mirrors/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent.git synced 2024-12-12 05:44:14 +03:00
Code Issues Projects Releases Packages Wiki Activity

Load WebUI certificate & key from file path

Browse source 
This allow users to update certificate & key more easily, i.e. without the need to import them
into qbt.

Closes #6675, #7547, #8315, #8564.
This commit is contained in:
Chocobo1 2019-01-17 09:42:01 +08:00
parent 48d358872f
commit 5cdb3b6a2d
No known key found for this signature in database
GPG key ID: 210D9C873253A68C
12 changed files with 212 additions and 277 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

98
src/base/http/server.cpp
View file

@ -30,55 +30,69 @@
#include "server.h"
#include <algorithm>
#include <QMutableListIterator>
#include <QNetworkProxy>
#include <QSslCipher>
#include <QSslSocket>
#include <QStringList>
#include <QTimer>
#ifndef QT_NO_OPENSSL
#include <QSslSocket>
#else
#include <QTcpSocket>
#endif
#include "base/utils/net.h"
#include "connection.h"
static const int KEEP_ALIVE_DURATION = 7 * 1000; // milliseconds
static const int CONNECTIONS_LIMIT = 500;
static const int CONNECTIONS_SCAN_INTERVAL = 2; // seconds
namespace
{
const int KEEP_ALIVE_DURATION = 7 * 1000; // milliseconds
const int CONNECTIONS_LIMIT = 500;
const int CONNECTIONS_SCAN_INTERVAL = 2; // seconds
QList<QSslCipher> safeCipherList()
{
const QStringList badCiphers = {"idea", "rc4"};
const QList<QSslCipher> allCiphers = QSslSocket::supportedCiphers();
QList<QSslCipher> safeCiphers;
for (const QSslCipher &cipher : allCiphers) {
bool isSafe = true;
for (const QString &badCipher : badCiphers) {
if (cipher.name().contains(badCipher, Qt::CaseInsensitive)) {
isSafe = false;
break;
}
}
if (isSafe)
safeCiphers += cipher;
}
return safeCiphers;
}
}
using namespace Http;
Server::Server(IRequestHandler *requestHandler, QObject *parent)
: QTcpServer(parent)
, m_requestHandler(requestHandler)
#ifndef QT_NO_OPENSSL
, m_https(false)
#endif
{
setProxy(QNetworkProxy::NoProxy);
#ifndef QT_NO_OPENSSL
QSslSocket::setDefaultCiphers(safeCipherList());
#endif
QTimer *dropConnectionTimer = new QTimer(this);
connect(dropConnectionTimer, &QTimer::timeout, this, &Server::dropTimedOutConnection);
dropConnectionTimer->start(CONNECTIONS_SCAN_INTERVAL * 1000);
}
Server::~Server()
{
}
void Server::incomingConnection(qintptr socketDescriptor)
{
if (m_connections.size() >= CONNECTIONS_LIMIT) return;
QTcpSocket *serverSocket;
#ifndef QT_NO_OPENSSL
if (m_https)
serverSocket = new QSslSocket(this);
else
#endif
serverSocket = new QTcpSocket(this);
if (!serverSocket->setSocketDescriptor(socketDescriptor)) {
@ -86,7 +100,6 @@ void Server::incomingConnection(qintptr socketDescriptor)
return;
}
#ifndef QT_NO_OPENSSL
if (m_https) {
static_cast<QSslSocket *>(serverSocket)->setProtocol(QSsl::SecureProtocols);
static_cast<QSslSocket *>(serverSocket)->setPrivateKey(m_key);
@ -94,7 +107,6 @@ void Server::incomingConnection(qintptr socketDescriptor)
static_cast<QSslSocket *>(serverSocket)->setPeerVerifyMode(QSslSocket::VerifyNone);
static_cast<QSslSocket *>(serverSocket)->startServerEncryption();
}
#endif
Connection *c = new Connection(serverSocket, m_requestHandler, this);
m_connections.append(c);
@ -112,26 +124,20 @@ void Server::dropTimedOutConnection()
}
}
#ifndef QT_NO_OPENSSL
bool Server::setupHttps(const QByteArray &certificates, const QByteArray &key)
bool Server::setupHttps(const QByteArray &certificates, const QByteArray &privateKey)
{
QSslKey sslKey(key, QSsl::Rsa);
if (sslKey.isNull())
sslKey = QSslKey(key, QSsl::Ec);
const QList<QSslCertificate> certs {Utils::Net::loadSSLCertificate(certificates)};
const QSslKey key {Utils::Net::loadSSLKey(privateKey)};
const QList<QSslCertificate> certs = QSslCertificate::fromData(certificates);
const bool areCertsValid = !certs.empty() && std::all_of(certs.begin(), certs.end(), [](const QSslCertificate &c) { return !c.isNull(); });
if (!sslKey.isNull() && areCertsValid) {
m_key = sslKey;
m_certificates = certs;
m_https = true;
return true;
}
else {
if (certs.isEmpty() || key.isNull()) {
disableHttps();
return false;
}
m_key = key;
m_certificates = certs;
m_https = true;
return true;
}
void Server::disableHttps()
@ -140,25 +146,3 @@ void Server::disableHttps()
m_certificates.clear();
m_key.clear();
}
QList<QSslCipher> Server::safeCipherList() const
{
const QStringList badCiphers = {"idea", "rc4"};
const QList<QSslCipher> allCiphers = QSslSocket::supportedCiphers();
QList<QSslCipher> safeCiphers;
for (const QSslCipher &cipher : allCiphers) {
bool isSafe = true;
for (const QString &badCipher : badCiphers) {
if (cipher.name().contains(badCipher, Qt::CaseInsensitive)) {
isSafe = false;
break;
}
}
if (isSafe)
safeCiphers += cipher;
}
return safeCiphers;
}
#endif // QT_NO_OPENSSL

