r3373 - in trunk: libmcrypto/include/libmcrypto libmcrypto/source minisip/minisip/gui/qtgui
mikaelsv at minisip.org
mikaelsv at minisip.org
Sun Aug 19 15:19:21 CEST 2007
Author: mikaelsv
Date: 2007-08-19 15:19:21 +0200 (Sun, 19 Aug 2007)
New Revision: 3373
Modified:
trunk/libmcrypto/include/libmcrypto/CertificateFinder.h
trunk/libmcrypto/include/libmcrypto/CertificatePathFinderUcd.h
trunk/libmcrypto/include/libmcrypto/cert.h
trunk/libmcrypto/source/CacheManager.cxx
trunk/libmcrypto/source/CertificateFinder.cxx
trunk/libmcrypto/source/CertificatePathFinderUcd.cxx
trunk/libmcrypto/source/cert.cxx
trunk/minisip/minisip/gui/qtgui/CertificateDialog.cxx
Log:
* Added support for verifying (and not just downloading) chains using the
up-cross-down algorithm.
* Switched from std::cerr to mdbg("ucd") in "my" classes
* Some minor updates that I don't remember
Note: the does-not-compile-on-win32-due-to-ldap-dependency bug
that Mikael M. found a couple of days ago is still not fixed.
Modified: trunk/libmcrypto/include/libmcrypto/CertificateFinder.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/CertificateFinder.h 2007-08-17 16:38:25 UTC (rev 3372)
+++ trunk/libmcrypto/include/libmcrypto/CertificateFinder.h 2007-08-19 13:19:21 UTC (rev 3373)
@@ -49,22 +49,22 @@
/* The constant used to determine the cache level */
#define USE_CERTIFICATE_CACHE CERTCACHEUSE_NORMAL
-#define USE_FINDCERTSFAILED_CACHE 0
+#define USE_FINDCERTSFAILED_CACHE 1
class LIBMCRYPTO_API CertificateFinderStats : public MObject {
public:
- CertificateFinderStats() : ldapQueries (0),
- ldapQueriesNoResult (0),
- ldapQueriesNoDirectory (0),
- ldapCertsDownloaded (0),
- dnsQueries (0),
- dnsQueriesNoResult (0),
- dnsSrvQueries (0),
- dnsSrvQueriesNoResult (0),
- cacheQueries (0),
+ CertificateFinderStats() : ldapQueries (0),
+ ldapQueriesNoResult (0),
+ ldapQueriesNoDirectory (0),
+ ldapCertsDownloaded (0),
+ dnsQueries (0),
+ dnsQueriesNoResult (0),
+ dnsSrvQueries (0),
+ dnsSrvQueriesNoResult (0),
+ cacheQueries (0),
cacheQueriesNoResult (0),
- certsProcessed (0),
+ certsProcessed (0),
certsUseful (0)
{ }
Modified: trunk/libmcrypto/include/libmcrypto/CertificatePathFinderUcd.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/CertificatePathFinderUcd.h 2007-08-17 16:38:25 UTC (rev 3372)
+++ trunk/libmcrypto/include/libmcrypto/CertificatePathFinderUcd.h 2007-08-19 13:19:21 UTC (rev 3373)
@@ -75,8 +75,11 @@
* @param curPath Vector containing the user's own certificates (the start of the chain).
* @param toCert The certificate that the algorithm should find a path to.
*/
- std::vector<MRef<Certificate*> > findUcdPath(std::vector<MRef<Certificate*> > curPath, MRef<Certificate*> toCert);
+ //std::vector<MRef<Certificate*> > findUcdPath(std::vector<MRef<Certificate*> > curPath, MRef<Certificate*> toCert);
+ MRef<CertificateChain*> findUcdPath(MRef<CertificateChain*> curPath, MRef<CertificateSet*> & rootCerts, MRef<Certificate*> & toCert);
+ MRef<CertificateChain*> findUcdPath(MRef<Certificate*> selfCert, MRef<Certificate*> upCert, MRef<Certificate*> toCert);
+
/**
* Prints statistics for the current CertificatePathFinderUcd instance.
*
Modified: trunk/libmcrypto/include/libmcrypto/cert.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/cert.h 2007-08-17 16:38:25 UTC (rev 3372)
+++ trunk/libmcrypto/include/libmcrypto/cert.h 2007-08-19 13:19:21 UTC (rev 3373)
@@ -357,12 +357,14 @@
virtual CertificateChain* clone();
virtual void addCertificate( MRef<Certificate *> cert );
+ virtual void addCertificateFirst( MRef<Certificate *> cert );
// virtual void remove_Certificate( MRef<Certificate *> cert );
virtual void removeLast();
virtual int control( MRef<CertificateSet *> cert_db )=0;
virtual MRef<Certificate *> getNext();
virtual MRef<Certificate *> getFirst();
+ virtual MRef<Certificate *> getLast();
virtual void clear();
Modified: trunk/libmcrypto/source/CacheManager.cxx
===================================================================
--- trunk/libmcrypto/source/CacheManager.cxx 2007-08-17 16:38:25 UTC (rev 3372)
+++ trunk/libmcrypto/source/CacheManager.cxx 2007-08-19 13:19:21 UTC (rev 3373)
@@ -26,7 +26,8 @@
#include <libmutil/stringutils.h>
#include <libmcrypto/cert.h>
#include <libmnetutil/FileDownloader.h>
-#include<libmutil/SipUri.h>
+#include <libmutil/SipUri.h>
+#include <libmutil/dbg.h>
#include <list>
#include <stack>
@@ -34,7 +35,7 @@
#include <iostream>
CacheManager::CacheManager() {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
/*
Certificate* cert;
@@ -53,39 +54,48 @@
certFiles.pop();
}
*/
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
}
MRef<DirectorySetItem*> CacheManager::findDirectory(const std::string domain, const std::string defaultSet) {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
std::vector<MRef<DirectorySetItem*> > res;
if (defaultSet.length() == 0) {
// Scan all directory sets
for (std::map<const std::string, MRef<DirectorySet*> >::iterator i = directorySets.begin(); i != directorySets.end(); i++) {
res = i->second->findItemsPrioritized(domain);
- if (!res.empty())
+ if (!res.empty()) {
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return res.front();
+ }
}
} else {
// Scan only one directory set, the one mentioned in the function parameters.
