annotate ui/downloader.cpp @ 28:e783fd99a9eb

Add public key parsing
author Andre Heinecke <aheinecke@intevation.de>
date Thu, 13 Mar 2014 12:01:33 +0000
parents 62cd56cea09b
children d8e93fa1fc93
rev   line source
10
fe39d93f1261 Start on Downloader component
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
1 #include "downloader.h"
fe39d93f1261 Start on Downloader component
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
2
fe39d93f1261 Start on Downloader component
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
3 #ifndef DOWNLOAD_SERVER
fe39d93f1261 Start on Downloader component
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
4 #define DOWNLOAD_SERVER "https://www.intevation.de"
fe39d93f1261 Start on Downloader component
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
5 #endif
fe39d93f1261 Start on Downloader component
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
6
fe39d93f1261 Start on Downloader component
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
7 #include <QFile>
15
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
8 #include <QDir>
10
fe39d93f1261 Start on Downloader component
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
9 #include <QDebug>
15
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
10 #include <QStandardPaths>
27
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
11 #include <QUuid>
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
12 #include <QApplication>
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
13
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
14 #include <polarssl/net.h>
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
15 #include <polarssl/ssl.h>
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
16 #include <polarssl/entropy.h>
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
17 #include <polarssl/ctr_drbg.h>
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
18 #include <polarssl/error.h>
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
19 #include <polarssl/certs.h>
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
20
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
21 #define MAX_SW_SIZE 10485760
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
22 #define MAX_LIST_SIZE 1048576
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
23
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
24 QString getErrorMsg(int ret)
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
25 {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
26 char errbuf[255];
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
27 polarssl_strerror(ret, errbuf, 255);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
28 errbuf[254] = '\0'; /* Just to be sure */
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
29 return QString::fromLatin1(errbuf);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
30 }
10
fe39d93f1261 Start on Downloader component
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
31
15
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
32 Downloader::Downloader(QObject* parent, const QString& url,
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
33 const QByteArray& certificate,
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
34 const QDateTime& newestSW,
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
35 const QDateTime& newestList):
12
9121eea6d93f Fix constructor usage. Too much Java.
Andre Heinecke <aheinecke@intevation.de>
parents: 11
diff changeset
36 QThread(parent),
15
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
37 mUrl(url),
27
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
38 mPinnedCert(certificate),
15
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
39 mLastModSW(newestSW),
27
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
40 mLastModList(newestList),
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
41 mErrorState(NoError),
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
42 mInitialized(false),
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
43 mServerFD(-1)
10
fe39d93f1261 Start on Downloader component
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
44 {
27
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
45 int ret = -1;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
46
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
47 memset(&mSSL, 0, sizeof(ssl_context));
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
48
15
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
49 if (certificate.isEmpty()) {
18
f4f957c58e0a Move listuitol and add cert pinning with a test certificate
Andre Heinecke <aheinecke@intevation.de>
parents: 15
diff changeset
50 QFile certResource(":certs/kolab.org");
15
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
51 certResource.open(QFile::ReadOnly);
27
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
52 mPinnedCert = certResource.readAll();
15
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
53 certResource.close();
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
54 }
27
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
55
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
56 ret = init();
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
57 if (ret == 0) {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
58 mInitialized = true;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
59 } else {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
60 qDebug() << "Initialization error: " + getErrorMsg(ret);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
61 }
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
62 }
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
63
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
64 int Downloader::init()
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
65 {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
66 int ret = -1;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
67 QUuid uuid = QUuid::createUuid();
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
68 QString personalString = QApplication::applicationName() + uuid.toString();
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
69 QByteArray personalBa = personalString.toLocal8Bit();
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
70
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
71 x509_crt_init(&mX509PinnedCert);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
72 entropy_init(&mEntropy);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
73
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
74 ret = ssl_init(&mSSL);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
75 if (ret != 0) {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
76 /* The only documented error is malloc failed */
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
77 mErrorState = ErrUnknown;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
78 return ret;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
79 }
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
80
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
81 /*
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
82 * Initialize random generator.
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
83 * Personalisation string, does not need to be random but
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
84 * should be unique according to documentation.
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
85 *
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
86 * the ctr_drbg structure does not need to be freed explicitly.
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
87 */
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
88 ret = ctr_drbg_init(&mCtr_drbg, entropy_func, &mEntropy,
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
89 (const unsigned char*) personalBa.constData(),
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
90 personalBa.size());
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
91 if (ret != 0) {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
92 ssl_free(&mSSL);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
93 mErrorState = ErrUnknown;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
94 return ret;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
95 }
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
96
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
97 ret = x509_crt_parse(&mX509PinnedCert,
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
98 (const unsigned char*) mPinnedCert.constData(),
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
99 mPinnedCert.size());
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
100 if (ret != 0){
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
101 ssl_free(&mSSL);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
102 mErrorState = InvalidPinnedCertificate;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
103 return ret;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
104 }
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
105
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
106 ssl_set_endpoint(&mSSL, SSL_IS_CLIENT);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
107 ssl_set_authmode(&mSSL, SSL_VERIFY_OPTIONAL);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
108 ssl_set_ca_chain(&mSSL, &mX509PinnedCert, NULL, NULL);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
109 ssl_set_renegotiation(&mSSL, SSL_RENEGOTIATION_DISABLED);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
110 ssl_set_rng(&mSSL, ctr_drbg_random, &mCtr_drbg);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
111
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
112 return 0;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
113 }
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
114
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
115 Downloader::~Downloader() {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
116 x509_crt_free(&mX509PinnedCert);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
117 entropy_free(&mEntropy);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
118 if (mInitialized) {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
119 ssl_free(&mSSL);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
120 }
10
fe39d93f1261 Start on Downloader component
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
121 }
fe39d93f1261 Start on Downloader component
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
122
15
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
123 QString Downloader::getDataDirectory()
10
fe39d93f1261 Start on Downloader component
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
124 {
15
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
125 QString candidate =
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
126 QStandardPaths::writableLocation(QStandardPaths::DataLocation);
12
9121eea6d93f Fix constructor usage. Too much Java.
