summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/fbgui/fbgui.cpp115
-rw-r--r--src/fbgui/fbgui.h25
-rw-r--r--src/fbgui/main.cpp26
-rwxr-xr-xtestApp.sh4
4 files changed, 160 insertions, 10 deletions
diff --git a/src/fbgui/fbgui.cpp b/src/fbgui/fbgui.cpp
index 7bf84e8..b4a8a13 100644
--- a/src/fbgui/fbgui.cpp
+++ b/src/fbgui/fbgui.cpp
@@ -24,7 +24,8 @@ int updateInterval = -1;
QString fileToTriggerURL("");
QString serialLocation("");
QString sessionID("");
-//int debugMode = -1;
+bool sslSupport;
+//int debugMode=-1;
//QString logFilePath("");
//-------------------------------------------------------------------------------------------
@@ -52,6 +53,9 @@ void fbgui::init() {
// start fbgui
LOG4CXX_DEBUG(coreLogger, "Initializing fbgui...");
+ if(sslSupport)
+ LOG4CXX_DEBUG(coreLogger, "SSL enabled.");
+
// initialize javascript interface
JavascriptInterface* jsi = new JavascriptInterface(
_webView->page()->mainFrame());
@@ -125,16 +129,50 @@ void fbgui::loadURL() {
// Generate POST identification data needed by PBS.
QByteArray postData = generatePOSTData();
- QNetworkRequest req(baseURL);
+ // Generate a Network Request Object
+ _qnr = new QNetworkRequest(baseURL);
+
+ //Add OpenSLX Certificate to SSLConfiguration
+ QList<QSslCertificate> certList = QSslCertificate::fromPath(QLatin1String("/usr/lib/ssl/openslx/CA/certs/openslx-cert.pem"));
+ setCACertificates(certList);
+
+ //Ignore the SelfSignedCertificateInChain-error for the OpenSLX-Certificate
+ QSslError error(QSslError::SelfSignedCertificateInChain, certList.at(0));
+ _expectedSslErrors.append(error);
+
+ //Add User Certificate to SSLConfiguration
+ QList<QSslCertificate> userCertList = QSslCertificate::fromPath(QLatin1String("/usr/lib/ssl/openslx/CA/certs/guest-cert.pem"));
+ setLocalCertificate(userCertList.at(0));
+
+ //Add User PrivateKey to SSLConfiguration
+ QFile keyFile("/usr/lib/ssl/openslx/CA/private/guest.pem");
+ Q_ASSERT(keyFile.open(QIODevice::ReadOnly));
+ QByteArray keyContent = keyFile.readAll();
+ setPrivateKey(QSslKey(keyContent, QSsl::Rsa));
+
+
+
+ //Connect webViews NetworkAccessManager to SSLErrorHandler SLOT
+ QObject::connect(_webView->page()->networkAccessManager(),
+ SIGNAL(finished(QNetworkReply*)),
+ this,
+ SLOT(httpErrorHandler(QNetworkReply*)));
+
+ //Connect webViews NetworkAccessManager to ErrorHandler SLOT
+ QObject::connect(_webView->page()->networkAccessManager(),
+ SIGNAL(sslErrors(QNetworkReply*, const QList<QSslError> & )),
+ this,
+ SLOT(sslErrorHandler(QNetworkReply*, const QList<QSslError> & )));
// show cursor again since user is about to interact.
//QWSServer::instance()->setCursorVisible(true); //TODO: ?enabled in original
- req.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");
+ _qnr->setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");
QObject::connect(_webView, SIGNAL(loadFinished(bool)), this, SLOT(loadURLDone(bool)));
- _webView->load(req, QNetworkAccessManager::PostOperation, postData);
+ _webView->load(*_qnr, QNetworkAccessManager::PostOperation, postData);
}
// TODO: error page if no host.
}
+
void fbgui::loadURLDone(bool success) {
// done contains the success of the loading: false / true
if (!success) {
@@ -145,6 +183,75 @@ void fbgui::loadURLDone(bool success) {
LOG4CXX_DEBUG(coreLogger, "Loaded URL: " << _webView->url().toString());
}
}
+
+
+//Handles QNetworkReply SSL Errors
+void fbgui::sslErrorHandler(QNetworkReply* reply, const QList<QSslError> & errlist) {
+
+ foreach (QSslError err, errlist)
+ LOG4CXX_DEBUG(coreLogger, "SSL Error: " << err.error());
+
+// QSslConfiguration replySslConf = reply->sslConfiguration();
+// foreach (QSslCertificate cert, replySslConf.peerCertificateChain())
+// LOG4CXX_DEBUG(coreLogger,"Cert info: \n" << cert.toPem());
+
+ reply->ignoreSslErrors(_expectedSslErrors);
+}
+
+//Handles QNetworkReply Errors
+void fbgui::httpErrorHandler(QNetworkReply* reply) {
+ if(reply->error() != QNetworkReply::NoError )
+ LOG4CXX_DEBUG(coreLogger, "HTTP Error: " << reply->errorString());
+}
+
+//Dump all Certificates in SSLConfiguration
+void fbgui::dumpCACertificates(){
+ QSslConfiguration sslConfig = _qnr->sslConfiguration();
+ QList<QSslCertificate> caCerts = sslConfig.caCertificates();
+
+ foreach (QSslCertificate cert, caCerts){
+ LOG4CXX_DEBUG(coreLogger,"Cert info: \n" << cert.toPem());
+ }
+}
+
+//Saves CACertificates to SslConfiguration
+void fbgui::setCACertificates(const QList<QSslCertificate> & certificates){
+
+ foreach (QSslCertificate cert, certificates){
+ LOG4CXX_DEBUG(coreLogger,"Is cert valid: " << cert.isValid());
+ LOG4CXX_DEBUG(coreLogger,"Cert Issuer: " << cert.issuerInfo(QSslCertificate::CommonName));
+ LOG4CXX_DEBUG(coreLogger,"Cert Subject: " << cert.subjectInfo(QSslCertificate::CommonName));
+ }
+
+ QSslConfiguration sslConfig = _qnr->sslConfiguration();
+
+ QList<QSslCertificate> caCerts = sslConfig.caCertificates();
+ caCerts.append(certificates);
+ sslConfig.setCaCertificates(caCerts);
+ _qnr->setSslConfiguration(sslConfig);
+
+}
+
+//Saves User Certificate to SslConfiguration
+void fbgui::setLocalCertificate(const QSslCertificate& cert){
+ LOG4CXX_DEBUG(coreLogger,"Is cert valid: " << cert.isValid());
+ LOG4CXX_DEBUG(coreLogger,"Cert Issuer: " << cert.issuerInfo(QSslCertificate::CommonName));
+ LOG4CXX_DEBUG(coreLogger,"Cert Subject: " << cert.subjectInfo(QSslCertificate::CommonName));
+
+ QSslConfiguration sslConfig = _qnr->sslConfiguration();
+ sslConfig.setLocalCertificate(cert);
+ _qnr->setSslConfiguration(sslConfig);
+}
+
+//Saves PrivateKey to SslConfiguration
+void fbgui::setPrivateKey(const QSslKey & key){
+ LOG4CXX_DEBUG(coreLogger,"Is key valid: " << key.isNull());
+ QSslConfiguration sslConfig = _qnr->sslConfiguration();
+ sslConfig.setPrivateKey(key);
+ _qnr->setSslConfiguration(sslConfig);
+}
+
+
//-------------------------------------------------------------------------------------------
/**
* This method generates the POST data body.
diff --git a/src/fbgui/fbgui.h b/src/fbgui/fbgui.h
index 46c3b9b..5fa4323 100644
--- a/src/fbgui/fbgui.h
+++ b/src/fbgui/fbgui.h
@@ -33,6 +33,7 @@
#define DEFAULT_UPDATE_INTERVAL 1;
#define DEFAULT_QRC_HTML_DIR ":/html"
#define DEFAULT_FILE_TRIGGER "/tmp/fbgui/trigger"
+#define DEFAULT_SSL_SUPPORT false;
// Global settings variables
extern QString logFilePath;
@@ -47,6 +48,7 @@ extern QUrl baseURL;
extern int debugMode;
extern int updateInterval;
extern QString interfaceName;
+extern bool sslSupport;
class fbgui : public agui
{
@@ -62,10 +64,33 @@ public slots:
private:
bool checkHost() const;
void loadURL();
+
+ //Dump all Certificates in SSLConfiguration
+ void dumpCACertificates();
+
QByteArray generatePOSTData();
+ // QNetworkRequest for the Network Request
+ QNetworkRequest* _qnr;
+ // List for expected SSL Errors, like selfsigned certificate error
+ QList<QSslError> _expectedSslErrors;
private slots:
void loadURLDone(bool success);
+
+ //SSL Error Handler for SSL Requests
+ void sslErrorHandler(QNetworkReply*, const QList<QSslError> &);
+
+ //Error Handler for http Requests
+ void httpErrorHandler(QNetworkReply*);
+
+ //Sets CaCertificates in QSslConfiguration
+ void setCACertificates(const QList<QSslCertificate> & );
+
+ //Sets LocalCertificate in QSslConfiguration
+ void setLocalCertificate(const QSslCertificate & );
+
+ //Sets PrivateKey in QSslConfiguration
+ void setPrivateKey(const QSslKey &);
void loadSystem();
// prepares kexec by loading downloaded initramfs, kernel into kexec
void prepareKexec();
diff --git a/src/fbgui/main.cpp b/src/fbgui/main.cpp
index d379c1e..c83dbdc 100644
--- a/src/fbgui/main.cpp
+++ b/src/fbgui/main.cpp
@@ -39,6 +39,8 @@ void printHelp() {
<< QObject::tr(
"Specify location of the file containing the serial number.")
<< endl;
+ qout << "-x, --ssl " << QObject::tr(
+ "Enables SSL support.") << endl;
qout << "-D <level>, --debug=<level> "
<< QObject::tr("Activate debug mode. [0,1]") << endl;
qout << "-h, --help "
@@ -92,7 +94,7 @@ int main(int argc, char *argv[]) {
// parse command line arguments using getopt
QMap<QString, QString> clOpts;
int longIndex = 0;
- static const char *optString = "c:u:d:s:t:D:hl:nS:p:e:";
+ static const char *optString = "c:u:d:s:t:D:hl:nS:p:e:x";
static const struct option longOpts[] = { { "config", required_argument,
NULL, 'c' }, { "url", required_argument, NULL, 'u' }, { "download",
required_argument, NULL, 'd' }, { "serial", required_argument, NULL,
@@ -102,7 +104,7 @@ int main(int argc, char *argv[]) {
'n' }, { "server", required_argument, NULL, 'S' }, {
"autoup", no_argument, NULL, 'a' }, { "socketserverpath",
required_argument, NULL, 'p' }, { "pathtoexe",
- required_argument, NULL, 'e' } };
+ "pathtoexe", required_argument, NULL, 'e' }, { "ssl", no_argument, NULL, 'x' } };
int opt = getopt_long(argc, argv, optString, longOpts, &longIndex);
while (opt != -1) {
switch (opt) {
@@ -145,6 +147,9 @@ int main(int argc, char *argv[]) {
case 'e':
clOpts.insert("pathtoexe", optarg);
break;
+ case 'x':
+ clOpts.insert("ssl", "ssl");
+ break;
}
opt = getopt_long(argc, argv, optString, longOpts, &longIndex);
}
@@ -183,14 +188,28 @@ int main(int argc, char *argv[]) {
QSettings confFileSettings(configFilePath, QSettings::IniFormat);
confFileSettings.setIniCodec("UTF-8");
+ // set SSL support
+ if (clOpts.contains("ssl"))
+ sslSupport = true;
+ else if (confFileSettings.contains("default/ssl_support"))
+ sslSupport = confFileSettings.value("default/ssl_support").toBool();
+ else
+ sslSupport = DEFAULT_SSL_SUPPORT;
+
// set base URL to be loaded
if (clOpts.contains("url"))
baseURL = QUrl(clOpts.value("url"));
- else if (confFileSettings.contains("default/pbs_url"))
+ else if (confFileSettings.contains("default/pbs_url")){
baseURL = confFileSettings.value("default/pbs_url").toUrl();
+ }
else
baseURL = DEFAULT_URL;
+ if(sslSupport)
+ baseURL.setScheme("https");
+
+
+
// set directory for downloads
if (clOpts.contains("downloadDir"))
downloadPath = clOpts.value("downloadDir");
@@ -280,6 +299,7 @@ int main(int argc, char *argv[]) {
LOG4CXX_DEBUG(logger, "downloadDir : " << downloadPath);
LOG4CXX_DEBUG(logger, "trigger: " << fileToTriggerURL);
LOG4CXX_DEBUG(logger, "serialLocation: " << serialLocation);
+ LOG4CXX_DEBUG(logger, "ssl: " << sslSupport);
if (clOpts.contains("nd") || confFileSettings.contains("default/nd")) {
LOG4CXX_DEBUG(logger, "*******************************************");
LOG4CXX_DEBUG(logger, "Network Discovery activated:");
diff --git a/testApp.sh b/testApp.sh
index 790637e..4fcfe25 100755
--- a/testApp.sh
+++ b/testApp.sh
@@ -11,11 +11,9 @@
# -s <path>, --serial=<path> sets path to serial number file
#
# Note: all path are expected to be absolute.
-#
# Adapt these to your own system.
QT_VERSION=Qt-4.8.0
-#PATH_TO_FBGUI_BUILD=/home/joe/fbgui/build
-PATH_TO_FBGUI_BUILD=/home/joe/workspace/fbgui
+PATH_TO_FBGUI_BUILD=~/fbgui/build
# check if network discovery is activated and if running as root
for ARG in $*
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-02 22:27:05 +0200