void NetworkAccessManager::loadSettings()
{
QSettings settings;
settings.beginGroup(QLatin1String("proxy"));
QNetworkProxy proxy;
if (settings.value(QLatin1String("enabled"), false).toBool()) {
if (settings.value(QLatin1String("type"), 0).toInt() == 0)
proxy.setType(QNetworkProxy::Socks5Proxy);
else
proxy.setType(QNetworkProxy::HttpProxy);
proxy.setHostName(settings.value(QLatin1String("hostName")).toString());
proxy.setPort(settings.value(QLatin1String("port"), 1080).toInt());
proxy.setUser(settings.value(QLatin1String("userName")).toString());
proxy.setPassword(settings.value(QLatin1String("password")).toString());
}
setProxy(proxy);
settings.endGroup();
#ifndef QT_NO_OPENSSL
QSslConfiguration sslCfg = QSslConfiguration::defaultConfiguration();
QList<QSslCertificate> ca_list = sslCfg.caCertificates();
QList<QSslCertificate> ca_new = QSslCertificate::fromData(settings.value(QLatin1String("CaCertificates")).toByteArray());
ca_list += ca_new;
sslCfg.setCaCertificates(ca_list);
QSslConfiguration::setDefaultConfiguration(sslCfg);
#endif
}
BluecherryApp::BluecherryApp()
: nam(new QNetworkAccessManager(this)), liveView(new LiveViewManager(this)),
globalRate(new TransferRateCalculator(this)), m_updateChecker(0),
m_livePaused(false), m_inPauseQuery(false),
m_screensaverInhibited(false), m_screensaveValue(0)
{
Q_ASSERT(!bcApp);
bcApp = this;
m_serverRepository = new DVRServerRepository(this);
connect(qApp, SIGNAL(aboutToQuit()), SLOT(aboutToQuit()));
appIcon.addFile(QLatin1String(":/icons/icon16.png"));
appIcon.addFile(QLatin1String(":/icons/icon32.png"));
appIcon.addFile(QLatin1String(":/icons/icon64.png"));
appIcon.addFile(QLatin1String(":/icons/bluecherry-client.png"));
qApp->setWindowIcon(appIcon);
connect(nam, SIGNAL(sslErrors(QNetworkReply*,QList<QSslError>)), SLOT(sslErrors(QNetworkReply*,QList<QSslError>)));
/* Don't use the system CAs to verify certificates */
QSslConfiguration sslConfig = QSslConfiguration::defaultConfiguration();
sslConfig.setCaCertificates(QList<QSslCertificate>());
#if QT_VERSION >= 0x040800
/* SNI breaks connections (before sslError, even) when the hostname does
* not match the server. */
sslConfig.setSslOption(QSsl::SslOptionDisableServerNameIndication, true);
#endif
QSslConfiguration::setDefaultConfiguration(sslConfig);
loadServers();
if (shouldAddLocalServer())
addLocalServer();
autoConnectServers();
sendSettingsChanged();
m_updateChecker = new UpdateChecker(nam, this);
connect(m_updateChecker, SIGNAL(newVersionAvailable(Version)), this, SLOT(newVersionAvailable(Version)));
QSettings settings;
if (!settings.value(QLatin1String("ui/disableUpdateNotifications"), false).toBool())
{
startUpdateChecker();
}
m_mediaDownloadManager = new MediaDownloadManager(this);
m_mediaDownloadManager->setCookieJar(nam->cookieJar());
m_eventDownloadManager = new EventDownloadManager(this);
connect(m_serverRepository, SIGNAL(serverRemoved(DVRServer*)), m_eventDownloadManager, SLOT(serverRemoved(DVRServer*)));
registerVideoPlayerFactory();
connect(qApp, SIGNAL(commitDataRequest(QSessionManager&)), this, SLOT(commitDataRequest(QSessionManager&)));
connect(qApp, SIGNAL(aboutToQuit()), this, SLOT(saveSettings()));
}
void OAuthWebViewHandler::addHighFidelityRootCAToSSLConfig() {
QSslConfiguration sslConfig = QSslConfiguration::defaultConfiguration();
// add the High Fidelity root CA to the list of trusted CA certificates
QByteArray highFidelityCACertificate(HIGH_FIDELITY_CA, sizeof(HIGH_FIDELITY_CA));
sslConfig.setCaCertificates(sslConfig.caCertificates() + QSslCertificate::fromData(highFidelityCACertificate));
// set the modified configuration
QSslConfiguration::setDefaultConfiguration(sslConfig);
}
LoginTester::LoginTester(QString username,
QString password,
int maxcount,
QWidget *parent) :
QDialog(parent, Qt::FramelessWindowHint),
ui(new Ui::LoginTester)
{
ui->setupUi(this);
ui->button->hide();
// Initialisieren der Variablen
tryCounter = 0;
this->maxTries = maxcount;
this->username = username;
this->password = password;
// Initialisieren des NetworkManagers und der Slots
manager = new QNetworkAccessManager(qApp);
QFile cert(":/certs/l2p");
cert.open(QFile::ReadOnly);
QList<QSslCertificate> newCertificates = QSslCertificate::fromData(cert.readAll(),QSsl::Der);
cert.close();
QSslCertificate newCertificate = newCertificates.first();
QFile cert2(":/certs/utn");
cert2.open(QFile::ReadOnly);
QList<QSslCertificate> newCertificates2 = QSslCertificate::fromData(cert2.readAll(),QSsl::Der);
cert2.close();
QSslCertificate newCertificate2 = newCertificates2.first();
QFile cert3(":/certs/ssl");
cert3.open(QFile::ReadOnly);
QList<QSslCertificate> newCertificates3 = QSslCertificate::fromData(cert3.readAll(),QSsl::Der);
cert3.close();
QSslCertificate newCertificate3 = newCertificates3.first();
QSslConfiguration newSslConfiguration = QSslConfiguration::defaultConfiguration();
