예제 #1
1
파일: pki_evp.cpp 프로젝트: J-Javan/xca
void pki_evp::writePKCS8(const QString fname, const EVP_CIPHER *enc,
		pem_password_cb *cb, bool pem)
{
	EVP_PKEY *pkey;
	pass_info p(XCA_TITLE, tr("Please enter the password protecting the PKCS#8 key '%1'").arg(getIntName()));
	FILE *fp = fopen(QString2filename(fname), "w");
	if (fp != NULL) {
		if (key) {
			pkey = decryptKey();
			if (pkey) {
				if (pem)
					PEM_write_PKCS8PrivateKey(fp, pkey, enc, NULL, 0, cb, &p);
				else
					i2d_PKCS8PrivateKey_fp(fp, pkey, enc, NULL, 0, cb, &p);
				EVP_PKEY_free(pkey);
			}
		}
		fclose(fp);
		pki_openssl_error();
	} else
		fopen_error(fname);
}
예제 #2
0
파일: pki_crl.cpp 프로젝트: jbfavre/xca
void pki_crl::fload(const QString fname)
{
	FILE *fp = fopen(QString2filename(fname), "r");
	X509_CRL *_crl;
	if (fp != NULL) {
		_crl = PEM_read_X509_CRL(fp, NULL, NULL, NULL);
		if (!_crl) {
			pki_ign_openssl_error();
			rewind(fp);
			_crl = d2i_X509_CRL_fp(fp, NULL);
		}
		fclose(fp);
		if (pki_ign_openssl_error()) {
			if (_crl)
				X509_CRL_free(_crl);
			throw errorEx(tr("Unable to load the revokation list in file %1. Tried PEM and DER formatted CRL.").arg(fname));
		}
		if (crl)
			X509_CRL_free(crl);
		crl = _crl;
		setIntName(rmslashdot(fname));
		pki_openssl_error();
	} else
		fopen_error(fname);
}
예제 #3
0
파일: pki_evp.cpp 프로젝트: J-Javan/xca
void pki_evp::writeKey(const QString fname, const EVP_CIPHER *enc,
			pem_password_cb *cb, bool pem)
{
	EVP_PKEY *pkey;
	pass_info p(XCA_TITLE, tr("Please enter the export password for the private key '%1'").arg(getIntName()));
	if (isPubKey()) {
		writePublic(fname, pem);
		return;
	}
	FILE *fp = fopen(QString2filename(fname), "w");
	if (!fp) {
		fopen_error(fname);
		return;
	}
	if (key){
		pkey = decryptKey();
		if (pkey) {
			if (pem) {
				PEM_write_PrivateKey(fp, pkey, enc, NULL, 0, cb, &p);
			} else {
				i2d_PrivateKey_fp(fp, pkey);
			}
			EVP_PKEY_free(pkey);
		}
		pki_openssl_error();
	}
	fclose(fp);
}
예제 #4
0
파일: pki_pkcs12.cpp 프로젝트: jbfavre/xca
void pki_pkcs12::writePKCS12(const QString fname)
{
	Passwd pass;
	pass_info p(XCA_TITLE, tr("Please enter the password to encrypt the PKCS#12 file"));
	if (cert == NULL || key == NULL) {
		my_error(tr("No key or no Cert and no pkcs12"));
	}

