2009-09-02 02:27:16 +00:00
|
|
|
/*
|
2010-01-18 18:24:57 +00:00
|
|
|
* Copyright © 2009 Rob Scheepmaker <r.scheepmaker@student.utwente.nl>
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Library General Public License version 2 as
|
|
|
|
* published by the Free Software Foundation
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Library General Public
|
|
|
|
* License along with this program; if not, write to the
|
|
|
|
* Free Software Foundation, Inc.,
|
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
*/
|
2009-09-02 02:27:16 +00:00
|
|
|
|
|
|
|
#include "credentials.h"
|
2009-09-09 15:37:03 +00:00
|
|
|
#include "config-plasma.h"
|
2009-09-09 13:40:16 +00:00
|
|
|
|
2011-05-27 12:33:31 +02:00
|
|
|
#include <QCryptographicHash>
|
2009-09-02 02:27:16 +00:00
|
|
|
#include <QObject>
|
2009-09-09 13:40:16 +00:00
|
|
|
|
2012-08-24 03:19:29 +02:00
|
|
|
#if ENABLE_REMOTE_WIDGETS
|
2009-09-02 06:22:26 +00:00
|
|
|
#include <QtCrypto>
|
2009-09-09 13:40:16 +00:00
|
|
|
#endif
|
2009-09-02 02:27:16 +00:00
|
|
|
|
2009-09-02 06:22:26 +00:00
|
|
|
#include <kdebug.h>
|
2009-09-02 02:27:16 +00:00
|
|
|
#include <kstandarddirs.h>
|
|
|
|
|
2011-05-27 12:33:31 +02:00
|
|
|
#include "authorizationmanager.h"
|
|
|
|
|
2009-09-09 17:36:17 +00:00
|
|
|
#define REQUIRED_FEATURES "rsa,sha1,pkey"
|
|
|
|
|
2009-09-02 02:27:16 +00:00
|
|
|
namespace Plasma {
|
|
|
|
|
|
|
|
class CredentialsPrivate {
|
|
|
|
public:
|
|
|
|
CredentialsPrivate()
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
CredentialsPrivate(const QString &id, const QString &name,
|
|
|
|
const QString &pemKey, bool isPrivateKey)
|
|
|
|
: id(id),
|
|
|
|
name(name)
|
|
|
|
{
|
2012-08-24 03:19:29 +02:00
|
|
|
#if ENABLE_REMOTE_WIDGETS
|
2009-09-21 16:48:19 +00:00
|
|
|
if (!QCA::isSupported(REQUIRED_FEATURES)) {
|
|
|
|
kWarning() << "QCA doesn't support " << REQUIRED_FEATURES;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2009-09-02 02:27:16 +00:00
|
|
|
if (isPrivateKey) {
|
|
|
|
privateKey = QCA::PrivateKey::fromPEM(pemKey);
|
|
|
|
publicKey = privateKey.toPublicKey();
|
|
|
|
} else {
|
|
|
|
publicKey = QCA::PublicKey::fromPEM(pemKey);
|
|
|
|
}
|
2009-09-09 13:40:16 +00:00
|
|
|
#endif
|
2009-09-02 02:27:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
~CredentialsPrivate()
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
QString id;
|
|
|
|
QString name;
|
2009-09-09 13:40:16 +00:00
|
|
|
|
2012-08-24 03:19:29 +02:00
|
|
|
#if ENABLE_REMOTE_WIDGETS
|
2009-09-02 02:27:16 +00:00
|
|
|
QCA::PublicKey publicKey;
|
|
|
|
QCA::PrivateKey privateKey;
|
2009-09-09 13:40:16 +00:00
|
|
|
#endif
|
2009-09-02 02:27:16 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
Credentials::Credentials(const QString &id, const QString &name,
|
|
|
|
const QString &key, bool isPrivateKey)
|
|
|
|
: d(new CredentialsPrivate(id, name, key, isPrivateKey))
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
Credentials::Credentials()