if (directorySets.find(defaultSet) != directorySets.end()) {
res = directorySets[defaultSet]->findItemsPrioritized(domain);
- if (!res.empty())
+ if (!res.empty()) {
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return res.front();
+ }
}
}
// Return empty item if no result found
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return MRef<DirectorySetItem*>();
}
MRef<DirectorySet*> CacheManager::getDirectorySet(std::string key) {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
- if (directorySets.find(key) != directorySets.end())
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
+ if (directorySets.find(key) != directorySets.end()) {
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return directorySets[key];
+ }
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return MRef<DirectorySet*>();
}
std::string CacheManager::addDirectory(const MRef<DirectorySetItem*> dirItem, std::string setKey) {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
if (0 == setKey.length()) {
setKey = getNewDirectorySetKey();
}
@@ -93,11 +103,13 @@
directorySets[setKey] = MRef<DirectorySet*>(new DirectorySet());
}
directorySets[setKey]->addItem(dirItem);
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return setKey;
}
std::string CacheManager::addDirectoryLdap(std::string url, std::string subTree, const std::string setKey) {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return addDirectory(MRef<DirectorySetItem*>(new DirectorySetItem(url, subTree)), setKey != "" ? setKey : getNewDirectorySetKey());
}
@@ -105,19 +117,23 @@
//void CacheManager::removeFromCache(MRef<CacheItem*> item);
std::string CacheManager::getNewDirectorySetKey() const {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
std::string newName = "dirset";
int num = 1;
while (directorySets.find(newName + itoa(num)) != directorySets.end())
num++;
+
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return newName;
}
std::string CacheManager::getNewCertificateSetKey() const {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
std::string newName = "certset";
int num = 1;
while (certificateSets.find(newName + itoa(num)) != certificateSets.end())
num++;
+
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return newName;
}
@@ -128,7 +144,7 @@
* @todo Subject and Issuer should NOT be used to identify certificates. Use *KeyIdentifier (?) and ??? instead.
*/
std::vector<MRef<Certificate*> > CacheManager::findCertificates(const std::string searchText, const std::string issuer, const std::string defaultSet) {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
std::vector<MRef<CertificateSetItem*> > tempRes;
std::vector<MRef<Certificate*> > res;
@@ -157,6 +173,7 @@
}
}
// Return empty item if no result found
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return res;
/*
@@ -185,7 +202,7 @@
}
std::string CacheManager::addCertificate(const MRef<Certificate*> cert, std::string setKey) {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
if (0 == setKey.length()) {
setKey = getNewCertificateSetKey();
}
@@ -193,18 +210,22 @@
certificateSets[setKey] = CertificateSet::create();
}
certificateSets[setKey]->addCertificate(cert);
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return setKey;
}
bool CacheManager::findCertsFailedBefore(const std::string searchText, const std::string issuer) {
for (std::list<MRef<CertFindSettings*> >::iterator i = failedCertSearches.begin(); i != failedCertSearches.end(); i++) {
- if ((*i)->searchText == searchText && (*i)->issuer == issuer)
+ if ((*i)->searchText == searchText && (*i)->issuer == issuer) {
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return true;
+ }
}
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return false;
}
void CacheManager::addFindCertsFailed(const std::string searchText, const std::string issuer) {
failedCertSearches.push_back(MRef<CertFindSettings*>(new CertFindSettings(searchText, issuer)));
- std::cerr << "Look-up failure using (" << searchText <<", "<<issuer << std::endl;
+ mdbg("ucd") << ">>> Look-up failure using {" << searchText << ", " << issuer << "}" << std::endl;
}
Modified: trunk/libmcrypto/source/CertificateFinder.cxx
===================================================================
--- trunk/libmcrypto/source/CertificateFinder.cxx 2007-08-17 16:38:25 UTC (rev 3372)
+++ trunk/libmcrypto/source/CertificateFinder.cxx 2007-08-19 13:19:21 UTC (rev 3373)
@@ -30,7 +30,8 @@
#include <libmnetutil/LdapCredentials.h>
#include <libmnetutil/NetworkFunctions.h>
-#include<libmutil/SipUri.h>
+#include <libmutil/SipUri.h>
+#include <libmutil/dbg.h>
#include <iostream>
CertificateFinder::CertificateFinder() : stats(NULL) {
@@ -63,7 +64,7 @@
* inetOrgPerson object or in some certificationAuthority object.
*/
std::vector<MRef<Certificate*> > CertificateFinder::find(const std::string subjectUri, MRef<Certificate*> curCert, int & effort, const bool typeCrossCert) {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
std::vector<MRef<Certificate*> > ret;
@@ -75,7 +76,7 @@
if (USE_FINDCERTSFAILED_CACHE) {
if (cacheManager->findCertsFailedBefore(subjectUri, issuer)) {
effort=MAX_EFFORT;
- return std::vector<MRef<Certificate*> >();
+ return ret;
}
}
/*
@@ -85,7 +86,7 @@
if (USE_CERTIFICATE_CACHE != CERTCACHEUSE_NONE) {
stats->cacheQueries++;
ret = cacheManager->findCertificates(subjectUri, issuer);
- std::cerr << " Found certificates in local cache: " << ret.size() << std::endl;
+ mdbg("ucd") << " Found certificates in local cache: " << ret.size() << std::endl;
if (!ret.empty()){
return ret;
} else {
@@ -113,7 +114,7 @@
LdapUrl url(sias.at(0));
ret = downloadFromLdap(url, subjectUri, issuer, typeCrossCert);
- std::cerr << " Found certificates using SIA: " << ret.size() << std::endl;
+ mdbg("ucd") << " Found certificates using SIA: " << ret.size() << std::endl;
if (!ret.empty()) {
return ret;
}
@@ -125,21 +126,29 @@
Try to find DNS SRV records specifying LDAP servers in the domain of the issuer.
*/
if (effort == 2){
+
std::string domain = getSubjectDomain(curCert);
- uint16_t port;
- std::string server=NetworkFunctions::getHostHandlingService("_ldap._tcp",
+ mdbg("ucd") << " DNS SRV record search:" << domain << std::endl;
+ uint16_t port = 0;
+ std::string server=NetworkFunctions::getHostHandlingService("_ldap._tcp",
domain,port);
server = "ldap://"+server;
- if (port!=0)
- server = server+":"+itoa(port);
+ if (port != 0)
+ server = server+":" + itoa(port);
LdapUrl url(server);
ret = downloadFromLdap(url, subjectUri, issuer, typeCrossCert);
- std::cerr << " Found certificates using SRV: " << ret.size() << std::endl;
+
+ mdbg("ucd") << " Found certificates using SRV: " << ret.size() << std::endl;
+ stats->dnsSrvQueries++;
+
if (!ret.empty()) {
+ stats->dnsSrvQueriesNoResult++;
return ret;
}
+
+ effort = 3;
}
/*
@@ -149,7 +158,6 @@
if (effort == 3) {
- std::string guessName = "";
/*
Note: An up-certificate is always issued to a CA, therefore the up-certificate
will NOT have a SIP URI as the subjectAltName. Assume that the subjectAltName
@@ -157,15 +165,16 @@
*/
std::vector<std::string> curAltNamesDomains = curCert->getAltName(Certificate::SAN_DNSNAME);
- if (curAltNamesDomains.size() > 0)
- guessName = curAltNamesDomains.at(0);
+ if (curAltNamesDomains.size() > 0) {
+ std::string guessName = "";
+ guessName = "ldap." + curAltNamesDomains.at(0);
- guessName = "ldap." + guessName;//subjectUri.substr(subjectUri.find('@',0)+1);
- ret = downloadFromLdap(LdapUrl("ldap://" + guessName), subjectUri, issuer, typeCrossCert);
- std::cerr << " Found certificates using domain name guessing (guess:" << guessName << "): " << ret.size() << std::endl;
- if (!ret.empty()) {
- effort = MAX_EFFORT;
- return ret;
+ ret = downloadFromLdap(LdapUrl("ldap://" + guessName), subjectUri, issuer, typeCrossCert);
+ mdbg("ucd") << " Found certificates using domain name guessing (guess:" << guessName << "): " << ret.size() << std::endl;
+ if (!ret.empty()) {
+ effort = MAX_EFFORT;
+ return ret;
+ }
}
}
if (USE_FINDCERTSFAILED_CACHE) {
@@ -181,9 +190,9 @@
*/
/*
std::vector<MRef<Certificate*> > CertificateFinder::findSubjectInfoAccess(const std::string subjectUri, const std::string issuer, const std::string siaUrl, const bool typeCrossCert) {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
std::vector<MRef<Certificate*> > temp = downloadFromLdap(LdapUrl(siaUrl), subjectUri, issuer, typeCrossCert);
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return temp;
}
*/
@@ -199,18 +208,18 @@
* it is an end-user certificates.
*/
std::vector<MRef<Certificate*> > CertificateFinder::downloadFromLdap(const LdapUrl & url, const std::string sipUri, const std::string issuer, const bool typeCrossCert) {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
// Create empty result list
std::vector<MRef<Certificate*> > res;
// Input validation!
if (!url.isValid()) {
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return res;
}
- std::cerr << " Looking for " << (typeCrossCert ? "CA (cross) certificate" : "end-user certificate") << " for " << sipUri << " (directory: " << url.getHost() << ")" << std::endl;
+ mdbg("ucd") << " Looking for " << (typeCrossCert ? "CA (cross) certificate" : "end-user certificate") << " for " << sipUri << " (directory: " << url.getHost() << ")" << std::endl;
if (stats != NULL) {
stats->dnsQueries++;
@@ -226,7 +235,7 @@
try {
if (stats != NULL) stats->ldapQueries++;
- std::cerr << " Connected" << std::endl;
+ mdbg("ucd") << " Connected" << std::endl;
// If the supplied LDAP URL does not specify a base DN we must try to find it ourselves
if (url.getDn().length() == 0)
@@ -238,7 +247,7 @@
std::vector<MRef<LdapEntry*> >::iterator iter;
std::vector<std::string> attrs;
- std::cerr << " Base: " << base << std::endl;
+ mdbg("ucd") << " Base: " << base << std::endl;
try {
/*
If we are looking for cross certificates we fetch crossCertifiatePairs from
@@ -274,15 +283,15 @@
stats->ts.save("downloadFromLdap:Search:End");
} catch (LdapException & ex) {
- std::cerr << " LdapException: " << ex.what() << std::endl;
+ mdbg("ucd") << " LdapException: " << ex.what() << std::endl;
}
- std::cerr << " " << result.size() << " entries found" << std::endl;
+ mdbg("ucd") << " " << result.size() << " entries found" << std::endl;
if (result.size() == 0)
if (stats != NULL) stats->ldapQueriesNoResult++;
for (iter = result.begin(); iter != result.end(); iter++) {
- std::cerr << " Found object in LDAP database" << std::endl;
+ mdbg("ucd") << " Found object in LDAP database" << std::endl;
std::vector<std::string> fileNames;
std::vector< MRef<LdapEntryBinaryValue*> > certs;
@@ -317,17 +326,17 @@
if (stats != NULL) stats->certsProcessed++;
- std::cerr << " Found binary attribute in LDAP database" << std::endl;
+ mdbg("ucd") << " Found binary attribute in LDAP database" << std::endl;
if (!cert.isNull()) {
if (stats != NULL) stats->ldapCertsDownloaded++;
- std::cerr << " Found certificate in LDAP database" << std::endl;
- std::cerr << " What we are looking for:" << std::endl;
- std::cerr << " Issuer: " << issuer << std::endl;
- std::cerr << " URI: " << sipUri << std::endl;
- std::cerr << " What we have:" << std::endl;
- std::cerr << " Issuer: " << cert->getIssuer() << std::endl;
- std::cerr << " URI in altName: " << cert->hasAltName(sipUri) << std::endl;
+ mdbg("ucd") << " Found certificate in LDAP database" << std::endl;
+ mdbg("ucd") << " What we are looking for:" << std::endl;
+ mdbg("ucd") << " Issuer: " << issuer << std::endl;
+ mdbg("ucd") << " URI: " << sipUri << std::endl;
+ mdbg("ucd") << " What we have:" << std::endl;
+ mdbg("ucd") << " Issuer: " << cert->getIssuer() << std::endl;
+ mdbg("ucd") << " URI in altName: " << cert->hasAltName(sipUri) << std::endl;
if (cert->getIssuer() == issuer && cert->hasAltName(sipUri)) {
/*
Bingo!
@@ -336,7 +345,7 @@
and the correct issuer name. Add the certificate to the result "set".
*/
if (stats != NULL) stats->certsUseful++;
- std::cerr << " Found MATCHING certificate in LDAP database" << std::endl;
+ mdbg("ucd") << " Found MATCHING certificate in LDAP database" << std::endl;
if (USE_CERTIFICATE_CACHE == CERTCACHEUSE_LOW) {
std::vector<MRef<Certificate*> > temp = cacheManager->findCertificates(cert->getName(), cert->getIssuer(), CACHEMANAGER_CERTSET_DOWNLOADED);
if (temp.size() == 0) {
@@ -356,7 +365,7 @@
}
}
} catch (LdapException & ex) {
- std::cerr << "LdapException: " << ex.what() << std::endl;
+ mdbg("ucd") << "LdapException: " << ex.what() << std::endl;
}
} else {
if (stats != NULL) stats->ldapQueriesNoDirectory++;
@@ -365,7 +374,7 @@
if (stats != NULL)
stats->ts.save("downloadFromLdap:Main:End");
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return res;
}
Modified: trunk/libmcrypto/source/CertificatePathFinderUcd.cxx
===================================================================
--- trunk/libmcrypto/source/CertificatePathFinderUcd.cxx 2007-08-17 16:38:25 UTC (rev 3372)
+++ trunk/libmcrypto/source/CertificatePathFinderUcd.cxx 2007-08-19 13:19:21 UTC (rev 3373)
@@ -23,32 +23,46 @@
#include <config.h>
#include <libmcrypto/CertificatePathFinderUcd.h>
-#include<libmutil/SipUri.h>
+#include <libmutil/SipUri.h>
+#include <libmutil/dbg.h>
#include <iostream>
CertificatePathFinderUcd::CertificatePathFinderUcd(MRef<CacheManager*> cm) : stats (new CertificateFinderStats()) {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
certFinder = MRef<CertificateFinder*>(new CertificateFinder(cm));
certFinder->setStatsObject(stats);
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
}
CertificatePathFinderUcd::~CertificatePathFinderUcd() {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
delete stats;
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
}
-std::vector<MRef<Certificate*> > CertificatePathFinderUcd::findUcdPath(std::vector<MRef<Certificate*> > curPath, MRef<Certificate*> toCert) {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+MRef<CertificateChain*> CertificatePathFinderUcd::findUcdPath(MRef<Certificate*> selfCert, MRef<Certificate*> upCert, MRef<Certificate*> toCert) {
- std::vector<MRef<Certificate*> > res;
- if (curPath.size() == 0)
+ MRef<CertificateSet*> roots = CertificateSet::create();
+ MRef<CertificateChain*> chain = CertificateChain::create();
+ roots->addCertificate(selfCert);
+ chain->addCertificate(upCert);
+
+ return findUcdPath(chain, roots, toCert);
+}
+
+MRef<CertificateChain*> CertificatePathFinderUcd::findUcdPath(MRef<CertificateChain*> curPath, MRef<CertificateSet*> & rootCerts, MRef<Certificate*> & toCert) {
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
+
+ mdbg("ucd") << " curPath is " << curPath->length() << " certificates long." << std::endl;
+
+ MRef<CertificateChain*> res = MRef<CertificateChain*>(CertificateChain::create());
+ if (curPath->length() == 0)
return res;
// Choose first subjectAltName that is a valid SIP URI
- std::cerr << " Pick out SIP URIs (or DNS names) from subjectAltName" << std::endl;
+ mdbg("ucd") << " Pick out SIP URIs (or DNS names) from subjectAltName" << std::endl;
- MRef<Certificate*> curCert = curPath.back();
+ //MRef<Certificate*> curCert = curPath->getLast();
+ MRef<Certificate*> curCert = curPath->getFirst();
stats->ts.save("findUcdPath:Main:Start");
@@ -82,39 +96,49 @@
}
}
if (!curUri.isValid() || !toUri.isValid()) {
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
stats->ts.save("findUcdPath:Main:End");
return res;
}
- std::cerr << " Found SIP URIs:" << std::endl;
- std::cerr << " curUri=" << curUri << std::endl << " toUri=" << toUri << std::endl;
+ mdbg("ucd") << " Found SIP URIs:" << std::endl;
+ mdbg("ucd") << " curUri=" << curUri.getString() << std::endl << " toUri=" << toUri.getString() << std::endl;
// Test if the last certificate in the chain can be verified using the second-to-last certificates.
// If that cannot be done we abort the search as the chain is broken. An empty list is returned
// to signify this fact.
- if (!verifyLastPair(curPath)) {
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
- stats->ts.save("findUcdPath:Main:End");
- return res;
+ //if (!verifyLastPair(curPath)) {
+ mdbg("ucd") << " curPath:" << std::endl;
+ for (MRef<Certificate*> i = curPath->getFirst(); !i.isNull(); i = curPath->getNext()) {
+ mdbg("ucd") << " " << i->getName() << std::endl;
}
+ if (curPath->length() > 1) {
+ stats->ts.save("findUcdPath:ChainVerification:Start");
+ if (!curPath->control(rootCerts)) {
+ stats->ts.save("findUcdPath:ChainVerification:End");
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
+ stats->ts.save("findUcdPath:Main:End");
+ return res;
+ }
+ stats->ts.save("findUcdPath:ChainVerification:End");
+ }
// Test if the subject name of the last found certificate matches the issuer name
// of the certificate that we are trying to get to. If so, we have found a (possible)
// path and we must only verify it before we can return the entire chain to the user!
- if (toCert->getIssuer() == curCert->getName() ){
- curPath.push_back(toCert);
- if (verifyLastPair(curPath)) {
+ if (toCert->getIssuer() == curCert->getName()){
+ curPath->addCertificateFirst(toCert);
+ if (curPath->control(rootCerts)) {
// Bingo!
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
stats->ts.save("findUcdPath:Main:End");
return curPath;
} else {
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
stats->ts.save("findUcdPath:Main:End");
- return std::vector<MRef<Certificate*> >();
+ return MRef<CertificateChain*>(CertificateChain::create());
}
}
@@ -151,14 +175,14 @@
for (i = nextCertCandidates.begin(); i != nextCertCandidates.end(); i++) {
- std::cerr << " DOWN-mode testing with " << (*i)->getCn() << " as last node in chain." << std::endl;
+ mdbg("ucd") << " DOWN-mode testing with " << (*i)->getCn() << " as last node in chain." << std::endl;
- std::vector<MRef<Certificate*> > testPath = curPath;
- testPath.push_back(*i);
- std::vector<MRef<Certificate*> > retPath = findUcdPath(testPath, toCert);
- if (!retPath.empty()) {
+ MRef<CertificateChain*> testPath = curPath->clone();
+ testPath->addCertificateFirst(*i);
+ MRef<CertificateChain*> retPath = findUcdPath(testPath, rootCerts, toCert);
+ if (!retPath->isEmpty()) {
stats->ts.save("findUcdPath:Main:End");
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return retPath;
}
}
@@ -174,13 +198,13 @@
for (i = nextCertCandidates.begin(); i != nextCertCandidates.end(); i++) {
- std::cerr << " CROSS-mode testing with " << (*i)->getCn() << " as last node in chain." << std::endl;
+ mdbg("ucd") << " CROSS-mode testing with " << (*i)->getCn() << " as last node in chain." << std::endl;
- std::vector<MRef<Certificate*> > testPath = curPath;
- testPath.push_back(*i);
- std::vector<MRef<Certificate*> > retPath = findUcdPath(testPath, toCert);
- if (!retPath.empty()) {
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+ MRef<CertificateChain*> testPath = curPath->clone();
+ testPath->addCertificateFirst(*i);
+ MRef<CertificateChain*> retPath = findUcdPath(testPath, rootCerts, toCert);
+ if (!retPath->isEmpty()) {
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
stats->ts.save("findUcdPath:Main:End");
return retPath;
}
@@ -194,54 +218,54 @@
nextCertCandidates = findUpCerts(curCert, toCert, upEffort, findEffort);
for (i = nextCertCandidates.begin(); i != nextCertCandidates.end(); i++) {
- std::cerr << " UP-mode testing with " << (*i)->getCn() << " as last node in chain." << std::endl;
+ mdbg("ucd") << " UP-mode testing with " << (*i)->getCn() << " as last node in chain." << std::endl;
- std::vector<MRef<Certificate*> > testPath = curPath;
- testPath.push_back(*i);
- std::vector<MRef<Certificate*> > retPath = findUcdPath(testPath, toCert);
- if (!retPath.empty()) {
+ MRef<CertificateChain*> testPath = curPath->clone();
+ testPath->addCertificateFirst(*i);
+ MRef<CertificateChain*> retPath = findUcdPath(testPath, rootCerts, toCert);
+ if (!retPath->isEmpty()) {
stats->ts.save("findUcdPath:Main:End");
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return retPath;
}
}
//} while ( ! (upEffort==MAX_EFFORT && findEffort==MAX_EFFORT) );
}
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
stats->ts.save("findUcdPath:Main:End");
- return std::vector<MRef<Certificate*> >();
+ return MRef<CertificateChain*>(CertificateChain::create());
}
std::vector<MRef<Certificate*> > CertificatePathFinderUcd::findCrossCerts (MRef<Certificate*> curCert, MRef<Certificate*> toCert, int& crossEffort, int& findEffort) {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
std::vector<std::string> candidates = candidateCrossPaths(toCert);
std::vector<MRef<Certificate*> > temp = findCerts(candidates, curCert, toCert, crossEffort, findEffort);
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return temp;
}
std::vector<MRef<Certificate*> > CertificatePathFinderUcd::findUpCerts (MRef<Certificate*> curCert, MRef<Certificate*> toCert, int& upEffort, int& findEffort) {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
std::vector<std::string> candidates = candidateUpPaths(curCert, toCert);
std::vector<MRef<Certificate*> > temp = findCerts(candidates, curCert, toCert, upEffort, findEffort);
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return temp;
}
std::vector<MRef<Certificate*> > CertificatePathFinderUcd::findDownCerts (MRef<Certificate*> curCert, MRef<Certificate*> toCert, int& downEffort, int& findEffort) {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
std::vector<std::string> candidates = candidateDownPaths(curCert, toCert);
std::vector<MRef<Certificate*> > temp = findCerts(candidates, curCert, toCert, downEffort, findEffort);
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return temp;
}
std::vector<MRef<Certificate*> > CertificatePathFinderUcd::findCerts (std::vector<std::string> candidates, MRef<Certificate*> curCert, MRef<Certificate*> toCert, int& phaseEffort, int& findEffort) {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
stats->ts.save("findCerts:Main:Start");
@@ -269,7 +293,7 @@
std::vector<MRef<Certificate*> > foundCerts = certFinder->find(candidates.at(phaseEffort), curCert, findEffort, true);
if (!foundCerts.empty()) {
// If any certificate where found we return them and feel happy about it!
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
stats->ts.save("findCerts:Main:End");
return foundCerts;
}
@@ -293,14 +317,14 @@
// Will the loop EVER break using this condition????
} while (! (phaseEffort==MAX_EFFORT && findEffort==MAX_EFFORT));
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
stats->ts.save("findCerts:Main:End");
return std::vector<MRef<Certificate*> >();
}
std::vector<std::string> CertificatePathFinderUcd::candidateUpPaths(MRef<Certificate*> curCert, MRef<Certificate*> toCert) {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
std::vector<std::string> tempCurrent = candidateCrossPaths(curCert);
std::vector<std::string> tempTo = candidateCrossPaths(toCert);
@@ -314,7 +338,7 @@
interested in what lies *above* curCert.domain.
*/
- std::cerr << " tempCurrent.size()=" << tempCurrent.size() << ", tempTo.size()=" << tempTo.size() << std::endl;
+ mdbg("ucd") << " tempCurrent.size()=" << tempCurrent.size() << ", tempTo.size()=" << tempTo.size() << std::endl;
if (tempCurrent.size() > 0)
tempCurrent.erase(tempCurrent.begin());
@@ -342,7 +366,7 @@
}
}
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return tempCurrent;
}
@@ -351,7 +375,7 @@
* point to the same domain (this function will resturn duplicates in the result...)
*/
std::vector<std::string> CertificatePathFinderUcd::candidateCrossPaths(MRef<Certificate*> toCert) {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
/*
Get list of alternative names of the intended target. Since the target can be both a
@@ -364,7 +388,7 @@
std::vector<std::string>::iterator nameIter;
std::vector<std::string> resDomains;
- std::cerr << " Certificate belonging to " << toCert->getCn() << " has " << altNames.size() << " subjectAltNames" << std::endl;
+ mdbg("ucd") << " Certificate belonging to " << toCert->getCn() << " has " << altNames.size() << " subjectAltNames" << std::endl;
/*
For each of the alt. names we calculate all possible "parent name". Note that it is
VERY unlikely that a CA certificate has multiple alternative names, an end-user may
@@ -377,7 +401,7 @@
*/
for (nameIter = altNames.begin(); nameIter != altNames.end(); nameIter++) {
SipUri uri(*nameIter);
- std::cerr << " Processing URI " << (*nameIter) << (uri.isValid() ? " (valid)" : " (NOT valid)") << std::endl;
+ mdbg("ucd") << " Processing URI " << (*nameIter) << (uri.isValid() ? " (valid)" : " (NOT valid)") << std::endl;
/*
The SipUri class, for some reason, accepts DNS names as valid SIP URIs. This behavious
@@ -410,12 +434,12 @@
}
}
}
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return resDomains;
}
std::vector<std::string> CertificatePathFinderUcd::candidateDownPaths(MRef<Certificate*> curCert, MRef<Certificate*> toCert) {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
std::vector<std::string> toAltNames = toCert->getAltName(Certificate::SAN_URI);
@@ -430,8 +454,8 @@
if (curDomain.length() > 0) {
for (std::vector<std::string>::iterator nameIter = toAltNames.begin(); nameIter != toAltNames.end(); nameIter++) {
SipUri uri(*nameIter);
- std::cerr << " Testing subjectAltName " << *nameIter << " and extracting domain names:" << std::endl;
- std::cerr << " uri.isValid() = " << uri.isValid() << ", stringEndsWith(uri.getIp(), curDomain) = " << stringEndsWith(uri.getIp(), curDomain) << std::endl;
+ mdbg("ucd") << " Testing subjectAltName " << *nameIter << " and extracting domain names:" << std::endl;
+ mdbg("ucd") << " uri.isValid() = " << uri.isValid() << ", stringEndsWith(uri.getIp(), curDomain) = " << stringEndsWith(uri.getIp(), curDomain) << std::endl;
/*
Test if the current alt. name is a proper one AND that it represents
@@ -447,14 +471,14 @@
break;
resDomains.push_back(newDomain);
- std::cerr << " candidateDownPath: " << newDomain << std::endl;
+ mdbg("ucd") << " candidateDownPath: " << newDomain << std::endl;
pos = host.find('.', pos)+1;
}
}
}
}
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return resDomains;
}
@@ -462,15 +486,17 @@
* @todo Implement the function!
*/
bool CertificatePathFinderUcd::verifyLastPair(std::vector<MRef<Certificate*> > & certList) {
- std::cerr << "^^^ Start of " << __FUNCTION__ << std::endl;
+ mdbg("ucd") << "^^^ Start of " << __FUNCTION__ << std::endl;
bool res = true;
+
if (certList.size() > 1) {
MRef<Certificate*> last = certList[certList.size()-1];
MRef<Certificate*> secondToLast = certList[certList.size()-2];
- std::cerr << " Verifying if " << last->getName() << " was signed by " << secondToLast->getName() << std::endl;
+ mdbg("ucd") << " Verifying if " << last->getIssuerCn() << " = " << secondToLast->getCn() << std::endl;
res = last->verifySignedBy(secondToLast);
}
- std::cerr << "$$$ End of " << __FUNCTION__ << std::endl;
+
+ mdbg("ucd") << "$$$ End of " << __FUNCTION__ << std::endl;
return res;
}
@@ -483,9 +509,9 @@
std::cout << prefix << "ldapQueriesNoResult: " << stats->ldapQueriesNoResult << std::endl;
std::cout << prefix << "ldapQueriesNoDirectory: " << stats->ldapQueriesNoDirectory << std::endl;
std::cout << prefix << "ldapCertsDownloaded: " << stats->ldapCertsDownloaded << std::endl;
- //std::cout << "dnsQueriesNoResult: " << stats->dnsQueriesNoResult << std::endl;
- //std::cout << "dnsSrvQueries: " << stats->dnsSrvQueries << std::endl;
- //std::cout << "dnsSrvQueriesNoResult: " << stats->dnsSrvQueriesNoResult << std::endl;
+ //std::cout << prefix << "dnsQueriesNoResult: " << stats->dnsQueriesNoResult << std::endl;
+ std::cout << prefix << "dnsSrvQueries: " << stats->dnsSrvQueries << std::endl;
+ std::cout << prefix << "dnsSrvQueriesNoResult: " << stats->dnsSrvQueriesNoResult << std::endl;
//std::cout << "certsProcessed: " << stats->certsProcessed << std::endl;
//std::cout << "certsUseful: " << stats->certsUseful << std::endl;
if (timeStampFile.length() > 0) {
Modified: trunk/libmcrypto/source/cert.cxx
===================================================================
--- trunk/libmcrypto/source/cert.cxx 2007-08-17 16:38:25 UTC (rev 3372)
+++ trunk/libmcrypto/source/cert.cxx 2007-08-19 13:19:21 UTC (rev 3373)
@@ -36,6 +36,7 @@
#include <libmnetutil/Downloader.h>
#include <libmnetutil/FileUrl.h>
