try to set CA to Context, but still does not work; refs #43

master
Marc Wäckerlin 14 years ago
parent d88d12cc57
commit 7ea7d5d845
  1. 2
      swisssurfer/COPYING
  2. 2
      swisssurfer/INSTALL
  3. 1
      swisssurfer/src/downloadmanager.hxx
  4. 6
      swisssurfer/src/main.cxx
  5. 18
      swisssurfer/src/smartcardauth.hxx
  6. 4
      swisssurfer/src/swisssurfer_de.ts
  7. 4
      swisssurfer/src/swisssurfer_en.ts
  8. 4
      swisssurfer/src/swisssurfer_fr.ts
  9. 4
      swisssurfer/src/swisssurfer_it.ts

@ -1 +1 @@
/usr/share/automake-1.11/COPYING
/opt/local/share/automake-1.11/COPYING

@ -1 +1 @@
/usr/share/automake-1.11/INSTALL
/opt/local/share/automake-1.11/INSTALL

@ -180,6 +180,7 @@ class DownloadManager: public QObject {
<<"OU="<<err->certificate().subjectInfo(QSslCertificate::OrganizationalUnitName)
<<"C="<<err->certificate().subjectInfo(QSslCertificate::CountryName)
<<"ST="<<err->certificate().subjectInfo(QSslCertificate::StateOrProvinceName);
LOG<<"Certificate:\n"<<err->certificate().toPem();
}
}

@ -186,7 +186,7 @@ int main(int argv, char** argc) try {
QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration());
QList<QSslCertificate> certs(sslConfig.caCertificates());
certs.push_back(QSslCertificate(SWISSSIGN_GOLD_CA_G2));
certs.push_back(QSslCertificate(SWISSSIGN_SERVER_GOLD_CA_2008_G2));
//certs.push_back(QSslCertificate(SWISSSIGN_SERVER_GOLD_CA_2008_G2));
certs.push_back(QSslCertificate(SWISSSIGN_SILVER_CA_G2));
certs.push_back(QSslCertificate(SWISSSIGN_PLATINUM_CA_G2));
sslConfig.setCaCertificates(certs);
@ -326,6 +326,10 @@ int main(int argv, char** argc) try {
}
sslConfig.setPeerVerifyMode(QSslSocket::VerifyPeer);
QSslConfiguration::setDefaultConfiguration(sslConfig);
assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_GOLD_CA_G2));
//assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_SERVER_GOLD_CA_2008_G2))));
assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_SILVER_CA_G2));
assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_PLATINUM_CA_G2));
//............................................................................
Browser browser(actlib, urls, settings.get(), mimetypes, silent, login);
browser.show();

@ -15,6 +15,8 @@
#include <memory>
extern const QByteArray SWISSSIGN_GOLD_CA_G2;
class CryptokiEngine: public QObject, public openssl::Engine {
Q_OBJECT;
@ -117,7 +119,11 @@ class SmartCardAuth: public QObject {
void extendedContextInitialization(ssl_ctx_st* ctx, QSslSocket* socket) {
qDebug()<<__PRETTY_FUNCTION__;
SSL_CTX_set_client_cert_cb(ctx, SmartCardAuth::clientCert);
for (std::list<std::string>::iterator cert(_cacerts.begin()); cert!=_cacerts.end(); ++cert) {
SSL_CTX_add_extra_chain_cert(ctx, openssl::X509(*cert).lowLevelCopy());
qDebug()<<"Added:\n"<<QSslCertificate(QByteArray(cert->data(), cert->size()), QSsl::Der).toPem();
}
SSL_CTX_set_client_cert_cb(ctx, &SmartCardAuth::clientCert);
}
private:
@ -151,10 +157,10 @@ class SmartCardAuth: public QObject {
QMutexLocker lock(&_mutex);
if (!e() || (!force && *e())) return; // no smartcard or already logged in
try {
_cacerts.clear();
QList<CertInfo> authcerts;
QList<CertInfo> allcerts;
QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration());
QList<QSslCertificate> cacerts(sslConfig.caCertificates());
_slots = e()->cryptoki().slotList();
for (cryptoki::SlotList::iterator slot(_slots.begin());
slot!=_slots.end(); ++slot) {
@ -176,9 +182,7 @@ class SmartCardAuth: public QObject {
std::string data(cert->attribute(CKA_VALUE).value);
if (!keys.size()) { // add CA-certificate
OPENSSL_LOG("**** add to CA-certificates");
cacerts.push_back(QSslCertificate
(QByteArray(data.data(), data.size()),
QSsl::Der));
_cacerts.push_back(data);
} else {
OPENSSL_LOG("**** user cert, check for authentictaion");
if (label.value.find("auth")==0 ||
@ -212,7 +216,6 @@ class SmartCardAuth: public QObject {
e()->cert(keys[0],
std::auto_ptr<openssl::X509>
(new openssl::X509(c.data)));
sslConfig.setCaCertificates(cacerts);
break;
}
} catch (std::exception& x) {
@ -223,6 +226,8 @@ class SmartCardAuth: public QObject {
" please try again."));
}
}
QByteArray ca(QSslCertificate(SWISSSIGN_GOLD_CA_G2, QSsl::Pem).toDer());
_cacerts.push_back(std::string(ca.data(), ca.size()));
} catch (...) {
throw;
}
@ -246,6 +251,7 @@ class SmartCardAuth: public QObject {
cryptoki::SlotList _slots;
std::auto_ptr<cryptoki::Session> _session;
QMutex _mutex;
std::list<std::string> _cacerts;
};

@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; }
<context>
<name>QMessageBox</name>
<message>
<location filename="smartcardauth.hxx" line="221"/>
<location filename="smartcardauth.hxx" line="224"/>
<source>Wrong PIN</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="smartcardauth.hxx" line="222"/>
<location filename="smartcardauth.hxx" line="225"/>
<source>Authentication failed, please try again.</source>
<translation type="unfinished"></translation>
</message>

@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; }
<context>
<name>QMessageBox</name>
<message>
<location filename="smartcardauth.hxx" line="221"/>
<location filename="smartcardauth.hxx" line="224"/>
<source>Wrong PIN</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="smartcardauth.hxx" line="222"/>
<location filename="smartcardauth.hxx" line="225"/>
<source>Authentication failed, please try again.</source>
<translation type="unfinished"></translation>
</message>

@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; }
<context>
<name>QMessageBox</name>
<message>
<location filename="smartcardauth.hxx" line="221"/>
<location filename="smartcardauth.hxx" line="224"/>
<source>Wrong PIN</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="smartcardauth.hxx" line="222"/>
<location filename="smartcardauth.hxx" line="225"/>
<source>Authentication failed, please try again.</source>
<translation type="unfinished"></translation>
</message>

@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; }
<context>
<name>QMessageBox</name>
<message>
<location filename="smartcardauth.hxx" line="221"/>
<location filename="smartcardauth.hxx" line="224"/>
<source>Wrong PIN</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="smartcardauth.hxx" line="222"/>
<location filename="smartcardauth.hxx" line="225"/>
<source>Authentication failed, please try again.</source>
<translation type="unfinished"></translation>
</message>

Loading…
Cancel
Save