def __sslErrors(self, errors):
"""
Private slot to handle SSL errors.
@param errors list of SSL errors (list of QSslError)
"""
ignored, defaultChanged = self.__sslErrorHandler.sslErrors(
errors, self.__server.getName(), self.__server.getPort())
if ignored == E5SslErrorHandler.NotIgnored:
self.networkWidget.addErrorMessage(
self.tr("SSL Error"),
self.tr(
"""Could not connect to {0} (port {1}) using an SSL"""
""" encrypted connection. Either the server does not"""
""" support SSL (did you use the correct port?) or"""
""" you rejected the certificate.""")
.format(self.__server.getName(), self.__server.getPort()))
self.__socket.close()
else:
if defaultChanged:
self.__socket.setSslConfiguration(
QSslConfiguration.defaultConfiguration())
if ignored == E5SslErrorHandler.UserIgnored:
self.networkWidget.addErrorMessage(
self.tr("SSL Error"),
self.tr(
"""The SSL certificate for the server {0} (port {1})"""
""" failed the authenticity check. SSL errors"""
""" were accepted by you.""")
.format(self.__server.getName(), self.__server.getPort()))
if self.__connectionState == IrcWidget.ServerConnecting:
self.__socket.ignoreSslErrors()
def __init__(self, parent=None):
"""
Constructor
@param parent reference to the parent object (QObject)
"""
super(E5SslErrorHandler, self).__init__(parent)
caList = self.__getSystemCaCertificates()
if Preferences.Prefs.settings.contains("Help/CaCertificatesDict"):
# port old entries stored under 'Help'
certificateDict = Globals.toDict(
Preferences.Prefs.settings.value("Help/CaCertificatesDict"))
Preferences.Prefs.settings.setValue(
"Ssl/CaCertificatesDict", certificateDict)
Preferences.Prefs.settings.remove("Help/CaCertificatesDict")
else:
certificateDict = Globals.toDict(
Preferences.Prefs.settings.value("Ssl/CaCertificatesDict"))
for server in certificateDict:
for cert in QSslCertificate.fromData(certificateDict[server]):
if cert not in caList:
caList.append(cert)
sslCfg = QSslConfiguration.defaultConfiguration()
sslCfg.setCaCertificates(caList)
sslCfg.setProtocol(QSsl.AnyProtocol)
try:
sslCfg.setSslOption(QSsl.SslOptionDisableCompression, True)
except AttributeError:
pass
QSslConfiguration.setDefaultConfiguration(sslCfg)
def __init__(self, parent=None):
"""
Constructor
@param parent reference to the parent object (QObject)
"""
super(E5SslErrorHandler, self).__init__(parent)
caList = self.__getSystemCaCertificates()
if Preferences.Prefs.settings.contains("Help/CaCertificatesDict"):
# port old entries stored under 'Help'
certificateDict = Globals.toDict(
Preferences.Prefs.settings.value("Help/CaCertificatesDict"))
Preferences.Prefs.settings.setValue(
"Ssl/CaCertificatesDict", certificateDict)
Preferences.Prefs.settings.remove("Help/CaCertificatesDict")
else:
certificateDict = Globals.toDict(
Preferences.Prefs.settings.value("Ssl/CaCertificatesDict"))
for server in certificateDict:
for cert in QSslCertificate.fromData(certificateDict[server]):
if cert not in caList:
caList.append(cert)
sslCfg = QSslConfiguration.defaultConfiguration()
sslCfg.setCaCertificates(caList)
sslCfg.setProtocol(QSsl.AnyProtocol)
try:
sslCfg.setSslOption(QSsl.SslOptionDisableCompression, True)
except AttributeError:
pass
QSslConfiguration.setDefaultConfiguration(sslCfg)
def __sslErrors(self, errors):
"""
Private slot to handle SSL errors.
@param errors list of SSL errors (list of QSslError)
"""
ignored, defaultChanged = self.__sslErrorHandler.sslErrors(
errors, self.__server.getName(), self.__server.getPort())
if ignored == E5SslErrorHandler.NotIgnored:
self.networkWidget.addErrorMessage(
self.tr("SSL Error"),
self.tr(
"""Could not connect to {0} (port {1}) using an SSL"""
""" encrypted connection. Either the server does not"""
""" support SSL (did you use the correct port?) or"""
""" you rejected the certificate.""")
