void QMQTT::ClientPrivate::init(const QString& hostName, const quint16 port, const bool ssl,
const bool ignoreSelfSigned)
{
_hostName = hostName;
_port = port;
if (ssl)
{
#ifndef QT_NO_SSL
QSslConfiguration sslConf = QSslConfiguration::defaultConfiguration();
QList<QSslCertificate> certs = QSslCertificate::fromPath(QStringLiteral("./cert.crt"));
if (!certs.isEmpty())
sslConf.setLocalCertificate(certs.first());
QFile file(QStringLiteral("./cert.key"));
if (file.open(QIODevice::ReadOnly)) {
sslConf.setPrivateKey(QSslKey(file.readAll(), QSsl::Rsa));
}
sslConf.setPeerVerifyMode(QSslSocket::VerifyNone);
#if QT_VERSION < 0x050000
sslConf.setProtocol(QSsl::TlsV1);
#endif
init(hostName, port, sslConf, ignoreSelfSigned);
#else
Q_UNUSED(ignoreSelfSigned)
qCritical() << "SSL not supported in this QT build";
#endif // QT_NO_SSL
}
else
{
init(new Network);
}
}
bool QgsAuthIdentCertMethod::updateNetworkRequest( QNetworkRequest &request, const QString &authcfg,
const QString &dataprovider )
{
Q_UNUSED( dataprovider )
QMutexLocker locker( &mMutex );
// TODO: is this too restrictive, to intercept only HTTPS connections?
if ( request.url().scheme().toLower() != QLatin1String( "https" ) )
{
QgsDebugMsg( QStringLiteral( "Update request SSL config SKIPPED for authcfg %1: not HTTPS" ).arg( authcfg ) );
return true;
}
QgsDebugMsg( QStringLiteral( "Update request SSL config: HTTPS connection for authcfg: %1" ).arg( authcfg ) );
QgsPkiConfigBundle *pkibundle = getPkiConfigBundle( authcfg );
if ( !pkibundle || !pkibundle->isValid() )
{
QgsDebugMsg( QStringLiteral( "Update request SSL config FAILED for authcfg: %1: PKI bundle invalid" ).arg( authcfg ) );
return false;
}
QgsDebugMsg( QStringLiteral( "Update request SSL config: PKI bundle valid for authcfg: %1" ).arg( authcfg ) );
QSslConfiguration sslConfig = request.sslConfiguration();
//QSslConfiguration sslConfig( QSslConfiguration::defaultConfiguration() );
sslConfig.setLocalCertificate( pkibundle->clientCert() );
sslConfig.setPrivateKey( pkibundle->clientCertKey() );
request.setSslConfiguration( sslConfig );
return true;
}
QT_USE_NAMESPACE
//! [constructor]
SslEchoServer::SslEchoServer(quint16 port, QObject *parent) :
QObject(parent),
m_pWebSocketServer(Q_NULLPTR),
m_clients()
{
m_pWebSocketServer = new QWebSocketServer(QStringLiteral("SSL Echo Server"),
QWebSocketServer::SecureMode,
this);
QSslConfiguration sslConfiguration;
QFile certFile(QStringLiteral("./localhost.cert"));
QFile keyFile(QStringLiteral("./localhost.key"));
certFile.open(QIODevice::ReadOnly);
keyFile.open(QIODevice::ReadOnly);
QSslCertificate certificate(&certFile, QSsl::Pem);
QSslKey sslKey(&keyFile, QSsl::Rsa, QSsl::Pem);
certFile.close();
keyFile.close();
sslConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone);
sslConfiguration.setLocalCertificate(certificate);
sslConfiguration.setPrivateKey(sslKey);
sslConfiguration.setProtocol(QSsl::TlsV1SslV3);
m_pWebSocketServer->setSslConfiguration(sslConfiguration);
if (m_pWebSocketServer->listen(QHostAddress::Any, port))
{