newCertificates = newSslConfiguration.caCertificates();
newCertificates.append(newCertificate);
newCertificates.append(newCertificate2);
newCertificates.append(newCertificate3);
newSslConfiguration.setCaCertificates(newCertificates);
QSslConfiguration::setDefaultConfiguration(newSslConfiguration);
QSslConfiguration newSslConfiguration2 = QSslConfiguration::defaultConfiguration();
newCertificates2 = newSslConfiguration2.caCertificates();
foreach (QSslCertificate c, newCertificates2)
{
QStringList list = QStringList(c.subjectInfo(QSslCertificate::CommonName));
for(QStringList::iterator i = list.begin(); i != list.end(); i++){
qDebug(i->toLatin1());
}
}
void NetworkAccessManager::sslErrors(QNetworkReply *reply, const QList<QSslError> &error)
{
BrowserMainWindow *mainWindow = BrowserApplication::instance()->mainWindow();
QSettings settings;
QList<QSslCertificate> ca_merge = QSslCertificate::fromData(settings.value(QLatin1String("CaCertificates")).toByteArray());
QList<QSslCertificate> ca_new;
QStringList errorStrings;
for (int i = 0; i < error.count(); ++i) {
if (ca_merge.contains(error.at(i).certificate()))
continue;
errorStrings += error.at(i).errorString();
if (!error.at(i).certificate().isNull()) {
ca_new.append(error.at(i).certificate());
}
}
if (errorStrings.isEmpty()) {
reply->ignoreSslErrors();
return;
}
QString errors = errorStrings.join(QLatin1String("\n"));
int ret = QMessageBox::warning(mainWindow, QCoreApplication::applicationName(),
tr("SSL Errors:\n\n%1\n\n%2\n\n"
"Do you want to ignore these errors?").arg(reply->url().toString()).arg(errors),
QMessageBox::Yes | QMessageBox::No,
QMessageBox::No);
if (ret == QMessageBox::Yes) {
if (ca_new.count() > 0) {
ret = QMessageBox::question(mainWindow, QCoreApplication::applicationName(),
tr("Do you want to accept all these certificates?"),
QMessageBox::Yes | QMessageBox::No, QMessageBox::No);
if (ret == QMessageBox::Yes) {
ca_merge += ca_new;
QSslConfiguration sslCfg = QSslConfiguration::defaultConfiguration();
QList<QSslCertificate> ca_list = sslCfg.caCertificates();
ca_list += ca_new;
sslCfg.setCaCertificates(ca_list);
QSslConfiguration::setDefaultConfiguration(sslCfg);
reply->setSslConfiguration(sslCfg);
QByteArray pems;
for (int i = 0; i < ca_merge.count(); ++i)
pems += ca_merge.at(i).toPem() + '\n';
settings.setValue(QLatin1String("CaCertificates"), pems);
}
}
reply->ignoreSslErrors();
}
}
void NetworkAccessManager::loadSettings()
{
QSettings settings;
settings.beginGroup(QLatin1String("proxy"));
QNetworkProxy proxy;
if (settings.value(QLatin1String("enabled"), false).toBool()) {
int proxyType = settings.value(QLatin1String("type"), 0).toInt();
if (proxyType == 0)
proxy = QNetworkProxy::Socks5Proxy;
else if (proxyType == 1)
proxy = QNetworkProxy::HttpProxy;
else { // 2
proxy.setType(QNetworkProxy::HttpCachingProxy);
#if QT_VERSION >= 0x040500
proxy.setCapabilities(QNetworkProxy::CachingCapability | QNetworkProxy::HostNameLookupCapability);
#endif
}
proxy.setHostName(settings.value(QLatin1String("hostName")).toString());
proxy.setPort(settings.value(QLatin1String("port"), 1080).toInt());
proxy.setUser(settings.value(QLatin1String("userName")).toString());
proxy.setPassword(settings.value(QLatin1String("password")).toString());
}
#if QT_VERSION >= 0x040500
NetworkProxyFactory *proxyFactory = new NetworkProxyFactory;
if (proxy.type() == QNetworkProxy::HttpCachingProxy) {
proxyFactory->setHttpProxy(proxy);
proxyFactory->setGlobalProxy(QNetworkProxy::DefaultProxy);
} else {
proxyFactory->setHttpProxy(QNetworkProxy::DefaultProxy);
proxyFactory->setGlobalProxy(proxy);
}
setProxyFactory(proxyFactory);
#else
setProxy(proxy);
#endif
settings.endGroup();
#ifndef QT_NO_OPENSSL
QSslConfiguration sslCfg = QSslConfiguration::defaultConfiguration();
QList<QSslCertificate> ca_list = sslCfg.caCertificates();
QList<QSslCertificate> ca_new = QSslCertificate::fromData(settings.value(QLatin1String("CaCertificates")).toByteArray());
ca_list += ca_new;
sslCfg.setCaCertificates(ca_list);
QSslConfiguration::setDefaultConfiguration(sslCfg);
#endif
settings.beginGroup(QLatin1String("network"));
QStringList acceptList = settings.value(QLatin1String("acceptLanguages"),
AcceptLanguageDialog::defaultAcceptList()).toStringList();
acceptLanguage = AcceptLanguageDialog::httpString(acceptList);
settings.endGroup();
}
bool KIO::Integration::sslConfigFromMetaData(const KIO::MetaData& metadata, QSslConfiguration& sslconfig)
{
bool success = false;
if (metadata.contains(QL1S("ssl_in_use"))) {
const QSsl::SslProtocol sslProto = qSslProtocolFromString(metadata.value(QL1S("ssl_protocol_version")));
QList<QSslCipher> cipherList;
cipherList << QSslCipher(metadata.value(QL1S("ssl_cipher_name")), sslProto);
sslconfig.setCaCertificates(QSslCertificate::fromData(metadata.value(QL1S("ssl_peer_chain")).toUtf8()));
sslconfig.setCiphers(cipherList);
sslconfig.setProtocol(sslProto);
success = sslconfig.isNull();
