first working implementaiion; to be improved; refs #32, closes #28, closes #29

master
Marc Wäckerlin 14 years ago
parent aa806fef5c
commit 9620b5e810
  1. 4
      swisssurfer/README
  2. 16
      swisssurfer/src/browser.hxx
  3. 37
      swisssurfer/src/pindialog.cxx
  4. 22
      swisssurfer/src/pindialog.hxx
  5. 48
      swisssurfer/src/pinentry.hxx
  6. 107
      swisssurfer/src/pinentry.ui
  7. 6
      swisssurfer/src/qmake.pro.in
  8. 102
      swisssurfer/src/smartcardauth.cxx
  9. 227
      swisssurfer/src/smartcardauth.hxx
  10. 99
      swisssurfer/src/swisssurfer_de.ts
  11. 99
      swisssurfer/src/swisssurfer_en.ts
  12. 99
      swisssurfer/src/swisssurfer_fr.ts
  13. 99
      swisssurfer/src/swisssurfer_it.ts

@ -6,6 +6,6 @@ Zum Konfigurieren muss der Pfad zur Installation des gepatchten Qts angegeben we
Start e.g. with:
SWISSSIGNER='java -Xmx256M -Dorg.jpedal.jai=true -Dswing.aatext=true -Dch.abacus.swisssigner.incamail.certlogin=false -splash:swisssigner-splash.png -Dch.abacus.pkcs11.configuration=swisssigner-pkcs11.cfg -Duser.language=de -cp /home/marc/downloads/swisssigner/swisssigner.jar:/home/marc/downloads/swisssigner/bc.jar:bcmail.jar:/home/marc/downloads/swisssigner/bcpg.jar:/home/marc/downloads/swisssigner/bctsp.jar:/home/marc/downloads/swisssigner/exml.jar:/home/marc/downloads/swisssigner/itext.jar:/home/marc/downloads/swisssigner/jai_codec.jar:/home/marc/downloads/swisssigner/jai_core.jar:/home/marc/downloads/swisssigner/jai_imageio.jar:/home/marc/downloads/swisssigner/jdic.jar:/home/marc/downloads/swisssigner/jdic_native.jar:/home/marc/downloads/swisssigner/jdic_stub_unix.jar:/home/marc/downloads/swisssigner/jpedal.jar: ch.abacus.hotdog.SwissSigner locale=de document=<FILENAME> browser_bin=firefox keystores=pkcs11'
SWISSSIGNER='java -Xmx256M -Dorg.jpedal.jai=true -Dswing.aatext=true -Dch.abacus.swisssigner.incamail.certlogin=false -splash:swisssigner-splash.png -Dch.abacus.pkcs11.configuration=swisssigner-pkcs11.cfg -Duser.language=de -cp /home/marc/downloads/swisssigner/swisssigner.jar:/home/marc/downloads/swisssigner/bc.jar:bcmail.jar:/home/marc/downloads/swisssigner/bcpg.jar:/home/marc/downloads/swisssigner/bctsp.jar:/home/marc/downloads/swisssigner/exml.jar:/home/marc/downloads/swisssigner/itext.jar:/home/marc/downloads/swisssigner/jai_codec.jar:/home/marc/downloads/swisssigner/jai_core.jar:/home/marc/downloads/swisssigner/jai_imageio.jar:/home/marc/downloads/swisssigner/jdic.jar:/home/marc/downloads/swisssigner/jdic_native.jar:/home/marc/downloads/swisssigner/jdic_stub_unix.jar:/home/marc/downloads/swisssigner/jpedal.jar: ch.abacus.hotdog.SwissSigner locale=de document=%1 browser_bin=firefox keystores=pkcs11'
src/swisssurfer --mime application/pdf pdf "$SWISSSIGNER" --mime application/x-java-jnlp-file jnlp "javaws <FILENAME>" http://swisssign.com/de/swisssign-support/ss-faq/7-server-certificates/34-how-to-apache-konfiguration-mit-ssl-zertifikaten
src/swisssurfer --mime application/pdf pdf "$SWISSSIGNER" --mime application/x-java-jnlp-file jnlp "javaws %1" http://swisssign.com/de/swisssign-support/ss-faq/7-server-certificates/34-how-to-apache-konfiguration-mit-ssl-zertifikaten

