From 90b9be3a7c03f6a4f2b400b9d8c41bd46fc7b02a Mon Sep 17 00:00:00 2001 From: Matthieu Gallien Date: Wed, 5 Oct 2022 11:21:29 +0200 Subject: [PATCH] fix review comments from sonarcloud static analyzis Signed-off-by: Matthieu Gallien --- src/libsync/clientsideencryption.cpp | 33 ++++++++++++++++------------ src/libsync/clientsideencryption.h | 4 +++- 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/src/libsync/clientsideencryption.cpp b/src/libsync/clientsideencryption.cpp index fd1f501a248de..6fe0fde3ddc56 100644 --- a/src/libsync/clientsideencryption.cpp +++ b/src/libsync/clientsideencryption.cpp @@ -196,7 +196,9 @@ namespace { EVP_PKEY_CTX* _ctx = nullptr; }; - class PKey { + } + + class ClientSideEncryption::PKey { public: ~PKey() { @@ -255,6 +257,8 @@ namespace { EVP_PKEY* _pkey = nullptr; }; + namespace + { class X509Certificate { public: ~X509Certificate() @@ -619,7 +623,7 @@ QByteArray decryptStringSymmetric(const QByteArray& key, const QByteArray& data) QByteArray privateKeyToPem(const QByteArray key) { Bio privateKeyBio; BIO_write(privateKeyBio, key.constData(), key.size()); - auto pkey = PKey::readPrivateKey(privateKeyBio); + auto pkey = ClientSideEncryption::PKey::readPrivateKey(privateKeyBio); Bio pemBio; PEM_write_bio_PKCS8PrivateKey(pemBio, pkey, nullptr, nullptr, 0, nullptr, nullptr); @@ -1181,12 +1185,17 @@ void ClientSideEncryption::generateCSR(const AccountPtr &account, PKey keyPair) qCInfo(lcCse()) << "Returning the certificate"; qCInfo(lcCse()) << output; + sendSignRequestCSR(account, std::move(keyPair), output); +} + +void ClientSideEncryption::sendSignRequestCSR(const AccountPtr &account, PKey keyPair, const QByteArray &csrContent) +{ auto job = new SignPublicKeyApiJob(account, e2eeBaseUrl() + "public-key", this); - job->setCsr(output); + job->setCsr(csrContent); connect(job, &SignPublicKeyApiJob::jsonReceived, [this, account, keyPair = std::move(keyPair)](const QJsonDocument& json, int retCode) { if (retCode == 200) { - QString cert = json.object().value("ocs").toObject().value("data").toObject().value("public-key").toString(); + const auto cert = json.object().value("ocs").toObject().value("data").toObject().value("public-key").toString(); _certificate = QSslCertificate(cert.toLocal8Bit(), QSsl::Pem); _publicKey = _certificate.publicKey(); @@ -1195,14 +1204,10 @@ void ClientSideEncryption::generateCSR(const AccountPtr &account, PKey keyPair) BIO_write(certificateBio, certificatePem.constData(), certificatePem.size()); const auto x509Certificate = X509Certificate::readCertificate(certificateBio); - if (auto certificateCheckResult = X509_check_private_key(x509Certificate, keyPair) ; !certificateCheckResult) { - std::array buffer; - qCInfo(lcCse()) << "X509_check_private_key" << certificateCheckResult; - - unsigned long lastError = 1; - while (lastError) { - lastError = ERR_get_error(); - qCInfo(lcCse()) << ERR_error_string(lastError, buffer.data()); + if (const auto certificateCheckResult = X509_check_private_key(x509Certificate, keyPair) ; !certificateCheckResult) { + auto lastError = 1; + while ((lastError= ERR_get_error())) { + qCInfo(lcCse()) << ERR_lib_error_string(lastError); } forgetSensitiveData(account); @@ -1497,7 +1502,7 @@ QByteArray FolderMetadata::encryptMetadataKey(const QByteArray& data) const Bio publicKeyBio; QByteArray publicKeyPem = _account->e2e()->_publicKey.toPem(); BIO_write(publicKeyBio, publicKeyPem.constData(), publicKeyPem.size()); - auto publicKey = PKey::readPublicKey(publicKeyBio); + auto publicKey = ClientSideEncryption::PKey::readPublicKey(publicKeyBio); // The metadata key is binary so base64 encode it first return EncryptionHelper::encryptStringAsymmetric(publicKey, data.toBase64()); @@ -1508,7 +1513,7 @@ QByteArray FolderMetadata::decryptMetadataKey(const QByteArray& encryptedMetadat Bio privateKeyBio; QByteArray privateKeyPem = _account->e2e()->_privateKey; BIO_write(privateKeyBio, privateKeyPem.constData(), privateKeyPem.size()); - auto key = PKey::readPrivateKey(privateKeyBio); + auto key = ClientSideEncryption::PKey::readPrivateKey(privateKeyBio); // Also base64 decode the result QByteArray decryptResult = EncryptionHelper::decryptStringAsymmetric( diff --git a/src/libsync/clientsideencryption.h b/src/libsync/clientsideencryption.h index b3f6079fe8ed2..7e7e6d05911b2 100644 --- a/src/libsync/clientsideencryption.h +++ b/src/libsync/clientsideencryption.h @@ -114,18 +114,20 @@ class OWNCLOUDSYNC_EXPORT StreamingDecryptor } namespace { -class PKey; } class OWNCLOUDSYNC_EXPORT ClientSideEncryption : public QObject { Q_OBJECT public: + class PKey; + ClientSideEncryption(); void initialize(const AccountPtr &account); private: void generateKeyPair(const AccountPtr &account); void generateCSR(const AccountPtr &account, PKey keyPair); + void sendSignRequestCSR(const AccountPtr &account, PKey keyPair, const QByteArray &csrContent); void encryptPrivateKey(const AccountPtr &account); public: