From: yuki <kimaira7@gmail.com>
Date: Wed, 22 Oct 2014 09:03:31 +0000 (+0900)
Subject: SSL 3.0 POODLE問題に対応して、アカウント認証時に強制的にTLS v1を使用するように変更。
X-Git-Tag: version0.5.2^2~2
X-Git-Url: http://git.sourceforge.jp/view?p=neighbornote%2FNeighborNote.git;a=commitdiff_plain;h=f46d61cb6c922f7a9763fbce919de9358ab326c7

SSL 3.0 POODLE問題に対応して、アカウント認証時に強制的にTLS v1を使用するように変更。
---

diff --git a/src/cx/fbn/nevernote/oauth/NNOAuthNetworkAccessManager.java b/src/cx/fbn/nevernote/oauth/NNOAuthNetworkAccessManager.java
index c6a24e5..eeb12a4 100644
--- a/src/cx/fbn/nevernote/oauth/NNOAuthNetworkAccessManager.java
+++ b/src/cx/fbn/nevernote/oauth/NNOAuthNetworkAccessManager.java
@@ -27,25 +27,25 @@ package cx.fbn.nevernote.oauth;
 
 import com.trolltech.qt.core.QIODevice;
 import com.trolltech.qt.core.QObject;
-import com.trolltech.qt.network.QNetworkAccessManager;
 import com.trolltech.qt.network.QNetworkReply;
 import com.trolltech.qt.network.QNetworkRequest;
 
 import cx.fbn.nevernote.utilities.ApplicationLogger;
 
-public class NNOAuthNetworkAccessManager extends QNetworkAccessManager {
+public class NNOAuthNetworkAccessManager extends TlsNetworkAccessManager {
 	public Signal1<String> tokenFound;
-	private ApplicationLogger logger;
+	private final ApplicationLogger logger;
 
-	public NNOAuthNetworkAccessManager(ApplicationLogger l){
-		super();
+	public NNOAuthNetworkAccessManager(ApplicationLogger logger){
+		super(logger);
 		tokenFound = new Signal1<String>();
-		logger = l;
+		this.logger = logger;
 	}
 
-	public NNOAuthNetworkAccessManager(QObject qObject){
-		super(qObject);
+	public NNOAuthNetworkAccessManager(QObject qObject, ApplicationLogger logger){
+		super(qObject, logger);
 		tokenFound = new Signal1<String>();
+		this.logger = logger;
 	}
 
 	@Override
@@ -54,6 +54,7 @@ public class NNOAuthNetworkAccessManager extends QNetworkAccessManager {
 
 		logger.log(logger.EXTREME,"NNOAuthNetworkAccessManager URL request scheme: " 
 				+request.url().scheme() + " " + request.url().toString());
+		
 		String searchReq = "nnoauth?oauth_token=";
 		int pos = request.url().toString().indexOf(searchReq);
 		if (pos>0) {
diff --git a/src/cx/fbn/nevernote/oauth/OAuthWindow.java b/src/cx/fbn/nevernote/oauth/OAuthWindow.java
index ec9a914..927a61d 100644
--- a/src/cx/fbn/nevernote/oauth/OAuthWindow.java
+++ b/src/cx/fbn/nevernote/oauth/OAuthWindow.java
@@ -62,7 +62,6 @@ public class OAuthWindow extends QDialog {
 	private final QWebView tempPage;
 	private final QWebView authPage;
 	private final QGridLayout grid;
-	private NNOAuthNetworkAccessManager manager;
 
 	static final String callbackUrl = "index.jsp?action=callbackReturn";
 	private final ApplicationLogger logger;
@@ -83,8 +82,7 @@ public class OAuthWindow extends QDialog {
 		permanentCredUrl = "https://"+Global.getServer() + "/oauth?oauth_consumer_key=" +consumerKey + "&oauth_signature=" +
 				consumerSecret + "%26&oauth_signature_method=PLAINTEXT&oauth_timestamp="+String.valueOf(time)+
 				"&oauth_nonce="+String.valueOf(millis) +"&oauth_token=";
-
-
+		
 		// Build the window
 		setWindowTitle(tr("Please Grant NeighborNote Access"));
 		setWindowIcon(new QIcon(iconPath+"icons/password.png"));
@@ -109,9 +107,11 @@ public class OAuthWindow extends QDialog {
 		// finished, this QWebView will contain the URL to start the
 		// authentication process.
 		QUrl tu = new QUrl(temporaryCredUrl);
+		
+		TlsNetworkAccessManager manager = new TlsNetworkAccessManager(logger);
+		tempPage.page().setNetworkAccessManager(manager);
 		tempPage.load(tu);
 	}
-
 	
 	// This method is triggered when the temporary credentials are received from Evernote
 	public void temporaryCredentialsReceived() {
@@ -122,7 +122,7 @@ public class OAuthWindow extends QDialog {
 		if (index > 0) {
 			contents = contents.substring(0,index);
 			QUrl accessUrl = new QUrl(urlBase+"/OAuth.action?" +contents);
-			manager = new NNOAuthNetworkAccessManager(logger);
+			NNOAuthNetworkAccessManager manager = new NNOAuthNetworkAccessManager(logger);
 			authPage.page().setNetworkAccessManager(manager);
 			manager.tokenFound.connect(this, "tokenFound(String)");
 
diff --git a/src/cx/fbn/nevernote/oauth/TlsNetworkAccessManager.java b/src/cx/fbn/nevernote/oauth/TlsNetworkAccessManager.java
new file mode 100644
index 0000000..5a4f82e
--- /dev/null
+++ b/src/cx/fbn/nevernote/oauth/TlsNetworkAccessManager.java
@@ -0,0 +1,39 @@
+package cx.fbn.nevernote.oauth;
+
+import com.trolltech.qt.core.QIODevice;
+import com.trolltech.qt.core.QObject;
+import com.trolltech.qt.network.QNetworkAccessManager;
+import com.trolltech.qt.network.QNetworkReply;
+import com.trolltech.qt.network.QNetworkRequest;
+import com.trolltech.qt.network.QSsl.SslProtocol;
+import com.trolltech.qt.network.QSslConfiguration;
+
+import cx.fbn.nevernote.utilities.ApplicationLogger;
+
+public class TlsNetworkAccessManager extends QNetworkAccessManager {
+	private final ApplicationLogger logger;
+
+	public TlsNetworkAccessManager(ApplicationLogger logger) {
+		super();
+		this.logger = logger;
+	}
+
+	public TlsNetworkAccessManager(QObject parent, ApplicationLogger logger) {
+		super(parent);
+		this.logger = logger;
+	}
+	
+	@Override
+	protected QNetworkReply createRequest(Operation op, QNetworkRequest request, QIODevice outgoingData) {
+		logger.log(logger.EXTREME, "TlsNetworkAccessManager URL request scheme: " + request.url().scheme() + " " + request.url().toString());
+		
+		// Force to use TLSv1
+		QSslConfiguration sslConfig = request.sslConfiguration();
+		sslConfig.setProtocol(SslProtocol.TlsV1);
+		request.setSslConfiguration(sslConfig);
+		QNetworkReply reply = super.createRequest(op, request, outgoingData);
+		reply.sslErrors.connect(reply, "ignoreSslErrors()");
+		
+		return reply;
+	}
+}