diff options
author | Christian Kamm <mail@ckamm.de> | 2019-02-19 13:38:46 +0300 |
---|---|---|
committer | Kevin Ottens <kevin.ottens@nextcloud.com> | 2020-12-15 12:58:43 +0300 |
commit | ee6a48b3dc088b2c4e1580e7b42196d922aa7d61 (patch) | |
tree | ae0279a571ef18c78f49d25b6e8518f7b9a0ae17 /src/gui/wizard | |
parent | cc840534c04245345b4be92efb5e0a8d7d85410d (diff) |
Client certs: Store pkcs12 in config, password in keychain
It still reads and writes the old format too, but all newly stored
client certs will be in the new form.
For #6776 because Windows limits credential data to 512 bytes in older
versions.
Diffstat (limited to 'src/gui/wizard')
-rw-r--r-- | src/gui/wizard/owncloudhttpcredspage.cpp | 2 | ||||
-rw-r--r-- | src/gui/wizard/owncloudoauthcredspage.cpp | 2 | ||||
-rw-r--r-- | src/gui/wizard/owncloudsetuppage.cpp | 21 | ||||
-rw-r--r-- | src/gui/wizard/owncloudwizard.h | 6 |
4 files changed, 20 insertions, 11 deletions
diff --git a/src/gui/wizard/owncloudhttpcredspage.cpp b/src/gui/wizard/owncloudhttpcredspage.cpp index 02a82c459..cab2a7427 100644 --- a/src/gui/wizard/owncloudhttpcredspage.cpp +++ b/src/gui/wizard/owncloudhttpcredspage.cpp @@ -191,7 +191,7 @@ void OwncloudHttpCredsPage::setErrorString(const QString &err) AbstractCredentials *OwncloudHttpCredsPage::getCredentials() const { - return new HttpCredentialsGui(_ui.leUsername->text(), _ui.lePassword->text(), _ocWizard->_clientSslCertificate, _ocWizard->_clientSslKey); + return new HttpCredentialsGui(_ui.leUsername->text(), _ui.lePassword->text(), _ocWizard->_clientCertBundle, _ocWizard->_clientCertPassword); } void OwncloudHttpCredsPage::slotStyleChanged() diff --git a/src/gui/wizard/owncloudoauthcredspage.cpp b/src/gui/wizard/owncloudoauthcredspage.cpp index 79f36ba36..267830dc1 100644 --- a/src/gui/wizard/owncloudoauthcredspage.cpp +++ b/src/gui/wizard/owncloudoauthcredspage.cpp @@ -112,7 +112,7 @@ AbstractCredentials *OwncloudOAuthCredsPage::getCredentials() const auto *ocWizard = qobject_cast<OwncloudWizard *>(wizard()); Q_ASSERT(ocWizard); return new HttpCredentialsGui(_user, _token, _refreshToken, - ocWizard->_clientSslCertificate, ocWizard->_clientSslKey); + ocWizard->_clientCertBundle, ocWizard->_clientCertPassword); } bool OwncloudOAuthCredsPage::isComplete() const diff --git a/src/gui/wizard/owncloudsetuppage.cpp b/src/gui/wizard/owncloudsetuppage.cpp index 3fac734d0..13538827a 100644 --- a/src/gui/wizard/owncloudsetuppage.cpp +++ b/src/gui/wizard/owncloudsetuppage.cpp @@ -24,6 +24,7 @@ #include <QNetworkAccessManager> #include <QPropertyAnimation> #include <QGraphicsPixmapItem> +#include <QBuffer> #include "QProgressIndicator.h" @@ -365,14 +366,20 @@ void OwncloudSetupPage::slotCertificateAccepted() { QFile certFile(addCertDial->getCertificatePath()); certFile.open(QFile::ReadOnly); - if (QSslCertificate::importPkcs12( - &certFile, - &_ocWizard->_clientSslKey, - &_ocWizard->_clientSslCertificate, - &_ocWizard->_clientSslCaCertificates, - addCertDial->getCertificatePasswd().toLocal8Bit())) { - // The SSL cert gets added to the QSslConfiguration in checkServer() + QByteArray certData = certFile.readAll(); + QByteArray certPassword = addCertDial->getCertificatePasswd().toLocal8Bit(); + + QBuffer certDataBuffer(&certData); + certDataBuffer.open(QIODevice::ReadOnly); + if (QSslCertificate::importPkcs12(&certDataBuffer, + &_ocWizard->_clientSslKey, &_ocWizard->_clientSslCertificate, + &_ocWizard->_clientSslCaCertificates, certPassword)) { + _ocWizard->_clientCertBundle = certData; + _ocWizard->_clientCertPassword = certPassword; + addCertDial->reinit(); // FIXME: Why not just have this only created on use? + + // The extracted SSL key and cert gets added to the QSslConfiguration in checkServer() validatePage(); } else { addCertDial->showErrorMessage(tr("Could not load certificate. Maybe wrong password?")); diff --git a/src/gui/wizard/owncloudwizard.h b/src/gui/wizard/owncloudwizard.h index 5a61a741f..3dd479d59 100644 --- a/src/gui/wizard/owncloudwizard.h +++ b/src/gui/wizard/owncloudwizard.h @@ -86,8 +86,10 @@ public: // FIXME: Can those be local variables? // Set from the OwncloudSetupPage, later used from OwncloudHttpCredsPage - QSslKey _clientSslKey; - QSslCertificate _clientSslCertificate; + QByteArray _clientCertBundle; // raw, potentially encrypted pkcs12 bundle provided by the user + QByteArray _clientCertPassword; // password for the pkcs12 + QSslKey _clientSslKey; // key extracted from pkcs12 + QSslCertificate _clientSslCertificate; // cert extracted from pkcs12 QList<QSslCertificate> _clientSslCaCertificates; public slots: |