Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows: Workaround for CredWriteW used by QtKeychain #1394

Merged
merged 4 commits into from
Sep 4, 2019
Merged

Windows: Workaround for CredWriteW used by QtKeychain #1394

merged 4 commits into from
Sep 4, 2019

Conversation

misch7
Copy link
Member

@misch7 misch7 commented Aug 30, 2019

Saving all client CA's within one credential may result in:
Error: "Credential size exceeds maximum size of 2560"

Client CA certificates are now being stored in separate slots
within the keychain and are being processed by a queue mechanism.


IMPORTANT TODO:

forgetSensitiveData(): Invoked by "Log out" & "Remove account"

  • Remove client CA certs and KEY!
    (uncomment "//deleteKeychainEntries();" )

    Disabled as long as selecting another cert is not supported by the UI.


Signed-off-by: Michael Schuster

@misch7
Windows: Workaround for CredWriteW used by QtKeychain
b52292d 
Saving all client CA's within one credential may result in:
  Error: "Credential size exceeds maximum size of 2560"

Client CA certificates are now being stored in separate slots
within the keychain and are being processed by a queue mechanism.

IMPORTANT TODO:
forgetSensitiveData(): Invoked by "Log out" & "Remove account"

- Remove client CA certs and KEY!
  (uncomment "//deleteKeychainEntries();" )

  Disabled as long as selecting another cert is not supported by the UI.

Signed-off-by: Michael Schuster <michael@schuster.ms>
@misch7 misch7 requested a review from rullzer August 30, 2019 03:23
rullzer
rullzer approved these changes Sep 4, 2019
View reviewed changes
Copy link
Member

@rullzer rullzer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems to do the trick.

@rullzer rullzer merged commit 0cb1f4d into master Sep 4, 2019
@delete-merged-branch delete-merged-branch bot deleted the webflow-client-ssl-ca-chain branch September 4, 2019 18:04
misch7 added a commit that referenced this pull request Dec 7, 2019
@misch7
Windows: Workaround for storing >= 4k (4096 bit) client-cert SSL keys
5ad75c0 
With QtKeychain on Windows, storing larger keys in one keychain entry causes the
following error due to limits in the Windows APIs:
  Error: "Credential size exceeds maximum size of 2560"

To avoid overhead on the other platforms and balance code duplication, this
approach puts some read- and write-parts into Windows-only defines.

For reference also see previous fixes:
- #1389
- #1394

This (again) fixes the re-opened issue:
- #863

Signed-off-by: Michael Schuster <michael@schuster.ms>
@misch7 misch7 mentioned this pull request Dec 7, 2019
Merged
3 tasks
misch7 added a commit that referenced this pull request Dec 8, 2019
@misch7
Windows: Workaround for storing >= 4k (4096 bit) client-cert SSL keys
72be80c 
With QtKeychain on Windows, storing larger keys in one keychain entry causes the
following error due to limits in the Windows APIs:
  Error: "Credential size exceeds maximum size of 2560"

To avoid overhead on the other platforms and balance code duplication, this
approach puts some read- and write-parts into Windows-only defines.

For reference also see previous fixes:
- #1389
- #1394

This (again) fixes the re-opened issue:
- #863

Signed-off-by: Michael Schuster <michael@schuster.ms>
misch7 added a commit that referenced this pull request Dec 8, 2019
@misch7
Windows: Workaround for storing >= 4k (4096 bit) client-cert SSL keys
8945ef2 
With QtKeychain on Windows, storing larger keys in one keychain entry causes the
following error due to limits in the Windows APIs:
  Error: "Credential size exceeds maximum size of 2560"

To avoid overhead on the other platforms and balance code duplication, this
approach puts some read- and write-parts into Windows-only defines.

For reference also see previous fixes:
- #1389
- #1394

This (again) fixes the re-opened issue:
- #863

Signed-off-by: Michael Schuster <michael@schuster.ms>
(cherry picked from commit 72be80c)
Signed-off-by: Michael Schuster <michael@schuster.ms>
misch7 added a commit that referenced this pull request Dec 24, 2019
@misch7
Heavy refactoring: Windows workaround for >= 4k (4096 bit) client-cer…
ee65a6e 
…t SSL keys and large certs

With QtKeychain on Windows, storing larger keys or certs in one keychain entry causes the
following error due to limits in the Windows APIs:
    Error: "Credential size exceeds maximum size of 2560"

This fix implements the new wrapper class KeychainChunk with wrapper jobs ReadJob and WriteJob
to encapsulate the QKeychain handling of ReadPasswordJob and WritePasswordJob with binaryData
but split every supplied keychain entry's data into 2048 byte chunks, on Windows only.

The wrapper is used for all keychain operations in WebFlowCredentials, except for the server password.

All finished keychain jobs now get deleted properly, to avoid memory leaks.

For reference also see previous fixes:
- #1389
- #1394

This should finally fix the re-opened issue:
- #863

Signed-off-by: Michael Schuster <michael@schuster.ms>
@misch7 misch7 mentioned this pull request Dec 24, 2019
Merged
misch7 added a commit that referenced this pull request Dec 24, 2019
@misch7
Heavy refactoring: Windows workaround for >= 4k (4096 bit) client-cer…
9b034a2 
…t SSL keys and large certs

With QtKeychain on Windows, storing larger keys or certs in one keychain entry causes the
following error due to limits in the Windows APIs:
    Error: "Credential size exceeds maximum size of 2560"

This fix implements the new wrapper class KeychainChunk with wrapper jobs ReadJob and WriteJob
to encapsulate the QKeychain handling of ReadPasswordJob and WritePasswordJob with binaryData
but split every supplied keychain entry's data into 2048 byte chunks, on Windows only.

The wrapper is used for all keychain operations in WebFlowCredentials, except for the server password.

All finished keychain jobs now get deleted properly, to avoid memory leaks.

For reference also see previous fixes:
- #1389
- #1394

This should finally fix the re-opened issue:
- #863

Signed-off-by: Michael Schuster <michael@schuster.ms>
misch7 added a commit that referenced this pull request Dec 24, 2019
@misch7
Heavy refactoring: Windows workaround for >= 4k (4096 bit) client-cer…
73462e9 
…t SSL keys and large certs

With QtKeychain on Windows, storing larger keys or certs in one keychain entry causes the
following error due to limits in the Windows APIs:
    Error: "Credential size exceeds maximum size of 2560"

This fix implements the new wrapper class KeychainChunk with wrapper jobs ReadJob and WriteJob
to encapsulate the QKeychain handling of ReadPasswordJob and WritePasswordJob with binaryData
but split every supplied keychain entry's data into 2048 byte chunks, on Windows only.

The wrapper is used for all keychain operations in WebFlowCredentials, except for the server password.

All finished keychain jobs now get deleted properly, to avoid memory leaks.

For reference also see previous fixes:
- #1389
- #1394

This should finally fix the re-opened issue:
- #863

Signed-off-by: Michael Schuster <michael@schuster.ms>
(cherry picked from commit 9b034a2)
Signed-off-by: Michael Schuster <michael@schuster.ms>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rullzer rullzer rullzer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@misch7 @rullzer