mirror of
https://github.com/nextcloud/desktop.git
synced 2024-10-25 13:55:47 +03:00
fix review comments from sonarcloud static analyzis
Signed-off-by: Matthieu Gallien <matthieu.gallien@nextcloud.com>
This commit is contained in:
parent
8ea75f4967
commit
cd30d3645e
2 changed files with 22 additions and 18 deletions
|
@ -196,7 +196,9 @@ namespace {
|
||||||
EVP_PKEY_CTX* _ctx = nullptr;
|
EVP_PKEY_CTX* _ctx = nullptr;
|
||||||
};
|
};
|
||||||
|
|
||||||
class PKey {
|
}
|
||||||
|
|
||||||
|
class ClientSideEncryption::PKey {
|
||||||
public:
|
public:
|
||||||
~PKey()
|
~PKey()
|
||||||
{
|
{
|
||||||
|
@ -255,6 +257,8 @@ namespace {
|
||||||
EVP_PKEY* _pkey = nullptr;
|
EVP_PKEY* _pkey = nullptr;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
namespace
|
||||||
|
{
|
||||||
class X509Certificate {
|
class X509Certificate {
|
||||||
public:
|
public:
|
||||||
~X509Certificate()
|
~X509Certificate()
|
||||||
|
@ -619,7 +623,7 @@ QByteArray decryptStringSymmetric(const QByteArray& key, const QByteArray& data)
|
||||||
QByteArray privateKeyToPem(const QByteArray key) {
|
QByteArray privateKeyToPem(const QByteArray key) {
|
||||||
Bio privateKeyBio;
|
Bio privateKeyBio;
|
||||||
BIO_write(privateKeyBio, key.constData(), key.size());
|
BIO_write(privateKeyBio, key.constData(), key.size());
|
||||||
auto pkey = PKey::readPrivateKey(privateKeyBio);
|
auto pkey = ClientSideEncryption::PKey::readPrivateKey(privateKeyBio);
|
||||||
|
|
||||||
Bio pemBio;
|
Bio pemBio;
|
||||||
PEM_write_bio_PKCS8PrivateKey(pemBio, pkey, nullptr, nullptr, 0, nullptr, nullptr);
|
PEM_write_bio_PKCS8PrivateKey(pemBio, pkey, nullptr, nullptr, 0, nullptr, nullptr);
|
||||||
|
@ -1181,12 +1185,17 @@ void ClientSideEncryption::generateCSR(const AccountPtr &account, PKey keyPair)
|
||||||
qCInfo(lcCse()) << "Returning the certificate";
|
qCInfo(lcCse()) << "Returning the certificate";
|
||||||
qCInfo(lcCse()) << output;
|
qCInfo(lcCse()) << output;
|
||||||
|
|
||||||
|
sendSignRequestCSR(account, std::move(keyPair), output);
|
||||||
|
}
|
||||||
|
|
||||||
|
void ClientSideEncryption::sendSignRequestCSR(const AccountPtr &account, PKey keyPair, const QByteArray &csrContent)
|
||||||
|
{
|
||||||
auto job = new SignPublicKeyApiJob(account, e2eeBaseUrl() + "public-key", this);
|
auto job = new SignPublicKeyApiJob(account, e2eeBaseUrl() + "public-key", this);
|
||||||
job->setCsr(output);
|
job->setCsr(csrContent);
|
||||||
|
|
||||||
connect(job, &SignPublicKeyApiJob::jsonReceived, [this, account, keyPair = std::move(keyPair)](const QJsonDocument& json, int retCode) {
|
connect(job, &SignPublicKeyApiJob::jsonReceived, [this, account, keyPair = std::move(keyPair)](const QJsonDocument& json, int retCode) {
|
||||||
if (retCode == 200) {
|
if (retCode == 200) {
|
||||||
QString cert = json.object().value("ocs").toObject().value("data").toObject().value("public-key").toString();
|
const auto cert = json.object().value("ocs").toObject().value("data").toObject().value("public-key").toString();
|
||||||
_certificate = QSslCertificate(cert.toLocal8Bit(), QSsl::Pem);
|
_certificate = QSslCertificate(cert.toLocal8Bit(), QSsl::Pem);
|
||||||
_publicKey = _certificate.publicKey();
|
_publicKey = _certificate.publicKey();
|
||||||
|
|
||||||
|
@ -1195,22 +1204,15 @@ void ClientSideEncryption::generateCSR(const AccountPtr &account, PKey keyPair)
|
||||||
BIO_write(certificateBio, certificatePem.constData(), certificatePem.size());
|
BIO_write(certificateBio, certificatePem.constData(), certificatePem.size());
|
||||||
const auto x509Certificate = X509Certificate::readCertificate(certificateBio);
|
const auto x509Certificate = X509Certificate::readCertificate(certificateBio);
|
||||||
|
|
||||||
if (auto certificateCheckResult = X509_check_private_key(x509Certificate, keyPair) ; !certificateCheckResult) {
|
