void QTlsServer::incomingConnection(int socketDescriptor)
{
QSslSocket* serverSocket = new QSslSocket;
QObject::connect(serverSocket, SIGNAL(sslErrors(const QList<QSslError>&)), this, SLOT(displayTlsErrors(const QList<QSslError>&)));
if (serverSocket->setSocketDescriptor(socketDescriptor))
{
QFile file("server-key.pem");
if (!file.open(QIODevice::ReadOnly))
{
std::cout << "can't open key" << "server-key.pem";
return;
}
QSslKey key(&file, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey, QByteArray("qtwebsocket-server-key"));
file.close();
serverSocket->setPrivateKey(key);
if (!serverSocket->addCaCertificates("ca.pem"))
{
std::cout << "open certificate ca error" << "ca.pem";
return;
}
serverSocket->setLocalCertificate("server-crt.pem");
serverSocket->setPeerVerifyMode(QSslSocket::VerifyNone);
//serverSocket->ignoreSslErrors();
QObject::connect(serverSocket, SIGNAL(encrypted()), this, SLOT(tlsSocketEncrypted()));
serverSocket->startServerEncryption();
}
else
{
serverSocket->deleteLater();
}
}
void QuazaaIRC::startIrc(bool useSsl, QString ircNick, QString ircRealName, QString ircServer, int ircPort)
{
qDebug() << "QuazaaIRC::startIrc() " << ircServer;
ircSession = new Irc::Session(this);
// stripNicks / echoMessages
ircSession->setOptions(Irc::Session::EchoMessages);
if (useSsl)
{
QSslSocket* socket = new QSslSocket(ircSession);
socket->ignoreSslErrors();
socket->setPeerVerifyMode(QSslSocket::VerifyNone);
ircSession->setSocket(socket);
}
// for connectSlotsByName, to get it working, all slots should be named like:
// on_IrcSession_<signal name>
ircSession->setObjectName("IrcSession");
QMetaObject::connectSlotsByName(this);
ircSession->setNick(ircNick);
ircSession->setIdent("QuazaaIRC");
ircSession->setRealName(ircRealName);
ircSession->connectToServer(ircServer, ircPort);
}
void SshServer::slot_newIncommingConnection( int socketDescriptor )
{
QSslSocket* sslSocket = new QSslSocket();
// before the handshake, we need to adjust some security parameters for SSL
QSsl::SslProtocol sslProtocol;
if( "SSL-v3" == _sshServerSettings._version )
sslProtocol = QSsl::SslV3;
else if( "TLS-v1" == _sshServerSettings._version )
sslProtocol = QSsl::TlsV1;
else
{
logError( this, "no valid SSL version to use" );
delete sslSocket;
return;
}
QSsl::EncodingFormat ecodingFormat = ("PER"==_sshServerSettings._format) ? QSsl::Pem : QSsl::Der;
QSsl::KeyAlgorithm algorithm = ("RSA"==_sshServerSettings._cipher) ? QSsl::Rsa : QSsl::Dsa;
QByteArray password;
// setting the SSL version to use
sslSocket->setProtocol( sslProtocol );
// ensure that the peer's certificate will be verified
sslSocket->setPeerVerifyMode( QSslSocket::VerifyPeer );
// ensure that the peer's cerficiate and its issuer's certificate will be verified
sslSocket->setPeerVerifyDepth( 2 );
// setting server's certificate
sslSocket->setLocalCertificate( _sshServerSettings._certificate, ecodingFormat );
// setting server's private key
sslSocket->setPrivateKey( _sshServerSettings._privateKey, algorithm, ecodingFormat, password );
// setting the CA ceritificate
QList<QSslCertificate> caCertificates = QSslCertificate::fromPath( _sshServerSettings._certificate, ecodingFormat );
sslSocket->setDefaultCaCertificates( caCertificates );
// setup some traps for the socket events
connect( sslSocket, SIGNAL(disconnected()), sslSocket, SLOT(deleteLater()) );
connect( sslSocket, SIGNAL(encrypted()), SLOT(slot_SuccessfulConnected()) );
connect( sslSocket, SIGNAL(sslErrors(const QList<QSslError>&)), this, SLOT(slot_UnSuccessfulConnected(const QList<QSslError>&)) );
connect( sslSocket, SIGNAL(readyRead()), this, SLOT(slot_IncommingData()) );
// start the handshake
bool result = sslSocket->setSocketDescriptor( socketDescriptor );
if( false == result )
{
logError( this, QString("failed to set socket descriptor: %1").arg(sslSocket->errorString()) );
delete sslSocket;
return;
}
sslSocket->startServerEncryption();
}
void Server::setSSL(bool inSsl)
{
ssl = inSsl;
if(ssl) {
QSslSocket* sslSocket = new QSslSocket(this);
