C++ QSslCipher类代码示例

QList<QSslCipher> MumbleSSL::ciphersFromOpenSSLCipherString(QString cipherString) {
	QList<QSslCipher> chosenCiphers;

	SSL_CTX *ctx = NULL;
	SSL *ssl = NULL;
	const SSL_METHOD *meth = NULL;
	int i = 0;

	QByteArray csbuf = cipherString.toLatin1();
	const char *ciphers = csbuf.constData();

	meth = SSLv23_server_method();
	if (meth == NULL) {
		qWarning("MumbleSSL: unable to get SSL method");
		goto out;
	}

	// We use const_cast to be compatible with OpenSSL 0.9.8.
	ctx = SSL_CTX_new(const_cast<SSL_METHOD *>(meth));
	if (ctx == NULL) {
		qWarning("MumbleSSL: unable to allocate SSL_CTX");
		goto out;
	}

	if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
		qWarning("MumbleSSL: error parsing OpenSSL cipher string in ciphersFromOpenSSLCipherString");
		goto out;
	}

	ssl = SSL_new(ctx);
	if (ssl == NULL) {
		qWarning("MumbleSSL: unable to create SSL object in ciphersFromOpenSSLCipherString");
		goto out;
	}

	while (1) {
		const char *name = SSL_get_cipher_list(ssl, i);
		if (name == NULL) {
			break;
		}
#if QT_VERSION >= 0x050300
		QSslCipher c = QSslCipher(QString::fromLatin1(name));
		if (!c.isNull()) {
			chosenCiphers << c;
		}
#else
		foreach (const QSslCipher &c, QSslSocket::supportedCiphers()) {
			if (c.name() == QString::fromLatin1(name)) {
				chosenCiphers << c;
			}
		}
#endif
		++i;
	}

out:
	SSL_CTX_free(ctx);
	SSL_free(ssl);
	return chosenCiphers;
}

void QgsAuthSslImportDialog::socketEncrypted()
{
  QgsDebugMsg( "socketEncrypted entered" );
  if ( !mSocket )
    return;  // might have disconnected already

  appendString( tr( "Socket ENCRYPTED" ) );

  appendString( QStringLiteral( "%1: %2" ).arg( tr( "Protocol" ),
                QgsAuthCertUtils::getSslProtocolName( mSocket->protocol() ) ) );

  QSslCipher ciph = mSocket->sessionCipher();
  QString cipher = QStringLiteral( "%1: %2, %3 (%4/%5)" )
                   .arg( tr( "Session cipher" ), ciph.authenticationMethod(), ciph.name() )
                   .arg( ciph.usedBits() ).arg( ciph.supportedBits() );
  appendString( cipher );



  wdgtSslConfig->setEnabled( true );
  QString hostport( QStringLiteral( "%1:%2" ).arg( mSocket->peerName() ).arg( mSocket->peerPort() ) );
  wdgtSslConfig->setSslCertificate( mSocket->peerCertificate(), hostport.trimmed() );
  if ( !mSslErrors.isEmpty() )
  {
    wdgtSslConfig->appendSslIgnoreErrors( mSslErrors );
    mSslErrors.clear();
  }

//  checkCanSave();

  // must come after last state change, or gets reverted
  leServer->setStyleSheet( QgsAuthGuiUtils::greenTextStyleSheet() );

  destroySocket();
}

Checker::Checker() {

    Settings se;

    this->previousMessage = "";
    this->isWorking = false;
    this->accessUrl = QUrl(se.getString("accessUrl"));

    accessManager = new QNetworkAccessManager(this);

    // Signal for finishing network access
    connect(accessManager, SIGNAL(finished(QNetworkReply*)),this, SLOT(replyFinished(QNetworkReply*)));

    // SSL/TLS configuration
    this->sslConfiguration = new QSslConfiguration;
    sslConfiguration->setProtocol(QSsl::SecureProtocols);                // QT 5.0.1: TlsV1SslV3

    // CA Certs
    QList<QSslCertificate> certs = QSslCertificate::fromPath(QString(se.getString("certificateFile")), QSsl::Pem);
    sslConfiguration->setPeerVerifyMode(QSslSocket::VerifyPeer);         // Default behaviour for clients
    sslConfiguration->setCaCertificates(certs);

