Mercurial > trustbridge
view ui/certificate.cpp @ 502:e551de11d8b6
Properly handle the case that the file does not exist.
TRUNCATE makes create file fail if the file does not exist
but we need TRUNCATE in the case that the file already exists
author | Andre Heinecke <aheinecke@intevation.de> |
---|---|
date | Mon, 28 Apr 2014 09:18:07 +0000 |
parents | 17e1c8f37d72 |
children | fb47bab4c71a |
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik * Software engineering by Intevation GmbH * * This file is Free Software under the GNU GPL (v>=2) * and comes with ABSOLUTELY NO WARRANTY! * See LICENSE.txt for details. */ #include "certificate.h" #include <QDebug> #include <QFile> #include <QStringList> #include <QObject> #include <polarssl/sha1.h> #include "certhelp.h" #include "listutil.h" /* Qt wrapper around certhelp functions. */ QString getX509Value(x509_name *namebuf, unsigned char *oid) { QString retval; char * buf = get_oid_valstr(namebuf, oid); if (buf == NULL) { return retval; } retval = QString::fromUtf8(buf, -1); free(buf); return retval; } void Certificate::parseDetails(const QByteArray& cert) { x509_crt chain; x509_crt_init(&chain); if (x509_crt_parse_der(&chain, (const unsigned char *)cert.data(), cert.size()) != 0) { qDebug() << "Failed to parse cert.."; return; } mValidFrom = QDateTime(QDate(chain.valid_from.year, chain.valid_from.mon, chain.valid_from.day), QTime(chain.valid_from.hour, chain.valid_from.min, chain.valid_from.sec)); mValidTo = QDateTime(QDate(chain.valid_to.year, chain.valid_to.mon, chain.valid_to.day), QTime(chain.valid_to.hour, chain.valid_to.min, chain.valid_to.sec)); mSubjectCN = getX509Value(&(chain.subject), CERT_OID_CN); mIssuerCN = getX509Value(&(chain.issuer), CERT_OID_CN); mSubjectOU = getX509Value(&(chain.subject), CERT_OID_OU); mSubjectO = getX509Value(&(chain.subject), CERT_OID_O); mIssuerO = getX509Value(&(chain.issuer), CERT_OID_O); mSubjectSN = getX509Value(&(chain.subject), CERT_OID_SN); /* Calculate sha1 fingerprint */ unsigned char sha1sum[20]; sha1(chain.raw.p, chain.raw.len, sha1sum); for (int i=0; i < 20; i++) { mFingerprint += QString("%1").arg(sha1sum[i], 0, 16).rightJustified(2, '0'); if (i != 19) { mFingerprint += ":"; } mFingerprint = mFingerprint.toUpper(); } x509_crt_free(&chain); mDetails = QObject::tr("Certificate:\n" " <bold>%1</bold>\n" " %2, %3\n\n" "Serial number:\n" "%4\n" "Valid from: <bold>%5</bold> to <bold>%6</bold>\n\n" "Issued by: ..") .arg(mSubjectCN) .arg(mSubjectO) .arg(mSubjectOU) .arg(mSubjectSN) .arg(QLocale::system().toString(mValidFrom)) .arg(QLocale::system().toString(mValidTo)); } Certificate::Certificate(const QByteArray& derData) : mValid(false) { if (derData.isEmpty()) { return; } parseDetails(derData); mValid = !mSubjectCN.isEmpty(); /* Default is installation for new certificates */ mBaseLine = QString::fromLatin1("I:") + derData.toBase64(); } Certificate::Certificate(const QString& b64Line) : mValid(false) { if (b64Line.isEmpty()) { return; } /* Cut of the first two chars (e.g. I: and decode) */ QByteArray derData = QByteArray::fromBase64( b64Line.right(b64Line.size() - 2).toLatin1()); parseDetails(derData); /* If the subject CN is set then at least one x509parse * in polarssl was successfull. And a root certificate * always needs to have a subject CN */ mValid = !mSubjectCN.isEmpty(); mBaseLine = b64Line; } QString Certificate::shortDescription() const { if (!isValid()) { return QObject::tr("Failed to parse certificate"); } QString ret = mSubjectCN; /* Necessary by definition */ if (!mSubjectO.isEmpty()) { ret += " - " + mSubjectO; } if (!mSubjectOU.isEmpty()) { ret += ", " + mSubjectOU; } return ret; } QList<Certificate> Certificate::fromFileName(const QString& file_name) { /* We read the file using Qt to avoid filename encoding problems * on Windows */ /* TODO change qDebug errors into messageboxes */ QFile certificateFile(file_name); QByteArray fileContent; QList<Certificate> retval; x509_crt chain; int ret = 0; if (!certificateFile.open(QIODevice::ReadOnly)) { qDebug() << "Failed to read file."; return retval; } if (certificateFile.size() > MAX_LINE_LENGTH * MAX_LINES) { qDebug() << "File too large"; return retval; } fileContent = certificateFile.readAll(); x509_crt_init(&chain); ret = x509_crt_parse(&chain, reinterpret_cast<const unsigned char*>(fileContent.constData()), fileContent.size()); if (ret < 0) { qDebug() << "Failed to parse certificates."; return retval; } if (ret > 0) { qDebug() << "Some certificates could not be parsed."; /* Maybe return here? */ } x509_crt *iter = &chain; while (iter) { QByteArray derData(reinterpret_cast<const char*>(iter->raw.p), static_cast<int>(iter->raw.len)); retval << Certificate(derData); iter = iter->next; } x509_crt_free(&chain); return retval; } void Certificate::setInstallCert(bool install) { if (install && mBaseLine.startsWith("R:")) { mBaseLine.replace(0, 1, "I"); } else if (!install && mBaseLine.startsWith("I:")) { mBaseLine.replace(0, 1, "R"); } }