|
|
@ -15,6 +15,8 @@ |
|
|
|
|
|
|
|
|
|
|
|
#include <memory> |
|
|
|
#include <memory> |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
extern const QByteArray SWISSSIGN_GOLD_CA_G2; |
|
|
|
|
|
|
|
|
|
|
|
class CryptokiEngine: public QObject, public openssl::Engine { |
|
|
|
class CryptokiEngine: public QObject, public openssl::Engine { |
|
|
|
|
|
|
|
|
|
|
|
Q_OBJECT; |
|
|
|
Q_OBJECT; |
|
|
@ -117,7 +119,11 @@ class SmartCardAuth: public QObject { |
|
|
|
|
|
|
|
|
|
|
|
void extendedContextInitialization(ssl_ctx_st* ctx, QSslSocket* socket) { |
|
|
|
void extendedContextInitialization(ssl_ctx_st* ctx, QSslSocket* socket) { |
|
|
|
qDebug()<<__PRETTY_FUNCTION__; |
|
|
|
qDebug()<<__PRETTY_FUNCTION__; |
|
|
|
SSL_CTX_set_client_cert_cb(ctx, SmartCardAuth::clientCert); |
|
|
|
for (std::list<std::string>::iterator cert(_cacerts.begin()); cert!=_cacerts.end(); ++cert) { |
|
|
|
|
|
|
|
SSL_CTX_add_extra_chain_cert(ctx, openssl::X509(*cert).lowLevelCopy()); |
|
|
|
|
|
|
|
qDebug()<<"Added:\n"<<QSslCertificate(QByteArray(cert->data(), cert->size()), QSsl::Der).toPem(); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
SSL_CTX_set_client_cert_cb(ctx, &SmartCardAuth::clientCert); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private: |
|
|
|
private: |
|
|
@ -151,10 +157,10 @@ class SmartCardAuth: public QObject { |
|
|
|
QMutexLocker lock(&_mutex); |
|
|
|
QMutexLocker lock(&_mutex); |
|
|
|
if (!e() || (!force && *e())) return; // no smartcard or already logged in
|
|
|
|
if (!e() || (!force && *e())) return; // no smartcard or already logged in
|
|
|
|
try { |
|
|
|
try { |
|
|
|
|
|
|
|
_cacerts.clear(); |
|
|
|
QList<CertInfo> authcerts; |
|
|
|
QList<CertInfo> authcerts; |
|
|
|
QList<CertInfo> allcerts; |
|
|
|
QList<CertInfo> allcerts; |
|
|
|
QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration()); |
|
|
|
QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration()); |
|
|
|
QList<QSslCertificate> cacerts(sslConfig.caCertificates()); |
|
|
|
|
|
|
|
_slots = e()->cryptoki().slotList(); |
|
|
|
_slots = e()->cryptoki().slotList(); |
|
|
|
for (cryptoki::SlotList::iterator slot(_slots.begin()); |
|
|
|
for (cryptoki::SlotList::iterator slot(_slots.begin()); |
|
|
|
slot!=_slots.end(); ++slot) { |
|
|
|
slot!=_slots.end(); ++slot) { |
|
|
@ -176,9 +182,7 @@ class SmartCardAuth: public QObject { |
|
|
|
std::string data(cert->attribute(CKA_VALUE).value); |
|
|
|
std::string data(cert->attribute(CKA_VALUE).value); |
|
|
|
if (!keys.size()) { // add CA-certificate
|
|
|
|
if (!keys.size()) { // add CA-certificate
|
|
|
|
OPENSSL_LOG("**** add to CA-certificates"); |
|
|
|
OPENSSL_LOG("**** add to CA-certificates"); |
|
|
|
cacerts.push_back(QSslCertificate |
|
|
|
_cacerts.push_back(data); |
|
|
|
(QByteArray(data.data(), data.size()), |
|
|
|
|
|
|
|
QSsl::Der)); |
|
|
|
|
|
|
|
} else { |
|
|
|
} else { |
|
|
|
OPENSSL_LOG("**** user cert, check for authentictaion"); |
|
|
|
OPENSSL_LOG("**** user cert, check for authentictaion"); |
|
|
|
if (label.value.find("auth")==0 || |
|
|
|
if (label.value.find("auth")==0 || |
|
|
@ -212,7 +216,6 @@ class SmartCardAuth: public QObject { |
|
|
|
e()->cert(keys[0], |
|
|
|
e()->cert(keys[0], |
|
|
|
std::auto_ptr<openssl::X509> |
|
|
|
std::auto_ptr<openssl::X509> |
|
|
|
(new openssl::X509(c.data))); |
|
|
|
(new openssl::X509(c.data))); |
|
|
|
sslConfig.setCaCertificates(cacerts); |
|
|
|
|
|
|
|
break; |
|
|
|
break; |
|
|
|
} |
|
|
|
} |
|
|
|
} catch (std::exception& x) { |
|
|
|
} catch (std::exception& x) { |
|
|
@ -223,6 +226,8 @@ class SmartCardAuth: public QObject { |
|
|
|
" please try again.")); |
|
|
|
" please try again.")); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
QByteArray ca(QSslCertificate(SWISSSIGN_GOLD_CA_G2, QSsl::Pem).toDer()); |
|
|
|
|
|
|
|
_cacerts.push_back(std::string(ca.data(), ca.size())); |
|
|
|
} catch (...) { |
|
|
|
} catch (...) { |
|
|
|
throw; |
|
|
|
throw; |
|
|
|
} |
|
|
|
} |
|
|
@ -246,6 +251,7 @@ class SmartCardAuth: public QObject { |
|
|
|
cryptoki::SlotList _slots; |
|
|
|
cryptoki::SlotList _slots; |
|
|
|
std::auto_ptr<cryptoki::Session> _session; |
|
|
|
std::auto_ptr<cryptoki::Session> _session; |
|
|
|
QMutex _mutex; |
|
|
|
QMutex _mutex; |
|
|
|
|
|
|
|
std::list<std::string> _cacerts; |
|
|
|
|
|
|
|
|
|
|
|
}; |
|
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|