diff --git a/src/lib/gui/MainWindow.cpp b/src/lib/gui/MainWindow.cpp index 7ceb565a6..4010f91f9 100644 --- a/src/lib/gui/MainWindow.cpp +++ b/src/lib/gui/MainWindow.cpp @@ -147,8 +147,13 @@ MainWindow::MainWindow() this, kAppName, tr("Your current TLS key is smaller than the minimum allowed size, A new key 2048-bit key will be generated.") ); - regenerateLocalFingerprints(); + Settings::setValue(Settings::Security::KeySize, 2048); } + if (!TlsUtility::isCertValid()) { + regenerateLocalFingerprints(); + return; + } + if (!QFile::exists(Settings::tlsLocalDb())) { regenerateLocalFingerprints(); return; @@ -371,7 +376,8 @@ void MainWindow::settingsChanged(const QString &key) if ((key == Settings::Security::Certificate) || (key == Settings::Security::KeySize) || (key == Settings::Security::TlsEnabled) || (key == Settings::Security::CheckPeers)) { - if (TlsUtility::isEnabled() && !QFile::exists(Settings::value(Settings::Security::Certificate).toString())) { + if (TlsUtility::isEnabled() && !TlsUtility::isCertValid()) { + qWarning() << tr("invalid certificate, generating a new one"); m_tlsUtility.generateCertificate(); } updateSecurityIcon(m_lblSecurityStatus->isVisible()); diff --git a/src/lib/gui/tls/TlsUtility.cpp b/src/lib/gui/tls/TlsUtility.cpp index 46f606d40..82eef8200 100644 --- a/src/lib/gui/tls/TlsUtility.cpp +++ b/src/lib/gui/tls/TlsUtility.cpp @@ -1,5 +1,6 @@ /* * Deskflow -- mouse and keyboard sharing utility + * SPDX-FileCopyrightText: (C) 2025 Deskflow Developers * SPDX-FileCopyrightText: (C) 2024 Symless Ltd. * SPDX-License-Identifier: GPL-2.0-only WITH LicenseRef-OpenSSL-Exception */ @@ -8,7 +9,10 @@ #include "TlsCertificate.h" #include "common/Settings.h" + #include +#include +#include #include namespace deskflow::gui { @@ -23,6 +27,43 @@ bool TlsUtility::isEnabled() return Settings::value(Settings::Security::TlsEnabled).toBool(); } +bool TlsUtility::isCertValid(const QString &certPath) +{ + const auto certs = QSslCertificate::fromPath(certPath); + if (certs.isEmpty()) { + //: %1 will be replaced by the certificate path + qDebug() << tr("failed to read key from certificate file: %1").arg(certPath); + return false; + } + + const auto cert = certs.first(); + if (cert.isNull()) { + //: %1 will be replaced by the certificate path + qDebug() << tr("failed to parse certificate file: %1").arg(certPath); + return false; + } + + const auto key = cert.publicKey(); + if (key.isNull()) { + //: %1 will be replaced by the certificate path + qDebug() << tr("failed to read key from certificate file: %1").arg(certPath); + return false; + } + + if (key.length() != Settings::value(Settings::Security::KeySize).toInt()) { + qDebug() << tr("key detected is the incorrect size"); + return false; + } + + if (const auto type = key.algorithm(); (type != QSsl::Dsa || type != QSsl::Rsa)) { + //: %1 will be replaced by the certificate path + qDebug() << tr("failed to read RSA or DSA key from certificate file: %1").arg(certPath); + return false; + } + + return true; +} + bool TlsUtility::generateCertificate() const { qDebug( diff --git a/src/lib/gui/tls/TlsUtility.h b/src/lib/gui/tls/TlsUtility.h index 76e8092e1..d4eff60ed 100644 --- a/src/lib/gui/tls/TlsUtility.h +++ b/src/lib/gui/tls/TlsUtility.h @@ -1,5 +1,6 @@ /* * Deskflow -- mouse and keyboard sharing utility + * SPDX-FileCopyrightText: (C) 2025 Deskflow Developers * SPDX-FileCopyrightText: (C) 2024 Symless Ltd. * SPDX-License-Identifier: GPL-2.0-only WITH LicenseRef-OpenSSL-Exception */ @@ -7,6 +8,7 @@ #pragma once #include "TlsCertificate.h" +#include #include @@ -28,6 +30,13 @@ public: */ static bool isEnabled(); + /** + * @brief isCertValid + * @param certPath the path of the file to check, when not set uses Settings::Security::Certificate value + * @return true if the certificate is valid + */ + static bool isCertValid(const QString &certPath = Settings::value(Settings::Security::Certificate).toString()); + private: TlsCertificate m_certificate; }; diff --git a/translations/deskflow_es.ts b/translations/deskflow_es.ts index 9f53ab413..b9c218e5e 100644 --- a/translations/deskflow_es.ts +++ b/translations/deskflow_es.ts @@ -455,6 +455,10 @@ Do you want to connect to the server? %1 is starting... %1 está iniciando... + + invalid certificate, generating a new one + certificado no válido, generando uno nuevo + %1 will retry in a moment... %1 lo intentará nuevamente en un momento... @@ -1284,6 +1288,28 @@ Al habilitar esta opción, se deshabilitará la interfaz gráfica de usuario (GU La clave pública en el archivo de clave del certificado predeterminado es demasiado pequeña + + deskflow::gui::TlsUtility + + failed to parse certificate file: %1 + %1 will be replaced by the certificate path + Error al analizar el archivo de certificado: %1 + + + failed to read key from certificate file: %1 + %1 will be replaced by the certificate path + No se pudo leer la clave del archivo de certificado: %1 + + + key