mirror of
https://github.com/strawberrymusicplayer/strawberry
synced 2024-12-18 19:42:53 +01:00
Add proper error handling to local redirectserver
This commit is contained in:
Jonas Kvinge
parent
b8fa2985d5
commit
c4b732ff93
@ -56,63 +56,81 @@ LocalRedirectServer::~LocalRedirectServer() {}
|
||||
|
||||
bool LocalRedirectServer::GenerateCertificate() {
|
||||
|
||||
gnutls_global_init();
|
||||
if (int result = gnutls_global_init() != GNUTLS_E_SUCCESS) {
|
||||
error_ = QString("Failed to initialize GnuTLS: %1").arg(gnutls_strerror(result));
|
||||
return false;
|
||||
}
|
||||
|
||||
gnutls_x509_privkey_t key;
|
||||
gnutls_x509_privkey_init(&key);
|
||||
if (int result = gnutls_x509_privkey_init(&key) != GNUTLS_E_SUCCESS) {
|
||||
error_ = QString("Failed to initialize the private key structure: %1").arg(gnutls_strerror(result));
|
||||
gnutls_global_deinit();
|
||||
return false;
|
||||
}
|
||||
|
||||
unsigned int bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_RSA, GNUTLS_SEC_PARAM_MEDIUM);
|
||||
gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, bits, 0);
|
||||
|
||||
if (int result = gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, bits, 0) != GNUTLS_E_SUCCESS) {
|
||||
error_ = QString("Failed to generate random private key: %1").arg(gnutls_strerror(result));
|
||||
gnutls_global_deinit();
|
||||
return false;
|
||||
}
|
||||
|
||||
char buffer[4096] = "";
|
||||
size_t buffer_size = sizeof(buffer);
|
||||
gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, buffer, &buffer_size);
|
||||
|
||||
if (int result = gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, buffer, &buffer_size) != GNUTLS_E_SUCCESS) {
|
||||
error_ = QString("Failed export private key: %1").arg(gnutls_strerror(result));
|
||||
gnutls_x509_privkey_deinit(key);
|
||||
gnutls_global_deinit();
|
||||
return false;
|
||||
}
|
||||
|
||||
QSslKey ssl_key(QByteArray(buffer, buffer_size), QSsl::Rsa);
|
||||
if (ssl_key.isNull()) {
|
||||
error_ = "Failed to generate a random private key.";
|
||||
error_ = QString("Failed to generate random private key.");
|
||||
gnutls_x509_privkey_deinit(key);
|
||||
gnutls_global_deinit();
|
||||
return false;
|
||||
}
|
||||
|
||||
gnutls_x509_crt_t crt;
|
||||
if (gnutls_x509_crt_init(&crt) != GNUTLS_E_SUCCESS) {
|
||||
error_ = "gnutls_x509_crt_init failed.";
|
||||
if (int result = gnutls_x509_crt_init(&crt) != GNUTLS_E_SUCCESS) {
|
||||
error_ = QString("Failed to initialize an X.509 certificate structure: %1").arg(gnutls_strerror(result));
|
||||
gnutls_x509_privkey_deinit(key);
|
||||
gnutls_global_deinit();
|
||||
return false;
|
||||
}
|
||||
if (gnutls_x509_crt_set_version(crt, 1) != GNUTLS_E_SUCCESS) {
|
||||
error_ = "gnutls_x509_crt_set_version failed.";
|
||||
if (int result = gnutls_x509_crt_set_version(crt, 1) != GNUTLS_E_SUCCESS) {
|
||||
error_ = QString("Failed to set the version of the certificate: %1").arg(gnutls_strerror(result));
|
||||
gnutls_x509_privkey_deinit(key);
|
||||
gnutls_x509_crt_deinit(crt);
|
||||
gnutls_global_deinit();
|
||||
return false;
|
||||
}
|
||||
if (gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_COUNTRY_NAME, 0, "US", 2) != GNUTLS_E_SUCCESS) {
|
||||
error_ = "gnutls_x509_crt_set_dn_by_oid failed.";
|
||||
if (int result = gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_COUNTRY_NAME, 0, "US", 2) != GNUTLS_E_SUCCESS) {
|
||||
error_ = QString("Failed to set part of the name of the certificate subject: %1").arg(gnutls_strerror(result));
|
||||
gnutls_x509_privkey_deinit(key);
|
||||
gnutls_x509_crt_deinit(crt);
|
||||
gnutls_global_deinit();
|
||||
return false;
|
||||
}
|
||||
if (gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_ORGANIZATION_NAME, 0, "Strawberry Music Player", strlen("Strawberry Music Player")) != GNUTLS_E_SUCCESS) {
|
||||
error_ = "gnutls_x509_crt_set_dn_by_oid failed.";
|
||||
if (int result = gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_ORGANIZATION_NAME, 0, "Strawberry Music Player", strlen("Strawberry Music Player")) != GNUTLS_E_SUCCESS) {
|
||||
error_ = QString("Failed to set part of the name of the certificate subject: %1").arg(gnutls_strerror(result));
|
||||
gnutls_x509_privkey_deinit(key);
|
||||
gnutls_x509_crt_deinit(crt);
|
||||
gnutls_global_deinit();
|
||||
return false;
|
||||
}
|
||||
if (gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_COMMON_NAME, 0, "localhost", strlen("localhost")) != GNUTLS_E_SUCCESS) {
|
||||
error_ = "gnutls_x509_crt_set_dn_by_oid failed.";
|
||||
if (int result = gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_COMMON_NAME, 0, "localhost", strlen("localhost")) != GNUTLS_E_SUCCESS) {
|
||||
error_ = QString("Failed to set part of the name of the certificate subject: %1").arg(gnutls_strerror(result));
|
||||
gnutls_x509_privkey_deinit(key);
|
||||
gnutls_x509_crt_deinit(crt);
|
||||
gnutls_global_deinit();
|
||||
return false;
|
||||
}
|
||||
if (gnutls_x509_crt_set_key(crt, key) != GNUTLS_E_SUCCESS) {
|
||||
error_ = "gnutls_x509_crt_set_key failed.";
|
||||
if (int result = gnutls_x509_crt_set_key(crt, key) != GNUTLS_E_SUCCESS) {
|
||||
error_ = QString("Failed to set the public parameters from the given private key to the certificate: %1").arg(gnutls_strerror(result));
|
||||
gnutls_x509_privkey_deinit(key);
|
||||
gnutls_x509_crt_deinit(crt);
|
||||
gnutls_global_deinit();
|
||||
@ -120,8 +138,8 @@ bool LocalRedirectServer::GenerateCertificate() {
|
||||
}
|
||||
quint64 time = QDateTime::currentDateTime().toTime_t();
|
||||
gnutls_x509_crt_set_activation_time(crt, time);
|
||||
if (gnutls_x509_crt_set_expiration_time(crt, time + 31536000L) != GNUTLS_E_SUCCESS) {
|
||||
error_ = "gnutls_x509_crt_set_expiration_time failed.";
|
||||
if (int result = gnutls_x509_crt_set_expiration_time(crt, time + 31536000L) != GNUTLS_E_SUCCESS) {
|
||||
error_ = QString("Failed to set the activation time of the certificate: %1").arg(gnutls_strerror(result));
|
||||
gnutls_x509_privkey_deinit(key);
|
||||
gnutls_x509_crt_deinit(crt);
|
||||
gnutls_global_deinit();
|
||||
@ -132,8 +150,8 @@ bool LocalRedirectServer::GenerateCertificate() {
|
||||
QByteArray q_serial;
|
||||
q_serial.setNum(serial);
|
||||
|
||||
if (gnutls_x509_crt_set_serial (crt, q_serial.constData(), sizeof(q_serial.size())) != GNUTLS_E_SUCCESS) {
|
||||
error_ = "gnutls_x509_crt_set_serial failed.";
|
||||