Andre Heinecke <aheinecke@intevation.de>
parents: 11
diff changeset
127
15
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
128 if (candidate.isEmpty()) {
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
129 qDebug() << "Could not find writeable locaction for me";
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
130 return QString();
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
131 }
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
132
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
133 QDir cDir(candidate);
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
134
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
135 if (!cDir.exists()) {
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
136 if (!cDir.mkpath(candidate)) {
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
137 qDebug() << "Could not create path to: " << candidate;
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
138 return QString();
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
139 }
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
140 }
95e1b6edf2fc Implement more downloader functionality for Windows
Andre Heinecke <aheinecke@intevation.de>
parents: 12
diff changeset
141 return cDir.absolutePath();
10
fe39d93f1261 Start on Downloader component
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
142 }
27
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
143
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
144 int Downloader::establishSSLConnection() {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
145 int ret = -1;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
146 const x509_crt *peerCert;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
147
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
148 mErrorState = ErrUnknown;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
149
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
150 if (mServerFD == -1) {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
151 return -1;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
152 }
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
153
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
154 ssl_set_bio(&mSSL, net_recv, &mServerFD,
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
155 net_send, &mServerFD);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
156
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
157 while ((ret = ssl_handshake(&mSSL)) != 0) {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
158 if (ret != POLARSSL_ERR_NET_WANT_READ &&
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
159 ret != POLARSSL_ERR_NET_WANT_WRITE) {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
160 qDebug() << "SSL Handshake failed: "
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
161 << getErrorMsg(ret);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
162 return ret;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
163 }
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
164 }
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
165
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
166 ret = ssl_get_verify_result(&mSSL);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
167
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
168 if (ret != 0 ) {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
169
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
170 if( ( ret & BADCERT_EXPIRED ) != 0 )
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
171 qDebug() << "server certificate has expired";
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
172
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
173 if( ( ret & BADCERT_REVOKED ) != 0 )
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
174 qDebug() << "server certificate has been revoked";
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
175
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
176 if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
177 qDebug() << "CN mismatch";
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
178
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
179 if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
180 qDebug() << "self-signed or not signed by a trusted CA";
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
181
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
182 #ifdef RELEASE_BUILD
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
183 return -1;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
184 #endif
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
185 }
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
186
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
187 peerCert = ssl_get_peer_cert(&mSSL);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
188
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
189 if (!peerCert) {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
190 mErrorState = InvalidCertificate;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
191 qDebug() << "Failed to get peer cert";
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
192 return -1;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
193 }
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
194
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
195 if (peerCert->raw.len == 0 ||
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
196 peerCert->raw.len != mX509PinnedCert.raw.len) {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
197 mErrorState = InvalidCertificate;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
198 qDebug() << "Certificate length mismatch";
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
199 return -1;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
200 }
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
201
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
202 /* You can never be sure what those c++ operators do..
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
203 if (mPinnedCert != QByteArray::fromRawData(
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
204 (const char*) peerCert->raw.p,
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
205 peerCert->raw.len)) {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
206 qDebug() << "Certificate content mismatch";
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
207 }
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
208 */
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
209
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
210 for (unsigned int i = 0; i < peerCert->raw.len; i++) {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
211 if (peerCert->raw.p[i] != mX509PinnedCert.raw.p[i]) {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
212 qDebug() << "Certificate content mismatch";
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
213 mErrorState = InvalidCertificate;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
214 return -1;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
215 }
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
216 }
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
217 mErrorState = NoError;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
218 return 0;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
219 }
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
220
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
221
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
222 void Downloader::run() {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
223 int ret;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
224
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
225 if (!mInitialized) {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
226 emit error(tr("Failed to initialize SSL Module."), ErrUnknown);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
227 return;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
228 }
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
229
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
230 ret = net_connect(&mServerFD, mUrl.host().toLatin1().constData(),
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
231 mUrl.port(443));
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
232 if (ret != 0) {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
233 mErrorState = NoConnection;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
234 emit error(tr("Failed to connect to %1.").arg(mUrl.host()),
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
235 mErrorState);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
236 return;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
237 }
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
238
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
239 emit progress(tr("Connected"), 1, -1);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
240
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
241 ret = establishSSLConnection();
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
242 if (ret != 0) {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
243 qDebug() << "SSL conncetion failed: " << getErrorMsg(ret);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
244 emit error(tr("Failed to connect to %1.").arg(mUrl.host()),
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
245 mErrorState);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
246 return;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
247 }
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
248
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
249 qDebug() << "Connected to: " << mUrl.host();
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
250 // TODO
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
251
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
252 emit progress(tr("Closing"), 1, -1);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
253 ssl_close_notify (&mSSL);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
254
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
255 if (mServerFD != -1) {
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
256 net_close(mServerFD);
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
257 mServerFD = -1;
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
258 }
62cd56cea09b Start on polarssl Downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents: 18
diff changeset
259 }

http://wald.intevation.org/projects/trustbridge/