// find trust anchor (informational only, verification is done by QSslSocket!)
foreach(QSslCertificate rootCA, QSslSocket::systemCaCertificates()) {
if (rootCA.issuerInfo(QSslCertificate::CommonName) == chain.last().issuerInfo(QSslCertificate::CommonName) &&
rootCA.issuerInfo(QSslCertificate::Organization) == chain.last().issuerInfo(QSslCertificate::Organization)) {
chain.append(rootCA);
break;
}
}
// same here
QString SslInfoDlg::issuerInfo(const QSslCertificate &cert, QSslCertificate::SubjectInfo subjectInfo) const
{
#if QT_VERSION < 0x050000
return cert.issuerInfo(subjectInfo);
#else
return cert.issuerInfo(subjectInfo).join(", ");
#endif
}
void CertView::setCert(const QList<QSslCertificate> &cert) {
qlCert = cert;
if (qlCert.isEmpty()) {
qlSubjectName->setText(QString());
qlSubjectEmail->setText(QString());
qlIssuerName->setText(QString());
qlExpiry->setText(QString());
} else {
QSslCertificate qscCert = qlCert.at(0);
#if QT_VERSION >= QT_VERSION_CHECK(5, 0, 0)
const QStringList &names = qscCert.subjectInfo(QSslCertificate::CommonName);
QString name;
if (names.count() > 0) {
name = names.at(0);
}
QStringList emails = qscCert.subjectAlternativeNames().values(QSsl::EmailEntry);
#else
const QString &name = qscCert.subjectInfo(QSslCertificate::CommonName);
QStringList emails(qscCert.alternateSubjectNames().values(QSsl::EmailEntry));
#endif
QString tmpName = name;
tmpName = tmpName.replace(QLatin1String("\\x"), QLatin1String("%"));
tmpName = QUrl::fromPercentEncoding(tmpName.toLatin1());
qlSubjectName->setText(tmpName);
if (emails.count() > 0)
qlSubjectEmail->setText(emails.join(QLatin1String("\n")));
else
qlSubjectEmail->setText(tr("(none)"));
if (qscCert.expiryDate() <= QDateTime::currentDateTime())
qlExpiry->setText(QString::fromLatin1("<font color=\"red\"><b>%1</b></font>").arg(Qt::escape(qscCert.expiryDate().toString(Qt::SystemLocaleDate))));
else
qlExpiry->setText(qscCert.expiryDate().toString(Qt::SystemLocaleDate));
if (qlCert.count() > 1)
qscCert = qlCert.last();
#if QT_VERSION >= QT_VERSION_CHECK(5, 0, 0)
const QStringList &issuerNames = qscCert.issuerInfo(QSslCertificate::CommonName);
QString issuerName;
if (issuerNames.count() > 0) {
issuerName = issuerName.at(0);
}
#else
const QString &issuerName = qscCert.issuerInfo(QSslCertificate::CommonName);
#endif
qlIssuerName->setText((issuerName == name) ? tr("Self-signed") : issuerName);
}
}
void PreferencesDialog::addClientCertToTable(const QString& path, const QSslCertificate& cert)
{
// Do nothing if the file doesn't even exist
if(!QFile::exists(path))
return;
// Add new row
int row = ui->tableClientCerts->rowCount();
ui->tableClientCerts->setRowCount(row + 1);
// Fill row with data
QTableWidgetItem* cert_file = new QTableWidgetItem(path);
cert_file->setFlags(Qt::ItemIsSelectable | Qt::ItemIsEnabled);
ui->tableClientCerts->setItem(row, 0, cert_file);
QTableWidgetItem* cert_subject_cn = new QTableWidgetItem(cert.subjectInfo(QSslCertificate::CommonName).at(0));
cert_subject_cn->setFlags(Qt::ItemIsSelectable | Qt::ItemIsEnabled);
ui->tableClientCerts->setItem(row, 1, cert_subject_cn);
QTableWidgetItem* cert_issuer_cn = new QTableWidgetItem(cert.issuerInfo(QSslCertificate::CommonName).at(0));
cert_issuer_cn->setFlags(Qt::ItemIsSelectable | Qt::ItemIsEnabled);
ui->tableClientCerts->setItem(row, 2, cert_issuer_cn);
QTableWidgetItem* cert_from = new QTableWidgetItem(cert.effectiveDate().toString());
cert_from->setFlags(Qt::ItemIsSelectable | Qt::ItemIsEnabled);
ui->tableClientCerts->setItem(row, 3, cert_from);
QTableWidgetItem* cert_to = new QTableWidgetItem(cert.expiryDate().toString());
cert_to->setFlags(Qt::ItemIsSelectable | Qt::ItemIsEnabled);
ui->tableClientCerts->setItem(row, 4, cert_to);
QTableWidgetItem* cert_serialno = new QTableWidgetItem(QString(cert.serialNumber()));
cert_serialno->setFlags(Qt::ItemIsSelectable | Qt::ItemIsEnabled);
ui->tableClientCerts->setItem(row, 5, cert_serialno);
}
void CertView::setCert(const QList<QSslCertificate> &cert) {
qlCert = cert;
if (qlCert.isEmpty()) {
qlSubjectName->setText(QString());
qlSubjectEmail->setText(QString());
qlIssuerName->setText(QString());
} else {
QSslCertificate qscCert = qlCert.at(0);
QStringList emails(qscCert.alternateSubjectNames().values(QSsl::EmailEntry));
const QString &name = qscCert.subjectInfo(QSslCertificate::CommonName);
QString tmpName = name;
tmpName = tmpName.replace(QLatin1String("\\x"), QLatin1String("%"));
tmpName = QUrl::fromPercentEncoding(tmpName.toLatin1());
qlSubjectName->setText(tmpName);
if (emails.count() > 0)
qlSubjectEmail->setText(emails.join(QLatin1String("<br />")));
else
qlSubjectEmail->setText(tr("(none)"));
if (qlCert.count() > 1)
qscCert = qlCert.last();
const QString &issuer = qscCert.issuerInfo(QSslCertificate::CommonName);
qlIssuerName->setText((issuer == name) ? tr("Self-signed") : issuer);
}
}
static QString certToFormattedString(QSslCertificate cert)
{
QString resultstring = QLatin1String("<p>");
QStringList tmplist;
resultstring += cert.subjectInfo(QSslCertificate::CommonName);