if (const auto certificateCheckResult = X509_check_private_key(x509Certificate, keyPair) ; !certificateCheckResult) {
|
||||||
std::array<char, 512> buffer;
|
auto lastError = 1;
|
||||||
qCInfo(lcCse()) << "X509_check_private_key" << certificateCheckResult;
|
while ((lastError= ERR_get_error())) {
|
||||||
|
qCInfo(lcCse()) << ERR_lib_error_string(lastError);
|
||||||
unsigned long lastError = 1;
|
|
||||||
while (lastError) {
|
|
||||||
lastError = ERR_get_error();
|
|
||||||
qCInfo(lcCse()) << ERR_error_string(lastError, buffer.data());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
forgetSensitiveData(account);
|
forgetSensitiveData(account);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
qCInfo(lcCse()) << "received a valid certificate";
|
qCInfo(lcCse()) << "received a valid certificate";
|
||||||
|
|
||||||
fetchAndValidatePublicKeyFromServer(account);
|
fetchAndValidatePublicKeyFromServer(account);
|
||||||
}
|
}
|
||||||
qCInfo(lcCse()) << retCode;
|
qCInfo(lcCse()) << retCode;
|
||||||
|
@ -1497,7 +1499,7 @@ QByteArray FolderMetadata::encryptMetadataKey(const QByteArray& data) const
|
||||||
Bio publicKeyBio;
|
Bio publicKeyBio;
|
||||||
QByteArray publicKeyPem = _account->e2e()->_publicKey.toPem();
|
QByteArray publicKeyPem = _account->e2e()->_publicKey.toPem();
|
||||||
BIO_write(publicKeyBio, publicKeyPem.constData(), publicKeyPem.size());
|
BIO_write(publicKeyBio, publicKeyPem.constData(), publicKeyPem.size());
|
||||||
auto publicKey = PKey::readPublicKey(publicKeyBio);
|
auto publicKey = ClientSideEncryption::PKey::readPublicKey(publicKeyBio);
|
||||||
|
|
||||||
// The metadata key is binary so base64 encode it first
|
// The metadata key is binary so base64 encode it first
|
||||||
return EncryptionHelper::encryptStringAsymmetric(publicKey, data.toBase64());
|
return EncryptionHelper::encryptStringAsymmetric(publicKey, data.toBase64());
|
||||||
|
@ -1508,7 +1510,7 @@ QByteArray FolderMetadata::decryptMetadataKey(const QByteArray& encryptedMetadat
|
||||||
Bio privateKeyBio;
|
Bio privateKeyBio;
|
||||||
QByteArray privateKeyPem = _account->e2e()->_privateKey;
|
QByteArray privateKeyPem = _account->e2e()->_privateKey;
|
||||||
BIO_write(privateKeyBio, privateKeyPem.constData(), privateKeyPem.size());
|
BIO_write(privateKeyBio, privateKeyPem.constData(), privateKeyPem.size());
|
||||||
auto key = PKey::readPrivateKey(privateKeyBio);
|
auto key = ClientSideEncryption::PKey::readPrivateKey(privateKeyBio);
|
||||||
|
|
||||||
// Also base64 decode the result
|
// Also base64 decode the result
|
||||||
QByteArray decryptResult = EncryptionHelper::decryptStringAsymmetric(
|
QByteArray decryptResult = EncryptionHelper::decryptStringAsymmetric(
|
||||||
|
|
|
@ -114,18 +114,20 @@ private:
|
||||||
}
|
}
|
||||||
|
|
||||||
namespace {
|
namespace {
|
||||||
class PKey;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
class OWNCLOUDSYNC_EXPORT ClientSideEncryption : public QObject {
|
class OWNCLOUDSYNC_EXPORT ClientSideEncryption : public QObject {
|
||||||
Q_OBJECT
|
Q_OBJECT
|
||||||
public:
|
public:
|
||||||
|
class PKey;
|
||||||
|
|
||||||
ClientSideEncryption();
|
ClientSideEncryption();
|
||||||
void initialize(const AccountPtr &account);
|
void initialize(const AccountPtr &account);
|
||||||
|
|
||||||
private:
|
private:
|
||||||
void generateKeyPair(const AccountPtr &account);
|
void generateKeyPair(const AccountPtr &account);
|
||||||
void generateCSR(const AccountPtr &account, PKey keyPair);
|
void generateCSR(const AccountPtr &account, PKey keyPair);
|
||||||
|
void sendSignRequestCSR(const AccountPtr &account, PKey keyPair, const QByteArray &csrContent);
|
||||||
void encryptPrivateKey(const AccountPtr &account);
|
void encryptPrivateKey(const AccountPtr &account);
|
||||||
|
|
||||||
public:
|
public:
|
||||||
|
|
Loading…
Reference in a new issue