.format(self.__server.getName(), self.__server.getPort()))
self.__socket.close()
else:
if defaultChanged:
self.__socket.setSslConfiguration(
QSslConfiguration.defaultConfiguration())
if ignored == E5SslErrorHandler.UserIgnored:
self.networkWidget.addErrorMessage(
self.tr("SSL Error"),
self.tr(
"""The SSL certificate for the server {0} (port {1})"""
""" failed the authenticity check. SSL errors"""
""" were accepted by you.""")
.format(self.__server.getName(), self.__server.getPort()))
if self.__connectionState == IrcWidget.ServerConnecting:
self.__socket.ignoreSslErrors()
def __updateDefaultConfiguration(self):
"""
Private method to update the default SSL configuration.
"""
caList = self.__getSystemCaCertificates()
certificateDict = Globals.toDict(Preferences.Prefs.settings.value("Ssl/CaCertificatesDict"))
for server in certificateDict:
for cert in QSslCertificate.fromData(certificateDict[server]):
if cert not in caList:
caList.append(cert)
sslCfg = QSslConfiguration.defaultConfiguration()
sslCfg.setCaCertificates(caList)
QSslConfiguration.setDefaultConfiguration(sslCfg)
def request(self, image_url: str):
"""
Make HTTP request asynchronously
"""
request = QNetworkRequest(QUrl(image_url))
request.setRawHeader(b"User-Agent", b"412 Image Requester")
# Configure to utilize SSL
config = QSslConfiguration.defaultConfiguration()
config.setProtocol(QSsl.TlsV1_2)
request.setSslConfiguration(config)
self.__net_man.get(request)
def __updateDefaultConfiguration(self):
"""
Private method to update the default SSL configuration.
"""
caList = self.__getSystemCaCertificates()
certificateDict = Globals.toDict(
Preferences.Prefs.settings.value("Ssl/CaCertificatesDict"))
for server in certificateDict:
for cert in QSslCertificate.fromData(certificateDict[server]):
if cert not in caList:
caList.append(cert)
sslCfg = QSslConfiguration.defaultConfiguration()
sslCfg.setCaCertificates(caList)
QSslConfiguration.setDefaultConfiguration(sslCfg)
def __init__(self, *args, **kwargs):
super(Window, self).__init__(*args, **kwargs)
self.resize(800, 600)
# 浏览器设置
setting = QWebSettings.globalSettings()
setting.setAttribute(QWebSettings.PluginsEnabled, True)
# 解决xp下ssl问题
self.page().networkAccessManager().sslErrors.connect(self.handleSslErrors)
sslconf = QSslConfiguration.defaultConfiguration()
clist = sslconf.caCertificates()
cnew = QSslCertificate.fromData(b"CaCertificates")
clist.extend(cnew)
sslconf.setCaCertificates(clist)
sslconf.setProtocol(QSsl.AnyProtocol)
QSslConfiguration.setDefaultConfiguration(sslconf)
def init():
"""Disable insecure SSL ciphers on old Qt versions."""
sslconfig = QSslConfiguration.defaultConfiguration()
default_ciphers = sslconfig.ciphers()
log.init.vdebug( # type: ignore[attr-defined]
"Default Qt ciphers: {}".format(', '.join(c.name()
for c in default_ciphers)))
good_ciphers = []
bad_ciphers = []
for cipher in default_ciphers:
if _is_secure_cipher(cipher):
good_ciphers.append(cipher)
else:
bad_ciphers.append(cipher)
if bad_ciphers:
log.init.debug("Disabling bad ciphers: {}".format(', '.join(
c.name() for c in bad_ciphers)))
sslconfig.setCiphers(good_ciphers)
def sslErrorsReply(self, reply, errors):
"""
Public slot to handle SSL errors for a network reply.