qDebug() << "SSL Echo Server listening on port" << port;
connect(m_pWebSocketServer, &QWebSocketServer::newConnection,
this, &SslEchoServer::onNewConnection);
connect(m_pWebSocketServer, &QWebSocketServer::sslErrors,
this, &SslEchoServer::onSslErrors);
}
}
void NetworkManager::sendRequest(ChatUnit *contact, const QString &text)
{
Config config("control");
config.beginGroup("general");
QUrl url = QUrl::fromUserInput(config.value("requestUrl", QString()));
QNetworkRequest request(url);
QSslConfiguration ssl;
ssl.setLocalCertificate(m_localCertificate);
ssl.setPrivateKey(m_privateKey);
request.setSslConfiguration(ssl);
request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");
QByteArray data = "request=" + paranoicEscape(text.toUtf8());
QNetworkReply *reply = QNetworkAccessManager::post(request, data);
connect(contact, SIGNAL(destroyed()), reply, SLOT(deleteLater()));
reply->setProperty("__control_contact", qVariantFromValue(contact));
}
QSslConfiguration Account::getOrCreateSslConfig()
{
if (!_sslConfiguration.isNull()) {
// Will be set by CheckServerJob::finished()
// We need to use a central shared config to get SSL session tickets
return _sslConfiguration;
}
// if setting the client certificate fails, you will probably get an error similar to this:
// "An internal error number 1060 happened. SSL handshake failed, client certificate was requested: SSL error: sslv3 alert handshake failure"
QSslConfiguration sslConfig = QSslConfiguration::defaultConfiguration();
QSslCertificate sslClientCertificate;
ConfigFile cfgFile;
if(!cfgFile.certificatePath().isEmpty() && !cfgFile.certificatePasswd().isEmpty()) {
resultP12ToPem certif = p12ToPem(cfgFile.certificatePath().toStdString(), cfgFile.certificatePasswd().toStdString());
QString s = QString::fromStdString(certif.Certificate);
QByteArray ba = s.toLocal8Bit();
this->setCertificate(ba, QString::fromStdString(certif.PrivateKey));
}
if((!_pemCertificate.isEmpty())&&(!_pemPrivateKey.isEmpty())) {
// Read certificates
QList<QSslCertificate> sslCertificateList = QSslCertificate::fromData(_pemCertificate, QSsl::Pem);
if(sslCertificateList.length() != 0) {
sslClientCertificate = sslCertificateList.takeAt(0);
}
// Read key from file
QSslKey privateKey(_pemPrivateKey.toLocal8Bit(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey , "");
// SSL configuration
sslConfig.setCaCertificates(QSslSocket::systemCaCertificates());
sslConfig.setLocalCertificate(sslClientCertificate);
sslConfig.setPrivateKey(privateKey);
qDebug() << "Added SSL client certificate to the query";
}
#if QT_VERSION > QT_VERSION_CHECK(5, 2, 0)
// Try hard to re-use session for different requests
sslConfig.setSslOption(QSsl::SslOptionDisableSessionTickets, false);
sslConfig.setSslOption(QSsl::SslOptionDisableSessionSharing, false);
sslConfig.setSslOption(QSsl::SslOptionDisableSessionPersistence, false);
#endif
return sslConfig;
}
Server::Server(int port, QtWebsocket::Protocol protocol)
{
if(protocol == QtWebsocket::Tcp)
server = new QtWebsocket::QWsServer(this, protocol);
else
{
QFile file("server-key.pem");
