try to set CA to Context, but still does not work; refs #43

master
Marc Wäckerlin 14 years ago
parent d88d12cc57
commit 7ea7d5d845
  1. 2
      swisssurfer/COPYING
  2. 2
      swisssurfer/INSTALL
  3. 1
      swisssurfer/src/downloadmanager.hxx
  4. 6
      swisssurfer/src/main.cxx
  5. 18
      swisssurfer/src/smartcardauth.hxx
  6. 4
      swisssurfer/src/swisssurfer_de.ts
  7. 4
      swisssurfer/src/swisssurfer_en.ts
  8. 4
      swisssurfer/src/swisssurfer_fr.ts
  9. 4
      swisssurfer/src/swisssurfer_it.ts

@ -1 +1 @@
/usr/share/automake-1.11/COPYING /opt/local/share/automake-1.11/COPYING

@ -1 +1 @@
/usr/share/automake-1.11/INSTALL /opt/local/share/automake-1.11/INSTALL

@ -180,6 +180,7 @@ class DownloadManager: public QObject {
<<"OU="<<err->certificate().subjectInfo(QSslCertificate::OrganizationalUnitName) <<"OU="<<err->certificate().subjectInfo(QSslCertificate::OrganizationalUnitName)
<<"C="<<err->certificate().subjectInfo(QSslCertificate::CountryName) <<"C="<<err->certificate().subjectInfo(QSslCertificate::CountryName)
<<"ST="<<err->certificate().subjectInfo(QSslCertificate::StateOrProvinceName); <<"ST="<<err->certificate().subjectInfo(QSslCertificate::StateOrProvinceName);
LOG<<"Certificate:\n"<<err->certificate().toPem();
} }
} }

@ -186,7 +186,7 @@ int main(int argv, char** argc) try {
QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration()); QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration());
QList<QSslCertificate> certs(sslConfig.caCertificates()); QList<QSslCertificate> certs(sslConfig.caCertificates());
certs.push_back(QSslCertificate(SWISSSIGN_GOLD_CA_G2)); certs.push_back(QSslCertificate(SWISSSIGN_GOLD_CA_G2));
certs.push_back(QSslCertificate(SWISSSIGN_SERVER_GOLD_CA_2008_G2)); //certs.push_back(QSslCertificate(SWISSSIGN_SERVER_GOLD_CA_2008_G2));
certs.push_back(QSslCertificate(SWISSSIGN_SILVER_CA_G2)); certs.push_back(QSslCertificate(SWISSSIGN_SILVER_CA_G2));
certs.push_back(QSslCertificate(SWISSSIGN_PLATINUM_CA_G2)); certs.push_back(QSslCertificate(SWISSSIGN_PLATINUM_CA_G2));
sslConfig.setCaCertificates(certs); sslConfig.setCaCertificates(certs);
@ -326,6 +326,10 @@ int main(int argv, char** argc) try {
} }
sslConfig.setPeerVerifyMode(QSslSocket::VerifyPeer); sslConfig.setPeerVerifyMode(QSslSocket::VerifyPeer);
QSslConfiguration::setDefaultConfiguration(sslConfig); QSslConfiguration::setDefaultConfiguration(sslConfig);
assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_GOLD_CA_G2));
//assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_SERVER_GOLD_CA_2008_G2))));
assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_SILVER_CA_G2));
assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_PLATINUM_CA_G2));
//............................................................................ //............................................................................
Browser browser(actlib, urls, settings.get(), mimetypes, silent, login); Browser browser(actlib, urls, settings.get(), mimetypes, silent, login);
browser.show(); browser.show();

@ -15,6 +15,8 @@
#include <memory> #include <memory>
extern const QByteArray SWISSSIGN_GOLD_CA_G2;
class CryptokiEngine: public QObject, public openssl::Engine { class CryptokiEngine: public QObject, public openssl::Engine {
Q_OBJECT; Q_OBJECT;
@ -117,7 +119,11 @@ class SmartCardAuth: public QObject {
void extendedContextInitialization(ssl_ctx_st* ctx, QSslSocket* socket) { void extendedContextInitialization(ssl_ctx_st* ctx, QSslSocket* socket) {
qDebug()<<__PRETTY_FUNCTION__; qDebug()<<__PRETTY_FUNCTION__;
SSL_CTX_set_client_cert_cb(ctx, SmartCardAuth::clientCert); for (std::list<std::string>::iterator cert(_cacerts.begin()); cert!=_cacerts.end(); ++cert) {
SSL_CTX_add_extra_chain_cert(ctx, openssl::X509(*cert).lowLevelCopy());
qDebug()<<"Added:\n"<<QSslCertificate(QByteArray(cert->data(), cert->size()), QSsl::Der).toPem();
}
SSL_CTX_set_client_cert_cb(ctx, &SmartCardAuth::clientCert);
} }
private: private:
@ -151,10 +157,10 @@ class SmartCardAuth: public QObject {
QMutexLocker lock(&_mutex); QMutexLocker lock(&_mutex);
if (!e() || (!force && *e())) return; // no smartcard or already logged in if (!e() || (!force && *e())) return; // no smartcard or already logged in
try { try {
_cacerts.clear();
QList<CertInfo> authcerts; QList<CertInfo> authcerts;
QList<CertInfo> allcerts; QList<CertInfo> allcerts;
QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration()); QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration());
QList<QSslCertificate> cacerts(sslConfig.caCertificates());
_slots = e()->cryptoki().slotList(); _slots = e()->cryptoki().slotList();
for (cryptoki::SlotList::iterator slot(_slots.begin()); for (cryptoki::SlotList::iterator slot(_slots.begin());
slot!=_slots.end(); ++slot) { slot!=_slots.end(); ++slot) {
@ -176,9 +182,7 @@ class SmartCardAuth: public QObject {
std::string data(cert->attribute(CKA_VALUE).value); std::string data(cert->attribute(CKA_VALUE).value);
if (!keys.size()) { // add CA-certificate if (!keys.size()) { // add CA-certificate
OPENSSL_LOG("**** add to CA-certificates"); OPENSSL_LOG("**** add to CA-certificates");
cacerts.push_back(QSslCertificate _cacerts.push_back(data);
(QByteArray(data.data(), data.size()),
QSsl::Der));
} else { } else {
OPENSSL_LOG("**** user cert, check for authentictaion"); OPENSSL_LOG("**** user cert, check for authentictaion");
if (label.value.find("auth")==0 || if (label.value.find("auth")==0 ||
@ -212,7 +216,6 @@ class SmartCardAuth: public QObject {
e()->cert(keys[0], e()->cert(keys[0],
std::auto_ptr<openssl::X509> std::auto_ptr<openssl::X509>
(new openssl::X509(c.data))); (new openssl::X509(c.data)));
sslConfig.setCaCertificates(cacerts);
break; break;
} }
} catch (std::exception& x) { } catch (std::exception& x) {
@ -223,6 +226,8 @@ class SmartCardAuth: public QObject {
" please try again.")); " please try again."));
} }
} }
QByteArray ca(QSslCertificate(SWISSSIGN_GOLD_CA_G2, QSsl::Pem).toDer());
_cacerts.push_back(std::string(ca.data(), ca.size()));
} catch (...) { } catch (...) {
throw; throw;
} }
@ -246,6 +251,7 @@ class SmartCardAuth: public QObject {
cryptoki::SlotList _slots; cryptoki::SlotList _slots;
std::auto_ptr<cryptoki::Session> _session; std::auto_ptr<cryptoki::Session> _session;
QMutex _mutex; QMutex _mutex;
std::list<std::string> _cacerts;
}; };

@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; }
<context> <context>
<name>QMessageBox</name> <name>QMessageBox</name>
<message> <message>
<location filename="smartcardauth.hxx" line="221"/> <location filename="smartcardauth.hxx" line="224"/>
<source>Wrong PIN</source> <source>Wrong PIN</source>
<translation type="unfinished"></translation> <translation type="unfinished"></translation>
</message> </message>
<message> <message>
<location filename="smartcardauth.hxx" line="222"/> <location filename="smartcardauth.hxx" line="225"/>
<source>Authentication failed, please try again.</source> <source>Authentication failed, please try again.</source>
<translation type="unfinished"></translation> <translation type="unfinished"></translation>
</message> </message>

@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; }
<context> <context>
<name>QMessageBox</name> <name>QMessageBox</name>
<message> <message>
<location filename="smartcardauth.hxx" line="221"/> <location filename="smartcardauth.hxx" line="224"/>
<source>Wrong PIN</source> <source>Wrong PIN</source>
<translation type="unfinished"></translation> <translation type="unfinished"></translation>
</message> </message>
<message> <message>
<location filename="smartcardauth.hxx" line="222"/> <location filename="smartcardauth.hxx" line="225"/>
<source>Authentication failed, please try again.</source> <source>Authentication failed, please try again.</source>
<translation type="unfinished"></translation> <translation type="unfinished"></translation>
</message> </message>

@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; }
<context> <context>
<name>QMessageBox</name> <name>QMessageBox</name>
<message> <message>
<location filename="smartcardauth.hxx" line="221"/> <location filename="smartcardauth.hxx" line="224"/>
<source>Wrong PIN</source> <source>Wrong PIN</source>
<translation type="unfinished"></translation> <translation type="unfinished"></translation>
</message> </message>
<message> <message>
<location filename="smartcardauth.hxx" line="222"/> <location filename="smartcardauth.hxx" line="225"/>
<source>Authentication failed, please try again.</source> <source>Authentication failed, please try again.</source>
<translation type="unfinished"></translation> <translation type="unfinished"></translation>
</message> </message>

@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; }
<context> <context>
<name>QMessageBox</name> <name>QMessageBox</name>
<message> <message>
<location filename="smartcardauth.hxx" line="221"/> <location filename="smartcardauth.hxx" line="224"/>
<source>Wrong PIN</source> <source>Wrong PIN</source>
<translation type="unfinished"></translation> <translation type="unfinished"></translation>
</message> </message>
<message> <message>
<location filename="smartcardauth.hxx" line="222"/> <location filename="smartcardauth.hxx" line="225"/>
<source>Authentication failed, please try again.</source> <source>Authentication failed, please try again.</source>
<translation type="unfinished"></translation> <translation type="unfinished"></translation>
</message> </message>

Loading…
Cancel
Save