Improve SSL management

Hopefully addressed the problems against our (new) SSL code.

CCMAIL:timb@nth-dimension.org.uk

4 files changed, 50 insertions, 13 deletions

diff --git a/src/sslinfodialog.cpp b/src/sslinfodialog.cpp
index 56cd0858..97aafd81 100644
--- a/src/sslinfodialog.cpp
+++ b/src/sslinfodialog.cpp
@@ -28,6 +28,7 @@
 #include "sslinfodialog.h"
 #include "sslinfodialog.moc"
 
+
 #include <KFileDialog>
 
 #include <QtGui/QFrame>
@@ -37,12 +38,12 @@
 #include <QtGui/QLayout>
 #include <QtCore/Q_PID>
 #include <QtNetwork/QSslCertificate>
-#include <QtNetwork/QSslError>
 
 #include <QFormLayout>
 
 #include <kglobal.h>
 #include <klocale.h>
+#include <ktcpsocket.h>
 
 
 SslInfoDialog::SslInfoDialog(const QString &host, const WebSslInfo &info, QWidget *parent)
@@ -87,20 +88,39 @@ void SslInfoDialog::showCertificateInfo(QSslCertificate subjectCert, const QStri
     c += QL1S("</ul>");
     ui.certInfoLabel->setText(c);
 
+    // WARNING (Security Issue): set these labels to use PlainText!
     ui.subjectCN->setText(subjectCert.subjectInfo(QSslCertificate::CommonName));
+    ui.subjectCN->setTextFormat(Qt::PlainText);
+    
     ui.subjectO->setText(subjectCert.subjectInfo(QSslCertificate::Organization));
+    ui.subjectO->setTextFormat(Qt::PlainText);
+
     ui.subjectOU->setText(subjectCert.subjectInfo(QSslCertificate::OrganizationalUnitName));
+    ui.subjectOU->setTextFormat(Qt::PlainText);
+
     ui.subjectSN->setText(subjectCert.serialNumber());
+    ui.subjectSN->setTextFormat(Qt::PlainText);
 
     ui.issuerCN->setText(subjectCert.issuerInfo(QSslCertificate::CommonName));
+    ui.issuerCN->setTextFormat(Qt::PlainText);
+
     ui.issuerO->setText(subjectCert.issuerInfo(QSslCertificate::Organization));
+    ui.issuerO->setTextFormat(Qt::PlainText);
+
     ui.issuerOU->setText(subjectCert.issuerInfo(QSslCertificate::OrganizationalUnitName));
+    ui.issuerOU->setTextFormat(Qt::PlainText);
 
     ui.issuedOn->setText(subjectCert.effectiveDate().date().toString(Qt::SystemLocaleShortDate));
+    ui.issuedOn->setTextFormat(Qt::PlainText);
+
     ui.expiresOn->setText(subjectCert.expiryDate().date().toString(Qt::SystemLocaleShortDate));
+    ui.expiresOn->setTextFormat(Qt::PlainText);
+
     ui.md5->setText(subjectCert.digest(QCryptographicHash::Md5).toHex());
-    ui.sha1->setText(subjectCert.digest(QCryptographicHash::Sha1).toHex());
+    ui.md5->setTextFormat(Qt::PlainText);
 
+    ui.sha1->setText(subjectCert.digest(QCryptographicHash::Sha1).toHex());
+    ui.sha1->setTextFormat(Qt::PlainText);
 }
 
 
@@ -109,7 +129,9 @@ void SslInfoDialog::displayFromChain(int i)
     QList<QSslCertificate> caList = m_info.certificateChain();
     QSslCertificate cert = caList.at(i);
 
-    if(cert.isValid())
+    QStringList errors = SslInfoDialog::errorsFromString(m_info.certificateErrors()).at(i);
+
+    if(cert.isValid() && errors.isEmpty())
     {
         QStringList certInfo;
         certInfo << i18n("The Certificate is Valid!");
@@ -117,7 +139,6 @@ void SslInfoDialog::displayFromChain(int i)
     }
     else
     {
-        QStringList errors = SslInfoDialog::errorsFromString(m_info.certificateErrors()).at(i);
         errors.prepend(i18n("The certificate for this site is NOT valid for the following reasons:"));
         showCertificateInfo(cert, errors);
     }
@@ -155,10 +176,10 @@ QList<QStringList> SslInfoDialog::errorsFromString(const QString &s)
         Q_FOREACH(const QString & s, sl)
         {
             bool didConvert;
-            QSslError::SslError error = static_cast<QSslError::SslError>(s.trimmed().toInt(&didConvert));
+            KSslError::Error error = static_cast<KSslError::Error>(s.trimmed().toInt(&didConvert));
             if(didConvert)
             {
-                errors << QSslError(error).errorString();
+                errors << KSslError(error).errorString();
             }
         }
         resultList << errors;
diff --git a/src/sslinfodialog.h b/src/sslinfodialog.h
index b40ce4f0..3544c62c 100644
--- a/src/sslinfodialog.h
+++ b/src/sslinfodialog.h
@@ -56,7 +56,7 @@ public:
     explicit SslInfoDialog(const QString &host, const WebSslInfo &info, QWidget *parent = 0);
 
