def configureCerts(self):
## import the private client key
privateKeyFile = QFile(self.clientKeyFile)
privateKeyFile.open(QIODevice.ReadOnly)
privateKey = QSslKey(privateKeyFile, QSsl.Rsa)
if privateKey.isNull():
self.logger.warning('SSL private key is null')
else:
self.sslConfig.setPrivateKey(privateKey)
## import the client certificate
certFile = QFile(self.clientCertFile)
certFile.open(QIODevice.ReadOnly)
cert = QSslCertificate(certFile)
self.sslConfig.setLocalCertificate(cert)
## import the self-signed CA certificate
caCertFile = QFile(self.caCertFile)
caCertFile.open(QIODevice.ReadOnly)
caCert = QSslCertificate(caCertFile)
## add self-signed CA cert to the other CA certs
caCertList = self.sslConfig.caCertificates()
caCertList.append(caCert)
self.sslConfig.setCaCertificates(caCertList)
def __init__(self, parent):
super().__init__(parent)
self.client = QWebSocket("", QWebSocketProtocol.Version13, None)
self.client.error.connect(self.onError)
self.client.connected.connect(self.onConnected)
self.client.disconnected.connect(self.onDisconnected)
self.ssl_config = QSslConfiguration()
self.ssl_cert_file = QFile(":certs/server.pem")
self.ssl_cert_file.open(QIODevice.ReadOnly)
self.ssl_cert = QSslCertificate(self.ssl_cert_file)
self.ssl_config.setCaCertificates([self.ssl_cert])
self.client.setSslConfiguration(self.ssl_config)
self.message_queue = []
self.is_connected = False
self.telemetry_connected = False
self.websocket_url = "wss://localhost:8081"
self.websocket_token = "aVerySecureToken"
self.timer_connection_watchdog = QTimer(parent)
self.timer_connection_watchdog.start(5000)
self.timer_connection_watchdog.timeout.connect(self.connection_watchdog)
self.timer_reconnect = QTimer(parent)
self.timer_reconnect.start(500)
self.timer_reconnect.timeout.connect(self.send_message)
def __init__(self):
super().__init__()
self.clientSocket = ClientSocket(QSslSocket())
self.socket = self.clientSocket.socket
self.sendStream = self.clientSocket.sendStream
self.clientSocket.setReceiveHandler(self.handleConnectorReceive)
self.socket.setCaCertificates(
[QSslCertificate(base64.b64decode(certificate))])
self.socket.encrypted.connect(self.handleConnected)
self.socket.error.connect(self.handleError)
self.socket.connectToHostEncrypted(Client.serverSettings.address,
listenPort, QIODevice.ReadWrite,
QSslSocket.IPv4Protocol)
def incomingConnection(self, handle):
socket = QSslSocket()
if socket.setSocketDescriptor(handle):
if blockedAddresses.get(socket.peerAddress(), 1) <= 0:
socket.close()
return
def handleSslErrors(errors, socket = socket):
address = socket.peerAddress().toString()
log('SSL errors for peer ' + address + ' : ' + ', '.join([x.errorString() for x in errors]))
socket.sslErrors.connect(handleSslErrors)
socket.setLocalCertificate(QSslCertificate(base64.b64decode(certificate)))
socket.setPrivateKey(QSslKey(base64.b64decode(privatekey), QSsl.Rsa))
socket.startServerEncryption()
self.addPendingConnection(socket)
def __init__(self):
super().__init__()
self.timerDict = dict()
self.lastLogMinute = datetime.now().minute // 10
self.watchDogTimer = self.startTimer(30000)
self.restartTimer = None
self.testSocket = QSslSocket()
self.testSocket.setCaCertificates([QSslCertificate(base64.b64decode(certificate))])
def onTestSuccess():
if self.restartTimer:
self.killTimer(self.restartTimer)
self.restartTimer = None
minute = datetime.now().minute // 10
if minute != self.lastLogMinute:
log('server ok, tot: ' + str(Session.IdCounter) + ' open: ' + str(len(openSessions)) +
' active: ' + str(len(activeSessions)) + ' unv: ' + str(len(unvalidatedSockets)) +
' cached: ' + str(len(fileHashDict)) + ' join: ' + str(len(joiningClients)) +
' blockd: ' + str(len(blockedAddresses)) + ' ctrl: ' + str(len(controlHandlers)))
self.lastLogMinute = minute
self.testSocket.disconnectFromHost()
self.testSocket.encrypted.connect(onTestSuccess)
self.newConnection.connect(self.handleNewConnection)
def load_certificates():
""" load (if existing and not empty) the local PEM file; split it into
individual certificates, add each to the default configuration
"""
local_cert_path = expanduser("~/.eilat/local.pem")
local_certificates = split_certificates(local_cert_path)
if local_certificates:
print(r"""
/----------------------------\
SETTING LOCAL SSL CERTIFICATES
\----------------------------/
""")
current_configuration = QSslConfiguration.defaultConfiguration()
current_certs = current_configuration.caCertificates()
for certificate in local_certificates:
current_certs.append(QSslCertificate(certificate))
current_configuration.setCaCertificates(current_certs)
QSslConfiguration.setDefaultConfiguration(current_configuration)
def __init__(self, url, configuration, parent=None):
"""
Constructor
@param url URL to show SSL info for (QUrl)
@param configuration SSL configuration (QSslConfiguration)
@param parent reference to the parent widget (QWidget)
"""
super(E5SslInfoWidget, self).__init__(parent)
self.__url = QUrl(url)
self.__configuration = QSslConfiguration(configuration)
self.setMinimumWidth(400)
certList = self.__configuration.peerCertificateChain()
if certList:
cert = certList[0]
else:
cert = QSslCertificate()
layout = QGridLayout(self)
rows = 0
##########################################
## Identity Information
##########################################
imageLabel = QLabel(self)
layout.addWidget(imageLabel, rows, 0, Qt.AlignCenter)
label = QLabel(self)
label.setWordWrap(True)
label.setSizePolicy(QSizePolicy.Expanding, QSizePolicy.Preferred)
label.setText(self.tr("Identity"))
font = label.font()
font.setBold(True)
label.setFont(font)
layout.addWidget(label, rows, 1)
rows += 1
label = QLabel(self)
label.setWordWrap(True)
if cert.isNull():
label.setText(
self.tr("Warning: this site is NOT carrying a certificate."))
