def __importCertificate(self): """ Private method to read a certificate. @return certificates read (list of QSslCertificate) """ fname = E5FileDialog.getOpenFileName( self, self.tr("Import Certificate"), "", self.tr("Certificate Files (*.pem *.crt *.der *.cer *.ca);;" "All Files (*)")) if fname: f = QFile(fname) if not f.open(QIODevice.ReadOnly): E5MessageBox.critical( self, self.tr("Export Certificate"), self.tr( """<p>The certificate could not be read from file""" """ <b>{0}</b></p><p>Error: {1}</p>""") .format(fname, f.errorString())) return [] crt = f.readAll() f.close() cert = QSslCertificate.fromData(crt, QSsl.Pem) if not cert: cert = QSslCertificate.fromData(crt, QSsl.Der) return cert return []
def __importCertificate(self): """ Private method to read a certificate. @return certificates read (list of QSslCertificate) """ fname = E5FileDialog.getOpenFileName( self, self.tr("Import Certificate"), "", self.tr("Certificate Files (*.pem *.crt *.der *.cer *.ca);;" "All Files (*)"), ) if fname: f = QFile(fname) if not f.open(QIODevice.ReadOnly): E5MessageBox.critical( self, self.tr("Export Certificate"), self.tr( """<p>The certificate could not be read from file""" """ <b>{0}</b></p><p>Error: {1}</p>""" ).format(fname, f.errorString()), ) return [] crt = f.readAll() f.close() cert = QSslCertificate.fromData(crt, QSsl.Pem) if not cert: cert = QSslCertificate.fromData(crt, QSsl.Der) return cert return []
def __init__(self, parent=None): """ Constructor @param parent reference to the parent object (QObject) """ super(E5SslErrorHandler, self).__init__(parent) caList = self.__getSystemCaCertificates() if Preferences.Prefs.settings.contains("Help/CaCertificatesDict"): # port old entries stored under 'Help' certificateDict = Globals.toDict( Preferences.Prefs.settings.value("Help/CaCertificatesDict")) Preferences.Prefs.settings.setValue( "Ssl/CaCertificatesDict", certificateDict) Preferences.Prefs.settings.remove("Help/CaCertificatesDict") else: certificateDict = Globals.toDict( Preferences.Prefs.settings.value("Ssl/CaCertificatesDict")) for server in certificateDict: for cert in QSslCertificate.fromData(certificateDict[server]): if cert not in caList: caList.append(cert) sslCfg = QSslConfiguration.defaultConfiguration() sslCfg.setCaCertificates(caList) sslCfg.setProtocol(QSsl.AnyProtocol) try: sslCfg.setSslOption(QSsl.SslOptionDisableCompression, True) except AttributeError: pass QSslConfiguration.setDefaultConfiguration(sslCfg)
def __init__(self, parent=None): """ Constructor @param parent reference to the parent object (QObject) """ super(E5SslErrorHandler, self).__init__(parent) caList = self.__getSystemCaCertificates() if Preferences.Prefs.settings.contains("Help/CaCertificatesDict"): # port old entries stored under 'Help' certificateDict = Globals.toDict( Preferences.Prefs.settings.value("Help/CaCertificatesDict")) Preferences.Prefs.settings.setValue( "Ssl/CaCertificatesDict", certificateDict) Preferences.Prefs.settings.remove("Help/CaCertificatesDict") else: certificateDict = Globals.toDict( Preferences.Prefs.settings.value("Ssl/CaCertificatesDict")) for server in certificateDict: for cert in QSslCertificate.fromData(certificateDict[server]): if cert not in caList: caList.append(cert) sslCfg = QSslConfiguration.defaultConfiguration() sslCfg.setCaCertificates(caList) sslCfg.setProtocol(QSsl.AnyProtocol) try: sslCfg.setSslOption(QSsl.SslOptionDisableCompression, True) except AttributeError: pass QSslConfiguration.setDefaultConfiguration(sslCfg)
def __getSystemCaCertificates(self): """ Private method to get the list of system certificates. @return list of system certificates (list of QSslCertificate) """ caList = QSslCertificate.fromData(Globals.toByteArray( Preferences.Prefs.settings.value("Ssl/SystemCertificates"))) if not caList: caList = QSslSocket.systemCaCertificates() return caList