detected is the incorrect size + La clave detectada es de tamaño incorrecto + + + failed to read RSA or DSA key from certificate file: %1 + %1 will be replaced by the certificate path + No se pudo leer la clave RSA o DSA del archivo de certificado: %1 + + i18n diff --git a/translations/deskflow_it.ts b/translations/deskflow_it.ts index c3a02e152..f80b928ca 100644 --- a/translations/deskflow_it.ts +++ b/translations/deskflow_it.ts @@ -463,6 +463,10 @@ Nomi validi: %1 is starting... %1 si sta avviando... + + invalid certificate, generating a new one + certificato non valido, ne viene generato uno nuovo + %1 will retry in a moment... %1 riproverà tra un momento... @@ -1284,6 +1288,28 @@ L'abilitazione di questa impostazione disabiliterà l'interfaccia graf La chiave pubblica nel file della chiave del certificato predefinito è troppo piccola + + deskflow::gui::TlsUtility + + failed to parse certificate file: %1 + %1 will be replaced by the certificate path + impossibile analizzare il file del certificato: %1 + + + failed to read key from certificate file: %1 + %1 will be replaced by the certificate path + impossibile leggere la chiave dal file del certificato: %1 + + + key detected is the incorrect size + la chiave rilevata ha una dimensione errata + + + failed to read RSA or DSA key from certificate file: %1 + %1 will be replaced by the certificate path + impossibile leggere la chiave RSA o DSA dal file del certificato: %1 + + i18n diff --git a/translations/deskflow_ja.ts b/translations/deskflow_ja.ts index a0e80fb76..79e3a9490 100644 --- a/translations/deskflow_ja.ts +++ b/translations/deskflow_ja.ts @@ -307,6 +307,10 @@ Do you want to connect to the server? Your current TLS key is smaller than the minimum allowed size, A new key 2048-bit key will be generated. 現在のTLS鍵長が許容される長さより小さいため、新しい2048ビット長の鍵を生成します。 + + invalid certificate, generating a new one + 無効な証明書、新しい証明書を生成しています + A new version v%1 is available 新しいバージョン(v%1)が利用できます @@ -1285,6 +1289,28 @@ Enabling this setting will disable the server config GUI. 既定の証明書鍵ファイル内の公開鍵が小さすぎます + + deskflow::gui::TlsUtility + + failed to parse certificate file: %1 + %1 will be replaced by the certificate path + 証明書ファイルの解析に失敗しました: %1 + + + failed to read key from certificate file: %1 + %1 will be replaced by the certificate path + 証明書ファイルからキーを読み取ることができませんでした: %1 + + + key detected is the incorrect size + 検出されたキーのサイズが正しくありません + + + failed to read RSA or DSA key from certificate file: %1 + %1 will be replaced by the certificate path + 証明書ファイルから RSA または DSA キーを読み取ることができませんでした: %1 + + i18n diff --git a/translations/deskflow_ru.ts b/translations/deskflow_ru.ts index 584640943..21a337d2b 100644 --- a/translations/deskflow_ru.ts +++ b/translations/deskflow_ru.ts @@ -309,6 +309,10 @@ Do you want to connect to the server? Your current TLS key is smaller than the minimum allowed size, A new key 2048-bit key will be generated. Ваш нынешний TLS ключ меньше чем минимальный разрешимый размер , Новый ключ 2048-бит ключ будет сгенерирован. + + invalid certificate, generating a new one + недействительный сертификат, генерация нового + A new version v%1 is available Новая версия %1 доступна @@ -1289,6 +1293,28 @@ Enabling this setting will disable the server config GUI. Публичный ключ в стандартном файле сертификата слишком мал + + deskflow::gui::TlsUtility + + failed to parse certificate file: %1 + %1 will be replaced by the certificate path + не удалось проанализировать файл сертификата: %1 + + + failed to read key from certificate file: %1 + %1 will be replaced by the certificate path + не удалось прочитать ключ из файла сертификата: %1 + + + key detected is the incorrect size + обнаружен ключ неправильного размера + + + failed to read RSA or DSA key from certificate file: %1 + %1 will be replaced by the certificate path + не удалось прочитать ключ RSA или DSA из файла сертификата: %1 + + i18n diff --git a/translations/deskflow_zh_CN.ts b/translations/deskflow_zh_CN.ts index fc21f6446..5e6aa502c 100644 --- a/translations/deskflow_zh_CN.ts +++ b/translations/deskflow_zh_CN.ts @@ -307,6 +307,10 @@ Do you want to connect to the server? Your current TLS key is smaller than the minimum allowed size, A new key 2048-bit key will be generated. 您当前的 TLS 密钥长度小于允许的最小值,将生成一个新的 2048 位密钥。 + + invalid certificate, generating a new one + 证书无效,正在生成新证书 + A new version v%1 is available 新版本 v%1 可用 @@ -1285,6 +1289,28 @@ Enabling this setting will disable the server config GUI. 默认证书密钥文件中的公钥太短 + + deskflow::gui::TlsUtility + + failed to parse certificate file: %1 + %1 will be replaced by the certificate path + 解析证书文件失败:%1 + + + failed to read key from certificate file: %1 + %1 will be replaced by the certificate path + 无法从证书文件中读取密钥:%1 + + + key detected is the incorrect size + 检测到的密钥大小不正确。 + + + failed to read RSA or DSA key from certificate file: %1 + %1 will be replaced by the certificate path + 无法从证书文件中读取 RSA 或 DSA 密钥:%1 + + i18n