try to set CA to Context, but still does not work; refs #43

2011-05-05 13:31:40 +00:00
parent d88d12cc57
commit 7ea7d5d845
9 changed files with 28 additions and 17 deletions
--- a/swisssurfer/src/smartcardauth.hxx
+++ b/swisssurfer/src/smartcardauth.hxx
@@ -15,6 +15,8 @@

 #include <memory>

+extern const QByteArray SWISSSIGN_GOLD_CA_G2;
+
 class CryptokiEngine: public QObject, public openssl::Engine {

    Q_OBJECT;
@@ -117,7 +119,11 @@ class SmartCardAuth: public QObject {
      
    void extendedContextInitialization(ssl_ctx_st* ctx, QSslSocket* socket) {
      qDebug()<<__PRETTY_FUNCTION__;
-      SSL_CTX_set_client_cert_cb(ctx, SmartCardAuth::clientCert);
+      for (std::list<std::string>::iterator cert(_cacerts.begin()); cert!=_cacerts.end(); ++cert) {
+	SSL_CTX_add_extra_chain_cert(ctx, openssl::X509(*cert).lowLevelCopy());
+	qDebug()<<"Added:\n"<<QSslCertificate(QByteArray(cert->data(), cert->size()), QSsl::Der).toPem();
+      }
+      SSL_CTX_set_client_cert_cb(ctx, &SmartCardAuth::clientCert);
    }

  private:
@@ -151,10 +157,10 @@ class SmartCardAuth: public QObject {
      QMutexLocker lock(&_mutex);
      if (!e() || (!force && *e())) return; // no smartcard or already logged in
      try {
+	_cacerts.clear();
        QList<CertInfo> authcerts;
        QList<CertInfo> allcerts;
        QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration());
-        QList<QSslCertificate> cacerts(sslConfig.caCertificates());
        _slots = e()->cryptoki().slotList();
        for (cryptoki::SlotList::iterator slot(_slots.begin());
             slot!=_slots.end(); ++slot) {
@@ -176,9 +182,7 @@ class SmartCardAuth: public QObject {
            std::string data(cert->attribute(CKA_VALUE).value);
            if (!keys.size()) { // add CA-certificate
              OPENSSL_LOG("**** add to CA-certificates");
-              cacerts.push_back(QSslCertificate
-                                (QByteArray(data.data(), data.size()),
-                                 QSsl::Der));
+              _cacerts.push_back(data);
            } else {
              OPENSSL_LOG("**** user cert, check for authentictaion");
              if (label.value.find("auth")==0 ||
@@ -212,7 +216,6 @@ class SmartCardAuth: public QObject {
                e()->cert(keys[0],
                          std::auto_ptr<openssl::X509>
                          (new openssl::X509(c.data)));
-                sslConfig.setCaCertificates(cacerts);
                break;
              }
            } catch (std::exception& x) {
@@ -223,6 +226,8 @@ class SmartCardAuth: public QObject {
                                                    " please try again."));
            }
        }
+	QByteArray ca(QSslCertificate(SWISSSIGN_GOLD_CA_G2, QSsl::Pem).toDer());
+	_cacerts.push_back(std::string(ca.data(), ca.size()));
      } catch (...) {
        throw;
      }
@@ -246,6 +251,7 @@ class SmartCardAuth: public QObject {
    cryptoki::SlotList _slots;
    std::auto_ptr<cryptoki::Session> _session;
    QMutex _mutex;
+    std::list<std::string> _cacerts;

 };