cleanup old stuff; refs #32
Marc Wäckerlin
14 years ago
parent
9620b5e810
commit
f44ab3ec6d
2 changed files with 1 additions and 125 deletions
@ -1,124 +0,0 @@ |
|||||||
#include "smartcardauth.hxx" |
|
||||||
#include "pindialog.hxx" |
|
||||||
|
|
||||||
#include "engine_sct.h" |
|
||||||
|
|
||||||
#include <string> |
|
||||||
#include <set> |
|
||||||
#include <openssl/engine.h> |
|
||||||
|
|
||||||
#include <QtCore/QCoreApplication> |
|
||||||
#include <QtGui/QMessageBox> |
|
||||||
#include <QtCore/QDebug> |
|
||||||
/*
|
|
||||||
std::map<ssl_ctx_st*, QSslSocket*> sockets; |
|
||||||
|
|
||||||
int client_cert_cb(SSL* ssl, X509 **x509, EVP_PKEY **pkey) { |
|
||||||
|
|
||||||
// NB: Keep in mind that this function is called for EVERY SSL connection to be opened.
|
|
||||||
|
|
||||||
for(size_t i=certs_found->num_certs;i--;) |
|
||||||
{ |
|
||||||
const char *id_p = certs_found->certificate[i].id; |
|
||||||
|
|
||||||
if(id_p == NULL) continue; |
|
||||||
|
|
||||||
// Name has the format "slot-x-name-SwissSign_digSig" for the certificate/key we're looking for
|
|
||||||
std::string name(certs_found->certificate[i].name); |
|
||||||
qDebug()<<"Certificate:"<<name.c_str(); |
|
||||||
std::string compare("-name-SwissSign_digSig"); |
|
||||||
|
|
||||||
// Compare the rightmost part of the retrieved name to locate the certificate/keypair
|
|
||||||
size_t pos = name.length() - compare.length(); |
|
||||||
if(name.substr(pos) != compare) |
|
||||||
continue; |
|
||||||
|
|
||||||
// Here we found a suitable certificate.
|
|
||||||
|
|
||||||
// Now prepare the reference to the SmartCard's private key and a copy of the certificate
|
|
||||||
// to pass back to the caller.
|
|
||||||
*x509 = X509_dup(certs_found->certificate[i].cert); |
|
||||||
*pkey = NULL; |
|
||||||
|
|
||||||
// If we don't have a PIN yet, pop up a dialog, ask for a PIN and pass it along to the engine
|
|
||||||
// for usage.
|
|
||||||
if(!pin_configured) |
|
||||||
{ |
|
||||||
PinDialog dlg; |
|
||||||
int ok=dlg.exec(); |
|
||||||
if(ok!=1) {_mutex.unlock(); return 0;} // User cancelled
|
|
||||||
QByteArray pinByteArray=dlg.pin().toAscii(); |
|
||||||
char *pin_str = pinByteArray.data(); |
|
||||||
|
|
||||||
// The engine control command takes a copy and overwrites the source array
|
|
||||||
if(ENGINE_ctrl_cmd_string(e, "PIN", pin_str, 0)) |
|
||||||
pin_configured = true; |
|
||||||
else |
|
||||||
{_mutex.unlock(); return 0;} // Engine refuses to take the PIN
|
|
||||||
|
|
||||||
*pkey = ENGINE_load_private_key(e, id_p, NULL, NULL); |
|
||||||
|
|
||||||
// We do a test authorization on loading of the private key. If the operation fails at all,
|
|
||||||
// DON'T try again (see below) or we would instantly lock the card in a single session because
|
|
||||||
// of the retries!
|
|
||||||
if(!*pkey) |
|
||||||
pin_rejected = true; |
|
||||||
} |
|
||||||
|
|
||||||
// Second to nth iteration: We skipped the PIN dialog here, now load the key if we don't have the
|
|
||||||
// explicit information not to do it (because the PIN is wrong)
|
|
||||||
if(!*pkey && !pin_rejected) |
|
||||||
*pkey = ENGINE_load_private_key(e, id_p, NULL, NULL); |
|
||||||
|
|
||||||
break; |
|
||||||
} |
|
||||||
|
|
||||||
if(!*x509) { |
|
||||||
qWarning("Unable to load certificate"); |
|
||||||
_mutex.unlock();
|
|
||||||
return 0; |
|
||||||
} |
|
||||||
|
|
||||||
if(!*pkey) { |
|
||||||
qWarning("Unable to load key"); |
|
||||||
_mutex.unlock();
|
|
||||||
return 0; |
|
||||||
} |
|
||||||
|
|
||||||
_mutex.unlock(); |
|
||||||
return 1; |
|
||||||
} |
|
||||||
/*
|
|
||||||
/*
|
|
||||||
void SmartCardAuth::extendedContextInitialization(ssl_ctx_st *ctx, |
|
||||||
QSslSocket *socket) |
|
||||||
{
|
|
||||||
if (!e) return; |
|
||||||
bool result = false; |
|
||||||
|
|
||||||
if(!certs_found) |
|
||||||
result = (ENGINE_ctrl_cmd(e, "ENUM_CERTS", 0, &certs_found, NULL, 0) != 0); |
|
||||||
else |
|
||||||
result = true; |
|
||||||
|
|
||||||
#ifdef USE_CERTIFICATE_FILE |
|
||||||
// Load a specific intermediate certificate from a file
|
|
||||||
//! @todo PEM-File
|
|
||||||
BIO* cert_file= BIO_new_file("swsign_interm.pem", "r"); |
|
||||||
X509* interm=PEM_read_bio_X509(cert_file,NULL,NULL, NULL); |
|
||||||
BIO_free(cert_file); |
|
||||||
|
|
||||||
SSL_CTX_add_extra_chain_cert(ctx,interm); |
|
||||||
#else |
|
||||||
// Add all of the card's certificates without a private key as intermediate certs
|
|
||||||
for(size_t i=certs_found->num_certs;i--;) |
|
||||||
{ |
|
||||||
if(certs_found->certificate[i].id == NULL) |
|
||||||
SSL_CTX_add_extra_chain_cert(ctx, X509_dup(certs_found->certificate[i].cert)); |
|
||||||
} |
|
||||||
#endif |
|
||||||
|
|
||||||
sockets[ctx] = socket; |
|
||||||
SSL_CTX_set_client_cert_cb(ctx, client_cert_cb); |
|
||||||
} |
|
||||||
*/ |
|
||||||
Loading…
Reference in new issue