@ -729,7 +729,7 @@ class Browser: public QMainWindow, protected Ui::Browser {
void loadFinished(bool ok) {
LOG<<(ok?"success":"error");
if (ok) statusBar()->showMessage(tr("done."));
statusBar()->showMessage(ok?tr("done."):tr("page load error."));
activateTab();
}
@ -1048,11 +1048,19 @@ class Browser: public QMainWindow, protected Ui::Browser {
void unsupportedContent(QNetworkReply* reply) {
LOG<<reply->header(QNetworkRequest::ContentTypeHeader).toString();
LOG<<"Status:"<<networkError(reply->error());
assert(connect(reply, SIGNAL(finished()), SLOT(downloadFinished())));
if (reply->isFinished())
handleContent(reply);
else
assert(connect(reply, SIGNAL(finished()), SLOT(downloadFinished())));
}
void downloadFinished() {
LOG;
QNetworkReply *reply(qobject_cast<QNetworkReply*>(sender()));
handleContent(reply);
}
void handleContent(QNetworkReply* reply) {
LOG<<"Location:"<<reply->header(QNetworkRequest::LocationHeader)
.toString();
LOG<<"Content-Type:"<<reply->header(QNetworkRequest::ContentTypeHeader)
@ -1063,7 +1071,8 @@ class Browser: public QMainWindow, protected Ui::Browser {
LOG<<"Path:"<<reply->url().path();
Settings::MimeTypes::const_iterator it
(_settings.mimetypes().find
(reply->header(QNetworkRequest::ContentTypeHeader).toString()));
(reply->header(QNetworkRequest::ContentTypeHeader).toString()
.split(';')[0]));
if (it!=_settings.mimetypes().end()) {
QTemporaryFile *file =
new QTemporaryFile(QDir::tempPath()+QDir::separator()
@ -1097,6 +1106,7 @@ class Browser: public QMainWindow, protected Ui::Browser {
}
void processFinished() {
LOG;
delete _downloadProcesses[qobject_cast<QProcess*>(sender())];
_downloadProcesses.erase(qobject_cast<QProcess*>(sender()));
}

@ -1,37 +0,0 @@
#include <QtGui>
#include "pindialog.hxx"
PinDialog::PinDialog(QWidget *parent)
: QDialog(parent)
{
label=new QLabel(tr("Enter &PIN:"));
lineEdit=new QLineEdit;
lineEdit->setEchoMode(QLineEdit::Password);
label->setBuddy(lineEdit);
okButton=new QPushButton(tr("&OK"));
okButton->setDefault(true);
cancelButton=new QPushButton(tr("&Cancel"));
connect(okButton, SIGNAL(clicked()), this, SLOT(accept()));
connect(cancelButton, SIGNAL(clicked()), this, SLOT(reject()));
QHBoxLayout* tl= new QHBoxLayout;
tl->addWidget(label);
tl->addWidget(lineEdit);
QHBoxLayout* bl= new QHBoxLayout;
bl->addStretch();
bl->addWidget(okButton);
bl->addWidget(cancelButton);
QVBoxLayout* ml= new QVBoxLayout;
ml->addLayout(tl);
ml->addLayout(bl);
setLayout(ml);
}
QString PinDialog::pin() const {
// TODO: Cleanup of internal strings as soon as the PIN is retrieved
return lineEdit ? lineEdit->text() : "";
}

@ -1,22 +0,0 @@
#ifndef PINDIALOG_H
#define PINDIALOG_H
#include <QDialog>
class QLabel;
class QLineEdit;
class QPushButton;
class PinDialog : public QDialog
{
Q_OBJECT
public:
PinDialog(QWidget *parent = 0);
QString pin() const;
private:
QLabel* label;
QLineEdit* lineEdit;
QPushButton* okButton;
QPushButton* cancelButton;
};
#endif // PINDIALOG_H

@ -0,0 +1,48 @@
/*! @file
@id $Id$
*/
// 1 2 3 4 5 6 7 8
// 45678901234567890123456789012345678901234567890123456789012345678901234567890
#ifndef __PINDIALOG_HXX__
#define __PINDIALOG_HXX__
#include <ui_pinentry.h>
#include <QtGui/QDialog>
#include <QtCore/QDateTime>
#include <QtNetwork/QSslCertificate>
#include <QtCore/QDebug>
class PinEntry: public QDialog, public Ui::PinEntry {
Q_OBJECT;
public:
PinEntry(const QSslCertificate& cert, QWidget *parent=0): QDialog(parent) {
setupUi(this);
_commonName->setText(cert.subjectInfo(QSslCertificate::CommonName));
_organization->setText(cert.subjectInfo(QSslCertificate::Organization));
_email->setText(cert.alternateSubjectNames()
.find(QSsl::EmailEntry).value());
_serial->setText(cert.serialNumber());
_expiry->setText(cert.expiryDate().toString());
_issuerCa->setText(cert.issuerInfo(QSslCertificate::CommonName));
_commonName->setVisible(_commonName->text().size());
_commonNameLabel->setVisible(_commonName->text().size());
_organization->setVisible(_organization->text().size());
_organizationLabel->setVisible(_organization->text().size());
_email->setVisible(_email->text().size());
_emailLabel->setVisible(_email->text().size());
_serial->setVisible(_serial->text().size());
_serialLabel->setVisible(_serial->text().size());
_expiry->setVisible(_expiry->text().size());
_expiryLabel->setVisible(_expiry->text().size());
_issuerCa->setVisible(_issuerCa->text().size());
_issuerCaLabel->setVisible(_issuerCa->text().size());
}
QString pin() const {
return _pin->text();
}
};
#endif