	FILE *fp = fopen(QString2filename(fname), "wb");
	if (fp != NULL) {
		if (PwDialog::execute(&p, &pass, true) != 1) {
			fclose(fp);
			return;
		}
		PKCS12 *pkcs12 = PKCS12_create(pass.data(),
			getIntName().toUtf8().data(),
			key->decryptKey(),
			cert->getCert(), certstack, 0, 0, 0, 0, 0);
		i2d_PKCS12_fp(fp, pkcs12);
		fclose (fp);
		openssl_error();
		PKCS12_free(pkcs12);
	}
	else fopen_error(fname);
}
예제 #5
0
파일: pki_pkcs12.cpp 프로젝트: J-Javan/xca
pki_pkcs12::pki_pkcs12(const QString fname, pem_password_cb *cb)
	:pki_base(fname)
{
	FILE *fp;
	char pass[MAX_PASS_LENGTH];
	EVP_PKEY *mykey = NULL;
	X509 *mycert = NULL;
	key=NULL; cert=NULL;
	passcb = cb;
	class_name="pki_pkcs12";
	certstack = sk_X509_new_null();
	pass_info p(XCA_TITLE, tr("Please enter the password to decrypt the PKCS#12 file.")
		+ "\n'" + fname + "'");
	fp = fopen(QString2filename(fname), "rb");
	if (fp) {
		PKCS12 *pkcs12 = d2i_PKCS12_fp(fp, NULL);
		fclose(fp);
		if (ign_openssl_error()) {
			if (pkcs12)
				PKCS12_free(pkcs12);
			throw errorEx(tr("Unable to load the PKCS#12 (pfx) file %1.").arg(fname));
		}
		if (PKCS12_verify_mac(pkcs12, "", 0) || PKCS12_verify_mac(pkcs12, NULL, 0))
			pass[0] = '\0';
		else if (passcb(pass, MAX_PASS_LENGTH, 0, &p) < 0) {
			/* cancel pressed */
			PKCS12_free(pkcs12);
			throw errorEx("","");
		}
		PKCS12_parse(pkcs12, pass, &mykey, &mycert, &certstack);
		int error = ERR_peek_error();
		if (ERR_GET_REASON(error) == PKCS12_R_MAC_VERIFY_FAILURE) {
			ign_openssl_error();
			PKCS12_free(pkcs12);
			throw errorEx(getClassName(), tr("The supplied password was wrong (%1)").arg(ERR_reason_error_string(error)));
		}
		ign_openssl_error();
		if (mycert) {
			if (mycert->aux && mycert->aux->alias) {
				alias = asn1ToQString(mycert->aux->alias);
				alias = QString::fromUtf8(alias.toAscii());
			}
			cert = new pki_x509(mycert);
			if (alias.isEmpty()) {
				cert->autoIntName();
			} else {
				cert->setIntName(alias);
			}
			alias = cert->getIntName();
		}
		if (mykey) {
			key = new pki_evp(mykey);
			key->setIntName(alias + "_key");
			key->bogusEncryptKey();
		}
		PKCS12_free(pkcs12);
	} else
		fopen_error(fname);
}
예제 #6
0
파일: pki_pkcs7.cpp 프로젝트: chris2511/xca
void pki_pkcs7::encryptFile(pki_x509 *crt, QString filename)
{
	BIO *bio = NULL;
	bio = BIO_new_file(QString2filename(filename), "r");
        openssl_error();
	encryptBio(crt, bio);
	BIO_free(bio);
}
예제 #7
0
파일: pki_pkcs7.cpp 프로젝트: chris2511/xca
void pki_pkcs7::signFile(pki_x509 *crt, QString filename)
{
	BIO *bio;
	if (!crt)
		return;
	bio = BIO_new_file(QString2filename(filename), "r");
        openssl_error();
	signBio(crt, bio);
	BIO_free(bio);
}
예제 #8
0
파일: pki_multi.cpp 프로젝트: jbfavre/xca
void pki_multi::fload(const QString fname)
{
	FILE * fp;
	BIO *bio = NULL;

	fp = fopen(QString2filename(fname), "r");
	if (!fp) {
		fopen_error(fname);
		return;
	}
	bio = BIO_new_fp(fp, BIO_CLOSE);
	fromPEM_BIO(bio, fname);
	BIO_free(bio);
};
예제 #9
0
파일: pki_key.cpp 프로젝트: jbfavre/xca
void pki_key::writePublic(const QString fname, bool pem)
{
	FILE *fp = fopen(QString2filename(fname), "w");
	if (fp == NULL) {
		fopen_error(fname);
		return;
	}
	if (pem)
		PEM_write_PUBKEY(fp, key);
	else
		i2d_PUBKEY_fp(fp, key);

