QList<QSslCipher> MumbleSSL::ciphersFromOpenSSLCipherString(QString cipherString) {
QList<QSslCipher> chosenCiphers;
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
const SSL_METHOD *meth = NULL;
int i = 0;
QByteArray csbuf = cipherString.toLatin1();
const char *ciphers = csbuf.constData();
meth = SSLv23_server_method();
if (meth == NULL) {
qWarning("MumbleSSL: unable to get SSL method");
goto out;
}
// We use const_cast to be compatible with OpenSSL 0.9.8.
ctx = SSL_CTX_new(const_cast<SSL_METHOD *>(meth));
if (ctx == NULL) {
qWarning("MumbleSSL: unable to allocate SSL_CTX");
goto out;
}
if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
qWarning("MumbleSSL: error parsing OpenSSL cipher string in ciphersFromOpenSSLCipherString");
goto out;
}
ssl = SSL_new(ctx);
if (ssl == NULL) {
qWarning("MumbleSSL: unable to create SSL object in ciphersFromOpenSSLCipherString");
goto out;
}
while (1) {
const char *name = SSL_get_cipher_list(ssl, i);
if (name == NULL) {
break;
}
#if QT_VERSION >= 0x050300
QSslCipher c = QSslCipher(QString::fromLatin1(name));
if (!c.isNull()) {
chosenCiphers << c;
}
#else
foreach (const QSslCipher &c, QSslSocket::supportedCiphers()) {
if (c.name() == QString::fromLatin1(name)) {
chosenCiphers << c;
}
}
#endif
++i;
}
out:
SSL_CTX_free(ctx);
SSL_free(ssl);
return chosenCiphers;
}
void QgsAuthSslImportDialog::socketEncrypted()
{
QgsDebugMsg( "socketEncrypted entered" );
if ( !mSocket )
return; // might have disconnected already
appendString( tr( "Socket ENCRYPTED" ) );
appendString( QStringLiteral( "%1: %2" ).arg( tr( "Protocol" ),
QgsAuthCertUtils::getSslProtocolName( mSocket->protocol() ) ) );
QSslCipher ciph = mSocket->sessionCipher();
QString cipher = QStringLiteral( "%1: %2, %3 (%4/%5)" )
.arg( tr( "Session cipher" ), ciph.authenticationMethod(), ciph.name() )
.arg( ciph.usedBits() ).arg( ciph.supportedBits() );
appendString( cipher );
wdgtSslConfig->setEnabled( true );
QString hostport( QStringLiteral( "%1:%2" ).arg( mSocket->peerName() ).arg( mSocket->peerPort() ) );
wdgtSslConfig->setSslCertificate( mSocket->peerCertificate(), hostport.trimmed() );
if ( !mSslErrors.isEmpty() )
{
wdgtSslConfig->appendSslIgnoreErrors( mSslErrors );
mSslErrors.clear();
}
// checkCanSave();
// must come after last state change, or gets reverted
leServer->setStyleSheet( QgsAuthGuiUtils::greenTextStyleSheet() );
destroySocket();
}
Checker::Checker() {
Settings se;
this->previousMessage = "";
this->isWorking = false;
this->accessUrl = QUrl(se.getString("accessUrl"));
accessManager = new QNetworkAccessManager(this);
// Signal for finishing network access
connect(accessManager, SIGNAL(finished(QNetworkReply*)),this, SLOT(replyFinished(QNetworkReply*)));
// SSL/TLS configuration
this->sslConfiguration = new QSslConfiguration;
sslConfiguration->setProtocol(QSsl::SecureProtocols); // QT 5.0.1: TlsV1SslV3
// CA Certs
QList<QSslCertificate> certs = QSslCertificate::fromPath(QString(se.getString("certificateFile")), QSsl::Pem);
sslConfiguration->setPeerVerifyMode(QSslSocket::VerifyPeer); // Default behaviour for clients
sslConfiguration->setCaCertificates(certs);
// Ciphers
QList<QSslCipher> ciphers;
QStringList cipherList = se.getStringList("cipherList");
