From 0870f9e4e4ac63e9cbe6df79f2ba2c7a5f16ed02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20W=C3=A4ckerlin?= Date: Tue, 3 May 2011 10:21:12 +0000 Subject: [PATCH] option is noe --login to enable immediate login, otherwise logs in at first https-access; also works without cryptoki-library; closes #34 --- swisssurfer/configure.in | 1 - swisssurfer/src/browser.hxx | 1 + swisssurfer/src/main.cxx | 8 +- swisssurfer/src/qmake.pro.in | 1 + swisssurfer/src/smartcardauth.hxx | 180 +++++++++++------------------- swisssurfer/src/swisssurfer_de.ts | 66 +++++++---- swisssurfer/src/swisssurfer_en.ts | 66 +++++++---- swisssurfer/src/swisssurfer_fr.ts | 66 +++++++---- swisssurfer/src/swisssurfer_it.ts | 66 +++++++---- 9 files changed, 245 insertions(+), 210 deletions(-) diff --git a/swisssurfer/configure.in b/swisssurfer/configure.in index 5e869c4..3a14289 100644 --- a/swisssurfer/configure.in +++ b/swisssurfer/configure.in @@ -91,7 +91,6 @@ AC_SUBST(LRELEASE) AC_CHECK_PROGS([LUPDATE], [lupdate-qt4 lupdate-mac lupdate]) test -n "$LUPDATE" || AC_MSG_ERROR([lupdate for Qt 4 not found!]) AC_SUBST(LUPDATE) -QMAKE_OPTIONS= AC_ARG_ENABLE(static-plugins, [AS_HELP_STRING([--enable-static-plugins], [links the image plugins statically])], diff --git a/swisssurfer/src/browser.hxx b/swisssurfer/src/browser.hxx index 5fc18d2..911a4af 100644 --- a/swisssurfer/src/browser.hxx +++ b/swisssurfer/src/browser.hxx @@ -420,6 +420,7 @@ class Browser: public QMainWindow, protected Ui::Browser { void load(QUrl page, QWebView* view=0) { LOG<showMessage(tr("Checking: %1").arg(page.toString())); + if (page.scheme()=="https") _scAuth.login(); if (!check(page)) { LOG<<"########## BLACK LISTED IGNORED ##########"; statusBar()->showMessage(tr("Forbidden: %1").arg(page.toString())); diff --git a/swisssurfer/src/main.cxx b/swisssurfer/src/main.cxx index d808627..598b1dd 100644 --- a/swisssurfer/src/main.cxx +++ b/swisssurfer/src/main.cxx @@ -239,7 +239,7 @@ int main(int argv, char** argc) try { QStringList urls; QString actlib; bool silent(false); - bool login(true); + bool login(false); Settings::MimeTypes mimetypes; QStringList args(app.arguments()); std::auto_ptr settings @@ -253,7 +253,7 @@ int main(int argv, char** argc) try { " -k, --kiosk no url bar\n" " if you sepcify -k and -s, -k must be first\n" " -n, --no-settings don't load or store any settings\n" - " --no-login don't ask for smartcard password\n" + " --login ask for smartcard password at startup\n" " -l, --lib path to file libengine_act.so\n" " -s, --settings \n" " load settings from \n" @@ -279,8 +279,8 @@ int main(int argv, char** argc) try { settings.reset(); } else if ((*it=="-n" || *it=="--no-settings")) { settings.reset(); - } else if (*it=="--no-settings") { - login = false; + } else if (*it=="--login") { + login = true; } else if ((*it=="-l" || *it=="--lib") && ++it!=args.end()) { actlib = *it; } else if ((*it=="-s" || *it=="--settings") && ++it!=args.end()) { diff --git a/swisssurfer/src/qmake.pro.in b/swisssurfer/src/qmake.pro.in index d82f3ea..d790922 100644 --- a/swisssurfer/src/qmake.pro.in +++ b/swisssurfer/src/qmake.pro.in @@ -3,6 +3,7 @@ CONFIG += no_keywords QMAKE_LIBS += -lproxyface -lcryptoki++ -lssl -lcrypto unix { + CONFIG += debug } macx { QMAKE_INCDIR += /opt/local/include diff --git a/swisssurfer/src/smartcardauth.hxx b/swisssurfer/src/smartcardauth.hxx index 4e474dd..a7d4d00 100644 --- a/swisssurfer/src/smartcardauth.hxx +++ b/swisssurfer/src/smartcardauth.hxx @@ -25,12 +25,16 @@ class CryptokiEngine: public QObject, public openssl::Engine { public: - CryptokiEngine(std::string lib, QWidget* p): - _cryptoki(lib), _parent(p) { + CryptokiEngine(std::string lib): + _cryptoki(lib) { OPENSSL_LOG("log"); } operator bool() { + OPENSSL_LOG("Status of CryptokiEngine: " + <<(_privateKey.get() + ?"privateKey defined, ":"privateKey undefined") + <<(_cert.get()?"cert defined":"cert undefined")); return _privateKey.get() && _cert.get(); } @@ -39,6 +43,7 @@ class CryptokiEngine: public QObject, public openssl::Engine { } void cert(cryptoki::Object privateKey, std::auto_ptr c) { + OPENSSL_LOG("log"); _cert = c; _privateKey = std::auto_ptr (new cryptoki::Object(privateKey)); @@ -79,72 +84,11 @@ class CryptokiEngine: public QObject, public openssl::Engine { } virtual std::string rsaSign(const std::string& in, unsigned int type) { - std::string inModded(in); - OPENSSL_LOG("log"); - OPENSSL_LOG("type="< sigsize)) { - // throw std::runtime_error("the size is wrong"); - // } - // } else { - // OPENSSL_LOG("It's not SSL"); - // ASN1_TYPE parameter; - // parameter.type = V_ASN1_NULL; - // parameter.value.ptr = 0; - // X509_ALGOR algor; - // algor.algorithm = OBJ_nid2obj(type); - // algor.parameter = ¶meter; - // ASN1_STRING digest; - // digest.data = (unsigned char *)inModded.data(); - // digest.length = inModded.size(); - // X509_SIG sig; - // sig.algor = &algor; - // sig.digest = &digest; - // int size (i2d_X509_SIG(&sig, 0)); - // if (!algor.algorithm) throw std::runtime_error("algor wrong nid"); - // if (!algor.algorithm->length) - // throw std::runtime_error("algor length"); - // if (size) throw std::runtime_error("digest size"); - // if (size + RSA_PKCS1_PADDING_SIZE < sigsize) - // throw std::runtime_error("incompatible size"); - // unsigned char* buf(new unsigned char[size]); - // i2d_X509_SIG(&sig, &buf); - // inModded.assign((char*)buf, size); - // delete[] buf; - // } - // } - - // //------------------------------------------------- PKCS11_private_encrypt - // { - // char padding(RSA_PKCS1_PADDING); - - // if ((inModded.size() + RSA_PKCS1_PADDING_SIZE) > sigsize) - // throw std::runtime_error("the size is wrong"); - // } - - // //----------------------------------------------------------------------- - // if (in!=inModded) - // OPENSSL_LOG("changed input"<sign(inModded, CKM_RSA_PKCS); + OPENSSL_LOG("type="<sign(in, CKM_RSA_PKCS); } private: @@ -154,17 +98,64 @@ class CryptokiEngine: public QObject, public openssl::Engine { std::string _exponent; std::auto_ptr _privateKey; std::auto_ptr _cert; + +}; + +class SmartCardAuth: public QObject { + Q_OBJECT; + + public: + + SmartCardAuth(const QString& lib, QWidget* p=0, bool loginAtStart=true): + _reg(e(lib)), _parent(p) { + qDebug()<<__PRETTY_FUNCTION__; + if (loginAtStart) login(); + //assert(connect(e(), SIGNAL(certRequired()), SLOT(login()))); + } + + private Q_SLOTS: + + void extendedContextInitialization(ssl_ctx_st* ctx, QSslSocket* socket) { + qDebug()<<__PRETTY_FUNCTION__; + SSL_CTX_set_client_cert_cb(ctx, SmartCardAuth::clientCert); + } + + private: + + static int clientCert(SSL* ssl, X509 **x509, EVP_PKEY **pkey) { + qDebug()<<__PRETTY_FUNCTION__; + if (!e() || !*e()) return 0; // no certificate found + qDebug()<<"*** A "<<__PRETTY_FUNCTION__; + *x509 = e()->cert().lowLevelCopy(); + qDebug()<<"*** B "<<__PRETTY_FUNCTION__; + *pkey = e()->privkey(); + qDebug()<<"*** C "<<__PRETTY_FUNCTION__; + return 1; + } + + static CryptokiEngine* e(const QString& lib = QString()) try { + static CryptokiEngine* _e(new CryptokiEngine(lib.toStdString())); + return _e; + } catch (...) { + return 0; + } + + private: + + openssl::RegisterEngine _reg; + //std::map sockets; public: - void login() { + void login(bool force=false) { QMutexLocker lock(&_mutex); + if (!e() || (!force && *e())) return; // already logged in try { QList authcerts; QList allcerts; QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration()); QList cacerts(sslConfig.caCertificates()); - _slots = _cryptoki.slotList(); + _slots = e()->cryptoki().slotList(); for (cryptoki::SlotList::iterator slot(_slots.begin()); slot!