certmanager.cpp

Go to the documentation of this file.

/*
 # Copyright (c) 2009 - OpenSLX Project, Computer Center University of Freiburg
 #
 # This program is free software distributed under the GPL version 2.
 # See http://openslx.org/COPYING
 #
 # If you have any feedback please consult http://openslx.org/feedback and
 # send your suggestions, praise, or complaints to feedback@openslx.org
 #
 # General information about OpenSLX can be found at http://openslx.org/
 # -----------------------------------------------------------------------------
 # src/util/CertManager.cpp
 #    - Manage SSL certificates
 #    - provide access by name
 # -----------------------------------------------------------------------------
 */

#define CERTSTORAGE ".config/openslx/pvs2/"

#include "certmanager.h"
#include "../../shared/util.h"
// Remove in future - see comment in util.h
#undef errorOccurred

#include <QHash>
#include <QDir>
#include <QDebug>
#include <QFileInfo>
#include <QMessageBox>
#include <QProcess>
#include <QCoreApplication>

namespace CertManager
{
static QHash<QString, QSslCertificate> _certs;
static QHash<QString, QSslKey> _keys;

static void generateFiles(QString& key, QString& cert);
static bool loadFiles(QString& keyFile, QString& certFile, QSslKey &key, QSslCertificate &cert);

bool getPrivateKeyAndCert(const QString &name, QSslKey &key, QSslCertificate &cert)
{
   if (_keys.contains(name)) {
      key = _keys[name];
      cert = _certs[name];
      return true;
   }
   QString certDir = QDir::homePath().append("/").append(CERTSTORAGE);
   if (!QDir::root().mkpath(certDir)) {
      certDir = QString("/tmp/") + QString::number(slxrand()) + "-" + QString::number(slxrand()) + "/";
      QDir::root().mkpath(certDir);
   }
   QString certFile = certDir.append(name);
   QString keyFile = certFile;
   keyFile.append(".rsa");
   certFile.append(".crt");
   //
   if (!loadFiles(keyFile, certFile, key, cert)) {
      generateFiles(keyFile, certFile);
      if (!loadFiles(keyFile, certFile, key, cert)) {
         qDebug() << "error while creating cert and key files";
         return false;
      }
   }
   _certs.insert(name, cert);
   _keys.insert(name, key);
   return true;
}

void fatal()
{
   QMessageBox::critical(nullptr, QObject::tr("OpenSSL error", "CertManager"),
         QObject::tr("Could not generate certificates for secure connections.\n"
         "PVS will not work.\n\n"
         "Press OK to quit.", "CertManager"));
   QCoreApplication::exit(1);
}

static bool loadFiles(QString& keyFile, QString& certFile, QSslKey &key, QSslCertificate &cert)
{
   QFileInfo keyInfo(keyFile);
   QFileInfo certInfo(certFile);
   if (keyInfo.exists() && certInfo.exists()) {
      // Both files exist, see if they're valid and return
      QFile kf(keyFile);
      kf.open(QFile::ReadOnly);
      key = QSslKey(&kf, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey);
      QList<QSslCertificate> certlist = QSslCertificate::fromPath(certFile);
      if (!key.isNull() && !certlist.empty()) {
         cert = certlist.first();
         if (!cert.isNull()) {
            return true;
         }
      }
   }
   return false;
}

static void generateFiles(QString& key, QString& cert)
{
   QProcess p;
   QFile::remove(key);
   QFile::remove(cert);
   p.setProcessChannelMode(QProcess::ForwardedChannels);
   p.start(QStringLiteral("openssl"), {
      "req", "-x509", "-nodes", "-days", "5000", "-newkey", "rsa:4096",
      "-subj", "/C=DE/ST=BaWue/L=Freiburg/CN=openslx.org",
      "-keyout", key, "-out", cert
   });
   p.waitForFinished();
   p.start(QStringLiteral("chmod"), { "0600", key, cert });
   p.waitForFinished(500);
}

}