foreach (QString cipherName, cipherList) {
QSslCipher cipher = QSslCipher(cipherName,QSsl::SecureProtocols);
qDebug() << "Instantiated" << cipherName << ":" << cipher.isNull();
if (!cipher.isNull()) {
ciphers.append(cipher);
}
}
void SslClient::socketEncrypted()
{
QSslCipher ciph = ssl_->sessionCipher();
QString cipher = QString("%1, %2 (%3/%4)").arg(ciph.authenticationMethod())
.arg(ciph.name()).arg(ciph.usedBits()).arg(ciph.supportedBits());
CDebug() << "SSL cipher " << cipher;
}
QDebug operator<<(QDebug debug, const QSslCipher &cipher)
{
debug << "QSslCipher(name=" << qPrintable(cipher.name())
<< ", bits=" << cipher.usedBits()
<< ", proto=" << qPrintable(cipher.protocolString())
<< ")";
return debug;
}
QDebug operator<<(QDebug debug, const QSslCipher &cipher)
{
QDebugStateSaver saver(debug);
debug.resetFormat().nospace().noquote();
debug << "QSslCipher(name=" << cipher.name()
<< ", bits=" << cipher.usedBits()
<< ", proto=" << cipher.protocolString()
<< ')';
return debug;
}
void Server::connectionAccepted()
{
qDebug() << "SERVER: Now connected";
qDebug() << "SERVER: Connection is encrypted:" << clientConnection -> isEncrypted();
qDebug() << "SERVER: Socket Descriptor:" << clientConnection -> socketDescriptor();
QSslCipher ciph = clientConnection->sessionCipher();
QString cipher = QString("%1, %2 (%3/%4)").arg(ciph.authenticationMethod()).arg(ciph.name()).arg(ciph.usedBits()).arg(ciph.supportedBits());
qDebug() << "SERVER: Cipher:" << cipher;
connected=1;
emit readyToSendData();
}
QString Server :: getSSLCypher()
{
QString cipher("");
if(connected) //I know it's not pretty but it looks a lot better than a segfault :P
if(clientConnection!=0)
if(clientConnection -> isOpen())
{
QSslCipher ciph = clientConnection->sessionCipher();
cipher = QString("%1, %2 (%3/%4)").arg(ciph.authenticationMethod()).arg(ciph.name()).arg(ciph.usedBits()).arg(ciph.supportedBits());
}
return cipher;
}
void SslClient::socketEncrypted()
{
form->sessionOutput->clear();
form->sessionInput->setFocus();
QPalette palette;
palette.setColor(QPalette::Base, QColor(255, 255, 192));
form->hostNameEdit->setPalette(palette);
const QSslCipher cipher = socket->sessionCipher();
const QString cipherInfo = QString("%1, %2 (%3/%4)").arg(cipher.authenticationMethod())
.arg(cipher.name()).arg(cipher.usedBits())
.arg(cipher.supportedBits());;
form->cipherLabel->setText(cipherInfo);
padLock->show();
}
SslInfoDlg::SslInfoDlg(const QSslSocket *socket, QWidget *parent)
: QDialog(parent),
_socket(socket)
{
ui.setupUi(this);
QSslCipher cipher = socket->sessionCipher();
ui.hostname->setText(socket->peerName());
ui.address->setText(socket->peerAddress().toString());
ui.encryption->setText(cipher.name());
ui.protocol->setText(cipher.protocolString());
connect(ui.certificateChain, SIGNAL(currentIndexChanged(int)), SLOT(setCurrentCert(int)));
foreach(const QSslCertificate &cert, socket->peerCertificateChain()) {
ui.certificateChain->addItem(subjectInfo(cert, QSslCertificate::CommonName));
}
}
void SslClient::socketEncrypted()
{
if (!socket)
return; // might have disconnected already
form->sessionOutput->clear();
form->sessionInput->setFocus();
QPalette palette;
palette.setColor(QPalette::Base, QColor(255, 255, 192));