17
src/base/http/server.h
View file

@ -31,13 +31,9 @@
#ifndef HTTP_SERVER_H
#define HTTP_SERVER_H
#include <QTcpServer>
#ifndef QT_NO_OPENSSL
#include <QSslCertificate>
#include <QSslCipher>
#include <QSslKey>
#endif
#include <QTcpServer>
namespace Http
{
@ -50,13 +46,10 @@ namespace Http
Q_DISABLE_COPY(Server)
public:
Server(IRequestHandler *requestHandler, QObject *parent = nullptr);
~Server();
explicit Server(IRequestHandler *requestHandler, QObject *parent = nullptr);
#ifndef QT_NO_OPENSSL
bool setupHttps(const QByteArray &certificates, const QByteArray &key);
bool setupHttps(const QByteArray &certificates, const QByteArray &privateKey);
void disableHttps();
#endif
private slots:
void dropTimedOutConnection();
@ -67,13 +60,9 @@ namespace Http
IRequestHandler *m_requestHandler;
QList<Connection *> m_connections; // for tracking persistent connections
#ifndef QT_NO_OPENSSL
QList<QSslCipher> safeCipherList() const;
bool m_https;
QList<QSslCertificate> m_certificates;
QSslKey m_key;
#endif
};
}

16
src/base/preferences.cpp
View file

@ -633,24 +633,24 @@ void Preferences::setWebUiHttpsEnabled(bool enabled)
setValue("Preferences/WebUI/HTTPS/Enabled", enabled);
}
QByteArray Preferences::getWebUiHttpsCertificate() const
QString Preferences::getWebUIHttpsCertificatePath() const
{
return value("Preferences/WebUI/HTTPS/Certificate").toByteArray();
return value("Preferences/WebUI/HTTPS/CertificatePath").toString();
}
void Preferences::setWebUiHttpsCertificate(const QByteArray &data)
void Preferences::setWebUIHttpsCertificatePath(const QString &path)
{
setValue("Preferences/WebUI/HTTPS/Certificate", data);
setValue("Preferences/WebUI/HTTPS/CertificatePath", path);
}
QByteArray Preferences::getWebUiHttpsKey() const
QString Preferences::getWebUIHttpsKeyPath() const
{
return value("Preferences/WebUI/HTTPS/Key").toByteArray();
return value("Preferences/WebUI/HTTPS/KeyPath").toString();
}
void Preferences::setWebUiHttpsKey(const QByteArray &data)
void Preferences::setWebUIHttpsKeyPath(const QString &path)
{
setValue("Preferences/WebUI/HTTPS/Key", data);
setValue("Preferences/WebUI/HTTPS/KeyPath", path);
}
bool Preferences::isAltWebUiEnabled() const