	fclose(fp);
	pki_openssl_error();
}
예제 #10
0
파일: pki_x509req.cpp 프로젝트: jbfavre/xca
void pki_x509req::writeReq(const QString fname, bool pem)
{
	FILE *fp = fopen(QString2filename(fname), "w");
	if (fp) {
		if (request){
			if (pem)
				PEM_write_X509_REQ(fp, request);
			else
				i2d_X509_REQ_fp(fp, request);
		}
		fclose(fp);
		pki_openssl_error();
	} else
		fopen_error(fname);
}
예제 #11
0
파일: pki_crl.cpp 프로젝트: jbfavre/xca
void pki_crl::writeCrl(const QString fname, bool pem)
{
	FILE *fp = fopen(QString2filename(fname), "w");
	if (fp != NULL) {
		if (crl){
			if (pem)
				PEM_write_X509_CRL(fp, crl);
			else
				i2d_X509_CRL_fp(fp, crl);
		}
		fclose(fp);
		pki_openssl_error();
	} else
		fopen_error(fname);
}
예제 #12
0
파일: MW_database.cpp 프로젝트: jbfavre/xca
int MainWindow::open_default_db()
{
	if (!dbfile.isEmpty())
		return 0;
	FILE *fp = fopen(QString2filename(getUserSettingsDir() +
					QDir::separator() + "defaultdb"), "r");
	if (!fp)
		return 0;

	char buff[256];
	size_t len = fread(buff, 1, 255, fp);
	fclose(fp);
	buff[len] = 0;
	dbfile = filename2QString(buff).trimmed();
	if (QFile::exists(dbfile))
		return init_database();
	return 0;
}
예제 #13
0
파일: MW_database.cpp 프로젝트: jbfavre/xca
void MainWindow::default_database()
{
	QFileInfo fi(dbfile);
	QString dir = getUserSettingsDir();
	FILE *fp;

	QDir d;
	d.mkpath(dir);

	fp = fopen(QString2filename(dir +QDir::separator() +"defaultdb"), "w");
	if (fp) {
		QByteArray ba;
		ba = filename2bytearray(fi.canonicalFilePath() + "\n");
		fwrite(ba.constData(), ba.size(), 1, fp);
		fclose(fp);
	}

}
예제 #14
0
파일: pki_pkcs12.cpp 프로젝트: J-Javan/xca
void pki_pkcs12::writePKCS12(const QString fname)
{
	char pass[MAX_PASS_LENGTH];
	pass_info p(XCA_TITLE, tr("Please enter the password to encrypt the PKCS#12 file"));
	if (cert == NULL || key == NULL) {
		my_error(tr("No key or no Cert and no pkcs12"));
	}

	FILE *fp = fopen(QString2filename(fname), "wb");
	if (fp != NULL) {
		passcb(pass, MAX_PASS_LENGTH, 0, &p);
		PKCS12 *pkcs12 = PKCS12_create(pass,
			getIntName().toUtf8().data(),
			key->decryptKey(),
			cert->getCert(), certstack, 0, 0, 0, 0, 0);
		i2d_PKCS12_fp(fp, pkcs12);
		openssl_error();
		fclose (fp);
		PKCS12_free(pkcs12);
	}
	else fopen_error(fname);
}
예제 #15
0
파일: pki_x509req.cpp 프로젝트: jbfavre/xca
void pki_x509req::fload(const QString fname)
{
	FILE *fp = fopen(QString2filename(fname), "r");
	X509_REQ *_req;
	int ret = 0;

	if (fp != NULL) {
		_req = PEM_read_X509_REQ(fp, NULL, NULL, NULL);
		if (!_req) {
			pki_ign_openssl_error();
			rewind(fp);
			_req = d2i_X509_REQ_fp(fp, NULL);
		}
		fclose(fp);
		// SPKAC
		if (!_req) {
			pki_ign_openssl_error();
			ret = load_spkac(fname);
		}
		if (ret || pki_ign_openssl_error()) {
			if (_req)
				X509_REQ_free(_req);
			throw errorEx(tr("Unable to load the certificate request in file %1. Tried PEM, DER and SPKAC format.").arg(fname));
		}
	} else {
		fopen_error(fname);
		return;
	}

	if (_req) {
		X509_REQ_free(request);
		request = _req;
	}
	autoIntName();
	if (getIntName().isEmpty())
		setIntName(rmslashdot(fname));
	openssl_error(fname);
}
예제 #16
0
파일: MW_database.cpp 프로젝트: jbfavre/xca
int MainWindow::init_database()
{
	int ret = 2;
	fprintf(stderr, "Opening database: %s\n", QString2filename(dbfile));
	keys = NULL; reqs = NULL; certs = NULL; temps = NULL; crls = NULL;