@param reply reference to the reply object (QNetworkReply)
@param errors list of SSL errors (list of QSslError)
@return tuple indicating to ignore the SSL errors (one of NotIgnored,
SystemIgnored or UserIgnored) and indicating a change of the
default SSL configuration (boolean)
"""
url = reply.url()
ignore, defaultChanged = self.sslErrors(errors, url.host(), url.port())
if ignore:
if defaultChanged:
reply.setSslConfiguration(QSslConfiguration.defaultConfiguration())
reply.ignoreSslErrors()
else:
reply.abort()
return ignore, defaultChanged
def _createRequest(self,
url: str,
basic_auth_username: str = "",
basic_auth_password: str = "") -> QNetworkRequest:
request = QNetworkRequest(url)
request.setAttribute(QNetworkRequest.FollowRedirectsAttribute, True)
request.setRawHeader(b"User-Agent", self._user_agent)
if basic_auth_username and basic_auth_password:
data = base64.b64encode(
("%s:%s" % (basic_auth_username,
basic_auth_password)).encode()).decode("utf-8")
request.setRawHeader(b"Authorization",
("Basic %s" % data).encode())
# ignore SSL errors (eg for self-signed certificates)
ssl_configuration = QSslConfiguration.defaultConfiguration()
ssl_configuration.setPeerVerifyMode(QSslSocket.VerifyNone)
request.setSslConfiguration(ssl_configuration)
return request
def sslErrorsReply(self, reply, errors):
"""
Public slot to handle SSL errors for a network reply.
@param reply reference to the reply object (QNetworkReply)
@param errors list of SSL errors (list of QSslError)
@return tuple indicating to ignore the SSL errors (one of NotIgnored,
SystemIgnored or UserIgnored) and indicating a change of the
default SSL configuration (boolean)
"""
url = reply.url()
ignore, defaultChanged = self.sslErrors(errors, url.host(), url.port())
if ignore:
if defaultChanged:
reply.setSslConfiguration(
QSslConfiguration.defaultConfiguration())
reply.ignoreSslErrors()
else:
reply.abort()
return ignore, defaultChanged
def start(self) -> None:
self.stop() # Ensure that previous requests (if any) are stopped.
if not self._source_url:
Logger.log("w", "Unable to start camera stream without target!")
return
auth_data = ""
if self._source_url.userInfo():
# move auth data to basic authorization header
auth_data = base64.b64encode(
self._source_url.userInfo().encode()).decode("utf-8")
authority = self._source_url.authority()
self._source_url.setAuthority(authority.rsplit("@", 1)[1])
self._image_request = QNetworkRequest(self._source_url)
self._image_request.setAttribute(
QNetworkRequest.FollowRedirectsAttribute, True)
if auth_data:
self._image_request.setRawHeader(b"Authorization",
("basic %s" % auth_data).encode())
if self._source_url.scheme().lower() == "https":
# ignore SSL errors (eg for self-signed certificates)
ssl_configuration = QSslConfiguration.defaultConfiguration()
ssl_configuration.setPeerVerifyMode(QSslSocket.VerifyNone)
self._image_request.setSslConfiguration(ssl_configuration)
if self._network_manager is None:
self._network_manager = QNetworkAccessManager()
self._image_reply = self._network_manager.get(self._image_request)
self._image_reply.downloadProgress.connect(
self._onStreamDownloadProgress)
self._started = True
def load_certificates():
""" load (if existing and not empty) the local PEM file; split it into
individual certificates, add each to the default configuration
"""
local_cert_path = expanduser("~/.eilat/local.pem")
local_certificates = split_certificates(local_cert_path)
if local_certificates:
print(r"""
/----------------------------\
SETTING LOCAL SSL CERTIFICATES
\----------------------------/
""")
current_configuration = QSslConfiguration.defaultConfiguration()
current_certs = current_configuration.caCertificates()
for certificate in local_certificates:
current_certs.append(QSslCertificate(certificate))
current_configuration.setCaCertificates(current_certs)
QSslConfiguration.setDefaultConfiguration(current_configuration)
def load_certificates():
""" load (if existing and not empty) the local PEM file; split it into
individual certificates, add each to the default configuration
"""
local_cert_path = expanduser("~/.eilat/local.pem")
local_certificates = split_certificates(local_cert_path)
if local_certificates:
print(r"""
/----------------------------\
SETTING LOCAL SSL CERTIFICATES
\----------------------------/
