Merge pull request #6391 from Chocobo1/cert

Allow QSsl::Ec as private key format
This commit is contained in:
sledgehammer999 2017-03-06 01:22:09 +02:00 committed by GitHub
commit fc49856857
3 changed files with 48 additions and 36 deletions

View File

@ -975,8 +975,8 @@ void OptionsDialog::loadOptions()
m_ui->spinWebUiPort->setValue(pref->getWebUiPort());
m_ui->checkWebUIUPnP->setChecked(pref->useUPnPForWebUIPort());
m_ui->checkWebUiHttps->setChecked(pref->isWebUiHttpsEnabled());
setSslCertificate(pref->getWebUiHttpsCertificate(), false);
setSslKey(pref->getWebUiHttpsKey(), false);
setSslCertificate(pref->getWebUiHttpsCertificate());
setSslKey(pref->getWebUiHttpsKey());
m_ui->textWebUiUsername->setText(pref->getWebUiUsername());
m_ui->textWebUiPassword->setText(pref->getWebUiPassword());
m_ui->checkBypassLocalAuth->setChecked(!pref->isWebUiLocalAuthEnabled());
@ -1508,26 +1508,32 @@ void OptionsDialog::showConnectionTab()
void OptionsDialog::on_btnWebUiCrt_clicked()
{
QString filename = QFileDialog::getOpenFileName(this, QString(), QString(), tr("SSL Certificate") + QString(" (*.crt *.pem)"));
if (filename.isNull())
const QString filename = QFileDialog::getOpenFileName(this, tr("Import SSL certificate"), QString(), tr("SSL Certificate") + QLatin1String(" (*.crt *.pem)"));
if (filename.isEmpty())
return;
QFile file(filename);
if (file.open(QIODevice::ReadOnly)) {
setSslCertificate(file.readAll());
file.close();
}
QFile cert(filename);
if (!cert.open(QIODevice::ReadOnly))
return;
bool success = setSslCertificate(cert.read(1024 * 1024));
if (!success)
QMessageBox::warning(this, tr("Invalid certificate"), tr("This is not a valid SSL certificate."));
}
void OptionsDialog::on_btnWebUiKey_clicked()
{
QString filename = QFileDialog::getOpenFileName(this, QString(), QString(), tr("SSL Key") + QString(" (*.key *.pem)"));
if (filename.isNull())
const QString filename = QFileDialog::getOpenFileName(this, tr("Import SSL key"), QString(), tr("SSL key") + QLatin1String(" (*.key *.pem)"));
if (filename.isEmpty())
return;
QFile file(filename);
if (file.open(QIODevice::ReadOnly)) {
setSslKey(file.readAll());
file.close();
}
QFile key(filename);
if (!key.open(QIODevice::ReadOnly))
return;
bool success = setSslKey(key.read(1024 * 1024));
if (!success)
QMessageBox::warning(this, tr("Invalid key"), tr("This is not a valid SSL key."));
}
void OptionsDialog::on_registerDNSBtn_clicked()
@ -1635,41 +1641,42 @@ QString OptionsDialog::languageToLocalizedString(const QLocale &locale)
}
}
void OptionsDialog::setSslKey(const QByteArray &key, bool interactive)
bool OptionsDialog::setSslKey(const QByteArray &key)
{
#ifndef QT_NO_OPENSSL
if (!key.isEmpty() && !QSslKey(key, QSsl::Rsa).isNull()) {
// try different formats
const bool isKeyValid = (!QSslKey(key, QSsl::Rsa).isNull() || !QSslKey(key, QSsl::Ec).isNull());
if (isKeyValid) {
m_ui->lblSslKeyStatus->setPixmap(QPixmap(":/icons/qbt-theme/security-high.png").scaledToHeight(20, Qt::SmoothTransformation));
m_sslKey = key;
}
else {
m_ui->lblSslKeyStatus->setPixmap(QPixmap(":/icons/qbt-theme/security-low.png").scaledToHeight(20, Qt::SmoothTransformation));
m_sslKey.clear();
if (interactive)
QMessageBox::warning(this, tr("Invalid key"), tr("This is not a valid SSL key."));
}
return isKeyValid;
#else
Q_UNUSED(key);
Q_UNUSED(interactive);
return false;
#endif
}
void OptionsDialog::setSslCertificate(const QByteArray &cert, bool interactive)
bool OptionsDialog::setSslCertificate(const QByteArray &cert)
{
#ifndef QT_NO_OPENSSL
if (!cert.isEmpty() && !QSslCertificate(cert).isNull()) {
const bool isCertValid = !QSslCertificate(cert).isNull();
if (isCertValid) {
m_ui->lblSslCertStatus->setPixmap(QPixmap(":/icons/qbt-theme/security-high.png").scaledToHeight(20, Qt::SmoothTransformation));
m_sslCert = cert;
}
else {
m_ui->lblSslCertStatus->setPixmap(QPixmap(":/icons/qbt-theme/security-low.png").scaledToHeight(20, Qt::SmoothTransformation));
m_sslCert.clear();
if (interactive)
QMessageBox::warning(this, tr("Invalid certificate"), tr("This is not a valid SSL certificate."));
}
return isCertValid;
#else
Q_UNUSED(cert);
Q_UNUSED(interactive);
return false;
#endif
}

View File

@ -171,8 +171,8 @@ private:
QSize sizeFittingScreen() const;
private:
void setSslKey(const QByteArray &key, bool interactive = true);
void setSslCertificate(const QByteArray &cert, bool interactive = true);
bool setSslKey(const QByteArray &key);
bool setSslCertificate(const QByteArray &cert);
bool schedTimesOk();
bool webUIAuthenticationOk();

View File

@ -26,13 +26,14 @@
* exception statement from your version.
*/
#include "base/preferences.h"
#include "base/logger.h"
#include "webui.h"
#include "base/http/server.h"
#include "base/logger.h"
#include "base/net/dnsupdater.h"
#include "base/net/portforwarder.h"
#include "base/preferences.h"
#include "webapplication.h"
#include "webui.h"
WebUI::WebUI(QObject *parent)
: QObject(parent)
@ -65,11 +66,15 @@ void WebUI::init()
#ifndef QT_NO_OPENSSL
if (pref->isWebUiHttpsEnabled()) {
QList<QSslCertificate> certs = QSslCertificate::fromData(pref->getWebUiHttpsCertificate());
QSslKey key;
key = QSslKey(pref->getWebUiHttpsKey(), QSsl::Rsa);
bool certsIsNull = std::any_of(certs.begin(), certs.end(), [](QSslCertificate c) { return c.isNull(); });
if (!certsIsNull && !certs.empty() && !key.isNull())
const QByteArray keyRaw = pref->getWebUiHttpsKey();
QSslKey key(keyRaw, QSsl::Rsa);
if (key.isNull())
key = QSslKey(keyRaw, QSsl::Ec);
const QList<QSslCertificate> certs = QSslCertificate::fromData(pref->getWebUiHttpsCertificate());
const bool areCertsValid = !certs.empty() && std::all_of(certs.begin(), certs.end(), [](QSslCertificate c) { return !c.isNull(); });
if (!key.isNull() && areCertsValid)
httpServer_->enableHttps(certs, key);
else
httpServer_->disableHttps();