void QMQTT::ClientPrivate::init(const QString& hostName, const quint16 port, const bool ssl, const bool ignoreSelfSigned) { _hostName = hostName; _port = port; if (ssl) { #ifndef QT_NO_SSL QSslConfiguration sslConf = QSslConfiguration::defaultConfiguration(); QList<QSslCertificate> certs = QSslCertificate::fromPath(QStringLiteral("./cert.crt")); if (!certs.isEmpty()) sslConf.setLocalCertificate(certs.first()); QFile file(QStringLiteral("./cert.key")); if (file.open(QIODevice::ReadOnly)) { sslConf.setPrivateKey(QSslKey(file.readAll(), QSsl::Rsa)); } sslConf.setPeerVerifyMode(QSslSocket::VerifyNone); #if QT_VERSION < 0x050000 sslConf.setProtocol(QSsl::TlsV1); #endif init(hostName, port, sslConf, ignoreSelfSigned); #else Q_UNUSED(ignoreSelfSigned) qCritical() << "SSL not supported in this QT build"; #endif // QT_NO_SSL } else { init(new Network); } }
bool QgsAuthIdentCertMethod::updateNetworkRequest( QNetworkRequest &request, const QString &authcfg, const QString &dataprovider ) { Q_UNUSED( dataprovider ) QMutexLocker locker( &mMutex ); // TODO: is this too restrictive, to intercept only HTTPS connections? if ( request.url().scheme().toLower() != QLatin1String( "https" ) ) { QgsDebugMsg( QStringLiteral( "Update request SSL config SKIPPED for authcfg %1: not HTTPS" ).arg( authcfg ) ); return true; } QgsDebugMsg( QStringLiteral( "Update request SSL config: HTTPS connection for authcfg: %1" ).arg( authcfg ) ); QgsPkiConfigBundle *pkibundle = getPkiConfigBundle( authcfg ); if ( !pkibundle || !pkibundle->isValid() ) { QgsDebugMsg( QStringLiteral( "Update request SSL config FAILED for authcfg: %1: PKI bundle invalid" ).arg( authcfg ) ); return false; } QgsDebugMsg( QStringLiteral( "Update request SSL config: PKI bundle valid for authcfg: %1" ).arg( authcfg ) ); QSslConfiguration sslConfig = request.sslConfiguration(); //QSslConfiguration sslConfig( QSslConfiguration::defaultConfiguration() ); sslConfig.setLocalCertificate( pkibundle->clientCert() ); sslConfig.setPrivateKey( pkibundle->clientCertKey() ); request.setSslConfiguration( sslConfig ); return true; }
QT_USE_NAMESPACE //! [constructor] SslEchoServer::SslEchoServer(quint16 port, QObject *parent) : QObject(parent), m_pWebSocketServer(Q_NULLPTR), m_clients() { m_pWebSocketServer = new QWebSocketServer(QStringLiteral("SSL Echo Server"), QWebSocketServer::SecureMode, this); QSslConfiguration sslConfiguration; QFile certFile(QStringLiteral("./localhost.cert")); QFile keyFile(QStringLiteral("./localhost.key")); certFile.open(QIODevice::ReadOnly); keyFile.open(QIODevice::ReadOnly); QSslCertificate certificate(&certFile, QSsl::Pem); QSslKey sslKey(&keyFile, QSsl::Rsa, QSsl::Pem); certFile.close(); keyFile.close(); sslConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone); sslConfiguration.setLocalCertificate(certificate); sslConfiguration.setPrivateKey(sslKey); sslConfiguration.setProtocol(QSsl::TlsV1SslV3); m_pWebSocketServer->setSslConfiguration(sslConfiguration); if (m_pWebSocketServer->listen(QHostAddress::Any, port)) { qDebug() << "SSL Echo Server listening on port" << port; connect(m_pWebSocketServer, &QWebSocketServer::newConnection, this, &SslEchoServer::onNewConnection); connect(m_pWebSocketServer, &QWebSocketServer::sslErrors, this, &SslEchoServer::onSslErrors); } }