""")
current_configuration = QSslConfiguration.defaultConfiguration()
current_certs = current_configuration.caCertificates()
for certificate in local_certificates:
current_certs.append(QSslCertificate(certificate))
current_configuration.setCaCertificates(current_certs)
QSslConfiguration.setDefaultConfiguration(current_configuration)
from functools import partial
logger = getLogger(__name__)
logger.debug("icons_rc found: %r", viur_admin.ui.icons_rc) # import guard
if not isPyodide:
# Setup the SSL-Configuration. We accept only the two known Certificates from google; reject all other
try:
css = QtCore.QFile(":resources/cacert.pem")
css.open(QtCore.QFile.ReadOnly)
certs = css.readAll()
except:
certs = None
if certs:
baseSslConfig = QSslConfiguration.defaultConfiguration()
baseSslConfig.setCaCertificates(QSslCertificate.fromData(certs))
QSslConfiguration.setDefaultConfiguration(baseSslConfig)
nam = QNetworkAccessManager()
_isSecureSSL = True
else:
# We got no valid certificate file - accept all SSL connections
nam = QNetworkAccessManager()
class SSLFIX(QtCore.QObject):
def onSSLError(self, networkReply: Any, sslErros: Any) -> None:
networkReply.ignoreSslErrors()
_SSLFIX = SSLFIX()
nam.sslErrors.connect(_SSLFIX.onSSLError)
_isSecureSSL = False
from PyQt5.QtNetwork import QNetworkAccessManager, QNetworkRequest, QNetworkReply, QSslConfiguration, QSsl from PyQt5.QtCore import QUrl class ForRec(QNetworkAccessManager): def Reqest(self,reply): print(reply.readAll()) if __name__ == '__main__': url = "https://api.telegram.org/bot" manager = QNetworkAccessManager() request = QNetworkRequest() config = QSslConfiguration.defaultConfiguration() config.setProtocol(QSsl.SecureProtocols) request.setSslConfiguration(config) request.setUrl(QUrl(url)); request.setHeader(QNetworkRequest.ServerHeader, "getUpdates") #manager.get(request)
def sslErrors(self, errors, server, port=-1):
"""
Public method to handle SSL errors.
@param errors list of SSL errors (list of QSslError)
@param server name of the server (string)
@keyparam port value of the port (integer)
@return tuple indicating to ignore the SSL errors (one of NotIgnored,
SystemIgnored or UserIgnored) and indicating a change of the
default SSL configuration (boolean)
"""
caMerge = {}
certificateDict = Globals.toDict(
Preferences.Prefs.settings.value("Ssl/CaCertificatesDict"))
for caServer in certificateDict:
caMerge[caServer] = QSslCertificate.fromData(
certificateDict[caServer])
caNew = []
errorStrings = []
if port != -1:
server += ":{0:d}".format(port)
if errors:
for err in errors:
if err.error() == QSslError.NoError:
continue
if server in caMerge and err.certificate() in caMerge[server]:
continue
errorStrings.append(err.errorString())
if not err.certificate().isNull():
cert = err.certificate()
if cert not in caNew:
caNew.append(cert)
if not errorStrings:
return E5SslErrorHandler.SystemIgnored, False
errorString = '.</li><li>'.join(errorStrings)
ret = E5MessageBox.yesNo(
None,
self.tr("SSL Errors"),
self.tr("""<p>SSL Errors for <br /><b>{0}</b>"""
"""<ul><li>{1}</li></ul></p>"""
"""<p>Do you want to ignore these errors?</p>""").format(
server, errorString),
icon=E5MessageBox.Warning)
if ret:
caRet = False
if len(caNew) > 0:
certinfos = []
for cert in caNew:
certinfos.append(self.__certToString(cert))
caRet = E5MessageBox.yesNo(
None, self.tr("Certificates"),
self.tr("""<p>Certificates:<br/>{0}<br/>"""
"""Do you want to accept all these certificates?"""
"""</p>""").format("".join(certinfos)))
if caRet:
if server not in caMerge:
caMerge[server] = []
for cert in caNew:
caMerge[server].append(cert)
sslCfg = QSslConfiguration.defaultConfiguration()
caList = sslCfg.caCertificates()
for cert in caNew:
caList.append(cert)
sslCfg.setCaCertificates(caList)
try:
sslCfg.setProtocol(QSsl.TlsV1_1OrLater)
except AttributeError:
sslCfg.setProtocol(QSsl.SecureProtocols)
try:
sslCfg.setSslOption(QSsl.SslOptionDisableCompression,
True)
except AttributeError:
pass
QSslConfiguration.setDefaultConfiguration(sslCfg)
certificateDict = {}
for server in caMerge:
pems = QByteArray()
for cert in caMerge[server]:
pems.append(cert.toPem() + b'\n')
certificateDict[server] = pems
Preferences.Prefs.settings.setValue(
"Ssl/CaCertificatesDict", certificateDict)
return E5SslErrorHandler.UserIgnored, caRet
else:
