certview.cpp

一个跨平台的CA系统 实现了数字证书的制作、SSL安全通讯、加解密操作等功能

	QStringList filt;
    try {
	pki_x509 *cert = (pki_x509 *)getSelected();
	if (!cert) return;
	pki_key *privkey = cert->getRefKey();
	if (!privkey || privkey->isPubKey()) {
		QMessageBox::warning(this,tr(XCA_TITLE),
                	tr("There was no key found for the Certificate: ") +
			cert->getIntName());
		return; 
	}
        filt.append("All Files ( *.* )");
	QString s="";
	QStringList slist;
	QFileDialog *dlg = new QFileDialog(this,0,true);
	dlg->setCaption(tr("Import Certificate signing request"));
	dlg->setFilters(filt);
	dlg->setMode( QFileDialog::ExistingFiles );
        dlg->setDir(MainWindow::getPath());
	if (dlg->exec()) {
		slist = dlg->selectedFiles();
		MainWindow::setPath(dlg->dirPath());
        }
	delete dlg;
	pki_pkcs7 * p7 = new pki_pkcs7("");
	for ( QStringList::Iterator it = slist.begin(); it != slist.end(); ++it ) {
		s = *it;
		s = QDir::convertSeparators(s);
		p7->signFile(cert, s);
		p7->writeP7((s + ".p7s"), true);
	}
	delete p7;
    }
    catch (errorEx &err) {
	Error(err);
    }
}	

void CertView::encryptP7()
{
	QStringList filt;
    try {
	pki_x509 *cert = (pki_x509 *)getSelected();
	if (!cert) return;
	pki_key *privkey = cert->getRefKey();
	if (!privkey || privkey->isPubKey()) {
		QMessageBox::warning(this,tr(XCA_TITLE),
			tr("There was no key found for the Certificate: ") +
			cert->getIntName()) ;
		return; 
	}
	filt.append("All Files ( *.* )");
	QString s="";
	QStringList slist;
	QFileDialog *dlg = new QFileDialog(this,0,true);
	dlg->setCaption(tr("Import Certificate signing request"));
	dlg->setFilters(filt);
	dlg->setMode( QFileDialog::ExistingFiles );
	dlg->setDir(MainWindow::getPath());
	if (dlg->exec()) {
		slist = dlg->selectedFiles();
		MainWindow::setPath(dlg->dirPath());
	}
	delete dlg;
	pki_pkcs7 * p7 = new pki_pkcs7("");
	for ( QStringList::Iterator it = slist.begin(); it != slist.end(); ++it ) {
		s = *it;
		s = QDir::convertSeparators(s);
		p7->encryptFile(cert, s);
		p7->writeP7((s + ".p7m"), true);
	}
	delete p7;
    }
    catch (errorEx &err) {
		Error(err);
    }
}	

void CertView::popupMenu(QListViewItem *item, const QPoint &pt, int x) {
	QPopupMenu *menu = new QPopupMenu(this);
	QPopupMenu *subCa = new QPopupMenu(this);
	QPopupMenu *subP7 = new QPopupMenu(this);
	QPopupMenu *subExport = new QPopupMenu(this);
	int itemExtend, itemRevoke, itemTrust, itemCA, itemTemplate, itemReq, itemP7, itemtca;
	bool canSign, parentCanSign, hasTemplates, hasPrivkey;
	
	emit init_database();
	if (!item) {
		menu->insertItem(tr("New Certificate"), this, SLOT(newItem()));
		menu->insertItem(tr("Import"), this, SLOT(load()));
		menu->insertItem(tr("Import PKCS#12"), this, SLOT(loadPKCS12()));
		menu->insertItem(tr("Import from PKCS#7"), this, SLOT(loadPKCS7()));
	}
	else {
		CHECK_DB
		pki_x509 *cert = (pki_x509 *)db->getByName(item->text(0));
		menu->insertItem(tr("Rename"), this, SLOT(startRename()));
		menu->insertItem(tr("Show Details"), this, SLOT(showItem()));
		menu->insertItem(tr("Export"), subExport);
		subExport->insertItem(tr("File"), this, SLOT(store()));
		itemReq = subExport->insertItem(tr("Request"), this, SLOT(toRequest()));
		itemtca = subExport->insertItem(tr("TinyCA"), this, SLOT(toTinyCA()));