|
|
|
|
: d(new CredentialsPrivate())
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
Credentials::Credentials(const Credentials &other)
|
|
|
|
: d(new CredentialsPrivate())
|
|
|
|
{
|
|
|
|
*d = *other.d;
|
|
|
|
}
|
|
|
|
|
|
|
|
Credentials::~Credentials()
|
|
|
|
{
|
|
|
|
delete d;
|
|
|
|
}
|
|
|
|
|
|
|
|
Credentials &Credentials::operator=(const Credentials &other)
|
|
|
|
{
|
|
|
|
*d = *other.d;
|
|
|
|
return *this;
|
|
|
|
}
|
|
|
|
|
|
|
|
Credentials Credentials::createCredentials(const QString &name)
|
|
|
|
{
|
2012-08-24 03:19:29 +02:00
|
|
|
#if ENABLE_REMOTE_WIDGETS
|
2009-09-09 17:36:17 +00:00
|
|
|
if (!QCA::isSupported(REQUIRED_FEATURES)) {
|
2009-09-21 16:48:19 +00:00
|
|
|
kWarning() << "QCA doesn't support " << REQUIRED_FEATURES;
|
|
|
|
return Credentials();
|
2009-09-09 17:36:17 +00:00
|
|
|
}
|
2009-09-21 20:37:06 +00:00
|
|
|
|
2009-09-02 02:27:16 +00:00
|
|
|
QCA::KeyGenerator generator;
|
|
|
|
QCA::PrivateKey key = generator.createRSA(2048);
|
|
|
|
QString pemKey(key.toPublicKey().toPEM());
|
2012-12-13 13:22:48 +01:00
|
|
|
QString id = QCryptographicHash::hash(pemKey.toLatin1(), QCryptographicHash::Sha1);
|
2009-09-02 02:27:16 +00:00
|
|
|
return Credentials(id, name, key.toPEM(), true);
|
2009-09-09 13:40:16 +00:00
|
|
|
#else
|
|
|
|
return Credentials();
|
|
|
|
#endif
|
2009-09-02 02:27:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
TrustLevel Credentials::trustLevel() const
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
QString pemFile = KStandardDirs::locate("trustedkeys", id());
|
|
|
|
|
|
|
|
if (!pemFile.isEmpty()) {
|
|
|
|
QCA::PublicKey pubKey = QCA::PublicKey::fromPEMFile(pemFile);
|
|
|
|
if (pubKey == d->publicKey) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
*/
|
2009-12-10 09:16:30 +00:00
|
|
|
//Trust no one ;)
|
2011-04-29 15:18:35 +02:00
|
|
|
return UnknownTrusted;
|
2009-09-02 02:27:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
bool Credentials::isValid() const
|
|
|
|
{
|
2012-08-24 03:19:29 +02:00
|
|
|
#if ENABLE_REMOTE_WIDGETS
|
2009-09-09 17:36:17 +00:00
|
|
|
if (!QCA::isSupported(REQUIRED_FEATURES)) {
|
2009-09-21 16:48:19 +00:00
|
|
|
kWarning() << "QCA doesn't support " << REQUIRED_FEATURES;
|
|
|
|
return false;
|
2009-09-09 17:36:17 +00:00
|
|
|
}
|
2009-09-21 20:37:06 +00:00
|
|
|
|
2009-09-02 02:27:16 +00:00
|
|
|
if (d->publicKey.isNull()) {
|
|
|
|
return false;
|
|
|
|
} else {
|
2012-12-13 13:22:48 +01:00
|
|
|
QString id = QCryptographicHash::hash(d->publicKey.toPEM().toLatin1(), QCryptographicHash::Sha1);
|
2009-09-02 02:27:16 +00:00
|
|
|
return (id == d->id);
|
|
|
|
}
|
2009-09-09 13:40:16 +00:00
|
|
|
#else
|
2011-07-29 15:46:52 +02:00
|
|
|
#ifndef NDEBUG
|
2009-09-09 13:40:16 +00:00
|
|
|
kDebug() << "libplasma is compiled without support for remote widgets. Key invalid.";
|
2011-07-29 15:46:52 +02:00
|
|
|
#endif
|
2009-09-09 13:40:16 +00:00
|
|
|
return false;
|
|
|
|
#endif
|
