newx509.cpp

一个跨平台的CA系统 实现了数字证书的制作、SSL安全通讯、加解密操作等功能

/* vi: set sw=4 ts=4: */
/*
 * Copyright (C) 2001 Christian Hohnstaedt.
 *
 *  All rights reserved.
 *
 *
 *  Redistribution and use in source and binary forms, with or without 
 *  modification, are permitted provided that the following conditions are met:
 *
 *  - Redistributions of source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 *  - Redistributions in binary form must reproduce the above copyright notice,
 *    this list of conditions and the following disclaimer in the documentation
 *    and/or other materials provided with the distribution.
 *  - Neither the name of the author nor the names of its contributors may be 
 *    used to endorse or promote products derived from this software without
 *    specific prior written permission.
 *
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 *
 * This program links to software with different licenses from:
 *
 *	http://www.openssl.org which includes cryptographic software
 * 	written by Eric Young (eay@cryptsoft.com)"
 *
 *	http://www.sleepycat.com
 *
 *	http://www.trolltech.com
 * 
 *
 *
 * http://www.hohnstaedt.de/xca
 * email: christian@hohnstaedt.de
 *
 * $Id: NewX509.cpp,v 1.32 2004/05/21 19:07:44 chris2511 Exp $ 
 *
 */                           


#include "NewX509.h"
#include <qgroupbox.h>
#include <qcheckbox.h>
#include <qcombobox.h>
#include <qradiobutton.h>
#include <qmessagebox.h>
#include <qlineedit.h>
#include <qlabel.h>
#include <qwhatsthis.h>
#include <qlistbox.h>
#include <qlistview.h>
#include <qpixmap.h>
#include <qpushbutton.h>
#include <qvalidator.h>
#include <qbuttongroup.h>
#include <qtextview.h>
#include "MainWindow.h"
#include "validity.h"
#include "lib/x509name.h"
#include "lib/db_key.h"
#include "lib/db_x509req.h"
#include "lib/db_x509.h"
#include "lib/db_temp.h"
#include "lib/oid.h"
#include "lib/func.h"


int NewX509::name_nid[] = {
	NID_commonName,
	NID_countryName,
	NID_localityName,
	NID_stateOrProvinceName,
	NID_organizationName,
	NID_organizationalUnitName,
	NID_pkcs9_emailAddress
};
							 
NewX509::NewX509(QWidget *parent , const char *name, bool modal, WFlags f)
	:NewX509_UI(parent, name, modal, f)
{
	unsigned int i;
	connect( extDNadd, SIGNAL(clicked()), this, SLOT(addX509NameEntry()) );
	connect( extDNdel, SIGNAL(clicked()), this, SLOT(delX509NameEntry()) );

	eku_nid = *MainWindow::eku_nid;
	dn_nid = *MainWindow::dn_nid;
	aia_nid = *MainWindow::aia_nid;
	
	setCaption(tr(XCA_TITLE));
	fixtemp = NULL;
	nsImg->setPixmap(*MainWindow::nsImg);
#ifndef qt3
	// pretty fat Title :-)
	QFont tFont;// = getFont();
	tFont.setPointSize(14);
	tFont.setBold(true);
	tFont.setUnderline(true);
	//setFont( tFont );
#else
	//setFont( tFont );
#endif	
	// serialNr->setValidator( new QIntValidator(0, 32767, this));
	QStringList strings;
	 
	// are there any useable private keys  ?
	strings = MainWindow::keys->get0PrivateDesc();
	keyList->insertStringList(strings);
	hashAlgo->setCurrentItem(1);
	
	// any PKCS#10 requests to be used ?
	strings = MainWindow::reqs->getDesc();
	if (strings.isEmpty()) {
		fromReqCB->setDisabled(true);
		reqList->setDisabled(true);
	}
	else {
		reqList->insertStringList(strings);
	}
	
	// How about signing certificates ?
	strings = MainWindow::certs->getSignerDesc();
	if (strings.isEmpty()) {
		foreignSignRB->setDisabled(true);
		certList->setDisabled(true);
	}
	else {
		certList->insertStringList(strings);
	}
	
	// set dates to now and now + 1 year
	a1time a;
	notBefore->setDate(a.now());
	notAfter->setDate(a.now(60*60*24*365));
	
	// settings for the templates ....
	strings = MainWindow::temps->getDesc();
	strings.prepend(tr("Server Template"));
	strings.prepend(tr("Client Template"));
	strings.prepend(tr("CA Template"));
	strings.prepend(tr("Empty Template"));
	tempList->insertStringList(strings);
	
	// setup Extended keyusage
	for (i=0; i < eku_nid.count(); i++)
		ekeyUsage->insertItem(OBJ_nid2ln(eku_nid[i]));

	// setup Distinguished Name 
	for (i=0; i < dn_nid.count(); i++)
		extDNobj->insertItem(OBJ_nid2ln(dn_nid[i]));

	// setup Authority Info Access
	for (i=0; i < aia_nid.count(); i++)
		aiaOid->insertItem(OBJ_nid2ln(aia_nid[i]));

	// init the X509 v3 context
	X509V3_set_ctx(&ext_ctx, NULL , NULL, NULL, NULL, 0);
	X509V3_set_ctx_nodb((&ext_ctx));