     static QList<QStringList> errorsFromString(const QString &s);
-
+    
 private Q_SLOTS:
     void displayFromChain(int);
     void exportCert();
diff --git a/src/urlbar/sslwidget.cpp b/src/urlbar/sslwidget.cpp
index fd0b97b8..dec7033c 100644
--- a/src/urlbar/sslwidget.cpp
+++ b/src/urlbar/sslwidget.cpp
@@ -48,8 +48,9 @@ SSLWidget::SSLWidget(const QUrl &url, const WebSslInfo &info, QWidget *parent)
     setAttribute(Qt::WA_DeleteOnClose);
     setMinimumWidth(400);
 
-    QSslCertificate cert = info.certificateChain().first();
-
+    QSslCertificate cert = m_info.certificateChain().first();
+    QStringList errorList = SslInfoDialog::errorsFromString(m_info.certificateErrors()).first();
+    
     QGridLayout *layout = new QGridLayout(this);
 
     QLabel *label;
@@ -75,10 +76,11 @@ SSLWidget::SSLWidget(const QUrl &url, const WebSslInfo &info, QWidget *parent)
     }
     else
     {
-        if(cert.isValid())
+        if(cert.isValid() && errorList.isEmpty())
         {
             label = new QLabel(this);
             label->setWordWrap(true);
+            label->setTextFormat(Qt::PlainText);
             label->setText(i18n("This certificate for this site is valid and has been verified by:\n%1.",
                                 cert.issuerInfo(QSslCertificate::CommonName)));
 
@@ -134,7 +136,7 @@ SSLWidget::SSLWidget(const QUrl &url, const WebSslInfo &info, QWidget *parent)
     {
         label = new QLabel(this);
         label->setWordWrap(true);
-        label->setText(i18n("Your connection to %1 is NOT encrypted!!\n\n", m_url.host()));
+        label->setText(i18n("Your connection to %1 is NOT encrypted!!\n", m_url.host()));
         layout->addWidget(label, rows++ , 1);
 
         imageLabel->setPixmap(KIcon("security-low").pixmap(32));
@@ -143,7 +145,8 @@ SSLWidget::SSLWidget(const QUrl &url, const WebSslInfo &info, QWidget *parent)
     {
         label = new QLabel(this);
         label->setWordWrap(true);
-        label->setText(i18n("Your connection to %1 is encrypted with %2-bit encryption.\n\n", m_url.host(), m_info.supportedChiperBits()));
+        label->setTextFormat(Qt::PlainText);
+        label->setText(i18n("Your connection to %1 is encrypted with %2-bit encryption.\n", m_url.host(), m_info.supportedChiperBits()));
         layout->addWidget(label, rows++, 1);
 
         int vers = cert.version().toInt();
@@ -170,12 +173,13 @@ SSLWidget::SSLWidget(const QUrl &url, const WebSslInfo &info, QWidget *parent)
 
         label = new QLabel(this);
         label->setWordWrap(true);
-        label->setText(i18n("The connection uses %1.\n\n", sslVersion));
+        label->setText(i18n("The connection uses %1.\n", sslVersion));
         layout->addWidget(label, rows++, 1);
 
         const QStringList cipherInfo = m_info.ciphers().split('\n', QString::SkipEmptyParts);
         label = new QLabel(this);
         label->setWordWrap(true);
+        label->setTextFormat(Qt::PlainText);
         label->setText(
             i18n("The connection is encrypted using %1 at %2 bits with %3 for message authentication and %4 as the key exchange mechanism.\n\n",
                  cipherInfo[0],
diff --git a/src/webpage.cpp b/src/webpage.cpp
index 93e41944..0c9b436d 100644
--- a/src/webpage.cpp
+++ b/src/webpage.cpp
@@ -50,6 +50,7 @@
 #include "webpluginfactory.h"
 #include "webtab.h"
 #include "sslwidget.h"
+#include "sslinfodialog.h"
 
 // KDE Includes
 #include <KIO/Job>
@@ -755,9 +756,20 @@ bool WebPage::hasSslValid()
 {
     bool v = true;
     QList<QSslCertificate> certList = _sslInfo.certificateChain();
+
+    if (certList.isEmpty())
+        return false;
+
     Q_FOREACH(const QSslCertificate & cert, certList)
     {
         v &= cert.isValid();
     }
+
+    QList<QStringList> errorsList = SslInfoDialog::errorsFromString(_sslInfo.certificateErrors());
+    Q_FOREACH(const QStringList & err, errorsList)
+    {
+        v &= err.isEmpty();
+    }
+    
     return v;
 }