qsslcertificate_openssl.cpp

Absolute File Name:/home/qt/qt5_coco/qt5/qtbase/src/network/ssl/qsslcertificate_openssl.cpp
Source codeSwitch to Preprocessed file
LineSourceCount
1/****************************************************************************-
2**-
3** Copyright (C) 2016 The Qt Company Ltd.-
4** Contact: https://www.qt.io/licensing/-
5**-
6** This file is part of the QtNetwork module of the Qt Toolkit.-
7**-
8** $QT_BEGIN_LICENSE:LGPL$-
9** Commercial License Usage-
10** Licensees holding valid commercial Qt licenses may use this file in-
11** accordance with the commercial license agreement provided with the-
12** Software or, alternatively, in accordance with the terms contained in-
13** a written agreement between you and The Qt Company. For licensing terms-
14** and conditions see https://www.qt.io/terms-conditions. For further-
15** information use the contact form at https://www.qt.io/contact-us.-
16**-
17** GNU Lesser General Public License Usage-
18** Alternatively, this file may be used under the terms of the GNU Lesser-
19** General Public License version 3 as published by the Free Software-
20** Foundation and appearing in the file LICENSE.LGPL3 included in the-
21** packaging of this file. Please review the following information to-
22** ensure the GNU Lesser General Public License version 3 requirements-
23** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.-
24**-
25** GNU General Public License Usage-
26** Alternatively, this file may be used under the terms of the GNU-
27** General Public License version 2.0 or (at your option) the GNU General-
28** Public license version 3 or any later version approved by the KDE Free-
29** Qt Foundation. The licenses are as published by the Free Software-
30** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3-
31** included in the packaging of this file. Please review the following-
32** information to ensure the GNU General Public License requirements will-
33** be met: https://www.gnu.org/licenses/gpl-2.0.html and-
34** https://www.gnu.org/licenses/gpl-3.0.html.-
35**-
36** $QT_END_LICENSE$-
37**-
38****************************************************************************/-
39-
40#include "qssl_p.h"-
41#include "qsslsocket_openssl_symbols_p.h"-
42#include "qsslcertificate_p.h"-
43#include "qsslkey_p.h"-
44#include "qsslcertificateextension_p.h"-
45-
46#include <QtCore/private/qmutexpool_p.h>-
47-
48QT_BEGIN_NAMESPACE-
49-
50// forward declaration-
51static QMap<QByteArray, QString> _q_mapFromX509Name(X509_NAME *name);-
52-
53bool QSslCertificate::operator==(const QSslCertificate &other) const-
54{-
55 if (d == other.d)-
56 return true;-
57 if (d->null && other.d->null)-
58 return true;-
59 if (d->x509 && other.d->x509)-
60 return q_X509_cmp(d->x509, other.d->x509) == 0;-
61 return false;-
62}-
63-
64uint qHash(const QSslCertificate &key, uint seed) Q_DECL_NOTHROW-
65{-
66 if (X509 * const x509 = key.d->x509) {
X509 * const x... = key.d->x509Description
TRUEnever evaluated
FALSEevaluated 4 times by 2 tests
Evaluated by:
  • tst_qsslcertificate - unknown status
  • tst_qsslerror - unknown status
0-4
67 (void)q_X509_cmp(x509, x509); // populate x509->sha1_hash-
68 // (if someone knows a better way...)-
69 return qHashBits(x509->sha1_hash, SHA_DIGEST_LENGTH, seed);
never executed: return qHashBits(x509->sha1_hash, 20, seed);
0
70 } else {-
71 return seed;
executed 4 times by 2 tests: return seed;
Executed by:
  • tst_qsslcertificate - unknown status
  • tst_qsslerror - unknown status
4
72 }-
73}-
74-
75bool QSslCertificate::isNull() const-
76{-
77 return d->null;-
78}-
79-
80bool QSslCertificate::isSelfSigned() const-
81{-
82 if (!d->x509)-
83 return false;-
84-
85 return (q_X509_check_issued(d->x509, d->x509) == X509_V_OK);-
86}-
87-
88QByteArray QSslCertificate::version() const-
89{-
90 QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));-
91 if (d->versionString.isEmpty() && d->x509)-
92 d->versionString =-
93 QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1);-
94-
95 return d->versionString;-
96}-
97-
98QByteArray QSslCertificate::serialNumber() const-
99{-
100 QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));-
101 if (d->serialNumberString.isEmpty() && d->x509) {-
102 ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber;-
103 QByteArray hexString;-
104 hexString.reserve(serialNumber->length * 3);-
105 for (int a = 0; a < serialNumber->length; ++a) {-
106 hexString += QByteArray::number(serialNumber->data[a], 16).rightJustified(2, '0');-
107 hexString += ':';-
108 }-
109 hexString.chop(1);-
110 d->serialNumberString = hexString;-
111 }-
112 return d->serialNumberString;-
113}-
114-
115QStringList QSslCertificate::issuerInfo(SubjectInfo info) const-
116{-
117 QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));-
118 // lazy init-
119 if (d->issuerInfo.isEmpty() && d->x509)-
120 d->issuerInfo =-
121 _q_mapFromX509Name(q_X509_get_issuer_name(d->x509));-
122-
123 return d->issuerInfo.values(d->subjectInfoToString(info));-
124}-
125-
126QStringList QSslCertificate::issuerInfo(const QByteArray &attribute) const-
127{-
128 QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));-
129 // lazy init-
130 if (d->issuerInfo.isEmpty() && d->x509)-
131 d->issuerInfo =-
132 _q_mapFromX509Name(q_X509_get_issuer_name(d->x509));-
133-
134 return d->issuerInfo.values(attribute);-
135}-
136-
137QStringList QSslCertificate::subjectInfo(SubjectInfo info) const-
138{-
139 QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));-
140 // lazy init-
141 if (d->subjectInfo.isEmpty() && d->x509)-
142 d->subjectInfo =-
143 _q_mapFromX509Name(q_X509_get_subject_name(d->x509));-
144-
145 return d->subjectInfo.values(d->subjectInfoToString(info));-
146}-
147-
148QStringList QSslCertificate::subjectInfo(const QByteArray &attribute) const-
149{-
150 QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));-
151 // lazy init-
152 if (d->subjectInfo.isEmpty() && d->x509)-
153 d->subjectInfo =-
154 _q_mapFromX509Name(q_X509_get_subject_name(d->x509));-
155-
156 return d->subjectInfo.values(attribute);-
157}-
158-
159QList<QByteArray> QSslCertificate::subjectInfoAttributes() const-
160{-
161 QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));-
162 // lazy init-
163 if (d->subjectInfo.isEmpty() && d->x509)-
164 d->subjectInfo =-
165 _q_mapFromX509Name(q_X509_get_subject_name(d->x509));-
166-
167 return d->subjectInfo.uniqueKeys();-
168}-
169-
170QList<QByteArray> QSslCertificate::issuerInfoAttributes() const-
171{-
172 QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));-
173 // lazy init-
174 if (d->issuerInfo.isEmpty() && d->x509)-
175 d->issuerInfo =-
176 _q_mapFromX509Name(q_X509_get_issuer_name(d->x509));-
177-
178 return d->issuerInfo.uniqueKeys();-
179}-
180-
181QMultiMap<QSsl::AlternativeNameEntryType, QString> QSslCertificate::subjectAlternativeNames() const-
182{-
183 QMultiMap<QSsl::AlternativeNameEntryType, QString> result;-
184-
185 if (!d->x509)-
186 return result;-
187-
188 STACK_OF(GENERAL_NAME) *altNames = (STACK_OF(GENERAL_NAME)*)q_X509_get_ext_d2i(d->x509, NID_subject_alt_name, 0, 0);-
189-
190 if (altNames) {-
191 for (int i = 0; i < q_sk_GENERAL_NAME_num(altNames); ++i) {-
192 const GENERAL_NAME *genName = q_sk_GENERAL_NAME_value(altNames, i);-
193 if (genName->type != GEN_DNS && genName->type != GEN_EMAIL)-
194 continue;-
195-
196 int len = q_ASN1_STRING_length(genName->d.ia5);-
197 if (len < 0 || len >= 8192) {-
198 // broken name-
199 continue;-
200 }-
201-
202 const char *altNameStr = reinterpret_cast<const char *>(q_ASN1_STRING_data(genName->d.ia5));-
203 const QString altName = QString::fromLatin1(altNameStr, len);-
204 if (genName->type == GEN_DNS)-
205 result.insert(QSsl::DnsEntry, altName);-
206 else if (genName->type == GEN_EMAIL)-
207 result.insert(QSsl::EmailEntry, altName);-
208 }-
209 q_sk_pop_free((STACK*)altNames, reinterpret_cast<void(*)(void*)>(q_sk_free));-
210 }-
211-
212 return result;-
213}-
214-
215QDateTime QSslCertificate::effectiveDate() const-
216{-
217 return d->notValidBefore;-
218}-
219-
220QDateTime QSslCertificate::expiryDate() const-
221{-
222 return d->notValidAfter;-
223}-
224-
225Qt::HANDLE QSslCertificate::handle() const-
226{-
227 return Qt::HANDLE(d->x509);-
228}-
229-
230QSslKey QSslCertificate::publicKey() const-
231{-
232 if (!d->x509)-
233 return QSslKey();-
234-
235 QSslKey key;-
236-
237 key.d->type = QSsl::PublicKey;-
238 X509_PUBKEY *xkey = d->x509->cert_info->key;-
239 EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey);-
240 Q_ASSERT(pkey);-
241-
242 if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) {-
243 key.d->rsa = q_EVP_PKEY_get1_RSA(pkey);-
244 key.d->algorithm = QSsl::Rsa;-
245 key.d->isNull = false;-
246 } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) {-
247 key.d->dsa = q_EVP_PKEY_get1_DSA(pkey);-
248 key.d->algorithm = QSsl::Dsa;-
249 key.d->isNull = false;-
250#ifndef OPENSSL_NO_EC-
251 } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_EC) {-
252 key.d->ec = q_EVP_PKEY_get1_EC_KEY(pkey);-
253 key.d->algorithm = QSsl::Ec;-
254 key.d->isNull = false;-
255#endif-
256 } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) {-
257 // DH unsupported-
258 } else {-
259 // error?-
260 }-
261-
262 q_EVP_PKEY_free(pkey);-
263 return key;-
264}-
265-
266/*-
267 * Convert unknown extensions to a QVariant.-
268 */-
269static QVariant x509UnknownExtensionToValue(X509_EXTENSION *ext)-
270{-
271 // Get the extension specific method object if available-
272 // we cast away the const-ness here because some versions of openssl-
