int main(int argc, char **argv)
{
QCoreApplication app(argc, argv);
if (argc < 3) {
QTextStream out(stdout);
out << "Usage: " << argv[0] << " host port [options]" << endl;
out << "The options can be one or more of the following:" << endl;
out << "enable_empty_fragments" << endl;
out << "disable_session_tickets" << endl;
out << "disable_compression" << endl;
out << "disable_sni" << endl;
out << "enable_unsafe_reneg" << endl;
return 1;
}
QString host = QString::fromLocal8Bit(argv[1]);
int port = QString::fromLocal8Bit(argv[2]).toInt();
QSslConfiguration config = QSslConfiguration::defaultConfiguration();
for (int i=3; i < argc; i++) {
QString option = QString::fromLocal8Bit(argv[i]);
if (option == QStringLiteral("enable_empty_fragments"))
config.setSslOption(QSsl::SslOptionDisableEmptyFragments, false);
else if (option == QStringLiteral("disable_session_tickets"))
config.setSslOption(QSsl::SslOptionDisableSessionTickets, true);
else if (option == QStringLiteral("disable_compression"))
config.setSslOption(QSsl::SslOptionDisableCompression, true);
else if (option == QStringLiteral("disable_sni"))
config.setSslOption(QSsl::SslOptionDisableServerNameIndication, true);
else if (option == QStringLiteral("enable_unsafe_reneg"))
config.setSslOption(QSsl::SslOptionDisableLegacyRenegotiation, false);
}
QSslConfiguration::setDefaultConfiguration(config);
QSslSocket socket;
//socket.setSslConfiguration(config);
socket.connectToHostEncrypted(host, port);
if ( !socket.waitForEncrypted() ) {
qDebug() << socket.errorString();
return 1;
}
return 0;
}
void HeadlessApplication::getFavoriteThreads() {
// list green + yellow flags
const QUrl url(DefineConsts::FORUM_URL + "/forum1f.php?owntopic=1");
qDebug() << "getFavoriteThreads()";
CookieJar *cookies = new CookieJar();
cookies->loadFromDisk();
QNetworkAccessManager *accessManager = new QNetworkAccessManager();
accessManager->setCookieJar(cookies);
QNetworkRequest request(url);
request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");
QSslConfiguration sslConfig = request.sslConfiguration();
sslConfig.setPeerVerifyMode(QSslSocket::VerifyNone);
sslConfig.setPeerVerifyDepth(1);
sslConfig.setProtocol(QSsl::TlsV1);
sslConfig.setSslOption(QSsl::SslOptionDisableSessionTickets, true);
QNetworkReply* reply = accessManager->get(request);
bool ok = connect(reply, SIGNAL(finished()), this, SLOT(checkReplyFav()));
Q_ASSERT(ok);
Q_UNUSED(ok);
}
SslTlsSocket::SslTlsSocket(QSslSocket *sock, const QString &host, const quint16 port, const bool startEncrypted):
IODeviceSocket(sock), startEncrypted(startEncrypted), host(host), port(port), m_proxySettings(ProxySettings::RespectSystemProxy)
{
// The Qt API for deciding about whereabouts of a SSL connection is unfortunately blocking, ie. one is expected to
// call a function from a slot attached to the sslErrors signal to tell the code whether to proceed or not.
// In QML, one cannot display a dialog box with a nested event loop, so this means that we have to deal with SSL/TLS
// establishing at higher level.
sock->ignoreSslErrors();
sock->setProtocol(QSsl::AnyProtocol);
sock->setPeerVerifyMode(QSslSocket::QueryPeer);
// In response to the attacks related to the SSL compression, Digia has decided to disable SSL compression starting in
// Qt 4.8.4 -- see http://qt.digia.com/en/Release-Notes/security-issue-september-2012/.
// I have brought this up on the imap-protocol mailing list; the consensus seemed to be that the likelihood of an
// successful exploit on an IMAP conversation is very unlikely. The compression itself is, on the other hand, a
// very worthwhile goal, so we explicitly enable it again.