8
src/base/preferences.h
View file

@ -203,10 +203,10 @@ public:
// HTTPS
bool isWebUiHttpsEnabled() const;
void setWebUiHttpsEnabled(bool enabled);
QByteArray getWebUiHttpsCertificate() const;
void setWebUiHttpsCertificate(const QByteArray &data);
QByteArray getWebUiHttpsKey() const;
void setWebUiHttpsKey(const QByteArray &data);
QString getWebUIHttpsCertificatePath() const;
void setWebUIHttpsCertificatePath(const QString &path);
QString getWebUIHttpsKeyPath() const;
void setWebUIHttpsKeyPath(const QString &path);
bool isAltWebUiEnabled() const;
void setAltWebUiEnabled(bool enabled);
QString getWebUiRootFolder() const;

29
src/base/utils/net.cpp
View file

@ -28,6 +28,8 @@
#include "net.h"
#include <QSslCertificate>
#include <QSslKey>
#include <QString>
namespace Utils
@ -88,5 +90,32 @@ namespace Utils
{
return subnet.first.toString() + '/' + QString::number(subnet.second);
}
QList<QSslCertificate> loadSSLCertificate(const QByteArray &data)
{
const QList<QSslCertificate> certs {QSslCertificate::fromData(data)};
if (std::any_of(certs.cbegin(), certs.cend(), [](const QSslCertificate &c) { return c.isNull(); }))
return {};
return certs;
}
bool isSSLCertificatesValid(const QByteArray &data)
{
return !loadSSLCertificate(data).isEmpty();
}
QSslKey loadSSLKey(const QByteArray &data)
{
// try different formats
QSslKey key {data, QSsl::Rsa};
if (!key.isNull())
return key;
return QSslKey(data, QSsl::Ec);
}
bool isSSLKeyValid(const QByteArray &data)
{
return !loadSSLKey(data).isNull();
}
}
}

8
src/base/utils/net.h
View file

@ -33,6 +33,8 @@
#include <QList>
#include <QPair>
class QSslCertificate;
class QSslKey;
class QString;
namespace Utils
@ -47,6 +49,12 @@ namespace Utils
bool isLoopbackAddress(const QHostAddress &addr);
bool isIPInRange(const QHostAddress &addr, const QList<Subnet> &subnets);
QString subnetToString(const Subnet &subnet);
const int MAX_SSL_FILE_SIZE = 1024 * 1024;
QList<QSslCertificate> loadSSLCertificate(const QByteArray &data);
bool isSSLCertificatesValid(const QByteArray &data);
QSslKey loadSSLKey(const QByteArray &data);
bool isSSLKeyValid(const QByteArray &data);
}
}

153
src/gui/optionsdialog.cpp
View file

@ -42,13 +42,9 @@
#include <QSystemTrayIcon>
#include <QTranslator>
#ifndef QT_NO_OPENSSL
#include <QSslCertificate>
#include <QSslKey>
#endif
#include "base/bittorrent/session.h"
#include "base/global.h"
#include "base/http/server.h"
#include "base/net/dnsupdater.h"
#include "base/net/portforwarder.h"
#include "base/net/proxyconfigurationmanager.h"
@ -59,6 +55,7 @@
#include "base/torrentfileguard.h"
#include "base/unicodestrings.h"
#include "base/utils/fs.h"
#include "base/utils/net.h"
#include "base/utils/password.h"
#include "base/utils/random.h"
#include "addnewtorrentdialog.h"
@ -196,11 +193,6 @@ OptionsDialog::OptionsDialog(QWidget *parent)
}
#endif
#if defined(QT_NO_OPENSSL)
m_ui->checkWebUiHttps->setVisible(false);
m_ui->checkSmtpSSL->setVisible(false);
#endif
#ifndef Q_OS_WIN
m_ui->checkStartup->setVisible(false);
#endif
@ -390,14 +382,23 @@ OptionsDialog::OptionsDialog(QWidget *parent)
#ifndef DISABLE_WEBUI
// Web UI tab
m_ui->textWebUIHttpsCert->setMode(FileSystemPathEdit::Mode::FileOpen);
m_ui->textWebUIHttpsCert->setFileNameFilter(tr("Certificate") + QLatin1String(" (*.cer *.crt *.pem)"));
m_ui->textWebUIHttpsCert->setDialogCaption(tr("Select certificate"));
m_ui->textWebUIHttpsKey->setMode(FileSystemPathEdit::Mode::FileOpen);
m_ui->textWebUIHttpsKey->setFileNameFilter(tr("Private key") + QLatin1String(" (*.key *.pem)"));
m_ui->textWebUIHttpsKey->setDialogCaption(tr("Select private key"));
connect(m_ui->textServerDomains, &QLineEdit::textChanged, this, &ThisType::enableApplyButton);
connect(m_ui->checkWebUi, &QGroupBox::toggled, this, &ThisType::enableApplyButton);
connect(m_ui->textWebUiAddress, &QLineEdit::textChanged, this, &ThisType::enableApplyButton);
connect(m_ui->spinWebUiPort, qSpinBoxValueChanged, this, &ThisType::enableApplyButton);
connect(m_ui->checkWebUIUPnP, &QAbstractButton::toggled, this, &ThisType::enableApplyButton);
connect(m_ui->checkWebUiHttps, &QGroupBox::toggled, this, &ThisType::enableApplyButton);
connect(m_ui->btnWebUiKey, &QAbstractButton::clicked, this, &ThisType::enableApplyButton);
connect(m_ui->btnWebUiCrt, &QAbstractButton::clicked, this, &ThisType::enableApplyButton);
connect(m_ui->textWebUIHttpsCert, &FileSystemPathLineEdit::selectedPathChanged, this, &ThisType::enableApplyButton);
connect(m_ui->textWebUIHttpsCert, &FileSystemPathLineEdit::selectedPathChanged, this, [this](const QString &s) { webUIHttpsCertChanged(s, ShowError::Show); });
connect(m_ui->textWebUIHttpsKey, &FileSystemPathLineEdit::selectedPathChanged, this, &ThisType::enableApplyButton);
connect(m_ui->textWebUIHttpsKey, &FileSystemPathLineEdit::selectedPathChanged, this, [this](const QString &s) { webUIHttpsKeyChanged(s, ShowError::Show); });
connect(m_ui->textWebUiUsername, &QLineEdit::textChanged, this, &ThisType::enableApplyButton);
connect(m_ui->textWebUiPassword, &QLineEdit::textChanged, this, &ThisType::enableApplyButton);
connect(m_ui->checkBypassLocalAuth, &QAbstractButton::toggled, this, &ThisType::enableApplyButton);
@ -722,11 +723,8 @@ void OptionsDialog::saveOptions()
pref->setWebUiPort(m_ui->spinWebUiPort->value());
pref->setUPnPForWebUIPort(m_ui->checkWebUIUPnP->isChecked());
pref->setWebUiHttpsEnabled(m_ui->checkWebUiHttps->isChecked());
// HTTPS
if (m_ui->checkWebUiHttps->isChecked()) {
pref->setWebUiHttpsCertificate(m_sslCert);
pref->setWebUiHttpsKey(m_sslKey);
}
pref->setWebUIHttpsCertificatePath(m_ui->textWebUIHttpsCert->selectedPath());
pref->setWebUIHttpsKeyPath(m_ui->textWebUIHttpsKey->selectedPath());
// Authentication
pref->setWebUiUsername(webUiUsername());
if (!webUiPassword().isEmpty())
@ -1089,8 +1087,8 @@ void OptionsDialog::loadOptions()
m_ui->spinWebUiPort->setValue(pref->getWebUiPort());
m_ui->checkWebUIUPnP->setChecked(pref->useUPnPForWebUIPort());
m_ui->checkWebUiHttps->setChecked(pref->isWebUiHttpsEnabled());
setSslCertificate(pref->getWebUiHttpsCertificate());
setSslKey(pref->getWebUiHttpsKey());
webUIHttpsCertChanged(pref->getWebUIHttpsCertificatePath(), ShowError::NotShow);
webUIHttpsKeyChanged(pref->getWebUIHttpsKeyPath(), ShowError::NotShow);
m_ui->textWebUiUsername->setText(pref->getWebUiUsername());
m_ui->checkBypassLocalAuth->setChecked(!pref->isWebUiLocalAuthEnabled());
