Changeset 65268 in vbox

Timestamp:

Jan 12, 2017 7:05:49 PM (8 years ago)

Author:

vboxsync

Message:

FE/Qt: when downloading an Extension Pack or Guest Additions, verify the hash sum automatically

Location:

trunk/src/VBox/Frontends/VirtualBox/src

Files:

• globals/UIMessageCenter.cpp (modified) (2 diffs)
• globals/UIMessageCenter.h (modified) (2 diffs)
• net/UIDownloader.cpp (modified) (6 diffs)
• net/UIDownloader.h (modified) (9 diffs)
• net/UIDownloaderAdditions.cpp (modified) (4 diffs)
• net/UIDownloaderAdditions.h (modified) (1 diff)
• net/UIDownloaderExtensionPack.cpp (modified) (4 diffs)
• net/UIDownloaderExtensionPack.h (modified) (1 diff)
• net/UIUpdateManager.cpp (modified) (1 diff)

trunk/src/VBox/Frontends/VirtualBox/src/globals/UIMessageCenter.cpp

@@ -2166 +2166 @@
 }
 
+void UIMessageCenter::cannotValidateGuestAdditionsSHA256Sum(const QString &strUrl, const QString &strSrc) const
+{
+    alert(windowManager().networkManagerOrMainWindowShown(), MessageType_Error,
+          tr("<p>The <b>VirtualBox Guest Additions</b> disk image file has been successfully downloaded "
+             "from <nobr><a href=\"%1\">%1</a></nobr> "
+             "and saved locally as <nobr><b>%2</b>, </nobr>"
+             "but the SHA-256 checksum verification failed.</p>"
+             "<p>Please do the download, installation and verification manually.</p>")
+             .arg(strUrl, strSrc));
+}
+
 void UIMessageCenter::cannotUpdateGuestAdditions(const CProgress &progress) const
 {
@@ -2271 +2282 @@
                           0 /* auto-confirm id */,
                           tr("Delete", "extension pack"));
+}
+
+void UIMessageCenter::cannotValidateExtentionPackSHA256Sum(const QString &strExtPackName, const QString &strFrom, const QString &strTo) const
+{
+    alert(windowManager().networkManagerOrMainWindowShown(), MessageType_Error,
+          tr("<p>The <b><nobr>%1</nobr></b> has been successfully downloaded "
+             "from <nobr><a href=\"%2\">%2</a></nobr> "
+             "and saved locally as <nobr><b>%3</b>, </nobr>"
+             "but the SHA-256 checksum verification failed.</p>"
+             "<p>Please do the download, installation and verification manually.</p>")
+             .arg(strExtPackName, strFrom, strTo));
 }
 #endif /* VBOX_GUI_WITH_NETWORK_MANAGER */

trunk/src/VBox/Frontends/VirtualBox/src/globals/UIMessageCenter.h

@@ -329 +329 @@
     void cannotSaveGuestAdditions(const QString &strURL, const QString &strTarget) const;
     bool proposeMountGuestAdditions(const QString &strUrl, const QString &strSrc) const;
+    void cannotValidateGuestAdditionsSHA256Sum(const QString &strUrl, const QString &strSrc) const;
     void cannotUpdateGuestAdditions(const CProgress &progress) const;
     bool cannotFindUserManual(const QString &strMissedLocation) const;
@@ -338 +339 @@
     void cannotSaveExtensionPack(const QString &strExtPackName, const QString &strFrom, const QString &strTo) const;
     bool proposeInstallExtentionPack(const QString &strExtPackName, const QString &strFrom, const QString &strTo) const;
+    void cannotValidateExtentionPackSHA256Sum(const QString &strExtPackName, const QString &strFrom, const QString &strTo) const;
     bool proposeDeleteExtentionPack(const QString &strTo) const;
     bool proposeDeleteOldExtentionPacks(const QStringList &strFiles) const;

trunk/src/VBox/Frontends/VirtualBox/src/net/UIDownloader.cpp

@@ -15 +15 @@
  * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
  */
+
+/// This class requires proper doxy.
+/// For now I'm keeping the old style consistent.
 
