QByteArray QSslKeyProto::toPem(const QByteArray & passPhrase) const
{
QSslKey *item = qscriptvalue_cast<QSslKey*>(thisObject());
if (item)
return item->toPem(passPhrase);
return QByteArray();
}
void CertIdentity::setSslKey(const QSslKey &key)
{
if (key.toPem() == _sslKey.toPem())
return;
_sslKey = key;
_isDirty = true;
}
void IdentityEditWidget::showKeyState(const QSslKey &key)
{
if (key.isNull()) {
ui.keyTypeLabel->setText(tr("No Key loaded"));
ui.clearOrLoadKeyButton->setText(tr("Load"));
}
else {
switch (key.algorithm()) {
case QSsl::Rsa:
ui.keyTypeLabel->setText(tr("RSA"));
break;
case QSsl::Dsa:
ui.keyTypeLabel->setText(tr("DSA"));
break;
default:
ui.keyTypeLabel->setText(tr("No Key loaded"));
}
ui.clearOrLoadKeyButton->setText(tr("Clear"));
}
ui.keyTypeLabel->setProperty("sslKey", key.toPem());
ui.keyTypeLabel->setProperty("sslKeyType", (int)key.algorithm());
}
// static
const QByteArray QgsAuthProviderPkiPaths::keyAsPem( const QString &keypath,
const QString &keypass,
QString *algtype,
bool reencrypt )
{
bool pem = keypath.endsWith( ".pem", Qt::CaseInsensitive );
QByteArray keydata( fileData_( keypath, pem ) );
QSslKey clientkey;
clientkey = QSslKey( keydata,
QSsl::Rsa,
pem ? QSsl::Pem : QSsl::Der,
QSsl::PrivateKey,
!keypass.isEmpty() ? keypass.toUtf8() : QByteArray() );
if ( clientkey.isNull() )
{
// try DSA algorithm, since Qt can't seem to determine it otherwise
clientkey = QSslKey( keydata,
QSsl::Dsa,
pem ? QSsl::Pem : QSsl::Der,
QSsl::PrivateKey,
!keypass.isEmpty() ? keypass.toUtf8() : QByteArray() );
if ( clientkey.isNull() )
{
return QByteArray();
}
if ( algtype )
*algtype = "dsa";
}
else
{
if ( algtype )
*algtype = "rsa";
}
// reapply passphrase if protection is requested and passphrase exists
return ( clientkey.toPem( reencrypt && !keypass.isEmpty() ? keypass.toUtf8() : QByteArray() ) );
}
void
PlaydarApi::start()
{
Q_D( PlaydarApi );
if ( !d->session.isNull() )
{
tLog() << "HTTPd session already exists, returning";
return;
}
d->session.reset( new QxtHttpSessionManager() );
d->connector.reset( new QxtHttpServerConnector() );
d->tlsSession.reset( new QxtHttpSessionManager() );
d->tlsConnector.reset( new QxtHttpsServerConnector() );
if ( d->session.isNull() || d->connector.isNull()
|| d->tlsSession.isNull() || d->tlsConnector.isNull() )
{
if ( !d->session.isNull() )
d->session.reset();
if ( !d->connector.isNull() )
d->connector.reset();
if ( !d->tlsSession.isNull() )
d->tlsSession.reset();
if ( !d->tlsConnector.isNull() )
d->tlsConnector.reset();
tLog() << "Failed to start HTTPd, could not create object";
return;
}
d->session->setListenInterface( d->ha );
d->session->setPort( d->port );
d->session->setConnector( d->connector.data() );
d->instance.reset( new Api_v1( d->session.data() ) );
d->session->setStaticContentService( d->instance.data() );
tLog() << "Starting HTTPd on" << d->session->listenInterface().toString() << d->session->port();
d->session->start();
d->tlsSession->setListenInterface( d->ha );
d->tlsSession->setPort( d->sport );
d->tlsSession->setConnector( d->tlsConnector.data() );
d->tlsInstance.reset( new Api_v1( d->tlsSession.data() ) );
d->tlsSession->setStaticContentService( d->tlsInstance.data() );
QByteArray settingsKey = TomahawkSettings::instance()->playdarKey();
QSslKey key;
if ( settingsKey.isNull() || settingsKey.isEmpty() )
{
// Generate a SSL key
key = KeyBuilder::generate( QSsl::Rsa, KeyBuilder::StrengthNormal );
TomahawkSettings::instance()->setPlaydarKey( key.toPem() );
}
else
{
// Restore key
key = QSslKey( settingsKey, QSsl::Rsa );
}
QByteArray settingsCert = TomahawkSettings::instance()->playdarCertificate();
QSslCertificate cert;
if ( settingsCert.isNull() || settingsCert.isEmpty() )
{
// Generate a SSL certificate
CertificateRequestBuilder reqbuilder;
reqbuilder.setVersion( 1 );
reqbuilder.setKey( key );
reqbuilder.addNameEntry( Certificate::EntryCountryName, "GB" );
