view ui/certificate.h @ 1373:00fcb9c4d16b

(issue179) Handle SW verify failures and try to redownload the update
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 24 Nov 2014 16:46:08 +0100
parents 265583011f24
children
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */
#ifndef CERTIFICATE_H
#define CERTIFICATE_H
/**
 * @file certificate.h
 * @brief Class around native certificates.
 *
 */

#include <QByteArray>
#include <QDateTime>
#include <QMap>
#include <QString>

#ifdef Q_OS_WIN
#include <windows.h>
#include <wincrypt.h>
#endif

/** @brief Object representation of a single certificate
  *
  * This parses a PEM (base64 encoded der certificate) and
  * provides accessors to the parsed certificate information
  * together with meta information about the certificate as
  * it is used by the Application.
  */
class Certificate
{
public:

    /**
     * @enum Status
     * @brief the Status compared to the last installed list. */
    enum Status {
        /*! Never seen this before */ InstallNew = 1,
        /*! Already contained in last list */ InstallOld,
        /*! Was an Install certificate in the last list */ RemoveNew,
        /*! Already removed in the last list */ RemoveOld
    };

    /** @brief construct a certificate from a line of a certificate list.
     *
     * The first two characters of the string are expected to be
     * the command. I: or R:
     *
     *  @param[in] b64Line The line from the certificate list.
     **/
    Certificate(const QString& b64Line = QString());

    /** @brief construct a certificate from a byte array of DER data
     *
     *  @param[in] derData a der encoded certificate.
     **/
    Certificate(const QByteArray& derData);

    /** @brief check if this certificate could be parsed */
    bool isValid() const {return mValid;}

    /** @brief get a short description of the certificate
     *
     *  This description should be used as a short overview
     *  for this certificate
     *
     **/
    QString shortDescription() const;

    /** @brief get details for the certificate
     *
     * Get a formatted details string usable for user visible
     * certificate details.
     *
     **/
    const QString& details() const {return mDetails;}

    /** @brief get the line from which this certificate was constructed
     *
     * The resulting line includes the instruction e.g.
     *
     * I:BASE64ENCODEDATA...
     *
     **/
    const QString& base64Line() const {return mBaseLine;}

    /** @brief Check if this certificate has the install instruction.
     *
     * This is shorthand for baseLine.startsWith("I:");
     **/
    bool isInstallCert() const {return mBaseLine.startsWith("I:");}

    /** @brief Set the install instruction for this certificate.
     *
     * Set the base 64 line prefix to "I:" or "R:".
     **/
    void setInstallCert(bool install);

    /** @brief wether or not the certificate is editable.
     *
     * Editable means that the installation status can be changed.
     * E.g. You can not change the state of a removal certificate
     * that has been removed.
     *
     * @returns true if the certificate is editable */
    bool isEditable() const {return mEditable;}

    /** @brief setter for the editable property. */
    void setEditable(bool edit) {mEditable = edit;}

    /** @brief get the subject OU from the certificate */
    QString subjectOU() const {return mSubjectOU;}

    /** @brief get the subject CN from the certificate */
    QString subjectCN() const {return mSubjectCN;}

    /** @brief get the subject O from the certificate */
    QString subjectO() const {return mSubjectO;}

    /** @brief get the subject SN from the certificate */
    QString subjectSN() const {return mSubjectSN;}

    /** @brief get the date the certificate was issued */
    QDateTime validFrom() const {return mValidFrom;}

    /** @brief get the date the certificate expires */
    QDateTime validTo() const {return mValidTo;}

    /** @brief get the issuer CN from the certificate */
    QString issuerCN() const {return mIssuerCN;}

    /** @brief get the issuer Organization from the certificate */
    QString issuerO() const {return mIssuerO;}

    /** @brief get sha1 sum of the certificate */
    QString fingerprint() const {return mFingerprint;}

    /** @brief construct certificate objects from a file
     *
     *  Constructs a new Certificate Object from a file containing either
     *  one DER encoded certificate or one or many PEM certificates.
     *  If no certificate could be parsed from that file an empty list is
     *  returned.
     *
     *  The size restrictions for the certificate list file also apply
     *  for this file.
     **/
    static QList<Certificate> fromFileName (const QString& file_name);

    /** @brief comparator of two certificates.
     *
     * Two certificates are equal if their base64 raw data is a match
     * regardless of other meta information like state or wether or not
     * it is editable.
     *
     * @returns true if the base64 line of two certificates is equal. 
     **/
    friend inline bool operator==(const Certificate& lhs, const Certificate& rhs) {
        return lhs.base64Line() == rhs.base64Line();
    }

    /** @brief Show the certificate in a native ui dialog.
     *
     * The dialog is external and handled by the OS on windows
     * on GNU/Linux gcr-viewer is used.
     *
     * If parentWindow is not NULL it is used as a handle to the
     * parent Window. Unused on GNU/Linux
     *
     * @returns true on success. false if no native dialog could be shown.
     */
     bool showNativeUI(void *parentWindow);

private:
    /** @brief Helper function to parse the details of a certificate **/
    void parseDetails(const QByteArray& cert);

    bool mValid;
    /* bool mInstCert; */
    bool mEditable;

    QString mSubjectOU,
            mSubjectCN,
            mSubjectO,
            mSubjectSN,
            mDetails,
            mBaseLine,
            mFingerprint,
            mIssuerO,
            mIssuerCN;

    QDateTime mValidFrom,
              mValidTo;
};
#endif

http://wald.intevation.org/projects/trustbridge/