}
return success;
}
QJsonDocument Picasa::getJsonDocument(QUrl url){
QNetworkRequest request(url);
request.setSslConfiguration(QSslConfiguration::defaultConfiguration());
// TODO: install ssl certificate maybe solved in qt 5.1
QSslConfiguration sslConfig = request.sslConfiguration();
QList<QSslCertificate> certs = QSslCertificate::fromPath(":/plugins/picasa-download/picasacrt");
sslConfig.setCaCertificates(certs);
request.setSslConfiguration(sslConfig);
QNetworkAccessManager manager;
QNetworkReply *reply = manager.get(request);
QEventLoop loop;
QObject::connect(reply, SIGNAL(finished()), &loop, SLOT(quit()));
loop.exec();
QByteArray rep = reply->readAll();
return QJsonDocument().fromJson(rep);
}
QSslConfiguration Account::getOrCreateSslConfig()
{
if (!_sslConfiguration.isNull()) {
// Will be set by CheckServerJob::finished()
// We need to use a central shared config to get SSL session tickets
return _sslConfiguration;
}
// if setting the client certificate fails, you will probably get an error similar to this:
// "An internal error number 1060 happened. SSL handshake failed, client certificate was requested: SSL error: sslv3 alert handshake failure"
QSslConfiguration sslConfig = QSslConfiguration::defaultConfiguration();
QSslCertificate sslClientCertificate;
ConfigFile cfgFile;
if(!cfgFile.certificatePath().isEmpty() && !cfgFile.certificatePasswd().isEmpty()) {
resultP12ToPem certif = p12ToPem(cfgFile.certificatePath().toStdString(), cfgFile.certificatePasswd().toStdString());
QString s = QString::fromStdString(certif.Certificate);
QByteArray ba = s.toLocal8Bit();
this->setCertificate(ba, QString::fromStdString(certif.PrivateKey));
}
if((!_pemCertificate.isEmpty())&&(!_pemPrivateKey.isEmpty())) {
// Read certificates
QList<QSslCertificate> sslCertificateList = QSslCertificate::fromData(_pemCertificate, QSsl::Pem);
if(sslCertificateList.length() != 0) {
sslClientCertificate = sslCertificateList.takeAt(0);
}
// Read key from file
QSslKey privateKey(_pemPrivateKey.toLocal8Bit(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey , "");
// SSL configuration
sslConfig.setCaCertificates(QSslSocket::systemCaCertificates());
sslConfig.setLocalCertificate(sslClientCertificate);
sslConfig.setPrivateKey(privateKey);
qDebug() << "Added SSL client certificate to the query";
}
#if QT_VERSION > QT_VERSION_CHECK(5, 2, 0)
// Try hard to re-use session for different requests
sslConfig.setSslOption(QSsl::SslOptionDisableSessionTickets, false);
sslConfig.setSslOption(QSsl::SslOptionDisableSessionSharing, false);
sslConfig.setSslOption(QSsl::SslOptionDisableSessionPersistence, false);
#endif
return sslConfig;
}
QPixmap AlbumWidget::getPixmap(QString url){
QByteArray bytes;
QNetworkRequest request(url);
request.setSslConfiguration(QSslConfiguration::defaultConfiguration());
QSslConfiguration sslConfig = request.sslConfiguration();
QList<QSslCertificate> certs = QSslCertificate::fromPath(":/plugins/picasa-download/picasacrt");
sslConfig.setCaCertificates(certs);
request.setSslConfiguration(sslConfig);
QNetworkAccessManager manager;
QNetworkReply *reply = manager.get(request);
QEventLoop loop;
QObject::connect(reply, SIGNAL(finished()), &loop, SLOT(quit()));
loop.exec();
bytes = reply->readAll();
QImage img;
img.loadFromData(bytes);
return QPixmap::fromImage(img.scaledToHeight(32));
}
bool KDSoapUnitTestHelpers::setSslConfiguration()
{
initResource();
// To make SSL work, we need to tell Qt about our local certificate
// Both ways work:
#if 0
QSslConfiguration defaultConfig = QSslConfiguration::defaultConfiguration();
QFile certFile(QString::fromLatin1(":/certs/cacert.pem"));
if (!certFile.open(QIODevice::ReadOnly)) {
qDebug() << "Could not open cacert.pem";
return false;
}
QSslCertificate cert(&certFile);
if (!cert.isValid())
return false;
defaultConfig.setCaCertificates(QList<QSslCertificate>() << cert);
QSslConfiguration::setDefaultConfiguration(defaultConfig);
#endif
QFile certFile(QString::fromLatin1(":/certs/cacert.pem"));
if (!certFile.open(QIODevice::ReadOnly)) {
qDebug() << "Could not open cacert.pem";
return false;
}
QSslCertificate cert(&certFile);
const QDateTime currentTime = QDateTime::currentDateTime();
if (cert.effectiveDate() > currentTime
|| cert.expiryDate() < currentTime) {
qDebug() << "Certificate" << certFile.fileName() << "is not valid";
qDebug() << "It is valid from" << cert.effectiveDate() << "to" << cert.expiryDate();
return false;
}
QSslSocket::addDefaultCaCertificate(cert);
return true;
}
ReceiveCoinsDialog::ReceiveCoinsDialog(const PlatformStyle* platformStyle, QWidget* parent)
: QDialog(parent)
, ui(new Ui::ReceiveCoinsDialog)
, model(0)
, platformStyle(platformStyle)
#if defined(HAVE_WEBENGINE_VIEW) || defined(HAVE_WEBKIT)
, buyView(NULL)
#endif
, buyReceiveAddress(NULL)
, currentAccount(NULL)
{
ui->setupUi(this);
ui->accountRequestPaymentButton->setCursor(Qt::PointingHandCursor);
