2012-04-06 10:53:57 +04:00
|
|
|
/*
|
|
|
|
* Copyright (C) by Klaas Freitag <freitag@kde.org>
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful, but
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
|
* for more details.
|
|
|
|
*/
|
2014-11-10 01:25:57 +03:00
|
|
|
#include "configfile.h"
|
2014-07-11 02:31:24 +04:00
|
|
|
#include "sslerrordialog.h"
|
2012-04-06 10:53:57 +04:00
|
|
|
|
2012-04-12 13:37:48 +04:00
|
|
|
#include <QtGui>
|
2012-04-06 10:53:57 +04:00
|
|
|
#include <QtNetwork>
|
2013-08-28 22:58:22 +04:00
|
|
|
#include <QtWidgets>
|
|
|
|
|
2012-04-06 10:53:57 +04:00
|
|
|
|
2013-07-04 21:59:40 +04:00
|
|
|
#include "ui_sslerrordialog.h"
|
|
|
|
|
2014-11-10 00:34:07 +03:00
|
|
|
namespace OCC {
|
2013-08-28 22:58:22 +04:00
|
|
|
|
2017-12-28 22:33:10 +03:00
|
|
|
Q_LOGGING_CATEGORY(lcSslErrorDialog, "nextcloud.gui.sslerrordialog", QtInfoMsg)
|
2017-05-09 15:24:11 +03:00
|
|
|
|
2013-08-28 22:58:22 +04:00
|
|
|
namespace Utility {
|
|
|
|
// Used for QSSLCertificate::subjectInfo which returns a QStringList in Qt5, but a QString in Qt4
|
|
|
|
QString escape(const QStringList &l) { return escape(l.join(';')); }
|
|
|
|
}
|
|
|
|
|
2015-04-06 22:46:03 +03:00
|
|
|
bool SslDialogErrorHandler::handleErrors(QList<QSslError> errors, const QSslConfiguration &conf, QList<QSslCertificate> *certs, AccountPtr account)
|
2013-10-24 02:29:08 +04:00
|
|
|
{
|
2015-04-06 22:46:03 +03:00
|
|
|
(void)conf;
|
2013-11-07 15:04:45 +04:00
|
|
|
if (!certs) {
|
2017-03-30 14:46:20 +03:00
|
|
|
qCCritical(lcSslErrorDialog) << "Certs parameter required but is NULL!";
|
2013-11-07 15:04:45 +04:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2013-10-24 02:29:08 +04:00
|
|
|
SslErrorDialog dlg(account);
|
2013-11-07 15:04:45 +04:00
|
|
|
// whether the failing certs have previously been accepted
|
|
|
|
if (dlg.checkFailingCertsKnown(errors)) {
|
|
|
|
*certs = dlg.unknownCerts();
|
2013-10-24 02:29:08 +04:00
|
|
|
return true;
|
|
|
|
}
|
2013-11-07 15:04:45 +04:00
|
|
|
// whether the user accepted the certs
|
2013-10-24 02:29:08 +04:00
|
|
|
if (dlg.exec() == QDialog::Accepted) {
|
|
|
|
if (dlg.trustConnection()) {
|
2013-11-07 15:04:45 +04:00
|
|
|
*certs = dlg.unknownCerts();
|
|
|
|
return true;
|
2013-10-24 02:29:08 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
2013-08-28 22:58:22 +04:00
|
|
|
|
2014-12-18 14:09:48 +03:00
|
|
|
SslErrorDialog::SslErrorDialog(AccountPtr account, QWidget *parent)
|
2013-10-24 02:29:08 +04:00
|
|
|
: QDialog(parent)
|
|
|
|
, _allTrusted(false)
|
|
|
|
, _ui(new Ui::SslErrorDialog)
|
|
|
|
, _account(account)
|
2012-04-06 10:53:57 +04:00
|
|
|
{
|
2013-11-13 23:12:56 +04:00
|
|
|
setWindowFlags(windowFlags() & ~Qt::WindowContextHelpButtonHint);
|
2013-07-04 21:59:40 +04:00
|
|
|
_ui->setupUi(this);
|
