diff --git a/swisssurfer/src/browser.hxx b/swisssurfer/src/browser.hxx index 3caf00c..f5b28e6 100644 --- a/swisssurfer/src/browser.hxx +++ b/swisssurfer/src/browser.hxx @@ -77,12 +77,12 @@ class Browser: public QMainWindow, protected Ui::Browser { _url->addItems(urls); assert(connect(_url, SIGNAL(currentIndexChanged(const QString&)), SLOT(load(QString)))); - assert(connect(&_networkManager, - SIGNAL(extendedContextInitialization(ssl_ctx_st*, - QSslSocket*)), - &_scAuth, - SLOT(extendedContextInitialization(ssl_ctx_st*, - QSslSocket*)))); + // assert(connect(&_networkManager, + // SIGNAL(extendedContextInitialization(ssl_ctx_st*, + // QSslSocket*)), + // &_scAuth, + // SLOT(extendedContextInitialization(ssl_ctx_st*, + // QSslSocket*)))); assert(connect(&_networkManager, SIGNAL(created(QNetworkReply*)), &_downloadManager, SLOT(add(QNetworkReply*)))); diff --git a/swisssurfer/src/smartcardauth.hxx b/swisssurfer/src/smartcardauth.hxx index 0632cc4..a33728b 100644 --- a/swisssurfer/src/smartcardauth.hxx +++ b/swisssurfer/src/smartcardauth.hxx @@ -16,8 +16,6 @@ #include -// extern const QByteArray SWISSSIGN_GOLD_CA_G2; - class CryptokiEngine: public QObject, public openssl::Engine { Q_OBJECT; @@ -57,46 +55,10 @@ class CryptokiEngine: public QObject, public openssl::Engine { const openssl::X509& cert() { return *_cert; } - - // virtual EVP_PKEY* privkey() { - // OPENSSL_LOG("log"); - // EVP_PKEY* k(EVP_PKEY_new()); - // RSA* r(RSA_new_method(_e)); - // r->n = BN_bin2bn((const unsigned char*)_modulus.data(), - // _modulus.size(), r->n); - // r->e = BN_bin2bn((const unsigned char*)_exponent.data(), - // _exponent.size(), r->e); - // // otherwise OpenSSL emulates sign/verify with encrypt/decrypt - // r->flags |= RSA_FLAG_SIGN_VER; - // EVP_PKEY_set1_RSA(k, r); - // OPENSSL_LOG("RSA_free"); - // RSA_free(r); - // return k; - // } - - // virtual RSA* rsaKey() { - // //EVP_PKEY* k(EVP_PKEY_new()); - // RSA* r(RSA_new_method(_e)); - // // RSA* r(RSA_new()); - // r->n = BN_bin2bn((const unsigned char*)_modulus.data(), - // _modulus.size(), r->n); - // r->e = BN_bin2bn((const unsigned char*)_exponent.data(), - // _exponent.size(), r->e); - // // otherwise OpenSSL emulates sign/verify with encrypt/decrypt - // r->flags |= RSA_FLAG_SIGN_VER; - // //EVP_PKEY_set1_RSA(k, r); - // r->d = BN_bin2bn(0, 0, r->d); - // r->p = BN_bin2bn(0, 0, r->p); - // r->q = BN_bin2bn(0, 0, r->q); - // r->dmp1 = BN_bin2bn(0, 0, r->dmp1); - // r->dmp1 = BN_bin2bn(0, 0, r->dmq1); - // r->iqmp = r->n;/*BN_bin2bn(0, 0, r->iqmp);*/ - // return r; - // } virtual RSA* setupRsa(RSA* r) { - RSA_set_method(r, ENGINE_get_RSA(_e)); - r->engine=_e; + RSA_free(r); + r = RSA_new_method(_e); r->n = BN_bin2bn((const unsigned char*)_modulus.data(), _modulus.size(), r->n); r->e = BN_bin2bn((const unsigned char*)_exponent.data(), @@ -106,11 +68,6 @@ class CryptokiEngine: public QObject, public openssl::Engine { return r; } - - // const RSA_METHOD* rsaMethod() { - // return ENGINE_get_RSA(_e); - // } - protected: virtual const char* id() { @@ -153,38 +110,6 @@ class SmartCardAuth: public QObject { //assert(connect(e(), SIGNAL(certRequired()), SLOT(login()))); } - private Q_SLOTS: - - void extendedContextInitialization(ssl_ctx_st* ctx, QSslSocket* socket) { - // qDebug()<<__PRETTY_FUNCTION__; - // QList expectedSslErrors; - // for (std::list::iterator cert(_cacerts.begin()); - // cert!=_cacerts.end(); ++cert) { - // SSL_CTX_add_extra_chain_cert(ctx, openssl::X509(*cert).lowLevelCopy()); - // expectedSslErrors.push_back(QSslError(QSslError::SelfSignedCertificateInChain, - // QSslCertificate::fromData - // (QByteArray(cert->data(), - // cert->size()), - // QSsl::Der).at(0))); - // //qDebug()<<"Added:\n"<data(), cert->size()), QSsl::Der).toPem(); - // } - // //socket->ignoreSslErrors(expectedSslErrors); - // SSL_CTX_set_client_cert_cb(ctx, &SmartCardAuth::clientCert); - } - - private: - - // static int clientCert(SSL* ssl, X509 **x509, EVP_PKEY **pkey) { - // qDebug()<<__PRETTY_FUNCTION__; - // if (!e() || !*e()) return 0; // no certificate found - // qDebug()<<"*** A "<<__PRETTY_FUNCTION__; - // *x509 = e()->cert().lowLevelCopy(); - // qDebug()<<"*** B "<<__PRETTY_FUNCTION__; - // *pkey = e()->privkey(); - // qDebug()<<"*** C "<<__PRETTY_FUNCTION__; - // return 1; - // } - static CryptokiEngine* e(const QString& lib = QString()) try { static CryptokiEngine* _e(new CryptokiEngine(lib.toStdString())); return _e; @@ -205,7 +130,6 @@ class SmartCardAuth: public QObject { QMutexLocker lock(&_mutex); if (!e() || (!force && *e())) return; // no smartcard or already logged in try { - // _cacerts.clear(); QList authcerts; QList allcerts; QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration()); @@ -230,7 +154,6 @@ class SmartCardAuth: public QObject { std::string data(cert->attribute(CKA_VALUE).value); if (!keys.size()) { // add CA-certificate OPENSSL_LOG("**** add to CA-certificates"); - // _cacerts.push_back(data); } else { OPENSSL_LOG("**** user cert, check for authentictaion"); if (label.value.find("auth")==0 || @@ -272,47 +195,25 @@ class SmartCardAuth: public QObject { sslConfig.setLocalCertificate(localcert); assert(localcert.isValid()); - EVP_PKEY* pk(e()->privkey()); - - // QByteArray secret("That's my Secret"); - RSA* rsa(e()->rsaKey()); - BIO *bio = BIO_new(BIO_s_mem()); - assert(bio); - OPENSSL_CHECK(PEM_write_bio_RSAPrivateKey - (bio, rsa, - 0, 0,0,0,0)); - // EVP_des_ede3_cbc(),(unsigned char*)secret.data(), secret.size(), - // 0, 0)); - char *data(0); - long size(BIO_get_mem_data(bio, &data)); - assert(size); - assert(data); - QByteArray pem(data, size); - BIO_free(bio); - OPENSSL_LOG(pem.data()); - - pem = "-----BEGIN RSA PRIVATE KEY-----\n" - "MIIBOwIBAAJBAMH2yqAGeVNPdgeZ2GoHo31m9aUxZ7QfK2Go2qLTahLpQ3UL1C8G\n" - "LkuMS8SNK0ZGfRMalIpIhv6bW5l3kjogOncCAwEAAQJABVGECtFCoGMsZFb2lSmy\n" - "dOzOzYHGSy0TnnDn1dEgNnZ8sIljElPtUzm9dyXs2P3ICL1sOd7qjpzfJeyxknDL\n" - "AQIhAO5iKdLmhyuW+EDEH19vDs1Pmqs3/ZnT5UgUiJnTJqz3AiEA0ExIfUOCnxq2\n" - "a3Z46KEivcr8JB2P9VqouBbVryiq/oECIQDj8bPCejMoiEzMSX0iWWTTB9qC/KAg\n" - "FtF4skHIrXKfEwIgPCs86Uo+Ch2aQjKHvJMHSRHAgeI0OmiEwiB+e0lhE4ECIQDd\n" - "IbUmHIXt6oHLJmoGFX46bCcfil5eE5FXfiaw7Q9iPw==\n" - "-----END RSA PRIVATE KEY-----\n"; - - bio = BIO_new_mem_buf(const_cast(pem.data()), pem.size()); - rsa = 0; - OPENSSL_CHECK(PEM_read_bio_RSAPrivateKey(bio, &rsa, 0, 0)); - assert(rsa); - BIO_free(bio); + QByteArray pem + ("-----BEGIN RSA PRIVATE KEY-----\n" + "MIIBOwIBAAJBAMH2yqAGeVNPdgeZ2GoHo31m9aUxZ7QfK2" + "Go2qLTahLpQ3UL1C8G\n" + "LkuMS8SNK0ZGfRMalIpIhv6bW5l3kjogOncCAwEAAQJABV" + "GECtFCoGMsZFb2lSmy\n" + "dOzOzYHGSy0TnnDn1dEgNnZ8sIljElPtUzm9dyXs2P3ICL" + "1sOd7qjpzfJeyxknDL\n" + "AQIhAO5iKdLmhyuW+EDEH19vDs1Pmqs3/ZnT5UgUiJnTJq" + "z3AiEA0ExIfUOCnxq2\n" + "a3Z46KEivcr8JB2P9VqouBbVryiq/oECIQDj8bPCejMoiE" + "zMSX0iWWTTB9qC/KAg\n" + "FtF4skHIrXKfEwIgPCs86Uo+Ch2aQjKHvJMHSRHAgeI0Om" + "iEwiB+e0lhE4ECIQDd\n" + "IbUmHIXt6oHLJmoGFX46bCcfil5eE5FXfiaw7Q9iPw==\n" + "-----END RSA PRIVATE KEY-----\n"); QSslKey privkey(pem, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey); - // , - // secret); e()->setupRsa((RSA*)privkey.handle()); - OPENSSL_LOG("Got Key"); - OPENSSL_LOG(privkey.toPem().data()); assert(!privkey.isNull()); sslConfig.setPrivateKey(privkey); QSslConfiguration::setDefaultConfiguration(sslConfig); @@ -329,8 +230,6 @@ class SmartCardAuth: public QObject { " please try again.")); } } - // QByteArray ca(QSslCertificate(SWISSSIGN_GOLD_CA_G2, QSsl::Pem).toDer()); - // _cacerts.push_back(std::string(ca.data(), ca.size())); } catch (...) { throw; } diff --git a/swisssurfer/src/swisssurfer_de.ts b/swisssurfer/src/swisssurfer_de.ts index d96f0b2..2509dc9 100644 --- a/swisssurfer/src/swisssurfer_de.ts +++ b/swisssurfer/src/swisssurfer_de.ts @@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; } QMessageBox - + Wrong PIN - + Authentication failed, please try again. diff --git a/swisssurfer/src/swisssurfer_en.ts b/swisssurfer/src/swisssurfer_en.ts index d96f0b2..2509dc9 100644 --- a/swisssurfer/src/swisssurfer_en.ts +++ b/swisssurfer/src/swisssurfer_en.ts @@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; } QMessageBox - + Wrong PIN - + Authentication failed, please try again. diff --git a/swisssurfer/src/swisssurfer_fr.ts b/swisssurfer/src/swisssurfer_fr.ts index d96f0b2..2509dc9 100644 --- a/swisssurfer/src/swisssurfer_fr.ts +++ b/swisssurfer/src/swisssurfer_fr.ts @@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; } QMessageBox - + Wrong PIN - + Authentication failed, please try again. diff --git a/swisssurfer/src/swisssurfer_it.ts b/swisssurfer/src/swisssurfer_it.ts index d96f0b2..2509dc9 100644 --- a/swisssurfer/src/swisssurfer_it.ts +++ b/swisssurfer/src/swisssurfer_it.ts @@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; } QMessageBox - + Wrong PIN - + Authentication failed, please try again.