void pki_evp::writePKCS8(const QString fname, const EVP_CIPHER *enc, pem_password_cb *cb, bool pem) { EVP_PKEY *pkey; pass_info p(XCA_TITLE, tr("Please enter the password protecting the PKCS#8 key '%1'").arg(getIntName())); FILE *fp = fopen(QString2filename(fname), "w"); if (fp != NULL) { if (key) { pkey = decryptKey(); if (pkey) { if (pem) PEM_write_PKCS8PrivateKey(fp, pkey, enc, NULL, 0, cb, &p); else i2d_PKCS8PrivateKey_fp(fp, pkey, enc, NULL, 0, cb, &p); EVP_PKEY_free(pkey); } } fclose(fp); pki_openssl_error(); } else fopen_error(fname); }
void pki_crl::fload(const QString fname) { FILE *fp = fopen(QString2filename(fname), "r"); X509_CRL *_crl; if (fp != NULL) { _crl = PEM_read_X509_CRL(fp, NULL, NULL, NULL); if (!_crl) { pki_ign_openssl_error(); rewind(fp); _crl = d2i_X509_CRL_fp(fp, NULL); } fclose(fp); if (pki_ign_openssl_error()) { if (_crl) X509_CRL_free(_crl); throw errorEx(tr("Unable to load the revokation list in file %1. Tried PEM and DER formatted CRL.").arg(fname)); } if (crl) X509_CRL_free(crl); crl = _crl; setIntName(rmslashdot(fname)); pki_openssl_error(); } else fopen_error(fname); }
void pki_evp::writeKey(const QString fname, const EVP_CIPHER *enc, pem_password_cb *cb, bool pem) { EVP_PKEY *pkey; pass_info p(XCA_TITLE, tr("Please enter the export password for the private key '%1'").arg(getIntName())); if (isPubKey()) { writePublic(fname, pem); return; } FILE *fp = fopen(QString2filename(fname), "w"); if (!fp) { fopen_error(fname); return; } if (key){ pkey = decryptKey(); if (pkey) { if (pem) { PEM_write_PrivateKey(fp, pkey, enc, NULL, 0, cb, &p); } else { i2d_PrivateKey_fp(fp, pkey); } EVP_PKEY_free(pkey); } pki_openssl_error(); } fclose(fp); }
void pki_pkcs12::writePKCS12(const QString fname) { Passwd pass; pass_info p(XCA_TITLE, tr("Please enter the password to encrypt the PKCS#12 file")); if (cert == NULL || key == NULL) { my_error(tr("No key or no Cert and no pkcs12")); } FILE *fp = fopen(QString2filename(fname), "wb"); if (fp != NULL) { if (PwDialog::execute(&p, &pass, true) != 1) { fclose(fp); return; } PKCS12 *pkcs12 = PKCS12_create(pass.data(), getIntName().toUtf8().data(), key->decryptKey(), cert->getCert(), certstack, 0, 0, 0, 0, 0); i2d_PKCS12_fp(fp, pkcs12); fclose (fp); openssl_error(); PKCS12_free(pkcs12); } else fopen_error(fname); }
pki_pkcs12::pki_pkcs12(const QString fname, pem_password_cb *cb) :pki_base(fname) { FILE *fp; char pass[MAX_PASS_LENGTH]; EVP_PKEY *mykey = NULL; X509 *mycert = NULL; key=NULL; cert=NULL; passcb = cb; class_name="pki_pkcs12"; certstack = sk_X509_new_null(); pass_info p(XCA_TITLE, tr("Please enter the password to decrypt the PKCS#12 file.") + "\n'" + fname + "'"); fp = fopen(QString2filename(fname), "rb"); if (fp) { PKCS12 *pkcs12 = d2i_PKCS12_fp(fp, NULL); fclose(fp); if (ign_openssl_error()) { if (pkcs12) PKCS12_free(pkcs12); throw errorEx(tr("Unable to load the PKCS#12 (pfx) file %1.").arg(fname)); } if (PKCS12_verify_mac(pkcs12, "", 0) || PKCS12_verify_mac(pkcs12, NULL, 0)) pass[0] = '\0'; else if (passcb(pass, MAX_PASS_LENGTH, 0, &p) < 0) { /* cancel pressed */ PKCS12_free(pkcs12); throw errorEx("",""); } PKCS12_parse(pkcs12, pass, &mykey, &mycert, &certstack); int error = ERR_peek_error(); if (ERR_GET_REASON(error) == PKCS12_R_MAC_VERIFY_FAILURE) { ign_openssl_error(); PKCS12_free(pkcs12); throw errorEx(getClassName(), tr("The supplied password was wrong (%1)").arg(ERR_reason_error_string(error))); } ign_openssl_error(); if (mycert) { if (mycert->aux && mycert->aux->alias) { alias = asn1ToQString(mycert->aux->alias); alias = QString::fromUtf8(alias.toAscii()); } cert = new pki_x509(mycert); if (alias.isEmpty()) { cert->autoIntName(); } else { cert->setIntName(alias); } alias = cert->getIntName(); } if (mykey) { key = new pki_evp(mykey); key->setIntName(alias + "_key"); key->bogusEncryptKey(); } PKCS12_free(pkcs12); } else fopen_error(fname); }
void pki_pkcs7::encryptFile(pki_x509 *crt, QString filename) { BIO *bio = NULL; bio = BIO_new_file(QString2filename(filename), "r"); openssl_error(); encryptBio(crt, bio); BIO_free(bio); }
void pki_pkcs7::signFile(pki_x509 *crt, QString filename) { BIO *bio; if (!crt) return; bio = BIO_new_file(QString2filename(filename), "r"); openssl_error(); signBio(crt, bio); BIO_free(bio); }
void pki_multi::fload(const QString fname) { FILE * fp; BIO *bio = NULL; fp = fopen(QString2filename(fname), "r"); if (!fp) { fopen_error(fname); return; } bio = BIO_new_fp(fp, BIO_CLOSE); fromPEM_BIO(bio, fname); BIO_free(bio); };
void pki_key::writePublic(const QString fname, bool pem) { FILE *fp = fopen(QString2filename(fname), "w"); if (fp == NULL) { fopen_error(fname); return; } if (pem) PEM_write_PUBKEY(fp, key); else i2d_PUBKEY_fp(fp, key); fclose(fp); pki_openssl_error(); }
void pki_x509req::writeReq(const QString fname, bool pem) { FILE *fp = fopen(QString2filename(fname), "w"); if (fp) { if (request){ if (pem) PEM_write_X509_REQ(fp, request); else i2d_X509_REQ_fp(fp, request); } fclose(fp); pki_openssl_error(); } else fopen_error(fname); }
void pki_crl::writeCrl(const QString fname, bool pem) { FILE *fp = fopen(QString2filename(fname), "w"); if (fp != NULL) { if (crl){ if (pem) PEM_write_X509_CRL(fp, crl); else i2d_X509_CRL_fp(fp, crl); } fclose(fp); pki_openssl_error(); } else fopen_error(fname); }
int MainWindow::open_default_db() { if (!dbfile.isEmpty()) return 0; FILE *fp = fopen(QString2filename(getUserSettingsDir() + QDir::separator() + "defaultdb"), "r"); if (!fp) return 0; char buff[256]; size_t len = fread(buff, 1, 255, fp); fclose(fp); buff[len] = 0; dbfile = filename2QString(buff).trimmed(); if (QFile::exists(dbfile)) return init_database(); return 0; }
void MainWindow::default_database() { QFileInfo fi(dbfile); QString dir = getUserSettingsDir(); FILE *fp; QDir d; d.mkpath(dir); fp = fopen(QString2filename(dir +QDir::separator() +"defaultdb"), "w"); if (fp) { QByteArray ba; ba = filename2bytearray(fi.canonicalFilePath() + "\n"); fwrite(ba.constData(), ba.size(), 1, fp); fclose(fp); } }
void pki_pkcs12::writePKCS12(const QString fname) { char pass[MAX_PASS_LENGTH]; pass_info p(XCA_TITLE, tr("Please enter the password to encrypt the PKCS#12 file")); if (cert == NULL || key == NULL) { my_error(tr("No key or no Cert and no pkcs12")); } FILE *fp = fopen(QString2filename(fname), "wb"); if (fp != NULL) { passcb(pass, MAX_PASS_LENGTH, 0, &p); PKCS12 *pkcs12 = PKCS12_create(pass, getIntName().toUtf8().data(), key->decryptKey(), cert->getCert(), certstack, 0, 0, 0, 0, 0); i2d_PKCS12_fp(fp, pkcs12); openssl_error(); fclose (fp); PKCS12_free(pkcs12); } else fopen_error(fname); }