// Unfortunately, this was backported to older Qt versions as well (see qt4.git's 3488f1db96dbf70bb0486d3013d86252ebf433e0),
// but there is no way of enabling compression back again.
QSslConfiguration sslConf = sock->sslConfiguration();
sslConf.setSslOption(QSsl::SslOptionDisableCompression, false);
sock->setSslConfiguration(sslConf);
connect(sock, &QSslSocket::encrypted, this, &Socket::encrypted);
connect(sock, &QAbstractSocket::stateChanged, this, &SslTlsSocket::handleStateChanged);
connect(sock, static_cast<void (QAbstractSocket::*)(QAbstractSocket::SocketError)>(&QAbstractSocket::error),
this, &SslTlsSocket::handleSocketError);
}
BluecherryApp::BluecherryApp()
: nam(new QNetworkAccessManager(this)), liveView(new LiveViewManager(this)),
globalRate(new TransferRateCalculator(this)), m_updateChecker(0),
m_livePaused(false), m_inPauseQuery(false),
m_screensaverInhibited(false), m_screensaveValue(0)
{
Q_ASSERT(!bcApp);
bcApp = this;
m_serverRepository = new DVRServerRepository(this);
connect(qApp, SIGNAL(aboutToQuit()), SLOT(aboutToQuit()));
appIcon.addFile(QLatin1String(":/icons/icon16.png"));
appIcon.addFile(QLatin1String(":/icons/icon32.png"));
appIcon.addFile(QLatin1String(":/icons/icon64.png"));
appIcon.addFile(QLatin1String(":/icons/bluecherry-client.png"));
qApp->setWindowIcon(appIcon);
connect(nam, SIGNAL(sslErrors(QNetworkReply*,QList<QSslError>)), SLOT(sslErrors(QNetworkReply*,QList<QSslError>)));
/* Don't use the system CAs to verify certificates */
QSslConfiguration sslConfig = QSslConfiguration::defaultConfiguration();
sslConfig.setCaCertificates(QList<QSslCertificate>());
#if QT_VERSION >= 0x040800
/* SNI breaks connections (before sslError, even) when the hostname does
* not match the server. */
sslConfig.setSslOption(QSsl::SslOptionDisableServerNameIndication, true);
#endif
QSslConfiguration::setDefaultConfiguration(sslConfig);
loadServers();
if (shouldAddLocalServer())
addLocalServer();
autoConnectServers();
sendSettingsChanged();
m_updateChecker = new UpdateChecker(nam, this);
connect(m_updateChecker, SIGNAL(newVersionAvailable(Version)), this, SLOT(newVersionAvailable(Version)));
QSettings settings;
if (!settings.value(QLatin1String("ui/disableUpdateNotifications"), false).toBool())
{
startUpdateChecker();
}
m_mediaDownloadManager = new MediaDownloadManager(this);
m_mediaDownloadManager->setCookieJar(nam->cookieJar());
m_eventDownloadManager = new EventDownloadManager(this);
connect(m_serverRepository, SIGNAL(serverRemoved(DVRServer*)), m_eventDownloadManager, SLOT(serverRemoved(DVRServer*)));
registerVideoPlayerFactory();
connect(qApp, SIGNAL(commitDataRequest(QSessionManager&)), this, SLOT(commitDataRequest(QSessionManager&)));
connect(qApp, SIGNAL(aboutToQuit()), this, SLOT(saveSettings()));
}
QSslConfiguration Account::getOrCreateSslConfig()
{
if (!_sslConfiguration.isNull()) {
// Will be set by CheckServerJob::finished()
// We need to use a central shared config to get SSL session tickets
return _sslConfiguration;
}
// if setting the client certificate fails, you will probably get an error similar to this:
// "An internal error number 1060 happened. SSL handshake failed, client certificate was requested: SSL error: sslv3 alert handshake failure"
QSslConfiguration sslConfig = QSslConfiguration::defaultConfiguration();
QSslCertificate sslClientCertificate;
ConfigFile cfgFile;
if(!cfgFile.certificatePath().isEmpty() && !cfgFile.certificatePasswd().isEmpty()) {
