3
#include <QDomDocument>
8
#include "applicationinfo.h"
15
* \brief A class providing utility functions for Certificates.
19
* \brief Returns the list of directories with certificates.
21
static QStringList certificateStores()
24
l += ApplicationInfo::resourcesDir() + "/certs";
25
l += ApplicationInfo::homeDir() + "/certs";
30
* \brief Returns the collection of all available certificates.
31
* This collection includes the system-wide certificates, as well as any
32
* custom certificate in the Psi-specific cert dirs.
34
CertificateCollection CertUtil::allCertificates()
36
CertificateCollection certs(systemStore());
37
QStringList stores = certificateStores();
38
for (QStringList::ConstIterator s = stores.begin(); s != stores.end(); ++s) {
41
// Read in PEM certificates
42
store.setNameFilters(QStringList("*.crt") + QStringList("*.pem"));
43
QStringList cert_files = store.entryList();
44
for (QStringList::ConstIterator c = cert_files.begin(); c != cert_files.end(); ++c) {
45
//qDebug() << "certutil.cpp: Reading " << store.filePath(*c);
47
Certificate cert = Certificate::fromPEMFile(store.filePath(*c),&result);
48
if (result == ConvertGood) {
49
certs.addCertificate(cert);
52
qWarning(QString("certutil.cpp: Invalid PEM certificate: %1").arg(store.filePath(*c)));
56
// Read in old XML format certificates (DEPRECATED)
57
store.setNameFilter("*.xml");
58
cert_files = store.entryList();
59
for(QStringList::ConstIterator it = cert_files.begin(); it != cert_files.end(); ++it) {
60
qWarning(QString("Loading certificate in obsolete XML format: %1").arg(store.filePath(*it)));
61
QFile f(store.filePath(*it));
62
if(!f.open(QIODevice::ReadOnly))
65
bool ok = doc.setContent(&f);
70
QDomElement base = doc.documentElement();
71
if(base.tagName() != "store")
73
QDomNodeList cl = base.elementsByTagName("certificate");
75
for(int n = 0; n < (int)cl.count(); ++n) {
76
QDomElement data = cl.item(n).toElement().elementsByTagName("data").item(0).toElement();
79
Certificate cert = Certificate::fromDER(Base64().stringToArray(data.text()).toByteArray(),&result);
80
if (result == ConvertGood) {
81
certs.addCertificate(cert);
84
qWarning(QString("certutil.cpp: Invalid XML certificate: %1").arg(store.filePath(*it)));
93
QString CertUtil::validityToString(QCA::Validity v)
98
case QCA::ValidityGood:
101
case QCA::ErrorRejected:
102
s = "Root CA is marked to reject the specified purpose";
104
case QCA::ErrorUntrusted:
105
s = "Certificate not trusted for the required purpose";
107
case QCA::ErrorSignatureFailed:
108
s = "Invalid signature";
110
case QCA::ErrorInvalidCA:
111
s = "Invalid CA certificate";
113
case QCA::ErrorInvalidPurpose:
114
s = "Invalid certificate purpose";
116
case QCA::ErrorSelfSigned:
117
s = "Certificate is self-signed";
119
case QCA::ErrorRevoked:
120
s = "Certificate has been revoked";
122
case QCA::ErrorPathLengthExceeded:
123
s = "Maximum certificate chain length exceeded";
125
case QCA::ErrorExpired:
126
s = "Certificate has expired";
128
case QCA::ErrorExpiredCA:
129
s = "CA has expired";
131
case QCA::ErrorValidityUnknown:
133
s = "General certificate validation error";
139
QString CertUtil::resultToString(int result, QCA::Validity validity)
143
case QCA::TLS::NoCertificate:
144
s = QObject::tr("The server did not present a certificate.");
146
case QCA::TLS::Valid:
147
s = QObject::tr("Certificate is valid.");
149
case QCA::TLS::HostMismatch:
150
s = QObject::tr("The hostname does not match the one the certificate was issued to.");
152
case QCA::TLS::InvalidCertificate:
153
s = validityToString(validity);
157
s = QObject::tr("General certificate validation error.");