def __init__(self, *args, **kwargs): """Initialize this instance.""" super(WebClient, self).__init__(*args, **kwargs) self.nam = QNetworkAccessManager(QCoreApplication.instance()) self.nam.finished.connect(self._handle_finished) self.nam.authenticationRequired.connect(self._handle_authentication) self.nam.proxyAuthenticationRequired.connect(self.handle_proxy_auth) self.nam.sslErrors.connect(self._handle_ssl_errors) self.replies = {} self.proxy_retry = False self.setup_proxy() # Force Qt to load the system certificates QSslSocket.setDefaultCaCertificates(QSslSocket.systemCaCertificates()) # Apply our local certificates as the SSL configuration to be used # for all QNetworkRequest calls. self.ssl_config = QSslConfiguration.defaultConfiguration() ca_certs = self.ssl_config.caCertificates() try: for path in glob.glob(os.path.join(get_cert_dir(), "UbuntuOne*.pem")): with open(path) as f: cert = QSslCertificate(f.read()) if cert.isValid(): ca_certs.append(cert) else: logger.error("invalid certificate: {}".format(path)) except (IndexError, IOError) as err: raise WebClientError( "Unable to configure SSL certificates: {}".format(err)) self.ssl_config.setCaCertificates(ca_certs)
def __init__(self, *args, **kwargs): """Initialize this instance.""" super(WebClient, self).__init__(*args, **kwargs) self.nam = QNetworkAccessManager(QCoreApplication.instance()) self.nam.finished.connect(self._handle_finished) self.nam.authenticationRequired.connect(self._handle_authentication) self.nam.proxyAuthenticationRequired.connect(self.handle_proxy_auth) self.nam.sslErrors.connect(self._handle_ssl_errors) self.replies = {} self.proxy_retry = False self.setup_proxy() # Force Qt to load the system certificates QSslSocket.setDefaultCaCertificates(QSslSocket.systemCaCertificates()) # Apply our local certificates as the SSL configuration to be used # for all QNetworkRequest calls. self.ssl_config = QSslConfiguration.defaultConfiguration() ca_certs = self.ssl_config.caCertificates() try: for path in glob.glob( os.path.join(get_cert_dir(), "UbuntuOne*.pem")): with open(path) as f: cert = QSslCertificate(f.read()) if cert.isValid(): ca_certs.append(cert) else: logger.error("invalid certificate: {}".format(path)) except (IndexError, IOError) as err: raise WebClientError( "Unable to configure SSL certificates: {}".format(err)) self.ssl_config.setCaCertificates(ca_certs)
def __init__(self, engine, parent=None): """ Constructor @param engine reference to the help engine (QHelpEngine) @param parent reference to the parent object (QObject) """ QNetworkAccessManager.__init__(self, parent) self.__adblockNetwork = None self.__schemeHandlers = {} # dictionary of scheme handlers self.__proxyFactory = E4NetworkProxyFactory() self.setProxyFactory(self.__proxyFactory) self.__setDiskCache() self.languagesChanged() if SSL_AVAILABLE: sslCfg = QSslConfiguration.defaultConfiguration() caList = sslCfg.caCertificates() caNew = QSslCertificate.fromData(Preferences.Prefs.settings.value("Help/CaCertificates").toByteArray()) for cert in caNew: caList.append(cert) sslCfg.setCaCertificates(caList) sslCfg.setProtocol(QSsl.AnyProtocol) try: sslCfg.setSslOption(QSsl.SslOptionDisableCompression, True) except AttributeError: pass QSslConfiguration.setDefaultConfiguration(sslCfg) self.connect(self, SIGNAL("sslErrors(QNetworkReply *, const QList<QSslError> &)"), self.__sslErrors) self.connect( self, SIGNAL("proxyAuthenticationRequired(const QNetworkProxy&, QAuthenticator*)"), self.__proxyAuthenticationRequired, ) self.connect( self, SIGNAL("authenticationRequired(QNetworkReply *, QAuthenticator *)"), self.__authenticationRequired ) # register scheme handlers self.setSchemeHandler("qthelp", QtHelpAccessHandler(engine, self)) self.setSchemeHandler("pyrc", PyrcAccessHandler(self)) self.setSchemeHandler("about", AboutAccessHandler(self)) self.setSchemeHandler("abp", AdBlockAccessHandler(self))