2015-09-03 17:14:14 +03:00
|
|
|
setWindowTitle(tr("Untrusted Certificate"));
|
2012-10-27 19:03:48 +04:00
|
|
|
QPushButton *okButton =
|
2013-07-04 21:59:40 +04:00
|
|
|
_ui->_dialogButtonBox->button(QDialogButtonBox::Ok);
|
2012-10-27 19:03:48 +04:00
|
|
|
QPushButton *cancelButton =
|
2013-07-04 21:59:40 +04:00
|
|
|
_ui->_dialogButtonBox->button(QDialogButtonBox::Cancel);
|
2012-10-27 19:03:48 +04:00
|
|
|
okButton->setEnabled(false);
|
2017-09-20 11:14:48 +03:00
|
|
|
connect(_ui->_cbTrustConnect, &QAbstractButton::clicked,
|
|
|
|
okButton, &QWidget::setEnabled);
|
2012-04-12 13:37:48 +04:00
|
|
|
|
|
|
|
if (okButton) {
|
|
|
|
okButton->setDefault(true);
|
2017-09-20 11:14:48 +03:00
|
|
|
connect(okButton, &QAbstractButton::clicked, this, &QDialog::accept);
|
|
|
|
connect(cancelButton, &QAbstractButton::clicked, this, &QDialog::reject);
|
2012-04-12 13:37:48 +04:00
|
|
|
}
|
|
|
|
}
|
2012-04-06 10:53:57 +04:00
|
|
|
|
2013-07-04 21:59:40 +04:00
|
|
|
SslErrorDialog::~SslErrorDialog()
|
|
|
|
{
|
|
|
|
delete _ui;
|
|
|
|
}
|
|
|
|
|
2012-04-06 10:53:57 +04:00
|
|
|
|
2012-04-12 13:37:48 +04:00
|
|
|
QString SslErrorDialog::styleSheet() const
|
2012-04-06 10:53:57 +04:00
|
|
|
{
|
2012-04-12 13:37:48 +04:00
|
|
|
const QString style = QLatin1String(
|
|
|
|
"#cert {margin-left: 5px;} "
|
|
|
|
"#ca_error { color:#a00011; margin-left:5px; margin-right:5px; }"
|
|
|
|
"#ca_error p { margin-top: 2px; margin-bottom:2px; }"
|
|
|
|
"#ccert { margin-left: 5px; }"
|
|
|
|
"#issuer { margin-left: 5px; }"
|
2012-10-24 03:42:25 +04:00
|
|
|
"tt { font-size: small; }");
|
2012-04-12 13:37:48 +04:00
|
|
|
|
|
|
|
return style;
|
|
|
|
}
|
|
|
|
#define QL(x) QLatin1String(x)
|
2012-04-06 10:53:57 +04:00
|
|
|
|
2013-11-07 15:04:45 +04:00
|
|
|
bool SslErrorDialog::checkFailingCertsKnown(const QList<QSslError> &errors)
|
2012-04-12 13:37:48 +04:00
|
|
|
{
|
|
|
|
// check if unknown certs caused errors.
|
|
|
|
_unknownCerts.clear();
|
|
|
|
|
|
|
|
QStringList errorStrings;
|
2013-03-20 18:53:55 +04:00
|
|
|
|
2013-10-24 02:29:08 +04:00
|
|
|
QList<QSslCertificate> trustedCerts = _account->approvedCerts();
|
2013-04-02 17:14:56 +04:00
|
|
|
|
2012-04-12 13:37:48 +04:00
|
|
|
for (int i = 0; i < errors.count(); ++i) {
|
2013-11-07 15:04:45 +04:00
|
|
|
QSslError error = errors.at(i);
|
|
|
|
if (trustedCerts.contains(error.certificate()) || _unknownCerts.contains(error.certificate())) {
|
2012-04-12 13:37:48 +04:00
|
|
|
continue;
|
2013-11-07 15:04:45 +04:00
|
|
|
}
|
|
|
|
errorStrings += error.errorString();
|
|
|
|
if (!error.certificate().isNull()) {
|
|
|
|
_unknownCerts.append(error.certificate());
|
2012-04-12 13:37:48 +04:00
|
|
|
}
|
|
|
|
}
|
2012-04-06 10:53:57 +04:00
|
|
|
|
2012-04-12 13:37:48 +04:00
|
|
|
// if there are no errors left, all Certs were known.
