From afb6b496edc3eebcd8df3280a4ba78155fd5a8ab Mon Sep 17 00:00:00 2001
From: metallkopf <47254555+metallkopf@users.noreply.github.com>
Date: Fri, 1 Feb 2019 17:29:31 -0300
Subject: [PATCH 1/2] Add support for client certificate (p12)

---
 connoptions.lfm | 37 +++++++++++++++++++++++++++++++++++--
 connoptions.pas | 36 ++++++++++++++++++++++++++++++++++++
 main.pas        |  4 ++++
 options.lfm     |  2 +-
 4 files changed, 76 insertions(+), 3 deletions(-)

diff --git a/connoptions.lfm b/connoptions.lfm
index a941af1d..1cab39bd 100644
--- a/connoptions.lfm
+++ b/connoptions.lfm
@@ -18,7 +18,7 @@ inherited ConnOptionsForm: TConnOptionsForm
   Position = poMainFormCenter
   object Page: TPageControl[0]
     Left = 8
-    Height = 283
+    Height = 329
     Top = 69
     Width = 513
     ActivePage = tabConnection
@@ -94,9 +94,10 @@ inherited ConnOptionsForm: TConnOptionsForm
       object cbSSL: TCheckBox
         Left = 260
         Height = 19
-        Top = 75
+        Top = 77
         Width = 60
         Caption = 'Use SSL'
+        OnClick = cbSSLClick
         TabOrder = 2
       end
       object edHost: TEdit
@@ -171,6 +172,38 @@ inherited ConnOptionsForm: TConnOptionsForm
         Caption = 'Always auto-reconnect'
         TabOrder = 7
       end
+      object txCertFile: TLabel
+        Left = 8
+        Height = 18
+        Top = 245
+        Width = 105
+        Caption = 'Client Certificate:'
+        ParentColor = False
+      end
+      object edCertFile: TEdit
+        Left = 180
+        Height = 32
+        Top = 242
+        Width = 316
+        TabOrder = 10
+      end
+      object txCertPass: TLabel
+        Left = 8
+        Height = 18
+        Top = 274
+        Width = 72
+        Caption = 'Private Key:'
+        ParentColor = False
+      end
+      object edCertPass: TEdit
+        Left = 180
+        Height = 32
+        Top = 271
+        Width = 316
+        EchoMode = emPassword
+        PasswordChar = '*'
+        TabOrder = 11
+      end
     end
     object tabProxy: TTabSheet
       Caption = 'Proxy'
diff --git a/connoptions.pas b/connoptions.pas
index 0daec15d..1bbc0462 100644
--- a/connoptions.pas
+++ b/connoptions.pas
@@ -93,6 +93,10 @@   TConnOptionsForm = class(TBaseForm)
     edPort: TSpinEdit;
     txHost: TLabel;
     txPassword: TLabel;
+    txCertFile: TLabel;
+    edCertFile: TEdit;
+    txCertPass: TLabel;
+    edCertPass: TEdit;
     procedure btDelClick(Sender: TObject);
     procedure btNewClick(Sender: TObject);
     procedure btOKClick(Sender: TObject);
@@ -110,6 +114,7 @@   TConnOptionsForm = class(TBaseForm)
     procedure FormCreate(Sender: TObject);
     procedure FormShow(Sender: TObject);
     procedure tabPathsShow(Sender: TObject);
+    procedure cbSSLClick(Sender: TObject);
   private
     FCurConn: string;
     FCurHost: string;
@@ -168,6 +173,11 @@ procedure TConnOptionsForm.cbAuthClick(Sender: TObject);
   cbAskPasswordClick(nil);
 end;
 