	// setup the list of x509nameEntrys
	name_ptr[0] = commonName;
	name_ptr[1] = countryName;
	name_ptr[2] = localityName;
	name_ptr[3] = stateOrProvinceName;
	name_ptr[4] = organisationName;
	name_ptr[5] = organisationalUnitName;
	name_ptr[6] = emailAddress;

	// last polish 
	setFinishEnabled(page7,true);
	setNextEnabled(page2,false);
	signerChanged();
	checkAuthKeyId();
}

void NewX509::setRequest()
{
	setAppropriate(page4, false);
	setAppropriate(page5, false);
	setAppropriate(page6, false);
	finishButton()->setEnabled(true);
	changeDefault->setEnabled(false);
	changeDefault->setChecked(false);
	signerBox->setEnabled(false);
	requestBox->setEnabled(false);
	startText_h=tr("Welcome to the settings for certificate signing requests.");
	startText_b=tr("A signing request needs a private key, so it will be "
		"created if there isn't any unused key available in the key "
		"database. This signing request can then be given to a "
		"Certification authority while the private key of the request "
		"and of the resulting certificate returned from the CA does never "
		"leave your computer.");
	endText=tr("You are done with entering all parameters for generating "
		"a Certificate signing request. The resulting request should "
		"be exported and send to an appropriate CA for signing it.");
	tText=tr("Certificate signing request");
	setup();
	setImage(MainWindow::csrImg);
}

NewX509::~NewX509()
{

}

void NewX509::setTemp(pki_temp *temp)
{
	setAppropriate(page1, false);
	finishButton()->setEnabled(true);
	startText_h=tr("Welcome to the settings for Templates.");
	startText_b=tr("This templates do not refer to any ASN.1 structure "
		"but are used to keep default settings for signing requests and "
		"certificates. When creating a Request or Certificate the template "
		"can preset the needed fields with default settings.");
	endText=tr("You are done with entering all parameters for the Template.\n"
		"After this step the template can be assigned to one of your CAs to "
		"be autoatically applied when signing with this CA.");
	tText=tr("Template");
	if (temp->getIntName() != "--") {
		description->setText(temp->getIntName());
		tText += tr(" change");
	}
	setup();
	privKeyBox->setEnabled(false);
	validitybox->setEnabled(false);
	setImage(MainWindow::tempImg);
	
}
	
void NewX509::setCert()
{
	finishButton()->setEnabled(true);
	startText_h=tr("Welcome to the settings for Certificates.");
	startText_b=tr("The information for the new Certificate can either be "
		"grabbed from a given Certificate-request or be filled in by hand. "
		"In the case of not signing a request there needs to be at least one "
		"unused key. If this is not the case it will be created. If you want "
		"to self-sign a request (unusual but nevertheless possible) you need "
		"the private key used to create the request.");
	endText=tr("You are done with entering all parameters for creating "
		"a Certificate.");
	tText=tr("Certificate");
	setup();
	setImage(MainWindow::certImg);
}

void NewX509::setImage(QPixmap *image)
{
	bigImg1->setPixmap(*image);
	bigImg2->setPixmap(*image);
	bigImg3->setPixmap(*image);
	bigImg4->setPixmap(*image);
	bigImg5->setPixmap(*image);
	bigImg6->setPixmap(*image);
}

void NewX509::setup()
{
	startLabel_h->setText(startText_h);
	startLabel_b->setText(startText_b);
	endLabel->setText(endText);
	setTitle(page0, tText + " Wizard");
	setTitle(page1, tText + " template selection");
	setTitle(page2, tText + " personal settings");
	setTitle(page4, tText + " X.509 v3 Extensions");
	setTitle(page5, tText + " key usage setup");
	setTitle(page6, tText + " Netscape extensions");
	setTitle(page7, tText + " Wizard finished");
}
	
void NewX509::defineTemplate(pki_temp *temp)
{
	fromTemplate(temp);
	templateChanged(temp);
	tempList->setEnabled(false);
}

void NewX509::defineRequest(pki_x509req *req)
{
	if (!req) return;
	fromReqCB->setEnabled(true);
	fromReqCB->setChecked(true);
	QString reqname = req->getIntName(); 
#ifdef qt3
	reqList->setCurrentText(reqname);
#else
	for (int i=0; i<reqList->count(); i++) {
		if (reqList->text(i) == reqname) {
			reqList->setCurrentItem(i);
			break;
		}
	}
#endif

}

void NewX509::defineSigner(pki_x509 *defcert)
{
	// suggested from:  Andrey Brindeew <abr@abr.pp.ru>
	if (defcert && defcert->canSign()) {
		QString name = defcert->getIntName();
#ifdef qt3
		certList->setCurrentText(name);
#else
		for (int i=0; i<certList->count();i++) {
			if (certList->text(i) == name) {
				certList->setCurrentItem(i);
				break;
			}
		}
#endif
		foreignSignRB->setChecked(true);
		certList->setEnabled(true);
	}
}	


int NewX509::lb2int(QListBox *lb)
{
	int x=0;
	for (int i=0; lb->item(i); i++) {
		if (lb->isSelected(i)){
			x |= 1<<i;
		}
	}
	return x;
}	


void NewX509::int2lb(QListBox *lb, int x)
{
	for (int i=0; lb->item(i); i++) {
		lb->setSelected(i, (1<<i) & x);
	}
}	


void NewX509::fromTemplate(pki_temp *temp)
{
	setX509name(temp->xname);
	subAltName->setText(temp->subAltName);
	issAltName->setText(temp->issAltName);