if (int result = gnutls_x509_crt_set_serial(crt, q_serial.constData(), sizeof(q_serial.size())) != GNUTLS_E_SUCCESS) {
|
||||
error_ = QString("Failed to set the serial of the certificate: %1").arg(gnutls_strerror(result));
|
||||
gnutls_x509_privkey_deinit(key);
|
||||
gnutls_x509_crt_deinit(crt);
|
||||
gnutls_global_deinit();
|
||||
@ -141,12 +159,16 @@ bool LocalRedirectServer::GenerateCertificate() {
|
||||
}
|
||||
|
||||
gnutls_privkey_t pkey;
|
||||
gnutls_privkey_init(&pkey);
|
||||
gnutls_privkey_import_x509(pkey, key, 0);
|
||||
gnutls_x509_crt_privkey_sign(crt, crt, pkey, GNUTLS_DIG_SHA256, 0);
|
||||
if (int result = gnutls_privkey_init(&pkey) != GNUTLS_E_SUCCESS) {
|
||||
error_ = QString("Failed to initialize a private key object: %1").arg(gnutls_strerror(result));
|
||||
gnutls_x509_privkey_deinit(key);
|
||||
gnutls_x509_crt_deinit(crt);
|
||||
gnutls_global_deinit();
|
||||
return false;
|
||||
}
|
||||
|
||||
if (gnutls_x509_crt_sign2(crt, crt, key, GNUTLS_DIG_SHA256, 0) != GNUTLS_E_SUCCESS) {
|
||||
error_ = "gnutls_x509_crt_sign2 failed.";
|
||||
if (int result = gnutls_privkey_import_x509(pkey, key, 0) != GNUTLS_E_SUCCESS) {
|
||||
error_ = QString("Failed to import the given private key to the abstract private key object: %1").arg(gnutls_strerror(result));
|
||||
gnutls_x509_privkey_deinit(key);
|
||||
gnutls_x509_crt_deinit(crt);
|
||||
gnutls_privkey_deinit(pkey);
|
||||
@ -154,8 +176,26 @@ bool LocalRedirectServer::GenerateCertificate() {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, buffer, &buffer_size) != GNUTLS_E_SUCCESS) {
|
||||
error_ = "gnutls_x509_crt_export failed.";
|
||||
if (int result = gnutls_x509_crt_privkey_sign(crt, crt, pkey, GNUTLS_DIG_SHA256, 0) != GNUTLS_E_SUCCESS) {
|
||||
error_ = QString("Failed to sign the certificate with the issuer's private key: %1").arg(gnutls_strerror(result));
|
||||
gnutls_x509_privkey_deinit(key);
|
||||
gnutls_x509_crt_deinit(crt);
|
||||
gnutls_privkey_deinit(pkey);
|
||||
gnutls_global_deinit();
|
||||
return false;
|
||||
}
|
||||
|
||||
if (int result = gnutls_x509_crt_sign2(crt, crt, key, GNUTLS_DIG_SHA256, 0) != GNUTLS_E_SUCCESS) {
|
||||
error_ = QString("Failed to sign the certificate: %1").arg(gnutls_strerror(result));
|
||||
gnutls_x509_privkey_deinit(key);
|
||||
gnutls_x509_crt_deinit(crt);
|
||||
gnutls_privkey_deinit(pkey);
|
||||
gnutls_global_deinit();
|
||||
return false;
|
||||
}
|
||||
|
||||
if (int result = gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, buffer, &buffer_size) != GNUTLS_E_SUCCESS) {
|
||||
error_ = QString("Failed to export the certificate to PEM format: %1").arg(gnutls_strerror(result));
|
||||
gnutls_x509_privkey_deinit(key);
|
||||
gnutls_x509_crt_deinit(crt);
|
||||
gnutls_privkey_deinit(pkey);
|
||||
@ -168,7 +208,7 @@ bool LocalRedirectServer::GenerateCertificate() {
|
||||
|
||||
QSslCertificate ssl_certificate(QByteArray(buffer, buffer_size));
|
||||
if (ssl_certificate.isNull()) {
|
||||
error_ = "Failed to generate a random client certificate.";
|
||||
error_ = "Failed to generate random client certificate.";
|
||||
gnutls_global_deinit();
|
||||
return false;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user