def populatePKITestCerts(): """ Populate AuthManager with test certificates. heavily based on testqgsauthmanager.cpp. """ global AUTHM global AUTHCFGID global AUTHTYPE assert (AUTHM is not None) if AUTHCFGID: removePKITestCerts() assert (AUTHCFGID is None) # set alice PKI data p_config = QgsAuthMethodConfig() p_config.setName("alice") p_config.setMethod("PKI-Paths") p_config.setUri("http://example.com") p_config.setConfig("certpath", os.path.join(PKIDATA, 'alice-cert.pem')) p_config.setConfig("keypath", os.path.join(PKIDATA, 'alice-key.pem')) assert p_config.isValid() # add authorities cacerts = QSslCertificate.fromPath( os.path.join(PKIDATA, 'subissuer-issuer-root-ca_issuer-2-root-2-ca_chains.pem')) assert cacerts is not None AUTHM.storeCertAuthorities(cacerts) AUTHM.rebuildCaCertsCache() AUTHM.rebuildTrustedCaCertsCache() # add alice cert # boundle = QgsPkiBundle.fromPemPaths(os.path.join(PKIDATA, 'alice-cert.pem'), # os.path.join(PKIDATA, 'alice-key_w-pass.pem'), # 'password', # cacerts) # assert boundle is not None # assert boundle.isValid() # register alice data in auth AUTHM.storeAuthenticationConfig(p_config) AUTHCFGID = p_config.id() assert (AUTHCFGID is not None) assert (AUTHCFGID != '') AUTHTYPE = p_config.method()
def populatePKITestCerts(): """ Populate AuthManager with test certificates. heavily based on testqgsauthmanager.cpp. """ global AUTHM global AUTHCFGID global AUTHTYPE assert (AUTHM is not None) if AUTHCFGID: removePKITestCerts() assert (AUTHCFGID is None) # set alice PKI data p_config = QgsAuthMethodConfig() p_config.setName("alice") p_config.setMethod("PKI-Paths") p_config.setUri("http://example.com") p_config.setConfig("certpath", os.path.join(PKIDATA, 'alice-cert.pem')) p_config.setConfig("keypath", os.path.join(PKIDATA, 'alice-key.pem')) assert p_config.isValid() # add authorities cacerts = QSslCertificate.fromPath(os.path.join(PKIDATA, 'subissuer-issuer-root-ca_issuer-2-root-2-ca_chains.pem')) assert cacerts is not None AUTHM.storeCertAuthorities(cacerts) AUTHM.rebuildCaCertsCache() AUTHM.rebuildTrustedCaCertsCache() # add alice cert # boundle = QgsPkiBundle.fromPemPaths(os.path.join(PKIDATA, 'alice-cert.pem'), # os.path.join(PKIDATA, 'alice-key_w-pass.pem'), # 'password', # cacerts) # assert boundle is not None # assert boundle.isValid() # register alice data in auth AUTHM.storeAuthenticationConfig(p_config) AUTHCFGID = p_config.id() assert (AUTHCFGID is not None) assert (AUTHCFGID != '') AUTHTYPE = p_config.method()
from PyQt4.QtNetwork import QSslCertificate from qgis.gui import QgsAuthCertInfoDialog # Certificate for test from http://fm4dd.com/openssl/certexamples.htm # The one retrieved is http://fm4dd.com/openssl/source/PEM/certs/1024b-rsa-example-cert.pem remote_url = 'http://fm4dd.com/openssl/source/PEM/certs/1024b-rsa-example-cert.pem' pem_path = remote_url.split('/')[-1] # Fetch certificate from remote url and write to file with open(pem_path, 'wb') as f: certificate_string = urllib.urlopen(remote_url).read() f.write(certificate_string) # Instanciate a first QgsAuthCertInfoDialog using QSslCertificate.fromPath auth_cert_info_dialog_1 = QgsAuthCertInfoDialog( QSslCertificate.fromPath(pem_path)[0], True ) auth_cert_info_dialog_1.show() # Instanciate a second QgsAuthCertInfoDialog using QSslCertificate.fromData auth_cert_info_dialog_2 = QgsAuthCertInfoDialog( QSslCertificate.fromData( QByteArray(certificate_string) )[0], False ) auth_cert_info_dialog_2.show()