m_ui->checkBypassAuthSubnetWhitelist->setChecked(pref->isWebUiAuthSubnetWhitelistEnabled());
@ -1559,41 +1557,59 @@ QString OptionsDialog::webUiPassword() const
return m_ui->textWebUiPassword->text();
}
void OptionsDialog::webUIHttpsCertChanged(const QString &path, const ShowError showError)
{
m_ui->textWebUIHttpsCert->setSelectedPath(path);
m_ui->lblSslCertStatus->setPixmap(Utils::Gui::scaledPixmapSvg(":/icons/qbt-theme/security-low.svg", this, 24));
if (path.isEmpty())
return;
QFile file(path);
if (!file.open(QIODevice::ReadOnly)) {
if (showError == ShowError::Show)
QMessageBox::warning(this, tr("Invalid path"), file.errorString());
return;
}
if (!Utils::Net::isSSLCertificatesValid(file.read(Utils::Net::MAX_SSL_FILE_SIZE))) {
if (showError == ShowError::Show)
QMessageBox::warning(this, tr("Invalid certificate"), tr("This is not a valid SSL certificate."));
return;
}
m_ui->lblSslCertStatus->setPixmap(Utils::Gui::scaledPixmapSvg(":/icons/qbt-theme/security-high.svg", this, 24));
}
void OptionsDialog::webUIHttpsKeyChanged(const QString &path, const ShowError showError)
{
m_ui->textWebUIHttpsKey->setSelectedPath(path);
m_ui->lblSslKeyStatus->setPixmap(Utils::Gui::scaledPixmapSvg(":/icons/qbt-theme/security-low.svg", this, 24));
if (path.isEmpty())
return;
QFile file(path);
if (!file.open(QIODevice::ReadOnly)) {
if (showError == ShowError::Show)
QMessageBox::warning(this, tr("Invalid path"), file.errorString());
return;
}
if (!Utils::Net::isSSLKeyValid(file.read(Utils::Net::MAX_SSL_FILE_SIZE))) {
if (showError == ShowError::Show)
QMessageBox::warning(this, tr("Invalid key"), tr("This is not a valid SSL key."));
return;
}
m_ui->lblSslKeyStatus->setPixmap(Utils::Gui::scaledPixmapSvg(":/icons/qbt-theme/security-high.svg", this, 24));
}
void OptionsDialog::showConnectionTab()
{
m_ui->tabSelection->setCurrentRow(TAB_CONNECTION);
}
void OptionsDialog::on_btnWebUiCrt_clicked()
{
const QString filename = QFileDialog::getOpenFileName(this, tr("Import SSL certificate"), QString(), tr("SSL Certificate") + QLatin1String(" (*.crt *.pem)"));
if (filename.isEmpty())
return;
QFile cert(filename);
if (!cert.open(QIODevice::ReadOnly))
return;
bool success = setSslCertificate(cert.read(1024 * 1024));
if (!success)
QMessageBox::warning(this, tr("Invalid certificate"), tr("This is not a valid SSL certificate."));
}
void OptionsDialog::on_btnWebUiKey_clicked()
{
const QString filename = QFileDialog::getOpenFileName(this, tr("Import SSL key"), QString(), tr("SSL key") + QLatin1String(" (*.key *.pem)"));
if (filename.isEmpty())
return;
QFile key(filename);
if (!key.open(QIODevice::ReadOnly))
return;
bool success = setSslKey(key.read(1024 * 1024));
if (!success)
QMessageBox::warning(this, tr("Invalid key"), tr("This is not a valid SSL key."));
}
void OptionsDialog::on_registerDNSBtn_clicked()
{
QDesktopServices::openUrl(Net::DNSUpdater::getRegistrationUrl(m_ui->comboDNSService->currentIndex()));
@ -1698,45 +1714,6 @@ QString OptionsDialog::languageToLocalizedString(const QLocale &locale)
}
}
bool OptionsDialog::setSslKey(const QByteArray &key)
{
#ifndef QT_NO_OPENSSL
// try different formats
const bool isKeyValid = (!QSslKey(key, QSsl::Rsa).isNull() || !QSslKey(key, QSsl::Ec).isNull());
if (isKeyValid) {
m_ui->lblSslKeyStatus->setPixmap(Utils::Gui::scaledPixmapSvg(":/icons/qbt-theme/security-high.svg", this, 24));
m_sslKey = key;
}
else {
m_ui->lblSslKeyStatus->setPixmap(Utils::Gui::scaledPixmapSvg(":/icons/qbt-theme/security-low.svg", this, 24));
m_sslKey.clear();
}
return isKeyValid;
#else
Q_UNUSED(key);
return false;
#endif
}
bool OptionsDialog::setSslCertificate(const QByteArray &cert)
{
#ifndef QT_NO_OPENSSL
const bool isCertValid = !QSslCertificate(cert).isNull();
if (isCertValid) {
m_ui->lblSslCertStatus->setPixmap(Utils::Gui::scaledPixmapSvg(":/icons/qbt-theme/security-high.svg", this, 24));
m_sslCert = cert;
}
else {
m_ui->lblSslCertStatus->setPixmap(Utils::Gui::scaledPixmapSvg(":/icons/qbt-theme/security-low.svg", this, 24));
m_sslCert.clear();
}
return isCertValid;
#else
Q_UNUSED(cert);
return false;
#endif
}
bool OptionsDialog::schedTimesOk()
{
if (m_ui->timeEditScheduleFrom->time() == m_ui->timeEditScheduleTo->time()) {

18
src/gui/optionsdialog.h
View file

@ -60,7 +60,6 @@ class OptionsDialog : public QDialog
Q_OBJECT
using ThisType = OptionsDialog;
private:
enum Tabs
{
TAB_UI,
@ -73,6 +72,12 @@ private:
TAB_ADVANCED
};
enum class ShowError
{
NotShow,
Show
};
public:
// Constructor / Destructor
OptionsDialog(QWidget *parent = nullptr);
@ -102,10 +107,10 @@ private slots:
void on_randomButton_clicked();
void on_addScanFolderButton_clicked();
void on_removeScanFolderButton_clicked();
void on_btnWebUiCrt_clicked();
void on_btnWebUiKey_clicked();
void on_registerDNSBtn_clicked();
void setLocale(const QString &localeStr);
void webUIHttpsCertChanged(const QString &path, ShowError showError);
void webUIHttpsKeyChanged(const QString &path, ShowError showError);
private:
// Methods
@ -164,17 +169,14 @@ private:
int getMaxActiveDownloads() const;
int getMaxActiveUploads() const;
int getMaxActiveTorrents() const;
// WebUI
bool isWebUiEnabled() const;
QString webUiUsername() const;
QString webUiPassword() const;
// WebUI SSL Cert / key
bool setSslKey(const QByteArray &key);
bool setSslCertificate(const QByteArray &cert);
bool schedTimesOk();
bool webUIAuthenticationOk();
bool isAlternativeWebUIPathValid();
QByteArray m_sslCert, m_sslKey;
bool schedTimesOk();
Ui::OptionsDialog *m_ui;
QAbstractButton *m_applyButton;

78
src/gui/optionsdialog.ui
View file

@ -2966,80 +2966,26 @@ Specify an IPv4 or IPv6 address. You can specify &quot;0.0.0.0&quot; for any IPv
<bool>false</bool>
</property>
<layout class="QGridLayout" name="gridLayout_11">
<item row="0" column="0">
<widget class="QLabel" name="lblSslCertStatus"/>
<item row="1" column="1">
<widget class="QLabel" name="lblWebUiKey">
<property name="text">
<string>Key:</string>
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="QLabel" name="lblWebUiCrt">
<property name="text">
<string>Certificate:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="0" column="2">
<layout class="QHBoxLayout" name="horizontalLayout_4">
<item>
<widget class="QPushButton" name="btnWebUiCrt">
<property name="text">
<string>Import SSL Certificate</string>
</property>
</widget>
</item>
<item>
<spacer name="horizontalSpacer_12">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>138</width>
<height>28</height>
</size>
</property>
</spacer>
</item>
</layout>
<item row="0" column="0">
<widget class="QLabel" name="lblSslCertStatus"/>
</item>
<item row="1" column="0">
<widget class="QLabel" name="lblSslKeyStatus"/>
</item>
<item row="1" column="1">
<widget class="QLabel" name="lblWebUiKey">
<property name="text">
<string>Key:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="1" column="2">
<layout class="QHBoxLayout" name="horizontalLayout_5">
<item>
<widget class="QPushButton" name="btnWebUiKey">
<property name="text">
<string>Import SSL Key</string>
</property>
</widget>
</item>
<item>
<spacer name="horizontalSpacer_13">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
</layout>
</item>
<item row="2" column="0" colspan="3">
<widget class="QLabel" name="lblWebUIInfo">
<property name="text">
@ -3050,6 +2996,12 @@ Specify an IPv4 or IPv6 address. You can specify &quot;0.0.0.0&quot; for any IPv
</property>
</widget>
</item>
<item row="0" column="2">
<widget class="FileSystemPathLineEdit" name="textWebUIHttpsCert" native="true"/>
</item>
<item row="1" column="2">
<widget class="FileSystemPathLineEdit" name="textWebUIHttpsKey" native="true"/>
</item>
</layout>
</widget>
</item>
@ -3464,8 +3416,6 @@ Use ';' to split multiple entries. Can use wildcard '*'.</string>
<tabstop>comboRatioLimitAct</tabstop>
<tabstop>checkWebUIUPnP</tabstop>
<tabstop>checkWebUiHttps</tabstop>
<tabstop>btnWebUiCrt</tabstop>
<tabstop>btnWebUiKey</tabstop>
<tabstop>checkBypassLocalAuth</tabstop>
<tabstop>checkBypassAuthSubnetWhitelist</tabstop>
<tabstop>IPSubnetWhitelistButton</tabstop>

25
src/webui/api/appcontroller.cpp
View file

@ -39,11 +39,6 @@
#include <QTimer>
#include <QTranslator>
#ifndef QT_NO_OPENSSL
#include <QSslCertificate>
#include <QSslKey>
#endif
#include "base/bittorrent/session.h"
#include "base/global.h"
#include "base/net/portforwarder.h"
@ -210,8 +205,8 @@ void AppController::preferencesAction()
data["web_ui_port"] = pref->getWebUiPort();
data["web_ui_upnp"] = pref->useUPnPForWebUIPort();
data["use_https"] = pref->isWebUiHttpsEnabled();
data["ssl_key"] = QString::fromLatin1(pref->getWebUiHttpsKey());
data["ssl_cert"] = QString::fromLatin1(pref->getWebUiHttpsCertificate());
data["web_ui_https_cert_path"] = pref->getWebUIHttpsCertificatePath();
data["web_ui_https_key_path"] = pref->getWebUIHttpsKeyPath();
// Authentication
data["web_ui_username"] = pref->getWebUiUsername();
data["bypass_local_auth"] = !pref->isWebUiLocalAuthEnabled();
@ -505,18 +500,10 @@ void AppController::setPreferencesAction()
pref->setUPnPForWebUIPort(m["web_ui_upnp"].toBool());
if (m.contains("use_https"))
pref->setWebUiHttpsEnabled(m["use_https"].toBool());
#ifndef QT_NO_OPENSSL
if (m.contains("ssl_key")) {
QByteArray raw_key = m["ssl_key"].toString().toLatin1();
if (!QSslKey(raw_key, QSsl::Rsa).isNull())
pref->setWebUiHttpsKey(raw_key);
}
if (m.contains("ssl_cert")) {
QByteArray raw_cert = m["ssl_cert"].toString().toLatin1();
if (!QSslCertificate(raw_cert).isNull())
pref->setWebUiHttpsCertificate(raw_cert);
}
#endif
if ((it = m.find(QLatin1String("web_ui_https_cert_path"))) != m.constEnd())
pref->setWebUIHttpsCertificatePath(it.value().toString());
if ((it = m.find(QLatin1String("web_ui_https_key_path"))) != m.constEnd())
pref->setWebUIHttpsKeyPath(it.value().toString());
// Authentication
if (m.contains("web_ui_username"))
pref->setWebUiUsername(m["web_ui_username"].toString());