		menu->insertItem(tr("Delete"), this, SLOT(deleteItem()));
		itemTrust = menu->insertItem(tr("Trust"), this, SLOT(setTrust()));
		menu->insertSeparator();
		itemCA = menu->insertItem(tr("CA"), subCa);
		subCa->insertItem(tr("Serial"), this, SLOT(setSerial()));
		subCa->insertItem(tr("CRL days"), this, SLOT(setCrlDays()));
		itemTemplate = subCa->insertItem(tr("Signing Template"), this, SLOT(setTemplate()));
		subCa->insertItem(tr("Generate CRL"), this, SLOT(genCrl()));
		
		itemP7 = menu->insertItem(tr("PKCS#7"), subP7);
		subP7->insertItem(tr("Sign"), this, SLOT(signP7()));
		subP7->insertItem(tr("Encrypt"), this, SLOT(encryptP7()));
		menu->insertSeparator();
		itemExtend = menu->insertItem(tr("Renewal"), this, SLOT(extendCert()));
		if (cert) {
			if (cert->isRevoked()) {
				itemRevoke = menu->insertItem(tr("Unrevoke"), this, SLOT(unRevoke()));
				menu->setItemEnabled(itemTrust, false);
			}
			else	
				itemRevoke = menu->insertItem(tr("Revoke"), this, SLOT(revoke()));
			parentCanSign = (cert->getSigner() && cert->getSigner()->canSign() && (cert->getSigner() != cert));
			canSign = cert->canSign();
			hasTemplates = MainWindow::temps->getDesc().count() > 0 ;
			hasPrivkey = cert->getRefKey();
		}
		menu->setItemEnabled(itemExtend, parentCanSign);
		menu->setItemEnabled(itemRevoke, parentCanSign);
		menu->setItemEnabled(itemCA, canSign);
		subExport->setItemEnabled(itemReq, hasPrivkey);
		subExport->setItemEnabled(itemtca, canSign);
		menu->setItemEnabled(itemP7, hasPrivkey);
		subCa->setItemEnabled(itemTemplate, hasTemplates);

	}
	menu->exec(pt);
	delete menu;
	delete subCa;
	delete subP7;
	delete subExport;
	
	return;
}

void CertView::setTrust()
{
	pki_x509 *cert = (pki_x509 *)getSelected();
	if (!cert) return;
	TrustState_UI *dlg = new TrustState_UI(this,0,true);
	int state, newstate;
	dlg->image->setPixmap(*MainWindow::certImg);
	state = cert->getTrust();
	if (cert->getSigner() == cert) {
		if (state == 1) state = 0;
		dlg->trust1->setDisabled(true);
	}
	if (state == 0 ) dlg->trust0->setChecked(true);
	if (state == 1 ) dlg->trust1->setChecked(true);
	if (state == 2 ) dlg->trust2->setChecked(true);
	dlg->certName->setText(cert->getIntName());
	if (dlg->exec()) {
		if (dlg->trust0->isChecked()) newstate = 0;
		if (dlg->trust1->isChecked()) newstate = 1;
		if (dlg->trust2->isChecked()) newstate = 2;
		if (newstate!=state) {
			cert->setTrust(newstate);
			db->updatePKI(cert);
			updateView();
		}
	}
	delete dlg;
}

void CertView::toRequest()
{
	pki_x509 *cert = (pki_x509 *)getSelected();
	if (!cert) return;
	try {
		pki_x509req *req = new pki_x509req();
		req->setIntName(cert->getIntName());
		req->createReq(cert->getRefKey(), cert->getSubject(), EVP_md5());
		MainWindow::reqs->insert(req);
	}
	catch (errorEx &err) {
		Error(err);
	}
	
}

void CertView::revoke()
{
	pki_x509 *cert = (pki_x509 *)getSelected();
	if (!cert) return;
	cert->setRevoked(true);
	db->updatePKI(cert);
	updateView();
}

void CertView::unRevoke()
{
	pki_x509 *cert = (pki_x509 *)getSelected();
	if (!cert) return;
	cert->setRevoked(false);
	db->updatePKI(cert);
	updateView();
}

void CertView::setSerial()
{
	pki_x509 *cert = (pki_x509 *)getSelected();
	if (!cert) return;
	a1int serial = cert->getCaSerial();
	bool ok;
	a1int nserial = QInputDialog::getInteger (tr(XCA_TITLE),
			tr("Please enter the new Serial for signing"),
			serial.getLong(), serial.getLong(), 2147483647, 1, &ok, this );
	if (ok && nserial > serial) {
		cert->setCaSerial(nserial);
		db->updatePKI(cert);
	}
}

void CertView::setCrlDays()
{
	pki_x509 *cert = (pki_x509 *)getSelected();
	if (!cert) return;
	int crlDays = cert->getCrlDays();
	bool ok;
	int nCrlDays = QInputDialog::getInteger (tr(XCA_TITLE),
			tr("Please enter the CRL renewal periode in days"),
			crlDays, 1, 2147483647, 1, &ok, this );
	if (ok && (crlDays != nCrlDays)) {
		cert->setCrlDays(nCrlDays);
		db->updatePKI(cert);
	}
}

void CertView::setTemplate()
{
	pki_x509 *cert = (pki_x509 *)getSelected();
	if (!cert) return;
	QString templ = cert->getTemplate();
	QStringList tempList = MainWindow::temps->getDesc();
	unsigned int i, sel=0;
	bool ok;
	for (i=0; i<tempList.count(); i++) {
		if (tempList[i] == templ) {
			sel = i;
		}
	}
	QString nTempl = QInputDialog::getItem (tr(XCA_TITLE),
			tr("Please select the default Template for signing"),
			tempList, sel, false, &ok, this );
	if (ok && (templ != nTempl)) {
		cert->setTemplate(nTempl);
		db->updatePKI(cert);
	}
}


void CertView::changeView(QPushButton *b)
{
	CHECK_DB
	if (viewState == 0) { // Plain view
		viewState = 1;
		b->setText(tr("Plain View"));
	}
	else { // Tree View
		viewState = 0;
		b->setText(tr("Tree View"));
	}
	updateView();
}

#define fopenerror(file) \
	QMessageBox::warning(this,tr(XCA_TITLE), \
       		tr("The file '") + file + tr("' could not be opened"));

void CertView::toTinyCA()
{
#ifndef WIN32
	pki_x509 *crt = (pki_x509 *)getSelected();
	if (!crt) return;
	pki_key *key = crt->getRefKey();
	if (!key) return;
	FILE *fp, *fpr;
	char buf[200];
	QList<pki_x509> list;
	pki_x509 *issuedcert;
	QString dname = crt->getIntName();
	QString tcatempdir = MainWindow::settings->getString("TinyCAtempdir");
	QString tcadir = MainWindow::settings->getString("TinyCAdir");
	if (tcatempdir.isEmpty()) {
		tcatempdir = "templates";
	}
	if (tcadir.isEmpty()) {
		tcadir = QDir::homeDirPath();
		tcadir += QDir::separator();
		tcadir += ".TinyCA";
	}
	ExportTinyCA *dlg = new ExportTinyCA( tcatempdir, tcadir, this, NULL);
	if (!dlg->exec()) return;
	
	tcatempdir = dlg->tempdir->text();
	tcadir = dlg->tinycadir->text();
	dname = dlg->dname->text();
	
	MainWindow::settings->putString("TinyCAtempdir", tcatempdir);
	MainWindow::settings->putString("TinyCAdir", tcadir);
	
	if (dname.isEmpty()) return;
	const EVP_CIPHER *enc = EVP_des_ede3_cbc();
	
	
	// OK, we have all names now...
	tcadir += QDir::separator();
        tcadir += dname;
	
	//create directory tree
	if (! mkDir(tcadir)) return;
	chdir(tcadir);
	if (! mkDir("certs")) return;
	if (! mkDir("crl")) return;
	if (! mkDir("keys")) return;
	if (! mkDir("newcerts")) return;
	if (! mkDir("req")) return;
	
	// write the CA cert and key
	crt->writeCert("cacert.pem", true, false);
	key->writeKey("cacert.key", enc, &MainWindow::passWrite, true);
	// write the crl
	chdir("crl");
	pki_crl *crl; // FIXME:  = genCrl(crt);
	crl->writeCrl("crl.pem");
	delete crl;
	chdir("..");
	// write the serial
	fp = fopen("serial", "w");
	if (!fp) {
		fopenerror("serial");
		return;
	}
	fprintf(fp, "%08lx", crt->getCaSerial().getLong());
	fclose(fp);
	