|
|
|
|
if (errorStrings.isEmpty()) {
|
|
|
|
_allTrusted = true;
|
|
|
|
return true;
|
|
|
|
}
|
2012-04-06 10:53:57 +04:00
|
|
|
|
2012-04-12 13:37:48 +04:00
|
|
|
QString msg = QL("<html><head>");
|
|
|
|
msg += QL("<link rel='stylesheet' type='text/css' href='format.css'>");
|
|
|
|
msg += QL("</head><body>");
|
|
|
|
|
2015-09-03 17:14:14 +03:00
|
|
|
auto host = _account->url().host();
|
|
|
|
msg += QL("<h3>") + tr("Cannot connect securely to <i>%1</i>:").arg(host) + QL("</h3>");
|
2012-04-12 13:37:48 +04:00
|
|
|
// loop over the unknown certs and line up their errors.
|
|
|
|
msg += QL("<div id=\"ca_errors\">");
|
2012-05-21 18:48:49 +04:00
|
|
|
foreach (const QSslCertificate &cert, _unknownCerts) {
|
2012-04-12 13:37:48 +04:00
|
|
|
msg += QL("<div id=\"ca_error\">");
|
|
|
|
// add the errors for this cert
|
|
|
|
foreach (QSslError err, errors) {
|
|
|
|
if (err.certificate() == cert) {
|
2012-08-17 19:13:17 +04:00
|
|
|
msg += QL("<p>") + err.errorString() + QL("</p>");
|
2012-04-06 10:53:57 +04:00
|
|
|
}
|
|
|
|
}
|
2012-04-12 13:37:48 +04:00
|
|
|
msg += QL("</div>");
|
|
|
|
msg += certDiv(cert);
|
|
|
|
if (_unknownCerts.count() > 1) {
|
|
|
|
msg += QL("<hr/>");
|
|
|
|
}
|
2012-04-06 10:53:57 +04:00
|
|
|
}
|
2012-04-12 13:37:48 +04:00
|
|
|
msg += QL("</div></body></html>");
|
|
|
|
|
2020-05-18 21:54:23 +03:00
|
|
|
auto *doc = new QTextDocument(nullptr);
|
2012-04-12 13:37:48 +04:00
|
|
|
QString style = styleSheet();
|
2012-08-17 19:13:17 +04:00
|
|
|
doc->addResource(QTextDocument::StyleSheetResource, QUrl(QL("format.css")), style);
|
2012-04-12 13:37:48 +04:00
|
|
|
doc->setHtml(msg);
|
2012-04-06 10:53:57 +04:00
|
|
|
|
2013-07-04 21:59:40 +04:00
|
|
|
_ui->_tbErrors->setDocument(doc);
|
|
|
|
_ui->_tbErrors->show();
|
2012-04-06 10:53:57 +04:00
|
|
|
|
2012-04-12 13:37:48 +04:00
|
|
|
return false;
|
2012-04-06 10:53:57 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
QString SslErrorDialog::certDiv(QSslCertificate cert) const
|
|
|
|
{
|
|
|
|
QString msg;
|
2012-04-12 13:37:48 +04:00
|
|
|
msg += QL("<div id=\"cert\">");
|
2013-08-28 22:58:22 +04:00
|
|
|
msg += QL("<h3>") + tr("with Certificate %1").arg(Utility::escape(cert.subjectInfo(QSslCertificate::CommonName))) + QL("</h3>");
|
2012-04-12 13:37:48 +04:00
|
|
|
|
|
|
|
msg += QL("<div id=\"ccert\">");
|
|
|
|
QStringList li;
|
2012-10-24 03:42:25 +04:00
|
|
|
|
2013-08-24 16:57:55 +04:00
|
|
|
QString org = Utility::escape(cert.subjectInfo(QSslCertificate::Organization));
|
|
|
|
QString unit = Utility::escape(cert.subjectInfo(QSslCertificate::OrganizationalUnitName));
|
|
|
|
QString country = Utility::escape(cert.subjectInfo(QSslCertificate::CountryName));
|
2012-10-24 03:42:25 +04:00
|
|
|
if (unit.isEmpty())
|
|
|
|
unit = tr("<not specified>");
|
|
|
|
if (org.isEmpty())