+procedure TConnOptionsForm.cbSSLClick(Sender: TObject);
+begin
+  EnableControls(cbSSL.Checked, [txCertFile, edCertFile, txCertPass, edCertPass]);
+end;
+
 procedure TConnOptionsForm.cbConnectionSelect(Sender: TObject);
 var
   i: integer;
@@ -201,6 +211,10 @@ procedure TConnOptionsForm.cbShowAdvancedClick(Sender: TObject);
 begin
   txRpcPath.Visible:=cbShowAdvanced.Checked;
   edRpcPath.Visible:=cbShowAdvanced.Checked;
+  txCertFile.Visible:=cbShowAdvanced.Checked;
+  edCertFile.Visible:=cbShowAdvanced.Checked;
+  txCertPass.Visible:=cbShowAdvanced.Checked;
+  edCertPass.Visible:=cbShowAdvanced.Checked;
 {$ifndef LCLgtk2}
   tabConnection.TabVisible:=cbShowAdvanced.Checked;
 {$endif LCLgtk2}
@@ -506,6 +520,12 @@ procedure TConnOptionsForm.LoadConnSettings(const ConnName: string);
     FCurHost:=edHost.Text;
     edPort.Value:=ReadInteger(Sec, 'Port', 9091);
     cbSSL.Checked:=ReadBool(Sec, 'UseSSL', False);
+    edCertFile.Text:=ReadString(Sec, 'CertFile', '');
+    if cbSSL.Checked then
+      if ReadString(Sec, 'CertPass', '') <> '' then
+        edCertPass.Text:='******'
+      else
+        edCertPass.Text:='';
     cbAutoReconnect.Checked:=ReadBool(Sec, 'Autoreconnect', False);
     edUserName.Text:=ReadString(Sec, 'UserName', '');
     s:=ReadString(Sec, 'Password', '');
@@ -519,6 +539,7 @@ procedure TConnOptionsForm.LoadConnSettings(const ConnName: string);
           edPassword.Text:='';
     end;
     cbAuthClick(nil);
+    cbSSLClick(nil);
     edRpcPath.Text:=ReadString(Sec, 'RpcPath', DefaultRpcPath);
     cbUseProxy.Checked:=ReadBool(Sec, 'UseProxy', False);
     cbUseSocks5.Checked:=ReadBool(Sec, 'UseSockProxy', False);
@@ -562,6 +583,18 @@ procedure TConnOptionsForm.SaveConnSettings(const ConnName: string);
     Sec:='Connection.' + ConnName;
     WriteString(Sec, 'Host', Trim(edHost.Text));
     WriteBool(Sec, 'UseSSL', cbSSL.Checked);
+    if not cbSSL.Checked then begin
+      edCertFile.Text:='';
+      edCertPass.Text:='';
+    end;
+    WriteString(Sec, 'CertFile', edCertFile.Text);
+    if edCertPass.Text <> '******' then begin
+      if edCertPass.Text = '' then
+        s:=''
+      else
+        s:=EncodeBase64(edCertPass.Text);
+      WriteString(Sec, 'CertPass', s);
+    end;
     WriteBool(Sec, 'Autoreconnect', cbAutoReconnect.Checked);
     WriteInteger(Sec, 'Port', edPort.Value);
     if not cbAuth.Checked then begin
@@ -631,6 +664,9 @@ function TConnOptionsForm.IsConnSettingsChanged(const ConnName: string): boolean
     Result:=(edPort.Value <> ReadInteger(Sec, 'Port', 9091)) or
             (edHost.Text <> ReadString(Sec, 'Host', '')) or
             (cbSSL.Checked <> ReadBool(Sec, 'UseSSL', False)) or
+            (edCertFile.Text <> ReadString(Sec, 'CertFile', '')) or
+            ((ReadString(Sec, 'CertPass', '') = '') and (edCertPass.Text <> '')) or
+            ((ReadString(Sec, 'CertPass', '') <> '') and (edCertPass.Text <> '******')) or
             (cbAutoReconnect.Checked <> ReadBool(Sec, 'Autoreconnect', False)) or
             (edUserName.Text <> ReadString(Sec, 'UserName', '')) or
             ((ReadString(Sec, 'Password', '') = '') and (edPassword.Text <> '')) or
diff --git a/main.pas b/main.pas
index 7d6e9f0c..b59a130f 100644
--- a/main.pas
+++ b/main.pas
@@ -4985,8 +4985,12 @@ function TMainForm.DoConnect: boolean;
   if i >= 0 then
     FPasswords.Delete(i);
 
+  RpcObj.Http.Sock.SSL.PFXfile:='';
+  RpcObj.Http.Sock.SSL.KeyPassword:='';
   if Ini.ReadBool(Sec, 'UseSSL', False) then begin
     RpcObj.InitSSL;
+    RpcObj.Http.Sock.SSL.PFXfile:=Ini.ReadString(Sec, 'CertFile', '');
+    RpcObj.Http.Sock.SSL.KeyPassword:=DecodeBase64(Ini.ReadString(Sec, 'CertPass', ''));
     if not IsSSLloaded then begin
       MessageDlg(Format(sSSLLoadError, [DLLSSLName, DLLUtilName]), mtError, [mbOK], 0);
       exit;
diff --git a/options.lfm b/options.lfm
index 992602e8..d588b59b 100644
--- a/options.lfm
+++ b/options.lfm
@@ -16,7 +16,7 @@ inherited OptionsForm: TOptionsForm
   Position = poMainFormCenter
   object Page: TPageControl[0]
     Left = 8
-    Height = 281
+    Height = 329
     Top = 8
     Width = 548
     ActivePage = tabGeneral

From e329cfd55041a4700f9d0f85c2844b114d95a515 Mon Sep 17 00:00:00 2001
From: metallkopf <47254555+metallkopf@users.noreply.github.com>
Date: Fri, 1 Feb 2019 18:07:10 -0300
Subject: [PATCH 2/2] Disable certificate fields in Windows

---
 connoptions.pas | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/connoptions.pas b/connoptions.pas
index 1bbc0462..8e73cf9c 100644
--- a/connoptions.pas
+++ b/connoptions.pas
@@ -175,7 +175,11 @@ procedure TConnOptionsForm.cbAuthClick(Sender: TObject);
 
 procedure TConnOptionsForm.cbSSLClick(Sender: TObject);
 begin
+{$ifndef windows}
   EnableControls(cbSSL.Checked, [txCertFile, edCertFile, txCertPass, edCertPass]);
+{$else}
+  EnableControls(False, [txCertFile, edCertFile, txCertPass, edCertPass]);
+{$endif windows}
 end;
 
 procedure TConnOptionsForm.cbConnectionSelect(Sender: TObject);