sslSocket->setPeerVerifyMode(QSslSocket::QueryPeer);
sslSocket->ignoreSslErrors();
ircSession->setSocket(sslSocket);
} else {
ircSession->setSocket(new QTcpSocket(this));
}
}
void HTTPSManager::incomingConnection(qintptr socketDescriptor) {
QSslSocket* sslSocket = new QSslSocket(this);
sslSocket->setLocalCertificate(_certificate);
sslSocket->setPrivateKey(_privateKey);
sslSocket->setPeerVerifyMode(QSslSocket::VerifyNone);
if (sslSocket->setSocketDescriptor(socketDescriptor)) {
new HTTPSConnection(sslSocket, this);
} else {
delete sslSocket;
}
}
// Accept connection from server and initiate the SSL handshake
void Server::acceptConnection()
{
QSslSocket *socket = server.nextPendingConnection();
assert(socket);
// QSslSocket emits the encrypted() signal after the encrypted connection is established
connect(socket, SIGNAL(encrypted()), this, SLOT(handshakeComplete()));
// Report any SSL errors that occur
connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(sslErrors(const QList<QSslError> &)));
connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(connectionFailure()));
socket->setPrivateKey(key);
socket->setLocalCertificate(certificate);
socket->setPeerVerifyMode(QSslSocket::VerifyNone);
socket->startServerEncryption();
}
void Session::setSecure(bool secure)
{
#ifdef QT_NO_OPENSSL
Q_UNUSED(secure)
#else
QSslSocket* sslSocket = qobject_cast<QSslSocket*>(socket());
if (secure && !sslSocket)
{
sslSocket = new QSslSocket(this);
sslSocket->setPeerVerifyMode(QSslSocket::VerifyNone);
sslSocket->ignoreSslErrors();
setSocket(sslSocket);
}
else if (!secure && sslSocket)
{
setSocket(new QTcpSocket(this));
}
#endif // QT_NO_OPENSSL
}
void TLSFeature::handleEndElement(const QStringRef &name, const QStringRef &uri)
{
Q_UNUSED(uri);
if (name == QLatin1String("proceed")) {
DirectConnection *connection = qobject_cast<DirectConnection*>(m_client->connection());
Q_ASSERT(connection);
QSslSocket *socket = qobject_cast<QSslSocket*>(connection->socket());
Q_ASSERT(socket);
m_socket = socket;
socket->setProtocol(QSsl::TlsV1);
socket->setPeerVerifyMode(QSslSocket::VerifyNone);
connect(socket, SIGNAL(encrypted()), this, SLOT(onHandshaken()));
connect(socket, SIGNAL(disconnected()), this, SLOT(onDisconnected()));
connect(socket, SIGNAL(peerVerifyError(QSslError)), SLOT(onPeerVerifyError(QSslError)));
socket->startClientEncryption();
}
}
void QuazaaIRC::startIrc()
{
systemLog.postLog(LogSeverity::Debug, QString("QuazaaIRC::startIRC() %1").arg(quazaaSettings.Chat.IrcServerName));
//qDebug() << "QuazaaIRC::startIrc() " << ircServer;
ircSession = new Irc::Session(this);
sServer = quazaaSettings.Chat.IrcServerName;
bLoginCompleted = false;
// stripNicks / echoMessages
ircSession->setOptions(Irc::Session::EchoMessages);
if (quazaaSettings.Chat.IrcUseSSL)
{
QSslSocket* socket = new QSslSocket(ircSession);
socket->ignoreSslErrors();
socket->setPeerVerifyMode(QSslSocket::VerifyNone);
ircSession->setSocket(socket);
}
ircSession->setObjectName("IrcSession");
connect(ircSession, SIGNAL(connected()), this, SLOT(on_IrcSession_connected()));
connect(ircSession, SIGNAL(disconnected()), this, SLOT(on_IrcSession_disconnected()));
connect(ircSession, SIGNAL(welcomed()), this, SLOT(on_IrcSession_welcomed()));
connect(ircSession, SIGNAL(bufferAdded(Irc::Buffer*)), this, SLOT(on_IrcSession_bufferAdded(Irc::Buffer*)));
connect(ircSession, SIGNAL(bufferRemoved(Irc::Buffer*)), this, SLOT(on_IrcSession_bufferRemoved(Irc::Buffer*)));
ircSession->setNick(quazaaSettings.Profile.IrcNickname);
sNick = quazaaSettings.Profile.IrcNickname;
ircSession->setIdent("QuazaaIRC");
ircSession->setRealName(quazaaSettings.Profile.RealName);
sRealName = quazaaSettings.Profile.RealName;
ircSession->setAutoJoinChannels(quazaaSettings.Chat.AutoJoinChannels);
ircSession->connectToServer(quazaaSettings.Chat.IrcServerName, quazaaSettings.Chat.IrcServerPort);
}
void LanLinkProvider::connected()
{
qCDebug(KDECONNECT_CORE) << "Socket connected";
QSslSocket* socket = qobject_cast<QSslSocket*>(sender());