void pki_x509req::fload(const QString fname) { FILE *fp = fopen(QString2filename(fname), "r"); X509_REQ *_req; int ret = 0; if (fp != NULL) { _req = PEM_read_X509_REQ(fp, NULL, NULL, NULL); if (!_req) { pki_ign_openssl_error(); rewind(fp); _req = d2i_X509_REQ_fp(fp, NULL); } fclose(fp); // SPKAC if (!_req) { pki_ign_openssl_error(); ret = load_spkac(fname); } if (ret || pki_ign_openssl_error()) { if (_req) X509_REQ_free(_req); throw errorEx(tr("Unable to load the certificate request in file %1. Tried PEM, DER and SPKAC format.").arg(fname)); } } else { fopen_error(fname); return; } if (_req) { X509_REQ_free(request); request = _req; } autoIntName(); if (getIntName().isEmpty()) setIntName(rmslashdot(fname)); openssl_error(fname); }
int MainWindow::init_database() { int ret = 2; fprintf(stderr, "Opening database: %s\n", QString2filename(dbfile)); keys = NULL; reqs = NULL; certs = NULL; temps = NULL; crls = NULL; certView->setRootIsDecorated(db_x509::treeview); try { ret = initPass(); if (ret == 2) return ret; keys = new db_key(dbfile, this); reqs = new db_x509req(dbfile, this); certs = new db_x509(dbfile, this); temps = new db_temp(dbfile, this); crls = new db_crl(dbfile, this); } catch (errorEx &err) { Error(err); dbfile = ""; return ret; } mandatory_dn = ""; string_opt = QString("MASK:0x2002"); ASN1_STRING_set_default_mask_asc((char*)CCHAR(string_opt)); hashBox::resetDefault(); pkcs11path = getDefaultPkcs11Lib(); workingdir = QDir::currentPath(); setOptFlags((QString())); try { pkcs11_lib p(pkcs11path); } catch (errorEx &e) { pkcs11path = QString(); } connect( keys, SIGNAL(newKey(pki_key *)), certs, SLOT(newKey(pki_key *)) ); connect( keys, SIGNAL(delKey(pki_key *)), certs, SLOT(delKey(pki_key *)) ); connect( keys, SIGNAL(newKey(pki_key *)), reqs, SLOT(newKey(pki_key *)) ); connect( keys, SIGNAL(delKey(pki_key *)), reqs, SLOT(delKey(pki_key *)) ); connect( certs, SIGNAL(connNewX509(NewX509 *)), this, SLOT(connNewX509(NewX509 *)) ); connect( reqs, SIGNAL(connNewX509(NewX509 *)), this, SLOT(connNewX509(NewX509 *)) ); connect( reqs, SIGNAL(newCert(pki_x509req *)), certs, SLOT(newCert(pki_x509req *)) ); connect( temps, SIGNAL(newCert(pki_temp *)), certs, SLOT(newCert(pki_temp *)) ); connect( temps, SIGNAL(newReq(pki_temp *)), reqs, SLOT(newItem(pki_temp *)) ); keyView->setIconSize(pki_evp::icon[0]->size()); reqView->setIconSize(pki_x509req::icon[0]->size()); certView->setIconSize(pki_x509::icon[0]->size()); tempView->setIconSize(pki_temp::icon->size()); crlView->setIconSize(pki_crl::icon->size()); keyView->setModel(keys); reqView->setModel(reqs); certView->setModel(certs); tempView->setModel(temps); crlView->setModel(crls); try { db mydb(dbfile); char *p; if (!mydb.find(setting, "workingdir")) { if ((p = (char *)mydb.load(NULL))) { workingdir = p; free(p); } } mydb.first(); if (!mydb.find(setting, "pkcs11path")) { if ((p = (char *)mydb.load(NULL))) { pkcs11path = p; free(p); } } mydb.first(); if (!mydb.find(setting, "default_hash")) { if ((p = (char *)mydb.load(NULL))) { hashBox::setDefault(p); free(p); } } mydb.first(); if (!mydb.find(setting, "mandatory_dn")) { if ((p = (char *)mydb.load(NULL))) { mandatory_dn = p; free(p); } } // what a stupid idea.... mydb.first(); if (!mydb.find(setting, "multiple_key_use")) { mydb.erase(); } mydb.first(); if (!mydb.find(setting, "string_opt")) { if ((p = (char *)mydb.load(NULL))) { string_opt = p; free(p); } } mydb.first(); if (!mydb.find(setting, "suppress")) { if ((p = (char *)mydb.load(NULL))) { QString x = p; free(p); if (x == "1") pki_base::suppress_messages = 1; } } mydb.first(); if (!mydb.find(setting, "optionflags")) { if ((p = (char *)mydb.load(NULL))) { setOptFlags((QString(p))); free(p); } } ASN1_STRING_set_default_mask_asc((char*)CCHAR(string_opt)); mydb.first(); if (!mydb.find(setting, "mw_geometry")) { db_header_t h; if ((p = (char *)mydb.load(&h))) { if (h.version == 1) { QByteArray ba; ba = QByteArray::fromRawData(p, h.len); int w, h, i; w = db::intFromData(ba); h = db::intFromData(ba); i = db::intFromData(ba); resize(w,h); if (i != -1) tabView->setCurrentIndex(i); } free(p); } } } catch (errorEx &err) { Error(err); return ret; } setWindowTitle(tr(XCA_TITLE)); setItemEnabled(true); if (pki_evp::passwd.isNull()) QMessageBox::information(this, XCA_TITLE, tr("Using or exporting private keys will not be possible without providing the correct password")); dbindex->setText(tr("Database") + ":" + dbfile); load_engine(); return ret; }
void pki_evp::fload(const QString fname) { pass_info p(XCA_TITLE, qApp->translate("MainWindow", "Please enter the password to decrypt the private key: '%1'"). arg(fname)); pem_password_cb *cb = MainWindow::passRead; FILE *fp = fopen(QString2filename(fname), "r"); EVP_PKEY *pkey; pki_ign_openssl_error(); if (!fp) { fopen_error(fname); return; } pkey = PEM_read_PrivateKey(fp, NULL, cb, &p); if (!pkey) { if (ERR_get_error() == 0x06065064) { fclose(fp); pki_ign_openssl_error(); throw errorEx(tr("Failed to decrypt the key (bad password) ") + fname, class_name); } } if (!pkey) { pki_ign_openssl_error(); rewind(fp); pkey = d2i_PrivateKey_fp(fp, NULL); } if (!pkey) { pki_ign_openssl_error(); rewind(fp); pkey = d2i_PKCS8PrivateKey_fp(fp, NULL, cb, &p); } if (!pkey) { PKCS8_PRIV_KEY_INFO *p8inf; pki_ign_openssl_error(); rewind(fp); p8inf = d2i_PKCS8_PRIV_KEY_INFO_fp(fp, NULL); if (p8inf) { pkey = EVP_PKCS82PKEY(p8inf); PKCS8_PRIV_KEY_INFO_free(p8inf); } } if (!pkey) { pki_ign_openssl_error(); rewind(fp); pkey = PEM_read_PUBKEY(fp, NULL, cb, &p); } if (!pkey) { pki_ign_openssl_error(); rewind(fp); pkey = d2i_PUBKEY_fp(fp, NULL); } fclose(fp); if (pki_ign_openssl_error()) { if (pkey) EVP_PKEY_free(pkey); throw errorEx(tr("Unable to load the private key in file %1. Tried PEM and DER private, public and PKCS#8 key types.").arg(fname)); } if (pkey){ if (pkey->type == EVP_PKEY_EC) search_ec_oid(pkey->pkey.ec); if (key) EVP_PKEY_free(key); key = pkey; if (EVP_PKEY_isPrivKey(key)) bogusEncryptKey(); setIntName(rmslashdot(fname)); } }