 #ifdef VBOX_WITH_PRECOMPILED_HEADERS
@@ -49 +52 @@
 void UIDownloader::sltStartDownloading()
 {
-    /* Set state to acknowledging: */
+    /* Set state to downloading: */
     m_state = UIDownloaderState_Downloading;
 
     /* Send GET request: */
     createNetworkRequest(UINetworkRequestType_GET, QList<QUrl>() << m_source);
+}
+
+/* Verifying start: */
+void UIDownloader::sltStartVerifying()
+{
+    /* Set state to verifying: */
+    m_state = UIDownloaderState_Verifying;
+
+    /* Send GET request: */
+    createNetworkRequest(UINetworkRequestType_GET, QList<QUrl>() << m_strPathSHA256SumsFile);
 }
 
@@ -63 +76 @@
     connect(this, SIGNAL(sigToStartAcknowledging()), this, SLOT(sltStartAcknowledging()), Qt::QueuedConnection);
     connect(this, SIGNAL(sigToStartDownloading()), this, SLOT(sltStartDownloading()), Qt::QueuedConnection);
+    connect(this, SIGNAL(sigToStartVerifying()), this, SLOT(sltStartVerifying()), Qt::QueuedConnection);
 }
 
@@ -73 +87 @@
         case UIDownloaderState_Acknowledging: return tr("Looking for %1...");
         case UIDownloaderState_Downloading:   return tr("Downloading %1...");
+        case UIDownloaderState_Verifying:     return tr("Verifying %1...");
         default:                              break;
     }
@@ -113 +128 @@
             break;
         }
+        case UIDownloaderState_Verifying:
+        {
+            handleVerifyingResult(pNetworkReply);
+            break;
+        }
         default:
             break;
@@ -143 +163 @@
     handleDownloadedObject(pNetworkReply);
 
+    /* Check whether we should do verification: */
+    if (!m_strPathSHA256SumsFile.isEmpty())
+    {
+        /* Start verifying: */
+        startDelayedVerifying();
+    }
+    else
+    {
+        /* Delete downloader: */
+        deleteLater();
+    }
+}
+
+void UIDownloader::handleVerifyingResult(UINetworkReply *pNetworkReply)
+{
+    /* Handle verified object: */
+    handleVerifiedObject(pNetworkReply);
+
     /* Delete downloader: */
     deleteLater();

trunk/src/VBox/Frontends/VirtualBox/src/net/UIDownloader.h

@@ -15 +15 @@
  * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
  */
+
+/// This class requires proper doxy.
+/// For now I'm keeping the old style consistent.
 
 #ifndef __UIDownloader_h__
@@ -42 +45 @@
     /* Signal to start downloading: */
     void sigToStartDownloading();
+    /* Signal to start verifying: */
+    void sigToStartVerifying();
 
 public:
@@ -54 +59 @@
     /* Downloading part: */
     void sltStartDownloading();
+    /* Verifying part: */
+    void sltStartVerifying();
 
 protected:
@@ -62 +69 @@
         UIDownloaderState_Null,
         UIDownloaderState_Acknowledging,
-        UIDownloaderState_Downloading
+        UIDownloaderState_Downloading,
+        UIDownloaderState_Verifying,
     };
 
@@ -80 +88 @@
     const QString& target() const { return m_strTarget; }
 
+    /* SHA-256 stuff,
+     * allows to set/get SHA-256 sum dictionary file for downloaded source. */
+    QString pathSHA256SumsFile() const { return m_strPathSHA256SumsFile; }
+    void setPathSHA256SumsFile(const QString &strPathSHA256SumsFile) { m_strPathSHA256SumsFile = strPathSHA256SumsFile; }
+
     /** Returns description of the current network operation. */
     virtual const QString description() const;
@@ -87 +100 @@
     /* Start delayed downloading: */
     void startDelayedDownloading() { emit sigToStartDownloading(); }
+    /* Start delayed verifying: */
+    void startDelayedVerifying() { emit sigToStartVerifying(); }
 
     /* Network-reply progress handler: */
@@ -99 +114 @@
     /* Handle downloading result: */
     virtual void handleDownloadingResult(UINetworkReply *pNetworkReply);
+    /* Handle verifying result: */
+    virtual void handleVerifyingResult(UINetworkReply *pNetworkReply);
 
     /* Pure virtual function to ask user about downloading confirmation: */
@@ -104 +121 @@
     /* Pure virtual function to handle downloaded object: */
     virtual void handleDownloadedObject(UINetworkReply *pNetworkReply) = 0;
+    /* Base virtual function to handle verified object: */
+    virtual void handleVerifiedObject(UINetworkReply * /* pNetworkReply */) {}
 
 private:
@@ -112 +131 @@
     QUrl m_source;
     QString m_strTarget;
+    QString m_strPathSHA256SumsFile;
 };
 

trunk/src/VBox/Frontends/VirtualBox/src/net/UIDownloaderAdditions.cpp

@@ -34 +34 @@
 #endif /* !VBOX_WITH_PRECOMPILED_HEADERS */
 
+#include <iprt/sha.h>
+
 
 /* static */
@@ -81 +83 @@
 
     /* Prepare source/target: */
-    const QString &strName = QString("VBoxGuestAdditions_%1.iso").arg(strVersion);
-    const QString &strSource = QString("http://download.virtualbox.org/virtualbox/%1/").arg(strVersion) + strName;
-    const QString &strTarget = QDir(vboxGlobal().homeFolder()).absoluteFilePath(strName);
+    const QString strSourceName = QString("VBoxGuestAdditions_%1.iso").arg(strVersion);
+    const QString strSourceFolder = QString("http://download.virtualbox.org/virtualbox/%1/").arg(strVersion);
+    const QString strSource = strSourceFolder + strSourceName;
+    const QString strPathSHA256SumsFile = QString("https://www.virtualbox.org/download/hashes/%1/SHA256SUMS").arg(strVersion);
+    const QString strTarget = QDir(vboxGlobal().homeFolder()).absoluteFilePath(strSourceName);
 