2009-09-02 02:27:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
QString Credentials::name() const
|
|
|
|
{
|
|
|
|
return d->name;
|
|
|
|
}
|
|
|
|
|
|
|
|
QString Credentials::id() const
|
|
|
|
{
|
|
|
|
return d->id;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool Credentials::isValidSignature(const QByteArray &signature, const QByteArray &payload)
|
|
|
|
{
|
2012-08-24 03:19:29 +02:00
|
|
|
#if ENABLE_REMOTE_WIDGETS
|
2009-09-09 17:36:17 +00:00
|
|
|
if (!QCA::isSupported(REQUIRED_FEATURES)) {
|
2009-09-21 16:48:19 +00:00
|
|
|
kWarning() << "QCA doesn't support " << REQUIRED_FEATURES;
|
|
|
|
return false;
|
2009-09-09 17:36:17 +00:00
|
|
|
}
|
2009-09-21 20:37:06 +00:00
|
|
|
|
2009-09-02 02:27:16 +00:00
|
|
|
if (d->publicKey.canVerify()) {
|
|
|
|
if (!isValid()) {
|
2011-07-29 15:46:52 +02:00
|
|
|
#ifndef NDEBUG
|
2009-09-02 02:27:16 +00:00
|
|
|
kDebug() << "Key is null?";
|
2011-07-29 15:46:52 +02:00
|
|
|
#endif
|
2009-09-02 02:27:16 +00:00
|
|
|
}
|
|
|
|
QCA::PublicKey publicKey = QCA::PublicKey::fromPEM(d->publicKey.toPEM());
|
|
|
|
publicKey.startVerify( QCA::EMSA3_MD5 );
|
|
|
|
publicKey.update(payload);
|
|
|
|
return ( publicKey.validSignature( signature ) );
|
|
|
|
} else {
|
2011-07-29 15:46:52 +02:00
|
|
|
#ifndef NDEBUG
|
2009-09-02 02:27:16 +00:00
|
|
|
kDebug() << "Can't verify?";
|
2011-07-29 15:46:52 +02:00
|
|
|
#endif
|
2009-09-02 02:27:16 +00:00
|
|
|
return false;
|
|
|
|
}
|
2009-09-09 13:40:16 +00:00
|
|
|
#else
|
|
|
|
return false;
|
|
|
|
#endif
|
2009-09-02 02:27:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
bool Credentials::canSign() const
|
|
|
|
{
|
2012-08-24 03:19:29 +02:00
|
|
|
#if ENABLE_REMOTE_WIDGETS
|
2009-09-09 17:36:17 +00:00
|
|
|
if (!QCA::isSupported(REQUIRED_FEATURES)) {
|
2009-09-21 16:48:19 +00:00
|
|
|
kWarning() << "QCA doesn't support " << REQUIRED_FEATURES;
|
|
|
|
return false;
|
2009-09-09 17:36:17 +00:00
|
|
|
}
|
2009-09-21 20:37:06 +00:00
|
|
|
|
2009-09-02 02:27:16 +00:00
|
|
|
return d->privateKey.canSign();
|
2009-09-09 13:40:16 +00:00
|
|
|
#else
|
|
|
|
return false;
|
|
|
|
#endif
|
2009-09-02 02:27:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
QByteArray Credentials::signMessage(const QByteArray &message)
|
|
|
|
{
|
2012-08-24 03:19:29 +02:00
|
|
|
#if ENABLE_REMOTE_WIDGETS
|
2009-09-09 17:36:17 +00:00
|
|
|
if(!QCA::isSupported(REQUIRED_FEATURES)) {
|
2011-07-29 15:46:52 +02:00
|
|
|
#ifndef NDEBUG
|
2009-09-02 02:27:16 +00:00
|
|
|
kDebug() << "RSA not supported";
|
2011-07-29 15:46:52 +02:00
|
|
|
#endif
|
2009-09-02 02:27:16 +00:00
|
|
|
return QByteArray();
|
|
|
|
} else if (canSign()) {
|
|
|
|
//QCA::PrivateKey privateKey = QCA::PrivateKey::fromPEM(d->privateKey.toPEM());
|
|
|
|
d->privateKey.startSign( QCA::EMSA3_MD5 );
|
|
|
|
d->privateKey.update( message );
|
|
|
|
QByteArray signature = d->privateKey.signature();
|
|
|
|
return signature;
|
|
|
|
} else {
|
|
|
|
return QByteArray();
|
|
|
|
}
|
2009-09-09 13:40:16 +00:00
