newx509.cpp

来自「一个精简的CA程序」· C++ 代码 · 共 740 行 · 第 1/2 页

/* vi: set sw=4 ts=4: */
/*
 * Copyright (C) 2001 Christian Hohnstaedt.
 *
 *  All rights reserved.
 *
 *
 *  Redistribution and use in source and binary forms, with or without 
 *  modification, are permitted provided that the following conditions are met:
 *
 *  - Redistributions of source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 *  - Redistributions in binary form must reproduce the above copyright notice,
 *    this list of conditions and the following disclaimer in the documentation
 *    and/or other materials provided with the distribution.
 *  - Neither the name of the author nor the names of its contributors may be 
 *    used to endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 *
 * This program links to software with different licenses from:
 *
 *	http://www.openssl.org which includes cryptographic software
 * 	written by Eric Young (eay@cryptsoft.com)"
 *
 *	http://www.sleepycat.com
 *
 *	http://www.trolltech.com
 * 
 *
 *
 * http://www.hohnstaedt.de/xca
 * email: christian@hohnstaedt.de
 *
 * $Id: NewX509.cpp,v 1.24 2003/09/03 15:13:58 chris2511 Exp $ 
 *
 */                           


#include "NewX509.h"
#include <qgroupbox.h>
#include <qcheckbox.h>
#include <qcombobox.h>
#include <qradiobutton.h>
#include <qmessagebox.h>
#include <qlineedit.h>
#include <qlabel.h>
#include <qwhatsthis.h>
#include <qlistbox.h>
#include <qlistview.h>
#include <qpixmap.h>
#include <qpushbutton.h>
#include <qvalidator.h>
#include <qbuttongroup.h>
#include <qtextview.h>
#include "MainWindow.h"
#include "validity.h"
#include "lib/x509name.h"
#include "lib/db_key.h"
#include "lib/db_x509req.h"
#include "lib/db_x509.h"
#include "lib/db_temp.h"


int NewX509::eku_nid[EKUN_CNT] = {
  NID_server_auth,
  NID_client_auth,
  NID_code_sign,
  NID_email_protect,
  NID_time_stamp,
  NID_ms_code_ind,
  NID_ms_code_com,
  NID_ms_ctl_sign,
  NID_ms_sgc,
  NID_ms_efs,
  NID_ns_sgc,
  OBJ_create("1.3.6.1.4.1.311.10.3.4.1", "msEFSFR",
	"Microsoft EFS File Recovery" ),
  NID_ipsecEndSystem,
  NID_ipsecTunnel,
  NID_ipsecUser,
  OBJ_create("1.3.6.1.5.5.8.2.2", "iKEIntermediate",
	"IP security end entity"),
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
  NID_ms_smartcard_login
#else
  OBJ_create("1.3.6.1.4.1.311.20.2.2", "SmartCardLogon", "Smart Card Logon")
#endif  
};

int NewX509::dn_nid[DISTNAME_CNT] = {
  NID_commonName,
  NID_surname,
  NID_serialNumber,
  NID_countryName,
  NID_localityName,
  NID_stateOrProvinceName,
  NID_organizationName,
  NID_organizationalUnitName,
  NID_title,
  NID_description,
  NID_name,
  NID_givenName,
  NID_initials,
  NID_dnQualifier,
#if OPENSSL_VERSION_NUMBER >= 0x00907000L  
  NID_role,
  NID_generationQualifier,
  NID_x500UniqueIdentifier,
  NID_pseudonym
#else
  OBJ_create("2.5.4.44", "generationQualifier", "generationQualifier"),
  OBJ_create("2.5.4.45", "x500UniqueIdentifier", "x500UniqueIdentifier"),
  OBJ_create("2.5.4.65", "pseudonym", "pseudonym")
#endif
};

int NewX509::name_nid[] = {
	NID_commonName,
	NID_countryName,
	NID_localityName,
	NID_stateOrProvinceName,
	NID_organizationName,
	NID_organizationalUnitName,
	NID_pkcs9_emailAddress
};
							 
NewX509::NewX509(QWidget *parent , const char *name, bool modal, WFlags f)
	:NewX509_UI(parent, name, modal, f)
{
        connect( extDNadd, SIGNAL(clicked()), this, SLOT(addX509NameEntry()) );
        connect( extDNdel, SIGNAL(clicked()), this, SLOT(delX509NameEntry()) );
	int i;
	setCaption(tr(XCA_TITLE));
	fixtemp = NULL;
	nsImg->setPixmap(*MainWindow::nsImg);
#ifndef qt3
	// pretty fat Title :-)
	QFont tFont;// = getFont();
	tFont.setPointSize(14);
	tFont.setBold(true);
	tFont.setUnderline(true);
	//setFont( tFont );
#else
	//setFont( tFont );
#endif	
	// serialNr->setValidator( new QIntValidator(0, 32767, this));
	QStringList strings;
	 
	// are there any useable private keys  ?
	strings = MainWindow::keys->get0PrivateDesc();
	keyList->insertStringList(strings);
	hashAlgo->setCurrentItem(1);
	
	// any PKCS#10 requests to be used ?
	strings = MainWindow::reqs->getDesc();
	if (strings.isEmpty()) {
		fromReqCB->setDisabled(true);
		reqList->setDisabled(true);
	}
	else {
		reqList->insertStringList(strings);
	}
	
	// How about signing certificates ?
	strings = MainWindow::certs->getSignerDesc();
	if (strings.isEmpty()) {
		foreignSignRB->setDisabled(true);
		certList->setDisabled(true);
	}
	else {
		certList->insertStringList(strings);
	}
	
