# HG changeset patch
# User Andre Heinecke <andre.heinecke@intevation.de>
# Date 1409149900 -7200
# Node ID 879a634d0a4011e1c3128a30602e9ddcf5461d2e
# Parent  0f7aeb12e5e905938017bb198b0235717ff61a99
(issue41) Add proxy support

diff -r 0f7aeb12e5e9 -r 879a634d0a40 ui/downloader.cpp
--- a/ui/downloader.cpp	Wed Aug 27 16:31:11 2014 +0200
+++ b/ui/downloader.cpp	Wed Aug 27 16:31:40 2014 +0200
@@ -17,6 +17,7 @@
 #include <QStandardPaths>
 #include <QLocale>
 #include <QSaveFile>
+#include <QSettings>
 
 #include <polarssl/net.h>
 #include <polarssl/ssl.h>
@@ -50,6 +51,18 @@
 {
 #ifdef USE_CURL
     mSSLConnection = new SSLConnectionCurl(url, certificate);
+/* Set up Proxy support. */
+    QSettings settings;
+    QString settingsProxy = settings.value("ProxyURL").toString();
+    if (settingsProxy.isEmpty()) {
+        QByteArray envProxy = qgetenv("http_proxy");
+        if (envProxy.size()) {
+            settingsProxy = QString::fromLocal8Bit(envProxy);
+        }
+    }
+    if (!settingsProxy.isEmpty()) {
+        mSSLConnection->setProxy(QUrl(settingsProxy));
+    }
 #else
     mSSLConnection = new SSLConnectionBare(url, certificate);
 #endif
diff -r 0f7aeb12e5e9 -r 879a634d0a40 ui/mainwindow.cpp
--- a/ui/mainwindow.cpp	Wed Aug 27 16:31:11 2014 +0200
+++ b/ui/mainwindow.cpp	Wed Aug 27 16:31:40 2014 +0200
@@ -43,6 +43,7 @@
 #include "processhelp.h"
 #include "processwaitdialog.h"
 #include "trayicon.h"
+#include "proxysettingsdlg.h"
 
 // The amount of time in minutes stay silent if we have
 // something to say
@@ -528,6 +529,12 @@
     QPushButton *helpButton = new QPushButton(tr("Show Help"));
     connect(helpButton, SIGNAL(clicked()), this, SLOT(showHelp()));
     helpButtonLayout->addWidget(helpButton);
+#ifdef USE_CURL
+    QPushButton *proxySettingsButton = new QPushButton(tr("Proxy settings"));
+    proxySettingsButton->setIcon(QIcon(":/img/preferences-network_16.png"));
+    connect(proxySettingsButton, SIGNAL(clicked()), this, SLOT(showProxySettings()));
+    helpButtonLayout->addWidget(proxySettingsButton);
+#endif
     helpButtonLayout->addStretch();
     infoCenterLayout->addLayout(helpButtonLayout);
 
@@ -1393,6 +1400,12 @@
     }
 }
 
+void MainWindow::showProxySettings()
+{
+    ProxySettingsDlg *dlg = new ProxySettingsDlg(this);
+    dlg->exec();
+}
+
 void MainWindow::showHelp()
 {
     char *inst_dir = get_install_dir();
diff -r 0f7aeb12e5e9 -r 879a634d0a40 ui/mainwindow.h
--- a/ui/mainwindow.h	Wed Aug 27 16:31:11 2014 +0200
+++ b/ui/mainwindow.h	Wed Aug 27 16:31:40 2014 +0200
@@ -150,6 +150,9 @@
      */
     void showHelp();
 
+    /** @brief open the proxy settings dialog */
+    void showProxySettings();
+
 protected:
     virtual void closeEvent(QCloseEvent *event);
 
diff -r 0f7aeb12e5e9 -r 879a634d0a40 ui/sslconnection.h
--- a/ui/sslconnection.h	Wed Aug 27 16:31:11 2014 +0200
+++ b/ui/sslconnection.h	Wed Aug 27 16:31:40 2014 +0200
@@ -86,6 +86,15 @@
      */
     virtual bool downloadFile(const QString &resource, const QString &filename,
                               size_t maxSize) = 0;
+
+    /** @brief Set a proxy server to use.
+     *
+     * @param [in] proxyUrl theo URL of the proxy to use.
+     */
+    virtual void setProxy(const QUrl &proxyUrl) {
+        qWarning() << "Set proxy not supported";
+    }
+
 protected:
     QUrl mUrl;
     QByteArray mPinnedCert;
diff -r 0f7aeb12e5e9 -r 879a634d0a40 ui/sslconnection_curl.cpp
--- a/ui/sslconnection_curl.cpp	Wed Aug 27 16:31:11 2014 +0200
+++ b/ui/sslconnection_curl.cpp	Wed Aug 27 16:31:40 2014 +0200
@@ -17,7 +17,19 @@
     mCurl (NULL)
 {
     if (certificate.isEmpty()) {
-        QFile certResource(":certs/intevation.de");
+        /* Security: curl does not support leaf certificate pinning. So
+         * while the bare connection pins the certificate directly the
+         * curl implementation pins the issuer of the peer certificate
+         *
+         * CURLINFO_TLS_SESSION is also not implmented for polarssl
+         * so there is no way to obtain / verify peer certificate manually
+         * at this point.
+         **/
+#ifdef RELEASE_BUILD
+#error "Curl release build is not supported at this moment."
+#else
+        QFile certResource(":certs/geotrust");
+#endif
         certResource.open(QFile::ReadOnly);
         mPinnedCert = certResource.readAll();
         certResource.close();
@@ -37,12 +49,6 @@
         return;
     }
 
-    if (curl_easy_setopt(mCurl, CURLOPT_SSL_VERIFYHOST, 0L) != CURLE_OK) {
-        /* There are no limitiations for the pinned certificate */
-        qDebug() << "Setting verifyhost failed";
-        return;
-    }
-
     if (curl_easy_setopt(mCurl, CURLOPT_ERRORBUFFER, mErrBuf) != CURLE_OK) {
         qDebug() << "Setting errorbuf failed";
         return;
@@ -229,3 +235,11 @@
     }
     return QDateTime::fromTime_t(filetime);
 }
+
+void SSLConnectionCurl::setProxy(const QUrl& proxyUrl) {
+    if (curl_easy_setopt(mCurl, CURLOPT_PROXY, proxyUrl.toEncoded().constData()) != CURLE_OK) {
+        qDebug() << "Failed to set proxy";
+        return;
+    }
+    qDebug() << "Set proxy to: " << proxyUrl;
+}
diff -r 0f7aeb12e5e9 -r 879a634d0a40 ui/sslconnection_curl.h
--- a/ui/sslconnection_curl.h	Wed Aug 27 16:31:11 2014 +0200
+++ b/ui/sslconnection_curl.h	Wed Aug 27 16:31:40 2014 +0200
@@ -14,6 +14,7 @@
  */
 
 #include "sslconnection.h"
+
 #include <curl/curl.h>
 
 #include <QDateTime>
@@ -35,6 +36,9 @@
 
     bool downloadFile(const QString &resource, const QString &filename,
                       size_t maxSize);
+
+    void setProxy(const QUrl &proxyUrl);
+
 private:
     CURL *mCurl;
     QTemporaryFile mCertFile;