if (!file.open(QIODevice::ReadOnly | QIODevice::Text))
{
qDebug() << "can't open key server-key.pem";
throw -1;
}
QSslKey key(&file, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey, QByteArray("qtwebsocket-server-key"));
file.close();
QFile file2("server-crt.pem");
if (!file2.open(QIODevice::ReadOnly | QIODevice::Text))
{
qDebug() << "cant load server certificate server-crt.pem";
throw -2;
}
QSslCertificate localCert(&file2, QSsl::Pem);
file2.close();
QSslConfiguration sslConfiguration;
sslConfiguration.setPrivateKey(key);
sslConfiguration.setLocalCertificate(localCert);
sslConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone);
QList<QSslCertificate> caCerts = QSslCertificate::fromPath("ca.pem");
server = new QtWebsocket::QWsServer(this, protocol, sslConfiguration, caCerts);
}
if (! server->listen(QHostAddress::Any, port))
{
qDebug() << tr("Error: Can't launch server");
qDebug() << tr("QWsServer error : %1").arg(server->errorString());
}
else
{
qDebug() << tr("Server is listening on port %1").arg(port);
}
QObject::connect(server, SIGNAL(newConnection()), this, SLOT(processNewConnection()));
}
QT_USE_NAMESPACE
//! [constructor]
BCWebSocketServer::BCWebSocketServer(quint16 port, QObject *parent) :
QObject(parent),
m_pWebSocketServer(Q_NULLPTR),
m_clients()
{
m_pWebSocketServer = new QWebSocketServer(QStringLiteral("Bitcoin Exchange Server"),
QWebSocketServer::NonSecureMode, //**** To be Changed after setting up OpenSSL
this);
QSslConfiguration sslConfiguration;
QFile certFile(QStringLiteral("./localhost.cert"));
QFile keyFile(QStringLiteral("./localhost.key"));
/*if ( */
certFile.open(stderr, QIODevice::ReadOnly | QIODevice::Text ) ; //&&
keyFile.open(stderr, QIODevice::ReadOnly | QIODevice::Text) ; // )
{
QSslCertificate certificate(&certFile, QSsl::Pem);
QSslKey sslKey(&keyFile, QSsl::Rsa, QSsl::Pem);
certFile.close();
keyFile.close();
sslConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone);
sslConfiguration.setLocalCertificate(certificate);
sslConfiguration.setPrivateKey(sslKey);
sslConfiguration.setProtocol(QSsl::TlsV1SslV3);
m_pWebSocketServer->setSslConfiguration(sslConfiguration);
if (m_pWebSocketServer->listen(QHostAddress::Any, port))
{
qDebug() << "Bitcoin Exchange Server listening on port" << port;
connect(m_pWebSocketServer, &QWebSocketServer::newConnection,
this, &BCWebSocketServer::onNewConnection);
connect(m_pWebSocketServer, &QWebSocketServer::sslErrors,
this, &BCWebSocketServer::onSslErrors);
}
_logged = false;
_lang = NULL;
this->data.rank = 0;
}
}
//===================
// PRIVATE
//===================
bool WebServer::setupWebSocket(quint16 port){
WSServer = new QWebSocketServer("sysadm-server", QWebSocketServer::SecureMode, this);
//SSL Configuration
QSslConfiguration config = QSslConfiguration::defaultConfiguration();
QFile CF( QStringLiteral(SSLCERTFILE) );
if(CF.open(QIODevice::ReadOnly) ){
QSslCertificate CERT(&CF,QSsl::Pem);
config.setLocalCertificate( CERT );
CF.close();
}else{
qWarning() << "Could not read WS certificate file:" << CF.fileName();
}
QFile KF( QStringLiteral(SSLKEYFILE));
if(KF.open(QIODevice::ReadOnly) ){
QSslKey KEY(&KF, QSsl::Rsa, QSsl::Pem);
config.setPrivateKey( KEY );
KF.close();
}else{
qWarning() << "Could not read WS key file:" << KF.fileName();
}
config.setPeerVerifyMode(QSslSocket::VerifyNone);
config.setProtocol(SSLVERSION);
WSServer->setSslConfiguration(config);
//Setup Connections
connect(WSServer, SIGNAL(newConnection()), this, SLOT(NewSocketConnection()) );
connect(WSServer, SIGNAL(acceptError(QAbstractSocket::SocketError)), this, SLOT(NewConnectError(QAbstractSocket::SocketError)) );
// -- websocket specific signals
connect(WSServer, SIGNAL(closed()), this, SLOT(ServerClosed()) );
connect(WSServer, SIGNAL(serverError(QWebSocketProtocol::CloseCode)), this, SLOT(ServerError(QWebSocketProtocol::CloseCode)) );
connect(WSServer, SIGNAL(originAuthenticationRequired(QWebSocketCorsAuthenticator*)), this, SLOT(OriginAuthRequired(QWebSocketCorsAuthenticator*)) );
connect(WSServer, SIGNAL(peerVerifyError(const QSslError&)), this, SLOT(PeerVerifyError(const QSslError&)) );
connect(WSServer, SIGNAL(sslErrors(const QList<QSslError>&)), this, SLOT(SslErrors(const QList<QSslError>&)) );
connect(WSServer, SIGNAL(acceptError(QAbstractSocket::SocketError)), this, SLOT(ConnectError(QAbstractSocket::SocketError)) );
//Now start the server
return WSServer->listen(QHostAddress::Any, port);
}
MobileDialog::MobileDialog( QWidget *parent )
: QDialog( parent )
{
mobileResults["START"] = tr("Signing in process");
mobileResults["REQUEST_OK"] = tr("Request accepted");
mobileResults["EXPIRED_TRANSACTION"] = tr("Request timeout");
mobileResults["USER_CANCEL"] = tr("User denied or cancelled");
mobileResults["SIGNATURE"] = tr("Got signature");
mobileResults["OUTSTANDING_TRANSACTION"] = tr("Request pending");
mobileResults["MID_NOT_READY"] = tr("Mobile-ID not ready, try again later");
mobileResults["PHONE_ABSENT"] = tr("Phone absent");
mobileResults["SENDING_ERROR"] = tr("Request sending error");
mobileResults["SIM_ERROR"] = tr("SIM error");
mobileResults["INTERNAL_ERROR"] = tr("Service internal error");
mobileResults["OCSP_UNAUTHORIZED"] = tr("Not allowed to use OCSP service!<br/>Please check your server access sertificate.");
mobileResults["HOSTNOTFOUND"] = tr("Connecting to SK server failed!<br/>Please check your internet connection.");
mobileResults["User is not a Mobile-ID client"] = tr("User is not a Mobile-ID client");
mobileResults["ID and phone number do not match"] = tr("ID and phone number do not match");
mobileResults["Certificate status unknown"] = tr("Your Mobile-ID service is not activated.");
mobileResults["Certificate is revoked"] = tr("Mobile-ID user certificates are revoked or suspended.");
setupUi( this );
code->setBuddy( signProgressBar );
statusTimer = new QTimeLine( signProgressBar->maximum() * 1000, this );
statusTimer->setCurveShape( QTimeLine::LinearCurve );
statusTimer->setFrameRange( signProgressBar->minimum(), signProgressBar->maximum() );
connect( statusTimer, SIGNAL(frameChanged(int)), signProgressBar, SLOT(setValue(int)) );