    // Ciphers
    QList<QSslCipher> ciphers;
    QStringList cipherList = se.getStringList("cipherList");
    foreach (QString cipherName, cipherList) {
        QSslCipher cipher = QSslCipher(cipherName,QSsl::SecureProtocols);
        qDebug() << "Instantiated" << cipherName << ":" << cipher.isNull();
        if (!cipher.isNull()) {
            ciphers.append(cipher);
        }
    }

void SslClient::socketEncrypted()
{
    QSslCipher ciph = ssl_->sessionCipher();
    QString cipher = QString("%1, %2 (%3/%4)").arg(ciph.authenticationMethod())
                     .arg(ciph.name()).arg(ciph.usedBits()).arg(ciph.supportedBits());
    CDebug() << "SSL cipher " << cipher;
}

QDebug operator<<(QDebug debug, const QSslCipher &cipher)
{
    debug << "QSslCipher(name=" << qPrintable(cipher.name())
          << ", bits=" << cipher.usedBits()
          << ", proto=" << qPrintable(cipher.protocolString())
          << ")";
    return debug;
}

QDebug operator<<(QDebug debug, const QSslCipher &cipher)
{
    QDebugStateSaver saver(debug);
    debug.resetFormat().nospace().noquote();
    debug << "QSslCipher(name=" << cipher.name()
          << ", bits=" << cipher.usedBits()
          << ", proto=" << cipher.protocolString()
          << ')';
    return debug;
}

void Server::connectionAccepted()
{ 
 qDebug() << "SERVER: Now connected";
 qDebug() << "SERVER: Connection is encrypted:" << clientConnection -> isEncrypted();
 qDebug() << "SERVER: Socket Descriptor:" << clientConnection -> socketDescriptor();
 QSslCipher ciph = clientConnection->sessionCipher();
 QString cipher = QString("%1, %2 (%3/%4)").arg(ciph.authenticationMethod()).arg(ciph.name()).arg(ciph.usedBits()).arg(ciph.supportedBits());
 qDebug() << "SERVER: Cipher:" << cipher;

 connected=1;
 emit readyToSendData();
}

QString Server :: getSSLCypher()
{
 QString cipher("");
 if(connected) //I know it's not pretty but it looks a lot better than a segfault :P
  if(clientConnection!=0)
   if(clientConnection -> isOpen())
    {
 	QSslCipher ciph = clientConnection->sessionCipher();
 	cipher = QString("%1, %2 (%3/%4)").arg(ciph.authenticationMethod()).arg(ciph.name()).arg(ciph.usedBits()).arg(ciph.supportedBits());	
    }
 return cipher;

}

void SslClient::socketEncrypted()
{
    form->sessionOutput->clear();
    form->sessionInput->setFocus();

    QPalette palette;
    palette.setColor(QPalette::Base, QColor(255, 255, 192));
    form->hostNameEdit->setPalette(palette);

    const QSslCipher cipher = socket->sessionCipher();
    const QString cipherInfo = QString("%1, %2 (%3/%4)").arg(cipher.authenticationMethod())
                                       .arg(cipher.name()).arg(cipher.usedBits())
                                       .arg(cipher.supportedBits());;
    form->cipherLabel->setText(cipherInfo);
    padLock->show();
}

SslInfoDlg::SslInfoDlg(const QSslSocket *socket, QWidget *parent)
    : QDialog(parent),
    _socket(socket)
{
    ui.setupUi(this);

    QSslCipher cipher = socket->sessionCipher();

    ui.hostname->setText(socket->peerName());
    ui.address->setText(socket->peerAddress().toString());
    ui.encryption->setText(cipher.name());
    ui.protocol->setText(cipher.protocolString());

    connect(ui.certificateChain, SIGNAL(currentIndexChanged(int)), SLOT(setCurrentCert(int)));
    foreach(const QSslCertificate &cert, socket->peerCertificateChain()) {
        ui.certificateChain->addItem(subjectInfo(cert, QSslCertificate::CommonName));
    }
}

void SslClient::socketEncrypted()
{
    if (!socket)
        return;                 // might have disconnected already

    form->sessionOutput->clear();
    form->sessionInput->setFocus();

    QPalette palette;
    palette.setColor(QPalette::Base, QColor(255, 255, 192));
    form->hostNameEdit->setPalette(palette);