def __getSystemCaCertificates(self): """ Private method to get the list of system certificates. @return list of system certificates (list of QSslCertificate) """ caList = QSslCertificate.fromData(Globals.toByteArray( Preferences.Prefs.settings.value("Ssl/SystemCertificates"))) if not caList: caList = QSslSocket.systemCaCertificates() return caList
def __populateServerCertificatesTree(self): """ Private slot to populate the server certificates tree. """ certificateDict = Globals.toDict(Preferences.Prefs.settings.value("Ssl/CaCertificatesDict")) for server in certificateDict: for cert in QSslCertificate.fromData(certificateDict[server]): self.__createServerCertificateEntry(server, cert) self.serversCertificatesTree.expandAll() for i in range(self.serversCertificatesTree.columnCount()): self.serversCertificatesTree.resizeColumnToContents(i)
def on_caViewButton_clicked(self): """ Private slot to show data of the selected CA certificate. """ try: from E5Network.E5SslCertificatesInfoDialog import E5SslCertificatesInfoDialog cert = QSslCertificate.fromData(self.caCertificatesTree.currentItem().data(0, self.CertRole)) dlg = E5SslCertificatesInfoDialog(cert, self) dlg.exec_() except ImportError: pass
def __updateDefaultConfiguration(self): """ Private method to update the default SSL configuration. """ caList = self.__getSystemCaCertificates() certificateDict = Globals.toDict(Preferences.Prefs.settings.value("Ssl/CaCertificatesDict")) for server in certificateDict: for cert in QSslCertificate.fromData(certificateDict[server]): if cert not in caList: caList.append(cert) sslCfg = QSslConfiguration.defaultConfiguration() sslCfg.setCaCertificates(caList) QSslConfiguration.setDefaultConfiguration(sslCfg)
def on_caViewButton_clicked(self): """ Private slot to show data of the selected CA certificate. """ try: from E5Network.E5SslCertificatesInfoDialog import \ E5SslCertificatesInfoDialog cert = QSslCertificate.fromData( self.caCertificatesTree.currentItem().data(0, self.CertRole)) dlg = E5SslCertificatesInfoDialog(cert, self) dlg.exec_() except ImportError: pass
def __populateServerCertificatesTree(self): """ Private slot to populate the server certificates tree. """ certificateDict = Globals.toDict( Preferences.Prefs.settings.value("Ssl/CaCertificatesDict")) for server in certificateDict: for cert in QSslCertificate.fromData(certificateDict[server]): self.__createServerCertificateEntry(server, cert) self.serversCertificatesTree.expandAll() for i in range(self.serversCertificatesTree.columnCount()): self.serversCertificatesTree.resizeColumnToContents(i)
def __updateDefaultConfiguration(self): """ Private method to update the default SSL configuration. """ caList = self.__getSystemCaCertificates() certificateDict = Globals.toDict( Preferences.Prefs.settings.value("Ssl/CaCertificatesDict")) for server in certificateDict: for cert in QSslCertificate.fromData(certificateDict[server]): if cert not in caList: caList.append(cert) sslCfg = QSslConfiguration.defaultConfiguration() sslCfg.setCaCertificates(caList) QSslConfiguration.setDefaultConfiguration(sslCfg)
def __init__(self, *args, **kwargs): super(Window, self).__init__(*args, **kwargs) self.resize(800, 600) # 浏览器设置 setting = QWebSettings.globalSettings() setting.setAttribute(QWebSettings.PluginsEnabled, True) # 解决xp下ssl问题 self.page().networkAccessManager().sslErrors.connect(self.handleSslErrors) sslconf = QSslConfiguration.defaultConfiguration() clist = sslconf.caCertificates() cnew = QSslCertificate.fromData(b"CaCertificates") clist.extend(cnew) sslconf.setCaCertificates(clist) sslconf.setProtocol(QSsl.AnyProtocol) QSslConfiguration.setDefaultConfiguration(sslconf)
def on_viewButton_clicked(self): """ Private slot to show data of the selected certificate. """ try: from E5Network.E5SslCertificatesInfoDialog import ( E5SslCertificatesInfoDialog ) cert = QSslCertificate.fromData( self.certificatesTree.selectedItems()[0].data( 0, self.CertRole)) dlg = E5SslCertificatesInfoDialog(cert, self) dlg.exec_() except ImportError: pass
def on_serversDeleteButton_clicked(self): """ Private slot to delete the selected server certificate. """ itm = self.serversCertificatesTree.currentItem() res = E5MessageBox.yesNo( self, self.tr("Delete Server Certificate"), self.tr("""<p>Shall the server certificate really be""" """ deleted?</p><p>{0}</p>""" """<p>If the server certificate is deleted, the""" """ normal security checks will be reinstantiated""" """ and the server has to present a valid""" """ certificate.</p>""") .format(itm.text(0))) if res: server = itm.text(1) cert = self.serversCertificatesTree.currentItem().data( 0, self.CertRole) # delete the selected entry and its parent entry, # if it was the only one parent = itm.parent() parent.takeChild(parent.indexOfChild(itm)) if parent.childCount() == 0: self.serversCertificatesTree.takeTopLevelItem( self.serversCertificatesTree.indexOfTopLevelItem(parent)) # delete the certificate from the user certificate store certificateDict = Globals.toDict( Preferences.Prefs.settings.value("Ssl/CaCertificatesDict")) if server in certificateDict: certs = QSslCertificate.fromData(certificateDict[server]) if cert in certs: certs.remove(cert) if certs: pems = QByteArray() for cert in certs: pems.append(cert.toPem() + '\n') certificateDict[server] = pems else: del certificateDict[server] Preferences.Prefs.settings.setValue( "Ssl/CaCertificatesDict", certificateDict) # delete the certificate from the default certificates self.__updateDefaultConfiguration()
def on_serversDeleteButton_clicked(self): """ Private slot to delete the selected server certificate. """ itm = self.serversCertificatesTree.currentItem() res = E5MessageBox.yesNo( self, self.tr("Delete Server Certificate"), self.tr("""<p>Shall the server certificate really be""" """ deleted?</p><p>{0}</p>""" """<p>If the server certificate is deleted, the""" """ normal security checks will be reinstantiated""" """ and the server has to present a valid""" """ certificate.</p>""") .format(itm.text(0))) if res: server = itm.text(1) cert = self.serversCertificatesTree.currentItem().data( 0, self.CertRole) # delete the selected entry and its parent entry, # if it was the only one parent = itm.parent() parent.takeChild(parent.indexOfChild(itm)) if parent.childCount() == 0: self.serversCertificatesTree.takeTopLevelItem( self.serversCertificatesTree.indexOfTopLevelItem(parent)) # delete the certificate from the user certificate store certificateDict = Preferences.toDict( Preferences.Prefs.settings.value("Ssl/CaCertificatesDict")) if server in certificateDict: certs = QSslCertificate.fromData(certificateDict[server]) if cert in certs: certs.remove(cert) if certs: pems = QByteArray() for cert in certs: pems.append(cert.toPem() + '\n') certificateDict[server] = pems else: del certificateDict[server] Preferences.Prefs.settings.setValue( "Ssl/CaCertificatesDict", certificateDict) # delete the certificate from the default certificates self.__updateDefaultConfiguration()
def on_serversImportButton_clicked(self): """ Private slot to import server certificates. """ certs = self.__importCertificate() if certs: server = "*" certificateDict = Globals.toDict( Preferences.Prefs.settings.value("Ssl/CaCertificatesDict")) if server in certificateDict: sCerts = QSslCertificate.fromData(certificateDict[server]) else: sCerts = [] pems = QByteArray() for cert in certs: if cert in sCerts: if qVersion() >= "5.0.0": commonStr = ", ".join( cert.subjectInfo(QSslCertificate.CommonName)) else: commonStr = cert.subjectInfo( QSslCertificate.CommonName) E5MessageBox.warning( self, self.tr("Import Certificate"), self.tr( """<p>The certificate <b>{0}</b> already exists.""" """ Skipping.</p>""") .format(Utilities.decodeString(commonStr))) else: pems.append(cert.toPem() + '\n') if server not in certificateDict: certificateDict[server] = QByteArray() certificateDict[server].append(pems) Preferences.Prefs.settings.setValue( "Ssl/CaCertificatesDict", certificateDict) self.serversCertificatesTree.clear() self.__populateServerCertificatesTree() self.__updateDefaultConfiguration()
def on_serversImportButton_clicked(self): """ Private slot to import server certificates. """ certs = self.__importCertificate() if certs: server = "*" certificateDict = Preferences.toDict( Preferences.Prefs.settings.value("Ssl/CaCertificatesDict")) if server in certificateDict: sCerts = QSslCertificate.fromData(certificateDict[server]) else: sCerts = [] pems = QByteArray() for cert in certs: if cert in sCerts: if qVersion() >= "5.0.0": commonStr = ", ".join( cert.subjectInfo(QSslCertificate.CommonName)) else: commonStr = cert.subjectInfo( QSslCertificate.CommonName) E5MessageBox.warning( self, self.tr("Import Certificate"), self.tr( """<p>The certificate <b>{0}</b> already exists.""" """ Skipping.</p>""") .format(Utilities.decodeString(commonStr))) else: pems.append(cert.toPem() + '\n') if server not in certificateDict: certificateDict[server] = QByteArray() certificateDict[server].append(pems) Preferences.Prefs.settings.setValue( "Ssl/CaCertificatesDict", certificateDict) self.serversCertificatesTree.clear() self.__populateServerCertificatesTree() self.__updateDefaultConfiguration()
def getSelectedCertificate(self): """ Public method to get the selected certificate. @return selected certificate @rtype QSslCertificate """ valid = ( len(self.certificatesTree.selectedItems()) > 0 and self.certificatesTree.selectedItems()[0].parent() is not None ) if valid: certificate = QSslCertificate.fromData( self.certificatesTree.selectedItems()[0].data( 0, self.CertRole)) else: certificate = None return certificate
def sslErrors(self, errors, server, port=-1): """ Public method to handle SSL errors. @param errors list of SSL errors (list of QSslError) @param server name of the server (string) @keyparam port value of the port (integer) @return tuple indicating to ignore the SSL errors (one of NotIgnored, SystemIgnored or UserIgnored) and indicating a change of the default SSL configuration (boolean) """ caMerge = {} certificateDict = Globals.toDict( Preferences.Prefs.settings.value("Ssl/CaCertificatesDict")) for caServer in certificateDict: caMerge[caServer] = QSslCertificate.fromData( certificateDict[caServer]) caNew = [] errorStrings = [] if port != -1: server += ":{0:d}".format(port) if errors: for err in errors: if err.error() == QSslError.NoError: continue if server in caMerge and err.certificate() in caMerge[server]: continue errorStrings.append(err.errorString()) if not err.certificate().isNull(): cert = err.certificate() if cert not in caNew: caNew.append(cert) if not errorStrings: return E5SslErrorHandler.SystemIgnored, False errorString = '.</li><li>'.join(errorStrings) ret = E5MessageBox.yesNo( None, self.tr("SSL Errors"), self.tr("""<p>SSL Errors for <br /><b>{0}</b>""" """<ul><li>{1}</li></ul></p>""" """<p>Do you want to ignore these errors?</p>""").format( server, errorString), icon=E5MessageBox.Warning) if ret: caRet = False if len(caNew) > 0: certinfos = [] for cert in caNew: certinfos.append(self.