     /* Set source/target: */
     setSource(strSource);
     setTarget(strTarget);
+    setPathSHA256SumsFile(strPathSHA256SumsFile);
 }
 
@@ -111 +116 @@
 {
     /* Read received data into the buffer: */
-    QByteArray receivedData(pReply->readAll());
+    m_receivedData = pReply->readAll();
+}
+
+void UIDownloaderAdditions::handleVerifiedObject(UINetworkReply *pReply)
+{
+    /* Try to verify the SHA-256 checksum: */
+    bool fSuccess = false;
+    do
+    {
+        /* Read received data into the buffer: */
+        const QByteArray receivedData(pReply->readAll());
+        /* Make sure it's not empty: */
+        if (receivedData.isEmpty())
+            break;
+
+        /* Parse buffer contents to dictionary: */
+        const QStringList dictionary(QString(receivedData).split("\n", QString::SkipEmptyParts));
+        /* Make sure it's not empty: */
+        if (dictionary.isEmpty())
+            break;
+
+        /* Parse each record to tags, look for the required one: */
+        foreach (const QString &strRecord, dictionary)
+        {
+            const QString strFileName = strRecord.section(" *", 1);
+            const QString strDownloadedSumm = strRecord.section(" *", 0, 0);
+            if (strFileName == QFileInfo(source().toString()).fileName())
+            {
+                /* Calculate the SHA-256 on the bytes, creating a string: */
+                uint8_t abHash[RTSHA256_HASH_SIZE];
+                RTSha256(m_receivedData.constData(), m_receivedData.length(), abHash);
+                char szDigest[RTSHA256_DIGEST_LEN + 1];
+                int rc = RTSha256ToString(abHash, szDigest, sizeof(szDigest));
+                if (RT_FAILURE(rc))
+                {
+                    AssertRC(rc);
+                    szDigest[0] = '\0';
+                }
+
+                const QString strCalculatedSumm(szDigest);
+                // printf("Downloaded SHA-256 summ: [%s]\n", strDownloadedSumm.toUtf8().constData());
+                // printf("Calculated SHA-256 summ: [%s]\n", strCalculatedSumm.toUtf8().constData());
+                /* Make sure checksum is valid: */
+                fSuccess = strDownloadedSumm == strCalculatedSumm;
+                break;
+            }
+        }
+    }
+    while (false);
+
+    /* If SHA-256 checksum verification failed: */
+    if (!fSuccess)
+    {
+        /* Warn the user about additions-image was downloaded and saved but checksum is invalid: */
+        msgCenter().cannotValidateGuestAdditionsSHA256Sum(source().toString(), QDir::toNativeSeparators(target()));
+        return;
+    }
+
     /* Serialize that buffer into the file: */
     while (true)
@@ -120 +182 @@
         {
             /* Write buffer into the file: */
-            file.write(receivedData);
+            file.write(m_receivedData);
             file.close();
 

trunk/src/VBox/Frontends/VirtualBox/src/net/UIDownloaderAdditions.h

@@ -50 +50 @@
     bool askForDownloadingConfirmation(UINetworkReply *pReply);
     void handleDownloadedObject(UINetworkReply *pReply);
+    void handleVerifiedObject(UINetworkReply *pReply);
 
     /* Variables: */
     static UIDownloaderAdditions *m_spInstance;
+    QByteArray m_receivedData;
 };
 

trunk/src/VBox/Frontends/VirtualBox/src/net/UIDownloaderExtensionPack.cpp

@@ -61 +61 @@
 
     /* Prepare source/target: */
+    QString strVersion = vboxGlobal().vboxVersionStringNormalized();
     QString strExtPackUnderscoredName(QString(GUI_ExtPackName).replace(' ', '_'));
     QString strTemplateSourcePath("http://download.virtualbox.org/virtualbox/%1/");
     QString strTemplateSourceName(QString("%1-%2.vbox-extpack").arg(strExtPackUnderscoredName));
-    QString strSourcePath(strTemplateSourcePath.arg(vboxGlobal().vboxVersionStringNormalized()));
-    QString strSourceName(strTemplateSourceName.arg(vboxGlobal().vboxVersionStringNormalized()));
+    QString strSourcePath(strTemplateSourcePath.arg(strVersion));
+    QString strSourceName(strTemplateSourceName.arg(strVersion));
     QString strSource(strSourcePath + strSourceName);
+    QString strPathSHA256SumsFile = QString("https://www.virtualbox.org/download/hashes/%1/SHA256SUMS").arg(strVersion);
     QString strTargetPath(vboxGlobal().homeFolder());
     QString strTargetName(strSourceName);
@@ -74 +76 @@
     setSource(strSource);
     setTarget(strTarget);
+    setPathSHA256SumsFile(strPathSHA256SumsFile);
 }
 
