diff options
| author | Felix (xq) Queißner <git@mq32.de> | 2020-06-16 00:41:57 +0200 |
|---|---|---|
| committer | Felix (xq) Queißner <git@mq32.de> | 2020-06-16 00:41:57 +0200 |
| commit | 33c91102a58e2fbcf9d7a66e33b41a65fa3f0e0c (patch) | |
| tree | a724f0c3dcc48c8ce1f78c2665fe8ef170acb379 /src/ssltrust.cpp | |
| parent | 5bb3f3f92e62a0af02fe475943759b8c25cd4592 (diff) | |
| download | kristall-33c91102a58e2fbcf9d7a66e33b41a65fa3f0e0c.tar.gz | |
Adds improved client certificate management, adds server certificate management.
Diffstat (limited to 'src/ssltrust.cpp')
| -rw-r--r-- | src/ssltrust.cpp | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/src/ssltrust.cpp b/src/ssltrust.cpp new file mode 100644 index 0000000..92d913c --- /dev/null +++ b/src/ssltrust.cpp @@ -0,0 +1,76 @@ +#include "ssltrust.hpp" + +#include <QDebug> + +void SslTrust::load(QSettings &settings) +{ + trust_level = TrustLevel(settings.value("trust_level", int(TrustOnFirstUse)).toInt()); + enable_ca = settings.value("enable_ca", QVariant::fromValue(false)).toBool(); + + trusted_hosts.clear(); + + int size = settings.beginReadArray("trusted_hosts"); + for(int i = 0; i < size; i++) + { + settings.setArrayIndex(i); + + auto key_type = QSsl::KeyAlgorithm(settings.value("key_type").toInt()); + auto key_value = settings.value("key_bits").toByteArray(); + + TrustedHost host; + host.host_name = settings.value("host_name").toString(); + host.trusted_at = settings.value("trusted_at").toDateTime(); + host.public_key = QSslKey(key_value, key_type, QSsl::Der, QSsl::PublicKey); + + trusted_hosts.insert(host); + } + settings.endArray(); +} + +void SslTrust::save(QSettings &settings) const +{ + settings.setValue("trust_level", int(trust_level)); + settings.setValue("enable_ca", enable_ca); + + auto all = trusted_hosts.getAll(); + settings.beginWriteArray("trusted_hosts", all.size()); + for(int i = 0; i < all.size(); i++) + { + settings.setArrayIndex(i); + + settings.setValue("host_name", all.at(i).host_name); + settings.setValue("trusted_at", all.at(i).trusted_at); + settings.setValue("key_type", int(all.at(i).public_key.algorithm())); + settings.setValue("key_bits", all.at(i).public_key.toDer()); + } + settings.endArray(); +} + +bool SslTrust::isTrusted(QUrl const & url, const QSslCertificate &certificate) +{ + if(trust_level == TrustEverything) + return true; + + if(auto host_or_none = trusted_hosts.get(url.host()); host_or_none) + { + if(host_or_none->public_key == certificate.publicKey()) + return true; + qDebug() << "certificate mismatch for" << url; + return false; + } + else + { + if(trust_level == TrustOnFirstUse) + { + TrustedHost host; + host.host_name = url.host(); + host.trusted_at = QDateTime::currentDateTime(); + host.public_key = certificate.publicKey(); + + bool ok = trusted_hosts.insert(host); + assert(ok); + return true; + } + return false; + } +} |