@ -6,12 +6,12 @@
<rect>
<x>0</x>
<y>0</y>
<width>389</width>
<height>218</height>
<width>351</width>
<height>369</height>
</rect>
</property>
<property name="windowTitle">
<string>SwissSign Pin Entry</string>
<string>Certificate PIN Entry</string>
</property>
<layout class="QVBoxLayout" name="verticalLayout">
<item>
@ -23,7 +23,7 @@
</sizepolicy>
</property>
<property name="text">
<string>Please enter your SwissSign Certificate PIN to authenticate yourself:</string>
<string>Please enter your Certificate PIN to authenticate:</string>
</property>
<property name="wordWrap">
<bool>true</bool>
@ -43,10 +43,107 @@
</widget>
</item>
<item row="0" column="1">
<widget class="QLineEdit" name="_pin"/>
<widget class="QLineEdit" name="_pin">
<property name="echoMode">
<enum>QLineEdit::Password</enum>
</property>
</widget>
</item>
</layout>
</item>
<item>
<widget class="QGroupBox" name="groupBox">
<property name="title">
<string>Certificate Information</string>
</property>
<layout class="QFormLayout" name="formLayout_3">
<item row="0" column="0">
<widget class="QLabel" name="_commonNameLabel">
<property name="text">
<string>Common Name:</string>
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="QLabel" name="_commonName">
<property name="text">
<string>TextLabel</string>
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QLabel" name="_organizationLabel">
<property name="text">
<string>Organization:</string>
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QLabel" name="_organization">
<property name="text">
<string>TextLabel</string>
</property>
</widget>
</item>
<item row="2" column="0">
<widget class="QLabel" name="_emailLabel">
<property name="text">
<string>E-Mail:</string>
</property>
</widget>
</item>
<item row="2" column="1">
<widget class="QLabel" name="_email">
<property name="text">
<string>TextLabel</string>
</property>
</widget>
</item>
<item row="3" column="0">
<widget class="QLabel" name="_serialLabel">
<property name="text">
<string>Serial</string>
</property>
</widget>
</item>
<item row="3" column="1">
<widget class="QLabel" name="_serial">
<property name="text">
<string>TextLabel</string>
</property>
</widget>
</item>
<item row="4" column="0">
<widget class="QLabel" name="_expiryLabel">
<property name="text">
<string>Expiry:</string>
</property>
</widget>
</item>
<item row="4" column="1">
<widget class="QLabel" name="_expiry">
<property name="text">
<string>TextLabel</string>
</property>
</widget>
</item>
<item row="5" column="0">
<widget class="QLabel" name="_issuerCaLabel">
<property name="text">
<string>Issuer CA:</string>
</property>
</widget>
</item>
<item row="5" column="1">
<widget class="QLabel" name="_issuerCa">
<property name="text">
<string>TextLabel</string>
</property>
</widget>
</item>
</layout>
</widget>
</item>
<item>
<spacer name="verticalSpacer">
<property name="orientation">

@ -1,5 +1,5 @@
QT += webkit network gui
CONFIG += debug
CONFIG += debug no_keywords
QMAKE_LIBS += -lproxyface -lcryptoki++ -lssl -lcrypto
QMAKE_INCDIR += ../../qt/qt-everywhere-opensource-src-4.6.3/include/Qt \
../../openssl-act-engine/src/
@ -20,9 +20,9 @@ TRANSLATIONS = @PACKAGENAME@_en.ts \
@PACKAGENAME@_fr.ts \
@PACKAGENAME@_it.ts
SOURCES = main.cxx smartcardauth.cxx pindialog.cxx webpage.cxx
SOURCES = main.cxx smartcardauth.cxx webpage.cxx
HEADERS = browser.hxx smartcardauth.hxx pindialog.hxx \
HEADERS = browser.hxx smartcardauth.hxx pinentry.hxx \
downloadmanager.hxx settings.hxx sslclientnetworkmanager.hxx \
authentication.hxx webpage.hxx