connect( statusTimer, SIGNAL(finished()), SLOT(endProgress()) );
manager = new QNetworkAccessManager( this );
connect( manager, SIGNAL(finished(QNetworkReply*)), SLOT(finished(QNetworkReply*)) );
connect( manager, SIGNAL(sslErrors(QNetworkReply*,QList<QSslError>)),
SLOT(sslErrors(QNetworkReply*,QList<QSslError>)) );
if( !Application::confValue( Application::ProxyHost ).toString().isEmpty() )
{
manager->setProxy( QNetworkProxy(
QNetworkProxy::HttpProxy,
Application::confValue( Application::ProxyHost ).toString(),
Application::confValue( Application::ProxyPort ).toUInt(),
Application::confValue( Application::ProxyUser ).toString(),
Application::confValue( Application::ProxyPass ).toString() ) );
}
if( !Application::confValue( Application::PKCS12Disable ).toBool() )
{
QSslConfiguration ssl = QSslConfiguration::defaultConfiguration();
ssl.setCaCertificates( ssl.caCertificates()
#ifdef Q_OS_LINUX
<< QSslCertificate::fromPath( "/usr/share/esteid/certs/*.crt", QSsl::Pem, QRegExp::Wildcard )
#endif
<< QSslCertificate( "-----BEGIN CERTIFICATE-----\n"
"MIIEOzCCAyOgAwIBAgIBADANBgkqhkiG9w0BAQUFADB2MQswCQYDVQQGEwJFRTEi\n"
"MCAGA1UEChMZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEeMBwGA1UECxMVU0sg\n"
"c2VydmljZXMgYWNjZXNzIENBMSMwIQYDVQQDExpTSyBzZXJ2aWNlcyBhY2Nlc3Mg\n"
"Q0EgMjAxMDAeFw0xMDAyMDcxNTIxMTBaFw0xOTEyMTcxNTIxMTBaMHYxCzAJBgNV\n"
"BAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMR4wHAYD\n"
"VQQLExVTSyBzZXJ2aWNlcyBhY2Nlc3MgQ0ExIzAhBgNVBAMTGlNLIHNlcnZpY2Vz\n"
"IGFjY2VzcyBDQSAyMDEwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n"
"tkjCB8PkmDQRdtjbKDMJj5k6LPpFP3IUD+nCAHVhrpmU8FY3CfS/zBaFCnSlOxP3\n"
"TZYlccBz5hcc7lSHSVxsVinW79aw/Sp4sUNVlhqB18UThHrdQiWznjQeOROpjjMo\n"
"3WyW2lWlM3semodOSgD8ssSOUtHBeDLsHFdNrVuz6S1y2ulrfezcnDwrGOtWyYca\n"
"MZzJZZbNA3cc6mXbvihkYv11o0yFdDrDatzjEVx2KrBaSDej2aPo9gES7tDNpByz\n"
"e/hbH1exhc+YZybQ0/odx8N/oiygfjym2OnLFlmArsNPd97mVc6VqA2/Aj68xZN9\n"
"pjZDIXF3IUCVX6rYyGhuIwIDAQABo4HTMIHQMB0GA1UdDgQWBBR3Mky/Mx9AxVx+\n"
"gsoZmtw6kgnpnzCBoAYDVR0jBIGYMIGVgBR3Mky/Mx9AxVx+gsoZmtw6kgnpn6F6\n"
"pHgwdjELMAkGA1UEBhMCRUUxIjAgBgNVBAoTGUFTIFNlcnRpZml0c2VlcmltaXNr\n"
"ZXNrdXMxHjAcBgNVBAsTFVNLIHNlcnZpY2VzIGFjY2VzcyBDQTEjMCEGA1UEAxMa\n"
"U0sgc2VydmljZXMgYWNjZXNzIENBIDIwMTCCAQAwDAYDVR0TBAUwAwEB/zANBgkq\n"
"hkiG9w0BAQUFAAOCAQEASqQRnFdJ5iYTcK1Q98BQsJ097yI/Zp9E8aiZcd+011dK\n"
"jcoRMDlnET3SIxeLN5x6FibiDjt1HvSbRHUy+z1XpfzApFBEkV7S56WwWcEm6ni1\n"
"dRM8Qcpk+fC2ARHf4MxfdVt7488/27/tFs3RjVXyKL8x2xPU4xzVuD22qdoAXohJ\n"
"r7TaVDpk5wpHDCAaQX0LaPaibfW4532iGqG/oFsZo9SiS16qjZ5Aiq0NVhoebZWS\n"
"LwRnmCfkc8bA6RmtPFXR6hWAxfsb8nlZjisA+TDkyXEkCLEcABLgrwLbwq7K2xAR\n"
"k1ZVHmBoFUaMz7JoF4ZVjqwWJ7qlCwie6syR3ZPu9Q==\n"
"-----END CERTIFICATE-----\n" )
<< QSslCertificate( "-----BEGIN CERTIFICATE-----\n"
"MIIERzCCAy+gAwIBAgIJAIHRdBWILIw0MA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV\n"
"BAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMR4wHAYD\n"
"VQQLExVTSyBzZXJ2aWNlcyBhY2Nlc3MgQ0ExKDAmBgNVBAMTH1NLIFRFU1Qgc2Vy\n"
"dmljZXMgYWNjZXNzIENBIDIwMTIwHhcNMTIwODIzMTEzNTMwWhcNMjIwMzI0MTEz\n"