273 // don't use const for the parameters in the functions pointers stored-
274 // in the object.-
275 X509V3_EXT_METHOD *meth = const_cast<X509V3_EXT_METHOD *>(q_X509V3_EXT_get(ext));-
276 if (!meth) {-
277 ASN1_OCTET_STRING *value = q_X509_EXTENSION_get_data(ext);-
278 QByteArray result( reinterpret_cast<const char *>(q_ASN1_STRING_data(value)),-
279 q_ASN1_STRING_length(value));-
280 return result;-
281 }-
282-
283 //const unsigned char *data = ext->value->data;-
284 void *ext_internal = q_X509V3_EXT_d2i(ext);-
285-
286 // If this extension can be converted-
287 if (meth->i2v && ext_internal) {-
288 STACK_OF(CONF_VALUE) *val = meth->i2v(meth, ext_internal, 0);-
289-
290 QVariantMap map;-
291 QVariantList list;-
292 bool isMap = false;-
293-
294 for (int j = 0; j < q_SKM_sk_num(CONF_VALUE, val); j++) {-
295 CONF_VALUE *nval = q_SKM_sk_value(CONF_VALUE, val, j);-
296 if (nval->name && nval->value) {-
297 isMap = true;-
298 map[QString::fromUtf8(nval->name)] = QString::fromUtf8(nval->value);-
299 } else if (nval->name) {-
300 list << QString::fromUtf8(nval->name);-
301 } else if (nval->value) {-
302 list << QString::fromUtf8(nval->value);-
303 }-
304 }-
305-
306 if (isMap)-
307 return map;-
308 else-
309 return list;-
310 } else if (meth->i2s && ext_internal) {-
311 //qCDebug(lcSsl) << meth->i2s(meth, ext_internal);-
312 QVariant result(QString::fromUtf8(meth->i2s(meth, ext_internal)));-
313 return result;-
314 } else if (meth->i2r && ext_internal) {-
315 QByteArray result;-
316-
317 BIO *bio = q_BIO_new(q_BIO_s_mem());-
318 if (!bio)-
319 return result;-
320-
321 meth->i2r(meth, ext_internal, bio, 0);-
322-
323 char *bio_buffer;-
324 long bio_size = q_BIO_get_mem_data(bio, &bio_buffer);-
325 result = QByteArray(bio_buffer, bio_size);-
326-
327 q_BIO_free(bio);-
328 return result;-
329 }-
330-
331 return QVariant();-
332}-
333-
334/*-
335 * Convert extensions to a variant. The naming of the keys of the map are-
336 * taken from RFC 5280, however we decided the capitalisation in the RFC-
337 * was too silly for the real world.-
338 */-
339static QVariant x509ExtensionToValue(X509_EXTENSION *ext)-
340{-
341 ASN1_OBJECT *obj = q_X509_EXTENSION_get_object(ext);-
342 int nid = q_OBJ_obj2nid(obj);-
343-
344 switch (nid) {-
345 case NID_basic_constraints:-
346 {-
347 BASIC_CONSTRAINTS *basic = reinterpret_cast<BASIC_CONSTRAINTS *>(q_X509V3_EXT_d2i(ext));-
348-
349 QVariantMap result;-
350 result[QLatin1String("ca")] = basic->ca ? true : false;-
351 if (basic->pathlen)-
352 result[QLatin1String("pathLenConstraint")] = (qlonglong)q_ASN1_INTEGER_get(basic->pathlen);-
353-
354 q_BASIC_CONSTRAINTS_free(basic);-
355 return result;-
356 }-
357 break;
dead code: break;
-
358 case NID_info_access:-
359 {-
360 AUTHORITY_INFO_ACCESS *info = reinterpret_cast<AUTHORITY_INFO_ACCESS *>(q_X509V3_EXT_d2i(ext));-
361-
362 QVariantMap result;-
363 for (int i=0; i < q_SKM_sk_num(ACCESS_DESCRIPTION, info); i++) {-
364 ACCESS_DESCRIPTION *ad = q_SKM_sk_value(ACCESS_DESCRIPTION, info, i);-
365-
366 GENERAL_NAME *name = ad->location;-
367 if (name->type == GEN_URI) {-
368 int len = q_ASN1_STRING_length(name->d.uniformResourceIdentifier);-
369 if (len < 0 || len >= 8192) {-
370 // broken name-
371 continue;-
372 }-
373-
374 const char *uriStr = reinterpret_cast<const char *>(q_ASN1_STRING_data(name->d.uniformResourceIdentifier));-
375 const QString uri = QString::fromUtf8(uriStr, len);-
376-
377 result[QString::fromUtf8(QSslCertificatePrivate::asn1ObjectName(ad->method))] = uri;-
378 } else {-
379 qCWarning(lcSsl) << "Strange location type" << name->type;-
380 }-
381 }-
382-
383#if OPENSSL_VERSION_NUMBER >= 0x10000000L-
384 q_sk_pop_free((_STACK*)info, reinterpret_cast<void(*)(void*)>(q_sk_free));-
385#else-
386 q_sk_pop_free((STACK*)info, reinterpret_cast<void(*)(void*)>(q_sk_free));-
387#endif-
388 return result;-
389 }-
390 break;
dead code: break;
-
391 case NID_subject_key_identifier:-
392 {-
393 void *ext_internal = q_X509V3_EXT_d2i(ext);-
394-
395 // we cast away the const-ness here because some versions of openssl-
396 // don't use const for the parameters in the functions pointers stored-
397 // in the object.-
398 X509V3_EXT_METHOD *meth = const_cast<X509V3_EXT_METHOD *>(q_X509V3_EXT_get(ext));-
399-
400 return QVariant(QString::fromUtf8(meth->i2s(meth, ext_internal)));-
401 }-
402 break;
dead code: break;
-
403 case NID_authority_key_identifier:-
404 {-
405 AUTHORITY_KEYID *auth_key = reinterpret_cast<AUTHORITY_KEYID *>(q_X509V3_EXT_d2i(ext));-
406-
407 QVariantMap result;-
408-
409 // keyid-
410 if (auth_key->keyid) {-
411 QByteArray keyid(reinterpret_cast<const char *>(auth_key->keyid->data),-
412 auth_key->keyid->length);-
413 result[QLatin1String("keyid")] = keyid.toHex();-
414 }-
415-
416 // issuer-
417 // TODO: GENERAL_NAMES-
418-
419 // serial-
420 if (auth_key->serial)-
421 result[QLatin1String("serial")] = (qlonglong)q_ASN1_INTEGER_get(auth_key->serial);-
422-
423 q_AUTHORITY_KEYID_free(auth_key);-
424 return result;-
425 }-
426 break;
dead code: break;
-
427 }-
428-
429 return QVariant();-
430}-
431-
432QSslCertificateExtension QSslCertificatePrivate::convertExtension(X509_EXTENSION *ext)-
433{-
434 QSslCertificateExtension result;-
435-
436 ASN1_OBJECT *obj = q_X509_EXTENSION_get_object(ext);-
437 QByteArray oid = QSslCertificatePrivate::asn1ObjectId(obj);-
438 QByteArray name = QSslCertificatePrivate::asn1ObjectName(obj);-
439-
440 result.d->oid = QString::fromUtf8(oid);-
441 result.d->name = QString::fromUtf8(name);-
442-
443 bool critical = q_X509_EXTENSION_get_critical(ext);-
444 result.d->critical = critical;-
445-
446 // Lets see if we have custom support for this one-
447 QVariant extensionValue = x509ExtensionToValue(ext);-
448 if (extensionValue.isValid()) {-
449 result.d->value = extensionValue;-
450 result.d->supported = true;-
451-
452 return result;-
453 }-
454-
455 extensionValue = x509UnknownExtensionToValue(ext);-
456 if (extensionValue.isValid()) {-
457 result.d->value = extensionValue;-
458 result.d->supported = false;-
459 return result;-
460 }-
461-
462 return result;-
463}-
464-
465QList<QSslCertificateExtension> QSslCertificate::extensions() const-
466{-
467 QList<QSslCertificateExtension> result;-
468-
469 if (!d->x509)-
470 return result;-
471-
472 int count = q_X509_get_ext_count(d->x509);-
473 result.reserve(count);-
474-
475 for (int i = 0; i < count; i++) {-
476 X509_EXTENSION *ext = q_X509_get_ext(d->x509, i);-
477 result << QSslCertificatePrivate::convertExtension(ext);-
478 }-
479-
480 return result;-
481}-
482-
483QByteArray QSslCertificate::toPem() const-
484{-
485 if (!d->x509)-
486 return QByteArray();-
487 return d->QByteArray_from_X509(d->x509, QSsl::Pem);-
488}-
489-
490QByteArray QSslCertificate::toDer() const-
491{-
492 if (!d->x509)-
493 return QByteArray();-
494 return d->QByteArray_from_X509(d->x509, QSsl::Der);-
495}-
496-
497QString QSslCertificate::toText() const-
498{-
499 if (!d->x509)-
500 return QString();-
501 return d->text_from_X509(d->x509);-
502}-
503-
504#define BEGINCERTSTRING "-----BEGIN CERTIFICATE-----"-
505#define ENDCERTSTRING "-----END CERTIFICATE-----"-
506-
507void QSslCertificatePrivate::init(const QByteArray &data, QSsl::EncodingFormat format)-
508{-
509 if (!data.isEmpty()) {
!data.isEmpty()Description
TRUEevaluated 73 times by 3 tests
Evaluated by:
  • tst_QNetworkReply
  • tst_qsslcertificate - unknown status
  • tst_qsslsocket - unknown status
FALSEevaluated 30192 times by 16 tests
Evaluated by:
  • tst_NetworkSelfTest
  • tst_QAbstractNetworkCache
  • tst_QHttpNetworkConnection
  • tst_QNetworkAccessManager_And_QProgressDialog
  • tst_QNetworkDiskCache
  • tst_QNetworkProxyFactory
  • tst_QNetworkReply
  • tst_QXmlInputSource
  • tst_Spdy
  • tst_qsslcertificate - unknown status
  • tst_qsslellipticcurve - unknown status
  • tst_qsslerror - unknown status
  • tst_qsslsocket - unknown status
  • tst_qsslsocket_onDemandCertificates_member - unknown status
  • tst_qsslsocket_onDemandCertificates_static - unknown status
  • tst_qtcpsocket - unknown status
73-30192
510 const QList<QSslCertificate> certs = (format == QSsl::Pem)
(format == QSsl::Pem)Description
TRUEevaluated 60 times by 3 tests
Evaluated by:
  • tst_QNetworkReply
  • tst_qsslcertificate - unknown status
  • tst_qsslsocket - unknown status
FALSEevaluated 13 times by 1 test
Evaluated by:
  • tst_qsslcertificate - unknown status
13-60
511 ? certificatesFromPem(data, 1)-
512 : certificatesFromDer(data, 1);-
513 if (!certs.isEmpty()) {
!certs.isEmpty()Description
TRUEevaluated 70 times by 3 tests
Evaluated by:
  • tst_QNetworkReply
  • tst_qsslcertificate - unknown status
  • tst_qsslsocket - unknown status
FALSEevaluated 3 times by 1 test
Evaluated by:
  • tst_qsslcertificate - unknown status
3-70
514 *this = *certs.first().d;-
515 if (x509)
x509Description
TRUEevaluated 70 times by 3 tests
Evaluated by:
  • tst_QNetworkReply
  • tst_qsslcertificate - unknown status
  • tst_qsslsocket - unknown status
FALSEnever evaluated
0-70
516 x509 = q_X509_dup(x509);
executed 70 times by 3 tests: x509 = q_X509_dup(x509);
Executed by:
  • tst_QNetworkReply
  • tst_qsslcertificate - unknown status
  • tst_qsslsocket - unknown status
70
517 }
executed 70 times by 3 tests: end of block
Executed by:
  • tst_QNetworkReply
  • tst_qsslcertificate - unknown status
  • tst_qsslsocket - unknown status
70
518 }
executed 73 times by 3 tests: end of block
Executed by:
  • tst_QNetworkReply
  • tst_qsslcertificate - unknown status
  • tst_qsslsocket - unknown status
73
519}
executed 30265 times by 16 tests: end of block
Executed by:
  • tst_NetworkSelfTest
  • tst_QAbstractNetworkCache
  • tst_QHttpNetworkConnection
  • tst_QNetworkAccessManager_And_QProgressDialog
  • tst_QNetworkDiskCache
  • tst_QNetworkProxyFactory
  • tst_QNetworkReply
  • tst_QXmlInputSource
  • tst_Spdy
  • tst_qsslcertificate - unknown status
  • tst_qsslellipticcurve - unknown status
  • tst_qsslerror - unknown status
  • tst_qsslsocket - unknown status
  • tst_qsslsocket_onDemandCertificates_member - unknown status
  • tst_qsslsocket_onDemandCertificates_static - unknown status
  • tst_qtcpsocket - unknown status
30265
520-
521// ### refactor against QSsl::pemFromDer() etc. (to avoid redundant implementations)-
522QByteArray QSslCertificatePrivate::QByteArray_from_X509(X509 *x509, QSsl::EncodingFormat format)-
523{-
524 if (!x509) {-
525 qCWarning(lcSsl, "QSslSocketBackendPrivate::X509_to_QByteArray: null X509");-
526 return QByteArray();-
527 }-
528-
529 // Use i2d_X509 to convert the X509 to an array.-
530 int length = q_i2d_X509(x509, 0);-
531 QByteArray array;-
532 array.resize(length);-
533 char *data = array.data();-
534 char **dataP = &data;-
535 unsigned char **dataPu = (unsigned char **)dataP;-
536 if (q_i2d_X509(x509, dataPu) < 0)-
537 return QByteArray();-
538-
539 if (format == QSsl::Der)-
540 return array;-
541-
542 // Convert to Base64 - wrap at 64 characters.-
543 array = array.toBase64();-
544 QByteArray tmp;-
545 for (int i = 0; i <= array.size() - 64; i += 64) {-
546 tmp += QByteArray::fromRawData(array.data() + i, 64);-
547 tmp += '\n';-
548 }-
549 if (int remainder = array.size() % 64) {-
550 tmp += QByteArray::fromRawData(array.data() + array.size() - remainder, remainder);-
551 tmp += '\n';-
552 }-
553-
554 return BEGINCERTSTRING "\n" + tmp + ENDCERTSTRING "\n";-
555}-
556-
557QString QSslCertificatePrivate::text_from_X509(X509 *x509)-
558{-
559 if (!x509) {-
560 qCWarning(lcSsl, "QSslSocketBackendPrivate::text_from_X509: null X509");-
561 return QString();-
562 }-
563-
564 QByteArray result;-
565 BIO *bio = q_BIO_new(q_BIO_s_mem());-
566 if (!bio)-
567 return QString();-
568-
569 q_X509_print(bio, x509);-
570-
571 QVarLengthArray<char, 16384> data;-
572 int count = q_BIO_read(bio, data.data(), 16384);-
573 if ( count > 0 ) {-
574 result = QByteArray( data.data(), count );-
575 }-
576-
577 q_BIO_free(bio);-
578-
579 return QString::fromLatin1(result);-
580}-
581-
582QByteArray QSslCertificatePrivate::asn1ObjectId(ASN1_OBJECT *object)-
583{-
584 char buf[80]; // The openssl docs a buffer length of 80 should be more than enough-
585 q_OBJ_obj2txt(buf, sizeof(buf), object, 1); // the 1 says always use the oid not the long name-
586-
587 return QByteArray(buf);-
588}-
589-
590-
591QByteArray QSslCertificatePrivate::asn1ObjectName(ASN1_OBJECT *object)-
592{-
593 int nid = q_OBJ_obj2nid(object);-
594 if (nid != NID_undef)-
595 return QByteArray(q_OBJ_nid2sn(nid));-
596-
597 return asn1ObjectId(object);-
598}-
599-
600static QMap<QByteArray, QString> _q_mapFromX509Name(X509_NAME *name)-
601{-
602 QMap<QByteArray, QString> info;-
603 for (int i = 0; i < q_X509_NAME_entry_count(name); ++i) {-
604 X509_NAME_ENTRY *e = q_X509_NAME_get_entry(name, i);-
605-
606 QByteArray name = QSslCertificatePrivate::asn1ObjectName(q_X509_NAME_ENTRY_get_object(e));-
607 unsigned char *data = 0;-
608 int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));-
609 info.insertMulti(name, QString::fromUtf8((char*)data, size));-
610 q_CRYPTO_free(data);-
611 }-
612-
613 return info;-
614}-
615-
616QSslCertificate QSslCertificatePrivate::QSslCertificate_from_X509(X509 *x509)-
617{-
618 QSslCertificate certificate;-
619 if (!x509 || !QSslSocket::supportsSsl())-
620 return certificate;-
621-
622 ASN1_TIME *nbef = q_X509_get_notBefore(x509);-
623 ASN1_TIME *naft = q_X509_get_notAfter(x509);-
624 certificate.d->notValidBefore = q_getTimeFromASN1(nbef);-
625 certificate.d->notValidAfter = q_getTimeFromASN1(naft);-
626 certificate.d->null = false;-
627 certificate.d->x509 = q_X509_dup(x509);-
628-
629 return certificate;-
630}-
631-
632static bool matchLineFeed(const QByteArray &pem, int *offset)-
633{-
634 char ch = 0;-
635-
636 // ignore extra whitespace at the end of the line-
637 while (*offset < pem.size() && (ch = pem.at(*offset)) == ' ')-
638 ++*offset;-
639-
640 if (ch == '\n') {-
641 *offset += 1;-
642 return true;-
643 }-
644 if (ch == '\r' && pem.size() > (*offset + 1) && pem.at(*offset + 1) == '\n') {-
645 *offset += 2;-
646 return true;-
647 }-
648 return false;-
649}-
650-
651QList<QSslCertificate> QSslCertificatePrivate::certificatesFromPem(const QByteArray &pem, int count)-
652{-
653 QList<QSslCertificate> certificates;-
654 QSslSocketPrivate::ensureInitialized();-
655-
656 int offset = 0;-
657 while (count == -1 || certificates.size() < count) {-
658 int startPos = pem.indexOf(BEGINCERTSTRING, offset);-
659 if (startPos == -1)-
660 break;-
661 startPos += sizeof(BEGINCERTSTRING) - 1;-
662 if (!matchLineFeed(pem, &startPos))-
663 break;-
664-
665 int endPos = pem.indexOf(ENDCERTSTRING, startPos);-
666 if (endPos == -1)-
667 break;-
668-
669 offset = endPos + sizeof(ENDCERTSTRING) - 1;-
670 if (offset < pem.size() && !matchLineFeed(pem, &offset))-
671 break;-
672-
673 QByteArray decoded = QByteArray::fromBase64(-
674 QByteArray::fromRawData(pem.data() + startPos, endPos - startPos));-
675 const unsigned char *data = (const unsigned char *)decoded.data();-
676-
677 if (X509 *x509 = q_d2i_X509(0, &data, decoded.size())) {-
678 certificates << QSslCertificate_from_X509(x509);-
679 q_X509_free(x509);-
680 }-
681 }-
682-
683 return certificates;-
684}-
685-
686QList<QSslCertificate> QSslCertificatePrivate::certificatesFromDer(const QByteArray &der, int count)-
687{-
688 QList<QSslCertificate> certificates;-
689 QSslSocketPrivate::ensureInitialized();-
690-
691 const unsigned char *data = (const unsigned char *)der.data();-
692 int size = der.size();-
693-
694 while (size > 0 && (count == -1 || certificates.size() < count)) {-
695 if (X509 *x509 = q_d2i_X509(0, &data, size)) {-
696 certificates << QSslCertificate_from_X509(x509);-
697 q_X509_free(x509);-
698 } else {-
699 break;-
700 }-
701 size -= ((const char *)data - der.data());-
702 }-
703-
704 return certificates;-
705}-
706-
707QT_END_NAMESPACE-
Source codeSwitch to Preprocessed file
Generated by Squish Coco Non-Commercial 4.3.0-BETA-master-30-08-2018-4cb69e9