@ -10,72 +10,10 @@
#include <QtCore/QCoreApplication>
#include <QtGui/QMessageBox>
#include <QtCore/QDebug>
ENGINE* e=0;
enum_certs_s* certs_found=0;
QWidget* parent=0;
bool pin_configured=false;
bool pin_rejected=false;
QMutex _mutex;
SmartCardAuth::SmartCardAuth(const QString& actlib) {
//QSslSocketPrivate::ensureInitialized();
if (e || actlib.isEmpty()) return;
ENGINE_load_dynamic();
e = ENGINE_by_id("dynamic");
Q_ASSERT(e);
int r=ENGINE_ctrl_cmd_string(e, "SO_PATH", actlib.toStdString().c_str(), 0);
Q_ASSERT(r);
r=ENGINE_ctrl_cmd_string(e, "ID", "act", 0);
Q_ASSERT(r);
r=ENGINE_ctrl_cmd_string(e, "LIST_ADD", "1", 0);
Q_ASSERT(r);
r=ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0);
Q_ASSERT(r);
if (!r) {
unsigned int err = 0;
while((err = ERR_get_error())) {
char *str = ERR_error_string(err, NULL);
fprintf(stderr,"%s\n", str);
}
}
r=ENGINE_init(e);
}
SmartCardAuth::~SmartCardAuth() {
if (!e) return;
ENGINE_finish(e);
ENGINE_cleanup();
e=0;
}
/*
std::map<ssl_ctx_st*, QSslSocket*> sockets;
int client_cert_cb(SSL* ssl, X509 **x509, EVP_PKEY **pkey) {
if (!e) return 0;
while (!_mutex.tryLock()) QCoreApplication::processEvents();
static std::set<QString> allowedUrls;
std::map<ssl_ctx_st*, QSslSocket*>::iterator it(sockets.find(ssl->ctx));
if (it!=sockets.end()) {
if (allowedUrls.find(it->second->peerName())==allowedUrls.end()) {
if (QMessageBox::question(0, QObject::tr("Send Authentication?"),
QObject::tr("Do you want to authenticate yourself to"
" %1?")
.arg(it->second->peerName()),
QMessageBox::Yes|QMessageBox::No)
== QMessageBox::Yes)
allowedUrls.insert(it->second->peerName());
else
return 0;
}
sockets.erase(it);
}
// NB: Keep in mind that this function is called for EVERY SSL connection to be opened.
@ -150,35 +88,37 @@ int client_cert_cb(SSL* ssl, X509 **x509, EVP_PKEY **pkey) {
_mutex.unlock();
return 1;
}
/*
/*
void SmartCardAuth::extendedContextInitialization(ssl_ctx_st *ctx,
QSslSocket *socket)
{
if (!e) return;
bool result = false;
bool result = false;
if(!certs_found)
result = (ENGINE_ctrl_cmd(e, "ENUM_CERTS", 0, &certs_found, NULL, 0) != 0);
else
result = true;
if(!certs_found)
result = (ENGINE_ctrl_cmd(e, "ENUM_CERTS", 0, &certs_found, NULL, 0) != 0);
else
result = true;
#ifdef USE_CERTIFICATE_FILE
// Load a specific intermediate certificate from a file
//! @todo PEM-File
BIO* cert_file= BIO_new_file("swsign_interm.pem", "r");
X509* interm=PEM_read_bio_X509(cert_file,NULL,NULL, NULL);
BIO_free(cert_file);
// Load a specific intermediate certificate from a file
//! @todo PEM-File
BIO* cert_file= BIO_new_file("swsign_interm.pem", "r");
X509* interm=PEM_read_bio_X509(cert_file,NULL,NULL, NULL);
BIO_free(cert_file);
SSL_CTX_add_extra_chain_cert(ctx,interm);
SSL_CTX_add_extra_chain_cert(ctx,interm);
#else
// Add all of the card's certificates without a private key as intermediate certs
for(size_t i=certs_found->num_certs;i--;)
// Add all of the card's certificates without a private key as intermediate certs
for(size_t i=certs_found->num_certs;i--;)
{
if(certs_found->certificate[i].id == NULL)
SSL_CTX_add_extra_chain_cert(ctx, X509_dup(certs_found->certificate[i].cert));
if(certs_found->certificate[i].id == NULL)
SSL_CTX_add_extra_chain_cert(ctx, X509_dup(certs_found->certificate[i].cert));
}
#endif
sockets[ctx] = socket;
SSL_CTX_set_client_cert_cb(ctx, client_cert_cb);
sockets[ctx] = socket;
SSL_CTX_set_client_cert_cb(ctx, client_cert_cb);
}
*/

