web
/
surfer
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

try to set CA to Context, but still does not work; refs #43

Browse Source
master
Marc Wäckerlin 14 years ago
parent d88d12cc57
commit 7ea7d5d845
9 changed files with 28 additions and 17 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      swisssurfer/COPYING
  2. 2
      swisssurfer/INSTALL
  3. 1
      swisssurfer/src/downloadmanager.hxx
  4. 6
      swisssurfer/src/main.cxx
  5. 18
      swisssurfer/src/smartcardauth.hxx
  6. 4
      swisssurfer/src/swisssurfer_de.ts
  7. 4
      swisssurfer/src/swisssurfer_en.ts
  8. 4
      swisssurfer/src/swisssurfer_fr.ts
  9. 4
      swisssurfer/src/swisssurfer_it.ts

2
swisssurfer/COPYING
Unescape View File

@ -1 +1 @@
/usr/share/automake-1.11/COPYING
/opt/local/share/automake-1.11/COPYING

2
swisssurfer/INSTALL
Unescape View File

@ -1 +1 @@
/usr/share/automake-1.11/INSTALL
/opt/local/share/automake-1.11/INSTALL

1
swisssurfer/src/downloadmanager.hxx
Unescape View File

@ -180,6 +180,7 @@ class DownloadManager: public QObject {
<<"OU="<<err->certificate().subjectInfo(QSslCertificate::OrganizationalUnitName)
<<"C="<<err->certificate().subjectInfo(QSslCertificate::CountryName)
<<"ST="<<err->certificate().subjectInfo(QSslCertificate::StateOrProvinceName);
LOG<<"Certificate:\n"<<err->certificate().toPem();
}
}

6
swisssurfer/src/main.cxx
Unescape View File

@ -186,7 +186,7 @@ int main(int argv, char** argc) try {
QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration());
QList<QSslCertificate> certs(sslConfig.caCertificates());
certs.push_back(QSslCertificate(SWISSSIGN_GOLD_CA_G2));
certs.push_back(QSslCertificate(SWISSSIGN_SERVER_GOLD_CA_2008_G2));
//certs.push_back(QSslCertificate(SWISSSIGN_SERVER_GOLD_CA_2008_G2));
certs.push_back(QSslCertificate(SWISSSIGN_SILVER_CA_G2));
certs.push_back(QSslCertificate(SWISSSIGN_PLATINUM_CA_G2));
sslConfig.setCaCertificates(certs);
@ -326,6 +326,10 @@ int main(int argv, char** argc) try {
}
sslConfig.setPeerVerifyMode(QSslSocket::VerifyPeer);
QSslConfiguration::setDefaultConfiguration(sslConfig);
assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_GOLD_CA_G2));
//assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_SERVER_GOLD_CA_2008_G2))));
assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_SILVER_CA_G2));
assert(QSslConfiguration::defaultConfiguration().caCertificates().contains(SWISSSIGN_PLATINUM_CA_G2));
//............................................................................
Browser browser(actlib, urls, settings.get(), mimetypes, silent, login);
browser.show();