|
|
|
#else
|
|
|
|
return QByteArray();
|
|
|
|
#endif
|
2009-09-02 02:27:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
Credentials Credentials::toPublicCredentials() const
|
|
|
|
{
|
2012-08-24 03:19:29 +02:00
|
|
|
#if ENABLE_REMOTE_WIDGETS
|
2009-09-02 02:27:16 +00:00
|
|
|
Credentials result(*this);
|
|
|
|
result.d->privateKey = QCA::PrivateKey();
|
|
|
|
return result;
|
2009-09-09 13:40:16 +00:00
|
|
|
#else
|
|
|
|
return Credentials();
|
|
|
|
#endif
|
2009-09-02 02:27:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
QDataStream &operator<<(QDataStream &out, const Credentials &myObj)
|
|
|
|
{
|
2012-08-24 03:19:29 +02:00
|
|
|
#if ENABLE_REMOTE_WIDGETS
|
2009-09-09 17:36:17 +00:00
|
|
|
if (!QCA::isSupported(REQUIRED_FEATURES)) {
|
2009-09-21 16:48:19 +00:00
|
|
|
kWarning() << "QCA doesn't support " << REQUIRED_FEATURES;
|
|
|
|
return out;
|
2009-09-09 17:36:17 +00:00
|
|
|
}
|
2009-09-21 16:48:19 +00:00
|
|
|
|
2009-09-02 02:27:16 +00:00
|
|
|
QString privateKeyPem;
|
|
|
|
QString publicKeyPem;
|
|
|
|
|
|
|
|
if (!myObj.d->privateKey.isNull()) {
|
|
|
|
privateKeyPem = myObj.d->privateKey.toPEM();
|
|
|
|
}
|
|
|
|
if (!myObj.d->publicKey.isNull()) {
|
|
|
|
publicKeyPem = myObj.d->publicKey.toPEM();
|
|
|
|
}
|
|
|
|
|
|
|
|
out << 1 << myObj.d->id << myObj.d->name << privateKeyPem << publicKeyPem;
|
2009-09-09 13:40:16 +00:00
|
|
|
#endif
|
2009-09-02 02:27:16 +00:00
|
|
|
|
|
|
|
return out;
|
|
|
|
}
|
|
|
|
|
|
|
|
QDataStream &operator>>(QDataStream &in, Credentials &myObj)
|
|
|
|
{
|
2012-08-24 03:19:29 +02:00
|
|
|
#if ENABLE_REMOTE_WIDGETS
|
2009-09-09 17:36:17 +00:00
|
|
|
if (!QCA::isSupported(REQUIRED_FEATURES)) {
|
2009-09-21 16:48:19 +00:00
|
|
|
kWarning() << "QCA doesn't support " << REQUIRED_FEATURES;
|
|
|
|
return in;
|
2009-09-09 17:36:17 +00:00
|
|
|
}
|
2009-09-21 16:48:19 +00:00
|
|
|
|
2009-09-02 02:27:16 +00:00
|
|
|
QString privateKeyString;
|
|
|
|
QString publicKeyString;
|
|
|
|
uint version;
|
|
|
|
|
|
|
|
in >> version >> myObj.d->id >> myObj.d->name >> privateKeyString >> publicKeyString;
|
|
|
|
QCA::ConvertResult conversionResult;
|
|
|
|
|
|
|
|
if (!privateKeyString.isEmpty()) {
|
|
|
|
myObj.d->privateKey = QCA::PrivateKey::fromPEM(privateKeyString,
|
|
|
|
QByteArray(), &conversionResult);
|
|
|
|
}
|
2009-09-21 16:48:19 +00:00
|
|
|
|
2009-09-02 02:27:16 +00:00
|
|
|
if (!publicKeyString.isEmpty()) {
|
|
|
|
myObj.d->publicKey = QCA::PublicKey::fromPEM(publicKeyString, &conversionResult);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (conversionResult != QCA::ConvertGood) {
|
2011-07-29 15:46:52 +02:00
|
|
|
#ifndef NDEBUG
|
2009-09-02 02:27:16 +00:00
|
|
|
kDebug() << "Unsuccessfull conversion of key?";
|
2011-07-29 15:46:52 +02:00
|
|
|
#endif
|
2009-09-02 02:27:16 +00:00
|
|
|
}
|
2009-09-09 13:40:16 +00:00
|
|
|
#endif
|
2009-09-02 02:27:16 +00:00
|
|
|
|
|
|
|
return in;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|