|
|
|
|
org = tr("<not specified>");
|
|
|
|
if (country.isEmpty())
|
|
|
|
country = tr("<not specified>");
|
|
|
|
li << tr("Organization: %1").arg(org);
|
|
|
|
li << tr("Unit: %1").arg(unit);
|
|
|
|
li << tr("Country: %1").arg(country);
|
2012-08-17 19:13:17 +04:00
|
|
|
msg += QL("<p>") + li.join(QL("<br/>")) + QL("</p>");
|
2012-04-12 13:37:48 +04:00
|
|
|
|
|
|
|
msg += QL("<p>");
|
2012-10-24 03:42:25 +04:00
|
|
|
|
2019-09-01 12:11:59 +03:00
|
|
|
if (cert.effectiveDate() < QDateTime(QDate(2016, 1, 1), QTime(), Qt::UTC)) {
|
|
|
|
QString sha1sum = Utility::formatFingerprint(cert.digest(QCryptographicHash::Sha1).toHex());
|
|
|
|
msg += tr("Fingerprint (SHA1): <tt>%1</tt>").arg(sha1sum) + QL("<br/>");
|
|
|
|
}
|
|
|
|
|
|
|
|
QString sha256sum = Utility::formatFingerprint(cert.digest(QCryptographicHash::Sha256).toHex());
|
|
|
|
QString sha512sum = Utility::formatFingerprint(cert.digest(QCryptographicHash::Sha512).toHex());
|
|
|
|
msg += tr("Fingerprint (SHA-256): <tt>%1</tt>").arg(sha256sum) + QL("<br/>");
|
|
|
|
msg += tr("Fingerprint (SHA-512): <tt>%1</tt>").arg(sha512sum) + QL("<br/>");
|
2012-10-24 03:42:25 +04:00
|
|
|
msg += QL("<br/>");
|
2012-04-12 13:37:48 +04:00
|
|
|
msg += tr("Effective Date: %1").arg(cert.effectiveDate().toString()) + QL("<br/>");
|
2014-08-02 06:05:10 +04:00
|
|
|
msg += tr("Expiration Date: %1").arg(cert.expiryDate().toString()) + QL("</p>");
|
2012-04-12 13:37:48 +04:00
|
|
|
|
|
|
|
msg += QL("</div>");
|
|
|
|
|
2013-08-28 22:58:22 +04:00
|
|
|
msg += QL("<h3>") + tr("Issuer: %1").arg(Utility::escape(cert.issuerInfo(QSslCertificate::CommonName))) + QL("</h3>");
|
2012-08-17 19:13:17 +04:00
|
|
|
msg += QL("<div id=\"issuer\">");
|
2012-04-12 13:37:48 +04:00
|
|
|
li.clear();
|
2013-08-28 22:58:22 +04:00
|
|
|
li << tr("Organization: %1").arg(Utility::escape(cert.issuerInfo(QSslCertificate::Organization)));
|
|
|
|
li << tr("Unit: %1").arg(Utility::escape(cert.issuerInfo(QSslCertificate::OrganizationalUnitName)));
|
|
|
|
li << tr("Country: %1").arg(Utility::escape(cert.issuerInfo(QSslCertificate::CountryName)));
|
2012-08-17 19:13:17 +04:00
|
|
|
msg += QL("<p>") + li.join(QL("<br/>")) + QL("</p>");
|
2012-04-12 13:37:48 +04:00
|
|
|
msg += QL("</div>");
|
|
|
|
msg += QL("</div>");
|
2012-04-06 10:53:57 +04:00
|
|
|
|
|
|
|
return msg;
|
|
|
|
}
|
|
|
|
|
2012-04-12 13:37:48 +04:00
|
|
|
bool SslErrorDialog::trustConnection()
|
|
|
|
{
|
|
|
|
if (_allTrusted)
|
|
|
|
return true;
|
|
|
|
|
2013-07-04 21:59:40 +04:00
|
|
|
bool stat = (_ui->_cbTrustConnect->checkState() == Qt::Checked);
|
2017-03-30 14:46:20 +03:00
|
|
|
qCInfo(lcSslErrorDialog) << "SSL-Connection is trusted: " << stat;
|
2012-04-12 13:37:48 +04:00
|
|
|
|
|
|
|
return stat;
|
|
|
|
}
|
|
|
|
|
2012-04-06 10:53:57 +04:00
|
|
|
} // end namespace
|