ui->accountBuyGuldenButton->setCursor(Qt::PointingHandCursor);
ui->accountBuyButton->setCursor(Qt::PointingHandCursor);
ui->accountSaveQRButton->setCursor(Qt::PointingHandCursor);
ui->accountCopyToClipboardButton->setCursor(Qt::PointingHandCursor);
ui->cancelButton->setCursor(Qt::PointingHandCursor);
ui->closeButton->setCursor(Qt::PointingHandCursor);
ui->generateRequestButton->setCursor(Qt::PointingHandCursor);
ui->generateAnotherRequestButton->setCursor(Qt::PointingHandCursor);
connect(ui->accountCopyToClipboardButton, SIGNAL(clicked()), this, SLOT(copyAddressToClipboard()));
connect(ui->accountBuyGuldenButton, SIGNAL(clicked()), this, SLOT(showBuyGuldenDialog()));
connect(ui->accountBuyButton, SIGNAL(clicked()), this, SLOT(buyGulden()));
connect(ui->accountSaveQRButton, SIGNAL(clicked()), this, SLOT(saveQRAsImage()));
connect(ui->accountRequestPaymentButton, SIGNAL(clicked()), this, SLOT(gotoRequestPaymentPage()));
connect(ui->generateAnotherRequestButton, SIGNAL(clicked()), this, SLOT(gotoRequestPaymentPage()));
connect(ui->cancelButton, SIGNAL(clicked()), this, SLOT(cancelRequestPayment()));
connect(ui->closeButton, SIGNAL(clicked()), this, SLOT(cancelRequestPayment()));
connect(ui->generateRequestButton, SIGNAL(clicked()), this, SLOT(generateRequest()));
updateAddress("");
gotoReceievePage();
#ifdef HAVE_WEBENGINE_VIEW
buyView = new WebEngineView(this);
buyView->setAttribute(Qt::WA_TranslucentBackground);
ui->buyGuldenPageLayout->addWidget(buyView);
buyView->show();
ui->loadingAnimationLabel->setObjectName("buy_page_error_text");
#elif defined(HAVE_WEBKIT)
buyView = new WebView(this);
buyView->settings()->setAttribute(QWebSettings::JavascriptEnabled, true);
buyView->settings()->setAttribute(QWebSettings::JavascriptCanOpenWindows, true);
buyView->settings()->setAttribute(QWebSettings::JavascriptCanCloseWindows, true);
buyView->settings()->setAttribute(QWebSettings::PrivateBrowsingEnabled, true);
buyView->settings()->setAttribute(QWebSettings::JavascriptCanAccessClipboard, false);
buyView->settings()->setAttribute(QWebSettings::SpatialNavigationEnabled, true);
buyView->settings()->setAttribute(QWebSettings::LocalContentCanAccessRemoteUrls, true);
buyView->settings()->setAttribute(QWebSettings::DeveloperExtrasEnabled, true);
#ifdef MAC_OSX
QSslConfiguration sslCfg = QSslConfiguration::defaultConfiguration();
QList<QSslCertificate> ca_list = sslCfg.caCertificates();
QList<QSslCertificate> ca_new = QSslCertificate::fromData("CaCertificates");
ca_list += ca_new;
sslCfg.setCaCertificates(ca_list);
sslCfg.setProtocol(QSsl::AnyProtocol);
QSslConfiguration::setDefaultConfiguration(sslCfg);
connect(buyView->page()->networkAccessManager(), SIGNAL(sslErrors(QNetworkReply*, const QList<QSslError>&)), this, SLOT(sslErrorHandler(QNetworkReply*, const QList<QSslError>&)));
#endif
ui->buyGuldenPageLayout->addWidget(buyView);
buyView->show();
ui->loadingAnimationLabel->setObjectName("buy_page_error_text");
#else
ui->accountBuyGuldenButton->setVisible(false);
#endif
}
void resetNetworkRequest(QNetworkRequest * request){
QSslConfiguration config = request->sslConfiguration();
config.setCaCertificates(QSslCertificate::fromPath("../TwitterQT2/trusted rootCAs/*/*",QSsl::Pem,QRegExp::WildcardUnix));
request->setSslConfiguration(config);
}
void OcNetwork::sslErrorHandler(QNetworkReply* rep,const QList<QSslError> &errors)
{
QVariantMap account = config.getAccount();
bool ignoreSSLerrors = false;
if (account["state"].toInt() == 0)
{
ignoreSSLerrors = account["ignoresslerror"].toBool();
}
if (ignoreSSLerrors)
{
rep->ignoreSslErrors();
QLOG_WARN() << "Network: ignore SSL errors";
} else {
foreach (const QSslError &error, errors)
{
QLOG_ERROR() << "Network SSL error: " << error.errorString();
}
// get certificate checksum
QString checksum = QString::fromLatin1(rep->sslConfiguration().peerCertificateChain().last().digest(QCryptographicHash::Md5).toHex().toLower());
// set string for temporary file path
QString filePath(QDir::homePath());
filePath.append(BASE_PATH).append(QDir::separator()).append(checksum).append(".der");
// store server certificate temporary
QFile x509Temp(filePath);
x509Temp.open(QIODevice::WriteOnly);
x509Temp.write(rep->sslConfiguration().peerCertificateChain().last().toDer());
x509Temp.close();
#if defined(MEEGO_EDITION_HARMATTAN)
// set credential
int credSuc = aegis_certman_set_credentials("buschtrommel-ocnews::CertOCNewsSSL");
if (credSuc != 0) qDebug() << "set credential error: " << credSuc;
// open file for X509 struct
FILE * crtFile;
crtFile = fopen(filePath.toAscii().data(), "r");
if (crtFile == NULL) qDebug() << "Can not open cert file.";
X509 * crt;
crt = d2i_X509_fp(crtFile, NULL);
if (crt == NULL) qDebug() << "Error importing X509 Certificate";
// get server key id
aegis_key_id crtKeyId;
aegis_certman_get_key_id(crt, crtKeyId);
// open ssl domain
domain_handle ownDomain;
int openCheck = aegis_certman_open_domain("ssl-ocnews", AEGIS_CERTMAN_DOMAIN_PRIVATE, &ownDomain);
if (openCheck != 0) QLOG_ERROR() << "Network: Error Opening SSL Domain: " << openCheck;
int guiCheck = aegis_certman_gui_check_certificate(crt, 120);
QLOG_INFO() << "Network Certificate check: " << guiCheck;
if (guiCheck == 0)
{
// check if cert is already in domain
X509 * storedCert;
int loadStoredCert = aegis_certman_load_cert(ownDomain, crtKeyId, &storedCert);
if (loadStoredCert == 0 && storedCert != NULL)
{
QLOG_INFO() << "Network Load Cert: " << loadStoredCert;
// convert internal X509 structure to DER
int len;
unsigned char *buf;
buf = NULL;
len = i2d_X509(storedCert, &buf);
if (len > 0) {
// create Qt Certificate from buffer
QByteArray buffer(reinterpret_cast<const char*>(buf), len);
QSslCertificate sslCert(buffer, QSsl::Der);
// create list and append cert
QList<QSslCertificate> sslCerts;
sslCerts.append(sslCert);
// put ssl into ssl error for ignored errors
QSslError sslError(QSslError::SelfSignedCertificate, sslCerts.at(0));
QList<QSslError> expectedSslErrors;
expectedSslErrors.append(sslError);
// add certificate to socket and current configuration
QSslSocket::addDefaultCaCertificates(sslCerts);
QList<QSslCipher> ciphers = rep->sslConfiguration().ciphers();
QSslConfiguration sslConfig;
sslConfig.setCiphers(ciphers);
sslConfig.setCaCertificates(sslCerts);
rep->setSslConfiguration(sslConfig);
// ignore only this ssl error
rep->ignoreSslErrors(expectedSslErrors);
} else {
QLOG_ERROR() << "Network: Can not decode cert to DER.";
}
} else {
int addCheck = aegis_certman_add_cert(ownDomain, crt);
QLOG_INFO() << "Network Add Cert: " << addCheck;
// convert internal X509 structure to DER
int len;
unsigned char *buf;
buf = NULL;
len = i2d_X509(crt, &buf);
if (len > 0) {
// create Qt Certificate from buffer
QByteArray buffer(reinterpret_cast<const char*>(buf), len);
QSslCertificate sslCert(buffer, QSsl::Der);
// create list and append cert
QList<QSslCertificate> sslCerts;
sslCerts.append(sslCert);
// put ssl into ssl error for ignored errors
QSslError sslError(QSslError::SelfSignedCertificate, sslCerts.at(0));
QList<QSslError> expectedSslErrors;
expectedSslErrors.append(sslError);
// add certificate to socket and current configuration
QSslSocket::addDefaultCaCertificates(sslCerts);
QList<QSslCipher> ciphers = rep->sslConfiguration().ciphers();
QSslConfiguration sslConfig;
sslConfig.setCiphers(ciphers);
sslConfig.setCaCertificates(sslCerts);
rep->setSslConfiguration(sslConfig);
// ignore only these ssl error
rep->ignoreSslErrors(expectedSslErrors);
} else {
QLOG_ERROR() << "Network: Can not decode cert to DER.";
}
}
} else {
// remove cert if not approved
int removeCheck = aegis_certman_rm_cert(ownDomain, crtKeyId);
QLOG_INFO() << "Network Remove Cert: " << removeCheck;
}
aegis_certman_close_domain(ownDomain);
x509Temp.remove(); // remove temporary cert file
#else
// rep->ignoreSslErrors();
rep->abort();
QLOG_WARN() << "Abort network operation...";
#endif
}
}
MobileDialog::MobileDialog( QWidget *parent )
: QDialog( parent )
{
mobileResults["START"] = tr("Signing in process");
mobileResults["REQUEST_OK"] = tr("Request accepted");
mobileResults["EXPIRED_TRANSACTION"] = tr("Request timeout");
mobileResults["USER_CANCEL"] = tr("User denied or cancelled");
mobileResults["SIGNATURE"] = tr("Got signature");
mobileResults["OUTSTANDING_TRANSACTION"] = tr("Request pending");
mobileResults["MID_NOT_READY"] = tr("Mobile-ID not ready, try again later");
mobileResults["PHONE_ABSENT"] = tr("Phone absent");
mobileResults["SENDING_ERROR"] = tr("Request sending error");
mobileResults["SIM_ERROR"] = tr("SIM error");
mobileResults["INTERNAL_ERROR"] = tr("Service internal error");
mobileResults["OCSP_UNAUTHORIZED"] = tr("Not allowed to use OCSP service!<br/>Please check your server access sertificate.");
mobileResults["HOSTNOTFOUND"] = tr("Connecting to SK server failed!<br/>Please check your internet connection.");
mobileResults["User is not a Mobile-ID client"] = tr("User is not a Mobile-ID client");
mobileResults["ID and phone number do not match"] = tr("ID and phone number do not match");
mobileResults["Certificate status unknown"] = tr("Your Mobile-ID service is not activated.");
mobileResults["Certificate is revoked"] = tr("Mobile-ID user certificates are revoked or suspended.");
setupUi( this );
code->setBuddy( signProgressBar );
statusTimer = new QTimeLine( signProgressBar->maximum() * 1000, this );
statusTimer->setCurveShape( QTimeLine::LinearCurve );
statusTimer->setFrameRange( signProgressBar->minimum(), signProgressBar->maximum() );
connect( statusTimer, SIGNAL(frameChanged(int)), signProgressBar, SLOT(setValue(int)) );
connect( statusTimer, SIGNAL(finished()), SLOT(endProgress()) );
manager = new QNetworkAccessManager( this );
connect( manager, SIGNAL(finished(QNetworkReply*)), SLOT(finished(QNetworkReply*)) );