	certView->setRootIsDecorated(db_x509::treeview);

	try {
		ret = initPass();
		if (ret == 2)
			return ret;
		keys = new db_key(dbfile, this);
		reqs = new db_x509req(dbfile, this);
		certs = new db_x509(dbfile, this);
		temps = new db_temp(dbfile, this);
		crls = new db_crl(dbfile, this);
	}
	catch (errorEx &err) {
		Error(err);
		dbfile = "";
		return ret;
	}

	mandatory_dn = "";
	string_opt = QString("MASK:0x2002");
	ASN1_STRING_set_default_mask_asc((char*)CCHAR(string_opt));
	hashBox::resetDefault();
	pkcs11path = getDefaultPkcs11Lib();
	workingdir = QDir::currentPath();
	setOptFlags((QString()));
	try {
		pkcs11_lib p(pkcs11path);
	} catch (errorEx &e) {
		pkcs11path = QString();
	}

	connect( keys, SIGNAL(newKey(pki_key *)),
		certs, SLOT(newKey(pki_key *)) );
	connect( keys, SIGNAL(delKey(pki_key *)),
		certs, SLOT(delKey(pki_key *)) );
	connect( keys, SIGNAL(newKey(pki_key *)),
		reqs, SLOT(newKey(pki_key *)) );
	connect( keys, SIGNAL(delKey(pki_key *)),
		reqs, SLOT(delKey(pki_key *)) );

	connect( certs, SIGNAL(connNewX509(NewX509 *)), this,
		SLOT(connNewX509(NewX509 *)) );
	connect( reqs, SIGNAL(connNewX509(NewX509 *)), this,
		SLOT(connNewX509(NewX509 *)) );

	connect( reqs, SIGNAL(newCert(pki_x509req *)),
		certs, SLOT(newCert(pki_x509req *)) );
	connect( temps, SIGNAL(newCert(pki_temp *)),
		certs, SLOT(newCert(pki_temp *)) );
	connect( temps, SIGNAL(newReq(pki_temp *)),
		reqs, SLOT(newItem(pki_temp *)) );

	keyView->setIconSize(pki_evp::icon[0]->size());
	reqView->setIconSize(pki_x509req::icon[0]->size());
	certView->setIconSize(pki_x509::icon[0]->size());
	tempView->setIconSize(pki_temp::icon->size());
	crlView->setIconSize(pki_crl::icon->size());

	keyView->setModel(keys);
	reqView->setModel(reqs);
	certView->setModel(certs);
	tempView->setModel(temps);
	crlView->setModel(crls);

	try {
		db mydb(dbfile);
		char *p;
		if (!mydb.find(setting, "workingdir")) {
			if ((p = (char *)mydb.load(NULL))) {
				workingdir = p;
				free(p);
			}
		}
		mydb.first();
		if (!mydb.find(setting, "pkcs11path")) {
			if ((p = (char *)mydb.load(NULL))) {
				pkcs11path = p;
				free(p);
			}
		}
		mydb.first();
		if (!mydb.find(setting, "default_hash")) {
			if ((p = (char *)mydb.load(NULL))) {
				hashBox::setDefault(p);
				free(p);
			}
		}
		mydb.first();
		if (!mydb.find(setting, "mandatory_dn")) {
			if ((p = (char *)mydb.load(NULL))) {
				mandatory_dn = p;
				free(p);
			}
		}
		// what a stupid idea....
		mydb.first();
		if (!mydb.find(setting, "multiple_key_use")) {
			mydb.erase();
		}
		mydb.first();
		if (!mydb.find(setting, "string_opt")) {
			if ((p = (char *)mydb.load(NULL))) {
				string_opt = p;
				free(p);
			}
		}
		mydb.first();
		if (!mydb.find(setting, "suppress")) {
			if ((p = (char *)mydb.load(NULL))) {
				QString x = p;
				free(p);
				if (x == "1")
					pki_base::suppress_messages = 1;
			}
		}
		mydb.first();
		if (!mydb.find(setting, "optionflags")) {
			if ((p = (char *)mydb.load(NULL))) {
				setOptFlags((QString(p)));
				free(p);
			}
		}
		ASN1_STRING_set_default_mask_asc((char*)CCHAR(string_opt));
		mydb.first();
		if (!mydb.find(setting, "mw_geometry")) {
			db_header_t h;
			if ((p = (char *)mydb.load(&h))) {
				if (h.version == 1) {
					QByteArray ba;
					ba = QByteArray::fromRawData(p, h.len);
					int w, h, i;
					w = db::intFromData(ba);
					h = db::intFromData(ba);
					i = db::intFromData(ba);
					resize(w,h);
					if (i != -1)
						tabView->setCurrentIndex(i);
					}
				free(p);
			}
		}
	} catch (errorEx &err) {
		Error(err);
		return ret;
	}
	setWindowTitle(tr(XCA_TITLE));
	setItemEnabled(true);
	if (pki_evp::passwd.isNull())
		QMessageBox::information(this, XCA_TITLE,
			tr("Using or exporting private keys will not be possible without providing the correct password"));

