certificate handling after 10years
Auto reconfiguration of own certificate: currently: if kdeconncectd loads its certificate and its expired or not effective yet it generates a new certificate previously: if kdeconncectd loads its certificate and its expired or not effective yet it continues having the same certificate This brings forth an issue: Other devices would refuse to connect to a device with an expired or non-effective certificate. Auto-delete of orphan certificates: currently: Devices in kdeconnectd's devicelist that have illegal ssl certificates (expired, not effective yet, empty) get automatically deleted from the devicelist previously: they would just exist forever until the user deletes them A year does not have 356 days: currently: int a_year_in_seconds = 365 * 24 * 60 * 60; previously: int a_year_in_seconds = 356 * 24 * 60 * 60;
This commit is contained in:
parent
0b0edbc27d
commit
a4e6e11dd6
6 changed files with 33 additions and 3 deletions
|
@ -90,7 +90,14 @@ void Daemon::init()
|
|||
// Read remembered paired devices
|
||||
const QStringList &list = KdeConnectConfig::instance().trustedDevices();
|
||||
for (const QString &id : list) {
|
||||
addDevice(new Device(this, id));
|
||||
Device *d = new Device(this, id);
|
||||
// prune away devices with malformed certificates
|
||||
if (d->hasInvalidCertificate()) {
|
||||
qCDebug(KDECONNECT_CORE) << "Certificate for device " << id << "illegal, deleting the device";
|
||||
KdeConnectConfig::instance().removeTrustedDevice(id);
|
||||
} else {
|
||||
addDevice(d);
|
||||
}
|
||||
}
|
||||
|
||||
qCDebug(KDECONNECT_CORE) << "Paired devices added";
|
||||
|
|
|
@ -320,7 +320,11 @@ bool Device::updateDeviceInfo(const DeviceInfo &newDeviceInfo)
|
|||
|
||||
return hasChanges;
|
||||
}
|
||||
|
||||
bool Device::hasInvalidCertificate()
|
||||
{
|
||||
QDateTime now = QDateTime::currentDateTime();
|
||||
return certificate().isNull() || certificate().effectiveDate() >= now || certificate().expiryDate() <= now;
|
||||
}
|
||||
void Device::linkDestroyed(QObject *o)
|
||||
{
|
||||
removeLink(static_cast<DeviceLink *>(o));
|
||||
|
|
|
@ -74,6 +74,8 @@ public:
|
|||
|
||||
bool updateDeviceInfo(const DeviceInfo &deviceInfo);
|
||||
|
||||
bool hasInvalidCertificate();
|
||||
|
||||
PairState pairState() const;
|
||||
Q_SCRIPTABLE int pairStateAsInt() const; // Hack because qdbus doesn't like enums
|
||||
Q_SCRIPTABLE bool isPaired() const;
|
||||
|
|
|
@ -215,6 +215,12 @@ void KdeConnectConfig::removeTrustedDevice(const QString &deviceId)
|
|||
// We do not remove the config files.
|
||||
}
|
||||
|
||||
void KdeConnectConfig::removeAllTrustedDevices()
|
||||
{
|
||||
d->m_trustedDevices->clear();
|
||||
d->m_trustedDevices->sync();
|
||||
}
|
||||
|
||||
// Utility functions to set and get a value
|
||||
void KdeConnectConfig::setDeviceProperty(const QString &deviceId, const QString &key, const QString &value)
|
||||
{
|
||||
|
@ -276,10 +282,18 @@ bool KdeConnectConfig::loadPrivateKey(const QString &keyPath)
|
|||
bool KdeConnectConfig::loadCertificate(const QString &certPath)
|
||||
{
|
||||
QFile cert(certPath);
|
||||
QDateTime now = QDateTime::currentDateTime();
|
||||
|
||||
if (cert.exists() && cert.open(QIODevice::ReadOnly)) {
|
||||
d->m_certificate = QSslCertificate(cert.readAll());
|
||||
if (d->m_certificate.isNull()) {
|
||||
qCWarning(KDECONNECT_CORE) << "Certificate from" << certPath << "is not valid";
|
||||
} else if (d->m_certificate.effectiveDate() >= now) {
|
||||
qCWarning(KDECONNECT_CORE) << "Certificate from" << certPath << "not yet effective: " << d->m_certificate.effectiveDate();
|
||||
return true;
|
||||
} else if (d->m_certificate.expiryDate() <= now) {
|
||||
qCWarning(KDECONNECT_CORE) << "Certificate from" << certPath << "expired: " << d->m_certificate.expiryDate();
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return d->m_certificate.isNull();
|
||||
|
@ -294,6 +308,7 @@ void KdeConnectConfig::loadOrGeneratePrivateKeyAndCertificate(const QString &key
|
|||
generatePrivateKey(keyPath);
|
||||
}
|
||||
if (needsToGenerateCert) {
|
||||
removeAllTrustedDevices();
|
||||
generateCertificate(certPath);
|
||||
}
|
||||
|
||||
|
|
|
@ -77,6 +77,8 @@ private:
|
|||
void generatePrivateKey(const QString &path);
|
||||
void generateCertificate(const QString &path);
|
||||
|
||||
void removeAllTrustedDevices();
|
||||
|
||||
struct KdeConnectConfigPrivate *d;
|
||||
};
|
||||
|
||||
|
|
|
@ -200,7 +200,7 @@ QSslCertificate generateSelfSignedCertificate(const QSslKey &qtPrivateKey, const
|
|||
}
|
||||
|
||||
// Set the certificate validity period.
|
||||
int a_year_in_seconds = 356 * 24 * 60 * 60;
|
||||
int a_year_in_seconds = 365 * 24 * 60 * 60;
|
||||
X509_gmtime_adj(X509_getm_notBefore(x509.get()), -a_year_in_seconds);
|
||||
X509_gmtime_adj(X509_getm_notAfter(x509.get()), 10 * a_year_in_seconds);
|
||||
|
||||
|
|
Loading…
Reference in a new issue