resultstring += QString::fromLatin1("<br/>Issuer: %1")
.arg(cert.issuerInfo(QSslCertificate::CommonName));
resultstring += QString::fromLatin1("<br/>Not valid before: %1<br/>Valid Until: %2")
.arg(cert.effectiveDate().toString(Qt::ISODate))
.arg(cert.expiryDate().toString(Qt::ISODate));
QMultiMap<QSsl::AlternateNameEntryType, QString> names = cert.alternateSubjectNames();
if (names.count() > 0) {
tmplist = names.values(QSsl::DnsEntry);
resultstring += QLatin1String("<br/>Alternate Names:<ul><li>")
+ tmplist.join(QLatin1String("</li><li>"))
+ QLatin1String("</li><</ul>");
}
resultstring += QLatin1String("</p>");
return resultstring;
}
QString clientController::getCertificateString(const QSslCertificate &cert)
{
QString certInfo;
certInfo += "Issuer Org: ";
certInfo += cert.issuerInfo(QSslCertificate::Organization).join(" ") + QString("\n");
certInfo += "Common Name: ";
certInfo += cert.issuerInfo(QSslCertificate::CommonName).join(" ") + "\n";
certInfo += "Effective Date: ";
certInfo += cert.effectiveDate().toString() + "\n";
certInfo += "Expiry Date: ";
certInfo += cert.expiryDate().toString() + "\n";
certInfo += "Public Key: ";
certInfo += cert.publicKey().toPem() + "\n";
certInfo += "Serial Number: ";
certInfo += cert.serialNumber() + "\n";
return certInfo;
}
void ResultParser::parseResult(const QUrl &originalUrl,
const QUrl &urlWithCertificate,
const QList<QSslCertificate> &certificateChain) {
Result currentResult = m_results.value(urlWithCertificate);
if (currentResult.sitesContainingLink.empty()) { // first time we encounter this site
QSslCertificate lastCertInChain = certificateChain.last();
currentResult.siteCertCountry = certificateChain.first().subjectInfo(QSslCertificate::CountryName).join(" / ");
currentResult.rootCertCountry = lastCertInChain.issuerInfo(QSslCertificate::CountryName).join(" / ");
currentResult.rootCertOrganization =
lastCertInChain.issuerInfo(QSslCertificate::Organization).join(" / ");
}
if (!currentResult.sitesContainingLink.contains(originalUrl)) {
currentResult.sitesContainingLink.insert(originalUrl);
m_results.insert(urlWithCertificate, currentResult);
}
}
void Pastebin::onSslErrors(QNetworkReply *reply, const QList<QSslError> &errors)
{
QStringList ignoreCerts = AppSettings::instance()->ignoreErrorCerts();
QList<QSslError> ignoreErrors;
QList<QSslError> promptErrors;
QSslCertificate cert;
QStringList errorStrings;
foreach(const QSslError &error, errors) {
if(ignoreCerts.contains(QString(error.certificate().serialNumber()))) {
ignoreErrors.append(error);
}
else {
promptErrors.append(error);
if(cert.isNull()) {
cert = error.certificate();
}
errorStrings << error.errorString();
}
}
if(!ignoreErrors.isEmpty()) {
reply->ignoreSslErrors(ignoreErrors);
}
if(!promptErrors.isEmpty()) {
QString bodyText = tr(
"Issued to: %1\n"
"Serial number: %2\n"
"Issued by: %3\n"
"Effective: %4\n"
"Expires: %5\n"
"\n%6\n\n"
"Ignore this error?")
.arg(cert.subjectInfo(QSslCertificate::CommonName))
.arg(QString(cert.serialNumber()))
.arg(cert.issuerInfo(QSslCertificate::CommonName))
.arg(cert.effectiveDate().toLocalTime().toString(Qt::SystemLocaleShortDate))
.arg(cert.expiryDate().toLocalTime().toString(Qt::SystemLocaleShortDate))
.arg(errorStrings.join("\n"));
bb::system::SystemDialog dialog(tr("Yes"), tr("Always"), tr("No"));
dialog.setTitle(tr("SSL Error"));
dialog.setBody(bodyText);
bb::system::SystemUiResult::Type result = dialog.exec();
if(result == bb::system::SystemUiResult::ConfirmButtonSelection
|| result == bb::system::SystemUiResult::CustomButtonSelection) {
reply->ignoreSslErrors(promptErrors);
if(result == bb::system::SystemUiResult::CustomButtonSelection) {
ignoreCerts << QString(cert.serialNumber());
AppSettings::instance()->setIgnoreErrorCerts(ignoreCerts);
}
}
}
}
QString Client::getCertificateString(const QSslCertificate &cert)
{
// Grab the fields and append to certInfo
QString certInfo;
certInfo += "Issuer Org: ";
certInfo += cert.issuerInfo(QSslCertificate::Organization) + "\n";
certInfo += "Common Name: ";
certInfo += cert.issuerInfo(QSslCertificate::CommonName) + "\n";
certInfo += "Effective Date: ";
certInfo += cert.effectiveDate().toString() + "\n";
certInfo += "Expiry Date: ";
certInfo += cert.expiryDate().toString() + "\n";
certInfo += "Public Key: ";
certInfo += cert.publicKey().toPem() + "\n";
certInfo += "Serial Number: ";
certInfo += cert.serialNumber() + "\n";
return certInfo;
}
CertificateInfoWidget::CertificateInfoWidget(const QSslCertificate &cert, QWidget* parent)
: QWidget(parent)
, ui(new Ui::CertificateInfoWidget)
{
ui->setupUi(this);
//Issued to
ui->issuedToCN->setText(showCertInfo(cert.subjectInfo(QSslCertificate::CommonName)));
ui->issuedToO->setText(showCertInfo(cert.subjectInfo(QSslCertificate::Organization)));
ui->issuedToOU->setText(showCertInfo(cert.subjectInfo(QSslCertificate::OrganizationalUnitName)));
ui->issuedToSN->setText(showCertInfo(cert.serialNumber()));
//Issued By
ui->issuedByCN->setText(showCertInfo(cert.issuerInfo(QSslCertificate::CommonName)));
