert.effectiveDate().toLocalTime().toString(Qt::SystemLocaleShortDate)) .arg(cert.expiryDate().toLocalTime().toString(Qt::SystemLocaleShortDate)) .arg(errorStrings.join("\n")); bb::system::SystemDialog dialog(tr("Yes"), tr("Always"), tr("No")); dialog.setTitle(tr("SSL Error")); dialog.setBody(bodyText); bb::system::SystemUiResult::Type result = dialog.exec(); if(result == bb::system::SystemUiResult::ConfirmButtonSelection || result == bb::system::SystemUiResult::CustomButtonSelection) { reply->ignoreSslErrors(promptErrors); if(result == bb::system::SystemUiResult::CustomButtonSelection) { ignoreCerts << QString(cert.serialNumber()); AppSettings::instance()->setIgnoreErrorCerts(ignoreCerts); } } } }
void QgsAuthSslErrorsDialog::showCertificateChainInfo() { QList<QSslCertificate> peerchain( mSslConfiguration.peerCertificateChain() ); if ( !peerchain.isEmpty() ) { QSslCertificate cert = peerchain.takeFirst(); if ( !cert.isNull() ) { QgsAuthCertInfoDialog *dlg = new QgsAuthCertInfoDialog( cert, false, this, peerchain ); dlg->setWindowModality( Qt::WindowModal ); dlg->resize( 675, 500 ); dlg->exec(); dlg->deleteLater(); } } }
void QgsPkiBundle::setClientCert( const QSslCertificate &cert ) { mCert.clear(); if ( !cert.isNull() ) { mCert = cert; } }
void ResultParser::parseResult(const QUrl &originalUrl, const QUrl &urlWithCertificate, const QList<QSslCertificate> &certificateChain) { Result currentResult = m_results.value(urlWithCertificate); if (currentResult.sitesContainingLink.empty()) { // first time we encounter this site QSslCertificate lastCertInChain = certificateChain.last(); currentResult.siteCertCountry = certificateChain.first().subjectInfo(QSslCertificate::CountryName).join(" / "); currentResult.rootCertCountry = lastCertInChain.issuerInfo(QSslCertificate::CountryName).join(" / "); currentResult.rootCertOrganization = lastCertInChain.issuerInfo(QSslCertificate::Organization).join(" / "); } if (!currentResult.sitesContainingLink.contains(originalUrl)) { currentResult.sitesContainingLink.insert(originalUrl); m_results.insert(urlWithCertificate, currentResult); } }
void QWebdav::sslErrors(QNetworkReply *reply, const QList<QSslError> &errors) { #ifdef DEBUG_WEBDAV qDebug() << "QWebdav::sslErrors() reply->url == " << reply->url().toString(QUrl::RemoveUserInfo); #endif QSslCertificate sslcert = errors[0].certificate(); if ( ( sslcert.digest(QCryptographicHash::Md5) == m_sslCertDigestMd5 ) && ( sslcert.digest(QCryptographicHash::Sha1) == m_sslCertDigestSha1) ) { // user accepted this SSL certifcate already ==> ignore SSL errors reply->ignoreSslErrors(); } else { // user has to check the SSL certificate and has to accept manually emit checkSslCertifcate(errors); reply->abort(); } }
foreach (const QSslCertificate &certificate, remove) { QHash<QSslCertificate, QAtomicInt>::iterator it = additionalCertificates.find(certificate); if (it != additionalCertificates.end() && !it.value().deref()) { // no more references, remove certificate HRESULT hr; hr = rootStore->Delete(static_cast<ICertificate *>(certificate.handle())); Q_ASSERT_SUCCEEDED(hr); additionalCertificates.erase(it); } }
void NetworkManager::setSSLConfiguration(QNetworkReply* reply) { if (!reply->sslConfiguration().isNull()) { QSslCertificate cert = reply->sslConfiguration().peerCertificate(); if (!cert.isValid() || reply->property("downReply").toBool()) { return; } QNetworkRequest request = reply->request(); QVariant v = request.attribute((QNetworkRequest::Attribute)(QNetworkRequest::User + 100)); WebPage* webPage = static_cast<WebPage*>(v.value<void*>()); if (!webPage) { return; } if (webPage->url().host() == reply->url().host()) { webPage->setSSLCertificate(cert); } } }