try to set CA to Context, but still does not work; refs #43
This commit is contained in:
		| @@ -1 +1 @@ | ||||
| /usr/share/automake-1.11/COPYING | ||||
| /opt/local/share/automake-1.11/COPYING | ||||
| @@ -1 +1 @@ | ||||
| /usr/share/automake-1.11/INSTALL | ||||
| /opt/local/share/automake-1.11/INSTALL | ||||
| @@ -180,6 +180,7 @@ class DownloadManager: public QObject { | ||||
|            <<"OU="<<err->certificate().subjectInfo(QSslCertificate::OrganizationalUnitName) | ||||
|            <<"C="<<err->certificate().subjectInfo(QSslCertificate::CountryName) | ||||
|            <<"ST="<<err->certificate().subjectInfo(QSslCertificate::StateOrProvinceName); | ||||
| 	LOG<<"Certificate:\n"<<err->certificate().toPem(); | ||||
|       } | ||||
|     } | ||||
|  | ||||
|   | ||||
| @@ -186,7 +186,7 @@ int main(int argv, char** argc) try { | ||||
|   QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration()); | ||||
|   QList<QSslCertificate> certs(sslConfig.caCertificates()); | ||||
|   certs.push_back(QSslCertificate(SWISSSIGN_GOLD_CA_G2)); | ||||
|   certs.push_back(QSslCertificate(SWISSSIGN_SERVER_GOLD_CA_2008_G2)); | ||||
|   //certs.push_back(QSslCertificate(SWISSSIGN_SERVER_GOLD_CA_2008_G2)); | ||||
|   certs.push_back(QSslCertificate(SWISSSIGN_SILVER_CA_G2)); | ||||
|   certs.push_back(QSslCertificate(SWISSSIGN_PLATINUM_CA_G2)); | ||||
|   sslConfig.setCaCertificates(certs); | ||||
| @@ -326,6 +326,10 @@ int main(int argv, char** argc) try { | ||||
|     } | ||||
|   sslConfig.setPeerVerifyMode(QSslSocket::VerifyPeer); | ||||
|   QSslConfiguration::setDefaultConfiguration(sslConfig); | ||||
|   assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_GOLD_CA_G2)); | ||||
|   //assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_SERVER_GOLD_CA_2008_G2)))); | ||||
|   assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_SILVER_CA_G2)); | ||||
|   assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_PLATINUM_CA_G2)); | ||||
|   //............................................................................ | ||||
|   Browser browser(actlib, urls, settings.get(), mimetypes, silent, login); | ||||
|   browser.show(); | ||||
|   | ||||
| @@ -15,6 +15,8 @@ | ||||
|  | ||||
| #include <memory> | ||||
|  | ||||
| extern const QByteArray SWISSSIGN_GOLD_CA_G2; | ||||
|  | ||||
| class CryptokiEngine: public QObject, public openssl::Engine { | ||||
|  | ||||
|     Q_OBJECT; | ||||
| @@ -117,7 +119,11 @@ class SmartCardAuth: public QObject { | ||||
|        | ||||
|     void extendedContextInitialization(ssl_ctx_st* ctx, QSslSocket* socket) { | ||||
|       qDebug()<<__PRETTY_FUNCTION__; | ||||
|       SSL_CTX_set_client_cert_cb(ctx, SmartCardAuth::clientCert); | ||||
|       for (std::list<std::string>::iterator cert(_cacerts.begin()); cert!=_cacerts.end(); ++cert) { | ||||
| 	SSL_CTX_add_extra_chain_cert(ctx, openssl::X509(*cert).lowLevelCopy()); | ||||
| 	qDebug()<<"Added:\n"<<QSslCertificate(QByteArray(cert->data(), cert->size()), QSsl::Der).toPem(); | ||||
|       } | ||||
|       SSL_CTX_set_client_cert_cb(ctx, &SmartCardAuth::clientCert); | ||||
|     } | ||||
|  | ||||
|   private: | ||||
| @@ -151,10 +157,10 @@ class SmartCardAuth: public QObject { | ||||
|       QMutexLocker lock(&_mutex); | ||||
|       if (!e() || (!force && *e())) return; // no smartcard or already logged in | ||||
|       try { | ||||
| 	_cacerts.clear(); | ||||
|         QList<CertInfo> authcerts; | ||||
|         QList<CertInfo> allcerts; | ||||
|         QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration()); | ||||
|         QList<QSslCertificate> cacerts(sslConfig.caCertificates()); | ||||
|         _slots = e()->cryptoki().slotList(); | ||||
|         for (cryptoki::SlotList::iterator slot(_slots.begin()); | ||||
|              slot!=_slots.end(); ++slot) { | ||||
| @@ -176,9 +182,7 @@ class SmartCardAuth: public QObject { | ||||
|             std::string data(cert->attribute(CKA_VALUE).value); | ||||
|             if (!keys.size()) { // add CA-certificate | ||||
|               OPENSSL_LOG("**** add to CA-certificates"); | ||||
|               cacerts.push_back(QSslCertificate | ||||
|                                 (QByteArray(data.data(), data.size()), | ||||
|                                  QSsl::Der)); | ||||
|               _cacerts.push_back(data); | ||||
|             } else { | ||||
|               OPENSSL_LOG("**** user cert, check for authentictaion"); | ||||
|               if (label.value.find("auth")==0 || | ||||
| @@ -212,7 +216,6 @@ class SmartCardAuth: public QObject { | ||||
|                 e()->cert(keys[0], | ||||
|                           std::auto_ptr<openssl::X509> | ||||
|                           (new openssl::X509(c.data))); | ||||
|                 sslConfig.setCaCertificates(cacerts); | ||||
|                 break; | ||||
|               } | ||||
|             } catch (std::exception& x) { | ||||
| @@ -223,6 +226,8 @@ class SmartCardAuth: public QObject { | ||||
|                                                     " please try again.")); | ||||
|             } | ||||
|         } | ||||
| 	QByteArray ca(QSslCertificate(SWISSSIGN_GOLD_CA_G2, QSsl::Pem).toDer()); | ||||
| 	_cacerts.push_back(std::string(ca.data(), ca.size())); | ||||
|       } catch (...) { | ||||
|         throw; | ||||
|       } | ||||
| @@ -246,6 +251,7 @@ class SmartCardAuth: public QObject { | ||||
|     cryptoki::SlotList _slots; | ||||
|     std::auto_ptr<cryptoki::Session> _session; | ||||
|     QMutex _mutex; | ||||
|     std::list<std::string> _cacerts; | ||||
|  | ||||
| }; | ||||
|  | ||||
|   | ||||
| @@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; } | ||||
| <context> | ||||
|     <name>QMessageBox</name> | ||||
|     <message> | ||||
|         <location filename="smartcardauth.hxx" line="221"/> | ||||
|         <location filename="smartcardauth.hxx" line="224"/> | ||||
|         <source>Wrong PIN</source> | ||||
|         <translation type="unfinished"></translation> | ||||
|     </message> | ||||
|     <message> | ||||
|         <location filename="smartcardauth.hxx" line="222"/> | ||||
|         <location filename="smartcardauth.hxx" line="225"/> | ||||
|         <source>Authentication failed, please try again.</source> | ||||
|         <translation type="unfinished"></translation> | ||||
|     </message> | ||||
|   | ||||
| @@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; } | ||||
| <context> | ||||
|     <name>QMessageBox</name> | ||||
|     <message> | ||||
|         <location filename="smartcardauth.hxx" line="221"/> | ||||
|         <location filename="smartcardauth.hxx" line="224"/> | ||||
|         <source>Wrong PIN</source> | ||||
|         <translation type="unfinished"></translation> | ||||
|     </message> | ||||
|     <message> | ||||
|         <location filename="smartcardauth.hxx" line="222"/> | ||||
|         <location filename="smartcardauth.hxx" line="225"/> | ||||
|         <source>Authentication failed, please try again.</source> | ||||
|         <translation type="unfinished"></translation> | ||||
|     </message> | ||||
|   | ||||
| @@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; } | ||||
| <context> | ||||
|     <name>QMessageBox</name> | ||||
|     <message> | ||||
|         <location filename="smartcardauth.hxx" line="221"/> | ||||
|         <location filename="smartcardauth.hxx" line="224"/> | ||||
|         <source>Wrong PIN</source> | ||||
|         <translation type="unfinished"></translation> | ||||
|     </message> | ||||
|     <message> | ||||
|         <location filename="smartcardauth.hxx" line="222"/> | ||||
|         <location filename="smartcardauth.hxx" line="225"/> | ||||
|         <source>Authentication failed, please try again.</source> | ||||
|         <translation type="unfinished"></translation> | ||||
|     </message> | ||||
|   | ||||
| @@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; } | ||||
| <context> | ||||
|     <name>QMessageBox</name> | ||||
|     <message> | ||||
|         <location filename="smartcardauth.hxx" line="221"/> | ||||
|         <location filename="smartcardauth.hxx" line="224"/> | ||||
|         <source>Wrong PIN</source> | ||||
|         <translation type="unfinished"></translation> | ||||
|     </message> | ||||
|     <message> | ||||
|         <location filename="smartcardauth.hxx" line="222"/> | ||||
|         <location filename="smartcardauth.hxx" line="225"/> | ||||
|         <source>Authentication failed, please try again.</source> | ||||
|         <translation type="unfinished"></translation> | ||||
|     </message> | ||||
|   | ||||
		Reference in New Issue
	
	Block a user