ui->issuedByO->setText(showCertInfo(cert.issuerInfo(QSslCertificate::Organization)));
ui->issuedByOU->setText(showCertInfo(cert.issuerInfo(QSslCertificate::OrganizationalUnitName)));
//Validity
ui->validityIssuedOn->setText(cert.effectiveDate().toString("dddd d. MMMM yyyy"));
ui->validityExpiresOn->setText(cert.expiryDate().toString("dddd d. MMMM yyyy"));
}
bool QSslCertificatePrivate::isBlacklisted(const QSslCertificate &certificate)
{
for (int a = 0; certificate_blacklist[a] != 0; a++) {
QString blacklistedCommonName = QString::fromUtf8(certificate_blacklist[(a+1)]);
if (certificate.serialNumber() == certificate_blacklist[a++] &&
(certificate.subjectInfo(QSslCertificate::CommonName).contains(blacklistedCommonName) ||
certificate.issuerInfo(QSslCertificate::CommonName).contains(blacklistedCommonName)))
return true;
}
return false;
}
void SslInfoDlg::setCurrentCert(int index)
{
QSslCertificate cert = socket()->peerCertificateChain().at(index);
ui.subjectCommonName->setText(cert.subjectInfo(QSslCertificate::CommonName));
ui.subjectOrganization->setText(cert.subjectInfo(QSslCertificate::Organization));
ui.subjectOrganizationalUnit->setText(cert.subjectInfo(QSslCertificate::OrganizationalUnitName));
ui.subjectCountry->setText(cert.subjectInfo(QSslCertificate::CountryName));
ui.subjectState->setText(cert.subjectInfo(QSslCertificate::StateOrProvinceName));
ui.subjectCity->setText(cert.subjectInfo(QSslCertificate::LocalityName));
ui.issuerCommonName->setText(cert.issuerInfo(QSslCertificate::CommonName));
ui.issuerOrganization->setText(cert.issuerInfo(QSslCertificate::Organization));
ui.issuerOrganizationalUnit->setText(cert.issuerInfo(QSslCertificate::OrganizationalUnitName));
ui.issuerCountry->setText(cert.issuerInfo(QSslCertificate::CountryName));
ui.issuerState->setText(cert.issuerInfo(QSslCertificate::StateOrProvinceName));
ui.issuerCity->setText(cert.issuerInfo(QSslCertificate::LocalityName));
if (socket()->sslErrors().isEmpty())
ui.trusted->setText(tr("Yes"));
else {
QString errorString = tr("No, for the following reasons:<ul>");
foreach(const QSslError &error, socket()->sslErrors())
errorString += "<li>" + error.errorString() + "</li>";
errorString += "</ul>";
ui.trusted->setText(errorString);
}
ui.validity->setText(tr("%1 to %2").arg(cert.effectiveDate().date().toString(Qt::ISODate), cert.expiryDate().date().toString(Qt::ISODate)));
ui.md5Digest->setText(prettyDigest(cert.digest(QCryptographicHash::Md5)));
ui.sha1Digest->setText(prettyDigest(cert.digest(QCryptographicHash::Sha1)));
}
QString dumpCertificate(const QSslCertificate &cert)
{
if (cert.isNull())
return "\n-\n";
QString s = "\n";
#if (QT_VERSION >= QT_VERSION_CHECK(5, 0, 0))
s += cert.toText();
#else
QString s_none = QObject::tr("<Not Part of Certificate>");
#define CERTIFICATE_STR(x) ( ((x) == "" ) ? s_none : (x) )
s += "Certificate:\n";
s += "\nIssued To:\n";
s += "CommonName(CN): " + CERTIFICATE_STR(cert.subjectInfo(QSslCertificate::CommonName)) + "\n";
s += "Organization(O): " + CERTIFICATE_STR(cert.subjectInfo(QSslCertificate::Organization)) + "\n";
s += "OrganizationalUnitName(OU): " + CERTIFICATE_STR(cert.subjectInfo(QSslCertificate::OrganizationalUnitName)) + "\n";
s += "Serial Number: " + dumpHexPresentation(cert.serialNumber()) + "\n";
s += "\nIssued By:\n";
s += "CommonName(CN): " + CERTIFICATE_STR(cert.issuerInfo(QSslCertificate::CommonName)) + "\n";
s += "Organization(O): " + CERTIFICATE_STR(cert.issuerInfo(QSslCertificate::Organization)) + "\n";
s += "OrganizationalUnitName(OU): " + CERTIFICATE_STR(cert.issuerInfo(QSslCertificate::OrganizationalUnitName)) + "\n";
s += "\nPeriod Of Validity\n";
s += "Begins On: " + cert.effectiveDate().toString() + "\n";
s += "Expires On: " + cert.expiryDate().toString() + "\n";
s += "IsValid: " + (cert.isValid() ? QString("Yes") : QString("No")) + "\n";
s += "\nFingerprints\n";
s += "SHA1 Fingerprint:\n" + dumpCertificateFingerprint(cert, QCryptographicHash::Sha1) + "\n";
s += "MD5 Fingerprint:\n" + dumpCertificateFingerprint(cert, QCryptographicHash::Md5) + "\n";
#endif
s += "\n\n";
s += cert.toPem();
return s;
}
static QString nonemptyIssuer(const QSslCertificate &cert)
{
QString issuerText;
static const QSslCertificate::SubjectInfo fields[3] = {
QSslCertificate::Organization,
QSslCertificate::CommonName,
QSslCertificate::OrganizationalUnitName
};
QStringList info;
for (int i = 0; i < 3; i++) {
info = cert.issuerInfo(fields[i]);
if (!info.isEmpty()) {
issuerText = cert.issuerInfo(fields[i]).join(',');
if (!issuerText.isEmpty()) {
return issuerText;
}
}
}
return issuerText;
}
QDebug operator<<(QDebug debug, const QSslCertificate &certificate)
{
debug << "QSslCertificate("
<< certificate.version()
<< ',' << certificate.serialNumber()
<< ',' << certificate.digest().toBase64()
<< ',' << certificate.issuerInfo(QSslCertificate::Organization)
<< ',' << certificate.subjectInfo(QSslCertificate::Organization)
<< ',' << certificate.subjectAlternativeNames()
#ifndef QT_NO_DATESTRING
<< ',' << certificate.effectiveDate()
<< ',' << certificate.expiryDate()
