cleanup old stuff; refs #32
This commit is contained in:
Marc Wäckerlin
@@ -20,7 +20,7 @@ TRANSLATIONS = @PACKAGENAME@_en.ts \
|
|||||||
@PACKAGENAME@_fr.ts \
|
@PACKAGENAME@_fr.ts \
|
||||||
@PACKAGENAME@_it.ts
|
@PACKAGENAME@_it.ts
|
||||||
|
|
||||||
SOURCES = main.cxx smartcardauth.cxx webpage.cxx
|
SOURCES = main.cxx webpage.cxx
|
||||||
|
|
||||||
HEADERS = browser.hxx smartcardauth.hxx pinentry.hxx \
|
HEADERS = browser.hxx smartcardauth.hxx pinentry.hxx \
|
||||||
downloadmanager.hxx settings.hxx sslclientnetworkmanager.hxx \
|
downloadmanager.hxx settings.hxx sslclientnetworkmanager.hxx \
|
||||||
|
|||||||
@@ -1,124 +0,0 @@
|
|||||||
#include "smartcardauth.hxx"
|
|
||||||
#include "pindialog.hxx"
|
|
||||||
|
|
||||||
#include "engine_sct.h"
|
|
||||||
|
|
||||||
#include <string>
|
|
||||||
#include <set>
|
|
||||||
#include <openssl/engine.h>
|
|
||||||
|
|
||||||
#include <QtCore/QCoreApplication>
|
|
||||||
#include <QtGui/QMessageBox>
|
|
||||||
#include <QtCore/QDebug>
|
|
||||||
/*
|
|
||||||
std::map<ssl_ctx_st*, QSslSocket*> sockets;
|
|
||||||
|
|
||||||
int client_cert_cb(SSL* ssl, X509 **x509, EVP_PKEY **pkey) {
|
|
||||||
|
|
||||||
// NB: Keep in mind that this function is called for EVERY SSL connection to be opened.
|
|
||||||
|
|
||||||
for(size_t i=certs_found->num_certs;i--;)
|
|
||||||
{
|
|
||||||
const char *id_p = certs_found->certificate[i].id;
|
|
||||||
|
|
||||||
if(id_p == NULL) continue;
|
|
||||||
|
|
||||||
// Name has the format "slot-x-name-SwissSign_digSig" for the certificate/key we're looking for
|
|
||||||
std::string name(certs_found->certificate[i].name);
|
|
||||||
qDebug()<<"Certificate:"<<name.c_str();
|
|
||||||
std::string compare("-name-SwissSign_digSig");
|
|
||||||
|
|
||||||
// Compare the rightmost part of the retrieved name to locate the certificate/keypair
|
|
||||||
size_t pos = name.length() - compare.length();
|
|
||||||
if(name.substr(pos) != compare)
|
|
||||||
continue;
|
|
||||||
|
|
||||||
// Here we found a suitable certificate.
|
|
||||||
|
|
||||||
// Now prepare the reference to the SmartCard's private key and a copy of the certificate
|
|
||||||
// to pass back to the caller.
|
|
||||||
*x509 = X509_dup(certs_found->certificate[i].cert);
|
|
||||||
*pkey = NULL;
|
|
||||||
|
|
||||||
// If we don't have a PIN yet, pop up a dialog, ask for a PIN and pass it along to the engine
|
|
||||||
// for usage.
|
|
||||||
if(!pin_configured)
|
|
||||||
{
|
|
||||||
PinDialog dlg;
|
|
||||||
int ok=dlg.exec();
|
|
||||||
if(ok!=1) {_mutex.unlock(); return 0;} // User cancelled
|
|
||||||
QByteArray pinByteArray=dlg.pin().toAscii();
|
|
||||||
char *pin_str = pinByteArray.data();
|
|
||||||
|
|
||||||
// The engine control command takes a copy and overwrites the source array
|
|
||||||
if(ENGINE_ctrl_cmd_string(e, "PIN", pin_str, 0))
|
|
||||||
pin_configured = true;
|
|
||||||
else
|
|
||||||
{_mutex.unlock(); return 0;} // Engine refuses to take the PIN
|
|
||||||
|
|
||||||
*pkey = ENGINE_load_private_key(e, id_p, NULL, NULL);
|
|
||||||
|
|
||||||
// We do a test authorization on loading of the private key. If the operation fails at all,
|
|
||||||
// DON'T try again (see below) or we would instantly lock the card in a single session because
|
|
||||||
// of the retries!
|
|
||||||
if(!*pkey)
|
|
||||||
pin_rejected = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Second to nth iteration: We skipped the PIN dialog here, now load the key if we don't have the
|
|
||||||
// explicit information not to do it (because the PIN is wrong)
|
|
||||||
if(!*pkey && !pin_rejected)
|
|
||||||
*pkey = ENGINE_load_private_key(e, id_p, NULL, NULL);
|
|
||||||
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!*x509) {
|
|
||||||
qWarning("Unable to load certificate");
|
|
||||||
_mutex.unlock();
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!*pkey) {
|
|
||||||
qWarning("Unable to load key");
|
|
||||||
_mutex.unlock();
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
_mutex.unlock();
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
/*
|
|
||||||
/*
|
|
||||||
void SmartCardAuth::extendedContextInitialization(ssl_ctx_st *ctx,
|
|
||||||
QSslSocket *socket)
|
|
||||||
{
|
|
||||||
if (!e) return;
|
|
||||||
bool result = false;
|
|
||||||
|
|
||||||
if(!certs_found)
|
|
||||||
result = (ENGINE_ctrl_cmd(e, "ENUM_CERTS", 0, &certs_found, NULL, 0) != 0);
|
|
||||||
else
|
|
||||||
result = true;
|
|
||||||
|
|
||||||
#ifdef USE_CERTIFICATE_FILE
|
|
||||||
// Load a specific intermediate certificate from a file
|
|
||||||
//! @todo PEM-File
|
|
||||||
BIO* cert_file= BIO_new_file("swsign_interm.pem", "r");
|
|
||||||
X509* interm=PEM_read_bio_X509(cert_file,NULL,NULL, NULL);
|
|
||||||
BIO_free(cert_file);
|
|
||||||
|
|
||||||
SSL_CTX_add_extra_chain_cert(ctx,interm);
|
|
||||||
#else
|
|
||||||
// Add all of the card's certificates without a private key as intermediate certs
|
|
||||||
for(size_t i=certs_found->num_certs;i--;)
|
|
||||||
{
|
|
||||||
if(certs_found->certificate[i].id == NULL)
|
|
||||||
SSL_CTX_add_extra_chain_cert(ctx, X509_dup(certs_found->certificate[i].cert));
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
sockets[ctx] = socket;
|
|
||||||
SSL_CTX_set_client_cert_cb(ctx, client_cert_cb);
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
Reference in New Issue
Block a user