__certToString(cert)) caRet = E5MessageBox.yesNo( None, self.tr("Certificates"), self.tr("""<p>Certificates:<br/>{0}<br/>""" """Do you want to accept all these certificates?""" """</p>""").format("".join(certinfos))) if caRet: if server not in caMerge: caMerge[server] = [] for cert in caNew: caMerge[server].append(cert) sslCfg = QSslConfiguration.defaultConfiguration() caList = sslCfg.caCertificates() for cert in caNew: caList.append(cert) sslCfg.setCaCertificates(caList) try: sslCfg.setProtocol(QSsl.TlsV1_1OrLater) except AttributeError: sslCfg.setProtocol(QSsl.SecureProtocols) try: sslCfg.setSslOption(QSsl.SslOptionDisableCompression, True) except AttributeError: pass QSslConfiguration.setDefaultConfiguration(sslCfg) certificateDict = {} for server in caMerge: pems = QByteArray() for cert in caMerge[server]: pems.append(cert.toPem() + b'\n') certificateDict[server] = pems Preferences.Prefs.settings.setValue( "Ssl/CaCertificatesDict", certificateDict) return E5SslErrorHandler.UserIgnored, caRet else: return E5SslErrorHandler.NotIgnored, False
logger = getLogger(__name__) logger.debug("icons_rc found: %r", viur_admin.ui.icons_rc) # import guard if not isPyodide: # Setup the SSL-Configuration. We accept only the two known Certificates from google; reject all other try: css = QtCore.QFile(":resources/cacert.pem") css.open(QtCore.QFile.ReadOnly) certs = css.readAll() except: certs = None if certs: baseSslConfig = QSslConfiguration.defaultConfiguration() baseSslConfig.setCaCertificates(QSslCertificate.fromData(certs)) QSslConfiguration.setDefaultConfiguration(baseSslConfig) nam = QNetworkAccessManager() _isSecureSSL = True else: # We got no valid certificate file - accept all SSL connections nam = QNetworkAccessManager() class SSLFIX(QtCore.QObject): def onSSLError(self, networkReply: Any, sslErros: Any) -> None: networkReply.ignoreSslErrors() _SSLFIX = SSLFIX() nam.sslErrors.connect(_SSLFIX.onSSLError) _isSecureSSL = False
def sslErrors(self, errors, server, port=-1): """ Public method to handle SSL errors. @param errors list of SSL errors (list of QSslError) @param server name of the server (string) @keyparam port value of the port (integer) @return tuple indicating to ignore the SSL errors (one of NotIgnored, SystemIgnored or UserIgnored) and indicating a change of the default SSL configuration (boolean) """ caMerge = {} certificateDict = Globals.toDict( Preferences.Prefs.settings.value("Ssl/CaCertificatesDict")) for caServer in certificateDict: caMerge[caServer] = QSslCertificate.fromData( certificateDict[caServer]) caNew = [] errorStrings = [] if port != -1: server += ":{0:d}".format(port) if errors: for err in errors: if err.error() == QSslError.NoError: continue if server in caMerge and err.certificate() in caMerge[server]: continue errorStrings.append(err.errorString()) if not err.certificate().isNull(): cert = err.certificate() if cert not in caNew: caNew.append(cert) if not errorStrings: return E5SslErrorHandler.SystemIgnored, False errorString = '.</li><li>'.join(errorStrings) ret = E5MessageBox.yesNo( None, self.tr("SSL Errors"), self.tr("""<p>SSL Errors for <br /><b>{0}</b>""" """<ul><li>{1}</li></ul></p>""" """<p>Do you want to ignore these errors?</p>""") .format(server, errorString), icon=E5MessageBox.Warning) if ret: caRet = False if len(caNew) > 0: certinfos = [] for cert in caNew: certinfos.append(self.__certToString(cert)) caRet = E5MessageBox.yesNo( None, self.tr("Certificates"), self.tr( """<p>Certificates:<br/>{0}<br/>""" """Do you want to accept all these certificates?""" """</p>""") .format("".join(certinfos))) if caRet: if server not in caMerge: caMerge[server] = [] for cert in caNew: caMerge[server].append(cert) sslCfg = QSslConfiguration.defaultConfiguration() caList = sslCfg.caCertificates() for cert in caNew: caList.append(cert) sslCfg.setCaCertificates(caList) sslCfg.setProtocol(QSsl.AnyProtocol) QSslConfiguration.setDefaultConfiguration(sslCfg) certificateDict = {} for server in caMerge: pems = QByteArray() for cert in caMerge[server]: pems.append(cert.toPem() + b'\n') certificateDict[server] = pems Preferences.Prefs.settings.setValue( "Ssl/CaCertificatesDict", certificateDict) return E5SslErrorHandler.UserIgnored, caRet else: return E5SslErrorHandler.NotIgnored, False