    QSslCipher ciph = socket->sessionCipher();
    QString cipher = QString("%1, %2 (%3/%4)").arg(ciph.authenticationMethod())
                     .arg(ciph.name()).arg(ciph.usedBits()).arg(ciph.supportedBits());;
    form->cipherLabel->setText(cipher);

    if (!padLock) {
        padLock = new QToolButton;
        padLock->setIcon(QIcon(":/encrypted.png"));
#ifndef QT_NO_CURSOR
        padLock->setCursor(Qt::ArrowCursor);
#endif
        padLock->setToolTip(tr("Display encryption details."));

        int extent = form->hostNameEdit->height() - 2;
        padLock->resize(extent, extent);
        padLock->setSizePolicy(QSizePolicy::Fixed, QSizePolicy::Ignored);

        QHBoxLayout *layout = new QHBoxLayout(form->hostNameEdit);
        layout->setMargin(form->hostNameEdit->style()->pixelMetric(QStyle::PM_DefaultFrameWidth));
        layout->setSpacing(0);
        layout->addStretch();
        layout->addWidget(padLock);

        form->hostNameEdit->setLayout(layout);

        connect(padLock, SIGNAL(clicked()),
                this, SLOT(displayCertificateInfo()));
    } else {
        padLock->show();
    }
}

//! [3]
void SslClient::socketEncrypted()
{
    if (!m_socket)
        return; // Might have disconnected already

    // We started a new connection, so clear the response from previous connections
    m_response.clear();
    emit responseChanged();

    // Retrieve the information about the used cipher and update the property
    const QSslCipher cipher = m_socket->sessionCipher();
    m_cipher = QString("%1, %2 (%3/%4)").arg(cipher.authenticationMethod())
            .arg(cipher.name())
            .arg(cipher.usedBits())
            .arg(cipher.supportedBits());

    emit cipherChanged();

    // Tell the CertificateInfoControl about the certificate chain of this connection
    emit certificateChainChanged(m_socket->peerCertificateChain());
}

void SslButton::updateAccountInfo(Account *account)
{
    if (!account || account->state() != Account::Connected) {
        setVisible(false);
        return;
    } else {
        setVisible(true);
    }
    if (account->url().scheme() == QLatin1String("https")) {
        setIcon(QIcon(QPixmap(":/mirall/resources/lock-https.png")));
        QSslCipher cipher = account->sslConfiguration().sessionCipher();
        setToolTip(tr("This connection is encrypted using %1 bit %2.\n").arg(cipher.usedBits()).arg(cipher.name()));
        QMenu *menu = new QMenu(this);
        QList<QSslCertificate> chain = account->sslConfiguration().peerCertificateChain();
        menu->addAction(tr("Certificate information:"))->setEnabled(false);

        QList<QSslCertificate> tmpChain;
        foreach(QSslCertificate cert, chain) {
            tmpChain << cert;
            if (QSslSocket::systemCaCertificates().contains(cert))
                break;
        }

QString dumpCipher(const QSslCipher &cipher)
{
    QString s = "\n";
    s += "Authentication:  " + cipher.authenticationMethod() + "\n";
    s += "Encryption:      " + cipher.encryptionMethod() + "\n";
    s += "Key Exchange:    " + cipher.keyExchangeMethod() + "\n";
    s += "Cipher Name:     " + cipher.name() + "\n";
    s += "Protocol:        " +  cipher.protocolString() + "\n";
    s += "Supported Bits:  " + QString(cipher.supportedBits()) + "\n";
    s += "Used Bits:       " + QString(cipher.usedBits()) + "\n";
    return s;
}

void WebsocketServer::initialisieren(const QString &name, const QString &ipAdresse, const int &anschluss, const QStringList &sslAlgorithmen,
									 const QStringList &ssl_EK, const QString &ssl_DH, const QString &zertifikatSchluessel,
									 const QString &zertifikat, const QString &zertifkatKette, const bool &ssl_aktiv)
{
	QWebSocketServer::SslMode SSL_Modus;
	if (ssl_aktiv)
	{
		SSL_Modus=QWebSocketServer::SecureMode;
		K_IPAdresse=QHostAddress(ipAdresse);
	}
	else
	{
		SSL_Modus=QWebSocketServer::NonSecureMode;
		K_IPAdresse=QHostAddress(QHostAddress::LocalHost);
	}
	K_Server=new QWebSocketServer(name,SSL_Modus,this);
	connect(K_Server,&QWebSocketServer::sslErrors,this, &WebsocketServer::SSL_Fehler);
	connect(K_Server,&QWebSocketServer::serverError,this,&WebsocketServer::SSL_Serverfehler);
	connect(K_Server,&QWebSocketServer::newConnection,this,&WebsocketServer::NeuerKlient);
	connect(K_Server,&QWebSocketServer::acceptError,this,&WebsocketServer::Verbindungsfehler);