resultP12ToPem certif = p12ToPem(cfgFile.certificatePath().toStdString(), cfgFile.certificatePasswd().toStdString());
QString s = QString::fromStdString(certif.Certificate);
QByteArray ba = s.toLocal8Bit();
this->setCertificate(ba, QString::fromStdString(certif.PrivateKey));
}
if((!_pemCertificate.isEmpty())&&(!_pemPrivateKey.isEmpty())) {
// Read certificates
QList<QSslCertificate> sslCertificateList = QSslCertificate::fromData(_pemCertificate, QSsl::Pem);
if(sslCertificateList.length() != 0) {
sslClientCertificate = sslCertificateList.takeAt(0);
}
// Read key from file
QSslKey privateKey(_pemPrivateKey.toLocal8Bit(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey , "");
// SSL configuration
sslConfig.setCaCertificates(QSslSocket::systemCaCertificates());
sslConfig.setLocalCertificate(sslClientCertificate);
sslConfig.setPrivateKey(privateKey);
qDebug() << "Added SSL client certificate to the query";
}
#if QT_VERSION > QT_VERSION_CHECK(5, 2, 0)
// Try hard to re-use session for different requests
sslConfig.setSslOption(QSsl::SslOptionDisableSessionTickets, false);
sslConfig.setSslOption(QSsl::SslOptionDisableSessionSharing, false);
sslConfig.setSslOption(QSsl::SslOptionDisableSessionPersistence, false);
#endif
return sslConfig;
}
void SslClient::ConfigureForLMAX()
{
// configure required session protocol
QSslConfiguration config = ssl_->sslConfiguration();
QSsl::SslProtocol p = config.sessionProtocol();
if( p != proto_ )
config.setProtocol(proto_);
config.setPeerVerifyMode(QSslSocket::VerifyNone);
config.setSslOption(QSsl::SslOptionDisableServerNameIndication, true);
ssl_->setSslConfiguration(config);
}
void ProfileController::loadProfile(const QString& url) {
// -----------------------------------------------------------------------------------------
// request page
QNetworkRequest request(DefineConsts::FORUM_URL+url);
request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");
QSslConfiguration sslConfig = request.sslConfiguration();
sslConfig.setPeerVerifyMode(QSslSocket::VerifyNone);
sslConfig.setPeerVerifyDepth(1);
sslConfig.setProtocol(QSsl::TlsV1);
sslConfig.setSslOption(QSsl::SslOptionDisableSessionTickets, true);
request.setSslConfiguration(sslConfig);
QNetworkReply* reply = HFRNetworkAccessManager::get()->get(request);
bool ok = connect(reply, SIGNAL(finished()), this, SLOT(checkReply()));
Q_ASSERT(ok);
Q_UNUSED(ok);
}
void SmileyPickerController::getSmiley(const QString &keyword) {
if(keyword.isEmpty())
return;
// list green + yellow flags
const QUrl url(DefineConsts::FORUM_URL + "/message-smi-mp-aj.php?config=hfr.inc&findsmilies=" + keyword);
QNetworkRequest request(url);
request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");
QSslConfiguration sslConfig = request.sslConfiguration();
sslConfig.setPeerVerifyMode(QSslSocket::VerifyNone);
sslConfig.setPeerVerifyDepth(1);
sslConfig.setProtocol(QSsl::TlsV1);
sslConfig.setSslOption(QSsl::SslOptionDisableSessionTickets, true);
request.setSslConfiguration(sslConfig);
QNetworkReply* reply = HFRNetworkAccessManager::get()->get(request);
bool ok = connect(reply, SIGNAL(finished()), this, SLOT(checkReply()));
Q_ASSERT(ok);
Q_UNUSED(ok);
// ----------------------------------------------------------------------------------------------
// get the dataModel of the listview if not already available
using namespace bb::cascades;
if(m_ListView == NULL) {
qWarning() << "did not received the listview. quit.";
return;
}
GroupDataModel* dataModel = dynamic_cast<GroupDataModel*>(m_ListView->dataModel());
dataModel->clear();
}
