allow user to select and confirm the certificate to use for e2e

Signed-off-by: Matthieu Gallien <[email protected]>
nextcloud · Oct 6, 2023 · b0e78d7 · b0e78d7
1 parent 9784aeb
commit b0e78d7
Show file tree

Hide file tree

Showing 9 changed files with 164 additions and 187 deletions.
diff --git a/src/gui/EncryptionTokenSelectionWindow.qml b/src/gui/EncryptionTokenSelectionWindow.qml
@@ -25,8 +25,9 @@ import "./tray"
 ApplicationWindow {
     id: encryptionKeyChooserDialog
 
-    required property var tokensInfo
-    required property var keysInfo
+    required property var certificatesInfo
+    required property ClientSideTokenSelector certificateSelector
+    property string selectedSerialNumber: ''
 
     flags: Qt.Window | Qt.Dialog
     visible: true
@@ -94,18 +95,19 @@ ApplicationWindow {
                 currentIndex: -1
 
                 model: DelegateModel {
-                    model: keysInfo
+                    model: certificatesInfo
 
                     delegate: ItemDelegate {
                         width: tokensListView.contentItem.width
 
-                        text: modelData.label
+                        text: modelData.subject
 
                         highlighted: tokensListView.currentIndex === index
 
                         onClicked: function()
                         {
                             tokensListView.currentIndex = index
+                            selectedSerialNumber = modelData.serialNumber
                         }
                     }
                 }
@@ -126,10 +128,12 @@ ApplicationWindow {
 
             onAccepted: function() {
                 Systray.destroyDialog(encryptionKeyChooserDialog)
+                certificateSelector.serialNumber = selectedSerialNumber
             }
 
             onRejected: function() {
                 Systray.destroyDialog(encryptionKeyChooserDialog)
+                certificateSelector.serialNumber = ''
             }
         }
     }

diff --git a/src/gui/accountsettings.cpp b/src/gui/accountsettings.cpp
@@ -307,8 +307,7 @@ void AccountSettings::slotDisplayTokenInitDialog()
 {
     disconnect(_accountState->account()->e2e(), &ClientSideEncryption::initializationFinished, this, &AccountSettings::slotE2eEncryptionInitializationFinished);
     disconnect(_accountState->account()->e2e(), &ClientSideEncryption::displayTokenInitDialog, this, &AccountSettings::slotDisplayTokenInitDialog);
-    Systray::instance()->createTokenInitDialog(_accountState->account()->e2e()->discoveredTokens(),
-                                               _accountState->account()->e2e()->discoveredKeys());
+    Systray::instance()->createTokenInitDialog(_accountState->account()->e2e()->discoveredCertificates(), _accountState->account()->e2e()->usbTokenInformation());
 }
 
 void AccountSettings::slotEncryptFolderFinished(int status)

diff --git a/src/gui/owncloudgui.cpp b/src/gui/owncloudgui.cpp
@@ -132,6 +132,7 @@ ownCloudGui::ownCloudGui(Application *parent)
     qmlRegisterUncreatableType<UnifiedSearchResultsListModel>("com.nextcloud.desktopclient", 1, 0, "UnifiedSearchResultsListModel", "UnifiedSearchResultsListModel");
     qmlRegisterUncreatableType<UserStatus>("com.nextcloud.desktopclient", 1, 0, "UserStatus", "Access to Status enum");
     qmlRegisterUncreatableType<Sharee>("com.nextcloud.desktopclient", 1, 0, "Sharee", "Access to Type enum");
+    qmlRegisterUncreatableType<ClientSideTokenSelector>("com.nextcloud.desktopclient", 1, 0, "ClientSideTokenSelector", "Access to the certificate selector");
 
     qRegisterMetaTypeStreamOperators<Emoji>();
 

diff --git a/src/gui/systray.cpp b/src/gui/systray.cpp
@@ -24,6 +24,7 @@
 #include "configfile.h"
 #include "accessmanager.h"
 #include "callstatechecker.h"
+#include "clientsidetokenselector.h"
 
 #include <QCursor>
 #include <QGuiApplication>
@@ -35,6 +36,7 @@
 #include <QMenu>
 #include <QGuiApplication>
 #include <QQuickView>
+#include <QMessageBox>
 
 #ifdef USE_FDO_NOTIFICATIONS
 #include <QDBusConnection>
@@ -413,24 +415,32 @@ void Systray::createFileActivityDialog(const QString &localPath)
     Q_EMIT showFileDetailsPage(localPath, FileDetailsPage::Activity);
 }
 
-void Systray::createTokenInitDialog(const QVariantList &tokensInfo,
-                                    const QVariantList &keysInfo)
+void Systray::createTokenInitDialog(const QVariantList &certificatesInfo,
+                                    ClientSideTokenSelector *certificateSelector)
 {
     if(_tokenInitDialog) {
         destroyDialog(_tokenInitDialog);
         _tokenInitDialog = nullptr;
     }
 
-    qCDebug(lcSystray) << "Opening new token init dialog with " << tokensInfo.size() << "possible tokens";
+    qCDebug(lcSystray) << "Opening new token init dialog with " << certificatesInfo.size() << "possible certificates";
 
     if (!_trayEngine) {
         qCWarning(lcSystray) << "Could not open token init dialog as no tray engine was available";
         return;
     }
 
