void NetworkAccessManager::loadSettings() { QSettings settings; settings.beginGroup(QLatin1String("proxy")); QNetworkProxy proxy; if (settings.value(QLatin1String("enabled"), false).toBool()) { if (settings.value(QLatin1String("type"), 0).toInt() == 0) proxy.setType(QNetworkProxy::Socks5Proxy); else proxy.setType(QNetworkProxy::HttpProxy); proxy.setHostName(settings.value(QLatin1String("hostName")).toString()); proxy.setPort(settings.value(QLatin1String("port"), 1080).toInt()); proxy.setUser(settings.value(QLatin1String("userName")).toString()); proxy.setPassword(settings.value(QLatin1String("password")).toString()); } setProxy(proxy); settings.endGroup(); #ifndef QT_NO_OPENSSL QSslConfiguration sslCfg = QSslConfiguration::defaultConfiguration(); QList<QSslCertificate> ca_list = sslCfg.caCertificates(); QList<QSslCertificate> ca_new = QSslCertificate::fromData(settings.value(QLatin1String("CaCertificates")).toByteArray()); ca_list += ca_new; sslCfg.setCaCertificates(ca_list); QSslConfiguration::setDefaultConfiguration(sslCfg); #endif }
BluecherryApp::BluecherryApp() : nam(new QNetworkAccessManager(this)), liveView(new LiveViewManager(this)), globalRate(new TransferRateCalculator(this)), m_updateChecker(0), m_livePaused(false), m_inPauseQuery(false), m_screensaverInhibited(false), m_screensaveValue(0) { Q_ASSERT(!bcApp); bcApp = this; m_serverRepository = new DVRServerRepository(this); connect(qApp, SIGNAL(aboutToQuit()), SLOT(aboutToQuit())); appIcon.addFile(QLatin1String(":/icons/icon16.png")); appIcon.addFile(QLatin1String(":/icons/icon32.png")); appIcon.addFile(QLatin1String(":/icons/icon64.png")); appIcon.addFile(QLatin1String(":/icons/bluecherry-client.png")); qApp->setWindowIcon(appIcon); connect(nam, SIGNAL(sslErrors(QNetworkReply*,QList<QSslError>)), SLOT(sslErrors(QNetworkReply*,QList<QSslError>))); /* Don't use the system CAs to verify certificates */ QSslConfiguration sslConfig = QSslConfiguration::defaultConfiguration(); sslConfig.setCaCertificates(QList<QSslCertificate>()); #if QT_VERSION >= 0x040800 /* SNI breaks connections (before sslError, even) when the hostname does * not match the server. */ sslConfig.setSslOption(QSsl::SslOptionDisableServerNameIndication, true); #endif QSslConfiguration::setDefaultConfiguration(sslConfig); loadServers(); if (shouldAddLocalServer()) addLocalServer(); autoConnectServers(); sendSettingsChanged(); m_updateChecker = new UpdateChecker(nam, this); connect(m_updateChecker, SIGNAL(newVersionAvailable(Version)), this, SLOT(newVersionAvailable(Version))); QSettings settings; if (!settings.value(QLatin1String("ui/disableUpdateNotifications"), false).toBool()) { startUpdateChecker(); } m_mediaDownloadManager = new MediaDownloadManager(this); m_mediaDownloadManager->setCookieJar(nam->cookieJar()); m_eventDownloadManager = new EventDownloadManager(this); connect(m_serverRepository, SIGNAL(serverRemoved(DVRServer*)), m_eventDownloadManager, SLOT(serverRemoved(DVRServer*))); registerVideoPlayerFactory(); connect(qApp, SIGNAL(commitDataRequest(QSessionManager&)), this, SLOT(commitDataRequest(QSessionManager&))); connect(qApp, SIGNAL(aboutToQuit()), this, SLOT(saveSettings())); }
void OAuthWebViewHandler::addHighFidelityRootCAToSSLConfig() { QSslConfiguration sslConfig = QSslConfiguration::defaultConfiguration(); // add the High Fidelity root CA to the list of trusted CA certificates QByteArray highFidelityCACertificate(HIGH_FIDELITY_CA, sizeof(HIGH_FIDELITY_CA)); sslConfig.setCaCertificates(sslConfig.caCertificates() + QSslCertificate::fromData(highFidelityCACertificate)); // set the modified configuration QSslConfiguration::setDefaultConfiguration(sslConfig); }
LoginTester::LoginTester(QString username, QString password, int maxcount, QWidget *parent) : QDialog(parent, Qt::FramelessWindowHint), ui(new Ui::LoginTester) { ui->setupUi(this); ui->button->hide(); // Initialisieren der Variablen tryCounter = 0; this->maxTries = maxcount; this->username = username; this->password = password; // Initialisieren des NetworkManagers und der Slots manager = new QNetworkAccessManager(qApp); QFile cert(":/certs/l2p"); cert.open(QFile::ReadOnly); QList<QSslCertificate> newCertificates = QSslCertificate::fromData(cert.readAll(),QSsl::Der); cert.close(); QSslCertificate newCertificate = newCertificates.first(); QFile cert2(":/certs/utn"); cert2.open(QFile::ReadOnly); QList<QSslCertificate> newCertificates2 = QSslCertificate::fromData(cert2.readAll(),QSsl::Der); cert2.close(); QSslCertificate newCertificate2 = newCertificates2.first(); QFile cert3(":/certs/ssl"); cert3.open(QFile::ReadOnly); QList<QSslCertificate> newCertificates3 = QSslCertificate::fromData(cert3.readAll(),QSsl::Der); cert3.close(); QSslCertificate newCertificate3 = newCertificates3.first(); QSslConfiguration newSslConfiguration = QSslConfiguration::defaultConfiguration(); newCertificates = newSslConfiguration.caCertificates(); newCertificates.append(newCertificate); newCertificates.append(newCertificate2); newCertificates.append(newCertificate3); newSslConfiguration.setCaCertificates(newCertificates); QSslConfiguration::setDefaultConfiguration(newSslConfiguration); QSslConfiguration newSslConfiguration2 = QSslConfiguration::defaultConfiguration(); newCertificates2 = newSslConfiguration2.caCertificates(); foreach (QSslCertificate c, newCertificates2) { QStringList list = QStringList(c.subjectInfo(QSslCertificate::CommonName)); for(QStringList::iterator i = list.begin(); i != list.end(); i++){ qDebug(i->toLatin1()); } }