18
swisssurfer/src/smartcardauth.hxx
Unescape View File

@ -15,6 +15,8 @@
#include <memory>
extern const QByteArray SWISSSIGN_GOLD_CA_G2;
class CryptokiEngine: public QObject, public openssl::Engine {
Q_OBJECT;
@ -117,7 +119,11 @@ class SmartCardAuth: public QObject {
void extendedContextInitialization(ssl_ctx_st* ctx, QSslSocket* socket) {
qDebug()<<__PRETTY_FUNCTION__;
SSL_CTX_set_client_cert_cb(ctx, SmartCardAuth::clientCert);
for (std::list<std::string>::iterator cert(_cacerts.begin()); cert!=_cacerts.end(); ++cert) {
SSL_CTX_add_extra_chain_cert(ctx, openssl::X509(*cert).lowLevelCopy());
qDebug()<<"Added:\n"<<QSslCertificate(QByteArray(cert->data(), cert->size()), QSsl::Der).toPem();
}
SSL_CTX_set_client_cert_cb(ctx, &SmartCardAuth::clientCert);
}
private:
@ -151,10 +157,10 @@ class SmartCardAuth: public QObject {
QMutexLocker lock(&_mutex);
if (!e() || (!force && *e())) return; // no smartcard or already logged in
try {
_cacerts.clear();
QList<CertInfo> authcerts;
QList<CertInfo> allcerts;
QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration());
QList<QSslCertificate> cacerts(sslConfig.caCertificates());
_slots = e()->cryptoki().slotList();
for (cryptoki::SlotList::iterator slot(_slots.begin());
slot!=_slots.end(); ++slot) {
@ -176,9 +182,7 @@ class SmartCardAuth: public QObject {
std::string data(cert->attribute(CKA_VALUE).value);
if (!keys.size()) { // add CA-certificate
OPENSSL_LOG("**** add to CA-certificates");
cacerts.push_back(QSslCertificate
(QByteArray(data.data(), data.size()),
QSsl::Der));
_cacerts.push_back(data);
} else {
OPENSSL_LOG("**** user cert, check for authentictaion");
if (label.value.find("auth")==0 ||
@ -212,7 +216,6 @@ class SmartCardAuth: public QObject {
e()->cert(keys[0],
std::auto_ptr<openssl::X509>
(new openssl::X509(c.data)));
sslConfig.setCaCertificates(cacerts);
break;
}
} catch (std::exception& x) {
@ -223,6 +226,8 @@ class SmartCardAuth: public QObject {
" please try again."));
}
}
QByteArray ca(QSslCertificate(SWISSSIGN_GOLD_CA_G2, QSsl::Pem).toDer());
_cacerts.push_back(std::string(ca.data(), ca.size()));
} catch (...) {
throw;
}
@ -246,6 +251,7 @@ class SmartCardAuth: public QObject {
cryptoki::SlotList _slots;
std::auto_ptr<cryptoki::Session> _session;
QMutex _mutex;
std::list<std::string> _cacerts;
};

4
swisssurfer/src/swisssurfer_de.ts
Unescape View File

@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; }
<context>
<name>QMessageBox</name>
<message>
<location filename="smartcardauth.hxx" line="221"/>
<location filename="smartcardauth.hxx" line="224"/>
<source>Wrong PIN</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="smartcardauth.hxx" line="222"/>
<location filename="smartcardauth.hxx" line="225"/>
<source>Authentication failed, please try again.</source>
<translation type="unfinished"></translation>
</message>

4
swisssurfer/src/swisssurfer_en.ts
Unescape View File

@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; }
<context>
<name>QMessageBox</name>
<message>
<location filename="smartcardauth.hxx" line="221"/>
<location filename="smartcardauth.hxx" line="224"/>
<source>Wrong PIN</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="smartcardauth.hxx" line="222"/>
<location filename="smartcardauth.hxx" line="225"/>
<source>Authentication failed, please try again.</source>
<translation type="unfinished"></translation>
</message>

4
swisssurfer/src/swisssurfer_fr.ts
Unescape View File

@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; }
<context>
<name>QMessageBox</name>
<message>
<location filename="smartcardauth.hxx" line="221"/>
<location filename="smartcardauth.hxx" line="224"/>
<source>Wrong PIN</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="smartcardauth.hxx" line="222"/>
<location filename="smartcardauth.hxx" line="225"/>
<source>Authentication failed, please try again.</source>
<translation type="unfinished"></translation>
</message>

4
swisssurfer/src/swisssurfer_it.ts
Unescape View File

@ -541,12 +541,12 @@ p, li { white-space: pre-wrap; }
<context>
<name>QMessageBox</name>
<message>
<location filename="smartcardauth.hxx" line="221"/>
<location filename="smartcardauth.hxx" line="224"/>
<source>Wrong PIN</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="smartcardauth.hxx" line="222"/>
<location filename="smartcardauth.hxx" line="225"/>
<source>Authentication failed, please try again.</source>
<translation type="unfinished"></translation>
</message>

Write Preview
Loading…
Cancel
Save