	// set dates to now and now + 1 year
	a1time a;
	notBefore->setDate(a.now());
	notAfter->setDate(a.now(60*60*24*365));
	
	// settings for the templates ....
	strings = MainWindow::temps->getDesc();
	strings.prepend(tr("Server Template"));
	strings.prepend(tr("Client Template"));
	strings.prepend(tr("CA Template"));
	strings.prepend(tr("Empty Template"));
	tempList->insertStringList(strings);
	
	// setup Extended keyusage
	for (i=0; i<EKUN_CNT; i++)
		ekeyUsage->insertItem(OBJ_nid2ln(eku_nid[i]));

	// setup Distinguished Name 
	for (i=0; i<DISTNAME_CNT; i++)
		extDNobj->insertItem(OBJ_nid2ln(dn_nid[i]));

	// init the X509 v3 context
	X509V3_set_ctx(&ext_ctx, NULL , NULL, NULL, NULL, 0);
	X509V3_set_ctx_nodb((&ext_ctx));

	// setup the list of x509nameEntrys
	name_ptr[0] = commonName;
	name_ptr[1] = countryName;
	name_ptr[2] = localityName;
	name_ptr[3] = stateOrProvinceName;
	name_ptr[4] = organisationName;
	name_ptr[5] = organisationalUnitName;
	name_ptr[6] = emailAddress;
							
	// last polish 
	setFinishEnabled(page7,true);
	setNextEnabled(page2,false);
	signerChanged();
	checkAuthKeyId();
}

void NewX509::setRequest()
{
	setAppropriate(page4, false);
	setAppropriate(page5, false);
	setAppropriate(page6, false);
	finishButton()->setEnabled(true);
	changeDefault->setEnabled(false);
	changeDefault->setChecked(false);
	signerBox->setEnabled(false);
	requestBox->setEnabled(false);
	startText=tr("\
Welcome to the settings for certificate signing requests.\n\
A signing request needs a private key, so it will be created \
if there isn't any unused key available in the key database. \
This signing request can then be given to a Certification authority \
while the private key of the request and of the resulting certificate \
returned from the CA does never leave your computer.");
	endText=tr("\
You are done with entering all parameters for generating a Certificate signing \
request. The resulting request should be exported and send to an appropriate CA \
for signing it.");
	tText=tr("Certificate request");
	setup();
	setImage(MainWindow::csrImg);
}

NewX509::~NewX509()
{

}

void NewX509::setTemp(pki_temp *temp)
{
	setAppropriate(page1, false);
	finishButton()->setEnabled(true);
	startText=tr("\
Welcome to the settings for Templates.\n\
This templates do not refer to any ASN.1 structure but are used to keep default \
settings for signing requests and certificates. \
When creating a Request or Certificate the template can preset the needed fields \
with default settings.");
	endText=tr("\
You are done with entering all parameters for the Template.\n\
After this step the template can be assigned to one of your CAs to be autoatically \
applied when signing with this CA.");
	tText=tr("Template");
	if (temp->getIntName() != "--") {
		description->setText(temp->getIntName());
		tText += tr(" change");
	}
	setup();
	privKeyBox->setEnabled(false);
	validitybox->setEnabled(false);
	setImage(MainWindow::tempImg);
	
}
	
void NewX509::setCert()
{
	finishButton()->setEnabled(true);
	startText=tr("Welcome to the settings for Certificates.\n\
The information for the new Certificate can either be grabbed from a given \
Certificate-request or be filled in by hand. In the case of not signing a request \
there needs to be at least one unused key. If this is not the case it will be created. \
If you want to self-sign a request (unusual but nevertheless possible) you need the \
private key used to create the request.");
	endText=tr("You are done with entering all parameters for creating a Certificate.");
	tText=tr("Certificate");
	setup();
	setImage(MainWindow::certImg);
}

void NewX509::setImage(QPixmap *image)
{
	bigImg1->setPixmap(*image);
	bigImg2->setPixmap(*image);
	bigImg3->setPixmap(*image);
	bigImg4->setPixmap(*image);
	bigImg5->setPixmap(*image);
	bigImg6->setPixmap(*image);
}

void NewX509::setup()
{
	startLabel->setText(startText);
	endLabel->setText(endText);
	setTitle(page0, tText + " Wizard");
	setTitle(page1, tText + " template selection");
	setTitle(page2, tText + " personal settings");
	setTitle(page4, tText + " X.509 v3 Extensions");
	setTitle(page5, tText + " key usage setup");
	setTitle(page6, tText + " Netscape extensions");
	setTitle(page7, tText + " Wizard finished");
}
	
void NewX509::defineTemplate(pki_temp *temp)
{
	fromTemplate(temp);
	templateChanged(temp);
	tempList->setEnabled(false);
}

void NewX509::defineRequest(pki_x509req *req)
{
	if (!req) return;
	fromReqCB->setEnabled(true);
	fromReqCB->setChecked(true);
	QString reqname = req->getIntName(); 
#ifdef qt3
	reqList->setCurrentText(reqname);
#else
	for (int i=0; i<reqList->count(); i++) {
		if (reqList->text(i) == reqname) {
			reqList->setCurrentItem(i);
			break;
		}
	}
#endif

}

void NewX509::defineSigner(pki_x509 *defcert)
{
	// suggested from:  Andrey Brindeew <abr@abr.pp.ru>
	if (defcert && defcert->canSign()) {
		QString name = defcert->getIntName();
#ifdef qt3
		certList->setCurrentText(name);
#else
		for (int i=0; i<certList->count();i++) {
			if (certList->text(i) == name) {
				certList->setCurrentItem(i);
				break;
			}
		}
#endif
		foreignSignRB->setChecked(true);
		certList->setEnabled(true);
	}
}