void NetworkAccessManager::sslErrors(QNetworkReply *reply, const QList<QSslError> &error) { BrowserMainWindow *mainWindow = BrowserApplication::instance()->mainWindow(); QSettings settings; QList<QSslCertificate> ca_merge = QSslCertificate::fromData(settings.value(QLatin1String("CaCertificates")).toByteArray()); QList<QSslCertificate> ca_new; QStringList errorStrings; for (int i = 0; i < error.count(); ++i) { if (ca_merge.contains(error.at(i).certificate())) continue; errorStrings += error.at(i).errorString(); if (!error.at(i).certificate().isNull()) { ca_new.append(error.at(i).certificate()); } } if (errorStrings.isEmpty()) { reply->ignoreSslErrors(); return; } QString errors = errorStrings.join(QLatin1String("\n")); int ret = QMessageBox::warning(mainWindow, QCoreApplication::applicationName(), tr("SSL Errors:\n\n%1\n\n%2\n\n" "Do you want to ignore these errors?").arg(reply->url().toString()).arg(errors), QMessageBox::Yes | QMessageBox::No, QMessageBox::No); if (ret == QMessageBox::Yes) { if (ca_new.count() > 0) { ret = QMessageBox::question(mainWindow, QCoreApplication::applicationName(), tr("Do you want to accept all these certificates?"), QMessageBox::Yes | QMessageBox::No, QMessageBox::No); if (ret == QMessageBox::Yes) { ca_merge += ca_new; QSslConfiguration sslCfg = QSslConfiguration::defaultConfiguration(); QList<QSslCertificate> ca_list = sslCfg.caCertificates(); ca_list += ca_new; sslCfg.setCaCertificates(ca_list); QSslConfiguration::setDefaultConfiguration(sslCfg); reply->setSslConfiguration(sslCfg); QByteArray pems; for (int i = 0; i < ca_merge.count(); ++i) pems += ca_merge.at(i).toPem() + '\n'; settings.setValue(QLatin1String("CaCertificates"), pems); } } reply->ignoreSslErrors(); } }
void NetworkAccessManager::loadSettings() { QSettings settings; settings.beginGroup(QLatin1String("proxy")); QNetworkProxy proxy; if (settings.value(QLatin1String("enabled"), false).toBool()) { int proxyType = settings.value(QLatin1String("type"), 0).toInt(); if (proxyType == 0) proxy = QNetworkProxy::Socks5Proxy; else if (proxyType == 1) proxy = QNetworkProxy::HttpProxy; else { // 2 proxy.setType(QNetworkProxy::HttpCachingProxy); #if QT_VERSION >= 0x040500 proxy.setCapabilities(QNetworkProxy::CachingCapability | QNetworkProxy::HostNameLookupCapability); #endif } proxy.setHostName(settings.value(QLatin1String("hostName")).toString()); proxy.setPort(settings.value(QLatin1String("port"), 1080).toInt()); proxy.setUser(settings.value(QLatin1String("userName")).toString()); proxy.setPassword(settings.value(QLatin1String("password")).toString()); } #if QT_VERSION >= 0x040500 NetworkProxyFactory *proxyFactory = new NetworkProxyFactory; if (proxy.type() == QNetworkProxy::HttpCachingProxy) { proxyFactory->setHttpProxy(proxy); proxyFactory->setGlobalProxy(QNetworkProxy::DefaultProxy); } else { proxyFactory->setHttpProxy(QNetworkProxy::DefaultProxy); proxyFactory->setGlobalProxy(proxy); } setProxyFactory(proxyFactory); #else setProxy(proxy); #endif settings.endGroup(); #ifndef QT_NO_OPENSSL QSslConfiguration sslCfg = QSslConfiguration::defaultConfiguration(); QList<QSslCertificate> ca_list = sslCfg.caCertificates(); QList<QSslCertificate> ca_new = QSslCertificate::fromData(settings.value(QLatin1String("CaCertificates")).toByteArray()); ca_list += ca_new; sslCfg.setCaCertificates(ca_list); QSslConfiguration::setDefaultConfiguration(sslCfg); #endif settings.beginGroup(QLatin1String("network")); QStringList acceptList = settings.value(QLatin1String("acceptLanguages"), AcceptLanguageDialog::defaultAcceptList()).toStringList(); acceptLanguage = AcceptLanguageDialog::httpString(acceptList); settings.endGroup(); }
bool KIO::Integration::sslConfigFromMetaData(const KIO::MetaData& metadata, QSslConfiguration& sslconfig) { bool success = false; if (metadata.contains(QL1S("ssl_in_use"))) { const QSsl::SslProtocol sslProto = qSslProtocolFromString(metadata.value(QL1S("ssl_protocol_version"))); QList<QSslCipher> cipherList; cipherList << QSslCipher(metadata.value(QL1S("ssl_cipher_name")), sslProto); sslconfig.setCaCertificates(QSslCertificate::fromData(metadata.value(QL1S("ssl_peer_chain")).toUtf8())); sslconfig.setCiphers(cipherList); sslconfig.setProtocol(sslProto); success = sslconfig.isNull(); } return success; }