	// copy openssl.cnf
	tcatempdir += QDir::separator();
	tcatempdir += "openssl.cnf";
	fpr = fopen(tcatempdir, "r");
	if (!fpr) {
		fopenerror("openssl.cnf" );
		return;
	}
	fp = fopen("openssl.cnf", "w");
	if (!fp) {
		fopenerror("openssl.cnf" );
		fclose(fpr);
		return;
	}
	while (fgets(buf ,200, fpr) != NULL) {
		char *x = strstr(buf,"%dir%");
		if (x != 0) {
			x[0]='\0';
			fputs(buf, fp);
			fputs(tcadir, fp);
			fputs(x+5, fp);
		}
		else {
			fputs(buf, fp);
		}
	}
	fclose(fp);
	fclose(fpr);
	
	// store the issued certificates
	fp = fopen("index.txt", "w");
        if (!fp) return;
	list = ((db_x509 *)db)->getIssuedCerts(crt);
	if (!list.isEmpty()) {
       		for ( issuedcert = list.first(); issuedcert != NULL; issuedcert = list.next() ) {
			QString fname = issuedcert->tinyCAfname();
			chdir("certs");
			crt->writeCert(fname, true, false);
			chdir("..");
			key = issuedcert->getRefKey();
			if (key) {
				chdir("keys");
				key->writeKey(fname, NULL, &MainWindow::passWrite, true);
				chdir("..");
			}
			fprintf(fp, "%c\t%s\t%s\t%s\tunknown\t%s\n", 
					issuedcert->isRevoked() ? 'R':'V', 
					issuedcert->getNotAfter().toPlain().latin1(),
					issuedcert->getRevoked().toPlain().latin1(),
					issuedcert->getSerial().toHex().latin1(), 
					issuedcert->getSubject().oneLine().latin1() );
			
		}
	}
	fclose(fp);
	
#endif	
}	

void CertView::updateView()
{
	clear();
	setRootIsDecorated(true);
	pki_x509 *pki, *signer;
	pki_base *pkib;
	QListViewItem *parentitem,  *current;
	QList<pki_base> container = db->getContainer();
	if ( container.isEmpty() ) return;
	QList<pki_base> mycont = container;
	for ( pkib = container.first(); pkib != NULL; pkib = container.next() ) pkib->delLvi();
	while (! mycont.isEmpty() ) {
		QListIterator<pki_base> it(mycont);
		for ( ; it.current(); ++it ) {
			pki = (pki_x509 *)it.current();
			parentitem = NULL;
			signer = pki->getSigner();
			// foreign signed
			if ((signer != pki) && (signer != NULL) && (viewState != 0)) 
				parentitem = signer->getLvi();
			if (((parentitem != NULL) || (signer == pki) || (signer == NULL)
				|| viewState == 0) && (pki->getLvi() == NULL )) {
				// create the listview item
				if (parentitem != NULL) {
					current = new QListViewItem(parentitem);
				}
				else {
					current = new QListViewItem(this);
				}
				pki->setLvi(current);
				mycont.remove(pki);
				pki->updateView();
				it.toFirst();
			}
		}
	}
	return;
}

bool CertView::mkDir(QString dir)
{
#ifdef WIN32
        int ret = mkdir(dir.latin1());
        // in direct.h declare _CRTIMP int __cdecl mkdir(const char *);
#else
        int ret = mkdir(dir.latin1(), S_IRUSR | S_IWUSR | S_IXUSR);
#endif
        if (ret) {
                QString desc = " (";
                desc += strerror(ret);
                desc += ")";
                QMessageBox::critical(this,tr(XCA_TITLE),
                        tr("Error creating: ") + dir + desc);
                return false;
        }
        return true;

}

void CertView::updateViewAll()
{
	emit init_database();
	QList<pki_base> c = db->getContainer();
	for (pki_x509 *pki = (pki_x509 *)c.first(); pki != 0; pki = (pki_x509 *)c.next() ) 
		pki->updateView();
	return;
}

void CertView::genCrl()
{
	emit genCrl((pki_x509 *)getSelected());
}

void CertView::importKey(pki_key *key)
{
	MainWindow::keys->insert(key);
}

void CertView::importCert(pki_x509 *cert)
{
	db->insert(cert);
}

void CertView::showKey(QString name)
{
	pki_key *key = (pki_key *)MainWindow::keys->getByName(name);
	showKey(key);
}

void CertView::showKey(pki_key *key)
{
	KeyDetail *dlg = NULL;
	if (!key) return;
	try {   
		dlg = new KeyDetail(this, 0, true, 0 );
		dlg->setKey(key);
		dlg->exec();
	} 
	catch (errorEx &err) {
		Error(err);
	}
	if (dlg)
		delete dlg;
}