	dbindex->setText(tr("Database") + ":" + dbfile);
	load_engine();
	return ret;
}
예제 #17
0
파일: pki_evp.cpp 프로젝트: J-Javan/xca
void pki_evp::fload(const QString fname)
{
	pass_info p(XCA_TITLE, qApp->translate("MainWindow",
		"Please enter the password to decrypt the private key: '%1'").
		arg(fname));
	pem_password_cb *cb = MainWindow::passRead;
	FILE *fp = fopen(QString2filename(fname), "r");
	EVP_PKEY *pkey;

	pki_ign_openssl_error();
	if (!fp) {
		fopen_error(fname);
		return;
	}
	pkey = PEM_read_PrivateKey(fp, NULL, cb, &p);
	if (!pkey) {
		if (ERR_get_error() == 0x06065064) {
			fclose(fp);
			pki_ign_openssl_error();
			throw errorEx(tr("Failed to decrypt the key (bad password) ") +
					fname, class_name);
		}
	}
	if (!pkey) {
		pki_ign_openssl_error();
		rewind(fp);
		pkey = d2i_PrivateKey_fp(fp, NULL);
	}
	if (!pkey) {
		pki_ign_openssl_error();
		rewind(fp);
		pkey = d2i_PKCS8PrivateKey_fp(fp, NULL, cb, &p);
	}
	if (!pkey) {
		PKCS8_PRIV_KEY_INFO *p8inf;
		pki_ign_openssl_error();
		rewind(fp);
		p8inf = d2i_PKCS8_PRIV_KEY_INFO_fp(fp, NULL);
		if (p8inf) {
			pkey = EVP_PKCS82PKEY(p8inf);
			PKCS8_PRIV_KEY_INFO_free(p8inf);
		}
	}
	if (!pkey) {
		pki_ign_openssl_error();
		rewind(fp);
		pkey = PEM_read_PUBKEY(fp, NULL, cb, &p);
	}
	if (!pkey) {
		pki_ign_openssl_error();
		rewind(fp);
		pkey = d2i_PUBKEY_fp(fp, NULL);
	}
	fclose(fp);
	if (pki_ign_openssl_error()) {
		if (pkey)
			EVP_PKEY_free(pkey);
		throw errorEx(tr("Unable to load the private key in file %1. Tried PEM and DER private, public and PKCS#8 key types.").arg(fname));
	}
	if (pkey){
		if (pkey->type == EVP_PKEY_EC)
			search_ec_oid(pkey->pkey.ec);
		if (key)
			EVP_PKEY_free(key);
		key = pkey;
		if (EVP_PKEY_isPrivKey(key))
			bogusEncryptKey();
		setIntName(rmslashdot(fname));
	}
}
예제 #18
0
파일: MW_database.cpp 프로젝트: bizonix/xca
int MainWindow::init_database()
{
	int ret = 2;
	qDebug("Opening database: %s", QString2filename(dbfile));
	keys = NULL; reqs = NULL; certs = NULL; temps = NULL; crls = NULL;