connect( manager, SIGNAL(sslErrors(QNetworkReply*,QList<QSslError>)),
SLOT(sslErrors(QNetworkReply*,QList<QSslError>)) );
if( !Application::confValue( Application::ProxyHost ).toString().isEmpty() )
{
manager->setProxy( QNetworkProxy(
QNetworkProxy::HttpProxy,
Application::confValue( Application::ProxyHost ).toString(),
Application::confValue( Application::ProxyPort ).toUInt(),
Application::confValue( Application::ProxyUser ).toString(),
Application::confValue( Application::ProxyPass ).toString() ) );
}
if( !Application::confValue( Application::PKCS12Disable ).toBool() )
{
QSslConfiguration ssl = QSslConfiguration::defaultConfiguration();
ssl.setCaCertificates( ssl.caCertificates()
#ifdef Q_OS_LINUX
<< QSslCertificate::fromPath( "/usr/share/esteid/certs/*.crt", QSsl::Pem, QRegExp::Wildcard )
#endif
<< QSslCertificate( "-----BEGIN CERTIFICATE-----\n"
"MIIEOzCCAyOgAwIBAgIBADANBgkqhkiG9w0BAQUFADB2MQswCQYDVQQGEwJFRTEi\n"
"MCAGA1UEChMZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEeMBwGA1UECxMVU0sg\n"
"c2VydmljZXMgYWNjZXNzIENBMSMwIQYDVQQDExpTSyBzZXJ2aWNlcyBhY2Nlc3Mg\n"
"Q0EgMjAxMDAeFw0xMDAyMDcxNTIxMTBaFw0xOTEyMTcxNTIxMTBaMHYxCzAJBgNV\n"
"BAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMR4wHAYD\n"
"VQQLExVTSyBzZXJ2aWNlcyBhY2Nlc3MgQ0ExIzAhBgNVBAMTGlNLIHNlcnZpY2Vz\n"
"IGFjY2VzcyBDQSAyMDEwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n"
"tkjCB8PkmDQRdtjbKDMJj5k6LPpFP3IUD+nCAHVhrpmU8FY3CfS/zBaFCnSlOxP3\n"
"TZYlccBz5hcc7lSHSVxsVinW79aw/Sp4sUNVlhqB18UThHrdQiWznjQeOROpjjMo\n"
"3WyW2lWlM3semodOSgD8ssSOUtHBeDLsHFdNrVuz6S1y2ulrfezcnDwrGOtWyYca\n"
"MZzJZZbNA3cc6mXbvihkYv11o0yFdDrDatzjEVx2KrBaSDej2aPo9gES7tDNpByz\n"
"e/hbH1exhc+YZybQ0/odx8N/oiygfjym2OnLFlmArsNPd97mVc6VqA2/Aj68xZN9\n"
"pjZDIXF3IUCVX6rYyGhuIwIDAQABo4HTMIHQMB0GA1UdDgQWBBR3Mky/Mx9AxVx+\n"
"gsoZmtw6kgnpnzCBoAYDVR0jBIGYMIGVgBR3Mky/Mx9AxVx+gsoZmtw6kgnpn6F6\n"
"pHgwdjELMAkGA1UEBhMCRUUxIjAgBgNVBAoTGUFTIFNlcnRpZml0c2VlcmltaXNr\n"
"ZXNrdXMxHjAcBgNVBAsTFVNLIHNlcnZpY2VzIGFjY2VzcyBDQTEjMCEGA1UEAxMa\n"
"U0sgc2VydmljZXMgYWNjZXNzIENBIDIwMTCCAQAwDAYDVR0TBAUwAwEB/zANBgkq\n"
"hkiG9w0BAQUFAAOCAQEASqQRnFdJ5iYTcK1Q98BQsJ097yI/Zp9E8aiZcd+011dK\n"
"jcoRMDlnET3SIxeLN5x6FibiDjt1HvSbRHUy+z1XpfzApFBEkV7S56WwWcEm6ni1\n"
"dRM8Qcpk+fC2ARHf4MxfdVt7488/27/tFs3RjVXyKL8x2xPU4xzVuD22qdoAXohJ\n"
"r7TaVDpk5wpHDCAaQX0LaPaibfW4532iGqG/oFsZo9SiS16qjZ5Aiq0NVhoebZWS\n"
"LwRnmCfkc8bA6RmtPFXR6hWAxfsb8nlZjisA+TDkyXEkCLEcABLgrwLbwq7K2xAR\n"
"k1ZVHmBoFUaMz7JoF4ZVjqwWJ7qlCwie6syR3ZPu9Q==\n"
"-----END CERTIFICATE-----\n" )
<< QSslCertificate( "-----BEGIN CERTIFICATE-----\n"
"MIIERzCCAy+gAwIBAgIJAIHRdBWILIw0MA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV\n"
"BAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMR4wHAYD\n"
"VQQLExVTSyBzZXJ2aWNlcyBhY2Nlc3MgQ0ExKDAmBgNVBAMTH1NLIFRFU1Qgc2Vy\n"
"dmljZXMgYWNjZXNzIENBIDIwMTIwHhcNMTIwODIzMTEzNTMwWhcNMjIwMzI0MTEz\n"
"NTMwWjB7MQswCQYDVQQGEwJFRTEiMCAGA1UEChMZQVMgU2VydGlmaXRzZWVyaW1p\n"
"c2tlc2t1czEeMBwGA1UECxMVU0sgc2VydmljZXMgYWNjZXNzIENBMSgwJgYDVQQD\n"
"Ex9TSyBURVNUIHNlcnZpY2VzIGFjY2VzcyBDQSAyMDEyMIIBIjANBgkqhkiG9w0B\n"
"AQEFAAOCAQ8AMIIBCgKCAQEArqkc1v13VAPcM3adjJ5jF/sgOkbzWruooVgDwevA\n"
"7e4lOmUle2ZnrCJXlKf7NDQHg3RWrq04MlUOYak2AFhOo4S/V0LVwvUDt+FCSAwy\n"
"E8FxK6c3HlrwmxWqOCGRVCB3/BrmNouR54ieqMEx7dayoyYfBLvyiSlzZSxoW55O\n"
"ENhgsfPuypAQyuhYab+R65yEtr6sIPJZH2eqGtfWMoaHUAuyOZCfyMFFC1RJ1ymj\n"
"azTRcGFXYtDALf5W/tPUhLJlPE5v6zwRR8Xnzgjohsgnv2aJYHa1e/tT9m+Z9CWA\n"
"BRaz05qjA5N5zEj7Qs9BN5lo07VLgBuSYMl6dsiDU4VfowIDAQABo4HNMIHKMA8G\n"
"A1UdEwEB/wQFMAMBAf8wgZcGA1UdIwSBjzCBjKF/pH0wezELMAkGA1UEBhMCRUUx\n"
"IjAgBgNVBAoTGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxHjAcBgNVBAsTFVNL\n"
"IHNlcnZpY2VzIGFjY2VzcyBDQTEoMCYGA1UEAxMfU0sgVEVTVCBzZXJ2aWNlcyBh\n"
"Y2Nlc3MgQ0EgMjAxMoIJAIHRdBWILIw0MB0GA1UdDgQWBBQRxbVGxjXI+bcya5iK\n"
"4AW3oXjBrDANBgkqhkiG9w0BAQUFAAOCAQEAHqQ1FiZA1u8Qf1SHSZGpgjmy221x\n"
"DkJ+gYNE0XRDbQ0G0FgqV8peHpIKxEYMGWVCNGRSIenyUYJDVqFMrqMZb1TaYYEg\n"
"Mb5+u3aQpyp9gz3YGh45fvh73M/Pko4WjTsOaIJpXHzGZOSktiuVyEfEkRAupUhY\n"
"7S4gJwPg6RIQXu/FfVCMtNyJliM/5Rz3+NeoLzZw4MVmjQGX0fxXDmVcbSkATqSx\n"
"EV/PbuITu7jOJuDLEr5IpfJPgfl3vBYr2PSo5/2kypth0jikr4TVbGqLFlvU1DaH\n"
"eswmlJbTv3u3juaJ1M6vHyPHX+diK7MUEAkETxlx0HUl0hbIgenvsjSdYA==\n"
"-----END CERTIFICATE-----\n" )
<< QSslCertificate( "-----BEGIN CERTIFICATE-----\n"
"MIID5TCCAs2gAwIBAgIES7MTKDANBgkqhkiG9w0BAQUFADBdMRgwFgYJKoZIhvcN\n"
"AQkBFglwa2lAc2suZWUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZp\n"
"dHNlZXJpbWlza2Vza3VzMRAwDgYDVQQDEwdKdXVyLVNLMB4XDTEwMDMzMTA5MTcy\n"
"OFoXDTE2MDgyNjE0MjMwMVowbTELMAkGA1UEBhMCRUUxIjAgBgNVBAoTGUFTIFNl\n"
"cnRpZml0c2VlcmltaXNrZXNrdXMxITAfBgNVBAsTGFNlcnRpZml0c2VlcmltaXN0\n"
"ZWVudXNlZDEXMBUGA1UEAxMOS0xBU1MzLVNLIDIwMTAwggEiMA0GCSqGSIb3DQEB\n"
"AQUAA4IBDwAwggEKAoIBAQCrlaYRX2v89k8Hd0ADaOfnUcIn7iM6aOXkAR+jp582\n"
"7ZhDqDyNddF9ZUoBgPghGNIrkHbH7qwex39YnI0ka24lCjcwEMvQMPbyPnX/a4Ry\n"
"J+wEZttmjBl++FfrZK54L+vD7Dyy4YYB0Og9ktB4qptsDBj+giiv/MGPeGeNs3Ta\n"
"cJdNb7+3splTPtPKlDfrufvq4H6jNOv9S9bC+j2VVY9uCFXUro8AA3hoOEKJdSjl\n"
"pYCa51N8KGLVJYRuc/K81xqi054Jz+Cy/HY/AcXkk2JkxlpJoEXmcuTkxjO/QE/X\n"
"bd+mRJHnq6+HurOiKcxKwZCPAa+d+dvRPkbyq9ohMXH9AgMBAAGjgZwwgZkwEgYD\n"
"VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAcYwMwYDVR0fBCwwKjAooCag\n"
"JIYiaHR0cDovL3d3dy5zay5lZS9jcmxzL2p1dXIvY3JsLmNybDAfBgNVHSMEGDAW\n"
"gBQEqnpHo+SJrxrPCkCnGD9v7+l9vjAdBgNVHQ4EFgQUXXUUEYz0pY5Cj3uyQESj\n"
"7tZ6O3IwDQYJKoZIhvcNAQEFBQADggEBADFuAGtSoO8PsWRw/QxFzc5EZtbq2KXC\n"
"9yZ8YQPWBLY4Mh3OVLFJqWyKC+8JHy9D5tJTG49F5UHyDJPufD/XvC2rjRlkqvS/\n"
"W7sy3MqGh7e+6bg+aD4mo+98Oalnqi12UD+ki+N8JKPXjHNJ31AvH6E/xDsCsvtz\n"
"ubylxI+FU8R0XODIUFbBqRtatRI1/zVaKRhD6LNGPt3rz/3IJKmuEv6b29mzL+p4\n"
"oNULqpPr6aTmheZme8ZHuEIh3Zp5kdoX3i2D4hsmgClpevZifo196zeKRLk0Qs6n\n"
"mRjoMxyk6jYIric3/VnV81oyhXSBY1GZnbM4qP1w2S5kSA2bb1pkwFo=\n"
"-----END CERTIFICATE-----\n"));
ssl.setPrivateKey( AccessCert::key() );
ssl.setLocalCertificate( AccessCert::cert() );
request.setSslConfiguration( ssl );
}
request.setHeader( QNetworkRequest::ContentTypeHeader, "text/xml" );
request.setRawHeader( "User-Agent", QString( "%1/%2 (%3)")
.arg( qApp->applicationName() ).arg( qApp->applicationVersion() ).arg( Common::applicationOs() ).toUtf8() );
}
void WebSocketQt::setupSocketWithSSLDataSource(SSLDataSource * dataSource)
{
QSslConfiguration config;
QFile localFile(WebSocketQt::toString(dataSource->clientLocalCertificateFilePath()));
if (localFile.open(QIODevice::ReadOnly))
{
QSslCertificate cert(localFile.readAll());
localFile.close();
if (cert.isNull())
{
#ifdef FAYECPP_DEBUG_MESSAGES
qDebug() << "SocketQT: LocalCertificate is NULL";
#endif
}
else
{
config.setLocalCertificate(cert);
}
}
QFile keyFile(WebSocketQt::toString(dataSource->clientPrivateKeyFilePath()));
if (keyFile.open(QIODevice::ReadOnly))
{
QByteArray pp;
pp.append(WebSocketQt::toString(dataSource->clientPrivateKeyPassPhrase()));
QSslKey key(keyFile.readAll(),
QSsl::Rsa,
QSsl::Pem,
QSsl::PrivateKey,
pp);
pp.clear();
keyFile.close();
if (key.isNull())
{
#ifdef FAYECPP_DEBUG_MESSAGES
qDebug() << "SocketQT: PrivateKey is NULL";
#endif
}
else
{
config.setPrivateKey(key);
}
}
QFile caFile(WebSocketQt::toString(dataSource->clientCACertificateFilePath()));
if (caFile.open(QIODevice::ReadOnly))
{
QSslCertificate cert(caFile.readAll());
caFile.close();
if (cert.isNull())
{
#ifdef FAYECPP_DEBUG_MESSAGES
qDebug() << "SocketQT: CACertificate is NULL";
#endif
}
else
{
QList<QSslCertificate> caList(config.caCertificates());
caList.append(cert);
config.setCaCertificates(caList);
}
}
_socket->setSslConfiguration(config);
}
void Ssu::sendRegistration(QString usernameDomain, QString password){
errorFlag = false;
QString ssuCaCertificate, ssuRegisterUrl;
QString username, domainName;
SsuLog *ssuLog = SsuLog::instance();
SsuCoreConfig *settings = SsuCoreConfig::instance();
// Username can include also domain, (user@domain), separate those
if (usernameDomain.contains('@')) {
// separate domain/username and set domain
username = usernameDomain.section('@', 0, 0);
domainName = usernameDomain.section('@', 1, 1);
setDomain(domainName);
} else {
// No domain defined
username = usernameDomain;
}
if (!settings->contains("ca-certificate")){
setError("CA certificate for SSU not set (config key 'ca-certificate')");
return;
} else
ssuCaCertificate = settings->value("ca-certificate").toString();
if (!settings->contains("register-url")){
ssuRegisterUrl = repoUrl("register-url");
if (ssuRegisterUrl.isEmpty()){
setError("URL for SSU registration not set (config key 'register-url')");
return;
}
} else
ssuRegisterUrl = settings->value("register-url").toString();
QString IMEI = deviceInfo.deviceUid();
if (IMEI == ""){
setError("No valid UID available for your device. For phones: is your modem online?");
return;
}
QSslConfiguration sslConfiguration;
if (!useSslVerify())
sslConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone);
sslConfiguration.setCaCertificates(QSslCertificate::fromPath(ssuCaCertificate));
QNetworkRequest request;
request.setUrl(QUrl(QString(ssuRegisterUrl)
.arg(IMEI)
));
request.setSslConfiguration(sslConfiguration);
request.setRawHeader("Authorization", "Basic " +
QByteArray(QString("%1:%2")
.arg(username).arg(password)
.toAscii()).toBase64());
request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");
QUrl form;
form.addQueryItem("protocolVersion", SSU_PROTOCOL_VERSION);
form.addQueryItem("deviceModel", deviceInfo.deviceModel());
if (!domain().isEmpty()){
form.addQueryItem("domain", domain());
}
qDebug() << "Sending request to " << request.url();
qDebug() << form.encodedQueryItems();
QNetworkReply *reply;
pendingRequests++;
reply = manager->post(request, form.encodedQuery());
// we could expose downloadProgress() from reply in case we want progress info
QString homeUrl = settings->value("home-url").toString().arg(username);
if (!homeUrl.isEmpty()){
// clear header, the other request bits are reusable
request.setHeader(QNetworkRequest::ContentTypeHeader, 0);
request.setUrl(homeUrl + "/authorized_keys");
ssuLog->print(LOG_DEBUG, QString("Trying to get SSH keys from %1").arg(request.url().toString()));
pendingRequests++;
manager->get(request);
}
}
void Ssu::updateCredentials(bool force){
SsuCoreConfig *settings = SsuCoreConfig::instance();
errorFlag = false;
SsuLog *ssuLog = SsuLog::instance();
if (deviceInfo.deviceUid() == ""){
setError("No valid UID available for your device. For phones: is your modem online?");
return;
}
QString ssuCaCertificate, ssuCredentialsUrl;
if (!settings->contains("ca-certificate")){
setError("CA certificate for SSU not set (config key 'ca-certificate')");
return;
} else
ssuCaCertificate = settings->value("ca-certificate").toString();
if (!settings->contains("credentials-url")){
ssuCredentialsUrl = repoUrl("credentials-url");
if (ssuCredentialsUrl.isEmpty()){
setError("URL for credentials update not set (config key 'credentials-url')");
return;
}
} else
ssuCredentialsUrl = settings->value("credentials-url").toString();
if (!isRegistered()){
setError("Device is not registered.");
return;
}
if (!force){
// skip updating if the last update was less than 30 minutes ago
QDateTime now = QDateTime::currentDateTime();
if (settings->contains("lastCredentialsUpdate")){
QDateTime last = settings->value("lastCredentialsUpdate").toDateTime();
if (last >= now.addSecs(-1800)){
ssuLog->print(LOG_DEBUG, QString("Skipping credentials update, last update was at %1")
.arg(last.toString()));
emit done();
return;
}
}
}
// check when the last update was, decide if an update is required
QSslConfiguration sslConfiguration;
if (!useSslVerify())
sslConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone);
QSslKey privateKey(settings->value("privateKey").toByteArray(), QSsl::Rsa);
QSslCertificate certificate(settings->value("certificate").toByteArray());
QList<QSslCertificate> caCertificates;
caCertificates << QSslCertificate::fromPath(ssuCaCertificate);
sslConfiguration.setCaCertificates(caCertificates);
sslConfiguration.setPrivateKey(privateKey);
sslConfiguration.setLocalCertificate(certificate);
QNetworkRequest request;
request.setUrl(QUrl(ssuCredentialsUrl.arg(deviceInfo.deviceUid())));
ssuLog->print(LOG_DEBUG, QString("Sending credential update request to %1")
.arg(request.url().toString()));
request.setSslConfiguration(sslConfiguration);
pendingRequests++;
manager->get(request);
}
void Server::update() {
if (!((! qsRegName.isEmpty()) && (! qsRegName.isEmpty()) && (! qsRegPassword.isEmpty()) && qurlRegWeb.isValid() && qsPassword.isEmpty() && bAllowPing))
return;
// When QNAM distinguishes connections by client cert, move this to Meta
if (! qnamNetwork)
qnamNetwork = new QNetworkAccessManager(this);
qtTick.start(1000 * (60 * 60 + (qrand() % 300)));
QDomDocument doc;
QDomElement root=doc.createElement(QLatin1String("server"));
doc.appendChild(root);
OSInfo::fillXml(doc, root, meta->qsOS, meta->qsOSVersion, qlBind);
QDomElement tag;
QDomText t;
tag=doc.createElement(QLatin1String("name"));
root.appendChild(tag);
t=doc.createTextNode(qsRegName);
tag.appendChild(t);
tag=doc.createElement(QLatin1String("host"));
root.appendChild(tag);
t=doc.createTextNode(qsRegHost);
tag.appendChild(t);
tag=doc.createElement(QLatin1String("password"));
root.appendChild(tag);
t=doc.createTextNode(qsRegPassword);
tag.appendChild(t);
tag=doc.createElement(QLatin1String("port"));
root.appendChild(tag);
t=doc.createTextNode(QString::number(usPort));
tag.appendChild(t);
tag=doc.createElement(QLatin1String("url"));
root.appendChild(tag);
t=doc.createTextNode(qurlRegWeb.toString());
tag.appendChild(t);
tag=doc.createElement(QLatin1String("digest"));
root.appendChild(tag);
t=doc.createTextNode(getDigest());
tag.appendChild(t);
tag=doc.createElement(QLatin1String("users"));
root.appendChild(tag);
t=doc.createTextNode(QString::number(qhUsers.count()));
tag.appendChild(t);
tag=doc.createElement(QLatin1String("channels"));
root.appendChild(tag);
t=doc.createTextNode(QString::number(qhChannels.count()));
tag.appendChild(t);
QNetworkRequest qnr(QUrl(QLatin1String("https://mumble.hive.no/register.cgi")));
qnr.setHeader(QNetworkRequest::ContentTypeHeader, QLatin1String("text/xml"));
QSslConfiguration ssl = qnr.sslConfiguration();
ssl.setLocalCertificate(qscCert);
ssl.setPrivateKey(qskKey);
/* Work around bug in QSslConfiguration */
QList<QSslCertificate> calist = ssl.caCertificates();
calist << QSslSocket::defaultCaCertificates();
calist << qscCert;
ssl.setCaCertificates(calist);
qnr.setSslConfiguration(ssl);
QNetworkReply *rep = qnamNetwork->post(qnr, doc.toString().toUtf8());
connect(rep, SIGNAL(finished()), this, SLOT(finished()));
connect(rep, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(regSslError(const QList<QSslError> &)));
}