=_slots.end(); ++slot) { _session = @@ -218,9 +209,9 @@ class CryptokiEngine: public QObject, public openssl::Engine { c.id)); if (keys.size()==1) { OPENSSL_LOG("**** found one private key"); - cert(keys[0], - std::auto_ptr - (new openssl::X509(c.data))); + e()->cert(keys[0], + std::auto_ptr + (new openssl::X509(c.data))); sslConfig.setCaCertificates(cacerts); break; } @@ -255,51 +246,6 @@ class CryptokiEngine: public QObject, public openssl::Engine { cryptoki::SlotList _slots; std::auto_ptr _session; QMutex _mutex; - std::auto_ptr _pinEntry; - -}; - -class SmartCardAuth: public QObject { - Q_OBJECT; - - public: - - SmartCardAuth(const QString& lib, QWidget* p=0, bool login=true): - _reg(e(lib, p)) { - qDebug()<<__PRETTY_FUNCTION__; - if (login) e()->login(); - //assert(connect(e(), SIGNAL(certRequired()), SLOT(login()))); - } - - private Q_SLOTS: - - void extendedContextInitialization(ssl_ctx_st* ctx, QSslSocket* socket) { - qDebug()<<__PRETTY_FUNCTION__; - SSL_CTX_set_client_cert_cb(ctx, clientCert); - } - - private: - - static int clientCert(SSL* ssl, X509 **x509, EVP_PKEY **pkey) { - qDebug()<<__PRETTY_FUNCTION__; - if (!*e()) return 0; // no certificate found - qDebug()<<"*** A "<<__PRETTY_FUNCTION__; - *x509 = e()->cert().lowLevelCopy(); - qDebug()<<"*** B "<<__PRETTY_FUNCTION__; - *pkey = e()->privkey(); - qDebug()<<"*** C "<<__PRETTY_FUNCTION__; - return 1; - } - - static CryptokiEngine* e(const QString& lib = QString(), QWidget* p = 0) { - static CryptokiEngine* _e(new CryptokiEngine(lib.toStdString(), p)); - return _e; - } - - private: - - openssl::RegisterEngine _reg; - //std::map sockets; }; diff --git a/swisssurfer/src/swisssurfer_de.ts b/swisssurfer/src/swisssurfer_de.ts index fd97bac..0f5ae7e 100644 --- a/swisssurfer/src/swisssurfer_de.ts +++ b/swisssurfer/src/swisssurfer_de.ts @@ -232,82 +232,82 @@ - + Reading: %1 Reading: %1% - + Zoom: %1% - + Illegal URL: %1 - + Print Document - + %1 - %2 Back to %1 - %2 statusbar actionBack_hovered %1=url %2=title - + Info: %1 - + done. - + page load error. - + %1 statusbar for hovered link %1=url - + Forbidden: %1 - + Access Denied - + <p>Access denied due to security considerations.</p><p>You are not allowed to connect to %1. - + %1 - %2 statusbar actionForward_hovered %1=url %2=title - + About - + SwissSurfer %1 (%2) %3 @@ -321,22 +321,22 @@ Compiled: qt-%5 - + %1 - + Save File As ... - + authentication required - + ssl error @@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; } QMessageBox - + Wrong PIN - + Authentication failed, please try again. @@ -561,7 +561,7 @@ Options: -k, --kiosk no url bar if you sepcify -k and -s, -k must be first -n, --no-settings don't load or store any settings - --no-login don't ask for smartcard password + --login ask for smartcard password at startup -l, --lib <file> path to file libengine_act.so -s, --settings <file> load settings from <file> @@ -577,6 +577,28 @@ Environment: PROXY_PORT proxy port number (actual: %3) PROXY_HOST proxy host name (actual: %4) + Usage: %1 [OPTIONS...] [<url> ...] +Options: + -h, --help show this help text + -k, --kiosk no url bar + if you sepcify -k and -s, -k must be first + -n, --no-settings don't load or store any settings + --no-login don't ask for smartcard password + -l, --lib <file> path to file libengine_act.so + -s, --settings <file> + load settings from <file> + if you sepcify -k and -s, -k must be first + -c, --cert <file> load local client certificate from <file> + -y, --key <file> load local certificate key from <file> + -m, --mime <mime> <ext> <tool> + start <tool> for mimetype <mime> + <url> optional full URL +Environment: + LANGUAGE "de", "en", ... (actual: %5) + PROXY_TYPE "http" or "socks" or "" (actual: %2) + PROXY_PORT proxy port number (actual: %3) + PROXY_HOST proxy host name (actual: %4) + diff --git a/swisssurfer/src/swisssurfer_en.ts b/swisssurfer/src/swisssurfer_en.ts index fd97bac..0f5ae7e 100644 --- a/swisssurfer/src/swisssurfer_en.ts +++ b/swisssurfer/src/swisssurfer_en.ts @@ -232,82 +232,82 @@ - + Reading: %1 Reading: %1% - + Zoom: %1% - + Illegal URL: %1 - + Print Document - + %1 - %2 Back to %1 - %2 statusbar actionBack_hovered %1=url %2=title - + Info: %1 - + done. - + page load error. - + %1 statusbar for hovered link %1=url - + Forbidden: %1 - + Access Denied - + <p>Access denied due to security considerations.</p><p>You are not allowed to connect to %1. - + %1 - %2 statusbar actionForward_hovered %1=url %2=title - + About - + SwissSurfer %1 (%2) %3 @@ -321,22 +321,22 @@ Compiled: qt-%5 - + %1 - + Save File As ... - + authentication required - + ssl error @@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; } QMessageBox - + Wrong PIN - + Authentication failed, please try again. @@ -561,7 +561,7 @@ Options: -k, --kiosk no url bar if you sepcify -k and -s, -k must be first -n, --no-settings don't load or store any settings - --no-login don't ask for smartcard password + --login ask for smartcard password at startup -l, --lib <file> path to file libengine_act.so -s, --settings <file> load settings from <file> @@ -577,6 +577,28 @@ Environment: PROXY_PORT proxy port number (actual: %3) PROXY_HOST proxy host name (actual: %4) + Usage: %1 [OPTIONS...] [<url> ...] +Options: + -h, --help show this help text + -k, --kiosk no url bar + if you sepcify -k and -s, -k must be first + -n, --no-settings don't load or store any settings + --no-login don't ask for smartcard password + -l, --lib <file> path to file libengine_act.so + -s, --settings <file> + load settings from <file> + if you sepcify -k and -s, -k must be first + -c, --cert <file> load local client certificate from <file> + -y, --key <file> load local certificate key from <file> + -m, --mime <mime> <ext> <tool> + start <tool> for mimetype <mime> + <url> optional full URL +Environment: + LANGUAGE "de", "en", ... (actual: %5) + PROXY_TYPE "http" or "socks" or "" (actual: %2) + PROXY_PORT proxy port number (actual: %3) + PROXY_HOST proxy host name (actual: %4) + diff --git a/swisssurfer/src/swisssurfer_fr.ts b/swisssurfer/src/swisssurfer_fr.ts index fd97bac..0f5ae7e 100644 --- a/swisssurfer/src/swisssurfer_fr.ts +++ b/swisssurfer/src/swisssurfer_fr.ts @@ -232,82 +232,82 @@ - + Reading: %1 Reading: %1% - + Zoom: %1% - + Illegal URL: %1 - + Print Document - + %1 - %2 Back to %1 - %2 statusbar actionBack_hovered %1=url %2=title - + Info: %1 - + done. - + page load error. - + %1 statusbar for hovered link %1=url - + Forbidden: %1 - + Access Denied - + <p>Access denied due to security considerations.