def __init__(self, *args, **kwargs):
"""Initialize this instance."""
super(WebClient, self).__init__(*args, **kwargs)
self.nam = QNetworkAccessManager(QCoreApplication.instance())
self.nam.finished.connect(self._handle_finished)
self.nam.authenticationRequired.connect(self._handle_authentication)
self.nam.proxyAuthenticationRequired.connect(self.handle_proxy_auth)
self.nam.sslErrors.connect(self._handle_ssl_errors)
self.replies = {}
self.proxy_retry = False
self.setup_proxy()
# Force Qt to load the system certificates
QSslSocket.setDefaultCaCertificates(QSslSocket.systemCaCertificates())
# Apply our local certificates as the SSL configuration to be used
# for all QNetworkRequest calls.
self.ssl_config = QSslConfiguration.defaultConfiguration()
ca_certs = self.ssl_config.caCertificates()
try:
for path in glob.glob(os.path.join(get_cert_dir(),
"UbuntuOne*.pem")):
with open(path) as f:
cert = QSslCertificate(f.read())
if cert.isValid():
ca_certs.append(cert)
else:
logger.error("invalid certificate: {}".format(path))
except (IndexError, IOError) as err:
raise WebClientError(
"Unable to configure SSL certificates: {}".format(err))
self.ssl_config.setCaCertificates(ca_certs)
def __init__(self, *args, **kwargs):
"""Initialize this instance."""
super(WebClient, self).__init__(*args, **kwargs)
self.nam = QNetworkAccessManager(QCoreApplication.instance())
self.nam.finished.connect(self._handle_finished)
self.nam.authenticationRequired.connect(self._handle_authentication)
self.nam.proxyAuthenticationRequired.connect(self.handle_proxy_auth)
self.nam.sslErrors.connect(self._handle_ssl_errors)
self.replies = {}
self.proxy_retry = False
self.setup_proxy()
# Force Qt to load the system certificates
QSslSocket.setDefaultCaCertificates(QSslSocket.systemCaCertificates())
# Apply our local certificates as the SSL configuration to be used
# for all QNetworkRequest calls.
self.ssl_config = QSslConfiguration.defaultConfiguration()
ca_certs = self.ssl_config.caCertificates()
try:
for path in glob.glob(
os.path.join(get_cert_dir(), "UbuntuOne*.pem")):
with open(path) as f:
cert = QSslCertificate(f.read())
if cert.isValid():
ca_certs.append(cert)
else:
logger.error("invalid certificate: {}".format(path))
except (IndexError, IOError) as err:
raise WebClientError(
"Unable to configure SSL certificates: {}".format(err))
self.ssl_config.setCaCertificates(ca_certs)
def __init__(self, engine, parent=None):
"""
Constructor
@param engine reference to the help engine (QHelpEngine)
@param parent reference to the parent object (QObject)
"""
QNetworkAccessManager.__init__(self, parent)
self.__adblockNetwork = None
self.__schemeHandlers = {} # dictionary of scheme handlers
self.__proxyFactory = E4NetworkProxyFactory()
self.setProxyFactory(self.__proxyFactory)
self.__setDiskCache()
self.languagesChanged()
if SSL_AVAILABLE:
sslCfg = QSslConfiguration.defaultConfiguration()
caList = sslCfg.caCertificates()
caNew = QSslCertificate.fromData(Preferences.Prefs.settings.value("Help/CaCertificates").toByteArray())
for cert in caNew:
caList.append(cert)
sslCfg.setCaCertificates(caList)
sslCfg.setProtocol(QSsl.AnyProtocol)
try:
sslCfg.setSslOption(QSsl.SslOptionDisableCompression, True)
except AttributeError:
pass
QSslConfiguration.setDefaultConfiguration(sslCfg)
self.connect(self, SIGNAL("sslErrors(QNetworkReply *, const QList<QSslError> &)"), self.__sslErrors)
self.connect(
self,
SIGNAL("proxyAuthenticationRequired(const QNetworkProxy&, QAuthenticator*)"),
self.__proxyAuthenticationRequired,
)
self.connect(
self, SIGNAL("authenticationRequired(QNetworkReply *, QAuthenticator *)"), self.__authenticationRequired
)
# register scheme handlers
self.setSchemeHandler("qthelp", QtHelpAccessHandler(engine, self))
self.setSchemeHandler("pyrc", PyrcAccessHandler(self))
self.setSchemeHandler("about", AboutAccessHandler(self))
self.setSchemeHandler("abp", AdBlockAccessHandler(self))
def populatePKITestCerts():
"""
Populate AuthManager with test certificates.
heavily based on testqgsauthmanager.cpp.
"""
global AUTHM
global AUTHCFGID
global AUTHTYPE
assert (AUTHM is not None)
if AUTHCFGID:
removePKITestCerts()
assert (AUTHCFGID is None)
# set alice PKI data
p_config = QgsAuthMethodConfig()
p_config.setName("alice")
p_config.setMethod("PKI-Paths")
p_config.setUri("http://example.com")
p_config.setConfig("certpath", os.path.join(PKIDATA, 'alice-cert.pem'))
p_config.setConfig("keypath", os.path.join(PKIDATA, 'alice-key.pem'))
assert p_config.isValid()
# add authorities
cacerts = QSslCertificate.fromPath(
os.path.join(PKIDATA,
'subissuer-issuer-root-ca_issuer-2-root-2-ca_chains.pem'))
assert cacerts is not None
AUTHM.storeCertAuthorities(cacerts)
AUTHM.rebuildCaCertsCache()
AUTHM.rebuildTrustedCaCertsCache()
# add alice cert
# boundle = QgsPkiBundle.fromPemPaths(os.path.join(PKIDATA, 'alice-cert.pem'),
# os.path.join(PKIDATA, 'alice-key_w-pass.pem'),
# 'password',
# cacerts)
# assert boundle is not None
# assert boundle.isValid()
# register alice data in auth
AUTHM.storeAuthenticationConfig(p_config)
AUTHCFGID = p_config.id()
assert (AUTHCFGID is not None)
assert (AUTHCFGID != '')
AUTHTYPE = p_config.method()
def populatePKITestCerts():
"""
Populate AuthManager with test certificates.
heavily based on testqgsauthmanager.cpp.
"""
global AUTHM
global AUTHCFGID
global AUTHTYPE
assert (AUTHM is not None)
if AUTHCFGID:
removePKITestCerts()
assert (AUTHCFGID is None)
# set alice PKI data
p_config = QgsAuthMethodConfig()
p_config.setName("alice")
p_config.setMethod("PKI-Paths")
p_config.setUri("http://example.com")
p_config.setConfig("certpath", os.path.join(PKIDATA, 'alice-cert.pem'))
p_config.setConfig("keypath", os.path.join(PKIDATA, 'alice-key.pem'))
assert p_config.isValid()
# add authorities
cacerts = QSslCertificate.fromPath(os.path.join(PKIDATA, 'subissuer-issuer-root-ca_issuer-2-root-2-ca_chains.pem'))
assert cacerts is not None
AUTHM.storeCertAuthorities(cacerts)
AUTHM.rebuildCaCertsCache()
AUTHM.rebuildTrustedCaCertsCache()
# add alice cert
# boundle = QgsPkiBundle.fromPemPaths(os.path.join(PKIDATA, 'alice-cert.pem'),
# os.path.join(PKIDATA, 'alice-key_w-pass.pem'),
# 'password',
# cacerts)
# assert boundle is not None
# assert boundle.isValid()
# register alice data in auth
AUTHM.storeAuthenticationConfig(p_config)
AUTHCFGID = p_config.id()
assert (AUTHCFGID is not None)
assert (AUTHCFGID != '')
AUTHTYPE = p_config.method()
from PyQt4.QtNetwork import QSslCertificate
from qgis.gui import QgsAuthCertInfoDialog
# Certificate for test from http://fm4dd.com/openssl/certexamples.htm
# The one retrieved is http://fm4dd.com/openssl/source/PEM/certs/1024b-rsa-example-cert.pem
remote_url = 'http://fm4dd.com/openssl/source/PEM/certs/1024b-rsa-example-cert.pem'
pem_path = remote_url.split('/')[-1]
# Fetch certificate from remote url and write to file
with open(pem_path, 'wb') as f:
certificate_string = urllib.urlopen(remote_url).read()
f.write(certificate_string)
# Instanciate a first QgsAuthCertInfoDialog using QSslCertificate.fromPath
auth_cert_info_dialog_1 = QgsAuthCertInfoDialog(
QSslCertificate.fromPath(pem_path)[0],
True
)
auth_cert_info_dialog_1.show()
# Instanciate a second QgsAuthCertInfoDialog using QSslCertificate.fromData
auth_cert_info_dialog_2 = QgsAuthCertInfoDialog(
QSslCertificate.fromData(
QByteArray(certificate_string)
)[0],
False
)
auth_cert_info_dialog_2.show()
# coding: utf-8
import urllib
from PyQt4.QtNetwork import QSslCertificate
from qgis.gui import QgsAuthCertInfo
# Certificate for test from http://fm4dd.com/openssl/certexamples.htm
# The one retrieved is http://fm4dd.com/openssl/source/PEM/certs/1024b-rsa-example-cert.pem
remote_url = 'http://fm4dd.com/openssl/source/PEM/certs/1024b-rsa-example-cert.pem'
pem_path = remote_url.split('/')[-1]
# Fetch certificate from remote url and write to file
with open(pem_path, 'wb') as f:
