mainwindowx509.cpp

一个小型证书管理系统

		
	
void MainWindow::showDetailsCert()
{
	pki_x509 *cert = (pki_x509 *)certs->getSelectedPKI();
        showDetailsCert(cert);
}

void MainWindow::showDetailsCert(QListViewItem *item)
{
	string cert = item->text(0).latin1();
        showDetailsCert((pki_x509 *)certs->getSelectedPKI(cert));
}


bool MainWindow::showDetailsCert(pki_x509 *cert, bool import)
{
	if (!cert) return false;
	if (opensslError(cert)) return false;
    try {
	CertDetail_UI *dlg = new CertDetail_UI(this,0,true);
	dlg->image->setPixmap(*certImg);
	dlg->descr->setText(cert->getDescription().c_str());
	dlg->setCaption(tr(XCA_TITLE));

	// examine the key
	pki_key *key= cert->getKey();
	if (key)
	     if (key->isPrivKey()) {
		dlg->privKey->setText(key->getDescription().c_str());
	      	dlg->privKey->setDisabled(false);
	     }								

	// examine the signature
	if ( cert->getSigner() == NULL) {
		dlg->verify->setText(tr("SIGNER UNKNOWN"));
	}
	else if ( cert->compare(cert->getSigner()) ) {
		dlg->verify->setText(tr("SELF SIGNED"));
	}
	
	else {
		dlg->verify->setText(cert->getSigner()->getDescription().c_str());
	}

	// check trust state
	if (cert->getEffTrust() == 0) {
	      	dlg->verify->setDisabled(true);
	}
	CERR( cert->getEffTrust() );
	
	// the serial
	dlg->serialNr->setText(cert->getSerial().c_str());	

	// details of subject
	string land = cert->getDNs(NID_countryName);
	string land1 = cert->getDNs(NID_stateOrProvinceName);
	if (land != "" && land1 != "")
		land += " / " +land1;
	else
		land+=land1;
	dlg->dnCN->setText(cert->getDNs(NID_commonName).c_str() );
	dlg->dnC->setText(land.c_str());
	dlg->dnL->setText(cert->getDNs(NID_localityName).c_str());
	dlg->dnO->setText(cert->getDNs(NID_organizationName).c_str());
	dlg->dnOU->setText(cert->getDNs(NID_organizationalUnitName).c_str());
	dlg->dnEmail->setText(cert->getDNs(NID_pkcs9_emailAddress).c_str());
	
	// same for issuer....	
	land = cert->getDNi(NID_countryName);
	land1 = cert->getDNi(NID_stateOrProvinceName);
	if (land != "" && land1 != "")
		land += " / " +land1;
	else
		land+=land1;
	dlg->dnCN_2->setText(cert->getDNi(NID_commonName).c_str() );
	dlg->dnC_2->setText(land.c_str());
	dlg->dnL_2->setText(cert->getDNi(NID_localityName).c_str());
	dlg->dnO_2->setText(cert->getDNi(NID_organizationName).c_str());
	dlg->dnOU_2->setText(cert->getDNi(NID_organizationalUnitName).c_str());
	dlg->dnEmail_2->setText(cert->getDNi(NID_pkcs9_emailAddress).c_str());
	dlg->notBefore->setText(cert->notBefore().c_str());
	dlg->notAfter->setText(cert->notAfter().c_str());

	// validation of the Date
	if (cert->checkDate() == -1) {
		dlg->dateValid->setText(tr("Not valid"));
	      	dlg->dateValid->setDisabled(true);
	}
	if (cert->checkDate() == +1) {
		dlg->dateValid->setText(tr("Not valid"));
	      	dlg->dateValid->setDisabled(true);
	}
	string revdate = cert->revokedAt();
	if (revdate != "") {
		dlg->dateValid->setText(tr("Revoked: ")+ revdate.c_str());
	      	dlg->dateValid->setDisabled(true);
		
	}
	// the fingerprints
	dlg->fpMD5->setText(cert->fingerprint(EVP_md5()).c_str());
	dlg->fpSHA1->setText(cert->fingerprint(EVP_sha1()).c_str());
	
	// V3 extensions
	dlg->v3Extensions->setText(cert->printV3ext().c_str());
	
	// rename the buttons in case of import 
	if (import) {
		dlg->but_ok->setText(tr("Import"));
		dlg->but_cancel->setText(tr("Discard"));
	}

	// show it to the user...	
	if (dlg->exec()) {
		string ndesc = dlg->descr->text().latin1();
		if (ndesc != cert->getDescription()) {
			certs->renamePKI(cert, ndesc);
		}
		delete dlg;
		return true;
	}
	delete dlg;
	return false;
    }
    catch (errorEx &err) {
	    Error(err);
    }
    return false;
}

void MainWindow::deleteCert()
{
    try {
	pki_x509 *cert = (pki_x509 *)certs->getSelectedPKI();
	if (!cert) return;
	if (cert->getSigner() && cert->getSigner() != cert && cert->getSigner()->canSign()) {
		QMessageBox::information(this,tr(XCA_TITLE),
			tr("It is actually not a good idea to delete a cert that was signed by you") +":\n'" + 
			QString::fromLatin1(cert->getDescription().c_str()) + "'\n" ,
			tr("Ok") );
	}
	if (QMessageBox::information(this,tr(XCA_TITLE),
			tr("Really want to delete the Certificate") +":\n'" + 
			QString::fromLatin1(cert->getDescription().c_str()) + "'\n" ,
			tr("Delete"), tr("Cancel") )
	) return;
	pki_key *pkey = cert->getKey();
	certs->deletePKI(cert);
	if (pkey) keys->updateViewPKI(pkey);
    }
    catch (errorEx &err) {
	    Error(err);
    }
}

void MainWindow::loadCert()
{
	QStringList filt;
	filt.append(tr("Certificates ( *.pem *.der *.crt *.cer)")); 
	filt.append(tr("PKCS#12 Certificates ( *.p12 )")); 
	//filt.append(tr("PKCS#7 Signatures ( *.p7s )")); 
	filt.append(tr("All files ( *.* )"));
	QStringList slist;
	QString s="";
	QFileDialog *dlg = new QFileDialog(this,0,true);
	dlg->setCaption(tr("Certificate import"));
	dlg->setFilters(filt);
	dlg->setMode( QFileDialog::ExistingFiles );
	setPath(dlg);
	if (dlg->exec()) {
		slist = dlg->selectedFiles();
		newPath(dlg);
	}
	delete dlg;
	
	for ( QStringList::Iterator it = slist.begin(); it != slist.end(); ++it ) {
		s = *it;
		s = QDir::convertSeparators(s);
		try {
			pki_x509 *cert = new pki_x509(s.latin1());
			insertCert(cert);
			keys->updateViewPKI(cert->getKey());
		}
		catch (errorEx &err) {
			Error(err);
		}
	}
		
}

void MainWindow::loadPKCS12()
{
	pki_pkcs12 *pk12;
	pki_x509 *acert;
	pki_key *akey;
	QStringList filt;
	filt.append(tr("PKCS#12 Certificates ( *.p12 )")); 
	filt.append(tr("All files ( *.* )"));
	QStringList slist;
	QString s="";
	QFileDialog *dlg = new QFileDialog(this,0,true);
	dlg->setCaption(tr("Certificate import"));
	dlg->setFilters(filt);
	dlg->setMode( QFileDialog::ExistingFiles );
	setPath(dlg);
	if (dlg->exec()) {
		slist = dlg->selectedFiles();
		newPath(dlg);
	}
	delete dlg;
	for ( QStringList::Iterator it = slist.begin(); it != slist.end(); ++it ) {
		s = *it;
		s = QDir::convertSeparators(s);
		try {
			pk12 = new pki_pkcs12(s.latin1(), &MainWindow::passRead);
			akey = pk12->getKey();
			acert = pk12->getCert();
			insertKey(akey);
			insertCert(acert);
			for (int i=0; i<pk12->numCa(); i++) {
				acert = pk12->getCa(i);
				insertCert(acert);
			}
			delete pk12;
			keys->updateView();
		}
		catch (errorEx &err) {
			Error(err);
		}
	}

	
/* insert with asking.....	
	if (showDetailsKey(akey, true)) {
		insertKey(akey);
	}
	else {
		delete(akey);
	}
	if (showDetailsCert(acert,true)) {
		insertCert(acert);
	}
	else {
		delete(acert);
	}
	for (int i=0; i<pk12->numCa(); i++) {
		acert = pk12->getCa(i);
		if (showDetailsCert(acert, true)) {
			insertCert(acert);
		}
		else {
			delete(acert);
		}
	}
*/
}	
	

void MainWindow::loadPKCS7()
{
	pki_pkcs7 *pk7;
	pki_x509 *acert;
	QStringList filt;
	filt.append(tr("PKCS#7 data ( *.p7s *.p7m )")); 
	filt.append(tr("All files ( *.* )"));
	QStringList slist;
	QString s="";
	QFileDialog *dlg = new QFileDialog(this,0,true);
	dlg->setCaption(tr("Certificate import"));
	dlg->setFilters(filt);
	dlg->setMode( QFileDialog::ExistingFiles );
	setPath(dlg);
	if (dlg->exec()) {
		slist = dlg->selectedFiles();
		newPath(dlg);
	}
	delete dlg;
	for ( QStringList::Iterator it = slist.begin(); it != slist.end(); ++it ) {
		s = *it;
		s = QDir::convertSeparators(s);
		try {
			pk7 = new pki_pkcs7("");
			pk7->readP7(s.latin1());
			for (int i=0; i<pk7->numCert(); i++) {
				acert = pk7->getCert(i);
				insertCert(acert);
			}
			delete pk7;
			keys->updateView();
		}
		catch (errorEx &err) {
			Error(err);
		}
	}
}


void MainWindow::insertCert(pki_x509 *cert)
{
    try {
	pki_x509 *oldcert = (pki_x509 *)certs->findPKI(cert);
	if (oldcert) {
	   QMessageBox::information(this,tr(XCA_TITLE),
		tr("The certificate already exists in the database as") +":\n'" +
		QString::fromLatin1(oldcert->getDescription().c_str()) + 
		"'\n" + tr("and so it was not imported"), "OK");
	   delete(cert);
	   return;
	}
	CERR( "insertCert: inserting" );
	certs->insertPKI(cert);
    }
    catch (errorEx &err) {
	    Error(err);
    }
    int serial;
    if (cert->getSigner() != cert && cert->getSigner()) {
	sscanf(cert->getSerial().c_str(), "%x", &serial);
	CERR("OTHER SIGNER" << serial);
    	if (serial >= cert->getSigner()->getCaSerial()) {
	    QMessageBox::information(this,tr(XCA_TITLE),
		tr("The certificate-serial is higher than the next serial of the signer it will be set to ") +
		QString::number(serial + 1), "OK");
	    cert->getSigner()->setCaSerial(serial+1);
	}	
    }
    serial = certs->searchSerial(cert);
    if ( serial > 0) {
	QMessageBox::information(this,tr(XCA_TITLE),
		tr("The certificate CA serial is lower than the highest serial of one signed certificate it will be set to ") +
		QString::number(serial ), "OK");
	cert->setCaSerial(serial);
    }
    certs->updatePKI(cert);
}

void MainWindow::writeCert()
{
	QStringList filt;
	pki_x509 *crt = (pki_x509 *)certs->getSelectedPKI();
	pki_x509 *oldcrt = NULL;
	if (!crt) return;
	pki_key *privkey = crt->getKey();
	ExportCert *dlg = new ExportCert((crt->getDescription() + ".crt").c_str(),
			  (privkey && privkey->isPrivKey()));
	if (!dlg->exec()) {
		delete dlg;
		return;
	}
	QString fname = dlg->filename->text();
        if (fname == "") {
                delete dlg;
                return;
        }
	try {
	    switch (dlg->exportFormat->currentItem()) {
		case 0: // PEM
			crt->writeCert(fname.latin1(),true,false);
			break;
		case 1: // PEM with chain
			while(crt && crt != oldcrt) {
				crt->writeCert(fname.latin1(),true,true);
				oldcrt = crt;
				crt = crt->getSigner();
			}
			break;
		case 2: // PEM all trusted Certificates
			certs->writeAllCerts(fname,true);
			break;
		case 3: // PEM all Certificates
			certs->writeAllCerts(fname,false);
			break;
		case 4: // DER	
			crt->writeCert(fname.latin1(),false,false);
			break;
		case 5: // P12
			writePKCS12(fname,false);
			break;
		case 6: // P12 + cert chain
			writePKCS12(fname,true);