QJsonDocument Picasa::getJsonDocument(QUrl url){ QNetworkRequest request(url); request.setSslConfiguration(QSslConfiguration::defaultConfiguration()); // TODO: install ssl certificate maybe solved in qt 5.1 QSslConfiguration sslConfig = request.sslConfiguration(); QList<QSslCertificate> certs = QSslCertificate::fromPath(":/plugins/picasa-download/picasacrt"); sslConfig.setCaCertificates(certs); request.setSslConfiguration(sslConfig); QNetworkAccessManager manager; QNetworkReply *reply = manager.get(request); QEventLoop loop; QObject::connect(reply, SIGNAL(finished()), &loop, SLOT(quit())); loop.exec(); QByteArray rep = reply->readAll(); return QJsonDocument().fromJson(rep); }
QSslConfiguration Account::getOrCreateSslConfig() { if (!_sslConfiguration.isNull()) { // Will be set by CheckServerJob::finished() // We need to use a central shared config to get SSL session tickets return _sslConfiguration; } // if setting the client certificate fails, you will probably get an error similar to this: // "An internal error number 1060 happened. SSL handshake failed, client certificate was requested: SSL error: sslv3 alert handshake failure" QSslConfiguration sslConfig = QSslConfiguration::defaultConfiguration(); QSslCertificate sslClientCertificate; ConfigFile cfgFile; if(!cfgFile.certificatePath().isEmpty() && !cfgFile.certificatePasswd().isEmpty()) { resultP12ToPem certif = p12ToPem(cfgFile.certificatePath().toStdString(), cfgFile.certificatePasswd().toStdString()); QString s = QString::fromStdString(certif.Certificate); QByteArray ba = s.toLocal8Bit(); this->setCertificate(ba, QString::fromStdString(certif.PrivateKey)); } if((!_pemCertificate.isEmpty())&&(!_pemPrivateKey.isEmpty())) { // Read certificates QList<QSslCertificate> sslCertificateList = QSslCertificate::fromData(_pemCertificate, QSsl::Pem); if(sslCertificateList.length() != 0) { sslClientCertificate = sslCertificateList.takeAt(0); } // Read key from file QSslKey privateKey(_pemPrivateKey.toLocal8Bit(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey , ""); // SSL configuration sslConfig.setCaCertificates(QSslSocket::systemCaCertificates()); sslConfig.setLocalCertificate(sslClientCertificate); sslConfig.setPrivateKey(privateKey); qDebug() << "Added SSL client certificate to the query"; } #if QT_VERSION > QT_VERSION_CHECK(5, 2, 0) // Try hard to re-use session for different requests sslConfig.setSslOption(QSsl::SslOptionDisableSessionTickets, false); sslConfig.setSslOption(QSsl::SslOptionDisableSessionSharing, false); sslConfig.setSslOption(QSsl::SslOptionDisableSessionPersistence, false); #endif return sslConfig; }
QPixmap AlbumWidget::getPixmap(QString url){ QByteArray bytes; QNetworkRequest request(url); request.setSslConfiguration(QSslConfiguration::defaultConfiguration()); QSslConfiguration sslConfig = request.sslConfiguration(); QList<QSslCertificate> certs = QSslCertificate::fromPath(":/plugins/picasa-download/picasacrt"); sslConfig.setCaCertificates(certs); request.setSslConfiguration(sslConfig); QNetworkAccessManager manager; QNetworkReply *reply = manager.get(request); QEventLoop loop; QObject::connect(reply, SIGNAL(finished()), &loop, SLOT(quit())); loop.exec(); bytes = reply->readAll(); QImage img; img.loadFromData(bytes); return QPixmap::fromImage(img.scaledToHeight(32)); }
bool KDSoapUnitTestHelpers::setSslConfiguration() { initResource(); // To make SSL work, we need to tell Qt about our local certificate // Both ways work: #if 0 QSslConfiguration defaultConfig = QSslConfiguration::defaultConfiguration(); QFile certFile(QString::fromLatin1(":/certs/cacert.pem")); if (!certFile.open(QIODevice::ReadOnly)) { qDebug() << "Could not open cacert.pem"; return false; } QSslCertificate cert(&certFile); if (!cert.isValid()) return false; defaultConfig.setCaCertificates(QList<QSslCertificate>() << cert); QSslConfiguration::setDefaultConfiguration(defaultConfig); #endif QFile certFile(QString::fromLatin1(":/certs/cacert.pem")); if (!certFile.open(QIODevice::ReadOnly)) { qDebug() << "Could not open cacert.pem"; return false; } QSslCertificate cert(&certFile); const QDateTime currentTime = QDateTime::currentDateTime(); if (cert.effectiveDate() > currentTime || cert.expiryDate() < currentTime) { qDebug() << "Certificate" << certFile.fileName() << "is not valid"; qDebug() << "It is valid from" << cert.effectiveDate() << "to" << cert.expiryDate(); return false; } QSslSocket::addDefaultCaCertificate(cert); return true; }