@ -3,20 +3,239 @@
#include <QtCore/QMutex>
#include <QtNetwork/QSslSocket>
#include <QtNetwork/QSslConfiguration>
#include <QtNetwork/QSslCertificate>
#include <QtGui/QMessageBox>
#include <openssl/ssl.h>
#include <pinentry.hxx>
#include <cryptoki.hxx>
#include <openssl-engine.hxx>
#include <openssl.hxx>
#include <memory>
class CryptokiEngine: public openssl::Engine {
public:
CryptokiEngine(std::string lib):
_cryptoki(lib) {
OPENSSL_LOG("log");
QSslConfiguration sslConfig(QSslConfiguration::defaultConfiguration());
QList<QSslCertificate> cacerts(sslConfig.caCertificates());
QList<QSslCertificate> authcerts;
QList<QSslCertificate> allcerts;
QSslCertificate cert;
_slots = _cryptoki.slotList();
for (cryptoki::SlotList::iterator slot(_slots.begin());
slot!=_slots.end() && _pin.isEmpty(); ++slot) {
_session =
std::auto_ptr<cryptoki::Session>(new cryptoki::Session(*slot));
cryptoki::ObjectList certs(_session->find
(cryptoki::Attribute(CKA_CLASS)
.from<CK_OBJECT_CLASS>(CKO_CERTIFICATE)));
for (cryptoki::ObjectList::iterator cert(certs.begin());
cert!=certs.end() && _pin.isEmpty(); ++cert) {
cryptoki::Attribute label(cert->attribute(CKA_LABEL));
cryptoki::Attribute id(cert->attribute(CKA_ID));
OPENSSL_LOG("**** FOUND CERTIFICATE: "<<label.value);
cryptoki::ObjectList keys
(_session->find(cryptoki::Attribute(CKA_CLASS)
.from<CK_OBJECT_CLASS>(CKO_PUBLIC_KEY),
id));
OPENSSL_LOG("**** with keys: "<<keys.size());
if (!keys.size()) { // add CA-certificate
std::string data(cert->attribute(CKA_VALUE).value);
cacerts.push_back(QSslCertificate
(QByteArray(data.data(), data.size()),
QSsl::Der));
} else {
if (label.value.find("auth")==0) {
std::string data(cert->attribute(CKA_VALUE).value);
QSslCertificate c(QByteArray(data.data(), data.size()),
QSsl::Der);
PinEntry pinEntry(c); /*! @todo set widget */
while (pinEntry.exec()==PinEntry::Accepted)
try {
cryptoki::Attribute value(cert->attribute(CKA_VALUE));
_cert = std::auto_ptr<openssl::X509>
(new openssl::X509(value.value));
_session->login(pinEntry.pin().toStdString());
cryptoki::ObjectList keys
(_session->find(cryptoki::Attribute(CKA_CLASS)
.from<CK_OBJECT_CLASS>(CKO_PRIVATE_KEY),
id));
if (keys.size()==1) {
OPENSSL_LOG("**** found one private key");
_privateKeys = keys;
_modulus = keys[0].attribute(CKA_MODULUS).value;
_exponent = keys[0].attribute(CKA_PUBLIC_EXPONENT).value;
}
_pin = pinEntry.pin();
break;
} catch (std::exception& x) {
_pin.clear();
OPENSSL_LOG("**** ERROR"<<x.what());
QMessageBox::critical(0, QMessageBox::tr("Wrong PIN"),
QMessageBox::tr("Authentication failed,"
" please try again."));
}
}
//! @todo show certificate dialog
// std::string data(cert->attribute(CKA_VALUE).value);
// allcerts.push_back(QSslCertificate
// (QByteArray(data.data(), data.size()),
// QSsl::Der));
// if (label.value.find("auth")==0) {
// authcerts.push_back(*allcerts.rbegin());
// }
}
}
}
sslConfig.setCaCertificates(cacerts);
}
//! Was initialization successful?
operator bool() {
return !_pin.isEmpty() && _cert.get() && _session.get();
}
const openssl::X509& cert() {
return *_cert;
}
virtual EVP_PKEY* privkey(const char* id, UI_METHOD*, void*) {
EVP_PKEY* k(EVP_PKEY_new());
RSA* r(RSA_new_method(_e));
r->n = BN_bin2bn((const unsigned char*)_modulus.data(),
_modulus.size(), r->n);
r->e = BN_bin2bn((const unsigned char*)_exponent.data(),
_exponent.size(), r->e);
// otherwise OpenSSL emulates sign/verify with encrypt/decrypt
r->flags |= RSA_FLAG_SIGN_VER;
EVP_PKEY_set1_RSA(k, r);
RSA_free(r);
return k;
}
protected:
virtual const char* id() {
OPENSSL_LOG("log");
return "CryptokiEngine_ID";
}
virtual const char* name() {
OPENSSL_LOG("log");
return "CryptokiEngine_NAME";
}
virtual std::string rsaSign(const std::string& in, unsigned int type) {
std::string inModded(in);
OPENSSL_LOG("log");
OPENSSL_LOG("type="<<type);
// CK_MECHANISM_TYPE mech(0);
// switch (type) {
// case NID_idea_ecb: mech=CKM_IDEA_ECB; break;
// default: throw("unknown key mechanism");
// }
//------------------------------------------------------------ PKCS11_sign
int sigsize(openssl::BigNum(_modulus).size());
{
int ssl = ((type == NID_md5_sha1) ? 1 : 0);
unsigned char *encoded = NULL;
if (ssl) {
OPENSSL_LOG("It's SSL");
if((inModded.size() != 36) /* SHA1 + MD5 */ ||
((inModded.size() + RSA_PKCS1_PADDING_SIZE) > sigsize)) {
throw std::runtime_error("the size is wrong");
}
} else {
OPENSSL_LOG("It's not SSL");
ASN1_TYPE parameter;
parameter.type = V_ASN1_NULL;
parameter.value.ptr = 0;
X509_ALGOR algor;
algor.algorithm = OBJ_nid2obj(type);
algor.parameter = &parameter;
ASN1_STRING digest;
digest.data = (unsigned char *)inModded.data();
digest.length = inModded.size();
X509_SIG sig;
sig.algor = &algor;
sig.digest = &digest;
int size (i2d_X509_SIG(&sig, 0));
if (!algor.algorithm) throw std::runtime_error("algor wrong nid");
if (!algor.algorithm->length)
throw std::runtime_error("algor length");
if (size) throw std::runtime_error("digest size");
if (size + RSA_PKCS1_PADDING_SIZE < sigsize)
throw std::runtime_error("incompatible size");
unsigned char* buf(new unsigned char[size]);
i2d_X509_SIG(&sig, &buf);
inModded.assign((char*)buf, size);
delete[] buf;
}
}
//------------------------------------------------- PKCS11_private_encrypt
{
char padding(RSA_PKCS1_PADDING);
if ((inModded.size() + RSA_PKCS1_PADDING_SIZE) > sigsize)
throw std::runtime_error("the size is wrong");
}
//-----------------------------------------------------------------------
if (in!=inModded)
OPENSSL_LOG("changed input"<<std::endl
<<"from:"<<std::endl
<<crypto::readable(in)<<std::endl
<<"to:"<<std::endl
<<crypto::readable(inModded));
return _privateKeys[0].sign(inModded, CKM_RSA_PKCS);
}
private:
cryptoki::Init _cryptoki;
cryptoki::SlotList _slots;
std::auto_ptr<cryptoki::Session> _session;
QString _pin;
std::auto_ptr<openssl::X509> _cert;
std::string _modulus;
std::string _exponent;
cryptoki::ObjectList _privateKeys;
};
class SmartCardAuth: public QObject {
Q_OBJECT;
public:
SmartCardAuth(const QString& actlib);
~SmartCardAuth();
SmartCardAuth(const QString& lib):
_reg(e(lib)) {
qDebug()<<__PRETTY_FUNCTION__;
}
private Q_SLOTS:
void extendedContextInitialization(ssl_ctx_st*, QSslSocket*);
void extendedContextInitialization(ssl_ctx_st* ctx, QSslSocket* socket) {
qDebug()<<__PRETTY_FUNCTION__;
if (!*e()) return; // no certificate found
SSL_CTX_set_client_cert_cb(ctx, clientCert);
}
static int clientCert(SSL* ssl, X509 **x509, EVP_PKEY **pkey) {
qDebug()<<__PRETTY_FUNCTION__;
*x509 = e()->cert().lowLevelCopy();
*pkey = e()->privkey(0, 0, 0);
return 1;
}
static CryptokiEngine* e(const QString& lib = QString()) {
static CryptokiEngine* _e(new CryptokiEngine(lib.toStdString()));
return _e;
}
private:
openssl::RegisterEngine _reg;
//std::map<ssl_ctx_st*, QSslSocket*> sockets;
};