	K_Anschluss=anschluss;
	QSslConfiguration SSL;
	QList<QSslCipher> Algorithmen;
	QVector<QSslEllipticCurve> EK;

	SSL.setProtocol(QSsl::TlsV1_2OrLater);
	SSL.setPeerVerifyMode(QSslSocket::VerifyNone);


	QSslCipher Algorithmus;
	QSslEllipticCurve Kurve;
	if (ssl_aktiv)
	{
//BUG Das mit der Reihenfolge geht nicht

		for (auto Eintrag : sslAlgorithmen)
		{
			Algorithmus=QSslCipher(Eintrag);
			if (Algorithmus.isNull())
				qCWarning(qalarm_serverWebsocketServer)<< tr("Algorithmus %1 wird nicht unterstützt.").arg(Eintrag);
			else
				Algorithmen.append(Algorithmus);
		}
		SSL.setCiphers(Algorithmen);
//BUG Es werden nie Kurven angeboten

		for (auto Eintrag : ssl_EK)
		{
			Kurve=QSslEllipticCurve::fromShortName(Eintrag);
			if (!Kurve.isValid())
				qCWarning(qalarm_serverWebsocketServer)<< tr("Kurve %1 wird nicht unterstützt.").arg(Eintrag);
			else
				EK.append(Kurve);
		}
		SSL.setEllipticCurves(EK);

		if(!ssl_DH.isEmpty())
		{
#if (QT_VERSION >= QT_VERSION_CHECK(5,8,0))
			SSL.setDiffieHellmanParameters(QSslDiffieHellmanParameters::fromEncoded(DateiLaden(ssl_DH,tr("Die DH Parameter %1 konnten nicht geladen werden."))));
#else
			qCWarning(qalarm_serverWebsocketServer)<<tr("Qt kann die DH Parameter erst ab Version 5.8.0 setzen");
#endif
		}

		QList<QSslCertificate> Zertifikate;
		Zertifikate=QSslCertificate::fromDevice(DateiLaden(zertifikat,tr("Zertifikat %1 konnte nicht geladen werden.").arg(zertifikat)));
		Zertifikate.append(QSslCertificate::fromDevice(DateiLaden(zertifkatKette,tr("Die Zertifikatskette %1 konnte nicht geladen werden.").arg(zertifkatKette))));
		SSL.setLocalCertificateChain(Zertifikate);

		SSL.setPrivateKey(QSslKey(DateiLaden(zertifikatSchluessel,tr("Der Schlüssel %1 für das Zertifikat konnte nicht geladen werden.").arg(zertifikatSchluessel)),QSsl::Rsa));

		if(SSL.privateKey().isNull() || SSL.localCertificate().isNull() || SSL.localCertificateChain().isEmpty())
			return;
		qCDebug(qalarm_serverWebsocketServer)<<tr("Setze SSL Konfiguration");
		qCDebug(qalarm_serverWebsocketServer)<<tr("Privater Schlüssel: ")<<SSL.privateKey();
		qCDebug(qalarm_serverWebsocketServer)<<tr("Zertifikate: ")<<SSL.localCertificateChain();
#if (QT_VERSION >= QT_VERSION_CHECK(5,8,0))
		qCDebug(qalarm_serverWebsocketServer)<<tr("DH Parameter: ")<<SSL.diffieHellmanParameters();
#endif
		qCDebug(qalarm_serverWebsocketServer)<<tr("Zerttest: ")<<SSL.peerVerifyMode();
		qCDebug(qalarm_serverWebsocketServer)<<tr("Elliptische Kurven: ")<<SSL.ellipticCurves();
		qCDebug(qalarm_serverWebsocketServer)<<tr("Algorithmen: ")<<SSL.ciphers();
		K_Server->setSslConfiguration(SSL);
	}
	if(!K_Initfehler)
		Q_EMIT Initialisiert();
}