annotate ui/certificate.cpp @ 263:1fa607af6332

Next baby step: we can import certificates!
author Sascha Wilde <wilde@intevation.de>
date Tue, 01 Apr 2014 17:38:27 +0200
parents 825b42da1855
children 64e38886f903
rev   line source
21
dc1e1e9e62ce Add certificate class and use it
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
1 #include "certificate.h"
82
1f27d6db5ee3 Polarssl based certificate handling
Andre Heinecke <aheinecke@intevation.de>
parents: 81
diff changeset
2 #include <QDebug>
186
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
3 #include <QStringList>
21
dc1e1e9e62ce Add certificate class and use it
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
4 #include <QObject>
dc1e1e9e62ce Add certificate class and use it
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
5
94
f1ebab8639dc Do not save the x509 cert as a member variable
Andre Heinecke <aheinecke@intevation.de>
parents: 83
diff changeset
6 #include <polarssl/x509_crt.h>
f1ebab8639dc Do not save the x509 cert as a member variable
Andre Heinecke <aheinecke@intevation.de>
parents: 83
diff changeset
7
186
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
8 #define POLARSSL_INFO_BUF_SIZE 2000
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
9
83
ba8a548ff252 Expand certificate class to make raw data accessible
Andre Heinecke <aheinecke@intevation.de>
parents: 82
diff changeset
10 Certificate::Certificate(const QString& b64Line) :
186
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
11 mValid(false)
81
112228bd7e4b Remove platform specific certificate immplementations.
Andre Heinecke <aheinecke@intevation.de>
parents: 78
diff changeset
12 {
82
1f27d6db5ee3 Polarssl based certificate handling
Andre Heinecke <aheinecke@intevation.de>
parents: 81
diff changeset
13 int ret = -1;
186
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
14 char buf[POLARSSL_INFO_BUF_SIZE];
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
15
94
f1ebab8639dc Do not save the x509 cert as a member variable
Andre Heinecke <aheinecke@intevation.de>
parents: 83
diff changeset
16 x509_crt x509cert;
81
112228bd7e4b Remove platform specific certificate immplementations.
Andre Heinecke <aheinecke@intevation.de>
parents: 78
diff changeset
17
204
825b42da1855 Avoid printing an error when an empty certificate ist constructed
Andre Heinecke <andre.heinecke@intevation.de>
parents: 186
diff changeset
18 if (b64Line.isEmpty()) {
825b42da1855 Avoid printing an error when an empty certificate ist constructed
Andre Heinecke <andre.heinecke@intevation.de>
parents: 186
diff changeset
19 return;
825b42da1855 Avoid printing an error when an empty certificate ist constructed
Andre Heinecke <andre.heinecke@intevation.de>
parents: 186
diff changeset
20 }
825b42da1855 Avoid printing an error when an empty certificate ist constructed
Andre Heinecke <andre.heinecke@intevation.de>
parents: 186
diff changeset
21
83
ba8a548ff252 Expand certificate class to make raw data accessible
Andre Heinecke <aheinecke@intevation.de>
parents: 82
diff changeset
22 /* Cut of the first two chars (e.g. I: and decode) */
ba8a548ff252 Expand certificate class to make raw data accessible
Andre Heinecke <aheinecke@intevation.de>
parents: 82
diff changeset
23 QByteArray asn1data = QByteArray::fromBase64(
ba8a548ff252 Expand certificate class to make raw data accessible
Andre Heinecke <aheinecke@intevation.de>
parents: 82
diff changeset
24 b64Line.right(b64Line.size() - 2).toLatin1());
ba8a548ff252 Expand certificate class to make raw data accessible
Andre Heinecke <aheinecke@intevation.de>
parents: 82
diff changeset
25
94
f1ebab8639dc Do not save the x509 cert as a member variable
Andre Heinecke <aheinecke@intevation.de>
parents: 83
diff changeset
26 x509_crt_init(&x509cert);
f1ebab8639dc Do not save the x509 cert as a member variable
Andre Heinecke <aheinecke@intevation.de>
parents: 83
diff changeset
27 ret = x509_crt_parse(&x509cert,
82
1f27d6db5ee3 Polarssl based certificate handling
Andre Heinecke <aheinecke@intevation.de>
parents: 81
diff changeset
28 (const unsigned char*) asn1data.constData(),
1f27d6db5ee3 Polarssl based certificate handling
Andre Heinecke <aheinecke@intevation.de>
parents: 81
diff changeset
29 asn1data.size());
1f27d6db5ee3 Polarssl based certificate handling
Andre Heinecke <aheinecke@intevation.de>
parents: 81
diff changeset
30 if (ret != 0) {
1f27d6db5ee3 Polarssl based certificate handling
Andre Heinecke <aheinecke@intevation.de>
parents: 81
diff changeset
31 qDebug() << "Parsing certificate failed with error: " << ret;
204
825b42da1855 Avoid printing an error when an empty certificate ist constructed
Andre Heinecke <andre.heinecke@intevation.de>
parents: 186
diff changeset
32 qDebug() << "Failed cert: " << asn1data.toBase64();
94
f1ebab8639dc Do not save the x509 cert as a member variable
Andre Heinecke <aheinecke@intevation.de>
parents: 83
diff changeset
33 x509_crt_free(&x509cert);
82
1f27d6db5ee3 Polarssl based certificate handling
Andre Heinecke <aheinecke@intevation.de>
parents: 81
diff changeset
34 return;
1f27d6db5ee3 Polarssl based certificate handling
Andre Heinecke <aheinecke@intevation.de>
parents: 81
diff changeset
35 }
1f27d6db5ee3 Polarssl based certificate handling
Andre Heinecke <aheinecke@intevation.de>
parents: 81
diff changeset
36
186
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
37 /* Get a full details string */
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
38 ret = x509_crt_info(buf, POLARSSL_INFO_BUF_SIZE, "", &x509cert);
82
1f27d6db5ee3 Polarssl based certificate handling
Andre Heinecke <aheinecke@intevation.de>
parents: 81
diff changeset
39
1f27d6db5ee3 Polarssl based certificate handling
Andre Heinecke <aheinecke@intevation.de>
parents: 81
diff changeset
40 if (ret <= 0) {
1f27d6db5ee3 Polarssl based certificate handling
Andre Heinecke <aheinecke@intevation.de>
parents: 81
diff changeset
41 qDebug() << "Getting certificate info failed with error: " << ret;
1f27d6db5ee3 Polarssl based certificate handling
Andre Heinecke <aheinecke@intevation.de>
parents: 81
diff changeset
42 return;
1f27d6db5ee3 Polarssl based certificate handling
Andre Heinecke <aheinecke@intevation.de>
parents: 81
diff changeset
43 }
1f27d6db5ee3 Polarssl based certificate handling
Andre Heinecke <aheinecke@intevation.de>
parents: 81
diff changeset
44
1f27d6db5ee3 Polarssl based certificate handling
Andre Heinecke <aheinecke@intevation.de>
parents: 81
diff changeset
45 /* In case of success the return value is the size of the information
186
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
46 * written into buf */
83
ba8a548ff252 Expand certificate class to make raw data accessible
Andre Heinecke <aheinecke@intevation.de>
parents: 82
diff changeset
47 mDetails = QString::fromUtf8(buf, ret);
ba8a548ff252 Expand certificate class to make raw data accessible
Andre Heinecke <aheinecke@intevation.de>
parents: 82
diff changeset
48
186
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
49 /* Get the subject */
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
50 ret = x509_dn_gets(buf, POLARSSL_INFO_BUF_SIZE, &(x509cert.subject));
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
51
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
52 if (ret <= 0) {
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
53 qDebug() << "Getting certificate subject failed with error: " << ret;
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
54 return;
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
55 }
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
56
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
57 /* TODO check that all asn encodings are handled */
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
58 QString subject = QString::fromUtf8(buf, ret);
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
59
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
60 /* TODO check that escaped , are not possible */
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
61 QStringList attrs = subject.split(", ");
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
62
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
63 foreach (const QString& attr, attrs) {
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
64 QStringList kv = attr.split("=");
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
65 if (kv.size() != 2) {
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
66 qDebug() << "Failed to parse subject element: " << attr;
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
67 continue;
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
68 }
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
69 mSubjectAttrs.insert(kv[0], kv[1]);
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
70 }
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
71
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
72 /* For more information to get from a x509_crt see
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
73 * https://polarssl.org/api/x509_8h.html */
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
74
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
75 x509_crt_free(&x509cert);
82
1f27d6db5ee3 Polarssl based certificate handling
Andre Heinecke <aheinecke@intevation.de>
parents: 81
diff changeset
76
1f27d6db5ee3 Polarssl based certificate handling
Andre Heinecke <aheinecke@intevation.de>
parents: 81
diff changeset
77 mValid = true;
83
ba8a548ff252 Expand certificate class to make raw data accessible
Andre Heinecke <aheinecke@intevation.de>
parents: 82
diff changeset
78
ba8a548ff252 Expand certificate class to make raw data accessible
Andre Heinecke <aheinecke@intevation.de>
parents: 82
diff changeset
79 mBaseLine = b64Line;
81
112228bd7e4b Remove platform specific certificate immplementations.
Andre Heinecke <aheinecke@intevation.de>
parents: 78
diff changeset
80 }
186
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
81
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
82 QString Certificate::getSubjectAttr (const QString& attrName) const {
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
83 return mSubjectAttrs.value(attrName);
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
84 }
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
85
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
86 QString Certificate::shortDescription() const {
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
87 return getSubjectAttr("CN");
2551ad24d3c2 Get subject from the certificate and parse it's attributes
Andre Heinecke <andre.heinecke@intevation.de>
parents: 94
diff changeset
88 }

http://wald.intevation.org/projects/trustbridge/