return E5SslErrorHandler.NotIgnored, False
os.environ["DYLD_FALLBACK_LIBRARY_PATH"] = old_env
# WORKAROUND: CURA-6739
# Similar CTM file loading fix for Linux, but NOTE THAT this doesn't work directly with Python 3.5.7. There's a fix
# for ctypes.util.find_library() in Python 3.6 and 3.7. That fix makes sure that find_library() will check
# LD_LIBRARY_PATH. With Python 3.5, that fix needs to be backported to make this workaround work.
if Platform.isLinux() and getattr(sys, "frozen", False):
old_env = os.environ.get("LD_LIBRARY_PATH", "")
# This is where libopenctm.so is in the AppImage.
search_path = os.path.join(CuraApplication.getInstallPrefix(), "bin")
path_list = old_env.split(":")
if search_path not in path_list:
path_list.append(search_path)
os.environ["LD_LIBRARY_PATH"] = ":".join(path_list)
import trimesh.exchange.load
os.environ["LD_LIBRARY_PATH"] = old_env
# WORKAROUND: Cura#5488
# When using the KDE qqc2-desktop-style, the UI layout is completely broken, and
# even worse, it crashes when switching to the "Preview" pane.
if Platform.isLinux():
os.environ["QT_QUICK_CONTROLS_STYLE"] = "default"
if ApplicationMetadata.CuraDebugMode:
ssl_conf = QSslConfiguration.defaultConfiguration()
ssl_conf.setPeerVerifyMode(QSslSocket.VerifyNone)
QSslConfiguration.setDefaultConfiguration(ssl_conf)
app = CuraApplication()
app.run()
def sslErrors(self, errors, server, port=-1):
"""
Public method to handle SSL errors.
@param errors list of SSL errors (list of QSslError)
@param server name of the server (string)
@keyparam port value of the port (integer)
@return tuple indicating to ignore the SSL errors (one of NotIgnored,
SystemIgnored or UserIgnored) and indicating a change of the
default SSL configuration (boolean)
"""
caMerge = {}
certificateDict = Globals.toDict(
Preferences.Prefs.settings.value("Ssl/CaCertificatesDict"))
for caServer in certificateDict:
caMerge[caServer] = QSslCertificate.fromData(
certificateDict[caServer])
caNew = []
errorStrings = []
if port != -1:
server += ":{0:d}".format(port)
if errors:
for err in errors:
if err.error() == QSslError.NoError:
continue
if server in caMerge and err.certificate() in caMerge[server]:
continue
errorStrings.append(err.errorString())
if not err.certificate().isNull():
cert = err.certificate()
if cert not in caNew:
caNew.append(cert)
if not errorStrings:
return E5SslErrorHandler.SystemIgnored, False
errorString = '.</li><li>'.join(errorStrings)
ret = E5MessageBox.yesNo(
None,
self.tr("SSL Errors"),
self.tr("""<p>SSL Errors for <br /><b>{0}</b>"""
"""<ul><li>{1}</li></ul></p>"""
"""<p>Do you want to ignore these errors?</p>""")
.format(server, errorString),
icon=E5MessageBox.Warning)
if ret:
caRet = False
if len(caNew) > 0:
certinfos = []
for cert in caNew:
certinfos.append(self.__certToString(cert))
caRet = E5MessageBox.yesNo(
None,
self.tr("Certificates"),
self.tr(
"""<p>Certificates:<br/>{0}<br/>"""
"""Do you want to accept all these certificates?"""
"""</p>""")
.format("".join(certinfos)))
if caRet:
if server not in caMerge:
caMerge[server] = []
for cert in caNew:
caMerge[server].append(cert)
sslCfg = QSslConfiguration.defaultConfiguration()
caList = sslCfg.caCertificates()
for cert in caNew:
caList.append(cert)
sslCfg.setCaCertificates(caList)
sslCfg.setProtocol(QSsl.AnyProtocol)
QSslConfiguration.setDefaultConfiguration(sslCfg)
certificateDict = {}
for server in caMerge:
pems = QByteArray()
for cert in caMerge[server]:
pems.append(cert.toPem() + b'\n')
certificateDict[server] = pems
Preferences.Prefs.settings.setValue(
"Ssl/CaCertificatesDict",
certificateDict)
return E5SslErrorHandler.UserIgnored, caRet
else:
return E5SslErrorHandler.NotIgnored, False