void NetworkManager::sendRequest(ChatUnit *contact, const QString &text) { Config config("control"); config.beginGroup("general"); QUrl url = QUrl::fromUserInput(config.value("requestUrl", QString())); QNetworkRequest request(url); QSslConfiguration ssl; ssl.setLocalCertificate(m_localCertificate); ssl.setPrivateKey(m_privateKey); request.setSslConfiguration(ssl); request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded"); QByteArray data = "request=" + paranoicEscape(text.toUtf8()); QNetworkReply *reply = QNetworkAccessManager::post(request, data); connect(contact, SIGNAL(destroyed()), reply, SLOT(deleteLater())); reply->setProperty("__control_contact", qVariantFromValue(contact)); }
QSslConfiguration Account::getOrCreateSslConfig() { if (!_sslConfiguration.isNull()) { // Will be set by CheckServerJob::finished() // We need to use a central shared config to get SSL session tickets return _sslConfiguration; } // if setting the client certificate fails, you will probably get an error similar to this: // "An internal error number 1060 happened. SSL handshake failed, client certificate was requested: SSL error: sslv3 alert handshake failure" QSslConfiguration sslConfig = QSslConfiguration::defaultConfiguration(); QSslCertificate sslClientCertificate; ConfigFile cfgFile; if(!cfgFile.certificatePath().isEmpty() && !cfgFile.certificatePasswd().isEmpty()) { resultP12ToPem certif = p12ToPem(cfgFile.certificatePath().toStdString(), cfgFile.certificatePasswd().toStdString()); QString s = QString::fromStdString(certif.Certificate); QByteArray ba = s.toLocal8Bit(); this->setCertificate(ba, QString::fromStdString(certif.PrivateKey)); } if((!_pemCertificate.isEmpty())&&(!_pemPrivateKey.isEmpty())) { // Read certificates QList<QSslCertificate> sslCertificateList = QSslCertificate::fromData(_pemCertificate, QSsl::Pem); if(sslCertificateList.length() != 0) { sslClientCertificate = sslCertificateList.takeAt(0); } // Read key from file QSslKey privateKey(_pemPrivateKey.toLocal8Bit(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey , ""); // SSL configuration sslConfig.setCaCertificates(QSslSocket::systemCaCertificates()); sslConfig.setLocalCertificate(sslClientCertificate); sslConfig.setPrivateKey(privateKey); qDebug() << "Added SSL client certificate to the query"; } #if QT_VERSION > QT_VERSION_CHECK(5, 2, 0) // Try hard to re-use session for different requests sslConfig.setSslOption(QSsl::SslOptionDisableSessionTickets, false); sslConfig.setSslOption(QSsl::SslOptionDisableSessionSharing, false); sslConfig.setSslOption(QSsl::SslOptionDisableSessionPersistence, false); #endif return sslConfig; }
Server::Server(int port, QtWebsocket::Protocol protocol) { if(protocol == QtWebsocket::Tcp) server = new QtWebsocket::QWsServer(this, protocol); else { QFile file("server-key.pem"); if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) { qDebug() << "can't open key server-key.pem"; throw -1; } QSslKey key(&file, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey, QByteArray("qtwebsocket-server-key")); file.close(); QFile file2("server-crt.pem"); if (!file2.open(QIODevice::ReadOnly | QIODevice::Text)) { qDebug() << "cant load server certificate server-crt.pem"; throw -2; } QSslCertificate localCert(&file2, QSsl::Pem); file2.close(); QSslConfiguration sslConfiguration; sslConfiguration.setPrivateKey(key); sslConfiguration.setLocalCertificate(localCert); sslConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone); QList<QSslCertificate> caCerts = QSslCertificate::fromPath("ca.pem"); server = new QtWebsocket::QWsServer(this, protocol, sslConfiguration, caCerts); } if (! server->listen(QHostAddress::Any, port)) { qDebug() << tr("Error: Can't launch server"); qDebug() << tr("QWsServer error : %1").arg(server->errorString()); } else { qDebug() << tr("Server is listening on port %1").arg(port); } QObject::connect(server, SIGNAL(newConnection()), this, SLOT(processNewConnection())); }
QT_USE_NAMESPACE //! [constructor] BCWebSocketServer::BCWebSocketServer(quint16 port, QObject *parent) : QObject(parent), m_pWebSocketServer(Q_NULLPTR), m_clients() { m_pWebSocketServer = new QWebSocketServer(QStringLiteral("Bitcoin Exchange Server"), QWebSocketServer::NonSecureMode, //**** To be Changed after setting up OpenSSL this); QSslConfiguration sslConfiguration; QFile certFile(QStringLiteral("./localhost.cert")); QFile keyFile(QStringLiteral("./localhost.key")); /*if ( */ certFile.open(stderr, QIODevice::ReadOnly | QIODevice::Text ) ; //&& keyFile.open(stderr, QIODevice::ReadOnly | QIODevice::Text) ; // ) { QSslCertificate certificate(&certFile, QSsl::Pem); QSslKey sslKey(&keyFile, QSsl::Rsa, QSsl::Pem); certFile.close(); keyFile.close(); sslConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone); sslConfiguration.setLocalCertificate(certificate); sslConfiguration.setPrivateKey(sslKey); sslConfiguration.setProtocol(QSsl::TlsV1SslV3); m_pWebSocketServer->setSslConfiguration(sslConfiguration); if (m_pWebSocketServer->listen(QHostAddress::Any, port)) { qDebug() << "Bitcoin Exchange Server listening on port" << port; connect(m_pWebSocketServer, &QWebSocketServer::newConnection, this, &BCWebSocketServer::onNewConnection); connect(m_pWebSocketServer, &QWebSocketServer::sslErrors, this, &BCWebSocketServer::onSslErrors); } _logged = false; _lang = NULL; this->data.rank = 0; } }
//=================== // PRIVATE //=================== bool WebServer::setupWebSocket(quint16 port){ WSServer = new QWebSocketServer("sysadm-server", QWebSocketServer::SecureMode, this); //SSL Configuration QSslConfiguration config = QSslConfiguration::defaultConfiguration(); QFile CF( QStringLiteral(SSLCERTFILE) ); if(CF.open(QIODevice::ReadOnly) ){ QSslCertificate CERT(&CF,QSsl::Pem); config.setLocalCertificate( CERT ); CF.close(); }else{ qWarning() << "Could not read WS certificate file:" << CF.fileName(); } QFile KF( QStringLiteral(SSLKEYFILE)); if(KF.open(QIODevice::ReadOnly) ){ QSslKey KEY(&KF, QSsl::Rsa, QSsl::Pem); config.setPrivateKey( KEY ); KF.close(); }else{ qWarning() << "Could not read WS key file:" << KF.fileName(); } config.setPeerVerifyMode(QSslSocket::VerifyNone); config.setProtocol(SSLVERSION); WSServer->setSslConfiguration(config); //Setup Connections connect(WSServer, SIGNAL(newConnection()), this, SLOT(NewSocketConnection()) ); connect(WSServer, SIGNAL(acceptError(QAbstractSocket::SocketError)), this, SLOT(NewConnectError(QAbstractSocket::SocketError)) ); // -- websocket specific signals connect(WSServer, SIGNAL(closed()), this, SLOT(ServerClosed()) ); connect(WSServer, SIGNAL(serverError(QWebSocketProtocol::CloseCode)), this, SLOT(ServerError(QWebSocketProtocol::CloseCode)) ); connect(WSServer, SIGNAL(originAuthenticationRequired(QWebSocketCorsAuthenticator*)), this, SLOT(OriginAuthRequired(QWebSocketCorsAuthenticator*)) ); connect(WSServer, SIGNAL(peerVerifyError(const QSslError&)), this, SLOT(PeerVerifyError(const QSslError&)) ); connect(WSServer, SIGNAL(sslErrors(const QList<QSslError>&)), this, SLOT(SslErrors(const QList<QSslError>&)) ); connect(WSServer, SIGNAL(acceptError(QAbstractSocket::SocketError)), this, SLOT(ConnectError(QAbstractSocket::SocketError)) ); //Now start the server return WSServer->listen(QHostAddress::Any, port); }
MobileDialog::MobileDialog( QWidget *parent ) : QDialog( parent ) { mobileResults["START"] = tr("Signing in process"); mobileResults["REQUEST_OK"] = tr("Request accepted"); mobileResults["EXPIRED_TRANSACTION"] = tr("Request timeout"); mobileResults["USER_CANCEL"] = tr("User denied or cancelled"); mobileResults["SIGNATURE"] = tr("Got signature"); mobileResults["OUTSTANDING_TRANSACTION"] = tr("Request pending"); mobileResults["MID_NOT_READY"] = tr("Mobile-ID not ready, try again later"); mobileResults["PHONE_ABSENT"] = tr("Phone absent"); mobileResults["SENDING_ERROR"] = tr("Request sending error"); mobileResults["SIM_ERROR"] = tr("SIM error"); mobileResults["INTERNAL_ERROR"] = tr("Service internal error"); mobileResults["OCSP_UNAUTHORIZED"] = tr("Not allowed to use OCSP service!<br/>Please check your server access sertificate."); mobileResults["HOSTNOTFOUND"] = tr("Connecting to SK server failed!<br/>Please check your internet connection."); mobileResults["User is not a Mobile-ID client"] = tr("User is not a Mobile-ID client"); mobileResults["ID and phone number do not match"] = tr("ID and phone number do not match"); mobileResults["Certificate status unknown"] = tr("Your Mobile-ID service is not activated."); mobileResults["Certificate is revoked"] = tr("Mobile-ID user certificates are revoked or suspended."); setupUi( this ); code->setBuddy( signProgressBar ); statusTimer = new QTimeLine( signProgressBar->maximum() * 1000, this ); statusTimer->setCurveShape( QTimeLine::LinearCurve ); statusTimer->setFrameRange( signProgressBar->minimum(), signProgressBar->maximum() ); connect( statusTimer, SIGNAL(frameChanged(int)), signProgressBar, SLOT(setValue(int)) ); connect( statusTimer, SIGNAL(finished()), SLOT(endProgress()) ); manager = new QNetworkAccessManager( this ); connect( manager, SIGNAL(finished(QNetworkReply*)), SLOT(finished(QNetworkReply*)) ); connect( manager, SIGNAL(sslErrors(QNetworkReply*,QList<QSslError>)), SLOT(sslErrors(QNetworkReply*,QList<QSslError>)) ); if( !Application::confValue( Application::ProxyHost ).toString().isEmpty() ) { manager->setProxy( QNetworkProxy( QNetworkProxy::HttpProxy, Application::confValue( Application::ProxyHost ).toString(), Application::confValue( Application::ProxyPort ).toUInt(), Application::confValue( Application::ProxyUser ).toString(), Application::confValue( Application::ProxyPass ).toString() ) ); } if( !Application::confValue( Application::PKCS12Disable ).toBool() ) { QSslConfiguration ssl = QSslConfiguration::defaultConfiguration(); ssl.setCaCertificates( ssl.caCertificates() #ifdef Q_OS_LINUX << QSslCertificate::fromPath( "/usr/share/esteid/certs/*.crt", QSsl::Pem, QRegExp::Wildcard ) #endif << QSslCertificate( "-----BEGIN CERTIFICATE-----\n" "MIIEOzCCAyOgAwIBAgIBADANBgkqhkiG9w0BAQUFADB2MQswCQYDVQQGEwJFRTEi\n" "MCAGA1UEChMZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEeMBwGA1UECxMVU0sg\n" "c2VydmljZXMgYWNjZXNzIENBMSMwIQYDVQQDExpTSyBzZXJ2aWNlcyBhY2Nlc3Mg\n" "Q0EgMjAxMDAeFw0xMDAyMDcxNTIxMTBaFw0xOTEyMTcxNTIxMTBaMHYxCzAJBgNV\n" "BAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMR4wHAYD\n" "VQQLExVTSyBzZXJ2aWNlcyBhY2Nlc3MgQ0ExIzAhBgNVBAMTGlNLIHNlcnZpY2Vz\n" "IGFjY2VzcyBDQSAyMDEwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n" "tkjCB8PkmDQRdtjbKDMJj5k6LPpFP3IUD+nCAHVhrpmU8FY3CfS/zBaFCnSlOxP3\n" "TZYlccBz5hcc7lSHSVxsVinW79aw/Sp4sUNVlhqB18UThHrdQiWznjQeOROpjjMo\n" "3WyW2lWlM3semodOSgD8ssSOUtHBeDLsHFdNrVuz6S1y2ulrfezcnDwrGOtWyYca\n" "MZzJZZbNA3cc6mXbvihkYv11o0yFdDrDatzjEVx2KrBaSDej2aPo9gES7tDNpByz\n" "e/hbH1exhc+YZybQ0/odx8N/oiygfjym2OnLFlmArsNPd97mVc6VqA2/Aj68xZN9\n" "pjZDIXF3IUCVX6rYyGhuIwIDAQABo4HTMIHQMB0GA1UdDgQWBBR3Mky/Mx9AxVx+\n" "gsoZmtw6kgnpnzCBoAYDVR0jBIGYMIGVgBR3Mky/Mx9AxVx+gsoZmtw6kgnpn6F6\n" "pHgwdjELMAkGA1UEBhMCRUUxIjAgBgNVBAoTGUFTIFNlcnRpZml0c2VlcmltaXNr\n" "ZXNrdXMxHjAcBgNVBAsTFVNLIHNlcnZpY2VzIGFjY2VzcyBDQTEjMCEGA1UEAxMa\n" "U0sgc2VydmljZXMgYWNjZXNzIENBIDIwMTCCAQAwDAYDVR0TBAUwAwEB/zANBgkq\n" "hkiG9w0BAQUFAAOCAQEASqQRnFdJ5iYTcK1Q98BQsJ097yI/Zp9E8aiZcd+011dK\n" "jcoRMDlnET3SIxeLN5x6FibiDjt1HvSbRHUy+z1XpfzApFBEkV7S56WwWcEm6ni1\n" "dRM8Qcpk+fC2ARHf4MxfdVt7488/27/tFs3RjVXyKL8x2xPU4xzVuD22qdoAXohJ\n" "r7TaVDpk5wpHDCAaQX0LaPaibfW4532iGqG/oFsZo9SiS16qjZ5Aiq0NVhoebZWS\n" "LwRnmCfkc8bA6RmtPFXR6hWAxfsb8nlZjisA+TDkyXEkCLEcABLgrwLbwq7K2xAR\n" "k1ZVHmBoFUaMz7JoF4ZVjqwWJ7qlCwie6syR3ZPu9Q==\n" "-----END CERTIFICATE-----\n" ) << QSslCertificate( "-----BEGIN