ReceiveCoinsDialog::ReceiveCoinsDialog(const PlatformStyle* platformStyle, QWidget* parent) : QDialog(parent) , ui(new Ui::ReceiveCoinsDialog) , model(0) , platformStyle(platformStyle) #if defined(HAVE_WEBENGINE_VIEW) || defined(HAVE_WEBKIT) , buyView(NULL) #endif , buyReceiveAddress(NULL) , currentAccount(NULL) { ui->setupUi(this); ui->accountRequestPaymentButton->setCursor(Qt::PointingHandCursor); ui->accountBuyGuldenButton->setCursor(Qt::PointingHandCursor); ui->accountBuyButton->setCursor(Qt::PointingHandCursor); ui->accountSaveQRButton->setCursor(Qt::PointingHandCursor); ui->accountCopyToClipboardButton->setCursor(Qt::PointingHandCursor); ui->cancelButton->setCursor(Qt::PointingHandCursor); ui->closeButton->setCursor(Qt::PointingHandCursor); ui->generateRequestButton->setCursor(Qt::PointingHandCursor); ui->generateAnotherRequestButton->setCursor(Qt::PointingHandCursor); connect(ui->accountCopyToClipboardButton, SIGNAL(clicked()), this, SLOT(copyAddressToClipboard())); connect(ui->accountBuyGuldenButton, SIGNAL(clicked()), this, SLOT(showBuyGuldenDialog())); connect(ui->accountBuyButton, SIGNAL(clicked()), this, SLOT(buyGulden())); connect(ui->accountSaveQRButton, SIGNAL(clicked()), this, SLOT(saveQRAsImage())); connect(ui->accountRequestPaymentButton, SIGNAL(clicked()), this, SLOT(gotoRequestPaymentPage())); connect(ui->generateAnotherRequestButton, SIGNAL(clicked()), this, SLOT(gotoRequestPaymentPage())); connect(ui->cancelButton, SIGNAL(clicked()), this, SLOT(cancelRequestPayment())); connect(ui->closeButton, SIGNAL(clicked()), this, SLOT(cancelRequestPayment())); connect(ui->generateRequestButton, SIGNAL(clicked()), this, SLOT(generateRequest())); updateAddress(""); gotoReceievePage(); #ifdef HAVE_WEBENGINE_VIEW buyView = new WebEngineView(this); buyView->setAttribute(Qt::WA_TranslucentBackground); ui->buyGuldenPageLayout->addWidget(buyView); buyView->show(); ui->loadingAnimationLabel->setObjectName("buy_page_error_text"); #elif defined(HAVE_WEBKIT) buyView = new WebView(this); buyView->settings()->setAttribute(QWebSettings::JavascriptEnabled, true); buyView->settings()->setAttribute(QWebSettings::JavascriptCanOpenWindows, true); buyView->settings()->setAttribute(QWebSettings::JavascriptCanCloseWindows, true); buyView->settings()->setAttribute(QWebSettings::PrivateBrowsingEnabled, true); buyView->settings()->setAttribute(QWebSettings::JavascriptCanAccessClipboard, false); buyView->settings()->setAttribute(QWebSettings::SpatialNavigationEnabled, true); buyView->settings()->setAttribute(QWebSettings::LocalContentCanAccessRemoteUrls, true); buyView->settings()->setAttribute(QWebSettings::DeveloperExtrasEnabled, true); #ifdef MAC_OSX QSslConfiguration sslCfg = QSslConfiguration::defaultConfiguration(); QList<QSslCertificate> ca_list = sslCfg.caCertificates(); QList<QSslCertificate> ca_new = QSslCertificate::fromData("CaCertificates"); ca_list += ca_new; sslCfg.setCaCertificates(ca_list); sslCfg.setProtocol(QSsl::AnyProtocol); QSslConfiguration::setDefaultConfiguration(sslCfg); connect(buyView->page()->networkAccessManager(), SIGNAL(sslErrors(QNetworkReply*, const QList<QSslError>&)), this, SLOT(sslErrorHandler(QNetworkReply*, const QList<QSslError>&))); #endif ui->buyGuldenPageLayout->addWidget(buyView); buyView->show(); ui->loadingAnimationLabel->setObjectName("buy_page_error_text"); #else ui->accountBuyGuldenButton->setVisible(false); #endif }
void resetNetworkRequest(QNetworkRequest * request){ QSslConfiguration config = request->sslConfiguration(); config.setCaCertificates(QSslCertificate::fromPath("../TwitterQT2/trusted rootCAs/*/*",QSsl::Pem,QRegExp::WildcardUnix)); request->setSslConfiguration(config); }
void OcNetwork::sslErrorHandler(QNetworkReply* rep,const QList<QSslError> &errors) { QVariantMap account = config.getAccount(); bool ignoreSSLerrors = false; if (account["state"].toInt() == 0) { ignoreSSLerrors = account["ignoresslerror"].toBool(); } if (ignoreSSLerrors) { rep->ignoreSslErrors(); QLOG_WARN() << "Network: ignore SSL errors"; } else { foreach (const QSslError &error, errors) { QLOG_ERROR() << "Network SSL error: " << error.errorString(); } // get certificate checksum QString checksum = QString::fromLatin1(rep->sslConfiguration().peerCertificateChain().last().digest(QCryptographicHash::Md5).toHex().toLower()); // set string for temporary file path QString filePath(QDir::homePath()); filePath.append(BASE_PATH).append(QDir::separator()).append(checksum).append(".der"); // store server certificate temporary QFile x509Temp(filePath); x509Temp.open(QIODevice::WriteOnly); x509Temp.write(rep->sslConfiguration().peerCertificateChain().last().toDer()); x509Temp.close(); #if defined(MEEGO_EDITION_HARMATTAN) // set credential int credSuc = aegis_certman_set_credentials("buschtrommel-ocnews::CertOCNewsSSL"); if (credSuc != 0) qDebug() << "set credential error: " << credSuc; // open file for X509 struct FILE * crtFile; crtFile = fopen(filePath.toAscii().data(), "r"); if (crtFile == NULL) qDebug() << "Can not open cert file."; X509 * crt; crt = d2i_X509_fp(crtFile, NULL); if (crt == NULL) qDebug() << "Error importing X509 Certificate"; // get server key id aegis_key_id crtKeyId; aegis_certman_get_key_id(crt, crtKeyId); // open ssl domain domain_handle