1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
#include "ssltrust.hpp"
#include <QDebug>
#include <cassert>
void SslTrust::load(QSettings &settings)
{
trust_level = TrustLevel(settings.value("trust_level", int(TrustOnFirstUse)).toInt());
enable_ca = settings.value("enable_ca", QVariant::fromValue(false)).toBool();
trusted_hosts.clear();
int size = settings.beginReadArray("trusted_hosts");
for(int i = 0; i < size; i++)
{
settings.setArrayIndex(i);
auto key_type = QSsl::KeyAlgorithm(settings.value("key_type").toInt());
auto key_value = settings.value("key_bits").toByteArray();
TrustedHost host;
host.host_name = settings.value("host_name").toString();
host.trusted_at = settings.value("trusted_at").toDateTime();
host.public_key = QSslKey(key_value, key_type, QSsl::Der, QSsl::PublicKey);
trusted_hosts.insert(host);
}
settings.endArray();
}
void SslTrust::save(QSettings &settings) const
{
settings.setValue("trust_level", int(trust_level));
settings.setValue("enable_ca", enable_ca);
auto all = trusted_hosts.getAll();
settings.beginWriteArray("trusted_hosts", all.size());
for(int i = 0; i < all.size(); i++)
{
settings.setArrayIndex(i);
settings.setValue("host_name", all.at(i).host_name);
settings.setValue("trusted_at", all.at(i).trusted_at);
settings.setValue("key_type", int(all.at(i).public_key.algorithm()));
settings.setValue("key_bits", all.at(i).public_key.toDer());
}
settings.endArray();
}
bool SslTrust::addTrust(const QUrl &url, const QSslCertificate &certificate)
{
if(certificate.isNull())
return false;
if(auto host_or_none = trusted_hosts.get(url.host()); host_or_none)
{
return false;
}
else
{
TrustedHost host;
host.host_name = url.host();
host.trusted_at = QDateTime::currentDateTime();
host.public_key = certificate.publicKey();
bool ok = trusted_hosts.insert(host);
assert(ok);
return true;
}
}
bool SslTrust::isTrusted(QUrl const & url, const QSslCertificate &certificate)
{
return (getTrust(url, certificate) == Trusted);
}
SslTrust::TrustStatus SslTrust::getTrust(const QUrl &url, const QSslCertificate &certificate)
{
if(certificate.isNull())
return Untrusted;
if(trust_level == TrustEverything)
return Trusted;
if(auto host_or_none = trusted_hosts.get(url.host()); host_or_none)
{
if(host_or_none->public_key == certificate.publicKey())
return Trusted;
qDebug() << "certificate mismatch for" << url;
return Mistrusted;
}
else
{
if(trust_level == TrustOnFirstUse)
{
TrustedHost host;
host.host_name = url.host();
host.trusted_at = QDateTime::currentDateTime();
host.public_key = certificate.publicKey();
bool ok = trusted_hosts.insert(host);
assert(ok);
return Trusted;
}
return Untrusted;
}
}
bool SslTrust::isTrustRelated(QSslError::SslError err)
{
switch(err)
{
case QSslError::CertificateUntrusted: return true;
case QSslError::SelfSignedCertificate: return true;
case QSslError::UnableToGetLocalIssuerCertificate: return true;
default: return false;
}
}
|