if (!socket) return;
disconnect(socket, SIGNAL(connected()), this, SLOT(connected()));
disconnect(socket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(connectError()));
configureSocket(socket);
// If socket disconnects due to any reason after connection, link on ssl faliure
connect(socket, SIGNAL(disconnected()), socket, SLOT(deleteLater()));
NetworkPackage* receivedPackage = receivedIdentityPackages[socket].np;
const QString& deviceId = receivedPackage->get<QString>("deviceId");
//qCDebug(KDECONNECT_CORE) << "Connected" << socket->isWritable();
// If network is on ssl, do not believe when they are connected, believe when handshake is completed
NetworkPackage np2("");
NetworkPackage::createIdentityPackage(&np2);
socket->write(np2.serialize());
bool success = socket->waitForBytesWritten();
if (success) {
qCDebug(KDECONNECT_CORE) << "Handshaking done (i'm the existing device)";
// if ssl supported
if (receivedPackage->get<int>("protocolVersion") >= NetworkPackage::ProtocolVersion) {
// since I support ssl and remote device support ssl
socket->setPeerVerifyName(deviceId);
QString certString = KdeConnectConfig::instance()->getDeviceProperty(deviceId, "certificate", QString());
if (!certString.isEmpty()) {
qCDebug(KDECONNECT_CORE) << "Device trusted";
socket->addCaCertificate(QSslCertificate(certString.toLatin1()));
socket->setPeerVerifyMode(QSslSocket::VerifyPeer);
connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(sslErrors(QList<QSslError>)));
} else {
qCDebug(KDECONNECT_CORE) << "Device untrusted";
// Do not care about ssl errors here, socket will not be closed due to errors because of query peer
socket->setPeerVerifyMode(QSslSocket::QueryPeer);
connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(sslErrorsLogButIgnore(QList<QSslError>)));
}
qCDebug(KDECONNECT_CORE) << "Starting server ssl (I'm the client TCP socket)";
connect(socket, SIGNAL(encrypted()), this, SLOT(encrypted()));
socket->startServerEncryption();
return; // Return statement prevents from deleting received package, needed in slot "encrypted"
} else {
qWarning() << "Incompatible protocol version, this won't work";
//addLink(deviceId, socket, receivedPackage, LanDeviceLink::Remotely);
}
} else {
//I think this will never happen, but if it happens the deviceLink
//(or the socket that is now inside it) might not be valid. Delete them.
qCDebug(KDECONNECT_CORE) << "Fallback (2), try reverse connection (send udp packet)";
mUdpSocket.writeDatagram(np2.serialize(), receivedIdentityPackages[socket].sender, port);
}
delete receivedIdentityPackages.take(socket).np;
//We don't delete the socket because now it's owned by the LanDeviceLink
}
bool ssh::dossh()
{
#ifdef USE_QSSH
{
if(m_connection && m_connection->state() != QSsh::SshConnection::Unconnected)
{
helpers::log("ssh: already connecting...", LOG_INF, qApp, 0);
return true;
}
m_connection = new QSsh::SshConnection(params, this);
connect(m_connection, SIGNAL(connected()), SLOT(onQsshConnected()));
connect(m_connection, SIGNAL(error(QSsh::SshError)), SLOT(onQsshConnectionError(QSsh::SshError)));
helpers::log("ssh: connecting START...", LOG_INF, qApp, 0);
m_connection->connectToHost();
return false;
}
#else
helpers::log("ssh: START: " + QString::number(QSslSocket::supportsSsl()), QSslSocket::supportsSsl() ? LOG_INF : LOG_ERR, qApp, 0);
//http://stackoverflow.com/questions/15213139/simple-qssl-client-server-cannot-start-handshake-on-non-plain-connection
QSslSocket *socket = new QSslSocket(this);
socket->ignoreSslErrors();
socket->setPeerVerifyMode(QSslSocket::VerifyNone);
socket->setProtocol(QSsl::SslV3);
connect(socket, SIGNAL(encrypted()), this, SLOT(ready()));
connect(socket, SIGNAL(encryptedBytesWritten(qint64)), this, SLOT(encryptedBytesWritten(qint64)));
connect(socket, SIGNAL(modeChanged(QSslSocket::SslMode)), this, SLOT(modeChanged(QSslSocket::SslMode)));
connect(socket, SIGNAL(peerVerifyError(const QSslError &)), this, SLOT(peerVerifyError(const QSslError &)));
connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(sslErrors(const QList<QSslError> &)));
connect(socket, SIGNAL(connected()), this, SLOT(connected()));
connect(socket, SIGNAL(disconnected()), this, SLOT(disconnected()));
connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(error(QAbstractSocket::SocketError)));
connect(socket, SIGNAL(hostFound()), this, SLOT(hostFound()));
connect(socket, SIGNAL(proxyAuthenticationRequired(const QNetworkProxy &, QAuthenticator *)), this, SLOT(proxyAuthenticationRequired(const QNetworkProxy &, QAuthenticator *)));
connect(socket, SIGNAL(stateChanged(QAbstractSocket::SocketState)), this, SLOT(stateChanged(QAbstractSocket::SocketState)));
connect(socket, SIGNAL(readyRead()), this, SLOT(readyRead()));
{
{
QFile file( "c:/Users/gherczeg/.ssh/id_boot2docker" );
if( ! file.open( QIODevice::ReadOnly ) )
{
QMessageBox::question(0, "Erreur", "Impossible de charger id_boot2docker");
return;
}
QSslKey key(&file);
file.close();
helpers::log("ssh:keyok: "+QString::number(!key.isNull()), !key.isNull() ? LOG_INF : LOG_ERR, qApp, 0);
socket->setPrivateKey( key );
}
foreach (const QSslCertificate &cert, QSslCertificate::fromPath("c:/Users/gherczeg/.boot2docker/certs/boot2docker-vm/*.pem", QSsl::Pem, QRegExp::Wildcard))
{
helpers::log("ssh:certok1: "+QString::number(!cert.isNull()), !cert.isNull() ? LOG_INF : LOG_ERR, qApp, 0);
socket->setLocalCertificate( cert );
socket->sslConfiguration().caCertificates().append(cert);
socket->addCaCertificate( cert );
socket->addDefaultCaCertificate(cert);
}
}
socket->connectToHostEncrypted("127.0.0.1", 2022);
//socket->connectToHost("127.0.0.1", 2022);
bool bok = socket->waitForEncrypted(100000);
//bool bok = socket->waitForConnected(100000);
if(!bok)
{
helpers::log("ssh:!waited:"+QString::number(bok),LOG_ERR, qApp, 0);
return;
}
helpers::log("ssh:waited4ecnrypt/connect:"+QString::number(bok),LOG_INF, qApp, 0);
socket->startClientEncryption();
bool wait4Read1 = socket->waitForReadyRead(100000);
helpers::log("ssh:wait4Read1:"+QString::number(wait4Read1),wait4Read1 ? LOG_INF : LOG_ERR, qApp, 0);
QString s = "docker: do!";
qint64 written = socket->write(s.toStdString().c_str());
helpers::log("ssh:written:"+QString::number(written),written > 0 ? LOG_INF : LOG_ERR, qApp, 0);
bool flushed = socket->flush();
helpers::log("ssh:flush:"+QString::number(flushed),flushed ? LOG_INF : LOG_ERR, qApp, 0);
bool wait4Write = socket->waitForBytesWritten(100000);
helpers::log("ssh:wait4Write:"+QString::number(wait4Write),wait4Write ? LOG_INF : LOG_ERR, qApp, 0);
bool wait4Read2 = socket->waitForReadyRead(100000);
helpers::log("ssh:wait4Read2:"+QString::number(wait4Read2),wait4Read2 ? LOG_INF : LOG_ERR, qApp, 0);
socket->disconnectFromHost();
#endif
}
// Accept connection from server and initiate the SSL handshake
void Server::acceptConnection()
{
if (sockets.empty() == false)
std::cout << "Server is mad efor 1 connection also. Need to update to handle multiple connections" << std::endl;
QSslSocket *socket = dynamic_cast<QSslSocket *>(server.nextPendingConnection());
assert(socket);
// Report any SSL errors that occur
connect(socket, SIGNAL(sslErrors(const QList<QSslError> &)), this, SLOT(sslErrors(const QList<QSslError> &)));
connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), this, SLOT(connectionFailure()));
// QSslSocket emits the encrypted() signal after the encrypted connection is established
#define _USE_ENCRYPTION
#ifdef _USE_ENCRYPTION
connect(socket, SIGNAL(encrypted()), this, SLOT(handshakeComplete()));
socket->setPrivateKey(key);
socket->setLocalCertificate(certificate);
socket->setPeerVerifyMode(QSslSocket::VerifyNone);
socket->startServerEncryption();
#else
connect(socket, SIGNAL(disconnected()), this, SLOT(connectionClosed()));
connect(socket, SIGNAL(readyRead()), this, SLOT(receiveMessage()));
sockets.push_back(socket);
std::cout << "Accepted connection from " << socket->peerAddress().toString().toStdString() << ":" << socket->peerPort() << " .Encrypted : " << socket->isEncrypted() << std::endl;
#endif
}