"NTMwWjB7MQswCQYDVQQGEwJFRTEiMCAGA1UEChMZQVMgU2VydGlmaXRzZWVyaW1p\n"
"c2tlc2t1czEeMBwGA1UECxMVU0sgc2VydmljZXMgYWNjZXNzIENBMSgwJgYDVQQD\n"
"Ex9TSyBURVNUIHNlcnZpY2VzIGFjY2VzcyBDQSAyMDEyMIIBIjANBgkqhkiG9w0B\n"
"AQEFAAOCAQ8AMIIBCgKCAQEArqkc1v13VAPcM3adjJ5jF/sgOkbzWruooVgDwevA\n"
"7e4lOmUle2ZnrCJXlKf7NDQHg3RWrq04MlUOYak2AFhOo4S/V0LVwvUDt+FCSAwy\n"
"E8FxK6c3HlrwmxWqOCGRVCB3/BrmNouR54ieqMEx7dayoyYfBLvyiSlzZSxoW55O\n"
"ENhgsfPuypAQyuhYab+R65yEtr6sIPJZH2eqGtfWMoaHUAuyOZCfyMFFC1RJ1ymj\n"
"azTRcGFXYtDALf5W/tPUhLJlPE5v6zwRR8Xnzgjohsgnv2aJYHa1e/tT9m+Z9CWA\n"
"BRaz05qjA5N5zEj7Qs9BN5lo07VLgBuSYMl6dsiDU4VfowIDAQABo4HNMIHKMA8G\n"
"A1UdEwEB/wQFMAMBAf8wgZcGA1UdIwSBjzCBjKF/pH0wezELMAkGA1UEBhMCRUUx\n"
"IjAgBgNVBAoTGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxHjAcBgNVBAsTFVNL\n"
"IHNlcnZpY2VzIGFjY2VzcyBDQTEoMCYGA1UEAxMfU0sgVEVTVCBzZXJ2aWNlcyBh\n"
"Y2Nlc3MgQ0EgMjAxMoIJAIHRdBWILIw0MB0GA1UdDgQWBBQRxbVGxjXI+bcya5iK\n"
"4AW3oXjBrDANBgkqhkiG9w0BAQUFAAOCAQEAHqQ1FiZA1u8Qf1SHSZGpgjmy221x\n"
"DkJ+gYNE0XRDbQ0G0FgqV8peHpIKxEYMGWVCNGRSIenyUYJDVqFMrqMZb1TaYYEg\n"
"Mb5+u3aQpyp9gz3YGh45fvh73M/Pko4WjTsOaIJpXHzGZOSktiuVyEfEkRAupUhY\n"
"7S4gJwPg6RIQXu/FfVCMtNyJliM/5Rz3+NeoLzZw4MVmjQGX0fxXDmVcbSkATqSx\n"
"EV/PbuITu7jOJuDLEr5IpfJPgfl3vBYr2PSo5/2kypth0jikr4TVbGqLFlvU1DaH\n"
"eswmlJbTv3u3juaJ1M6vHyPHX+diK7MUEAkETxlx0HUl0hbIgenvsjSdYA==\n"
"-----END CERTIFICATE-----\n" )
<< QSslCertificate( "-----BEGIN CERTIFICATE-----\n"
"MIID5TCCAs2gAwIBAgIES7MTKDANBgkqhkiG9w0BAQUFADBdMRgwFgYJKoZIhvcN\n"
"AQkBFglwa2lAc2suZWUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZp\n"
"dHNlZXJpbWlza2Vza3VzMRAwDgYDVQQDEwdKdXVyLVNLMB4XDTEwMDMzMTA5MTcy\n"
"OFoXDTE2MDgyNjE0MjMwMVowbTELMAkGA1UEBhMCRUUxIjAgBgNVBAoTGUFTIFNl\n"
"cnRpZml0c2VlcmltaXNrZXNrdXMxITAfBgNVBAsTGFNlcnRpZml0c2VlcmltaXN0\n"
"ZWVudXNlZDEXMBUGA1UEAxMOS0xBU1MzLVNLIDIwMTAwggEiMA0GCSqGSIb3DQEB\n"
"AQUAA4IBDwAwggEKAoIBAQCrlaYRX2v89k8Hd0ADaOfnUcIn7iM6aOXkAR+jp582\n"
"7ZhDqDyNddF9ZUoBgPghGNIrkHbH7qwex39YnI0ka24lCjcwEMvQMPbyPnX/a4Ry\n"
"J+wEZttmjBl++FfrZK54L+vD7Dyy4YYB0Og9ktB4qptsDBj+giiv/MGPeGeNs3Ta\n"
"cJdNb7+3splTPtPKlDfrufvq4H6jNOv9S9bC+j2VVY9uCFXUro8AA3hoOEKJdSjl\n"
"pYCa51N8KGLVJYRuc/K81xqi054Jz+Cy/HY/AcXkk2JkxlpJoEXmcuTkxjO/QE/X\n"
"bd+mRJHnq6+HurOiKcxKwZCPAa+d+dvRPkbyq9ohMXH9AgMBAAGjgZwwgZkwEgYD\n"
"VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAcYwMwYDVR0fBCwwKjAooCag\n"
"JIYiaHR0cDovL3d3dy5zay5lZS9jcmxzL2p1dXIvY3JsLmNybDAfBgNVHSMEGDAW\n"
"gBQEqnpHo+SJrxrPCkCnGD9v7+l9vjAdBgNVHQ4EFgQUXXUUEYz0pY5Cj3uyQESj\n"
"7tZ6O3IwDQYJKoZIhvcNAQEFBQADggEBADFuAGtSoO8PsWRw/QxFzc5EZtbq2KXC\n"
"9yZ8YQPWBLY4Mh3OVLFJqWyKC+8JHy9D5tJTG49F5UHyDJPufD/XvC2rjRlkqvS/\n"
"W7sy3MqGh7e+6bg+aD4mo+98Oalnqi12UD+ki+N8JKPXjHNJ31AvH6E/xDsCsvtz\n"
"ubylxI+FU8R0XODIUFbBqRtatRI1/zVaKRhD6LNGPt3rz/3IJKmuEv6b29mzL+p4\n"
"oNULqpPr6aTmheZme8ZHuEIh3Zp5kdoX3i2D4hsmgClpevZifo196zeKRLk0Qs6n\n"
"mRjoMxyk6jYIric3/VnV81oyhXSBY1GZnbM4qP1w2S5kSA2bb1pkwFo=\n"
"-----END CERTIFICATE-----\n"));
ssl.setPrivateKey( AccessCert::key() );
ssl.setLocalCertificate( AccessCert::cert() );
request.setSslConfiguration( ssl );
}
request.setHeader( QNetworkRequest::ContentTypeHeader, "text/xml" );
request.setRawHeader( "User-Agent", QString( "%1/%2 (%3)")
.arg( qApp->applicationName() ).arg( qApp->applicationVersion() ).arg( Common::applicationOs() ).toUtf8() );
}
void WebSocketQt::setupSocketWithSSLDataSource(SSLDataSource * dataSource)
{
QSslConfiguration config;
QFile localFile(WebSocketQt::toString(dataSource->clientLocalCertificateFilePath()));
if (localFile.open(QIODevice::ReadOnly))
{
QSslCertificate cert(localFile.readAll());
localFile.close();
if (cert.isNull())
{
#ifdef FAYECPP_DEBUG_MESSAGES
qDebug() << "SocketQT: LocalCertificate is NULL";
#endif
}
else
{
config.setLocalCertificate(cert);
}
}
QFile keyFile(WebSocketQt::toString(dataSource->clientPrivateKeyFilePath()));
if (keyFile.open(QIODevice::ReadOnly))
{
QByteArray pp;
pp.append(WebSocketQt::toString(dataSource->clientPrivateKeyPassPhrase()));
QSslKey key(keyFile.readAll(),
QSsl::Rsa,
QSsl::Pem,
QSsl::PrivateKey,
pp);
pp.clear();
keyFile.close();
if (key.isNull())
{
#ifdef FAYECPP_DEBUG_MESSAGES
qDebug() << "SocketQT: PrivateKey is NULL";
#endif
}
else
{
config.setPrivateKey(key);
}
}
QFile caFile(WebSocketQt::toString(dataSource->clientCACertificateFilePath()));
if (caFile.open(QIODevice::ReadOnly))
{
QSslCertificate cert(caFile.readAll());
caFile.close();
if (cert.isNull())
{
#ifdef FAYECPP_DEBUG_MESSAGES
qDebug() << "SocketQT: CACertificate is NULL";
#endif
}
else
{
QList<QSslCertificate> caList(config.caCertificates());
caList.append(cert);
config.setCaCertificates(caList);
}
}
_socket->setSslConfiguration(config);
}
void Server::update() {
if (!((! qsRegName.isEmpty()) && (! qsRegName.isEmpty()) && (! qsRegPassword.isEmpty()) && qurlRegWeb.isValid() && qsPassword.isEmpty() && bAllowPing))
return;
// When QNAM distinguishes connections by client cert, move this to Meta
if (! qnamNetwork)
qnamNetwork = new QNetworkAccessManager(this);
qtTick.start(1000 * (60 * 60 + (qrand() % 300)));
QDomDocument doc;
QDomElement root=doc.createElement(QLatin1String("server"));
doc.appendChild(root);
OSInfo::fillXml(doc, root, meta->qsOS, meta->qsOSVersion, qlBind);
QDomElement tag;
QDomText t;
tag=doc.createElement(QLatin1String("name"));
root.appendChild(tag);
t=doc.createTextNode(qsRegName);
tag.appendChild(t);
tag=doc.createElement(QLatin1String("host"));
root.appendChild(tag);
t=doc.createTextNode(qsRegHost);
tag.appendChild(t);
tag=doc.createElement(QLatin1String("password"));
root.appendChild(tag);
t=doc.createTextNode(qsRegPassword);
tag.appendChild(t);
tag=doc.createElement(QLatin1String("port"));
root.appendChild(tag);
t=doc.createTextNode(QString::number(usPort));
tag.appendChild(t);
tag=doc.createElement(QLatin1String("url"));
root.appendChild(tag);
t=doc.createTextNode(qurlRegWeb.toString());
tag.appendChild(t);
tag=doc.createElement(QLatin1String("digest"));
root.appendChild(tag);
t=doc.createTextNode(getDigest());
tag.appendChild(t);
tag=doc.createElement(QLatin1String("users"));
root.appendChild(tag);
t=doc.createTextNode(QString::number(qhUsers.count()));
tag.appendChild(t);