	Entropy::seed_rng();
	certView->setRootIsDecorated(db_x509::treeview);

	try {
		ret = initPass();
		if (ret == 2)
			return ret;
		keys = new db_key(dbfile, this);
		reqs = new db_x509req(dbfile, this);
		certs = new db_x509(dbfile, this);
		temps = new db_temp(dbfile, this);
		crls = new db_crl(dbfile, this);
		certs->updateAfterDbLoad();
	}
	catch (errorEx &err) {
		Error(err);
		dbfile = "";
		return ret;
	}

	searchEdit->setText("");
	searchEdit->show();
	statusBar()->addWidget(searchEdit, 1);
	mandatory_dn = "";
	explicit_dn = explicit_dn_default;

	string_opt = QString("MASK:0x2002");
	ASN1_STRING_set_default_mask_asc((char*)CCHAR(string_opt));
	hashBox::resetDefault();
	pkcs11path = QString();
	workingdir = QDir::currentPath();
	setOptFlags((QString()));

	connect( keys, SIGNAL(newKey(pki_key *)),
		certs, SLOT(newKey(pki_key *)) );
	connect( keys, SIGNAL(delKey(pki_key *)),
		certs, SLOT(delKey(pki_key *)) );
	connect( keys, SIGNAL(newKey(pki_key *)),
		reqs, SLOT(newKey(pki_key *)) );
	connect( keys, SIGNAL(delKey(pki_key *)),
		reqs, SLOT(delKey(pki_key *)) );

	connect( certs, SIGNAL(connNewX509(NewX509 *)), this,
		SLOT(connNewX509(NewX509 *)) );
	connect( reqs, SIGNAL(connNewX509(NewX509 *)), this,
		SLOT(connNewX509(NewX509 *)) );

	connect( reqs, SIGNAL(newCert(pki_x509req *)),
		certs, SLOT(newCert(pki_x509req *)) );
	connect( tempView, SIGNAL(newCert(pki_temp *)),
		certs, SLOT(newCert(pki_temp *)) );
	connect( tempView, SIGNAL(newReq(pki_temp *)),
		reqs, SLOT(newItem(pki_temp *)) );

	keyView->setIconSize(pki_evp::icon[0]->size());
	reqView->setIconSize(pki_x509req::icon[0]->size());
	certView->setIconSize(pki_x509::icon[0]->size());
	tempView->setIconSize(pki_temp::icon->size());
	crlView->setIconSize(pki_crl::icon->size());

	keyView->setModel(keys);
	reqView->setModel(reqs);
	certView->setModel(certs);
	tempView->setModel(temps);
	crlView->setModel(crls);
	try {
		db mydb(dbfile);

		while (mydb.find(setting, QString()) == 0) {
			QString key;
			db_header_t head;
			char *p = (char *)mydb.load(&head);
			if (!p) {
				if (mydb.next())
					break;
				continue;
			}
			key = head.name;

			if (key == "workingdir")
				workingdir = p;
			else if (key == "pkcs11path")
				pkcs11path = p;
			else if (key == "default_hash")
				hashBox::setDefault(p);
			else if (key == "mandatory_dn")
				mandatory_dn = p;
			else if (key == "explicit_dn")
				explicit_dn = p;
			/* what a stupid idea.... */
			else if (key == "multiple_key_use")
				mydb.erase();
			else if (key == "string_opt")
				string_opt = p;
			else if (key == "suppress")
				mydb.erase();
			else if (key == "optionflags1")
				setOptFlags((QString(p)));
			/* Different optionflags, since setOptFlags()
			 * does an abort() for unknown flags in
			 * older versions.   *Another stupid idea*
			 * This is for backward compatibility
			 */
			else if (key == "optionflags")
				setOptFlags_old((QString(p)));
			else if (key == "defaultkey")
				NewKey::setDefault((QString(p)));
			else if (key == "mw_geometry")
				set_geometry(p, &head);
			free(p);
			if (mydb.next())
				break;
		}
	} catch (errorEx &err) {
		Error(err);
		return ret;
	}
	ASN1_STRING_set_default_mask_asc((char*)CCHAR(string_opt));
	if (explicit_dn.isEmpty())
		explicit_dn = explicit_dn_default;
	setWindowTitle(tr(XCA_TITLE));
	setItemEnabled(true);
	if (pki_evp::passwd.isNull())
		XCA_INFO(tr("Using or exporting private keys will not be possible without providing the correct password"));

	dbindex->setText(tr("Database") + ": " + dbfile);
	load_engine();
	return ret;
}