From 10877c3ec0184e6c2a07b8775d32c8efc38a29a3 Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen Date: Thu, 21 Jun 2018 12:16:00 +0200 Subject: Enable client certificate store Creates the default client cerficate store for the platform and when given a choice of client certificates forwards to the choice to the application. Only a Widgets API for now. Task-number: QTBUG-54877 Change-Id: Ie15152398d5769579fa0c07e3e3035c2374e9940 Reviewed-by: Michal Klocek --- src/core/client_cert_select_controller.cpp | 123 +++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) create mode 100644 src/core/client_cert_select_controller.cpp (limited to 'src/core/client_cert_select_controller.cpp') diff --git a/src/core/client_cert_select_controller.cpp b/src/core/client_cert_select_controller.cpp new file mode 100644 index 000000000..16d23454f --- /dev/null +++ b/src/core/client_cert_select_controller.cpp @@ -0,0 +1,123 @@ +/**************************************************************************** +** +** Copyright (C) 2018 The Qt Company Ltd. +** Contact: https://www.qt.io/licensing/ +** +** This file is part of the QtWebEngine module of the Qt Toolkit. +** +** $QT_BEGIN_LICENSE:LGPL$ +** Commercial License Usage +** Licensees holding valid commercial Qt licenses may use this file in +** accordance with the commercial license agreement provided with the +** Software or, alternatively, in accordance with the terms contained in +** a written agreement between you and The Qt Company. For licensing terms +** and conditions see https://www.qt.io/terms-conditions. For further +** information use the contact form at https://www.qt.io/contact-us. +** +** GNU Lesser General Public License Usage +** Alternatively, this file may be used under the terms of the GNU Lesser +** General Public License version 3 as published by the Free Software +** Foundation and appearing in the file LICENSE.LGPL3 included in the +** packaging of this file. Please review the following information to +** ensure the GNU Lesser General Public License version 3 requirements +** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. +** +** GNU General Public License Usage +** Alternatively, this file may be used under the terms of the GNU +** General Public License version 2.0 or (at your option) the GNU General +** Public license version 3 or any later version approved by the KDE Free +** Qt Foundation. The licenses are as published by the Free Software +** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 +** included in the packaging of this file. Please review the following +** information to ensure the GNU General Public License requirements will +** be met: https://www.gnu.org/licenses/gpl-2.0.html and +** https://www.gnu.org/licenses/gpl-3.0.html. +** +** $QT_END_LICENSE$ +** +****************************************************************************/ + +#include "client_cert_select_controller.h" + +#include +#include +#include +#include +#include +#include + +#include "type_conversion.h" + +QT_BEGIN_NAMESPACE + +using namespace QtWebEngineCore; + +ClientCertSelectController::ClientCertSelectController(net::SSLCertRequestInfo *certRequestInfo, + std::vector> clientCerts, + std::unique_ptr delegate) + : m_clientCerts(std::move(clientCerts)) + , m_delegate(std::move(delegate)) + , m_selected(false) +{ + m_hostAndPort.setHost(QString::fromStdString(certRequestInfo->host_and_port.HostForURL())); + m_hostAndPort.setPort(certRequestInfo->host_and_port.port()); +} + +ClientCertSelectController::~ClientCertSelectController() +{ + // Continue without a client certificate, for instance if the app has not + // implemented support for client certificate selection. + if (!m_selected) + m_delegate->ContinueWithCertificate(nullptr, nullptr); +} + +#if QT_CONFIG(ssl) + +void ClientCertSelectController::selectNone() +{ + if (m_selected) { + qWarning() << "ClientCertSelectController::selectNone() certicate already selected"; + return; + } + m_selected = true; + m_delegate->ContinueWithCertificate(nullptr, nullptr); +} + +void ClientCertSelectController::select(const QSslCertificate &certificate) +{ + if (m_selected) { + qWarning() << "ClientCertSelectController::select() certicate already selected"; + return; + } + QByteArray derCertificate = certificate.toDer(); + scoped_refptr selectedCert = + net::X509Certificate::CreateFromBytes(derCertificate.constData(), derCertificate.length()); + for (auto &certInfo : m_clientCerts) { + scoped_refptr cert = certInfo->certificate(); + if (cert->Equals(selectedCert.get())) { + m_selected = true; + net::ClientCertIdentity::SelfOwningAcquirePrivateKey( + std::move(certInfo), + base::Bind(&content::ClientCertificateDelegate::ContinueWithCertificate, + base::Passed(std::move(m_delegate)), std::move(cert))); + return; + } + } + qWarning() << "ClientCertSelectController::select() - selected client certificate not recognized." + << " Selected certificate needs to be one of the offered"; +} + +QVector ClientCertSelectController::certificates() const +{ + QVector out; + for (auto &cert : m_clientCerts) { + std::vector pem_encoded; + if (cert->certificate()->GetPEMEncodedChain(&pem_encoded)) + out.append(QSslCertificate(QByteArray::fromStdString(pem_encoded.front()))); + } + return out; +} + +#endif // QT_CONFIG(ssl) + +QT_END_NAMESPACE -- cgit v1.2.3