Mercurial > trustbridge
view ui/certificate.cpp @ 1119:5349e2354c48
(issue54) Merge branch runafterinstall
There is now an NSIS Plugin that executes the Software after
installation using COM in the shell of the current user.
With the way over the shell there is no inheritance /
token management required. As it is impossible to
drop all privileges of a token granted by UAC and
still be able to reelevate the Token again with another
RunAs call later this round trip over the Shell was
necessary.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Tue, 16 Sep 2014 19:48:22 +0200 |
| parents | 9bb9932bb819 |
| children | 2a1206932f53 |
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik * Software engineering by Intevation GmbH * * This file is Free Software under the GNU GPL (v>=2) * and comes with ABSOLUTELY NO WARRANTY! * See LICENSE.txt for details. */ #include "certificate.h" #include <QDebug> #include <QFile> #include <QStringList> #include <QObject> #include <polarssl/sha1.h> #include "certhelp.h" #include "listutil.h" /* Qt wrapper around certhelp functions. */ QString getX509Value(x509_name *namebuf, unsigned char *oid) { QString retval; char * buf = get_oid_valstr(namebuf, oid); if (buf == NULL) { return retval; } retval = QString::fromUtf8(buf, -1); free(buf); return retval; } void Certificate::parseDetails(const QByteArray& cert) { x509_crt chain; x509_crt_init(&chain); if (x509_crt_parse_der(&chain, (const unsigned char *)cert.data(), cert.size()) != 0) { qDebug() << "Failed to parse cert.."; return; } mValidFrom = QDateTime(QDate(chain.valid_from.year, chain.valid_from.mon, chain.valid_from.day), QTime(chain.valid_from.hour, chain.valid_from.min, chain.valid_from.sec)); mValidTo = QDateTime(QDate(chain.valid_to.year, chain.valid_to.mon, chain.valid_to.day), QTime(chain.valid_to.hour, chain.valid_to.min, chain.valid_to.sec)); mSubjectCN = getX509Value(&(chain.subject), CERT_OID_CN); mSubjectOU = getX509Value(&(chain.subject), CERT_OID_OU); mSubjectO = getX509Value(&(chain.subject), CERT_OID_O); mSubjectSN = getX509Value(&(chain.subject), CERT_OID_SN); /* Calculate sha1 fingerprint */ unsigned char sha1sum[20]; sha1(chain.raw.p, chain.raw.len, sha1sum); for (int i=0; i < 20; i++) { mFingerprint += QString("%1").arg(sha1sum[i], 0, 16).rightJustified(2, '0'); if (i != 19) { mFingerprint += ":"; } mFingerprint = mFingerprint.toUpper(); } x509_crt_free(&chain); mDetails = QObject::tr("Certificate:\n" " <bold>%1</bold>\n" " %2, %3\n\n" "Serial number:\n" "%4\n" "Valid from: <bold>%5</bold> to <bold>%6</bold>\n\n" "Issued by: ..") .arg(mSubjectCN) .arg(mSubjectO) .arg(mSubjectOU) .arg(mSubjectSN) .arg(QLocale::system().toString(mValidFrom)) .arg(QLocale::system().toString(mValidTo)); } Certificate::Certificate(const QByteArray& derData) : mValid(false), mEditable(false) { if (derData.isEmpty()) { return; } parseDetails(derData); mValid = !mSubjectCN.isEmpty(); /* Default is installation for new certificates */ mBaseLine = QString::fromLatin1("I:") + derData.toBase64(); } Certificate::Certificate(const QString& b64Line) : mValid(false), mEditable(false) { if (b64Line.isEmpty()) { return; } /* Cut of the first two chars (e.g. I: and decode) */ QByteArray derData = QByteArray::fromBase64( b64Line.right(b64Line.size() - 2).toLatin1()); parseDetails(derData); /* If the subject CN is set then at least one x509parse * in polarssl was successfull. And a root certificate * always needs to have a subject CN */ mValid = !mSubjectCN.isEmpty(); mBaseLine = b64Line; } QString Certificate::shortDescription() const { if (!isValid()) { return QObject::tr("Failed to parse certificate"); } QString ret = mSubjectCN; /* Necessary by definition */ /* if (!mSubjectO.isEmpty()) { ret += " - " + mSubjectO; } */ return ret; } QList<Certificate> Certificate::fromFileName(const QString& file_name) { /* We read the file using Qt to avoid filename encoding problems * on Windows */ /* TODO change qDebug errors into messageboxes */ QFile certificateFile(file_name); QByteArray fileContent; QList<Certificate> retval; x509_crt chain; int ret = 0; if (!certificateFile.open(QIODevice::ReadOnly)) { qDebug() << "Failed to read file."; return retval; } if (certificateFile.size() > MAX_LINE_LENGTH * MAX_LINES) { qDebug() << "File too large"; return retval; } fileContent = certificateFile.readAll(); x509_crt_init(&chain); ret = x509_crt_parse(&chain, reinterpret_cast<const unsigned char*>(fileContent.constData()), fileContent.size()); if (ret < 0) { qDebug() << "Failed to parse certificates."; return retval; } if (ret > 0) { qDebug() << "Some certificates could not be parsed."; /* Maybe return here? */ } x509_crt *iter = &chain; while (iter) { QByteArray derData(reinterpret_cast<const char*>(iter->raw.p), static_cast<int>(iter->raw.len)); retval << Certificate(derData); iter = iter->next; } x509_crt_free(&chain); return retval; } void Certificate::setInstallCert(bool install) { if (install && mBaseLine.startsWith("R:")) { mBaseLine.replace(0, 1, "I"); } else if (!install && mBaseLine.startsWith("I:")) { mBaseLine.replace(0, 1, "R"); } }