dryark/strawberry
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

LocalRedirectServer: Remove https option and gnutls dependency

Browse Source
This commit is contained in:
Jonas Kvinge
2023-07-18 19:20:51 +02:00
parent dc65753a0b
commit 56180ca419
17 changed files with 18 additions and 266 deletions
Download Patch File Download Diff File Expand all files Collapse all files

225
src/internet/localredirectserver.cpp
View File

@@ -21,10 +21,6 @@
#include "localredirectserver.h"
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include <gnutls/abstract.h>
#include <QApplication>
#include <QIODevice>
#include <QBuffer>
@@ -37,20 +33,14 @@
#include <QRegularExpression>
#include <QStyle>
#include <QHostAddress>
#include <QSsl>
#include <QSslKey>
#include <QSslCertificate>
#include <QSslError>
#include <QTcpServer>
#include <QAbstractSocket>
#include <QTcpSocket>
#include <QSslSocket>
#include <QDateTime>
#include <QRandomGenerator>
LocalRedirectServer::LocalRedirectServer(QObject *parent)
: QTcpServer(parent),
https_(false),
port_(0),
socket_(nullptr) {}
@@ -58,187 +48,14 @@ LocalRedirectServer::~LocalRedirectServer() {
if (isListening()) close();
}
bool LocalRedirectServer::GenerateCertificate() {
if (int result = gnutls_global_init() != GNUTLS_E_SUCCESS) {
error_ = QString("Failed to initialize GnuTLS: %1").arg(gnutls_strerror(result));
return false;
}
gnutls_x509_privkey_t key = nullptr;
if (int result = gnutls_x509_privkey_init(&key) != GNUTLS_E_SUCCESS) {
error_ = QString("Failed to initialize the private key structure: %1").arg(gnutls_strerror(result));
gnutls_global_deinit();
return false;
}
unsigned int bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_RSA, GNUTLS_SEC_PARAM_MEDIUM);
if (int result = gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, bits, 0) != GNUTLS_E_SUCCESS) {
error_ = QString("Failed to generate random private key: %1").arg(gnutls_strerror(result));
gnutls_global_deinit();
return false;
}
char buffer[4096] = "";
size_t buffer_size = sizeof(buffer);
if (int result = gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, buffer, &buffer_size) != GNUTLS_E_SUCCESS) {
error_ = QString("Failed export private key: %1").arg(gnutls_strerror(result));
gnutls_x509_privkey_deinit(key);
gnutls_global_deinit();
return false;
}
QSslKey ssl_key(QByteArray(buffer, static_cast<qint64>(buffer_size)), QSsl::Rsa);
if (ssl_key.isNull()) {
error_ = QString("Failed to generate random private key.");
gnutls_x509_privkey_deinit(key);
gnutls_global_deinit();
return false;
}
gnutls_x509_crt_t crt = nullptr;
if (int result = gnutls_x509_crt_init(&crt) != GNUTLS_E_SUCCESS) {
error_ = QString("Failed to initialize an X.509 certificate structure: %1").arg(gnutls_strerror(result));
gnutls_x509_privkey_deinit(key);
gnutls_global_deinit();
return false;
}
if (int result = gnutls_x509_crt_set_version(crt, 1) != GNUTLS_E_SUCCESS) {
error_ = QString("Failed to set the version of the certificate: %1").arg(gnutls_strerror(result));
gnutls_x509_privkey_deinit(key);
gnutls_x509_crt_deinit(crt);
gnutls_global_deinit();
return false;
}
if (int result = gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_COUNTRY_NAME, 0, "US", 2) != GNUTLS_E_SUCCESS) {
error_ = QString("Failed to set part of the name of the certificate subject: %1").arg(gnutls_strerror(result));
gnutls_x509_privkey_deinit(key);
gnutls_x509_crt_deinit(crt);
gnutls_global_deinit();
return false;
}
if (int result = gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_ORGANIZATION_NAME, 0, "Strawberry Music Player", static_cast<int>(strlen("Strawberry Music Player"))) != GNUTLS_E_SUCCESS) {
error_ = QString("Failed to set part of the name of the certificate subject: %1").arg(gnutls_strerror(result));
gnutls_x509_privkey_deinit(key);
gnutls_x509_crt_deinit(crt);
gnutls_global_deinit();
return false;
}
if (int result = gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_COMMON_NAME, 0, "localhost", static_cast<int>(strlen("localhost"))) != GNUTLS_E_SUCCESS) {
error_ = QString("Failed to set part of the name of the certificate subject: %1").arg(gnutls_strerror(result));
gnutls_x509_privkey_deinit(key);
gnutls_x509_crt_deinit(crt);
gnutls_global_deinit();
return false;
}
if (int result = gnutls_x509_crt_set_key(crt, key) != GNUTLS_E_SUCCESS) {
error_ = QString("Failed to set the public parameters from the given private key to the certificate: %1").arg(gnutls_strerror(result));
gnutls_x509_privkey_deinit(key);
gnutls_x509_crt_deinit(crt);
gnutls_global_deinit();
return false;
}
quint64 time = QDateTime::currentDateTime().toSecsSinceEpoch();
gnutls_x509_crt_set_activation_time(crt, static_cast<time_t>(time));
if (int result = gnutls_x509_crt_set_expiration_time(crt, static_cast<time_t>(time + 31536000L)) != GNUTLS_E_SUCCESS) {