reqbuilder.addNameEntry( Certificate::EntryOrganizationName, "Tomahawk Player (Desktop)" );
reqbuilder.addNameEntry( Certificate::EntryCommonName, "localhost" );
// Sign the request
CertificateRequest req = reqbuilder.signedRequest(key);
// Now make a certificate
CertificateBuilder builder;
builder.setRequest( req );
builder.setVersion( 3 );
builder.setSerial( uuid().toLatin1() );
builder.setActivationTime( QDateTime::currentDateTimeUtc());
builder.setExpirationTime( QDateTime::currentDateTimeUtc().addYears( 10 ) );
builder.setBasicConstraints( false );
builder.addKeyPurpose( CertificateBuilder::PurposeWebServer );
builder.setKeyUsage( CertificateBuilder::UsageKeyAgreement|CertificateBuilder::UsageKeyEncipherment );
builder.addSubjectKeyIdentifier();
cert = builder.signedCertificate( key );
TomahawkSettings::instance()->setPlaydarCertificate( cert.toPem() );
}
else
{
cert = QSslCertificate( settingsCert );
}
QxtSslServer* sslServer = d->tlsConnector->tcpServer();
sslServer->setPrivateKey( key );
sslServer->setLocalCertificate( cert );
tLog() << "Starting HTTPSd on" << d->tlsSession->listenInterface().toString() << d->tlsSession->port();
tLog() << Q_FUNC_INFO << d->tlsSession->start();
}
void DataPlaneServer::start() {
server_addr.s6.sin6_family = AF_INET6;
// we listen on public IP, which is the one stored in the DB.
struct in6_addr servIp;
inet_pton(AF_INET6, qSql->getLocalIP().toUtf8().data(), &servIp);
server_addr.s6.sin6_addr = servIp; //in6addr_any;
server_addr.s6.sin6_port = htons(DATAPLANEPORT);
const int on = 1, off = 0;
OpenSSL_add_ssl_algorithms();
SSL_load_error_strings();
ctx = SSL_CTX_new(DTLSv1_server_method());
SSL_CTX_set_cipher_list(ctx, DTLS_ENCRYPT);
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
// get certificate and key from SQL & use them
ConnectionInitiator* i = ConnectionInitiator::getInstance();
QSslCertificate cert = i->getLocalCertificate();
QByteArray certBytesPEM = cert.toPem();
char* x509buffer = certBytesPEM.data();
BIO *bi;
bi = BIO_new_mem_buf(x509buffer, certBytesPEM.length());
X509 *x;
x = PEM_read_bio_X509(bi, NULL, NULL, NULL);
if (!SSL_CTX_use_certificate(ctx,x)) {
qWarning() << "ERROR: no certificate found!";
UnixSignalHandler::termSignalHandler(0);
}
if (x != NULL) X509_free(x);
if (bi != NULL) BIO_free(bi);
QSslKey key = i->getPrivateKey();
QByteArray keyBytesPEM = key.toPem();
char* keyBuffer = keyBytesPEM.data();
bi = BIO_new_mem_buf(keyBuffer, keyBytesPEM.length());
EVP_PKEY *pkey;
pkey = PEM_read_bio_PrivateKey(bi, NULL, NULL, NULL);
if (!SSL_CTX_use_PrivateKey(ctx, pkey)) {
qWarning() << "ERROR: no private key found!";
UnixSignalHandler::termSignalHandler(0);
}
if (pkey != NULL) EVP_PKEY_free(pkey);
if (bi != NULL) BIO_free(bi);
if (!SSL_CTX_check_private_key (ctx)) {
qWarning() << "ERROR: invalid private key!";
UnixSignalHandler::termSignalHandler(0);
}
/* Client has to authenticate */
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, dtls_verify_callback);
SSL_CTX_set_read_ahead(ctx, 1);
SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie);
SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie);
fd = socket(server_addr.ss.ss_family, SOCK_DGRAM, 0);
if (fd < 0) {
qWarning() << "Could not open SOCK_DGRAM";
UnixSignalHandler::termSignalHandler(0);
}
#ifdef WIN32
setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (const char*) &on, (socklen_t) sizeof(on));
#else
setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (const void*) &on, (socklen_t) sizeof(on));
#ifdef SO_REUSEPORT
setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, (const void*) &on, (socklen_t) sizeof(on));
#endif
#endif
setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&off, sizeof(off));
bind(fd, (const struct sockaddr *) &server_addr, sizeof(struct sockaddr_in6));
notif = new QSocketNotifier(fd, QSocketNotifier::Read);
connect(notif, SIGNAL(activated(int)), this, SLOT(readyRead(int)));
}