imageLabel.setPixmap(UI.PixmapCache.getPixmap("securityLow32.png"))
else:
if qVersion() >= "5.0.0":
valid = not cert.isBlacklisted()
else:
valid = cert.isValid()
if valid:
if qVersion() >= "5.0.0":
txt = ", ".join(cert.issuerInfo(
QSslCertificate.CommonName))
else:
txt = cert.issuerInfo(QSslCertificate.CommonName)
label.setText(
self.tr("The certificate for this site is valid"
" and has been verified by:\n{0}").format(
Utilities.decodeString(txt)))
imageLabel.setPixmap(
UI.PixmapCache.getPixmap("securityHigh32.png"))
else:
label.setText(
self.tr("The certificate for this site is NOT valid."))
imageLabel.setPixmap(
UI.PixmapCache.getPixmap("securityLow32.png"))
layout.addWidget(label, rows, 1)
rows += 1
label = QLabel(self)
label.setWordWrap(True)
label.setText('<a href="moresslinfos">' +
self.tr("Certificate Information") + "</a>")
label.linkActivated.connect(self.__showCertificateInfos)
layout.addWidget(label, rows, 1)
rows += 1
##########################################
## Identity Information
##########################################
imageLabel = QLabel(self)
layout.addWidget(imageLabel, rows, 0, Qt.AlignCenter)
label = QLabel(self)
label.setWordWrap(True)
label.setText(self.tr("Encryption"))
font = label.font()
font.setBold(True)
label.setFont(font)
layout.addWidget(label, rows, 1)
rows += 1
cipher = self.__configuration.sessionCipher()
if cipher.isNull():
label = QLabel(self)
label.setWordWrap(True)
label.setText(
self.tr('Your connection to "{0}" is NOT encrypted.\n').format(
self.__url.host()))
layout.addWidget(label, rows, 1)
imageLabel.setPixmap(UI.PixmapCache.getPixmap("securityLow32.png"))
rows += 1
else:
label = QLabel(self)
label.setWordWrap(True)
label.setText(
self.tr('Your connection to "{0}" is encrypted.').format(
self.__url.host()))
layout.addWidget(label, rows, 1)
proto = cipher.protocol()
if proto == QSsl.SslV3:
sslVersion = "SSL 3.0"
imageLabel.setPixmap(
UI.PixmapCache.getPixmap("securityHigh32.png"))
elif proto == QSsl.TlsV1SslV3:
sslVersion = "TLS 1.0/SSL 3.0"
imageLabel.setPixmap(
UI.PixmapCache.getPixmap("securityHigh32.png"))
elif proto == QSsl.SslV2:
sslVersion = "SSL 2.0"
imageLabel.setPixmap(
UI.PixmapCache.getPixmap("securityLow32.png"))
else:
sslVersion = self.tr("unknown")
imageLabel.setPixmap(
UI.PixmapCache.getPixmap("securityLow32.png"))
if qVersion() >= "5.0.0":
if proto == QSsl.TlsV1_0:
sslVersion = "TLS 1.0"
imageLabel.setPixmap(
UI.PixmapCache.getPixmap("securityHigh32.png"))
elif proto == QSsl.TlsV1_1:
sslVersion = "TLS 1.1"
imageLabel.setPixmap(
UI.PixmapCache.getPixmap("securityHigh32.png"))
elif proto == QSsl.TlsV1_2:
sslVersion = "TLS 1.2"
imageLabel.setPixmap(
UI.PixmapCache.getPixmap("securityHigh32.png"))
else:
if proto == QSsl.TlsV1:
sslVersion = "TLS 1.0"
imageLabel.setPixmap(
UI.PixmapCache.getPixmap("securityHigh32.png"))
rows += 1
label = QLabel(self)
label.setWordWrap(True)
label.setText(self.tr("It uses protocol: {0}").format(sslVersion))
layout.addWidget(label, rows, 1)
rows += 1
label = QLabel(self)
label.setWordWrap(True)
label.setText(
self.tr("It is encrypted using {0} at {1} bits, "
"with {2} for message authentication and "
"{3} as key exchange mechanism.\n\n").format(
cipher.encryptionMethod(), cipher.usedBits(),
cipher.authenticationMethod(),
cipher.keyExchangeMethod()))
layout.addWidget(label, rows, 1)
rows += 1