CERTIFICATE-----\n" "MIIERzCCAy+gAwIBAgIJAIHRdBWILIw0MA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV\n" "BAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMR4wHAYD\n" "VQQLExVTSyBzZXJ2aWNlcyBhY2Nlc3MgQ0ExKDAmBgNVBAMTH1NLIFRFU1Qgc2Vy\n" "dmljZXMgYWNjZXNzIENBIDIwMTIwHhcNMTIwODIzMTEzNTMwWhcNMjIwMzI0MTEz\n" "NTMwWjB7MQswCQYDVQQGEwJFRTEiMCAGA1UEChMZQVMgU2VydGlmaXRzZWVyaW1p\n" "c2tlc2t1czEeMBwGA1UECxMVU0sgc2VydmljZXMgYWNjZXNzIENBMSgwJgYDVQQD\n" "Ex9TSyBURVNUIHNlcnZpY2VzIGFjY2VzcyBDQSAyMDEyMIIBIjANBgkqhkiG9w0B\n" "AQEFAAOCAQ8AMIIBCgKCAQEArqkc1v13VAPcM3adjJ5jF/sgOkbzWruooVgDwevA\n" "7e4lOmUle2ZnrCJXlKf7NDQHg3RWrq04MlUOYak2AFhOo4S/V0LVwvUDt+FCSAwy\n" "E8FxK6c3HlrwmxWqOCGRVCB3/BrmNouR54ieqMEx7dayoyYfBLvyiSlzZSxoW55O\n" "ENhgsfPuypAQyuhYab+R65yEtr6sIPJZH2eqGtfWMoaHUAuyOZCfyMFFC1RJ1ymj\n" "azTRcGFXYtDALf5W/tPUhLJlPE5v6zwRR8Xnzgjohsgnv2aJYHa1e/tT9m+Z9CWA\n" "BRaz05qjA5N5zEj7Qs9BN5lo07VLgBuSYMl6dsiDU4VfowIDAQABo4HNMIHKMA8G\n" "A1UdEwEB/wQFMAMBAf8wgZcGA1UdIwSBjzCBjKF/pH0wezELMAkGA1UEBhMCRUUx\n" "IjAgBgNVBAoTGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxHjAcBgNVBAsTFVNL\n" "IHNlcnZpY2VzIGFjY2VzcyBDQTEoMCYGA1UEAxMfU0sgVEVTVCBzZXJ2aWNlcyBh\n" "Y2Nlc3MgQ0EgMjAxMoIJAIHRdBWILIw0MB0GA1UdDgQWBBQRxbVGxjXI+bcya5iK\n" "4AW3oXjBrDANBgkqhkiG9w0BAQUFAAOCAQEAHqQ1FiZA1u8Qf1SHSZGpgjmy221x\n" "DkJ+gYNE0XRDbQ0G0FgqV8peHpIKxEYMGWVCNGRSIenyUYJDVqFMrqMZb1TaYYEg\n" "Mb5+u3aQpyp9gz3YGh45fvh73M/Pko4WjTsOaIJpXHzGZOSktiuVyEfEkRAupUhY\n" "7S4gJwPg6RIQXu/FfVCMtNyJliM/5Rz3+NeoLzZw4MVmjQGX0fxXDmVcbSkATqSx\n" "EV/PbuITu7jOJuDLEr5IpfJPgfl3vBYr2PSo5/2kypth0jikr4TVbGqLFlvU1DaH\n" "eswmlJbTv3u3juaJ1M6vHyPHX+diK7MUEAkETxlx0HUl0hbIgenvsjSdYA==\n" "-----END CERTIFICATE-----\n" ) << QSslCertificate( "-----BEGIN CERTIFICATE-----\n" "MIID5TCCAs2gAwIBAgIES7MTKDANBgkqhkiG9w0BAQUFADBdMRgwFgYJKoZIhvcN\n" "AQkBFglwa2lAc2suZWUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZp\n" "dHNlZXJpbWlza2Vza3VzMRAwDgYDVQQDEwdKdXVyLVNLMB4XDTEwMDMzMTA5MTcy\n" "OFoXDTE2MDgyNjE0MjMwMVowbTELMAkGA1UEBhMCRUUxIjAgBgNVBAoTGUFTIFNl\n" "cnRpZml0c2VlcmltaXNrZXNrdXMxITAfBgNVBAsTGFNlcnRpZml0c2VlcmltaXN0\n" "ZWVudXNlZDEXMBUGA1UEAxMOS0xBU1MzLVNLIDIwMTAwggEiMA0GCSqGSIb3DQEB\n" "AQUAA4IBDwAwggEKAoIBAQCrlaYRX2v89k8Hd0ADaOfnUcIn7iM6aOXkAR+jp582\n" "7ZhDqDyNddF9ZUoBgPghGNIrkHbH7qwex39YnI0ka24lCjcwEMvQMPbyPnX/a4Ry\n" "J+wEZttmjBl++FfrZK54L+vD7Dyy4YYB0Og9ktB4qptsDBj+giiv/MGPeGeNs3Ta\n" "cJdNb7+3splTPtPKlDfrufvq4H6jNOv9S9bC+j2VVY9uCFXUro8AA3hoOEKJdSjl\n" "pYCa51N8KGLVJYRuc/K81xqi054Jz+Cy/HY/AcXkk2JkxlpJoEXmcuTkxjO/QE/X\n" "bd+mRJHnq6+HurOiKcxKwZCPAa+d+dvRPkbyq9ohMXH9AgMBAAGjgZwwgZkwEgYD\n" "VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAcYwMwYDVR0fBCwwKjAooCag\n" "JIYiaHR0cDovL3d3dy5zay5lZS9jcmxzL2p1dXIvY3JsLmNybDAfBgNVHSMEGDAW\n" "gBQEqnpHo+SJrxrPCkCnGD9v7+l9vjAdBgNVHQ4EFgQUXXUUEYz0pY5Cj3uyQESj\n" "7tZ6O3IwDQYJKoZIhvcNAQEFBQADggEBADFuAGtSoO8PsWRw/QxFzc5EZtbq2KXC\n" "9yZ8YQPWBLY4Mh3OVLFJqWyKC+8JHy9D5tJTG49F5UHyDJPufD/XvC2rjRlkqvS/\n" "W7sy3MqGh7e+6bg+aD4mo+98Oalnqi12UD+ki+N8JKPXjHNJ31AvH6E/xDsCsvtz\n" "ubylxI+FU8R0XODIUFbBqRtatRI1/zVaKRhD6LNGPt3rz/3IJKmuEv6b29mzL+p4\n" "oNULqpPr6aTmheZme8ZHuEIh3Zp5kdoX3i2D4hsmgClpevZifo196zeKRLk0Qs6n\n" "mRjoMxyk6jYIric3/VnV81oyhXSBY1GZnbM4qP1w2S5kSA2bb1pkwFo=\n" "-----END CERTIFICATE-----\n")); ssl.setPrivateKey( AccessCert::key() ); ssl.setLocalCertificate( AccessCert::cert() ); request.setSslConfiguration( ssl ); } request.setHeader( QNetworkRequest::ContentTypeHeader, "text/xml" ); request.setRawHeader( "User-Agent", QString( "%1/%2 (%3)") .arg( qApp->applicationName() ).arg( qApp->applicationVersion() ).arg( Common::applicationOs() ).toUtf8() ); }
