From 09c58cb39ef995976a45a3946e709c81f76d799d Mon Sep 17 00:00:00 2001 From: Mykola Baibuz Date: Mon, 19 Aug 2024 18:46:53 +0300 Subject: [PATCH 1/3] Fix certwrite for Win IPSec --- client/protocols/ikev2_vpn_protocol_windows.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/client/protocols/ikev2_vpn_protocol_windows.cpp b/client/protocols/ikev2_vpn_protocol_windows.cpp index ac5966cb..56cf5f6d 100644 --- a/client/protocols/ikev2_vpn_protocol_windows.cpp +++ b/client/protocols/ikev2_vpn_protocol_windows.cpp @@ -172,7 +172,8 @@ void Ikev2Protocol::newConnectionStateEventReceived(UINT unMsg, tagRASCONNSTATE void Ikev2Protocol::readIkev2Configuration(const QJsonObject &configuration) { - m_config = configuration.value(ProtocolProps::key_proto_config_data(Proto::Ikev2)).toObject(); + QJsonObject ikev2_data = configuration.value(ProtocolProps::key_proto_config_data(Proto::Ikev2)).toObject(); + m_config = QJsonDocument::fromJson(ikev2_data.value(config_key::config).toString().toUtf8()).object(); } ErrorCode Ikev2Protocol::start() @@ -201,6 +202,7 @@ ErrorCode Ikev2Protocol::start() return ErrorCode::AmneziaServiceConnectionFailed; } certInstallProcess->setProgram(PermittedProcess::CertUtil); + QString password = QString("-p %1").arg(m_config[config_key::password].toString()); QStringList arguments({"-f", "-importpfx", password, QDir::toNativeSeparators(certFile.fileName()), "NoExport" From 2d3b9c2752b1e250307237e0cac44addf96f4c09 Mon Sep 17 00:00:00 2001 From: Mykola Baibuz Date: Tue, 20 Aug 2024 13:44:33 +0300 Subject: [PATCH 2/3] Windows import PFX changes --- client/protocols/ikev2_vpn_protocol_windows.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/client/protocols/ikev2_vpn_protocol_windows.cpp b/client/protocols/ikev2_vpn_protocol_windows.cpp index 56cf5f6d..10bd4e97 100644 --- a/client/protocols/ikev2_vpn_protocol_windows.cpp +++ b/client/protocols/ikev2_vpn_protocol_windows.cpp @@ -203,10 +203,12 @@ ErrorCode Ikev2Protocol::start() } certInstallProcess->setProgram(PermittedProcess::CertUtil); - QString password = QString("-p %1").arg(m_config[config_key::password].toString()); + QString password = QString("-p \"%1\"").arg(m_config[config_key::password].toString()); + QStringList arguments({"-f", "-importpfx", password, QDir::toNativeSeparators(certFile.fileName()), "NoExport" }); + certInstallProcess->setArguments(arguments); certInstallProcess->start(); From fb63cdf7e9e91aa78ba37618b353e7de158fa947 Mon Sep 17 00:00:00 2001 From: Mykola Baibuz Date: Tue, 20 Aug 2024 22:45:06 +0300 Subject: [PATCH 3/3] Fix work with PKCS12 TempFile --- .../protocols/ikev2_vpn_protocol_windows.cpp | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/client/protocols/ikev2_vpn_protocol_windows.cpp b/client/protocols/ikev2_vpn_protocol_windows.cpp index 10bd4e97..ed6fb174 100644 --- a/client/protocols/ikev2_vpn_protocol_windows.cpp +++ b/client/protocols/ikev2_vpn_protocol_windows.cpp @@ -181,11 +181,13 @@ ErrorCode Ikev2Protocol::start() QByteArray cert = QByteArray::fromBase64(m_config[config_key::cert].toString().toUtf8()); setConnectionState(Vpn::ConnectionState::Connecting); - QTemporaryFile certFile; - certFile.setAutoRemove(false); - certFile.open(); - certFile.write(cert); - certFile.close(); + QTemporaryFile * certFile = new QTemporaryFile; + certFile->setAutoRemove(false); + certFile->open(); + QString m_filename = certFile->fileName(); + certFile->write(cert); + certFile->close(); + delete certFile; { auto certInstallProcess = IpcClient::CreatePrivilegedProcess(); @@ -203,14 +205,11 @@ ErrorCode Ikev2Protocol::start() } certInstallProcess->setProgram(PermittedProcess::CertUtil); - QString password = QString("-p \"%1\"").arg(m_config[config_key::password].toString()); - - QStringList arguments({"-f", "-importpfx", password, - QDir::toNativeSeparators(certFile.fileName()), "NoExport" + QStringList arguments({"-f", "-importpfx", "-p", m_config[config_key::password].toString(), + QDir::toNativeSeparators(m_filename), "NoExport" }); certInstallProcess->setArguments(arguments); - certInstallProcess->start(); } // /*