view ui/certificate.cpp @ 309:fa37384b86b6

Add trust "Trusted CA to issue server certificates" to certs on install.
author Sascha Wilde <wilde@intevation.de>
date Fri, 04 Apr 2014 09:53:55 +0200
parents 825b42da1855
children 64e38886f903
line wrap: on
line source
#include "certificate.h"
#include <QDebug>
#include <QStringList>
#include <QObject>

#include <polarssl/x509_crt.h>

#define POLARSSL_INFO_BUF_SIZE 2000

Certificate::Certificate(const QString& b64Line) :
    mValid(false)
{
    int ret = -1;
    char buf[POLARSSL_INFO_BUF_SIZE];

    x509_crt x509cert;

    if (b64Line.isEmpty()) {
        return;
    }

    /* Cut of the first two chars (e.g. I: and decode) */
    QByteArray asn1data = QByteArray::fromBase64(
            b64Line.right(b64Line.size() - 2).toLatin1());

    x509_crt_init(&x509cert);
    ret = x509_crt_parse(&x509cert,
                         (const unsigned char*) asn1data.constData(),
                         asn1data.size());
    if (ret != 0) {
        qDebug() << "Parsing certificate failed with error: " << ret;
        qDebug() << "Failed cert: " << asn1data.toBase64();
        x509_crt_free(&x509cert);
        return;
    }

    /* Get a full details string */
    ret = x509_crt_info(buf, POLARSSL_INFO_BUF_SIZE, "", &x509cert);

    if (ret <= 0) {
        qDebug() << "Getting certificate info failed with error: " << ret;
        return;
    }

    /* In case of success the return value is the size of the information
     * written into buf */
    mDetails = QString::fromUtf8(buf, ret);

    /* Get the subject */
    ret = x509_dn_gets(buf, POLARSSL_INFO_BUF_SIZE, &(x509cert.subject));

    if (ret <= 0) {
        qDebug() << "Getting certificate subject failed with error: " << ret;
        return;
    }

    /* TODO check that all asn encodings are handled */
    QString subject = QString::fromUtf8(buf, ret);

    /* TODO check that escaped , are not possible */
    QStringList attrs = subject.split(", ");

    foreach (const QString& attr, attrs) {
        QStringList kv = attr.split("=");
        if (kv.size() != 2) {
            qDebug() << "Failed to parse subject element: " << attr;
            continue;
        }
        mSubjectAttrs.insert(kv[0], kv[1]);
    }

    /* For more information to get from a x509_crt see
     * https://polarssl.org/api/x509_8h.html */

    x509_crt_free(&x509cert);

    mValid = true;

    mBaseLine = b64Line;
}

QString Certificate::getSubjectAttr (const QString& attrName) const {
    return mSubjectAttrs.value(attrName);
}

QString Certificate::shortDescription() const {
    return getSubjectAttr("CN");
}

http://wald.intevation.org/projects/trustbridge/