Commit 9e495d1f authored by Eike Hein's avatar Eike Hein
Browse files

Add support for SSL Client Certificate authentication using PEM files.

BUG:164794

The additional info label unfortunately makes the Qt 4.8 regression
in QFormLayout even more annoying; I'll have to deal with this later.
parent b577e197
......@@ -65,6 +65,10 @@ Changes not in the 1.4 branch:
the hovered tab will now be switched to after a brief delay. This allows
switching to the intended tab as part of dragging text or a file to its
destination, e.g. the tab's input bar or nicklist.
* Added support for authenticating via a SSL Client Certificate in the form of
a PEM file, as supported by Freenode and OFTC, among others. Choosing this
type of authentication in the Identities dialog forces SSL to be enabled for
a connection, overriding any server settings.
Changes since 1.4:
......
......@@ -87,6 +87,7 @@ void Identity::copy(const Identity& original)
setNickservNickname(original.getNickservNickname());
setNickservCommand(original.getNickservCommand());
setSaslAccount(original.getSaslAccount());
setPemClientCertFile(original.getPemClientCertFile());
setQuitReason(original.getQuitReason());
setPartReason(original.getPartReason());
setKickReason(original.getKickReason());
......@@ -128,6 +129,8 @@ void Identity::setNickservCommand(const QString& nickservCommand) { m_nickservCo
QString Identity::getNickservCommand() const { return m_nickservCommand; }
void Identity::setSaslAccount(const QString& saslAccount) { m_saslAccount = saslAccount; }
QString Identity::getSaslAccount() const { return m_saslAccount; }
void Identity::setPemClientCertFile(const KUrl& url) { m_pemClientCertFile = url; }
KUrl Identity::getPemClientCertFile() const { return m_pemClientCertFile; }
void Identity::setQuitReason(const QString& reason) { quitReason=reason; }
QString Identity::getQuitReason() const { return quitReason; }
......
......@@ -15,7 +15,9 @@
#ifndef IDENTITY_H
#define IDENTITY_H
#include <ksharedptr.h>
#include <KSharedPtr>
#include <KUrl>
#include <QStringList>
......@@ -59,6 +61,8 @@ class Identity : public KShared
QString getNickservCommand() const;
void setSaslAccount(const QString& saslAccount);
QString getSaslAccount() const;
void setPemClientCertFile(const KUrl& url);
KUrl getPemClientCertFile() const;
void setQuitReason(const QString& reason);
QString getQuitReason() const;
......@@ -116,6 +120,7 @@ class Identity : public KShared
QString m_nickservNickname;
QString m_nickservCommand;
QString m_saslAccount;
KUrl m_pemClientCertFile;
bool insertRememberLineOnAway;
bool runAwayCommands;
......
......@@ -78,9 +78,11 @@ namespace Konversation
connect(m_authTypeCombo, SIGNAL(currentIndexChanged(int)), this, SLOT(authTypeChanged(int)));
m_authTypeCombo->addItem(i18n("Standard NickServ"), "nickserv");
m_authTypeCombo->addItem(i18n("SASL"), "saslplain");
m_authTypeCombo->addItem(i18n("Server Password"), "serverpw");
m_authTypeCombo->addItem(i18n("SASL"), "saslplain");
#if KDE_IS_VERSION(4, 8, 2)
m_authTypeCombo->addItem(i18n("SSL Client Certificate"), "pemclientcert");
#endif
// add encodings to combo box
m_codecCBox->addItems(Konversation::IRCCharsets::self()->availableEncodingDescriptiveNames());
......@@ -121,6 +123,7 @@ namespace Konversation
m_nickservNicknameEdit->setText(m_currentIdentity->getNickservNickname());
m_nickservCommandEdit->setText(m_currentIdentity->getNickservCommand());
m_saslAccountEdit->setText(m_currentIdentity->getSaslAccount());
m_pemClientCertFile->setUrl(m_currentIdentity->getPemClientCertFile());
m_insertRememberLineOnAwayChBox->setChecked(m_currentIdentity->getInsertRememberLineOnAway());
m_awayMessageEdit->setText(m_currentIdentity->getAwayMessage());
......@@ -167,6 +170,7 @@ namespace Konversation
m_currentIdentity->setNickservNickname(m_nickservNicknameEdit->text());
m_currentIdentity->setNickservCommand(m_nickservCommandEdit->text());
m_currentIdentity->setSaslAccount(m_saslAccountEdit->text());
m_currentIdentity->setPemClientCertFile(m_pemClientCertFile->url());
m_currentIdentity->setInsertRememberLineOnAway(m_insertRememberLineOnAwayChBox->isChecked());
m_currentIdentity->setAwayMessage(m_awayMessageEdit->text());
......@@ -355,49 +359,46 @@ namespace Konversation
bool isNickServ = (authType == "nickserv");
bool isSaslPlain = (authType == "saslplain");
bool isServerPw = (authType == "serverpw");
bool isPemClientCert = (authType == "pemclientcert");
if (isNickServ)
{
if (autoIdentifyLayout->indexOf(m_nickservNicknameEdit) == -1)
autoIdentifyLayout->insertRow(1, nickservNicknameLabel, m_nickservNicknameEdit);
nickservNicknameLabel->setVisible(isNickServ);
m_nickservNicknameEdit->setVisible(isNickServ);
nickservCommandLabel->setVisible(isNickServ);
m_nickservCommandEdit->setVisible(isNickServ);
saslAccountLabel->setVisible(isSaslPlain);
m_saslAccountEdit->setVisible(isSaslPlain);
authPasswordLabel->setVisible(!isPemClientCert);
m_authPasswordEdit->setVisible(!isPemClientCert);
pemClientCertFileLabel->setVisible(isPemClientCert);
m_pemClientCertFile->setVisible(isPemClientCert);
serverPasswordAuthInfoLabel->setVisible(isServerPw);
pemClientCertAuthInfoLabel->setVisible(isPemClientCert);
for (int i = 0; i < autoIdentifyLayout->count(); ++i)
autoIdentifyLayout->removeItem(autoIdentifyLayout->itemAt(0));
if (autoIdentifyLayout->indexOf(m_nickservCommandEdit) == -1)
autoIdentifyLayout->insertRow(2, nickservCommandLabel, m_nickservCommandEdit);
autoIdentifyLayout->addRow(authTypeLabel, m_authTypeCombo);
autoIdentifyLayout->removeWidget(saslAccountLabel);
autoIdentifyLayout->removeWidget(m_saslAccountEdit);
autoIdentifyLayout->removeWidget(serverPasswordAuthInfoLabel);
if (isNickServ)
{
autoIdentifyLayout->addRow(nickservNicknameLabel, m_nickservNicknameEdit);
autoIdentifyLayout->addRow(nickservCommandLabel, m_nickservCommandEdit);
autoIdentifyLayout->addRow(authPasswordLabel, m_authPasswordEdit);
}
else if (isServerPw)
{
autoIdentifyLayout->addRow(authPasswordLabel, m_authPasswordEdit);
autoIdentifyLayout->addRow(0, serverPasswordAuthInfoLabel);
}
else if (isSaslPlain)
{
if (autoIdentifyLayout->indexOf(m_saslAccountEdit) == -1)
autoIdentifyLayout->insertRow(3, saslAccountLabel, m_saslAccountEdit);
autoIdentifyLayout->removeWidget(nickservNicknameLabel);
autoIdentifyLayout->removeWidget(m_nickservNicknameEdit);
autoIdentifyLayout->removeWidget(nickservCommandLabel);
autoIdentifyLayout->removeWidget(m_nickservCommandEdit);
autoIdentifyLayout->removeWidget(serverPasswordAuthInfoLabel);
autoIdentifyLayout->addRow(saslAccountLabel, m_saslAccountEdit);
autoIdentifyLayout->addRow(authPasswordLabel, m_authPasswordEdit);
}
else if (isServerPw)
else if (isPemClientCert)
{
if (autoIdentifyLayout->indexOf(serverPasswordAuthInfoLabel) == -1)
autoIdentifyLayout->addRow(0, serverPasswordAuthInfoLabel);
autoIdentifyLayout->removeWidget(nickservNicknameLabel);
autoIdentifyLayout->removeWidget(m_nickservNicknameEdit);
autoIdentifyLayout->removeWidget(nickservCommandLabel);
autoIdentifyLayout->removeWidget(m_nickservCommandEdit);
autoIdentifyLayout->removeWidget(saslAccountLabel);
autoIdentifyLayout->removeWidget(m_saslAccountEdit);
autoIdentifyLayout->addRow(pemClientCertFileLabel, m_pemClientCertFile);
autoIdentifyLayout->addRow(0, pemClientCertAuthInfoLabel);
}
nickservNicknameLabel->setVisible(isNickServ);
m_nickservNicknameEdit->setVisible(isNickServ);
nickservCommandLabel->setVisible(isNickServ);
m_nickservCommandEdit->setVisible(isNickServ);
saslAccountLabel->setVisible(isSaslPlain);
m_saslAccountEdit->setVisible(isSaslPlain);
serverPasswordAuthInfoLabel->setVisible(isServerPw);
}
}
......@@ -7,7 +7,7 @@
<x>0</x>
<y>0</y>
<width>331</width>
<height>366</height>
<height>472</height>
</rect>
</property>
<layout class="QVBoxLayout" name="verticalLayout_2">
......@@ -282,7 +282,7 @@
</property>
</widget>
</item>
<item row="6" column="1">
<item row="7" column="1">
<widget class="QLabel" name="serverPasswordAuthInfoLabel">
<property name="sizePolicy">
<sizepolicy hsizetype="Expanding" vsizetype="Minimum">
......@@ -301,6 +301,36 @@
</property>
</widget>
</item>
<item row="6" column="1">
<widget class="KUrlRequester" name="m_pemClientCertFile">
<property name="filter">
<string>*.pem</string>
</property>
</widget>
</item>
<item row="6" column="0">
<widget class="QLabel" name="pemClientCertFileLabel">
<property name="text">
<string>PEM file:</string>
</property>
</widget>
</item>
<item row="8" column="1">
<widget class="QLabel" name="pemClientCertAuthInfoLabel">
<property name="sizePolicy">
<sizepolicy hsizetype="Expanding" vsizetype="Minimum">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;&lt;span style=&quot; font-weight:600;&quot;&gt;Note:&lt;/span&gt; SSL Client Certificate implementation forces SSL to be enabled for a connection, overriding any server settings.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
</layout>
</widget>
</item>
......@@ -672,6 +702,11 @@
<extends>QSpinBox</extends>
<header>knuminput.h</header>
</customwidget>
<customwidget>
<class>KUrlRequester</class>
<extends>QFrame</extends>
<header>kurlrequester.h</header>
</customwidget>
<customwidget>
<class>KTabWidget</class>
<extends>QTabWidget</extends>
......@@ -692,6 +727,7 @@
<tabstop>m_nickservCommandEdit</tabstop>
<tabstop>m_saslAccountEdit</tabstop>
<tabstop>m_authPasswordEdit</tabstop>
<tabstop>m_pemClientCertFile</tabstop>
<tabstop>m_insertRememberLineOnAwayChBox</tabstop>
<tabstop>m_awayMessageEdit</tabstop>
<tabstop>m_awayNickEdit</tabstop>
......
......@@ -462,20 +462,26 @@ void Server::connectToIRCServer()
QString::number(getConnectionSettings().server().port())));
// connect() will do a async lookup too
if(!getConnectionSettings().server().SSLEnabled())
{
connect(m_socket, SIGNAL(connected()), SLOT (socketConnected()));
m_socket->connectToHost(getConnectionSettings().server().host(), getConnectionSettings().server().port());
}
else
if(!getConnectionSettings().server().SSLEnabled() || getIdentity()->getAuthType() == "pemclientcert")
{
connect(m_socket, SIGNAL(encrypted()), SLOT (socketConnected()));
connect(m_socket, SIGNAL(sslErrors(QList<KSslError>)), SLOT(sslError(QList<KSslError>)));
if (getIdentity()->getAuthType() == "pemclientcert")
{
m_socket->setLocalCertificate(getIdentity()->getPemClientCertFile().toLocalFile());
m_socket->setPrivateKey(getIdentity()->getPemClientCertFile().toLocalFile());
}
m_socket->setAdvertisedSslVersion(KTcpSocket::TlsV1);
m_socket->connectToHostEncrypted(getConnectionSettings().server().host(), getConnectionSettings().server().port());
}
else
{
connect(m_socket, SIGNAL(connected()), SLOT (socketConnected()));
m_socket->connectToHost(getConnectionSettings().server().host(), getConnectionSettings().server().port());
}
// set up the connection details
setPrefixes(m_serverNickPrefixModes, m_serverNickPrefixes);
......
......@@ -98,7 +98,7 @@ ViewTreeItem::ViewTreeItem(Q3ListView* parent) : Q3ListViewItem(parent)
{
setView(0);
setViewType(ChatWindow::Status);
setOpen(true);
setDragEnabled(false);
......@@ -108,7 +108,7 @@ ViewTreeItem::ViewTreeItem(Q3ListView* parent) : Q3ListViewItem(parent)
images = 0;
m_closeButtonShown = false;
m_closeButtonEnabled = false;
m_closeButtonEnabled = false;
}
ViewTreeItem::~ViewTreeItem()
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment