bool QgsAuthPkcs12Edit::validateConfig()
{
// required components
QString bundlepath( lePkcs12Bundle->text() );
bool bundlefound = QFile::exists( bundlepath );
QgsAuthGuiUtils::fileFound( bundlepath.isEmpty() || bundlefound, lePkcs12Bundle );
if ( !bundlefound )
{
writePkiMessage( lePkcs12Msg, tr( "Missing components" ), Invalid );
return validityChange( false );
}
if ( !QCA::isSupported( "pkcs12" ) )
{
writePkiMessage( lePkcs12Msg, tr( "QCA library has no PKCS#12 support" ), Invalid );
return validityChange( false );
}
// load the bundle
QCA::SecureArray passarray;
if ( !lePkcs12KeyPass->text().isEmpty() )
passarray = QCA::SecureArray( lePkcs12KeyPass->text().toUtf8() );
QCA::ConvertResult res;
QCA::KeyBundle bundle( QCA::KeyBundle::fromFile( bundlepath, passarray, &res, QString( "qca-ossl" ) ) );
if ( res == QCA::ErrorFile )
{
writePkiMessage( lePkcs12Msg, tr( "Failed to read bundle file" ), Invalid );
return validityChange( false );
}
else if ( res == QCA::ErrorPassphrase )
{
writePkiMessage( lePkcs12Msg, tr( "Incorrect bundle password" ), Invalid );
lePkcs12KeyPass->setPlaceholderText( QString( "Required passphrase" ) );
return validityChange( false );
}
else if ( res == QCA::ErrorDecode )
{
writePkiMessage( lePkcs12Msg, tr( "Failed to decode (try entering password)" ), Invalid );
return validityChange( false );
}
if ( bundle.isNull() )
{
writePkiMessage( lePkcs12Msg, tr( "Bundle empty or can not be loaded" ), Invalid );
return validityChange( false );
}
// check for primary cert and that it is valid
QCA::Certificate cert( bundle.certificateChain().primary() );
if ( cert.isNull() )
{
writePkiMessage( lePkcs12Msg, tr( "Bundle client cert can not be loaded" ), Invalid );
return validityChange( false );
}
// TODO: add more robust validation, including cert chain resolution
QDateTime startdate( cert.notValidBefore() );
QDateTime enddate( cert.notValidAfter() );
QDateTime now( QDateTime::currentDateTime() );
bool bundlevalid = ( now >= startdate && now <= enddate );
writePkiMessage( lePkcs12Msg,
tr( "%1 thru %2" ).arg( startdate.toString() ).arg( enddate.toString() ),
( bundlevalid ? Valid : Invalid ) );
return validityChange( bundlevalid );
}
bool QgsAuthPkiPathsEdit::validateConfig()
{
// required components
QString certpath( lePkiPathsCert->text() );
QString keypath( lePkiPathsKey->text() );
bool certfound = QFile::exists( certpath );
bool keyfound = QFile::exists( keypath );
QgsAuthGuiUtils::fileFound( certpath.isEmpty() || certfound, lePkiPathsCert );
QgsAuthGuiUtils::fileFound( keypath.isEmpty() || keyfound, lePkiPathsKey );
if ( !certfound || !keyfound )
{
writePkiMessage( lePkiPathsMsg, tr( "Missing components" ), Invalid );
return validityChange( false );
}
// check for issue date validity, then notify status
QSslCertificate cert;
QFile file( certpath );
QFileInfo fileinfo( file );
QString ext( fileinfo.fileName().replace( fileinfo.completeBaseName(), "" ).toLower() );
if ( ext.isEmpty() )
{
writePkiMessage( lePkiPathsMsg, tr( "Certificate file has no extension" ), Invalid );
return validityChange( false );
}
QFile::OpenMode openflags( QIODevice::ReadOnly );
QSsl::EncodingFormat encformat( QSsl::Der );
if ( ext == ".pem" )
{
openflags |= QIODevice::Text;
encformat = QSsl::Pem;
}
if ( file.open( openflags ) )
{
cert = QSslCertificate( file.readAll(), encformat );
file.close();
}
else
{
writePkiMessage( lePkiPathsMsg, tr( "Failed to read certificate file" ), Invalid );
return validityChange( false );
}
if ( cert.isNull() )
{
writePkiMessage( lePkiPathsMsg, tr( "Failed to load certificate from file" ), Invalid );
return validityChange( false );
}
bool certvalid = cert.isValid();
QDateTime startdate( cert.effectiveDate() );
QDateTime enddate( cert.expiryDate() );
writePkiMessage( lePkiPathsMsg,
tr( "%1 thru %2" ).arg( startdate.toString(), enddate.toString() ),
( certvalid ? Valid : Invalid ) );
return validityChange( certvalid );
}