form->hostNameEdit->setPalette(palette);
QSslCipher ciph = socket->sessionCipher();
QString cipher = QString("%1, %2 (%3/%4)").arg(ciph.authenticationMethod())
.arg(ciph.name()).arg(ciph.usedBits()).arg(ciph.supportedBits());;
form->cipherLabel->setText(cipher);
if (!padLock) {
padLock = new QToolButton;
padLock->setIcon(QIcon(":/encrypted.png"));
#ifndef QT_NO_CURSOR
padLock->setCursor(Qt::ArrowCursor);
#endif
padLock->setToolTip(tr("Display encryption details."));
int extent = form->hostNameEdit->height() - 2;
padLock->resize(extent, extent);
padLock->setSizePolicy(QSizePolicy::Fixed, QSizePolicy::Ignored);
QHBoxLayout *layout = new QHBoxLayout(form->hostNameEdit);
layout->setMargin(form->hostNameEdit->style()->pixelMetric(QStyle::PM_DefaultFrameWidth));
layout->setSpacing(0);
layout->addStretch();
layout->addWidget(padLock);
form->hostNameEdit->setLayout(layout);
connect(padLock, SIGNAL(clicked()),
this, SLOT(displayCertificateInfo()));
} else {
padLock->show();
}
}
//! [3]
void SslClient::socketEncrypted()
{
if (!m_socket)
return; // Might have disconnected already
// We started a new connection, so clear the response from previous connections
m_response.clear();
emit responseChanged();
// Retrieve the information about the used cipher and update the property
const QSslCipher cipher = m_socket->sessionCipher();
m_cipher = QString("%1, %2 (%3/%4)").arg(cipher.authenticationMethod())
.arg(cipher.name())
.arg(cipher.usedBits())
.arg(cipher.supportedBits());
emit cipherChanged();
// Tell the CertificateInfoControl about the certificate chain of this connection
emit certificateChainChanged(m_socket->peerCertificateChain());
}
void SslButton::updateAccountInfo(Account *account)
{
if (!account || account->state() != Account::Connected) {
setVisible(false);
return;
} else {
setVisible(true);
}
if (account->url().scheme() == QLatin1String("https")) {
setIcon(QIcon(QPixmap(":/mirall/resources/lock-https.png")));
QSslCipher cipher = account->sslConfiguration().sessionCipher();
setToolTip(tr("This connection is encrypted using %1 bit %2.\n").arg(cipher.usedBits()).arg(cipher.name()));
QMenu *menu = new QMenu(this);
QList<QSslCertificate> chain = account->sslConfiguration().peerCertificateChain();
menu->addAction(tr("Certificate information:"))->setEnabled(false);
QList<QSslCertificate> tmpChain;
foreach(QSslCertificate cert, chain) {
tmpChain << cert;
if (QSslSocket::systemCaCertificates().contains(cert))
break;
}
QString dumpCipher(const QSslCipher &cipher)
{
QString s = "\n";
s += "Authentication: " + cipher.authenticationMethod() + "\n";
s += "Encryption: " + cipher.encryptionMethod() + "\n";
s += "Key Exchange: " + cipher.keyExchangeMethod() + "\n";
s += "Cipher Name: " + cipher.name() + "\n";
s += "Protocol: " + cipher.protocolString() + "\n";
s += "Supported Bits: " + QString(cipher.supportedBits()) + "\n";
s += "Used Bits: " + QString(cipher.usedBits()) + "\n";
return s;
}
void WebsocketServer::initialisieren(const QString &name, const QString &ipAdresse, const int &anschluss, const QStringList &sslAlgorithmen,
const QStringList &ssl_EK, const QString &ssl_DH, const QString &zertifikatSchluessel,
const QString &zertifikat, const QString &zertifkatKette, const bool &ssl_aktiv)