@ -381,6 +381,11 @@
<source>done.</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="browser.hxx" line="732"/>
<source>page load error.</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="browser.hxx" line="985"/>
<source>%1</source>
@ -414,63 +419,92 @@
<translation type="unfinished"></translation>
</message>
<message>
<location filename="browser.hxx" line="1086"/>
<location filename="browser.hxx" line="1095"/>
<source>Save File As ...</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="browser.hxx" line="1141"/>
<location filename="browser.hxx" line="1150"/>
<source>authentication required</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="browser.hxx" line="1153"/>
<location filename="browser.hxx" line="1162"/>
<source>ssl error</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>PinDialog</name>
<name>PinEntry</name>
<message>
<location filename="pindialog.cxx" line="8"/>
<source>Enter &amp;PIN:</source>
<location filename="pinentry.ui" line="14"/>
<source>Certificate PIN Entry</source>
<oldsource>SwissSign Pin Entry</oldsource>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pindialog.cxx" line="13"/>
<source>&amp;OK</source>
<location filename="pinentry.ui" line="26"/>
<source>Please enter your Certificate PIN to authenticate:</source>
<oldsource>Please enter your SwissSign Certificate PIN to authenticate yourself:</oldsource>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pindialog.cxx" line="16"/>
<source>&amp;Cancel</source>
<location filename="pinentry.ui" line="38"/>
<source>PIN:</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>PinEntry</name>
<message>
<location filename="pinentry.ui" line="14"/>
<source>SwissSign Pin Entry</source>
<location filename="pinentry.ui" line="57"/>
<source>Certificate Information</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="26"/>
<source>Please enter your SwissSign Certificate PIN to authenticate yourself:</source>
<location filename="pinentry.ui" line="63"/>
<source>Common Name:</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="38"/>
<source>PIN:</source>
<location filename="pinentry.ui" line="70"/>
<location filename="pinentry.ui" line="84"/>
<location filename="pinentry.ui" line="98"/>
<location filename="pinentry.ui" line="112"/>
<location filename="pinentry.ui" line="126"/>
<location filename="pinentry.ui" line="140"/>
<source>TextLabel</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="77"/>
<source>Organization:</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="91"/>
<source>E-Mail:</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="74"/>
<location filename="pinentry.ui" line="105"/>
<source>Serial</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="119"/>
<source>Expiry:</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="133"/>
<source>Issuer CA:</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="171"/>
<source>You have %1 tries left</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="84"/>
<location filename="pinentry.ui" line="181"/>
<source>&lt;!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.0//EN&quot; &quot;http://www.w3.org/TR/REC-html40/strict.dtd&quot;&gt;
&lt;html&gt;&lt;head&gt;&lt;meta name=&quot;qrichtext&quot; content=&quot;1&quot; /&gt;&lt;style type=&quot;text/css&quot;&gt;
p, li { white-space: pre-wrap; }
@ -479,6 +513,19 @@ p, li { white-space: pre-wrap; }
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>QMessageBox</name>
<message>
<location filename="smartcardauth.hxx" line="78"/>
<source>Wrong PIN</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="smartcardauth.hxx" line="79"/>
<source>Authentication failed, please try again.</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>QObject</name>
<message>
@ -532,16 +579,6 @@ Environment:
Try: %1 --help</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="smartcardauth.cxx" line="67"/>
<source>Send Authentication?</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="smartcardauth.cxx" line="68"/>
<source>Do you want to authenticate yourself to %1?</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>Settings</name>