+    if (certificatesInfo.isEmpty() || certificatesInfo.isEmpty()) {
+        QMessageBox errorDialog;
+
+        errorDialog.show();
+
+        return;
+    }
+
     const QVariantMap initialProperties{
-        {"tokensInfo", tokensInfo},
-        {"keysInfo", keysInfo}
+        {"certificatesInfo", certificatesInfo},
+        {"certificateSelector", QVariant::fromValue(certificateSelector)},
     };
 
     QQmlComponent encryptionTokenDialog(_trayEngine, QStringLiteral("qrc:/qml/src/gui/EncryptionTokenSelectionWindow.qml"));

diff --git a/src/gui/systray.h b/src/gui/systray.h
@@ -31,6 +31,8 @@ class QGuiApplication;
 
 namespace OCC {
 
+class ClientSideTokenSelector;
+
 class AccessManagerFactory : public QQmlNetworkAccessManagerFactory
 {
 public:
@@ -147,8 +149,8 @@ public slots:
 
     void createShareDialog(const QString &localPath);
     void createFileActivityDialog(const QString &localPath);
-    void createTokenInitDialog(const QVariantList &tokensInfo,
-                               const QVariantList &keysInfo);
+    void createTokenInitDialog(const QVariantList &certificatesInfo,
+                               ClientSideTokenSelector *certificateSelector);
 
     void presentShareViewInTray(const QString &localPath);
 

diff --git a/src/libsync/clientsideencryption.cpp b/src/libsync/clientsideencryption.cpp
@@ -1014,7 +1014,7 @@ std::optional<QByteArray> decryptStringAsymmetricWithToken(ENGINE *sslEngine,
 
 ClientSideEncryption::ClientSideEncryption()
 {
-    connect(&_usbTokenInformation, &ClientSideTokenSelector::discoveredTokensChanged,
+    connect(&_usbTokenInformation, &ClientSideTokenSelector::discoveredCertificatesChanged,
             this, &ClientSideEncryption::displayTokenInitDialog);
 }
 
@@ -1023,14 +1023,9 @@ bool ClientSideEncryption::isInitialized() const
     return !getMnemonic().isEmpty();
 }
 
-QVariantList ClientSideEncryption::discoveredTokens() const
+QVariantList ClientSideEncryption::discoveredCertificates() const
 {
-    return _usbTokenInformation.discoveredTokens();
-}
-
-QVariantList ClientSideEncryption::discoveredKeys() const
-{
-    return _usbTokenInformation.discoveredKeys();
+    return _usbTokenInformation.discoveredCertificates();
 }
 
 const QSslKey &ClientSideEncryption::getPublicKey() const
@@ -1083,6 +1078,11 @@ ENGINE* ClientSideEncryption::sslEngine() const
     return ENGINE_get_default_RSA();
 }
 
+ClientSideTokenSelector *ClientSideEncryption::usbTokenInformation()
+{
+    return &_usbTokenInformation;
+}
+
 void ClientSideEncryption::initialize(const AccountPtr &account)
 {
     Q_ASSERT(account);
@@ -1098,7 +1098,7 @@ void ClientSideEncryption::initialize(const AccountPtr &account)
         if (_usbTokenInformation.isSetup()) {
             initializeHardwareTokenEncryption(account);
         } else if (account->e2eEncryptionKeysGenerationAllowed() && account->askUserForMnemonic()) {
-            _usbTokenInformation.searchForToken(account);
+            _usbTokenInformation.searchForCertificates(account);
             if (_usbTokenInformation.isSetup()) {
                 initializeHardwareTokenEncryption(account);
             } else {

diff --git a/src/libsync/clientsideencryption.h b/src/libsync/clientsideencryption.h
@@ -143,9 +143,7 @@ class OWNCLOUDSYNC_EXPORT ClientSideEncryption : public QObject {
 
     [[nodiscard]] bool tokenIsSetup() const;
 
-    [[nodiscard]] QVariantList discoveredTokens() const;
-
-    [[nodiscard]] QVariantList discoveredKeys() const;
+    [[nodiscard]] QVariantList discoveredCertificates() const;
 
     [[nodiscard]] const QSslKey& getPublicKey() const;
 
@@ -165,7 +163,9 @@ class OWNCLOUDSYNC_EXPORT ClientSideEncryption : public QObject {
 
     void setCertificate(const QSslCertificate &certificate);
 
-    ENGINE* sslEngine() const;
+    [[nodiscard]] ENGINE* sslEngine() const;
+
+    [[nodiscard]] ClientSideTokenSelector* usbTokenInformation();
 
 signals:
     void initializationFinished(bool isNewMnemonicGenerated = false);
@@ -178,7 +178,7 @@ class OWNCLOUDSYNC_EXPORT ClientSideEncryption : public QObject {
 
 public slots:
     void initialize(const OCC::AccountPtr &account);
-    void initializeHardwareTokenEncryption(const AccountPtr &account);
+    void initializeHardwareTokenEncryption(const OCC::AccountPtr &account);
     void forgetSensitiveData(const OCC::AccountPtr &account);
 
 private slots: