dbhub: Add client certificate management

Add a list of all configured client certificates to the preferences dialog and show some information on them. Add two button to the preferences dialog to add and remove client certificates. Copy configured client certificates to some safe place where they aren't deleted by accident. Change the remote code to expect certificate and private key in one file. The path to this file is still hardcoded, now to client.cert.pem. Remove the example client certificate as it's not up-to-date anymore anyway. Still missing: Option to use a configured client certificate from the preferences dialog to authenticate.
2026-01-20 02:50:46 -06:00 · 2016-11-01 22:54:50 +01:00
parent 02019e391b
commit 60e4cb758e
7 changed files with 312 additions and 115 deletions
--- a/src/RemoteDatabase.cpp
+++ b/src/RemoteDatabase.cpp
@@ -9,6 +9,7 @@
 #include "RemoteDatabase.h"
 #include "version.h"
 #include "FileDialog.h"
+#include "Settings.h"

 RemoteDatabase::RemoteDatabase() :
    m_manager(new QNetworkAccessManager),
@@ -27,18 +28,14 @@ RemoteDatabase::RemoteDatabase() :
        caCerts += QSslCertificate::fromPath(":/certs/" + caCertName);
    m_sslConfiguration.setCaCertificates(caCerts);

-    // Load client cert
-    QFile fileClientCert("client.crt");
+    // Load client cert and private key
+    QFile fileClientCert("client.cert.pem");
    fileClientCert.open(QFile::ReadOnly);
    QSslCertificate clientCert(&fileClientCert);
+    fileClientCert.seek(0);
+    QSslKey clientKey(&fileClientCert, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey);
    fileClientCert.close();
    m_sslConfiguration.setLocalCertificate(clientCert);
-
-    // Load private key
-    QFile fileClientKey("client.key");
-    fileClientKey.open(QFile::ReadOnly);
-    QSslKey clientKey(&fileClientKey, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey, "password");
-    fileClientKey.close();
    m_sslConfiguration.setPrivateKey(clientKey);

    // Load settings and set up some more stuff while doing so
@@ -58,6 +55,18 @@ RemoteDatabase::~RemoteDatabase()

 void RemoteDatabase::reloadSettings()
 {
+    // Load all configured client certificates
+    m_clientCertFiles.clear();
+    auto client_certs = Settings::getSettingsValue("remote", "client_certificates").toStringList();
+    foreach(const QString& path, client_certs)
+    {
+        QFile file(path);
+        file.open(QFile::ReadOnly);
+        QSslCertificate cert(&file);
+        file.close();
+        m_clientCertFiles.insert(path, cert);
+    }
+
    // TODO Add support for proxies here
 }