mainwindowx509.cpp

一个小型证书管理系统

			break;

	    }
	}
	catch (errorEx &err) {
		Error(err);
	}
	delete dlg;
}


void MainWindow::writePKCS12(QString s, bool chain)
{
	QStringList filt;
    try {
	pki_x509 *cert = (pki_x509 *)certs->getSelectedPKI();
	if (!cert) return;
	pki_key *privkey = cert->getKey();
	if (!privkey || privkey->isPubKey()) {
		QMessageBox::warning(this,tr(XCA_TITLE),
                	tr("There was no key found for the Certificate: ") +
			QString::fromLatin1(cert->getDescription().c_str()) );
		return; 
	}
	if (s.isEmpty()) return;
	s = QDir::convertSeparators(s);
	pki_pkcs12 *p12 = new pki_pkcs12(cert->getDescription(), cert, privkey, &MainWindow::passWrite);
	pki_x509 *signer = cert->getSigner();
	int cnt =0;
	while ((signer != NULL ) && (signer != cert) && chain) {
		CERR("SIGNER:"<<(int)signer);
		p12->addCaCert(signer);
		CERR( "signer: " << ++cnt );
		cert=signer;
		signer=signer->getSigner();
	}
	CERR("start writing" );
	p12->writePKCS12(s.latin1());
	delete p12;
    }
    catch (errorEx &err) {
	    Error(err);
    }
}

void MainWindow::signP7()
{
	QStringList filt;
    try {
	pki_x509 *cert = (pki_x509 *)certs->getSelectedPKI();
	if (!cert) return;
	pki_key *privkey = cert->getKey();
	if (!privkey || privkey->isPubKey()) {
		QMessageBox::warning(this,tr(XCA_TITLE),
                	tr("There was no key found for the Certificate: ") +
			QString::fromLatin1(cert->getDescription().c_str()) );
		return; 
	}
        filt.append("All Files ( *.* )");
	QString s="";
	QStringList slist;
	QFileDialog *dlg = new QFileDialog(this,0,true);
	dlg->setCaption(tr("Import Certificate signing request"));
	dlg->setFilters(filt);
	dlg->setMode( QFileDialog::ExistingFiles );
	setPath(dlg);
	if (dlg->exec()) {
		slist = dlg->selectedFiles();
		newPath(dlg);
        }
	delete dlg;
	pki_pkcs7 * p7 = new pki_pkcs7("");
	for ( QStringList::Iterator it = slist.begin(); it != slist.end(); ++it ) {
		s = *it;
		s = QDir::convertSeparators(s);
		p7->signFile(cert, s.latin1());
		p7->writeP7((s + ".p7s").latin1(), true);
	}
	delete p7;
    }
    catch (errorEx &err) {
	Error(err);
    }
}	

void MainWindow::encryptP7()
{
	QStringList filt;
    try {
	pki_x509 *cert = (pki_x509 *)certs->getSelectedPKI();
	if (!cert) return;
	pki_key *privkey = cert->getKey();
	if (!privkey || privkey->isPubKey()) {
		QMessageBox::warning(this,tr(XCA_TITLE),
                	tr("There was no key found for the Certificate: ") +
			QString::fromLatin1(cert->getDescription().c_str()) );
		return; 
	}
        filt.append("All Files ( *.* )");
	QString s="";
	QStringList slist;
	QFileDialog *dlg = new QFileDialog(this,0,true);
	dlg->setCaption(tr("Import Certificate signing request"));
	dlg->setFilters(filt);
	dlg->setMode( QFileDialog::ExistingFiles );
	setPath(dlg);
	if (dlg->exec()) {
		slist = dlg->selectedFiles();
		newPath(dlg);
        }
	delete dlg;
	pki_pkcs7 * p7 = new pki_pkcs7("");
	for ( QStringList::Iterator it = slist.begin(); it != slist.end(); ++it ) {
	MARK
		s = *it;
	MARK
		s = QDir::convertSeparators(s);
	MARK
		p7->encryptFile(cert, s.latin1());
	MARK
		p7->writeP7((s + ".p7m").latin1(), true);
	MARK
	}
	delete p7;
	MARK
    }
    catch (errorEx &err) {
	Error(err);
    }
}	

void MainWindow::showPopupCert(QListViewItem *item, const QPoint &pt, int x) {
	CERR( "popup Cert");
	QPopupMenu *menu = new QPopupMenu(this);
	QPopupMenu *subCa = new QPopupMenu(this);
	QPopupMenu *subP7 = new QPopupMenu(this);
	QPopupMenu *subExport = new QPopupMenu(this);
	int itemExtend, itemRevoke, itemTrust, itemCA, itemTemplate, itemReq, itemP7;
	bool canSign, parentCanSign, hasTemplates, hasPrivkey;
	
	if (!item) {
		menu->insertItem(tr("New Certificate"), this, SLOT(newCert()));
		menu->insertItem(tr("Import"), this, SLOT(loadCert()));
		menu->insertItem(tr("Import PKCS#12"), this, SLOT(loadPKCS12()));
		menu->insertItem(tr("Import from PKCS#7"), this, SLOT(loadPKCS7()));
	}
	else {
		pki_x509 *cert = (pki_x509 *)certs->getSelectedPKI(item->text(0).latin1());
		menu->insertItem(tr("Rename"), this, SLOT(startRenameCert()));
		menu->insertItem(tr("Show Details"), this, SLOT(showDetailsCert()));
		menu->insertItem(tr("Export"), subExport);
		subExport->insertItem(tr("File"), this, SLOT(writeCert()));
		itemReq = subExport->insertItem(tr("Request"), this, SLOT(toRequest()));

		menu->insertItem(tr("Delete"), this, SLOT(deleteCert()));
		itemTrust = menu->insertItem(tr("Trust"), this, SLOT(setTrust()));
		menu->insertSeparator();
		itemCA = menu->insertItem(tr("CA"), subCa);
		subCa->insertItem(tr("Serial"), this, SLOT(setSerial()));
		subCa->insertItem(tr("CRL days"), this, SLOT(setCrlDays()));
		itemTemplate = subCa->insertItem(tr("Signing Template"), this, SLOT(setTemplate()));
		subCa->insertItem(tr("Generate CRL"), this, SLOT(genCrl()));
		
		itemP7 = menu->insertItem(tr("PKCS#7"), subP7);
		subP7->insertItem(tr("Sign"), this, SLOT(signP7()));
		subP7->insertItem(tr("Encrypt"), this, SLOT(encryptP7()));
		menu->insertSeparator();
		itemExtend = menu->insertItem(tr("Renewal"), this, SLOT(extendCert()));
		if (cert) {
			if (cert->isRevoked()) {
				itemRevoke = menu->insertItem(tr("Unrevoke"), this, SLOT(unRevoke()));
				menu->setItemEnabled(itemTrust, false);
			}
			else	
				itemRevoke = menu->insertItem(tr("Revoke"), this, SLOT(revoke()));
			parentCanSign = (cert->getSigner() && cert->getSigner()->canSign() && (cert->getSigner() != cert));
			canSign = cert->canSign();
			hasTemplates = temps->getDesc().count() > 0 ;
			hasPrivkey = cert->getKey();
		}
		menu->setItemEnabled(itemExtend, parentCanSign);
		menu->setItemEnabled(itemRevoke, parentCanSign);
		menu->setItemEnabled(itemCA, canSign);
		subExport->setItemEnabled(itemReq, hasPrivkey);
		menu->setItemEnabled(itemP7, hasPrivkey);
		subCa->setItemEnabled(itemTemplate, hasTemplates);

	}
	menu->exec(pt);
	delete menu;
	delete subCa;
	delete subP7;
	delete subExport;
	
	return;
}

void MainWindow::renameCert(QListViewItem *item, int col, const QString &text)
{
	if (col != 0) return;
	try {
		pki_base *pki = certs->getSelectedPKI(item);
		string txt =  text.latin1();
		certs->renamePKI(pki, txt);
	}
	catch (errorEx &err) {
		Error(err);
	}
}

void MainWindow::setTrust()
{
	pki_x509 *cert = (pki_x509 *)certs->getSelectedPKI();
	if (!cert) return;
	TrustState_UI *dlg = new TrustState_UI(this,0,true);
	int state, newstate;
	state = cert->getTrust();
	if (cert->getSigner() == cert) {
		if (state == 1) state = 0;
		dlg->trust1->setDisabled(true);
	}
	if (state == 0 ) dlg->trust0->setChecked(true);
	if (state == 1 ) dlg->trust1->setChecked(true);
	if (state == 2 ) dlg->trust2->setChecked(true);
	dlg->certName->setText(cert->getDescription().c_str());
	if (dlg->exec()) {
		if (dlg->trust0->isChecked()) newstate = 0;
		if (dlg->trust1->isChecked()) newstate = 1;
		if (dlg->trust2->isChecked()) newstate = 2;
		if (newstate!=state) {
			cert->setTrust(newstate);
			certs->updatePKI(cert);
			certs->updateViewAll();
		}
	}
	delete dlg;
}

void MainWindow::toRequest()
{
	pki_x509 *cert = (pki_x509 *)certs->getSelectedPKI();
	if (!cert) return;
	try {
		pki_x509req *req = new pki_x509req(cert);
		insertReq(req);
	}
	catch (errorEx &err) {
		Error(err);
	}
	
}

void MainWindow::revoke()
{
	pki_x509 *cert = (pki_x509 *)certs->getSelectedPKI();
	if (!cert) return;
	cert->setRevoked(true);
	CERR("setRevoked..." );
	certs->updatePKI(cert);
	CERR("updatePKI done");
	certs->updateViewAll();
	CERR("view updated");
}

void MainWindow::unRevoke()
{
	pki_x509 *cert = (pki_x509 *)certs->getSelectedPKI();
	if (!cert) return;
	cert->setRevoked(false);
	certs->updatePKI(cert);
	certs->updateViewAll();
}

void MainWindow::setSerial()
{
	pki_x509 *cert = (pki_x509 *)certs->getSelectedPKI();
	if (!cert) return;
	int serial = cert->getCaSerial();
	bool ok;
	int nserial = QInputDialog::getInteger (tr(XCA_TITLE),
			tr("Please enter the new Serial for signing"),
			serial, serial, 2147483647, 1, &ok, this );
	if (ok && nserial > serial) {
		cert->setCaSerial(nserial);
		certs->updatePKI(cert);
	}
}

void MainWindow::setCrlDays()
{
	pki_x509 *cert = (pki_x509 *)certs->getSelectedPKI();
	if (!cert) return;
	int crlDays = cert->getCrlDays();
	bool ok;
	int nCrlDays = QInputDialog::getInteger (tr(XCA_TITLE),
			tr("Please enter the CRL renewal periode in days"),
			crlDays, crlDays, 365, 1, &ok, this );
	if (ok && (crlDays != nCrlDays)) {
		cert->setCrlDays(nCrlDays);
		certs->updatePKI(cert);
	}
}

void MainWindow::setTemplate()
{
	pki_x509 *cert = (pki_x509 *)certs->getSelectedPKI();
	if (!cert) return;
	QString templ = cert->getTemplate().c_str();
	QStringList tempList = temps->getDesc();
	unsigned int i, sel=0;
	bool ok;
	for (i=0; i<tempList.count(); i++) {
		if (tempList[i] == templ) {
			sel = i;
		}
	}
	QString nTempl = QInputDialog::getItem (tr(XCA_TITLE),
			tr("Please select the default Template for signing"),
			tempList, sel, false, &ok, this );
	if (ok && (templ != nTempl)) {
		cert->setTemplate(nTempl.latin1());
		certs->updatePKI(cert);
	}
}

void MainWindow::genCrl() 
{
	QStringList filt;
	pki_x509 *cert = (pki_x509 *)certs->getSelectedPKI();
	if (!cert) return;
	if (cert->getKey()->isPubKey()) return;
	filt.append(tr("CRLs ( *.crl )")); 
	filt.append(tr("All Files ( *.* )"));
	QString s="";
	QFileDialog *dlg = new QFileDialog(this,0,true);
	dlg->setCaption(tr("CRL export"));
	dlg->setFilters(filt);
	dlg->setMode( QFileDialog::AnyFile );
	dlg->setSelection( (cert->getDescription() + ".crl").c_str() );
	if (dlg->exec())
		s = dlg->selectedFile();
	delete dlg;
	if (s.isEmpty()) return;
	s = QDir::convertSeparators(s);
	try {	
		pki_crl *crl = new pki_crl(cert->getDescription(), cert);
		certs->assignClients(crl);
		crl->addV3ext(NID_authority_key_identifier,"keyid,issuer");
		//crl->addV3ext(NID_issuer_alt_name,"issuer:copy");
		crl->sign(cert->getKey());
		crl->writeCrl(s.latin1());
		cert->setLastCrl(crl->getDate());
		certs->updatePKI(cert);
		CERR( "CRL done, completely");
		delete(crl);
	 	CERR("crl deleted");
	}
	catch (errorEx &err) {
		Error(err);
	}
}


void MainWindow::startRenameCert()
{
	try {
#ifdef qt3
		pki_base *pki = certs->getSelectedPKI();
		if (!pki) return;
		QListViewItem *item = (QListViewItem *)pki->getPointer();
		item->startRename(0);
#else
		renamePKI(certs);
#endif
	}
	catch (errorEx &err) {
		Error(err);
	}
}