ownDomain; int openCheck = aegis_certman_open_domain("ssl-ocnews", AEGIS_CERTMAN_DOMAIN_PRIVATE, &ownDomain); if (openCheck != 0) QLOG_ERROR() << "Network: Error Opening SSL Domain: " << openCheck; int guiCheck = aegis_certman_gui_check_certificate(crt, 120); QLOG_INFO() << "Network Certificate check: " << guiCheck; if (guiCheck == 0) { // check if cert is already in domain X509 * storedCert; int loadStoredCert = aegis_certman_load_cert(ownDomain, crtKeyId, &storedCert); if (loadStoredCert == 0 && storedCert != NULL) { QLOG_INFO() << "Network Load Cert: " << loadStoredCert; // convert internal X509 structure to DER int len; unsigned char *buf; buf = NULL; len = i2d_X509(storedCert, &buf); if (len > 0) { // create Qt Certificate from buffer QByteArray buffer(reinterpret_cast<const char*>(buf), len); QSslCertificate sslCert(buffer, QSsl::Der); // create list and append cert QList<QSslCertificate> sslCerts; sslCerts.append(sslCert); // put ssl into ssl error for ignored errors QSslError sslError(QSslError::SelfSignedCertificate, sslCerts.at(0)); QList<QSslError> expectedSslErrors; expectedSslErrors.append(sslError); // add certificate to socket and current configuration QSslSocket::addDefaultCaCertificates(sslCerts); QList<QSslCipher> ciphers = rep->sslConfiguration().ciphers(); QSslConfiguration sslConfig; sslConfig.setCiphers(ciphers); sslConfig.setCaCertificates(sslCerts); rep->setSslConfiguration(sslConfig); // ignore only this ssl error rep->ignoreSslErrors(expectedSslErrors); } else { QLOG_ERROR() << "Network: Can not decode cert to DER."; } } else { int addCheck = aegis_certman_add_cert(ownDomain, crt); QLOG_INFO() << "Network Add Cert: " << addCheck; // convert internal X509 structure to DER int len; unsigned char *buf; buf = NULL; len = i2d_X509(crt, &buf); if (len > 0) { // create Qt Certificate from buffer QByteArray buffer(reinterpret_cast<const char*>(buf), len); QSslCertificate sslCert(buffer, QSsl::Der); // create list and append cert QList<QSslCertificate> sslCerts; sslCerts.append(sslCert); // put ssl into ssl error for ignored errors QSslError sslError(QSslError::SelfSignedCertificate, sslCerts.at(0)); QList<QSslError> expectedSslErrors; expectedSslErrors.append(sslError); // add certificate to socket and current configuration QSslSocket::addDefaultCaCertificates(sslCerts); QList<QSslCipher> ciphers = rep->sslConfiguration().ciphers(); QSslConfiguration sslConfig; sslConfig.setCiphers(ciphers); sslConfig.setCaCertificates(sslCerts); rep->setSslConfiguration(sslConfig); // ignore only these ssl error rep->ignoreSslErrors(expectedSslErrors); } else { QLOG_ERROR() << "Network: Can not decode cert to DER."; } } } else { // remove cert if not approved int removeCheck = aegis_certman_rm_cert(ownDomain, crtKeyId); QLOG_INFO() << "Network Remove Cert: " << removeCheck; } aegis_certman_close_domain(ownDomain); x509Temp.remove(); // remove temporary cert file #else // rep->ignoreSslErrors(); rep->abort(); QLOG_WARN() << "Abort network operation..."; #endif } }
MobileDialog::MobileDialog( QWidget *parent ) : QDialog( parent ) { mobileResults["START"] = tr("Signing in process"); mobileResults["REQUEST_OK"] = tr("Request accepted"); mobileResults["EXPIRED_TRANSACTION"] = tr("Request timeout"); mobileResults["USER_CANCEL"] = tr("User denied or cancelled"); mobileResults["SIGNATURE"] = tr("Got signature"); mobileResults["OUTSTANDING_TRANSACTION"] = tr("Request pending"); mobileResults["MID_NOT_READY"] = tr("Mobile-ID not ready, try again later"); mobileResults["PHONE_ABSENT"] = tr("Phone absent"); mobileResults["SENDING_ERROR"] = tr("Request sending error"); mobileResults["SIM_ERROR"] = tr("SIM error"); mobileResults["INTERNAL_ERROR"] = tr("Service internal error"); mobileResults["OCSP_UNAUTHORIZED"] = tr("Not allowed to use OCSP service!<br/>Please check your server access sertificate."); mobileResults["HOSTNOTFOUND"] = tr("Connecting to SK server failed!<br/>Please check your internet connection."); mobileResults["User is not a Mobile-ID client"] = tr("User is not a Mobile-ID client"); mobileResults["ID and phone number do not match"] = tr("ID and phone number do not match"); mobileResults["Certificate status unknown"] = tr("Your Mobile-ID service is not activated."); mobileResults["Certificate is revoked"] = tr("Mobile-ID user certificates are revoked or suspended."); setupUi( this ); code->setBuddy( signProgressBar ); statusTimer = new QTimeLine( signProgressBar->maximum() * 1000, this ); statusTimer->setCurveShape( QTimeLine::LinearCurve ); statusTimer->setFrameRange( signProgressBar->minimum(), signProgressBar->maximum() ); connect( statusTimer, SIGNAL(frameChanged(int)), signProgressBar, SLOT(setValue(int)) ); connect( statusTimer, SIGNAL(finished()), SLOT(endProgress()) ); manager = new QNetworkAccessManager( this ); connect( manager, SIGNAL(finished(QNetworkReply*)), SLOT(finished(QNetworkReply*)) ); connect( manager, SIGNAL(sslErrors(QNetworkReply*,QList<QSslError>)), SLOT(sslErrors(QNetworkReply*,QList<QSslError>)) ); if( !Application::confValue( Application::ProxyHost ).toString().isEmpty() ) { manager->setProxy( QNetworkProxy( QNetworkProxy::HttpProxy, Application::confValue( Application::ProxyHost ).toString(), Application::confValue( Application::ProxyPort ).toUInt(), Application::confValue( Application::ProxyUser ).toString(), Application::confValue( Application::ProxyPass ).toString() ) ); } if( !Application::confValue( Application::PKCS12Disable ).toBool() ) { QSslConfiguration ssl = QSslConfiguration::defaultConfiguration(); ssl.setCaCertificates( ssl.caCertificates() #ifdef Q_OS_LINUX << QSslCertificate::fromPath( "/usr/share/esteid/certs/*.crt", QSsl::Pem, QRegExp::Wildcard ) #endif << QSslCertificate( "-----BEGIN CERTIFICATE-----\n" "MIIEOzCCAyOgAwIBAgIBADANBgkqhkiG9w0BAQUFADB2MQswCQYDVQQGEwJFRTEi\n" "MCAGA1UEChMZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEeMBwGA1UECxMVU0sg\n" "c2VydmljZXMgYWNjZXNzIENBMSMwIQYDVQQDExpTSyBzZXJ2aWNlcyBhY2Nlc3Mg\n" "Q0EgMjAxMDAeFw0xMDAyMDcxNTIxMTBaFw0xOTEyMTcxNTIxMTBaMHYxCzAJBgNV\n" "BAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMR4wHAYD\n" "VQQLExVTSyBzZXJ2aWNlcyBhY2Nlc3MgQ0ExIzAhBgNVBAMTGlNLIHNlcnZpY2Vz\n" "IGFjY2VzcyBDQSAyMDEwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n" "tkjCB8PkmDQRdtjbKDMJj5k6LPpFP3IUD+nCAHVhrpmU8FY3CfS/zBaFCnSlOxP3\n" "TZYlccBz5hcc7lSHSVxsVinW79aw/Sp4sUNVlhqB18UThHrdQiWznjQeOROpjjMo\n" "3WyW2lWlM3semodOSgD8ssSOUtHBeDLsHFdNrVuz6S1y2ulrfezcnDwrGOtWyYca\n" "MZzJZZbNA3cc6mXbvihkYv11o0yFdDrDatzjEVx2KrBaSDej2aPo9gES7tDNpByz\n" "e/hbH1exhc+YZybQ0/odx8N/oiygfjym2OnLFlmArsNPd97mVc6VqA2/Aj68xZN9\n" "pjZDIXF3IUCVX6rYyGhuIwIDAQABo4HTMIHQMB0GA1UdDgQWBBR3Mky/Mx9AxVx+\n" "gsoZmtw6kgnpnzCBoAYDVR0jBIGYMIGVgBR3Mky/Mx9AxVx+gsoZmtw6kgnpn6F6\n" "pHgwdjELMAkGA1UEBhMCRUUxIjAgBgNVBAoTGUFTIFNlcnRpZml0c2VlcmltaXNr\n" "ZXNrdXMxHjAcBgNVBAsTFVNLIHNlcnZpY2VzIGFjY2VzcyBDQTEjMCEGA1UEAxMa\n" "U0sgc2VydmljZXMgYWNjZXNzIENBIDIwMTCCAQAwDAYDVR0TBAUwAwEB/zANBgkq\n" "hkiG9w0BAQUFAAOCAQEASqQRnFdJ5iYTcK1Q98BQsJ097yI/Zp9E8aiZcd+011dK\n" "jcoRMDlnET3SIxeLN5x6FibiDjt1HvSbRHUy+z1XpfzApFBEkV7S56WwWcEm6ni1\n" "dRM8Qcpk+fC2ARHf4MxfdVt7488/27/tFs3RjVXyKL8x2xPU4xzVuD22qdoAXohJ\n" "r7TaVDpk5wpHDCAaQX0LaPaibfW4532iGqG/oFsZo9SiS16qjZ5Aiq0NVhoebZWS\n" "LwRnmCfkc8bA6RmtPFXR6hWAxfsb8nlZjisA+TDkyXEkCLEcABLgrwLbwq7K2xAR\n" "k1ZVHmBoFUaMz7JoF4ZVjqwWJ7qlCwie6syR3ZPu9Q==\n" "-----END CERTIFICATE-----\n" ) << QSslCertificate( "-----BEGIN CERTIFICATE-----\n" "MIIERzCCAy+gAwIBAgIJAIHRdBWILIw0MA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV\n" "BAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMR4wHAYD\n" "VQQLExVTSyBzZXJ2aWNlcyBhY2Nlc3MgQ0ExKDAmBgNVBAMTH1NLIFRFU1Qgc2Vy\n" "dmljZXMgYWNjZXNzIENBIDIwMTIwHhcNMTIwODIzMTEzNTMwWhcNMjIwMzI0MTEz\n" "NTMwWjB7MQswCQYDVQQGEwJFRTEiMCAGA1UEChMZQVMgU2VydGlmaXRzZWVyaW1p\n" "c2tlc2t1czEeMBwGA1UECxMVU0sgc2VydmljZXMgYWNjZXNzIENBMSgwJgYDVQQD\n" "Ex9TSyBURVNUIHNlcnZpY2VzIGFjY2VzcyBDQSAyMDEyMIIBIjANBgkqhkiG9w0B\n" "AQEFAAOCAQ8AMIIBCgKCAQEArqkc1v13VAPcM3adjJ5jF/sgOkbzWruooVgDwevA\n" "7e4lOmUle2ZnrCJXlKf7NDQHg3RWrq04MlUOYak2AFhOo4S/V0LVwvUDt+FCSAwy\n" "E8FxK6c3HlrwmxWqOCGRVCB3/BrmNouR54ieqMEx7dayoyYfBLvyiSlzZSxoW55O\n" "ENhgsfPuypAQyuhYab+R65yEtr6sIPJZH2eqGtfWMoaHUAuyOZCfyMFFC1RJ1ymj\n" "azTRcGFXYtDALf5W/tPUhLJlPE5v6zwRR8Xnzgjohsgnv2aJYHa1e/tT9m+Z9CWA\n" "BRaz05qjA5N5zEj7Qs9BN5lo07VLgBuSYMl6dsiDU4VfowIDAQABo4HNMIHKMA8G\n" "A1UdEwEB/wQFMAMBAf8wgZcGA1UdIwSBjzCBjKF/pH0wezELMAkGA1UEBhMCRUUx\n" "IjAgBgNVBAoTGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxHjAcBgNVBAsTFVNL\n" "IHNlcnZpY2VzIGFjY2VzcyBDQTEoMCYGA1UEAxMfU0sgVEVTVCBzZXJ2aWNlcyBh\n" "Y2Nlc3MgQ0EgMjAxMoIJAIHRdBWILIw0MB0GA1UdDgQWBBQRxbVGxjXI+bcya5iK\n" "4AW3oXjBrDANBgkqhkiG9w0BAQUFAAOCAQEAHqQ1FiZA1u8Qf1SHSZGpgjmy221x\n" "DkJ+gYNE0XRDbQ0G0FgqV8peHpIKxEYMGWVCNGRSIenyUYJDVqFMrqMZb1TaYYEg\n" "Mb5+u3aQpyp9gz3YGh45fvh73M/Pko4WjTsOaIJpXHzGZOSktiuVyEfEkRAupUhY\n" "7S4gJwPg6RIQXu/FfVCMtNyJliM/5Rz3+NeoLzZw4MVmjQGX0fxXDmVcbSkATqSx\n" "EV/PbuITu7jOJuDLEr5IpfJPgfl3vBYr2PSo5/2kypth0jikr4TVbGqLFlvU1DaH\n" "eswmlJbTv3u3juaJ1M6vHyPHX+diK7MUEAkETxlx0HUl0hbIgenvsjSdYA==\n" "-----END CERTIFICATE-----\n" ) << QSslCertificate( "-----BEGIN