114 lines
3.0 KiB
C++
114 lines
3.0 KiB
C++
/*
|
|
* Deskflow -- mouse and keyboard sharing utility
|
|
* SPDX-FileCopyrightText: (C) 2025 Deskflow Developers
|
|
* SPDX-FileCopyrightText: (C) 2024 Symless Ltd.
|
|
* SPDX-License-Identifier: GPL-2.0-only WITH LicenseRef-OpenSSL-Exception
|
|
*/
|
|
|
|
#include "TlsUtility.h"
|
|
|
|
#include "TlsCertificate.h"
|
|
#include "common/Settings.h"
|
|
#include "net/SecureUtils.h"
|
|
|
|
#include <QFile>
|
|
#include <QSslCertificate>
|
|
#include <QSslKey>
|
|
#include <QString>
|
|
|
|
namespace deskflow::gui {
|
|
|
|
TlsUtility::TlsUtility(QObject *parent) : QObject(parent)
|
|
{
|
|
// do nothing
|
|
}
|
|
|
|
bool TlsUtility::isEnabled()
|
|
{
|
|
return Settings::value(Settings::Security::TlsEnabled).toBool();
|
|
}
|
|
|
|
bool TlsUtility::isCertValid(const QString &certPath)
|
|
{
|
|
const auto certs = QSslCertificate::fromPath(certPath);
|
|
if (certs.isEmpty()) {
|
|
//: %1 will be replaced by the certificate path
|
|
qDebug() << tr("failed to read key from certificate file: %1").arg(certPath);
|
|
return false;
|
|
}
|
|
|
|
const auto cert = certs.first();
|
|
if (cert.isNull()) {
|
|
//: %1 will be replaced by the certificate path
|
|
qDebug() << tr("failed to parse certificate file: %1").arg(certPath);
|
|
return false;
|
|
}
|
|
|
|
const auto key = cert.publicKey();
|
|
if (key.isNull()) {
|
|
//: %1 will be replaced by the certificate path
|
|
qDebug() << tr("failed to read key from certificate file: %1").arg(certPath);
|
|
return false;
|
|
}
|
|
|
|
if (key.length() != Settings::value(Settings::Security::KeySize).toInt()) {
|
|
qDebug() << tr("key detected is the incorrect size");
|
|
return false;
|
|
}
|
|
|
|
if (const auto type = key.algorithm(); (type != QSsl::Dsa || type != QSsl::Rsa)) {
|
|
//: %1 will be replaced by the certificate path
|
|
qDebug() << tr("failed to read RSA or DSA key from certificate file: %1").arg(certPath);
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
int TlsUtility::getCertKeyLength(const QString &certPath)
|
|
{
|
|
return deskflow::getCertLength(certPath.toStdString());
|
|
}
|
|
|
|
QByteArray TlsUtility::certFingerprint(const QString &certPath)
|
|
{
|
|
QByteArray fingerprint;
|
|
|
|
const auto certs = QSslCertificate::fromPath(certPath);
|
|
if (certs.isEmpty()) {
|
|
//: %1 will be replaced by the certificate path
|
|
qDebug() << tr("failed to read key from certificate file: %1").arg(certPath);
|
|
return fingerprint;
|
|
}
|
|
|
|
const auto cert = certs.first();
|
|
if (cert.isNull()) {
|
|
//: %1 will be replaced by the certificate path
|
|
qWarning() << tr("failed to parse certificate file: %1").arg(certPath);
|
|
return fingerprint;
|
|
}
|
|
|
|
return cert.digest(QCryptographicHash::Sha256);
|
|
}
|
|
|
|
bool TlsUtility::generateCertificate() const
|
|
{
|
|
qDebug(
|
|
"generating tls certificate, "
|
|
"all clients must trust the new fingerprint"
|
|
);
|
|
|
|
auto length = Settings::value(Settings::Security::KeySize).toInt();
|
|
|
|
if (length < 2048) {
|
|
length = 2048;
|
|
qDebug("selected size too small setting certificate size to 2048");
|
|
Settings::setValue(Settings::Security::KeySize, 2048);
|
|
}
|
|
|
|
const auto certificate = Settings::value(Settings::Security::Certificate).toString();
|
|
return m_certificate.generateCertificate(certificate, length);
|
|
}
|
|
|
|
} // namespace deskflow::gui
|