Mercurial > trustbridge

view ui/certificate.h @ 1119:5349e2354c48

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
(issue54) Merge branch runafterinstall There is now an NSIS Plugin that executes the Software after installation using COM in the shell of the current user. With the way over the shell there is no inheritance / token management required. As it is impossible to drop all privileges of a token granted by UAC and still be able to reelevate the Token again with another RunAs call later this round trip over the Shell was necessary.
author Andre Heinecke <andre.heinecke@intevation.de>
date Tue, 16 Sep 2014 19:48:22 +0200
parents 9bb9932bb819
children 2a1aa9df8f11
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */
#ifndef CERTIFICATE_H
#define CERTIFICATE_H
/**
 * @file certificate.h
 * @brief Class around native certificates.
 *
 */

#include <QByteArray>
#include <QDateTime>
#include <QMap>
#include <QString>

#ifdef Q_OS_WIN
#include <windows.h>
#include <wincrypt.h>
#endif

class Certificate
{
public:

    /** @brief the Status compared to the last installed list. */
    enum Status {
        InstallNew = 1, /* Never seen this before */
        InstallOld, /* Already contained in last list */
        RemoveNew, /* Was an Install certificate in the last list */
        RemoveOld /* Already removed in the last list */
    };

    /** @brief construct a certificate from a line of a certificate list.
     *
     * The first two characters of the string are expected to be
     * the command. I: or R:
     *
     *  @param[in] b64Line The line from the certificate list.
     **/
    Certificate(const QString& b64Line = QString());

    /** @brief construct a certificate from a byte array of DER data
     *
     *  @param[in] derData a der encoded certificate.
     **/
    Certificate(const QByteArray& derData);

    /** @brief check if this certificate could be parsed */
    bool isValid() const {return mValid;}

    /** @brief get a short description of the certificate
     *
     *  This description should be used as a short overview
     *  for this certificate
     *
     **/
    QString shortDescription() const;

    /** @brief get details for the certificate
     *
     * Get a formatted details string usable for user visible
     * certificate details.
     *
     **/
    const QString& details() const {return mDetails;}

    /** @brief get the line from which this certificate was constructed
     *
     * The resulting line includes the instruction e.g.
     *
     * I:BASE64ENCODEDATA...
     *
     **/
    const QString& base64Line() const {return mBaseLine;}

    /** @brief Check if this certificate has the install instruction.
     *
     * This is shorthand for baseLine.startsWith("I:");
     **/
    bool isInstallCert() const {return mBaseLine.startsWith("I:");}

    /** @brief Set the install instruction for this certificate.
     *
     * Set the base 64 line prefix to "I:" or "R:".
     **/
    void setInstallCert(bool install);

    bool isEditable() const {return mEditable;}

    void setEditable(bool edit) {mEditable = edit;}

    /** @brief get the subject OU from the certificate */
    QString subjectOU() const {return mSubjectOU;}

    /** @brief get the subject CN from the certificate */
    QString subjectCN() const {return mSubjectCN;}

    /** @brief get the subject O from the certificate */
    QString subjectO() const {return mSubjectO;}

    /** @brief get the subject SN from the certificate */
    QString subjectSN() const {return mSubjectSN;}

    /** @brief get the date the certificate was issued */
    QDateTime validFrom() const {return mValidFrom;}

    /** @brief get the date the certificate expires */
    QDateTime validTo() const {return mValidTo;}

    /** @brief get the issuer CN from the certificate */
    QString issuerCN() const {return mIssuerCN;}

    /** @brief get the issuer Organization from the certificate */
    QString issuerO() const {return mIssuerO;}

    /** @brief get sha1 sum of the certificate */
    QString fingerprint() const {return mFingerprint;}

    /** @brief construct certificate objects from a file
     *
     *  Constructs a new Certificate Object from a file containing either
     *  one DER encoded certificate or one or many PEM certificates.
     *  If no certificate could be parsed from that file an empty list is
     *  returned.
     *
     *  The size restrictions for the certificate list file also apply
     *  for this file.
     **/
    static QList<Certificate> fromFileName (const QString& file_name);

    friend inline bool operator==(const Certificate& lhs, const Certificate& rhs) {
        return lhs.base64Line() == rhs.base64Line();
    }
private:
    /** @brief Helper function to parse the details of a certificate **/
    void parseDetails(const QByteArray& cert);

    bool mValid;
    /* bool mInstCert; */
    bool mEditable;

    QString mSubjectOU,
            mSubjectCN,
            mSubjectO,
            mSubjectSN,
            mDetails,
            mBaseLine,
            mFingerprint,
            mIssuerO,
            mIssuerCN;

    QDateTime mValidFrom,
              mValidTo;
};
#endif
http://wald.intevation.org/projects/trustbridge/