diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-06-21 12:16:00 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-07-08 19:23:08 +0000 |
commit | 10877c3ec0184e6c2a07b8775d32c8efc38a29a3 (patch) | |
tree | e5e1c69e2008205b2178c940c47c1349d6e41c7b /src/core/client_cert_select_controller.cpp | |
parent | a83fd13f62673ce439bdfea55238f9d8ef8676ce (diff) |
Enable client certificate store
Creates the default client cerficate store for the platform and when
given a choice of client certificates forwards to the choice to
the application.
Only a Widgets API for now.
Task-number: QTBUG-54877
Change-Id: Ie15152398d5769579fa0c07e3e3035c2374e9940
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Diffstat (limited to 'src/core/client_cert_select_controller.cpp')
-rw-r--r-- | src/core/client_cert_select_controller.cpp | 123 |
1 files changed, 123 insertions, 0 deletions
diff --git a/src/core/client_cert_select_controller.cpp b/src/core/client_cert_select_controller.cpp new file mode 100644 index 000000000..16d23454f --- /dev/null +++ b/src/core/client_cert_select_controller.cpp @@ -0,0 +1,123 @@ +/**************************************************************************** +** +** Copyright (C) 2018 The Qt Company Ltd. +** Contact: https://www.qt.io/licensing/ +** +** This file is part of the QtWebEngine module of the Qt Toolkit. +** +** $QT_BEGIN_LICENSE:LGPL$ +** Commercial License Usage +** Licensees holding valid commercial Qt licenses may use this file in +** accordance with the commercial license agreement provided with the +** Software or, alternatively, in accordance with the terms contained in +** a written agreement between you and The Qt Company. For licensing terms +** and conditions see https://www.qt.io/terms-conditions. For further +** information use the contact form at https://www.qt.io/contact-us. +** +** GNU Lesser General Public License Usage +** Alternatively, this file may be used under the terms of the GNU Lesser +** General Public License version 3 as published by the Free Software +** Foundation and appearing in the file LICENSE.LGPL3 included in the +** packaging of this file. Please review the following information to +** ensure the GNU Lesser General Public License version 3 requirements +** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. +** +** GNU General Public License Usage +** Alternatively, this file may be used under the terms of the GNU +** General Public License version 2.0 or (at your option) the GNU General +** Public license version 3 or any later version approved by the KDE Free +** Qt Foundation. The licenses are as published by the Free Software +** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 +** included in the packaging of this file. Please review the following +** information to ensure the GNU General Public License requirements will +** be met: https://www.gnu.org/licenses/gpl-2.0.html and +** https://www.gnu.org/licenses/gpl-3.0.html. +** +** $QT_END_LICENSE$ +** +****************************************************************************/ + +#include "client_cert_select_controller.h" + +#include <base/bind.h> +#include <content/public/browser/client_certificate_delegate.h> +#include <net/cert/x509_certificate.h> +#include <net/ssl/client_cert_identity.h> +#include <net/ssl/ssl_cert_request_info.h> +#include <net/ssl/ssl_info.h> + +#include "type_conversion.h" + +QT_BEGIN_NAMESPACE + +using namespace QtWebEngineCore; + +ClientCertSelectController::ClientCertSelectController(net::SSLCertRequestInfo *certRequestInfo, + std::vector<std::unique_ptr<net::ClientCertIdentity>> clientCerts, + std::unique_ptr<content::ClientCertificateDelegate> delegate) + : m_clientCerts(std::move(clientCerts)) + , m_delegate(std::move(delegate)) + , m_selected(false) +{ + m_hostAndPort.setHost(QString::fromStdString(certRequestInfo->host_and_port.HostForURL())); + m_hostAndPort.setPort(certRequestInfo->host_and_port.port()); +} + +ClientCertSelectController::~ClientCertSelectController() +{ + // Continue without a client certificate, for instance if the app has not + // implemented support for client certificate selection. + if (!m_selected) + m_delegate->ContinueWithCertificate(nullptr, nullptr); +} + +#if QT_CONFIG(ssl) + +void ClientCertSelectController::selectNone() +{ + if (m_selected) { + qWarning() << "ClientCertSelectController::selectNone() certicate already selected"; + return; + } + m_selected = true; + m_delegate->ContinueWithCertificate(nullptr, nullptr); +} + +void ClientCertSelectController::select(const QSslCertificate &certificate) +{ + if (m_selected) { + qWarning() << "ClientCertSelectController::select() certicate already selected"; + return; + } + QByteArray derCertificate = certificate.toDer(); + scoped_refptr<net::X509Certificate> selectedCert = + net::X509Certificate::CreateFromBytes(derCertificate.constData(), derCertificate.length()); + for (auto &certInfo : m_clientCerts) { + scoped_refptr<net::X509Certificate> cert = certInfo->certificate(); + if (cert->Equals(selectedCert.get())) { + m_selected = true; + net::ClientCertIdentity::SelfOwningAcquirePrivateKey( + std::move(certInfo), + base::Bind(&content::ClientCertificateDelegate::ContinueWithCertificate, + base::Passed(std::move(m_delegate)), std::move(cert))); + return; + } + } + qWarning() << "ClientCertSelectController::select() - selected client certificate not recognized." + << " Selected certificate needs to be one of the offered"; +} + +QVector<QSslCertificate> ClientCertSelectController::certificates() const +{ + QVector<QSslCertificate> out; + for (auto &cert : m_clientCerts) { + std::vector<std::string> pem_encoded; + if (cert->certificate()->GetPEMEncodedChain(&pem_encoded)) + out.append(QSslCertificate(QByteArray::fromStdString(pem_encoded.front()))); + } + return out; +} + +#endif // QT_CONFIG(ssl) + +QT_END_NAMESPACE |