# coding: utf-8 import urllib from PyQt4.QtNetwork import QSslCertificate from qgis.gui import QgsAuthCertInfo # Certificate for test from http://fm4dd.com/openssl/certexamples.htm # The one retrieved is http://fm4dd.com/openssl/source/PEM/certs/1024b-rsa-example-cert.pem remote_url = 'http://fm4dd.com/openssl/source/PEM/certs/1024b-rsa-example-cert.pem' pem_path = remote_url.split('/')[-1] # Fetch certificate from remote url and write to file with open(pem_path, 'wb') as f: certificate_string = urllib.urlopen(remote_url).read() f.write(certificate_string) # Instanciate a QgsAuthCertInfo using QSslCertificate.fromPath auth_cert_info = QgsAuthCertInfo( QSslCertificate.fromPath(pem_path)[0], True ) auth_cert_info.show()
# coding: utf-8 import urllib from PyQt4.QtNetwork import QSslCertificate from qgis.gui import QgsAuthCertInfo # Certificate for test from http://fm4dd.com/openssl/certexamples.htm # The one retrieved is http://fm4dd.com/openssl/source/PEM/certs/1024b-rsa-example-cert.pem remote_url = 'http://fm4dd.com/openssl/source/PEM/certs/1024b-rsa-example-cert.pem' pem_path = remote_url.split('/')[-1] # Fetch certificate from remote url and write to file with open(pem_path, 'wb') as f: certificate_string = urllib.urlopen(remote_url).read() f.write(certificate_string) # Instanciate a QgsAuthCertInfo using QSslCertificate.fromPath auth_cert_info = QgsAuthCertInfo(QSslCertificate.fromPath(pem_path)[0], True) auth_cert_info.show()
from hashlib import sha1 from PyQt4 import QtCore, QtGui from PyQt4.QtCore import QUrl, QObject from PyQt4.QtNetwork import QNetworkAccessManager, QNetworkRequest, QSslConfiguration, QSslCertificate, QNetworkReply import traceback import logging import weakref ##Setup the SSL-Configuration. We accept only the two known Certificates from google; reject all other try: certs = open("cacert.pem", "r").read() except: certs = None if certs: baseSslConfig = QSslConfiguration.defaultConfiguration() baseSslConfig.setCaCertificates( QSslCertificate.fromData( certs ) ) QSslConfiguration.setDefaultConfiguration( baseSslConfig ) nam = QNetworkAccessManager() _isSecureSSL = True else: #We got no valid certificate file - accept all SSL connections nam = QNetworkAccessManager() class SSLFIX( QtCore.QObject ): def onSSLError(self, networkReply, sslErros ): networkReply.ignoreSslErrors() _SSLFIX = SSLFIX() nam.sslErrors.connect( _SSLFIX.onSSLError ) _isSecureSSL = False mimetypes.init() if os.path.exists("mime.types"):
def __sslErrors(self, reply, errors): """ Private slot to handle SSL errors. @param reply reference to the reply object (QNetworkReply) @param errors list of SSL errors (list of QSslError) """ caMerge = QSslCertificate.fromData(Preferences.Prefs.settings.value("Help/CaCertificates").toByteArray()) caNew = [] errorStrings = QStringList() for err in errors: if err.certificate() in caMerge: continue errorStrings.append(err.errorString()) if not err.certificate().isNull(): caNew.append(err.certificate()) if errorStrings.isEmpty(): reply.ignoreSslErrors() return errorString = errorStrings.join(".</li><li>") ret = KQMessageBox.warning( None, self.trUtf8("SSL Errors"), self.trUtf8( """<p>SSL Errors for <br /><b>%1</b>""" """<ul><li>%2</li></ul></p>""" """<p>Do you want to ignore these errors?</p>""" ) .arg(reply.url().toString()) .arg(errorString), QMessageBox.StandardButtons(QMessageBox.No | QMessageBox.Yes), QMessageBox.No, ) if ret == QMessageBox.Yes: if len(caNew) > 0: certinfos = QStringList() for cert in caNew: certinfos.append(self.__certToString(cert)) ret = KQMessageBox.question( None, self.trUtf8("Certificates"), self.trUtf8( """<p>Certificates:<br/>%1<br/>""" """Do you want to accept all these certificates?</p>""" ).arg(certinfos.join("")), QMessageBox.StandardButtons(QMessageBox.No | QMessageBox.Yes), QMessageBox.No, ) if ret == QMessageBox.Yes: for cert in caNew: caMerge.append(cert) sslCfg = QSslConfiguration.defaultConfiguration() caList = sslCfg.caCertificates() for cert in caNew: caList.append(cert) sslCfg.setCaCertificates(caList) sslCfg.setProtocol(QSsl.AnyProtocol) QSslConfiguration.setDefaultConfiguration(sslCfg) reply.setSslConfiguration(sslCfg) pems = QByteArray() for cert in caMerge: pems.append(cert.toPem() + "\n") Preferences.Prefs.settings.setValue("Help/CaCertificates", QVariant(pems)) reply.ignoreSslErrors()