#endif
<< ')';
return debug;
}
QDebug operator<<(QDebug debug, const QSslCertificate &certificate)
{
debug << "QSslCertificate("
<< certificate.version()
<< "," << certificate.serialNumber()
<< "," << certificate.digest()
<< "," << certificate.issuerInfo(QSslCertificate::Organization)
<< "," << certificate.subjectInfo(QSslCertificate::Organization)
<< "," << certificate.alternateSubjectNames()
#ifndef QT_NO_TEXTSTREAM
<< "," << certificate.effectiveDate()
<< "," << certificate.expiryDate()
#endif
<< ")";
return debug;
}
SSLWidget::SSLWidget(const QUrl &url, const WebSslInfo &info, QWidget *parent)
: QMenu(parent)
, m_url(url)
, m_info(info)
{
setAttribute(Qt::WA_DeleteOnClose);
setMinimumWidth(400);
QList<QSslCertificate> certList = m_info.certificateChain();
QSslCertificate cert;
if (!certList.isEmpty())
cert = certList.first();
QList<QStringList> certErrorList = SslInfoDialog::errorsFromString(m_info.certificateErrors());
QStringList firstCertErrorList;
if (!certErrorList.isEmpty())
firstCertErrorList = certErrorList.first();
QGridLayout *layout = new QGridLayout(this);
QLabel *label;
QLabel *imageLabel;
int rows = 0;
// ------------------------------------------------------------------------------------------------------
imageLabel = new QLabel(this);
layout->addWidget(imageLabel, rows , 0, Qt::AlignCenter);
label = new QLabel(this);
label->setWordWrap(true);
label->setText(i18n("Identity"));
QFont f1 = label->font();
f1.setBold(true);
label->setFont(f1);
layout->addWidget(label, rows++, 1);
label = new QLabel(this);
label->setWordWrap(true);
if (cert.isNull())
{
label->setText(i18n("Warning: this site is NOT carrying a certificate."));
imageLabel->setPixmap(KIcon("security-low").pixmap(32));
layout->addWidget(label, rows++, 1);
}
else
{
if (cert.isValid() && firstCertErrorList.isEmpty())
{
label->setText(i18n("The certificate for this site is valid and has been verified by:\n%1.",
Qt::escape(cert.issuerInfo(QSslCertificate::CommonName))));
imageLabel->setPixmap(KIcon("security-high").pixmap(32));
}
else
{
QString c = QL1S("<ul>");
Q_FOREACH(const QString & s, firstCertErrorList)
{
c += QL1S("<li>") + s + QL1S("</li>");
}
c += QL1S("</ul>");
label->setText(i18n("The certificate for this site is NOT valid, for the following reasons:\n%1.", c));
label->setTextFormat(Qt::RichText);
imageLabel->setPixmap(KIcon("security-low").pixmap(32));
}
layout->addWidget(label, rows++, 1);
label = new QLabel(this);
label->setWordWrap(true);
label->setText(QL1S("<a href=\"moresslinfos\">") + i18n("Certificate Information") + QL1S("</a>"));
connect(label, SIGNAL(linkActivated(QString)), this, SLOT(showMoreSslInfos(QString)));
layout->addWidget(label, rows++, 1);
}
void LeechCraft::SslErrorsDialog::PopulateTree (const QSslError& error)
{
QTreeWidgetItem *item = new QTreeWidgetItem (Ui_.Errors_,
QStringList ("Error:") << error.errorString ());
QSslCertificate cer = error.certificate ();
if (cer.isNull ())
{
new QTreeWidgetItem (item,
QStringList (tr ("Certificate")) <<
tr ("(No certificate available for this error)"));
return;
}
new QTreeWidgetItem (item, QStringList (tr ("Valid:")) <<
(cer.isValid () ? tr ("yes") : tr ("no")));
new QTreeWidgetItem (item, QStringList (tr ("Effective date:")) <<
cer.effectiveDate ().toString ());
new QTreeWidgetItem (item, QStringList (tr ("Expiry date:")) <<
cer.expiryDate ().toString ());
new QTreeWidgetItem (item, QStringList (tr ("Version:")) <<
cer.version ());
new QTreeWidgetItem (item, QStringList (tr ("Serial number:")) <<
cer.serialNumber ());
new QTreeWidgetItem (item, QStringList (tr ("MD5 digest:")) <<
cer.digest ().toHex ());
new QTreeWidgetItem (item, QStringList (tr ("SHA1 digest:")) <<
cer.digest (QCryptographicHash::Sha1).toHex ());
QTreeWidgetItem *issuer = new QTreeWidgetItem (item,
QStringList (tr ("Issuer info")));
QString tmpString;
#if QT_VERSION >= 0x050000
auto cvt = [] (const QStringList& list) { return list.join ("; "); };
#else
auto cvt = [] (const QString& str) { return str; };
#endif
tmpString = cvt (cer.issuerInfo (QSslCertificate::Organization));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (issuer,
QStringList (tr ("Organization:")) << tmpString);
tmpString = cvt (cer.issuerInfo (QSslCertificate::CommonName));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (issuer,
QStringList (tr ("Common name:")) << tmpString);
tmpString = cvt (cer.issuerInfo (QSslCertificate::LocalityName));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (issuer,
QStringList (tr ("Locality:")) << tmpString);
tmpString = cvt (cer.issuerInfo (QSslCertificate::OrganizationalUnitName));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (issuer,
QStringList (tr ("Organizational unit name:")) << tmpString);
tmpString = cvt (cer.issuerInfo (QSslCertificate::CountryName));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (issuer,
QStringList (tr ("Country name:")) << tmpString);
tmpString = cvt (cer.issuerInfo (QSslCertificate::StateOrProvinceName));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (issuer,
QStringList (tr ("State or province name:")) << tmpString);
QTreeWidgetItem *subject = new QTreeWidgetItem (item,
QStringList (tr ("Subject info")));
tmpString = cvt (cer.subjectInfo (QSslCertificate::Organization));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (subject,
QStringList (tr ("Organization:")) << tmpString);
tmpString = cvt (cer.subjectInfo (QSslCertificate::CommonName));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (subject,
QStringList (tr ("Common name:")) << tmpString);
tmpString = cvt (cer.subjectInfo (QSslCertificate::LocalityName));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (subject,
QStringList (tr ("Locality:")) << tmpString);
tmpString = cvt (cer.subjectInfo (QSslCertificate::OrganizationalUnitName));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (subject,
QStringList (tr ("Organizational unit name:")) << tmpString);
tmpString = cvt (cer.subjectInfo (QSslCertificate::CountryName));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (subject,
QStringList (tr ("Country name:")) << tmpString);
tmpString = cvt (cer.subjectInfo (QSslCertificate::StateOrProvinceName));
if (!tmpString.isEmpty ())
new QTreeWidgetItem (subject,
QStringList (tr ("State or province name:")) << tmpString);
}
WebsiteInformationDialog::WebsiteInformationDialog(WebWidget *widget, QWidget *parent) : Dialog(parent),
m_sslInformation(widget->getSslInformation()),
m_ui(new Ui::WebsiteInformationDialog)
{
m_ui->setupUi(this);
const WindowsManager::ContentStates state(widget->getContentState());
const QString characterEncoding(widget->getCharacterEncoding());
QString host(widget->getUrl().host());
if (host.isEmpty())
{
host = (widget->getUrl().scheme() == QLatin1String("file") ? QLatin1String("localhost") : tr("(unknown)"));
}
if (state.testFlag(WindowsManager::FraudContentState))
{
m_ui->stateLabel->setText(tr("This website was marked as fraud."));
m_ui->stateIconLabel->setPixmap(ThemesManager::getIcon(QLatin1String("badge-fraud"), false).pixmap(16, 16));
}
else if (state.testFlag(WindowsManager::TrustedContentState))
{
m_ui->stateLabel->setText(tr("Your connection with this website is private."));
m_ui->stateIconLabel->setPixmap(ThemesManager::getIcon(QLatin1String("badge-trusted"), false).pixmap(16, 16));
}
else if (state.testFlag(WindowsManager::SecureContentState))
{
m_ui->stateLabel->setText(tr("Your connection with this website is private."));
m_ui->stateIconLabel->setPixmap(ThemesManager::getIcon(QLatin1String("badge-secure"), false).pixmap(16, 16));
}
else if (state.testFlag(WindowsManager::RemoteContentState))
{
m_ui->stateLabel->setText(tr("Your connection with this website is not private."));
m_ui->stateIconLabel->setPixmap(ThemesManager::getIcon(QLatin1String("badge-remote"), false).pixmap(16, 16));
}
else if (state.testFlag(WindowsManager::LocalContentState))
{
m_ui->stateLabel->setText(tr("You are viewing content from your local filesystem."));
m_ui->stateIconLabel->setPixmap(ThemesManager::getIcon(QLatin1String("badge-local"), false).pixmap(16, 16));
}
else if (state.testFlag(WindowsManager::ApplicationContentState))
{
m_ui->stateLabel->setText(tr("You are viewing safe page from Otter Browser."));
m_ui->stateIconLabel->setPixmap(ThemesManager::getIcon(QLatin1String("otter-browser"), false).pixmap(16, 16));
}
else
{
m_ui->stateLabel->setText(tr("No information."));
m_ui->stateIconLabel->setPixmap(ThemesManager::getIcon(QLatin1String("badge-unknown"), false).pixmap(16, 16));
}
m_ui->hostLabel->setText(host);
m_ui->addressLabelWidget->setText(widget->getUrl().toString());
m_ui->titleLabelWidget->setText(widget->getTitle());
m_ui->encodingLabelWidget->setText(characterEncoding.isEmpty() ? tr("unknown") : characterEncoding);
m_ui->sizeLabelWidget->setText(Utils::formatUnit(widget->getPageInformation(WebWidget::BytesTotalInformation).toLongLong(), false, 1, true));
m_ui->elementsLabelWidget->setText((widget->getPageInformation(WebWidget::RequestsBlockedInformation).toInt() > 0) ? tr("%1 (%n blocked)", "", widget->getPageInformation(WebWidget::RequestsBlockedInformation).toInt()).arg(widget->getPageInformation(WebWidget::RequestsStartedInformation).toInt()) : QString::number(widget->getPageInformation(WebWidget::RequestsStartedInformation).toInt()));
m_ui->downloadDateLabelWidget->setText(Utils::formatDateTime(widget->getPageInformation(WebWidget::LoadingFinishedInformation).toDateTime()));
const QString cookiesPolicy(widget->getOption(SettingsManager::Network_CookiesPolicyOption).toString());
if (cookiesPolicy == QLatin1String("acceptExisting"))
{
m_ui->cookiesValueLabel->setText(tr("Only existing"));
}
else if (cookiesPolicy == QLatin1String("readOnly"))
{
m_ui->cookiesValueLabel->setText(tr("Only read existing"));
}
else if (cookiesPolicy == QLatin1String("ignore"))
{
m_ui->cookiesValueLabel->setText(tr("Never"));
}
else
{
m_ui->cookiesValueLabel->setText(tr("Always"));
}
const QString thirdPartyCookiesPolicy(widget->getOption(SettingsManager::Network_ThirdPartyCookiesPolicyOption).toString());
if (thirdPartyCookiesPolicy == QLatin1String("acceptExisting"))
{
m_ui->thirdPartyCookiesValueLabel->setText(tr("Only existing"));
}
else if (thirdPartyCookiesPolicy == QLatin1String("ignore"))
{
m_ui->thirdPartyCookiesValueLabel->setText(tr("Never"));
}
else
{
m_ui->thirdPartyCookiesValueLabel->setText(tr("Always"));
}
const QString pluginsPolicy(widget->getOption(SettingsManager::Browser_EnablePluginsOption).toString());
if (pluginsPolicy == QLatin1String("enabled"))
{
m_ui->pluginsValueLabel->setText(tr("Always"));
}
else if (pluginsPolicy == QLatin1String("disabled"))
{
m_ui->pluginsValueLabel->setText(tr("Never"));
}
else
{
m_ui->pluginsValueLabel->setText(tr("On demand"));
}
const QString imagesPolicy(widget->getOption(SettingsManager::Browser_EnableImagesOption).toString());
if (imagesPolicy == QLatin1String("onlyCached"))
{
m_ui->imagesValueLabel->setText(tr("Only cached"));
}
else if (imagesPolicy == QLatin1String("disabled"))
{
m_ui->imagesValueLabel->setText(tr("Never"));
}
else
{
m_ui->imagesValueLabel->setText(tr("Always"));
}
m_ui->javascriptValueLabel->setText(widget->getOption(SettingsManager::Browser_EnableJavaScriptOption).toBool() ? tr("Always") : tr("Never"));
const QString geolocationPolicy(widget->getOption(SettingsManager::Browser_EnableGeolocationOption).toString());
if (geolocationPolicy == QLatin1String("enabled"))
{
m_ui->geolocationValueLabel->setText(tr("Always"));
}
else if (geolocationPolicy == QLatin1String("disabled"))
{
m_ui->geolocationValueLabel->setText(tr("Never"));
}
else
{
m_ui->geolocationValueLabel->setText(tr("Always ask"));
}
const QString fullScreenPolicy(widget->getOption(SettingsManager::Browser_EnableFullScreenOption).toString());
if (fullScreenPolicy == QLatin1String("enabled"))
{
m_ui->fullScreenValueLabel->setText(tr("Always"));
}
else if (fullScreenPolicy == QLatin1String("disabled"))
{
m_ui->fullScreenValueLabel->setText(tr("Never"));
}
else
{
m_ui->fullScreenValueLabel->setText(tr("Always ask"));
}
const QString notificationsPolicy(widget->getOption(SettingsManager::Browser_EnableNotificationsOption).toString());
if (notificationsPolicy == QLatin1String("enabled"))
{
m_ui->notificationsValueLabel->setText(tr("Always"));
}
else if (notificationsPolicy == QLatin1String("disabled"))
{
m_ui->notificationsValueLabel->setText(tr("Never"));
}
else
{
m_ui->notificationsValueLabel->setText(tr("Always ask"));
}
const QString popupsPolicy(widget->getOption(SettingsManager::Content_PopupsPolicyOption).toString());
if (popupsPolicy == QLatin1String("openAll"))
{
m_ui->popupsValueLabel->setText(tr("Always"));
}
else if (popupsPolicy == QLatin1String("openAllInBackground"))
{
m_ui->popupsValueLabel->setText(tr("Always (open in backgound)"));
}
else if (popupsPolicy == QLatin1String("blockAll"))
{
m_ui->popupsValueLabel->setText(tr("Never"));
}
else
{
m_ui->popupsValueLabel->setText(tr("Ask"));
}
if (m_sslInformation.certificates.isEmpty())
{
m_ui->tabWidget->setTabEnabled(2, false);
}
else
{
const QSslCertificate certificate(m_sslInformation.certificates.first());
m_ui->certificateIssuedToLabelWidget->setText(certificate.subjectInfo(QSslCertificate::CommonName).join(QLatin1String(", ")));
m_ui->certificateIssuedByLabelWidget->setText(certificate.issuerInfo(QSslCertificate::CommonName).join(QLatin1String(", ")));
m_ui->certificateIssuedOnLabelWidget->setText(Utils::formatDateTime(certificate.effectiveDate()));
m_ui->certificateExpiresOnLabelWidget->setText(Utils::formatDateTime(certificate.expiryDate()));
m_ui->cipherProtocolLabelWidget->setText(m_sslInformation.cipher.protocolString());
m_ui->cipherAuthenticationMethodLabelWidget->setText(m_sslInformation.cipher.authenticationMethod());
m_ui->cipherEncryptionMethodLabelWidget->setText(m_sslInformation.cipher.encryptionMethod());
m_ui->cipherKeyExchangeMethodLabelWidget->setText(m_sslInformation.cipher.keyExchangeMethod());
}
if (m_sslInformation.errors.isEmpty())
{
m_ui->sslErrorsHeaderLabel->hide();
m_ui->sslErrorsViewWidget->hide();
}
else
{
QStandardItemModel *sslErrorsModel(new QStandardItemModel(this));
sslErrorsModel->setHorizontalHeaderLabels(QStringList({tr("Error Message"), tr("URL")}));
for (int i = 0; i < m_sslInformation.errors.count(); ++i)
{
QList<QStandardItem*> items({new QStandardItem(m_sslInformation.errors.at(i).second.errorString()), new QStandardItem(m_sslInformation.errors.at(i).first.toDisplayString())});
items[0]->setFlags(Qt::ItemIsSelectable | Qt::ItemIsEnabled);
items[0]->setToolTip(items[0]->text());
items[1]->setFlags(Qt::ItemIsSelectable | Qt::ItemIsEnabled);
items[1]->setToolTip(items[1]->text());
sslErrorsModel->appendRow(items);
}
m_ui->sslErrorsViewWidget->setModel(sslErrorsModel);
}
setWindowTitle(tr("Information for %1").arg(host));
connect(m_ui->preferencesDetailsButton, SIGNAL(clicked(bool)), this, SLOT(showPreferences()));
connect(m_ui->certificateDetailsButton, SIGNAL(clicked(bool)), this, SLOT(showCertificate()));
}
// necessary indication only, not sufficient for primary validation!
static bool isSelfSigned(const QSslCertificate &certificate)
{
return certificate.issuerInfo(QSslCertificate::CommonName) == certificate.subjectInfo(QSslCertificate::CommonName) &&
certificate.issuerInfo(QSslCertificate::OrganizationalUnitName) == certificate.subjectInfo(QSslCertificate::OrganizationalUnitName);
}
QString SslCertificateMonitor::evaluateCertificateChange( const QString &peerName,
const QSslCertificate &cached,
const QSslCertificate &actual,
bool trusted )
{
// BEWARE: check if the past cert had ssl errors or someone can just spoof
// this stuff trivially. The info on the current cert is only trust-worthy if
// trusted is true.
bool cachedCertIsExpired = (cached.expiryDate() < QDateTime::currentDateTime());
bool issuerIsSame = false;
if ( cached.issuerInfo(QSslCertificate::Organization) == actual.issuerInfo(QSslCertificate::Organization)
&& cached.issuerInfo(QSslCertificate::CommonName) == actual.issuerInfo(QSslCertificate::CommonName)
&& cached.issuerInfo(QSslCertificate::LocalityName) == actual.issuerInfo(QSslCertificate::LocalityName)
&& cached.issuerInfo(QSslCertificate::OrganizationalUnitName) == actual.issuerInfo(QSslCertificate::OrganizationalUnitName)
&& cached.issuerInfo(QSslCertificate::CountryName) == actual.issuerInfo(QSslCertificate::CountryName)
&& cached.issuerInfo(QSslCertificate::StateOrProvinceName) == actual.issuerInfo(QSslCertificate::StateOrProvinceName) )
{
issuerIsSame = true;
}
bool cachedWasSelfSigned = false;
if ( cached.issuerInfo(QSslCertificate::Organization) == cached.subjectInfo(QSslCertificate::Organization)
&& cached.issuerInfo(QSslCertificate::CommonName) == cached.subjectInfo(QSslCertificate::CommonName)
&& cached.issuerInfo(QSslCertificate::LocalityName) == cached.subjectInfo(QSslCertificate::LocalityName)
&& cached.issuerInfo(QSslCertificate::OrganizationalUnitName) == cached.subjectInfo(QSslCertificate::OrganizationalUnitName)
&& cached.issuerInfo(QSslCertificate::CountryName) == cached.subjectInfo(QSslCertificate::CountryName)
&& cached.issuerInfo(QSslCertificate::StateOrProvinceName) == cached.subjectInfo(QSslCertificate::StateOrProvinceName) )
{
cachedWasSelfSigned = true;
}
bool actualIsSelfSigned = false;
if ( actual.issuerInfo(QSslCertificate::Organization) == actual.subjectInfo(QSslCertificate::Organization)
&& actual.issuerInfo(QSslCertificate::CommonName) == actual.subjectInfo(QSslCertificate::CommonName)
&& actual.issuerInfo(QSslCertificate::LocalityName) == actual.subjectInfo(QSslCertificate::LocalityName)
&& actual.issuerInfo(QSslCertificate::OrganizationalUnitName) == actual.subjectInfo(QSslCertificate::OrganizationalUnitName)
&& actual.issuerInfo(QSslCertificate::CountryName) == actual.subjectInfo(QSslCertificate::CountryName)
&& actual.issuerInfo(QSslCertificate::StateOrProvinceName) == actual.subjectInfo(QSslCertificate::StateOrProvinceName) )
{
actualIsSelfSigned = true;
}
/**
* We have the following metrics with which to evaluate the certificate:
* cachedCertIsExpired
* issuerIsSame
* cachedWasSelfSigned
* actualIsSelfSigned
* trusted
*
* Note that just because the certs are not self-signed doesn't mean the
* CA that signed them is trusted, ideally we would be able to verify the
* chain directly from the cert but the API does not allow this. For now,
* we check if the current cert had any SSL errors by passing it in via
* the 'trusted' variable.
*/
if ( cachedCertIsExpired && issuerIsSame && trusted ) {
QString message = tr("This is probably fine, but the certificate for %1 has changed " \
"since you previously visited. The old certificate has now " \
"expired and the new one is valid and from the same issuer.");
message = message.arg(peerName);
return message;
}
else if ( cachedCertIsExpired && trusted ) {
// issuerIsSame == false
QString message = tr("This is probably fine, but the certificate for %1 has changed " \
"since you previously visited. The old certificate has now " \
"expired and the new one is valid. T new certificate is from " \
"a different issuer however.");
message = message.arg(peerName);
return message;
}
else if ( !cachedCertIsExpired && issuerIsSame && trusted ) {
QString message = tr("This is a bit suspicious, the certificate for %1 has changed " \
"since you previously visited, even though the old certificate " \
"would still be fine. The new one is valid and from the same "
"issuer.");
message = message.arg(peerName);
return message;
}
else if ( !cachedCertIsExpired && !issuerIsSame && cachedWasSelfSigned && trusted ) {
QString message = tr("This is probably a good thing, but the certificate for %1 " \
"has changed since you previously visited. The old certificate " \
"was self-signed, and the new one has been issued by a trusted " \
"authority.");
message = message.arg(peerName);
return message;
}
else if ( !cachedCertIsExpired && !issuerIsSame && cachedWasSelfSigned && actualIsSelfSigned ) {
QString message = tr("This is suspicious, the certificate for %1 has changed since you " \
"previously visited. The old certificate was self-signed and has not " \
"expired yet, the new one is self-signed as well, so we can't verify it.");
message = message.arg(peerName);
return message;
}
else if ( !cachedCertIsExpired && !issuerIsSame && !cachedWasSelfSigned && actualIsSelfSigned ) {
QString message = tr("This is highly suspicious, you should not trust this site at the moment. " \
"The certificate for %1 has changed since you previously visited, the old " \
"certificate was not self-signed and has not expired yet, but the new one " \
"is self-signed.");
message = message.arg(peerName);
return message;
}
}
void CertificateDialog::updateValue()
{
const QSslCertificate certificate(m_certificates.value(m_ui->chainItemView->currentIndex().data(Qt::UserRole).toInt()));
const CertificateField field(static_cast<CertificateField>(m_ui->detailsItemView->currentIndex().data(Qt::UserRole).toInt()));
m_ui->valueTextEdit->clear();
switch (field)
{
case ValidityField:
case PublicKeyField:
case ExtensionsField:
case DigestField:
break;
case VersionField:
m_ui->valueTextEdit->setPlainText(QString(certificate.version()));
break;
case SerialNumberField:
m_ui->valueTextEdit->setPlainText(formatHex(QString(certificate.serialNumber()), QLatin1Char(':')));
break;
case SignatureAlgorithmField:
m_ui->valueTextEdit->setPlainText(QRegularExpression(QLatin1String("Signature Algorithm:(.+)")).match(certificate.toText()).captured(1).trimmed());
break;
case IssuerField:
{
const QList<QByteArray> attributes(certificate.issuerInfoAttributes());
for (int i = 0; i < attributes.count(); ++i)
{
m_ui->valueTextEdit->appendPlainText(QStringLiteral("%1 = %2").arg(QString(attributes.at(i))).arg(certificate.issuerInfo(attributes.at(i)).join(QLatin1String(", "))));
}
}
break;
case ValidityNotBeforeField:
m_ui->valueTextEdit->setPlainText(certificate.effectiveDate().toString(QLatin1String("yyyy-MM-dd hh:mm:ss t")));
break;
case ValidityNotAfterField:
m_ui->valueTextEdit->setPlainText(certificate.expiryDate().toString(QLatin1String("yyyy-MM-dd hh:mm:ss t")));
break;
case SubjectField:
{
const QList<QByteArray> attributes(certificate.subjectInfoAttributes());
for (int i = 0; i < attributes.count(); ++i)
{
m_ui->valueTextEdit->appendPlainText(QStringLiteral("%1 = %2").arg(QString(attributes.at(i))).arg(certificate.subjectInfo(attributes.at(i)).join(QLatin1String(", "))));
}
}
break;
case PublicKeyValueField:
{
const QRegularExpression expression(QLatin1String("Public-Key:[.\\s\\S]+Modulus:([.\\s\\S]+)Exponent:(.+)"), QRegularExpression::MultilineOption);
const QRegularExpressionMatch match(expression.match(certificate.toText()));
if (match.hasMatch())
{
m_ui->valueTextEdit->setPlainText(tr("Modulus:\n%1\n\nExponent: %2").arg(formatHex(match.captured(1).trimmed().mid(3))).arg(match.captured(2).trimmed()));
}
}
break;
case PublicKeyAlgorithmField:
m_ui->valueTextEdit->setPlainText(QRegularExpression(QLatin1String("Public Key Algorithm:(.+)")).match(certificate.toText()).captured(1).trimmed());
break;
case ExtensionField:
{
const QSslCertificateExtension extension(certificate.extensions().value(m_ui->detailsItemView->currentIndex().data(Qt::UserRole + 1).toInt()));
m_ui->valueTextEdit->setPlainText(extension.isCritical() ? tr("Critical") : tr("Not Critical"));
m_ui->valueTextEdit->appendPlainText(tr("OID: %1").arg(extension.oid()));
if (!extension.value().isNull())
{
m_ui->valueTextEdit->appendPlainText(tr("Value:"));
if (extension.value().type() == QVariant::List)
{
const QVariantList list(extension.value().toList());
for (int i = 0; i < list.count(); ++i)
{
m_ui->valueTextEdit->appendPlainText(list.at(i).toString());
}
}
else if (extension.value().type() == QVariant::Map)
{
const QVariantMap map(extension.value().toMap());
QVariantMap::const_iterator iterator;
for (iterator = map.constBegin(); iterator != map.constEnd(); ++iterator)
{
m_ui->valueTextEdit->appendPlainText(QStringLiteral("%1 = %2").arg(iterator.key()).arg(iterator.value().toString()));
}
}
else
{
m_ui->valueTextEdit->appendPlainText(extension.value().toString());
}
}
}
break;
case DigestSha1Field:
m_ui->valueTextEdit->setPlainText(formatHex(QString(certificate.digest(QCryptographicHash::Sha1).toHex())));
break;
case DigestSha256Field:
m_ui->valueTextEdit->setPlainText(formatHex(QString(certificate.digest(QCryptographicHash::Sha256).toHex())));
break;
default:
break;
}
QTextCursor cursor(m_ui->valueTextEdit->textCursor());
cursor.setPosition(0);
m_ui->valueTextEdit->setTextCursor(cursor);
}