CERTIFICATE-----\n" "MIID5TCCAs2gAwIBAgIES7MTKDANBgkqhkiG9w0BAQUFADBdMRgwFgYJKoZIhvcN\n" "AQkBFglwa2lAc2suZWUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZp\n" "dHNlZXJpbWlza2Vza3VzMRAwDgYDVQQDEwdKdXVyLVNLMB4XDTEwMDMzMTA5MTcy\n" "OFoXDTE2MDgyNjE0MjMwMVowbTELMAkGA1UEBhMCRUUxIjAgBgNVBAoTGUFTIFNl\n" "cnRpZml0c2VlcmltaXNrZXNrdXMxITAfBgNVBAsTGFNlcnRpZml0c2VlcmltaXN0\n" "ZWVudXNlZDEXMBUGA1UEAxMOS0xBU1MzLVNLIDIwMTAwggEiMA0GCSqGSIb3DQEB\n" "AQUAA4IBDwAwggEKAoIBAQCrlaYRX2v89k8Hd0ADaOfnUcIn7iM6aOXkAR+jp582\n" "7ZhDqDyNddF9ZUoBgPghGNIrkHbH7qwex39YnI0ka24lCjcwEMvQMPbyPnX/a4Ry\n" "J+wEZttmjBl++FfrZK54L+vD7Dyy4YYB0Og9ktB4qptsDBj+giiv/MGPeGeNs3Ta\n" "cJdNb7+3splTPtPKlDfrufvq4H6jNOv9S9bC+j2VVY9uCFXUro8AA3hoOEKJdSjl\n" "pYCa51N8KGLVJYRuc/K81xqi054Jz+Cy/HY/AcXkk2JkxlpJoEXmcuTkxjO/QE/X\n" "bd+mRJHnq6+HurOiKcxKwZCPAa+d+dvRPkbyq9ohMXH9AgMBAAGjgZwwgZkwEgYD\n" "VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAcYwMwYDVR0fBCwwKjAooCag\n" "JIYiaHR0cDovL3d3dy5zay5lZS9jcmxzL2p1dXIvY3JsLmNybDAfBgNVHSMEGDAW\n" "gBQEqnpHo+SJrxrPCkCnGD9v7+l9vjAdBgNVHQ4EFgQUXXUUEYz0pY5Cj3uyQESj\n" "7tZ6O3IwDQYJKoZIhvcNAQEFBQADggEBADFuAGtSoO8PsWRw/QxFzc5EZtbq2KXC\n" "9yZ8YQPWBLY4Mh3OVLFJqWyKC+8JHy9D5tJTG49F5UHyDJPufD/XvC2rjRlkqvS/\n" "W7sy3MqGh7e+6bg+aD4mo+98Oalnqi12UD+ki+N8JKPXjHNJ31AvH6E/xDsCsvtz\n" "ubylxI+FU8R0XODIUFbBqRtatRI1/zVaKRhD6LNGPt3rz/3IJKmuEv6b29mzL+p4\n" "oNULqpPr6aTmheZme8ZHuEIh3Zp5kdoX3i2D4hsmgClpevZifo196zeKRLk0Qs6n\n" "mRjoMxyk6jYIric3/VnV81oyhXSBY1GZnbM4qP1w2S5kSA2bb1pkwFo=\n" "-----END CERTIFICATE-----\n")); ssl.setPrivateKey( AccessCert::key() ); ssl.setLocalCertificate( AccessCert::cert() ); request.setSslConfiguration( ssl ); } request.setHeader( QNetworkRequest::ContentTypeHeader, "text/xml" ); request.setRawHeader( "User-Agent", QString( "%1/%2 (%3)") .arg( qApp->applicationName() ).arg( qApp->applicationVersion() ).arg( Common::applicationOs() ).toUtf8() ); }
void WebSocketQt::setupSocketWithSSLDataSource(SSLDataSource * dataSource) { QSslConfiguration config; QFile localFile(WebSocketQt::toString(dataSource->clientLocalCertificateFilePath())); if (localFile.open(QIODevice::ReadOnly)) { QSslCertificate cert(localFile.readAll()); localFile.close(); if (cert.isNull()) { #ifdef FAYECPP_DEBUG_MESSAGES qDebug() << "SocketQT: LocalCertificate is NULL"; #endif } else { config.setLocalCertificate(cert); } } QFile keyFile(WebSocketQt::toString(dataSource->clientPrivateKeyFilePath())); if (keyFile.open(QIODevice::ReadOnly)) { QByteArray pp; pp.append(WebSocketQt::toString(dataSource->clientPrivateKeyPassPhrase())); QSslKey key(keyFile.readAll(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey, pp); pp.clear(); keyFile.close(); if (key.isNull()) { #ifdef FAYECPP_DEBUG_MESSAGES qDebug() << "SocketQT: PrivateKey is NULL"; #endif } else { config.setPrivateKey(key); } } QFile caFile(WebSocketQt::toString(dataSource->clientCACertificateFilePath())); if (caFile.open(QIODevice::ReadOnly)) { QSslCertificate cert(caFile.readAll()); caFile.close(); if (cert.isNull()) { #ifdef FAYECPP_DEBUG_MESSAGES qDebug() << "SocketQT: CACertificate is NULL"; #endif } else { QList<QSslCertificate> caList(config.caCertificates()); caList.append(cert); config.setCaCertificates(caList); } } _socket->setSslConfiguration(config); }
void Ssu::sendRegistration(QString usernameDomain, QString password){ errorFlag = false; QString ssuCaCertificate, ssuRegisterUrl; QString username, domainName; SsuLog *ssuLog = SsuLog::instance(); SsuCoreConfig *settings = SsuCoreConfig::instance(); // Username can include also domain, (user@domain), separate those if (usernameDomain.contains('@')) { // separate domain/username and set domain username = usernameDomain.section('@', 0, 0); domainName = usernameDomain.section('@', 1, 1); setDomain(domainName); } else { // No domain defined username = usernameDomain; } if (!settings->contains("ca-certificate")){ setError("CA certificate for SSU not set (config key 'ca-certificate')"); return; } else ssuCaCertificate = settings->value("ca-certificate").toString(); if (!settings->contains("register-url")){ ssuRegisterUrl = repoUrl("register-url"); if (ssuRegisterUrl.isEmpty()){ setError("URL for SSU registration not set (config key 'register-url')"); return; } } else ssuRegisterUrl = settings->value("register-url").toString(); QString IMEI = deviceInfo.deviceUid(); if (IMEI == ""){ setError("No valid UID available for your device. For phones: is your modem online?"); return; } QSslConfiguration sslConfiguration; if (!useSslVerify()) sslConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone); sslConfiguration.setCaCertificates(QSslCertificate::fromPath(ssuCaCertificate)); QNetworkRequest request; request.setUrl(QUrl(QString(ssuRegisterUrl) .arg(IMEI) )); request.setSslConfiguration(sslConfiguration); request.setRawHeader("Authorization", "Basic " + QByteArray(QString("%1:%2") .arg(username).arg(password) .toAscii()).toBase64()); request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded"); QUrl form; form.addQueryItem("protocolVersion", SSU_PROTOCOL_VERSION); form.addQueryItem("deviceModel", deviceInfo.deviceModel()); if (!domain().isEmpty()){ form.addQueryItem("domain", domain()); } qDebug() << "Sending request to " << request.url(); qDebug() << form.encodedQueryItems(); QNetworkReply *reply; pendingRequests++; reply = manager->post(request, form.encodedQuery()); // we could expose downloadProgress() from reply in case we want progress info QString homeUrl = settings->value("home-url").toString().arg(username); if (!homeUrl.isEmpty()){ // clear header, the other request bits are reusable request.setHeader(QNetworkRequest::ContentTypeHeader, 0); request.setUrl(homeUrl + "/authorized_keys"); ssuLog->print(LOG_DEBUG, QString("Trying to get SSH keys from %1").arg(request.url().toString())); pendingRequests++; manager->get(request); } }