@@ -97 +100 @@
 {
     /* Read received data into the buffer: */
-    QByteArray receivedData(pReply->readAll());
+    m_receivedData = pReply->readAll();
+}
+
+void UIDownloaderExtensionPack::handleVerifiedObject(UINetworkReply *pReply)
+{
+    /* Try to verify the SHA-256 checksum: */
+    bool fSuccess = false;
+    do
+    {
+        /* Read received data into the buffer: */
+        const QByteArray receivedData(pReply->readAll());
+        /* Make sure it's not empty: */
+        if (receivedData.isEmpty())
+            break;
+
+        /* Parse buffer contents to dictionary: */
+        const QStringList dictionary(QString(receivedData).split("\n", QString::SkipEmptyParts));
+        /* Make sure it's not empty: */
+        if (dictionary.isEmpty())
+            break;
+
+        /* Parse each record to tags, look for the required one: */
+        foreach (const QString &strRecord, dictionary)
+        {
+            const QString strFileName = strRecord.section(" *", 1);
+            const QString strDownloadedSumm = strRecord.section(" *", 0, 0);
+            if (strFileName == QFileInfo(source().toString()).fileName())
+            {
+                /* Calculate the SHA-256 on the bytes, creating a string: */
+                uint8_t abHash[RTSHA256_HASH_SIZE];
+                RTSha256(m_receivedData.constData(), m_receivedData.length(), abHash);
+                char szDigest[RTSHA256_DIGEST_LEN + 1];
+                int rc = RTSha256ToString(abHash, szDigest, sizeof(szDigest));
+                if (RT_FAILURE(rc))
+                {
+                    AssertRC(rc);
+                    szDigest[0] = '\0';
+                }
+
+                const QString strCalculatedSumm(szDigest);
+                // printf("Downloaded SHA-256 summ: [%s]\n", strDownloadedSumm.toUtf8().constData());
+                // printf("Calculated SHA-256 summ: [%s]\n", strCalculatedSumm.toUtf8().constData());
+                /* Make sure checksum is valid: */
+                fSuccess = strDownloadedSumm == strCalculatedSumm;
+                break;
+            }
+        }
+    }
+    while (false);
+
+    /* If SHA-256 checksum verification failed: */
+    if (!fSuccess)
+    {
+        /* Warn the user about additions-image was downloaded and saved but checksum is invalid: */
+        msgCenter().cannotValidateExtentionPackSHA256Sum(GUI_ExtPackName, source().toString(), QDir::toNativeSeparators(target()));
+        return;
+    }
+
     /* Serialize that buffer into the file: */
     while (true)
@@ -106 +166 @@
         {
             /* Write buffer into the file: */
-            file.write(receivedData);
+            file.write(m_receivedData);
             file.close();
 
             /* Calc the SHA-256 on the bytes, creating a string: */
             uint8_t abHash[RTSHA256_HASH_SIZE];
-            RTSha256(receivedData.constData(), receivedData.length(), abHash);
+            RTSha256(m_receivedData.constData(), m_receivedData.length(), abHash);
             char szDigest[RTSHA256_DIGEST_LEN + 1];
             int rc = RTSha256ToString(abHash, szDigest, sizeof(szDigest));

trunk/src/VBox/Frontends/VirtualBox/src/net/UIDownloaderExtensionPack.h

@@ -50 +50 @@
     bool askForDownloadingConfirmation(UINetworkReply *pReply);
     void handleDownloadedObject(UINetworkReply *pReply);
+    void handleVerifiedObject(UINetworkReply *pReply);
 
     /* Variables: */
     static UIDownloaderExtensionPack *m_spInstance;
+    QByteArray m_receivedData;
 };
 

trunk/src/VBox/Frontends/VirtualBox/src/net/UIUpdateManager.cpp

@@ -56 +56 @@
 
 
-#if 0
 /* enable to test the version update check */
-#define VBOX_NEW_VERSION_TEST "0.0.0_0 http://unknown.unknown.org/0.0.0/VirtualBox-0.0.0-0-unknown.pkg"
-#endif
+//#define VBOX_NEW_VERSION_TEST "5.1.12_0 http://unknown.unknown.org/0.0.0/VirtualBox-0.0.0-0-unknown.pkg"
 
 /* Forward declarations: */