tag=doc.createElement(QLatin1String("channels"));
root.appendChild(tag);
t=doc.createTextNode(QString::number(qhChannels.count()));
tag.appendChild(t);
QNetworkRequest qnr(QUrl(QLatin1String("https://mumble.hive.no/register.cgi")));
qnr.setHeader(QNetworkRequest::ContentTypeHeader, QLatin1String("text/xml"));
QSslConfiguration ssl = qnr.sslConfiguration();
ssl.setLocalCertificate(qscCert);
ssl.setPrivateKey(qskKey);
/* Work around bug in QSslConfiguration */
QList<QSslCertificate> calist = ssl.caCertificates();
calist << QSslSocket::defaultCaCertificates();
calist << qscCert;
ssl.setCaCertificates(calist);
qnr.setSslConfiguration(ssl);
QNetworkReply *rep = qnamNetwork->post(qnr, doc.toString().toUtf8());
connect(rep, SIGNAL(finished()), this, SLOT(finished()));
connect(rep, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(regSslError(const QList<QSslError> &)));
}
void Ssu::updateCredentials(bool force){
SsuCoreConfig *settings = SsuCoreConfig::instance();
errorFlag = false;
SsuLog *ssuLog = SsuLog::instance();
if (deviceInfo.deviceUid() == ""){
setError("No valid UID available for your device. For phones: is your modem online?");
return;
}
QString ssuCaCertificate, ssuCredentialsUrl;
if (!settings->contains("ca-certificate")){
setError("CA certificate for SSU not set (config key 'ca-certificate')");
return;
} else
ssuCaCertificate = settings->value("ca-certificate").toString();
if (!settings->contains("credentials-url")){
ssuCredentialsUrl = repoUrl("credentials-url");
if (ssuCredentialsUrl.isEmpty()){
setError("URL for credentials update not set (config key 'credentials-url')");
return;
}
} else
ssuCredentialsUrl = settings->value("credentials-url").toString();
if (!isRegistered()){
setError("Device is not registered.");
return;
}
if (!force){
// skip updating if the last update was less than 30 minutes ago
QDateTime now = QDateTime::currentDateTime();
if (settings->contains("lastCredentialsUpdate")){
QDateTime last = settings->value("lastCredentialsUpdate").toDateTime();
if (last >= now.addSecs(-1800)){
ssuLog->print(LOG_DEBUG, QString("Skipping credentials update, last update was at %1")
.arg(last.toString()));
emit done();
return;
}
}
}
// check when the last update was, decide if an update is required
QSslConfiguration sslConfiguration;
if (!useSslVerify())
sslConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone);
QSslKey privateKey(settings->value("privateKey").toByteArray(), QSsl::Rsa);
QSslCertificate certificate(settings->value("certificate").toByteArray());
QList<QSslCertificate> caCertificates;
caCertificates << QSslCertificate::fromPath(ssuCaCertificate);
sslConfiguration.setCaCertificates(caCertificates);
sslConfiguration.setPrivateKey(privateKey);
sslConfiguration.setLocalCertificate(certificate);
QNetworkRequest request;
request.setUrl(QUrl(ssuCredentialsUrl.arg(deviceInfo.deviceUid())));
ssuLog->print(LOG_DEBUG, QString("Sending credential update request to %1")
.arg(request.url().toString()));
request.setSslConfiguration(sslConfiguration);
pendingRequests++;
manager->get(request);
}