int MainWindow::init_database() { int ret = 2; qDebug("Opening database: %s", QString2filename(dbfile)); keys = NULL; reqs = NULL; certs = NULL; temps = NULL; crls = NULL; Entropy::seed_rng(); certView->setRootIsDecorated(db_x509::treeview); try { ret = initPass(); if (ret == 2) return ret; keys = new db_key(dbfile, this); reqs = new db_x509req(dbfile, this); certs = new db_x509(dbfile, this); temps = new db_temp(dbfile, this); crls = new db_crl(dbfile, this); certs->updateAfterDbLoad(); } catch (errorEx &err) { Error(err); dbfile = ""; return ret; } searchEdit->setText(""); searchEdit->show(); statusBar()->addWidget(searchEdit, 1); mandatory_dn = ""; explicit_dn = explicit_dn_default; string_opt = QString("MASK:0x2002"); ASN1_STRING_set_default_mask_asc((char*)CCHAR(string_opt)); hashBox::resetDefault(); pkcs11path = QString(); workingdir = QDir::currentPath(); setOptFlags((QString())); connect( keys, SIGNAL(newKey(pki_key *)), certs, SLOT(newKey(pki_key *)) ); connect( keys, SIGNAL(delKey(pki_key *)), certs, SLOT(delKey(pki_key *)) ); connect( keys, SIGNAL(newKey(pki_key *)), reqs, SLOT(newKey(pki_key *)) ); connect( keys, SIGNAL(delKey(pki_key *)), reqs, SLOT(delKey(pki_key *)) ); connect( certs, SIGNAL(connNewX509(NewX509 *)), this, SLOT(connNewX509(NewX509 *)) ); connect( reqs, SIGNAL(connNewX509(NewX509 *)), this, SLOT(connNewX509(NewX509 *)) ); connect( reqs, SIGNAL(newCert(pki_x509req *)), certs, SLOT(newCert(pki_x509req *)) ); connect( tempView, SIGNAL(newCert(pki_temp *)), certs, SLOT(newCert(pki_temp *)) ); connect( tempView, SIGNAL(newReq(pki_temp *)), reqs, SLOT(newItem(pki_temp *)) ); keyView->setIconSize(pki_evp::icon[0]->size()); reqView->setIconSize(pki_x509req::icon[0]->size()); certView->setIconSize(pki_x509::icon[0]->size()); tempView->setIconSize(pki_temp::icon->size()); crlView->setIconSize(pki_crl::icon->size()); keyView->setModel(keys); reqView->setModel(reqs); certView->setModel(certs); tempView->setModel(temps); crlView->setModel(crls); try { db mydb(dbfile); while (mydb.find(setting, QString()) == 0) { QString key; db_header_t head; char *p = (char *)mydb.load(&head); if (!p) { if (mydb.next()) break; continue; } key = head.name; if (key == "workingdir") workingdir = p; else if (key == "pkcs11path") pkcs11path = p; else if (key == "default_hash") hashBox::setDefault(p); else if (key == "mandatory_dn") mandatory_dn = p; else if (key == "explicit_dn") explicit_dn = p; /* what a stupid idea.... */ else if (key == "multiple_key_use") mydb.erase(); else if (key == "string_opt") string_opt = p; else if (key == "suppress") mydb.erase(); else if (key == "optionflags1") setOptFlags((QString(p))); /* Different optionflags, since setOptFlags() * does an abort() for unknown flags in * older versions. *Another stupid idea* * This is for backward compatibility */ else if (key == "optionflags") setOptFlags_old((QString(p))); else if (key == "defaultkey") NewKey::setDefault((QString(p))); else if (key == "mw_geometry") set_geometry(p, &head); free(p); if (mydb.next()) break; } } catch (errorEx &err) { Error(err); return ret; } ASN1_STRING_set_default_mask_asc((char*)CCHAR(string_opt)); if (explicit_dn.isEmpty()) explicit_dn = explicit_dn_default; setWindowTitle(tr(XCA_TITLE)); setItemEnabled(true); if (pki_evp::passwd.isNull()) XCA_INFO(tr("Using or exporting private keys will not be possible without providing the correct password")); dbindex->setText(tr("Database") + ": " + dbfile); load_engine(); return ret; }