1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
/*
# Copyright (c) 2009 - OpenSLX Project, Computer Center University of Freiburg
#
# This program is free software distributed under the GPL version 2.
# See http://openslx.org/COPYING
#
# If you have any feedback please consult http://openslx.org/feedback and
# send your suggestions, praise, or complaints to feedback@openslx.org
#
# General information about OpenSLX can be found at http://openslx.org/
# -----------------------------------------------------------------------------
# src/net/pvsDiscoveredServer.cpp
# - represents an entry in the list of available servers
# - handles some extra things like validating the identity of the remote host
# -----------------------------------------------------------------------------
*/
#include "pvsDiscoveredServer.h"
#include "src/util/serviceDiscoveryUtil.h"
#include <QtNetwork/QSslKey>
PVSDiscoveredServer::PVSDiscoveredServer(QObject* parent, QHostAddress host, int port, QByteArray fingerprint, QString name)
: QObject(parent)
{
_validated = false;
_socket = NULL;
_host = host;
_port = port;
_fingerprint = fingerprint;
_name = name;
_lastUpdate = QDateTime::currentDateTime();
_lastCheck = QDateTime::fromTime_t(1000000);
this->validateCertificate();
}
PVSDiscoveredServer::~PVSDiscoveredServer() {
delete _socket;
}
void PVSDiscoveredServer::ssl_Error( const QList<QSslError> & errors )
{
for (QList<QSslError>::const_iterator it = errors.begin(); it != errors.end(); it++)
{
QSslError err = *it;
if (err.error() == QSslError::HostNameMismatch) continue; // We don't pay attention to hostnames for validation
if (err.error() == QSslError::SelfSignedCertificate) {
continue; // Also, this will always be the case; we check the fingerprint later
}
// http://doc.trolltech.com/4.7//qsslerror.html#SslError-enum
qDebug("Unhandled SSL Error %i: %s", err.error(), qPrintable(err.errorString()));
return;
}
_socket->ignoreSslErrors();
}
void PVSDiscoveredServer::sock_dataArrival()
{
if (_socket == NULL) return;
char charbuff[2000];
while (_socket->bytesAvailable())
{
_socket->read(charbuff, 2000);
}
}
void PVSDiscoveredServer::sock_connected()
{
QByteArray cert = _socket->peerCertificate().digest(QCryptographicHash::Sha1);
if (_socket->peerCertificate().isNull())
{
qDebug("**** WARNING - PEER CERTIFICATE IS NULL ****");
}
else
{
qDebug("%s", qPrintable(_socket->peerCertificate().subjectInfo(QSslCertificate::Organization)));
qDebug("%s", qPrintable(_socket->peerCertificate().subjectInfo(QSslCertificate::CommonName)));
qDebug("%s", qPrintable(_socket->peerCertificate().subjectInfo(QSslCertificate::LocalityName)));
qDebug("%s", qPrintable(_socket->peerCertificate().subjectInfo(QSslCertificate::OrganizationalUnitName)));
qDebug("%s", qPrintable(_socket->peerCertificate().subjectInfo(QSslCertificate::CountryName)));
qDebug("%s", qPrintable(_socket->peerCertificate().subjectInfo(QSslCertificate::StateOrProvinceName)));
}
if (cert == _fingerprint && !_validated)
{
_validated = true;
emit validated(this);
qDebug("Validated certificate of %s :)", qPrintable(_socket->peerAddress().toString()));
}
else
{
qDebug("Certificate of %s is invalid :(", qPrintable(_socket->peerAddress().toString()));
QByteArray is, should;
is = cert.toBase64();
should = _fingerprint.toBase64();
qDebug("Is %s and should be %s", is.data(), should.data());
}
_socket->disconnectFromHost();
}
void PVSDiscoveredServer::validateCertificate()
{
if (_validated) return; // Nothing to do, this one is legit
QDateTime now = QDateTime::currentDateTime();
if (_lastCheck.secsTo(now) < 30) return; // Too soon!
if (_host.isNull() || _port < 1 || _port > 65535) return; // Invalid
if (_socket != NULL) {
disconnect(_socket, SIGNAL(connected()), this, SLOT(sock_connected()));
disconnect(_socket, SIGNAL(readyRead()), this, SLOT(sock_dataArrival()));
disconnect(_socket, SIGNAL(sslErrors(const QList<QSslError> &)),
this, SLOT(ssl_Error(const QList<QSslError> &))
);
_socket->abort();
_socket->deleteLater();
}
_socket = new QSslSocket(this);
_socket->setProtocol(QSsl::SslV3);
_socket->setPeerVerifyMode(QSslSocket::VerifyPeer);
connect(_socket, SIGNAL(encrypted()), this, SLOT(sock_connected()));
connect(_socket, SIGNAL(readyRead()), this, SLOT(sock_dataArrival()));
connect(_socket, SIGNAL(sslErrors(const QList<QSslError> &)),
this, SLOT(ssl_Error(const QList<QSslError> &))
);
_socket->connectToHostEncrypted(_host.toString(), _port);
_lastCheck = now;
}
bool PVSDiscoveredServer::hasFingerprint(QByteArray &fingerprint)
{
return _fingerprint == fingerprint;
}
bool PVSDiscoveredServer::hasHost(QHostAddress &host)
{
return _host == host;
}
void PVSDiscoveredServer::update(int port)
{
_port = port;
_lastUpdate = QDateTime::currentDateTime();
}
int PVSDiscoveredServer::getAge()
{
return _lastUpdate.secsTo(QDateTime::currentDateTime());
}
QString PVSDiscoveredServer::getName()
{
return _name;
}
|
