void Ssu::updateCredentials(bool force){
SsuCoreConfig *settings = SsuCoreConfig::instance();
SsuDeviceInfo deviceInfo;
errorFlag = false;
SsuLog *ssuLog = SsuLog::instance();
if (deviceInfo.deviceUid() == ""){
setError("No valid UID available for your device. For phones: is your modem online?");
return;
}
QString ssuCaCertificate, ssuCredentialsUrl;
ssuCaCertificate = SsuRepoManager::caCertificatePath();
if (ssuCaCertificate.isEmpty()){
setError("CA certificate for SSU not set ('_ca-certificate in domain')");
return;
}
if (!settings->contains("credentials-url")){
ssuCredentialsUrl = repoUrl("credentials-url");
if (ssuCredentialsUrl.isEmpty()){
setError("URL for credentials update not set (config key 'credentials-url')");
return;
}
} else
ssuCredentialsUrl = settings->value("credentials-url").toString();
if (!isRegistered()){
setError("Device is not registered.");
return;
}
if (!force){
// skip updating if the last update was less than 30 minutes ago
QDateTime now = QDateTime::currentDateTime();
if (settings->contains("lastCredentialsUpdate")){
QDateTime last = settings->value("lastCredentialsUpdate").toDateTime();
if (last >= now.addSecs(-1800)){
ssuLog->print(LOG_DEBUG, QString("Skipping credentials update, last update was at %1")
.arg(last.toString()));
emit done();
return;
}
}
}
// check when the last update was, decide if an update is required
QSslConfiguration sslConfiguration;
if (!useSslVerify())
sslConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone);
QSslKey privateKey(settings->value("privateKey").toByteArray(), QSsl::Rsa);
QSslCertificate certificate(settings->value("certificate").toByteArray());
QList<QSslCertificate> caCertificates;
caCertificates << QSslCertificate::fromPath(ssuCaCertificate);
sslConfiguration.setCaCertificates(caCertificates);
sslConfiguration.setPrivateKey(privateKey);
sslConfiguration.setLocalCertificate(certificate);
QNetworkRequest request;
request.setUrl(QUrl(ssuCredentialsUrl.arg(deviceInfo.deviceUid())));
ssuLog->print(LOG_DEBUG, QString("Sending credential update request to %1")
.arg(request.url().toString()));
request.setSslConfiguration(sslConfiguration);
pendingRequests++;
manager->get(request);
}
void Ssu::sendRegistration(QString usernameDomain, QString password){
errorFlag = false;
QString ssuCaCertificate, ssuRegisterUrl;
QString username, domainName;
SsuLog *ssuLog = SsuLog::instance();
SsuCoreConfig *settings = SsuCoreConfig::instance();
SsuDeviceInfo deviceInfo;
QNetworkRequest request;
request.setAttribute(SSU_NETWORK_REQUEST_DOMAIN_DATA, domain());
ssuLog->print(LOG_DEBUG, QString("Saving current domain before request: '%1'").arg(domain()));
// Username can include also domain, (user@domain), separate those
if (usernameDomain.contains('@')) {
// separate domain/username and set domain
username = usernameDomain.section('@', 0, 0);
domainName = usernameDomain.section('@', 1, 1);
setDomain(domainName);
} else {
// No domain defined
username = usernameDomain;
if (settings->contains("default-rnd-domain"))
setDomain(settings->value("default-rnd-domain").toString());
}
ssuCaCertificate = SsuRepoManager::caCertificatePath();
if (ssuCaCertificate.isEmpty()){
setError("CA certificate for SSU not set ('_ca-certificate in domain')");
return;
}
if (!settings->contains("register-url")){
ssuRegisterUrl = repoUrl("register-url");
if (ssuRegisterUrl.isEmpty()){
setError("URL for SSU registration not set (config key 'register-url')");
return;
}
} else
ssuRegisterUrl = settings->value("register-url").toString();
QString IMEI = deviceInfo.deviceUid();
if (IMEI == ""){
setError("No valid UID available for your device. For phones: is your modem online?");
return;
}
QSslConfiguration sslConfiguration;
if (!useSslVerify())
sslConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone);
sslConfiguration.setCaCertificates(QSslCertificate::fromPath(ssuCaCertificate));
request.setUrl(QUrl(QString(ssuRegisterUrl)
.arg(IMEI)
));
request.setSslConfiguration(sslConfiguration);
request.setRawHeader("Authorization", "Basic " +
QByteArray(QString("%1:%2")
.arg(username).arg(password)
.toLatin1()).toBase64());
request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");
QUrl form;
#if QT_VERSION >= QT_VERSION_CHECK(5, 0, 0)
QUrlQuery q;
q.addQueryItem("protocolVersion", SSU_PROTOCOL_VERSION);
q.addQueryItem("deviceModel", deviceInfo.deviceModel());
if (!domain().isEmpty()){
q.addQueryItem("domain", domain());
}
form.setQuery(q);
#else
form.addQueryItem("protocolVersion", SSU_PROTOCOL_VERSION);
form.addQueryItem("deviceModel", deviceInfo.deviceModel());
if (!domain().isEmpty()){
form.addQueryItem("domain", domain());
}
#endif
ssuLog->print(LOG_DEBUG, QString("Sending request to %1")
.arg(request.url().url()));
QNetworkReply *reply;
pendingRequests++;
#if QT_VERSION >= QT_VERSION_CHECK(5, 0, 0)
reply = manager->post(request, form.query(QUrl::FullyEncoded).toStdString().c_str());
#else
reply = manager->post(request, form.encodedQuery());
#endif
// we could expose downloadProgress() from reply in case we want progress info
QString homeUrl = settings->value("home-url").toString().arg(username);
if (!homeUrl.isEmpty()){
// clear header, the other request bits are reusable
request.setHeader(QNetworkRequest::ContentTypeHeader, 0);
request.setUrl(homeUrl + "/authorized_keys");
ssuLog->print(LOG_DEBUG, QString("Trying to get SSH keys from %1").arg(request.url().toString()));
pendingRequests++;
manager->get(request);
}
}