error_ = QString("Failed to set the activation time of the certificate: %1").arg(gnutls_strerror(result));
gnutls_x509_privkey_deinit(key);
gnutls_x509_crt_deinit(crt);
gnutls_global_deinit();
return false;
}
const quint64 serial = 9999999 + QRandomGenerator::global()->bounded(1000000);
QByteArray q_serial;
q_serial.setNum(serial);
if (int result = gnutls_x509_crt_set_serial(crt, q_serial.constData(), sizeof(q_serial.size())) != GNUTLS_E_SUCCESS) {
error_ = QString("Failed to set the serial of the certificate: %1").arg(gnutls_strerror(result));
gnutls_x509_privkey_deinit(key);
gnutls_x509_crt_deinit(crt);
gnutls_global_deinit();
return false;
}
gnutls_privkey_t pkey = nullptr;
if (int result = gnutls_privkey_init(&pkey) != GNUTLS_E_SUCCESS) {
error_ = QString("Failed to initialize a private key object: %1").arg(gnutls_strerror(result));
gnutls_x509_privkey_deinit(key);
gnutls_x509_crt_deinit(crt);
gnutls_global_deinit();
return false;
}
if (int result = gnutls_privkey_import_x509(pkey, key, 0) != GNUTLS_E_SUCCESS) {
error_ = QString("Failed to import the given private key to the abstract private key object: %1").arg(gnutls_strerror(result));
gnutls_x509_privkey_deinit(key);
gnutls_x509_crt_deinit(crt);
gnutls_privkey_deinit(pkey);
gnutls_global_deinit();
return false;
}
if (int result = gnutls_x509_crt_privkey_sign(crt, crt, pkey, GNUTLS_DIG_SHA256, 0) != GNUTLS_E_SUCCESS) {
error_ = QString("Failed to sign the certificate with the issuer's private key: %1").arg(gnutls_strerror(result));
gnutls_x509_privkey_deinit(key);
gnutls_x509_crt_deinit(crt);
gnutls_privkey_deinit(pkey);
gnutls_global_deinit();
return false;
}
if (int result = gnutls_x509_crt_sign2(crt, crt, key, GNUTLS_DIG_SHA256, 0) != GNUTLS_E_SUCCESS) {
error_ = QString("Failed to sign the certificate: %1").arg(gnutls_strerror(result));
gnutls_x509_privkey_deinit(key);
gnutls_x509_crt_deinit(crt);
gnutls_privkey_deinit(pkey);
gnutls_global_deinit();
return false;
}
if (int result = gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, buffer, &buffer_size) != GNUTLS_E_SUCCESS) {
error_ = QString("Failed to export the certificate to PEM format: %1").arg(gnutls_strerror(result));
gnutls_x509_privkey_deinit(key);
gnutls_x509_crt_deinit(crt);
gnutls_privkey_deinit(pkey);
gnutls_global_deinit();
return false;
}
gnutls_x509_crt_deinit(crt);
gnutls_x509_privkey_deinit(key);
gnutls_privkey_deinit(pkey);
QSslCertificate ssl_certificate(QByteArray(buffer, static_cast<qint64>(buffer_size)));
if (ssl_certificate.isNull()) {
error_ = "Failed to generate random client certificate.";
gnutls_global_deinit();
return false;
}
gnutls_global_deinit();
ssl_certificate_ = ssl_certificate;
ssl_key_ = ssl_key;
return true;
}
bool LocalRedirectServer::Listen() {
if (https_) {
if (!GenerateCertificate()) return false;
}
if (!listen(QHostAddress::LocalHost, port_)) {
error_ = errorString();
return false;
}
if (https_) url_.setScheme("https");
else url_.setScheme("http");
url_.setScheme("http");
url_.setHost("localhost");
url_.setPort(serverPort());
url_.setPath("/");
@@ -265,37 +82,15 @@ void LocalRedirectServer::incomingConnection(qintptr socket_descriptor) {
}
buffer_.clear();
if (https_) {
QSslSocket *ssl_socket = new QSslSocket(this);
if (!ssl_socket->setSocketDescriptor(socket_descriptor)) {
delete ssl_socket;
close();
error_ = "Unable to set socket descriptor";
emit Finished();
return;
}
ssl_socket->ignoreSslErrors(QList<QSslError>() << QSslError(QSslError::SelfSignedCertificate));
ssl_socket->setPrivateKey(ssl_key_);
ssl_socket->setLocalCertificate(ssl_certificate_);
ssl_socket->setProtocol(QSsl::TlsV1_2);
ssl_socket->startServerEncryption();
QObject::connect(ssl_socket, QOverload<const QList<QSslError>&>::of(&QSslSocket::sslErrors), this, &LocalRedirectServer::SSLErrors);
QObject::connect(ssl_socket, &QSslSocket::encrypted, this, &LocalRedirectServer::Encrypted);
socket_ = ssl_socket;
}
else {
QTcpSocket *tcp_socket = new QTcpSocket(this);
if (!tcp_socket->setSocketDescriptor(socket_descriptor)) {
delete tcp_socket;
close();
error_ = "Unable to set socket descriptor";
emit Finished();
return;
}
socket_ = tcp_socket;
QTcpSocket *tcp_socket = new QTcpSocket(this);
if (!tcp_socket->setSocketDescriptor(socket_descriptor)) {
delete tcp_socket;
close();
error_ = "Unable to set socket descriptor";
emit Finished();
return;
}
socket_ = tcp_socket;
QObject::connect(socket_, &QAbstractSocket::connected, this, &LocalRedirectServer::Connected);
QObject::connect(socket_, &QAbstractSocket::disconnected, this, &LocalRedirectServer::Disconnected);
@@ -303,8 +98,6 @@ void LocalRedirectServer::incomingConnection(qintptr socket_descriptor) {
}
void LocalRedirectServer::SSLErrors(const QList<QSslError> &errors) { Q_UNUSED(errors); }
void LocalRedirectServer::Encrypted() {}
void LocalRedirectServer::Connected() {}