void WebSocketQt::setupSocketWithSSLDataSource(SSLDataSource * dataSource) { QSslConfiguration config; QFile localFile(WebSocketQt::toString(dataSource->clientLocalCertificateFilePath())); if (localFile.open(QIODevice::ReadOnly)) { QSslCertificate cert(localFile.readAll()); localFile.close(); if (cert.isNull()) { #ifdef FAYECPP_DEBUG_MESSAGES qDebug() << "SocketQT: LocalCertificate is NULL"; #endif } else { config.setLocalCertificate(cert); } } QFile keyFile(WebSocketQt::toString(dataSource->clientPrivateKeyFilePath())); if (keyFile.open(QIODevice::ReadOnly)) { QByteArray pp; pp.append(WebSocketQt::toString(dataSource->clientPrivateKeyPassPhrase())); QSslKey key(keyFile.readAll(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey, pp); pp.clear(); keyFile.close(); if (key.isNull()) { #ifdef FAYECPP_DEBUG_MESSAGES qDebug() << "SocketQT: PrivateKey is NULL"; #endif } else { config.setPrivateKey(key); } } QFile caFile(WebSocketQt::toString(dataSource->clientCACertificateFilePath())); if (caFile.open(QIODevice::ReadOnly)) { QSslCertificate cert(caFile.readAll()); caFile.close(); if (cert.isNull()) { #ifdef FAYECPP_DEBUG_MESSAGES qDebug() << "SocketQT: CACertificate is NULL"; #endif } else { QList<QSslCertificate> caList(config.caCertificates()); caList.append(cert); config.setCaCertificates(caList); } } _socket->setSslConfiguration(config); }
void Server::update() { if (!((! qsRegName.isEmpty()) && (! qsRegName.isEmpty()) && (! qsRegPassword.isEmpty()) && qurlRegWeb.isValid() && qsPassword.isEmpty() && bAllowPing)) return; // When QNAM distinguishes connections by client cert, move this to Meta if (! qnamNetwork) qnamNetwork = new QNetworkAccessManager(this); qtTick.start(1000 * (60 * 60 + (qrand() % 300))); QDomDocument doc; QDomElement root=doc.createElement(QLatin1String("server")); doc.appendChild(root); OSInfo::fillXml(doc, root, meta->qsOS, meta->qsOSVersion, qlBind); QDomElement tag; QDomText t; tag=doc.createElement(QLatin1String("name")); root.appendChild(tag); t=doc.createTextNode(qsRegName); tag.appendChild(t); tag=doc.createElement(QLatin1String("host")); root.appendChild(tag); t=doc.createTextNode(qsRegHost); tag.appendChild(t); tag=doc.createElement(QLatin1String("password")); root.appendChild(tag); t=doc.createTextNode(qsRegPassword); tag.appendChild(t); tag=doc.createElement(QLatin1String("port")); root.appendChild(tag); t=doc.createTextNode(QString::number(usPort)); tag.appendChild(t); tag=doc.createElement(QLatin1String("url")); root.appendChild(tag); t=doc.createTextNode(qurlRegWeb.toString()); tag.appendChild(t); tag=doc.createElement(QLatin1String("digest")); root.appendChild(tag); t=doc.createTextNode(getDigest()); tag.appendChild(t); tag=doc.createElement(QLatin1String("users")); root.appendChild(tag); t=doc.createTextNode(QString::number(qhUsers.count())); tag.appendChild(t); tag=doc.createElement(QLatin1String("channels")); root.appendChild(tag); t=doc.createTextNode(QString::number(qhChannels.count())); tag.appendChild(t); QNetworkRequest