{
QWebSocketServer::SslMode SSL_Modus;
if (ssl_aktiv)
{
SSL_Modus=QWebSocketServer::SecureMode;
K_IPAdresse=QHostAddress(ipAdresse);
}
else
{
SSL_Modus=QWebSocketServer::NonSecureMode;
K_IPAdresse=QHostAddress(QHostAddress::LocalHost);
}
K_Server=new QWebSocketServer(name,SSL_Modus,this);
connect(K_Server,&QWebSocketServer::sslErrors,this, &WebsocketServer::SSL_Fehler);
connect(K_Server,&QWebSocketServer::serverError,this,&WebsocketServer::SSL_Serverfehler);
connect(K_Server,&QWebSocketServer::newConnection,this,&WebsocketServer::NeuerKlient);
connect(K_Server,&QWebSocketServer::acceptError,this,&WebsocketServer::Verbindungsfehler);
K_Anschluss=anschluss;
QSslConfiguration SSL;
QList<QSslCipher> Algorithmen;
QVector<QSslEllipticCurve> EK;
SSL.setProtocol(QSsl::TlsV1_2OrLater);
SSL.setPeerVerifyMode(QSslSocket::VerifyNone);
QSslCipher Algorithmus;
QSslEllipticCurve Kurve;
if (ssl_aktiv)
{
//BUG Das mit der Reihenfolge geht nicht
for (auto Eintrag : sslAlgorithmen)
{
Algorithmus=QSslCipher(Eintrag);
if (Algorithmus.isNull())
qCWarning(qalarm_serverWebsocketServer)<< tr("Algorithmus %1 wird nicht unterstützt.").arg(Eintrag);
else
Algorithmen.append(Algorithmus);
}
SSL.setCiphers(Algorithmen);
//BUG Es werden nie Kurven angeboten
for (auto Eintrag : ssl_EK)
{
Kurve=QSslEllipticCurve::fromShortName(Eintrag);
if (!Kurve.isValid())
qCWarning(qalarm_serverWebsocketServer)<< tr("Kurve %1 wird nicht unterstützt.").arg(Eintrag);
else
EK.append(Kurve);
}
SSL.setEllipticCurves(EK);
if(!ssl_DH.isEmpty())
{
#if (QT_VERSION >= QT_VERSION_CHECK(5,8,0))
SSL.setDiffieHellmanParameters(QSslDiffieHellmanParameters::fromEncoded(DateiLaden(ssl_DH,tr("Die DH Parameter %1 konnten nicht geladen werden."))));
#else
qCWarning(qalarm_serverWebsocketServer)<<tr("Qt kann die DH Parameter erst ab Version 5.8.0 setzen");
#endif
}
QList<QSslCertificate> Zertifikate;
Zertifikate=QSslCertificate::fromDevice(DateiLaden(zertifikat,tr("Zertifikat %1 konnte nicht geladen werden.").arg(zertifikat)));
Zertifikate.append(QSslCertificate::fromDevice(DateiLaden(zertifkatKette,tr("Die Zertifikatskette %1 konnte nicht geladen werden.").arg(zertifkatKette))));
SSL.setLocalCertificateChain(Zertifikate);
SSL.setPrivateKey(QSslKey(DateiLaden(zertifikatSchluessel,tr("Der Schlüssel %1 für das Zertifikat konnte nicht geladen werden.").arg(zertifikatSchluessel)),QSsl::Rsa));
if(SSL.privateKey().isNull() || SSL.localCertificate().isNull() || SSL.localCertificateChain().isEmpty())
return;
qCDebug(qalarm_serverWebsocketServer)<<tr("Setze SSL Konfiguration");
qCDebug(qalarm_serverWebsocketServer)<<tr("Privater Schlüssel: ")<<SSL.privateKey();
qCDebug(qalarm_serverWebsocketServer)<<tr("Zertifikate: ")<<SSL.localCertificateChain();
#if (QT_VERSION >= QT_VERSION_CHECK(5,8,0))
qCDebug(qalarm_serverWebsocketServer)<<tr("DH Parameter: ")<<SSL.diffieHellmanParameters();
#endif
qCDebug(qalarm_serverWebsocketServer)<<tr("Zerttest: ")<<SSL.peerVerifyMode();
qCDebug(qalarm_serverWebsocketServer)<<tr("Elliptische Kurven: ")<<SSL.ellipticCurves();
qCDebug(qalarm_serverWebsocketServer)<<tr("Algorithmen: ")<<SSL.ciphers();
K_Server->setSslConfiguration(SSL);
}
if(!K_Initfehler)
Q_EMIT Initialisiert();
}
