QSslCertificate AccessCert::cert()
{
#ifdef Q_OS_MAC
SecIdentityRef identity = 0;
OSStatus err = SecIdentityCopyPreference( CFSTR("ocsp.sk.ee"), 0, 0, &identity );
if( !identity )
return QSslCertificate();
SecCertificateRef certref = 0;
err = SecIdentityCopyCertificate( identity, &certref );
CFRelease( identity );
if( !certref )
return QSslCertificate();
CFDataRef certdata = SecCertificateCopyData( certref );
CFRelease( certref );
if( !certdata )
return QSslCertificate();
QSslCertificate cert(
QByteArray( (const char*)CFDataGetBytePtr( certdata ), CFDataGetLength( certdata ) ), QSsl::Der );
CFRelease( certdata );
return cert;
#else
return PKCS12Certificate::fromPath(
Application::confValue( Application::PKCS12Cert ).toString(),
Application::confValue( Application::PKCS12Pass ).toString() ).certificate();
#endif
}
SecIdentityRef SecIdentityCopyPreferred(CFStringRef name, CFArrayRef keyUsage, CFArrayRef validIssuers)
{
// This function will look for a matching preference in the following order:
// - matches the name and the supplied key use
// - matches the name and the special 'ANY' key use
// - matches the name with no key usage constraint
SecIdentityRef identityRef = NULL;
CSSM_KEYUSE keyUse = ConvertArrayToKeyUsage(keyUsage);
OSStatus status = SecIdentityCopyPreference(name, keyUse, validIssuers, &identityRef);
if (status != errSecSuccess && keyUse != CSSM_KEYUSE_ANY)
status = SecIdentityCopyPreference(name, CSSM_KEYUSE_ANY, validIssuers, &identityRef);
if (status != errSecSuccess && keyUse != 0)
status = SecIdentityCopyPreference(name, 0, validIssuers, &identityRef);
return identityRef;
}
int main(int argc, char **argv)
{
char *kcName = NULL;
SecKeychainRef kcRef = NULL;
char *prefName = NULL;
bool doSet = false;
if((argc < 2) || (argv[1][0] == 'h')) {
usage(argv);
}
if(!strcmp(argv[1], "get")) {
doSet = false;
}
else if(!strcmp(argv[1], "set")) {
doSet = true;
}
else {
printf("Bad op argument\n");
usage(argv);
}
extern int optind;
optind = 2;
extern char *optarg;
int arg;
while ((arg = getopt(argc, argv, "p:k:h")) != -1) {
switch (arg) {
case 'p':
prefName = optarg;
break;
case 'k':
kcName = optarg;
break;
case 'h':
usage(argv);
}
}
if(optind != argc) {
usage(argv);
}
if(prefName == NULL) {
printf("***You must specify a preference name via -p.\n");
usage(argv);
}
CFStringRef prefStr = CFStringCreateWithCString(NULL, prefName, kCFStringEncodingASCII);
if(prefStr == NULL) {
printf("***Error converting pref name '%s' to CFString.\n", prefName);
exit(1);
}
OSStatus ortn;
if(kcName) {
ortn = SecKeychainOpen(kcName, &kcRef);
if(ortn) {
cssmPerror("SecKeychainOpen", ortn);
exit(1);
}
}
SecIdentityRef idRef = NULL;
if(doSet) {
ortn = sslSimpleIdentPicker(kcRef, &idRef);
if(ortn) {
printf("Error picking identity; aborting.\n");
exit(1);
}
ortn = SecIdentitySetPreference(idRef, prefStr, 0);
if(ortn) {
cssmPerror("SecIdentitySetPreference", ortn);
exit(1);
}
printf("...Identity preference set for name '%s'.\n", prefName);
}
else {
ortn = SecIdentityCopyPreference(prefStr, 0, NULL, &idRef);
if(ortn) {
cssmPerror("SecIdentityCopyPreference", ortn);
}
else {
SecCertificateRef certRef = NULL;
ortn = SecIdentityCopyCertificate(idRef, &certRef);
if(ortn) {
cssmPerror("SecIdentityCopyCertificate", ortn);
exit(1);
}
char *idName = kcItemPrintableName((SecKeychainItemRef)certRef);
printf("Identity for prefName '%s' found : '%s'\n",
prefName, idName);
free(idName);
CFRelease(certRef);
}
}
CFRelease(idRef);
return 0;
}