qnr(QUrl(QLatin1String("https://mumble.hive.no/register.cgi"))); qnr.setHeader(QNetworkRequest::ContentTypeHeader, QLatin1String("text/xml")); QSslConfiguration ssl = qnr.sslConfiguration(); ssl.setLocalCertificate(qscCert); ssl.setPrivateKey(qskKey); /* Work around bug in QSslConfiguration */ QList<QSslCertificate> calist = ssl.caCertificates(); calist << QSslSocket::defaultCaCertificates(); calist << qscCert; ssl.setCaCertificates(calist); qnr.setSslConfiguration(ssl); QNetworkReply *rep = qnamNetwork->post(qnr, doc.toString().toUtf8()); connect(rep, SIGNAL(finished()), this, SLOT(finished())); connect(rep, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(regSslError(const QList<QSslError> &))); }
void Ssu::updateCredentials(bool force){ SsuCoreConfig *settings = SsuCoreConfig::instance(); errorFlag = false; SsuLog *ssuLog = SsuLog::instance(); if (deviceInfo.deviceUid() == ""){ setError("No valid UID available for your device. For phones: is your modem online?"); return; } QString ssuCaCertificate, ssuCredentialsUrl; if (!settings->contains("ca-certificate")){ setError("CA certificate for SSU not set (config key 'ca-certificate')"); return; } else ssuCaCertificate = settings->value("ca-certificate").toString(); if (!settings->contains("credentials-url")){ ssuCredentialsUrl = repoUrl("credentials-url"); if (ssuCredentialsUrl.isEmpty()){ setError("URL for credentials update not set (config key 'credentials-url')"); return; } } else ssuCredentialsUrl = settings->value("credentials-url").toString(); if (!isRegistered()){ setError("Device is not registered."); return; } if (!force){ // skip updating if the last update was less than 30 minutes ago QDateTime now = QDateTime::currentDateTime(); if (settings->contains("lastCredentialsUpdate")){ QDateTime last = settings->value("lastCredentialsUpdate").toDateTime(); if (last >= now.addSecs(-1800)){ ssuLog->print(LOG_DEBUG, QString("Skipping credentials update, last update was at %1") .arg(last.toString())); emit done(); return; } } } // check when the last update was, decide if an update is required QSslConfiguration sslConfiguration; if (!useSslVerify()) sslConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone); QSslKey privateKey(settings->value("privateKey").toByteArray(), QSsl::Rsa); QSslCertificate certificate(settings->value("certificate").toByteArray()); QList<QSslCertificate> caCertificates; caCertificates << QSslCertificate::fromPath(ssuCaCertificate); sslConfiguration.setCaCertificates(caCertificates); sslConfiguration.setPrivateKey(privateKey); sslConfiguration.setLocalCertificate(certificate); QNetworkRequest request; request.setUrl(QUrl(ssuCredentialsUrl.arg(deviceInfo.deviceUid()))); ssuLog->print(LOG_DEBUG, QString("Sending credential update request to %1") .arg(request.url().toString())); request.setSslConfiguration(sslConfiguration); pendingRequests++; manager->get(request); }