19
src/webui/webui.cpp
View file

@ -28,11 +28,14 @@
#include "webui.h"
#include <QFile>
#include "base/http/server.h"
#include "base/logger.h"
#include "base/net/dnsupdater.h"
#include "base/net/portforwarder.h"
#include "base/preferences.h"
#include "base/utils/net.h"
#include "webapplication.h"
WebUI::WebUI()
@ -77,11 +80,18 @@ void WebUI::configure()
m_httpServer->close();
}
#ifndef QT_NO_OPENSSL
if (pref->isWebUiHttpsEnabled()) {
const QByteArray certs = pref->getWebUiHttpsCertificate();
const QByteArray key = pref->getWebUiHttpsKey();
bool success = m_httpServer->setupHttps(certs, key);
const auto readData = [](const QString &path) -> QByteArray
{
QFile file(path);
if (!file.open(QIODevice::ReadOnly))
return {};
return file.read(Utils::Net::MAX_SSL_FILE_SIZE);
};
const QByteArray cert = readData(pref->getWebUIHttpsCertificatePath());
const QByteArray key = readData(pref->getWebUIHttpsKeyPath());
const bool success = m_httpServer->setupHttps(cert, key);
if (success)
logger->addMessage(tr("Web UI: HTTPS setup successful"));
else
@ -90,7 +100,6 @@ void WebUI::configure()
else {
m_httpServer->disableHttps();
}
#endif
if (!m_httpServer->isListening()) {
const auto address = (serverAddressString == "*" || serverAddressString.isEmpty())

20
src/webui/www/private/preferences_content.html
View file

@ -682,18 +682,18 @@
<table>
<tr>
<td>
<label for="ssl_key_textarea">QBT_TR(Key:)QBT_TR[CONTEXT=OptionsDialog]</label>
<label for="ssl_cert_text">QBT_TR(Certificate:)QBT_TR[CONTEXT=OptionsDialog]</label>
</td>
<td>
<textarea id="ssl_key_textarea" rows="5" cols="70"></textarea>
<input type="text" id="ssl_cert_text" style="width: 30em;" />
</td>
</tr>
<tr>
<td>
<label for="ssl_cert_textarea">QBT_TR(Certificate:)QBT_TR[CONTEXT=OptionsDialog]</label>
<label for="ssl_key_text">QBT_TR(Key:)QBT_TR[CONTEXT=OptionsDialog]</label>
</td>
<td>
<textarea id="ssl_cert_textarea" rows="5" cols="70"></textarea>
<input type="text" id="ssl_key_text" style="width: 30em;" />
</td>
</tr>
</table>
@ -1043,8 +1043,8 @@
// Web UI tab
var updateHttpsSettings = function() {
var isUseHttpsEnabled = $('use_https_checkbox').getProperty('checked');
$('ssl_key_textarea').setProperty('disabled', !isUseHttpsEnabled);
$('ssl_cert_textarea').setProperty('disabled', !isUseHttpsEnabled);
$('ssl_cert_text').setProperty('disabled', !isUseHttpsEnabled);
$('ssl_key_text').setProperty('disabled', !isUseHttpsEnabled);
};
var updateBypasssAuthSettings = function() {
@ -1330,8 +1330,8 @@
$('webui_port_value').setProperty('value', pref.web_ui_port);
$('webui_upnp_checkbox').setProperty('checked', pref.web_ui_upnp);
$('use_https_checkbox').setProperty('checked', pref.use_https);
$('ssl_key_textarea').setProperty('value', pref.ssl_key);
$('ssl_cert_textarea').setProperty('value', pref.ssl_cert);
$('ssl_cert_text').setProperty('value', pref.web_ui_https_cert_path);
$('ssl_key_text').setProperty('value', pref.web_ui_https_key_path);
updateHttpsSettings();
// Authentication
@ -1646,8 +1646,8 @@
settings.set('web_ui_port', web_ui_port);
settings.set('web_ui_upnp', $('webui_upnp_checkbox').getProperty('checked'));
settings.set('use_https', $('use_https_checkbox').getProperty('checked'));
settings.set('ssl_key', $('ssl_key_textarea').getProperty('value'));
settings.set('ssl_cert', $('ssl_cert_textarea').getProperty('value'));
settings.set('web_ui_https_cert_path', $('ssl_cert_text').getProperty('value'));
settings.set('web_ui_https_key_path', $('ssl_key_text').getProperty('value'));
// Authentication
var web_ui_username = $('webui_username_text').getProperty('value');