@ -381,6 +381,11 @@
<source>done.</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="browser.hxx" line="732"/>
<source>page load error.</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="browser.hxx" line="985"/>
<source>%1</source>
@ -414,63 +419,92 @@
<translation type="unfinished"></translation>
</message>
<message>
<location filename="browser.hxx" line="1086"/>
<location filename="browser.hxx" line="1095"/>
<source>Save File As ...</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="browser.hxx" line="1141"/>
<location filename="browser.hxx" line="1150"/>
<source>authentication required</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="browser.hxx" line="1153"/>
<location filename="browser.hxx" line="1162"/>
<source>ssl error</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>PinDialog</name>
<name>PinEntry</name>
<message>
<location filename="pindialog.cxx" line="8"/>
<source>Enter &amp;PIN:</source>
<location filename="pinentry.ui" line="14"/>
<source>Certificate PIN Entry</source>
<oldsource>SwissSign Pin Entry</oldsource>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pindialog.cxx" line="13"/>
<source>&amp;OK</source>
<location filename="pinentry.ui" line="26"/>
<source>Please enter your Certificate PIN to authenticate:</source>
<oldsource>Please enter your SwissSign Certificate PIN to authenticate yourself:</oldsource>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pindialog.cxx" line="16"/>
<source>&amp;Cancel</source>
<location filename="pinentry.ui" line="38"/>
<source>PIN:</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>PinEntry</name>
<message>
<location filename="pinentry.ui" line="14"/>
<source>SwissSign Pin Entry</source>
<location filename="pinentry.ui" line="57"/>
<source>Certificate Information</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="26"/>
<source>Please enter your SwissSign Certificate PIN to authenticate yourself:</source>
<location filename="pinentry.ui" line="63"/>
<source>Common Name:</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="38"/>
<source>PIN:</source>
<location filename="pinentry.ui" line="70"/>
<location filename="pinentry.ui" line="84"/>
<location filename="pinentry.ui" line="98"/>
<location filename="pinentry.ui" line="112"/>
<location filename="pinentry.ui" line="126"/>
<location filename="pinentry.ui" line="140"/>
<source>TextLabel</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="77"/>
<source>Organization:</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="91"/>
<source>E-Mail:</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="74"/>
<location filename="pinentry.ui" line="105"/>
<source>Serial</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="119"/>
<source>Expiry:</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="133"/>
<source>Issuer CA:</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="171"/>
<source>You have %1 tries left</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="84"/>
<location filename="pinentry.ui" line="181"/>
<source>&lt;!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.0//EN&quot; &quot;http://www.w3.org/TR/REC-html40/strict.dtd&quot;&gt;
&lt;html&gt;&lt;head&gt;&lt;meta name=&quot;qrichtext&quot; content=&quot;1&quot; /&gt;&lt;style type=&quot;text/css&quot;&gt;
p, li { white-space: pre-wrap; }
@ -479,6 +513,19 @@ p, li { white-space: pre-wrap; }
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>QMessageBox</name>
<message>
<location filename="smartcardauth.hxx" line="78"/>
<source>Wrong PIN</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="smartcardauth.hxx" line="79"/>
<source>Authentication failed, please try again.</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>QObject</name>
<message>
@ -532,16 +579,6 @@ Environment:
Try: %1 --help</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="smartcardauth.cxx" line="67"/>
<source>Send Authentication?</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="smartcardauth.cxx" line="68"/>
<source>Do you want to authenticate yourself to %1?</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>Settings</name>

@ -381,6 +381,11 @@
<source>done.</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="browser.hxx" line="732"/>
<source>page load error.</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="browser.hxx" line="985"/>
<source>%1</source>
@ -414,63 +419,92 @@
<translation type="unfinished"></translation>
</message>
<message>
<location filename="browser.hxx" line="1086"/>
<location filename="browser.hxx" line="1095"/>
<source>Save File As ...</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="browser.hxx" line="1141"/>
<location filename="browser.hxx" line="1150"/>
<source>authentication required</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="browser.hxx" line="1153"/>
<location filename="browser.hxx" line="1162"/>
<source>ssl error</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>PinDialog</name>
<name>PinEntry</name>
<message>
<location filename="pindialog.cxx" line="8"/>
<source>Enter &amp;PIN:</source>
<location filename="pinentry.ui" line="14"/>
<source>Certificate PIN Entry</source>
<oldsource>SwissSign Pin Entry</oldsource>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pindialog.cxx" line="13"/>
<source>&amp;OK</source>
<location filename="pinentry.ui" line="26"/>
<source>Please enter your Certificate PIN to authenticate:</source>
<oldsource>Please enter your SwissSign Certificate PIN to authenticate yourself:</oldsource>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pindialog.cxx" line="16"/>
<source>&amp;Cancel</source>
<location filename="pinentry.ui" line="38"/>
<source>PIN:</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>PinEntry</name>
<message>
<location filename="pinentry.ui" line="14"/>
<source>SwissSign Pin Entry</source>
<location filename="pinentry.ui" line="57"/>
<source>Certificate Information</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="26"/>
<source>Please enter your SwissSign Certificate PIN to authenticate yourself:</source>
<location filename="pinentry.ui" line="63"/>
<source>Common Name:</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="38"/>
<source>PIN:</source>
<location filename="pinentry.ui" line="70"/>
<location filename="pinentry.ui" line="84"/>
<location filename="pinentry.ui" line="98"/>
<location filename="pinentry.ui" line="112"/>
<location filename="pinentry.ui" line="126"/>
<location filename="pinentry.ui" line="140"/>
<source>TextLabel</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="77"/>
<source>Organization:</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="91"/>
<source>E-Mail:</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="74"/>
<location filename="pinentry.ui" line="105"/>
<source>Serial</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="119"/>
<source>Expiry:</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="133"/>
<source>Issuer CA:</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="171"/>
<source>You have %1 tries left</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="84"/>
<location filename="pinentry.ui" line="181"/>
<source>&lt;!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.0//EN&quot; &quot;http://www.w3.org/TR/REC-html40/strict.dtd&quot;&gt;
&lt;html&gt;&lt;head&gt;&lt;meta name=&quot;qrichtext&quot; content=&quot;1&quot; /&gt;&lt;style type=&quot;text/css&quot;&gt;
p, li { white-space: pre-wrap; }
@ -479,6 +513,19 @@ p, li { white-space: pre-wrap; }
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>QMessageBox</name>
<message>
<location filename="smartcardauth.hxx" line="78"/>
<source>Wrong PIN</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="smartcardauth.hxx" line="79"/>
<source>Authentication failed, please try again.</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>QObject</name>
<message>
@ -532,16 +579,6 @@ Environment:
Try: %1 --help</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="smartcardauth.cxx" line="67"/>
<source>Send Authentication?</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="smartcardauth.cxx" line="68"/>
<source>Do you want to authenticate yourself to %1?</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>Settings</name>

