Extract code to methods
This commit is contained in:
parent
6262c09de8
commit
a45921685b
2 changed files with 74 additions and 65 deletions
|
@ -79,70 +79,8 @@ KdeConnectConfig::KdeConnectConfig()
|
||||||
d->m_config = new QSettings(baseConfigDir().absoluteFilePath(QStringLiteral("config")), QSettings::IniFormat);
|
d->m_config = new QSettings(baseConfigDir().absoluteFilePath(QStringLiteral("config")), QSettings::IniFormat);
|
||||||
d->m_trustedDevices = new QSettings(baseConfigDir().absoluteFilePath(QStringLiteral("trusted_devices")), QSettings::IniFormat);
|
d->m_trustedDevices = new QSettings(baseConfigDir().absoluteFilePath(QStringLiteral("trusted_devices")), QSettings::IniFormat);
|
||||||
|
|
||||||
const QFile::Permissions strict = QFile::ReadOwner | QFile::WriteOwner | QFile::ReadUser | QFile::WriteUser;
|
loadPrivateKey();
|
||||||
|
loadCertificate();
|
||||||
QString keyPath = privateKeyPath();
|
|
||||||
QFile privKey(keyPath);
|
|
||||||
if (privKey.exists() && privKey.open(QIODevice::ReadOnly)) {
|
|
||||||
|
|
||||||
d->m_privateKey = QCA::PrivateKey::fromPEM(privKey.readAll());
|
|
||||||
|
|
||||||
} else {
|
|
||||||
|
|
||||||
d->m_privateKey = QCA::KeyGenerator().createRSA(2048);
|
|
||||||
|
|
||||||
if (!privKey.open(QIODevice::ReadWrite | QIODevice::Truncate)) {
|
|
||||||
Daemon::instance()->reportError(QStringLiteral("KDE Connect"), i18n("Could not store private key file: %1", keyPath));
|
|
||||||
} else {
|
|
||||||
privKey.setPermissions(strict);
|
|
||||||
privKey.write(d->m_privateKey.toPEM().toLatin1());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
QString certPath = certificatePath();
|
|
||||||
QFile cert(certPath);
|
|
||||||
if (cert.exists() && cert.open(QIODevice::ReadOnly)) {
|
|
||||||
|
|
||||||
d->m_certificate = QSslCertificate::fromPath(certPath).at(0);
|
|
||||||
|
|
||||||
} else {
|
|
||||||
|
|
||||||
// No certificate yet. Probably first run. Let's generate one!
|
|
||||||
|
|
||||||
QString uuid = QUuid::createUuid().toString();
|
|
||||||
DbusHelper::filterNonExportableCharacters(uuid);
|
|
||||||
qCDebug(KDECONNECT_CORE) << "My id:" << uuid;
|
|
||||||
|
|
||||||
// FIXME: We only use QCA here to generate the cert and key, would be nice to get rid of it completely.
|
|
||||||
// The same thing we are doing with QCA could be done invoking openssl (although it's potentially less portable):
|
|
||||||
// openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes -keyout privateKey.pem -days 3650 -out certificate.pem -subj "/O=KDE/OU=KDE Connect/CN=_e6e29ad4_2b31_4b6d_8f7a_9872dbaa9095_"
|
|
||||||
|
|
||||||
QCA::CertificateOptions certificateOptions = QCA::CertificateOptions();
|
|
||||||
QDateTime startTime = QDateTime::currentDateTime().addYears(-1);
|
|
||||||
QDateTime endTime = startTime.addYears(10);
|
|
||||||
QCA::CertificateInfo certificateInfo;
|
|
||||||
certificateInfo.insert(QCA::CommonName, uuid);
|
|
||||||
certificateInfo.insert(QCA::Organization,QStringLiteral("KDE"));
|
|
||||||
certificateInfo.insert(QCA::OrganizationalUnit,QStringLiteral("Kde connect"));
|
|
||||||
certificateOptions.setInfo(certificateInfo);
|
|
||||||
certificateOptions.setFormat(QCA::PKCS10);
|
|
||||||
certificateOptions.setSerialNumber(QCA::BigInteger(10));
|
|
||||||
certificateOptions.setValidityPeriod(startTime, endTime);
|
|
||||||
|
|
||||||
d->m_certificate = QSslCertificate(QCA::Certificate(certificateOptions, d->m_privateKey).toPEM().toLatin1());
|
|
||||||
|
|
||||||
if (!cert.open(QIODevice::ReadWrite | QIODevice::Truncate)) {
|
|
||||||
Daemon::instance()->reportError(QStringLiteral("KDE Connect"), i18n("Could not store certificate file: %1", certPath));
|
|
||||||
} else {
|
|
||||||
cert.setPermissions(strict);
|
|
||||||
cert.write(d->m_certificate.toPem());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
//Extra security check
|
|
||||||
if (QFile::permissions(keyPath) != strict) {
|
|
||||||
qCWarning(KDECONNECT_CORE) << "Warning: KDE Connect private key file has too open permissions " << keyPath;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
QString KdeConnectConfig::name()