certificate_string = urllib.urlopen(remote_url).read()
f.write(certificate_string)
# Instanciate a QgsAuthCertInfo using QSslCertificate.fromPath
auth_cert_info = QgsAuthCertInfo(
QSslCertificate.fromPath(pem_path)[0],
True
)
auth_cert_info.show()
# coding: utf-8
import urllib
from PyQt4.QtNetwork import QSslCertificate
from qgis.gui import QgsAuthCertInfo
# Certificate for test from http://fm4dd.com/openssl/certexamples.htm
# The one retrieved is http://fm4dd.com/openssl/source/PEM/certs/1024b-rsa-example-cert.pem
remote_url = 'http://fm4dd.com/openssl/source/PEM/certs/1024b-rsa-example-cert.pem'
pem_path = remote_url.split('/')[-1]
# Fetch certificate from remote url and write to file
with open(pem_path, 'wb') as f:
certificate_string = urllib.urlopen(remote_url).read()
f.write(certificate_string)
# Instanciate a QgsAuthCertInfo using QSslCertificate.fromPath
auth_cert_info = QgsAuthCertInfo(QSslCertificate.fromPath(pem_path)[0], True)
auth_cert_info.show()
from hashlib import sha1
from PyQt4 import QtCore, QtGui
from PyQt4.QtCore import QUrl, QObject
from PyQt4.QtNetwork import QNetworkAccessManager, QNetworkRequest, QSslConfiguration, QSslCertificate, QNetworkReply
import traceback
import logging
import weakref
##Setup the SSL-Configuration. We accept only the two known Certificates from google; reject all other
try:
certs = open("cacert.pem", "r").read()
except:
certs = None
if certs:
baseSslConfig = QSslConfiguration.defaultConfiguration()
baseSslConfig.setCaCertificates( QSslCertificate.fromData( certs ) )
QSslConfiguration.setDefaultConfiguration( baseSslConfig )
nam = QNetworkAccessManager()
_isSecureSSL = True
else:
#We got no valid certificate file - accept all SSL connections
nam = QNetworkAccessManager()
class SSLFIX( QtCore.QObject ):
def onSSLError(self, networkReply, sslErros ):
networkReply.ignoreSslErrors()
_SSLFIX = SSLFIX()
nam.sslErrors.connect( _SSLFIX.onSSLError )
_isSecureSSL = False
mimetypes.init()
if os.path.exists("mime.types"):
def __sslErrors(self, reply, errors):
"""
Private slot to handle SSL errors.
@param reply reference to the reply object (QNetworkReply)
@param errors list of SSL errors (list of QSslError)
"""
caMerge = QSslCertificate.fromData(Preferences.Prefs.settings.value("Help/CaCertificates").toByteArray())
caNew = []
errorStrings = QStringList()
for err in errors:
if err.certificate() in caMerge:
continue
errorStrings.append(err.errorString())
if not err.certificate().isNull():
caNew.append(err.certificate())
if errorStrings.isEmpty():
reply.ignoreSslErrors()
return
errorString = errorStrings.join(".</li><li>")
ret = KQMessageBox.warning(
None,
self.trUtf8("SSL Errors"),
self.trUtf8(
"""<p>SSL Errors for <br /><b>%1</b>"""
"""<ul><li>%2</li></ul></p>"""
"""<p>Do you want to ignore these errors?</p>"""
)
.arg(reply.url().toString())
.arg(errorString),
QMessageBox.StandardButtons(QMessageBox.No | QMessageBox.Yes),
QMessageBox.No,
)
if ret == QMessageBox.Yes:
if len(caNew) > 0:
certinfos = QStringList()
for cert in caNew:
certinfos.append(self.__certToString(cert))
ret = KQMessageBox.question(
None,
self.trUtf8("Certificates"),
self.trUtf8(
"""<p>Certificates:<br/>%1<br/>""" """Do you want to accept all these certificates?</p>"""
).arg(certinfos.join("")),
QMessageBox.StandardButtons(QMessageBox.No | QMessageBox.Yes),
QMessageBox.No,
)
if ret == QMessageBox.Yes:
for cert in caNew:
caMerge.append(cert)
sslCfg = QSslConfiguration.defaultConfiguration()
caList = sslCfg.caCertificates()
for cert in caNew:
caList.append(cert)
sslCfg.setCaCertificates(caList)
sslCfg.setProtocol(QSsl.AnyProtocol)
QSslConfiguration.setDefaultConfiguration(sslCfg)
reply.setSslConfiguration(sslCfg)
pems = QByteArray()
for cert in caMerge:
pems.append(cert.toPem() + "\n")
Preferences.Prefs.settings.setValue("Help/CaCertificates", QVariant(pems))
reply.ignoreSslErrors()