void Ssu::updateCredentials(bool force){ SsuCoreConfig *settings = SsuCoreConfig::instance(); errorFlag = false; SsuLog *ssuLog = SsuLog::instance(); if (deviceInfo.deviceUid() == ""){ setError("No valid UID available for your device. For phones: is your modem online?"); return; } QString ssuCaCertificate, ssuCredentialsUrl; if (!settings->contains("ca-certificate")){ setError("CA certificate for SSU not set (config key 'ca-certificate')"); return; } else ssuCaCertificate = settings->value("ca-certificate").toString(); if (!settings->contains("credentials-url")){ ssuCredentialsUrl = repoUrl("credentials-url"); if (ssuCredentialsUrl.isEmpty()){ setError("URL for credentials update not set (config key 'credentials-url')"); return; } } else ssuCredentialsUrl = settings->value("credentials-url").toString(); if (!isRegistered()){ setError("Device is not registered."); return; } if (!force){ // skip updating if the last update was less than 30 minutes ago QDateTime now = QDateTime::currentDateTime(); if (settings->contains("lastCredentialsUpdate")){ QDateTime last = settings->value("lastCredentialsUpdate").toDateTime(); if (last >= now.addSecs(-1800)){ ssuLog->print(LOG_DEBUG, QString("Skipping credentials update, last update was at %1") .arg(last.toString())); emit done(); return; } } } // check when the last update was, decide if an update is required QSslConfiguration sslConfiguration; if (!useSslVerify()) sslConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone); QSslKey privateKey(settings->value("privateKey").toByteArray(), QSsl::Rsa); QSslCertificate certificate(settings->value("certificate").toByteArray()); QList<QSslCertificate> caCertificates; caCertificates << QSslCertificate::fromPath(ssuCaCertificate); sslConfiguration.setCaCertificates(caCertificates); sslConfiguration.setPrivateKey(privateKey); sslConfiguration.setLocalCertificate(certificate); QNetworkRequest request; request.setUrl(QUrl(ssuCredentialsUrl.arg(deviceInfo.deviceUid()))); ssuLog->print(LOG_DEBUG, QString("Sending credential update request to %1") .arg(request.url().toString())); request.setSslConfiguration(sslConfiguration); pendingRequests++; manager->get(request); }
void Server::update() { if (!((! qsRegName.isEmpty()) && (! qsRegName.isEmpty()) && (! qsRegPassword.isEmpty()) && qurlRegWeb.isValid() && qsPassword.isEmpty() && bAllowPing)) return; // When QNAM distinguishes connections by client cert, move this to Meta if (! qnamNetwork) qnamNetwork = new QNetworkAccessManager(this); qtTick.start(1000 * (60 * 60 + (qrand() % 300))); QDomDocument doc; QDomElement root=doc.createElement(QLatin1String("server")); doc.appendChild(root); OSInfo::fillXml(doc, root, meta->qsOS, meta->qsOSVersion, qlBind); QDomElement tag; QDomText t; tag=doc.createElement(QLatin1String("name")); root.appendChild(tag); t=doc.createTextNode(qsRegName); tag.appendChild(t); tag=doc.createElement(QLatin1String("host")); root.appendChild(tag); t=doc.createTextNode(qsRegHost); tag.appendChild(t); tag=doc.createElement(QLatin1String("password")); root.appendChild(tag); t=doc.createTextNode(qsRegPassword); tag.appendChild(t); tag=doc.createElement(QLatin1String("port")); root.appendChild(tag); t=doc.createTextNode(QString::number(usPort)); tag.appendChild(t); tag=doc.createElement(QLatin1String("url")); root.appendChild(tag); t=doc.createTextNode(qurlRegWeb.toString()); tag.appendChild(t); tag=doc.createElement(QLatin1String("digest")); root.appendChild(tag); t=doc.createTextNode(getDigest()); tag.appendChild(t); tag=doc.createElement(QLatin1String("users")); root.appendChild(tag); t=doc.createTextNode(QString::number(qhUsers.count())); tag.appendChild(t); tag=doc.createElement(QLatin1String("channels")); root.appendChild(tag); t=doc.createTextNode(QString::number(qhChannels.count())); tag.appendChild(t); QNetworkRequest qnr(QUrl(QLatin1String("https://mumble.hive.no/register.cgi"))); qnr.setHeader(QNetworkRequest::ContentTypeHeader, QLatin1String("text/xml")); QSslConfiguration ssl = qnr.sslConfiguration(); ssl.setLocalCertificate(qscCert); ssl.setPrivateKey(qskKey); /* Work around bug in QSslConfiguration */ QList<QSslCertificate> calist = ssl.caCertificates(); calist << QSslSocket::defaultCaCertificates(); calist << qscCert; ssl.setCaCertificates(calist); qnr.setSslConfiguration(ssl); QNetworkReply *rep = qnamNetwork->post(qnr, doc.toString().toUtf8()); connect(rep, SIGNAL(finished()), this, SLOT(finished())); connect(rep, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(regSslError(const QList<QSslError> &))); }