|
QString KdeConnectConfig::name()
|
||||||
|
@ -265,4 +203,71 @@ QDir KdeConnectConfig::pluginConfigDir(const QString& deviceId, const QString& p
|
||||||
return QDir(pluginConfigDir);
|
return QDir(pluginConfigDir);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void KdeConnectConfig::loadPrivateKey()
|
||||||
|
{
|
||||||
|
QString keyPath = privateKeyPath();
|
||||||
|
QFile privKey(keyPath);
|
||||||
|
if (privKey.exists() && privKey.open(QIODevice::ReadOnly)) {
|
||||||
|
|
||||||
|
d->m_privateKey = QCA::PrivateKey::fromPEM(privKey.readAll());
|
||||||
|
|
||||||
|
} else {
|
||||||
|
|
||||||
|
d->m_privateKey = QCA::KeyGenerator().createRSA(2048);
|
||||||
|
|
||||||
|
if (!privKey.open(QIODevice::ReadWrite | QIODevice::Truncate)) {
|
||||||
|
Daemon::instance()->reportError(QStringLiteral("KDE Connect"), i18n("Could not store private key file: %1", keyPath));
|
||||||
|
} else {
|
||||||
|
privKey.setPermissions(strict);
|
||||||
|
privKey.write(d->m_privateKey.toPEM().toLatin1());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
//Extra security check
|
||||||
|
if (QFile::permissions(keyPath) != strict) {
|
||||||
|
qCWarning(KDECONNECT_CORE) << "Warning: KDE Connect private key file has too open permissions " << keyPath;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void KdeConnectConfig::loadCertificate()
|
||||||
|
{
|
||||||
|
QString certPath = certificatePath();
|
||||||
|
QFile cert(certPath);
|
||||||
|
if (cert.exists() && cert.open(QIODevice::ReadOnly)) {
|
||||||
|
|
||||||
|
d->m_certificate = QSslCertificate::fromPath(certPath).at(0);
|
||||||
|
|
||||||
|
} else {
|
||||||
|
|
||||||
|
// No certificate yet. Probably first run. Let's generate one!
|
||||||
|
|
||||||
|
QString uuid = QUuid::createUuid().toString();
|
||||||
|
DbusHelper::filterNonExportableCharacters(uuid);
|
||||||
|
qCDebug(KDECONNECT_CORE) << "My id:" << uuid;
|
||||||
|
|
||||||
|
// FIXME: We only use QCA here to generate the cert and key, would be nice to get rid of it completely.
|
||||||
|
// The same thing we are doing with QCA could be done invoking openssl (although it's potentially less portable):
|
||||||
|
// openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes -keyout privateKey.pem -days 3650 -out certificate.pem -subj "/O=KDE/OU=KDE Connect/CN=_e6e29ad4_2b31_4b6d_8f7a_9872dbaa9095_"
|
||||||
|
|
||||||
|
QCA::CertificateOptions certificateOptions = QCA::CertificateOptions();
|
||||||
|
QDateTime startTime = QDateTime::currentDateTime().addYears(-1);
|
||||||
|
QDateTime endTime = startTime.addYears(10);
|
||||||
|
QCA::CertificateInfo certificateInfo;
|
||||||
|
certificateInfo.insert(QCA::CommonName, uuid);
|
||||||
|
certificateInfo.insert(QCA::Organization,QStringLiteral("KDE"));
|
||||||
|
certificateInfo.insert(QCA::OrganizationalUnit,QStringLiteral("Kde connect"));
|
||||||
|
certificateOptions.setInfo(certificateInfo);
|
||||||
|
certificateOptions.setFormat(QCA::PKCS10);
|
||||||
|
certificateOptions.setSerialNumber(QCA::BigInteger(10));
|
||||||
|
certificateOptions.setValidityPeriod(startTime, endTime);
|
||||||
|
|
||||||
|
d->m_certificate = QSslCertificate(QCA::Certificate(certificateOptions, d->m_privateKey).toPEM().toLatin1());
|
||||||
|
|
||||||
|
if (!cert.open(QIODevice::ReadWrite | QIODevice::Truncate)) {
|
||||||
|
Daemon::instance()->reportError(QStringLiteral("KDE Connect"), i18n("Could not store certificate file: %1", certPath));
|
||||||
|
} else {
|
||||||
|
cert.setPermissions(strict);
|
||||||
|
cert.write(d->m_certificate.toPem());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -73,9 +73,13 @@ public:
|
||||||
private:
|
private:
|
||||||
KdeConnectConfig();
|
KdeConnectConfig();
|
||||||
|
|
||||||
private:
|
void loadPrivateKey();
|
||||||
|
void loadCertificate();
|
||||||
|
|
||||||
struct KdeConnectConfigPrivate* d;
|
struct KdeConnectConfigPrivate* d;
|
||||||
|
|
||||||
|
const QFile::Permissions strict = QFile::ReadOwner | QFile::WriteOwner | QFile::ReadUser | QFile::WriteUser;
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
Loading…
Reference in a new issue