@ -381,6 +381,11 @@
<source>done.</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="browser.hxx" line="732"/>
<source>page load error.</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="browser.hxx" line="985"/>
<source>%1</source>
@ -414,63 +419,92 @@
<translation type="unfinished"></translation>
</message>
<message>
<location filename="browser.hxx" line="1086"/>
<location filename="browser.hxx" line="1095"/>
<source>Save File As ...</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="browser.hxx" line="1141"/>
<location filename="browser.hxx" line="1150"/>
<source>authentication required</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="browser.hxx" line="1153"/>
<location filename="browser.hxx" line="1162"/>
<source>ssl error</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>PinDialog</name>
<name>PinEntry</name>
<message>
<location filename="pindialog.cxx" line="8"/>
<source>Enter &amp;PIN:</source>
<location filename="pinentry.ui" line="14"/>
<source>Certificate PIN Entry</source>
<oldsource>SwissSign Pin Entry</oldsource>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pindialog.cxx" line="13"/>
<source>&amp;OK</source>
<location filename="pinentry.ui" line="26"/>
<source>Please enter your Certificate PIN to authenticate:</source>
<oldsource>Please enter your SwissSign Certificate PIN to authenticate yourself:</oldsource>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pindialog.cxx" line="16"/>
<source>&amp;Cancel</source>
<location filename="pinentry.ui" line="38"/>
<source>PIN:</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>PinEntry</name>
<message>
<location filename="pinentry.ui" line="14"/>
<source>SwissSign Pin Entry</source>
<location filename="pinentry.ui" line="57"/>
<source>Certificate Information</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="26"/>
<source>Please enter your SwissSign Certificate PIN to authenticate yourself:</source>
<location filename="pinentry.ui" line="63"/>
<source>Common Name:</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="38"/>
<source>PIN:</source>
<location filename="pinentry.ui" line="70"/>
<location filename="pinentry.ui" line="84"/>
<location filename="pinentry.ui" line="98"/>
<location filename="pinentry.ui" line="112"/>
<location filename="pinentry.ui" line="126"/>
<location filename="pinentry.ui" line="140"/>
<source>TextLabel</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="77"/>
<source>Organization:</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="91"/>
<source>E-Mail:</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="74"/>
<location filename="pinentry.ui" line="105"/>
<source>Serial</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="119"/>
<source>Expiry:</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="133"/>
<source>Issuer CA:</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="171"/>
<source>You have %1 tries left</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="pinentry.ui" line="84"/>
<location filename="pinentry.ui" line="181"/>
<source>&lt;!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.0//EN&quot; &quot;http://www.w3.org/TR/REC-html40/strict.dtd&quot;&gt;
&lt;html&gt;&lt;head&gt;&lt;meta name=&quot;qrichtext&quot; content=&quot;1&quot; /&gt;&lt;style type=&quot;text/css&quot;&gt;
p, li { white-space: pre-wrap; }
@ -479,6 +513,19 @@ p, li { white-space: pre-wrap; }
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>QMessageBox</name>
<message>
<location filename="smartcardauth.hxx" line="78"/>
<source>Wrong PIN</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="smartcardauth.hxx" line="79"/>
<source>Authentication failed, please try again.</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>QObject</name>
<message>
@ -532,16 +579,6 @@ Environment:
Try: %1 --help</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="smartcardauth.cxx" line="67"/>
<source>Send Authentication?</source>
<translation type="unfinished"></translation>
</message>
<message>
<location filename="smartcardauth.cxx" line="68"/>
<source>Do you want to authenticate yourself to %1?</source>
<translation type="unfinished"></translation>
</message>
</context>
<context>
<name>Settings</name>

Loading…
Cancel
Save