</p><p>You are not allowed to connect to %1. - + %1 - %2 statusbar actionForward_hovered %1=url %2=title - + About - + SwissSurfer %1 (%2) %3 @@ -321,22 +321,22 @@ Compiled: qt-%5 - + %1 - + Save File As ... - + authentication required - + ssl error @@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; } QMessageBox - + Wrong PIN - + Authentication failed, please try again. @@ -561,7 +561,7 @@ Options: -k, --kiosk no url bar if you sepcify -k and -s, -k must be first -n, --no-settings don't load or store any settings - --no-login don't ask for smartcard password + --login ask for smartcard password at startup -l, --lib <file> path to file libengine_act.so -s, --settings <file> load settings from <file> @@ -577,6 +577,28 @@ Environment: PROXY_PORT proxy port number (actual: %3) PROXY_HOST proxy host name (actual: %4) + Usage: %1 [OPTIONS...] [<url> ...] +Options: + -h, --help show this help text + -k, --kiosk no url bar + if you sepcify -k and -s, -k must be first + -n, --no-settings don't load or store any settings + --no-login don't ask for smartcard password + -l, --lib <file> path to file libengine_act.so + -s, --settings <file> + load settings from <file> + if you sepcify -k and -s, -k must be first + -c, --cert <file> load local client certificate from <file> + -y, --key <file> load local certificate key from <file> + -m, --mime <mime> <ext> <tool> + start <tool> for mimetype <mime> + <url> optional full URL +Environment: + LANGUAGE "de", "en", ... (actual: %5) + PROXY_TYPE "http" or "socks" or "" (actual: %2) + PROXY_PORT proxy port number (actual: %3) + PROXY_HOST proxy host name (actual: %4) + diff --git a/swisssurfer/src/swisssurfer_it.ts b/swisssurfer/src/swisssurfer_it.ts index fd97bac..0f5ae7e 100644 --- a/swisssurfer/src/swisssurfer_it.ts +++ b/swisssurfer/src/swisssurfer_it.ts @@ -232,82 +232,82 @@ - + Reading: %1 Reading: %1% - + Zoom: %1% - + Illegal URL: %1 - + Print Document - + %1 - %2 Back to %1 - %2 statusbar actionBack_hovered %1=url %2=title - + Info: %1 - + done. - + page load error. - + %1 statusbar for hovered link %1=url - + Forbidden: %1 - + Access Denied - + <p>Access denied due to security considerations.</p><p>You are not allowed to connect to %1. - + %1 - %2 statusbar actionForward_hovered %1=url %2=title - + About - + SwissSurfer %1 (%2) %3 @@ -321,22 +321,22 @@ Compiled: qt-%5 - + %1 - + Save File As ... - + authentication required - + ssl error @@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; } QMessageBox - + Wrong PIN - + Authentication failed, please try again. @@ -561,7 +561,7 @@ Options: -k, --kiosk no url bar if you sepcify -k and -s, -k must be first -n, --no-settings don't load or store any settings - --no-login don't ask for smartcard password + --login ask for smartcard password at startup -l, --lib <file> path to file libengine_act.so -s, --settings <file> load settings from <file> @@ -577,6 +577,28 @@ Environment: PROXY_PORT proxy port number (actual: %3) PROXY_HOST proxy host name (actual: %4) + Usage: %1 [OPTIONS...] [<url> ...] +Options: + -h, --help show this help text + -k, --kiosk no url bar + if you sepcify -k and -s, -k must be first + -n, --no-settings don't load or store any settings + --no-login don't ask for smartcard password + -l, --lib <file> path to file libengine_act.so + -s, --settings <file> + load settings from <file> + if you sepcify -k and -s, -k must be first + -c, --cert <file> load local client certificate from <file> + -y, --key <file> load local certificate key from <file> + -m, --mime <mime> <ext> <tool> + start <tool> for mimetype <mime> + <url> optional full URL +Environment: + LANGUAGE "de", "en", ... (actual: %5) + PROXY_TYPE "http" or "socks" or "" (actual: %2) + PROXY_PORT proxy port number (actual: %3) + PROXY_HOST proxy host name (actual: %4) +