Esempio n. 1
0
const QgsPkiBundle QgsPkiBundle::fromPemPaths( const QString &certPath,
    const QString &keyPath,
    const QString &keyPass,
    const QList<QSslCertificate> &caChain )
{
  QgsPkiBundle pkibundle;
  if ( !certPath.isEmpty() && !keyPath.isEmpty()
       && ( certPath.endsWith( QLatin1String( ".pem" ), Qt::CaseInsensitive )
            || certPath.endsWith( QLatin1String( ".der" ), Qt::CaseInsensitive ) )
       && ( keyPath.endsWith( QLatin1String( ".pem" ), Qt::CaseInsensitive )
            || keyPath.endsWith( QLatin1String( ".der" ), Qt::CaseInsensitive ) )
       && QFile::exists( certPath ) && QFile::exists( keyPath )
     )
  {
    // client cert
    bool pem = certPath.endsWith( QLatin1String( ".pem" ), Qt::CaseInsensitive );
    QSslCertificate clientcert( fileData_( certPath, pem ), pem ? QSsl::Pem : QSsl::Der );
    pkibundle.setClientCert( clientcert );

    // client key
    bool pem_key = keyPath.endsWith( QLatin1String( ".pem" ), Qt::CaseInsensitive );
    QByteArray keydata( fileData_( keyPath, pem_key ) );

    QSslKey clientkey;
    clientkey = QSslKey( keydata,
                         QSsl::Rsa,
                         pem_key ? QSsl::Pem : QSsl::Der,
                         QSsl::PrivateKey,
                         !keyPass.isNull() ? keyPass.toUtf8() : QByteArray() );
    if ( clientkey.isNull() )
    {
      // try DSA algorithm, since Qt can't seem to determine it otherwise
      clientkey = QSslKey( keydata,
                           QSsl::Dsa,
                           pem_key ? QSsl::Pem : QSsl::Der,
                           QSsl::PrivateKey,
                           !keyPass.isNull() ? keyPass.toUtf8() : QByteArray() );
    }
    pkibundle.setClientKey( clientkey );
    if ( !caChain.isEmpty() )
    {
      pkibundle.setCaChain( caChain );
    }
  }
  return pkibundle;
}
Esempio n. 2
0
const QgsPkiBundle QgsPkiBundle::fromPkcs12Paths( const QString &bundlepath,
    const QString &bundlepass )
{
  QgsPkiBundle pkibundle;
  if ( QCA::isSupported( "pkcs12" )
       && !bundlepath.isEmpty()
       && ( bundlepath.endsWith( QLatin1String( ".p12" ), Qt::CaseInsensitive )
            || bundlepath.endsWith( QLatin1String( ".pfx" ), Qt::CaseInsensitive ) )
       && QFile::exists( bundlepath ) )
  {
    QCA::SecureArray passarray;
    if ( !bundlepass.isNull() )
      passarray = QCA::SecureArray( bundlepass.toUtf8() );
    QCA::ConvertResult res;
    QCA::KeyBundle bundle( QCA::KeyBundle::fromFile( bundlepath, passarray, &res, QStringLiteral( "qca-ossl" ) ) );
    if ( res == QCA::ConvertGood && !bundle.isNull() )
    {
      const QCA::CertificateChain cert_chain( bundle.certificateChain() );
      QSslCertificate cert( cert_chain.primary().toPEM().toLatin1() );
      if ( !cert.isNull() )
      {
        pkibundle.setClientCert( cert );
      }
      QSslKey cert_key( bundle.privateKey().toPEM().toLatin1(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey, QByteArray() );
      if ( !cert_key.isNull() )
      {
        pkibundle.setClientKey( cert_key );
      }

      if ( cert_chain.size() > 1 )
      {
        QList<QSslCertificate> ca_chain;
        for ( const auto &ca_cert : cert_chain )
        {
          if ( ca_cert != cert_chain.primary() )
          {
            ca_chain << QSslCertificate( ca_cert.toPEM().toLatin1() );
          }
        }
        pkibundle.setCaChain( ca_chain );
      }

    }
  }
  return pkibundle;
}