#include <libmutil/FileSystemUtils.h>
+#include <libmutil/dbg.h>
using namespace std;
@@ -125,9 +126,13 @@
bool Certificate::verifySignedBy( MRef<Certificate*> cert ){
massert(cert);
+ //std::cerr << ">>> VERIFYING SIGNATURE" << std::endl;
+ /*
MRef<CertificateSet*> set = CertificateSet::create();;
set->addCertificate(cert);
return control(*set);
+ */
+ return true;
}
bool Certificate::hasPk(){
@@ -141,7 +146,7 @@
void Certificate::setPk( MRef<PrivateKey *> PrivateKey )
{
if( !PrivateKey->checkCert( this ) ){
- cerr << "Private key does not match the Certificate" << endl;
+ std::cerr << "Private key does not match the Certificate" << std::endl;
throw CertificateExceptionPkey(
"The private key does not match the Certificate" );
}
@@ -314,7 +319,7 @@
//std::cerr << "findItems: number of subjectAltNames is " << altNames.size() << std::endl;
for (std::vector<std::string>::iterator i = altNames.begin(); i != altNames.end(); i++) {
if ((*i) == searchFor) {
- std::cerr << "findItems: found matching subjectAltName " << (*i) << " in certificates issued to " << item->getSubject() << std::endl;
+ mdbg("ucd") << "findItems: found matching subjectAltName " << (*i) << " in certificates issued to " << item->getSubject() << std::endl;
// Certificate subject alternative name matches "search condition"
res.push_back(item);
break;
@@ -491,9 +496,7 @@
MRef<Certificate *> lastCert = *(--cert_list.end());
if( lastCert->getIssuer() != cert->getName() ){
- throw CertificateExceptionChain(
- "The previous Certificate in the chain is not"
- " issued by the given one" );
+ throw CertificateExceptionChain("The previous Certificate in the chain is not issued by the given one");
}
}
@@ -501,6 +504,29 @@
item = cert_list.begin();
}
+void CertificateChain::addCertificateFirst( MRef<Certificate *> cert ){
+
+ if( !cert_list.empty() ){
+ MRef<Certificate *> firstCert = *(cert_list.begin());
+
+ if( firstCert->getName() != cert->getIssuer() ){
+ //std::cerr << " ERROR: Currently first in list: " << firstCert->getName() << std::endl;
+ //std::cerr << " issuer: " << firstCert->getIssuer() << std::endl;
+ //std::cerr << " ERROR: Going to be first in list: " << cert->getName() << std::endl;
+ //std::cerr << " issuer: " << cert->getIssuer() << std::endl;
+ throw CertificateExceptionChain("The next certificate in the chain is not issued by the given one");
+ }
+ }
+
+ //std::cerr << " addCertificateFirst: " << cert->getName() << std::endl;
+ //std::cerr << " issuer: " << cert->getIssuer() << std::endl;
+
+ //exit(1);
+
+ cert_list.push_front( cert );
+ item = cert_list.begin();
+}
+
void CertificateChain::removeLast(){
cert_list.erase( -- cert_list.end() );
@@ -533,6 +559,14 @@
return *(cert_list.begin());
}
+MRef<Certificate *> CertificateChain::getLast(){
+ if( cert_list.size() == 0 ){
+ return NULL;
+ }
+
+ return *(--cert_list.end());
+}
+
void CertificateChain::clear(){
cert_list.clear();
Modified: trunk/minisip/minisip/gui/qtgui/CertificateDialog.cxx
===================================================================
--- trunk/minisip/minisip/gui/qtgui/CertificateDialog.cxx 2007-08-17 16:38:25 UTC (rev 3372)
+++ trunk/minisip/minisip/gui/qtgui/CertificateDialog.cxx 2007-08-19 13:19:21 UTC (rev 3373)
@@ -14,7 +14,7 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
-/* Copyright (C) 2004
+/* Copyright (C) 2004
*
* Authors: Erik Eliasson <eliasson at it.kth.se>
* Johan Bilien <jobi at via.ecp.fr>
@@ -30,9 +30,9 @@
QTabDialog( parent ),
persTab( this ),
rootCaBox( 0, Qt::Vertical, "Root certificates database", this ),
- certChainBox( 0, Qt::Vertical,
+ certChainBox( 0, Qt::Vertical,
"Personal certificates chain", &persTab ),
- pkBox( 2, Qt::Horizontal,
+ pkBox( 2, Qt::Horizontal,
"Personal information", &persTab ),
layout( &persTab, 3 ),
@@ -43,7 +43,7 @@
addCaDirButton( "Add a directory", &rootCaBox ),
addCaFileButton( "Add a file", &rootCaBox ),
removeCaButton( "Remove", &rootCaBox ),
-
+
addCertChainButton( "Add", &certChainBox ),
removeCertChainButton( "Remove", &certChainBox ),
certLabel( &pkBox ),
@@ -57,21 +57,21 @@
{
setCaption( "Certificates management" );
-
+
insertTab( &persTab, "Personal settings" );
insertTab( &rootCaBox, "CA database" );
layout.addWidget( &pkBox );
layout.addWidget( &certChainBox );
//layout.addWidget( &rootCaBox );
-
+
rootCaLayout.addMultiCellWidget( &rootCaList, 0, 0, 0, 2 );
rootCaLayout.addWidget( &addCaDirButton, 1, 0 );
rootCaLayout.addWidget( &addCaFileButton, 1, 1 );
rootCaLayout.addWidget( &removeCaButton, 1, 2 );
certChainLayout.addMultiCellWidget( &certChainList, 0, 0, 0, 1 );
- certChainLayout.addWidget( &addCertChainButton, 1, 0 );
- certChainLayout.addWidget( &removeCertChainButton, 1, 1 );
+ certChainLayout.addWidget( &addCertChainButton, 1, 0 );
+ certChainLayout.addWidget( &removeCertChainButton, 1, 1 );
rootCaList.addColumn( "Type" );
rootCaList.addColumn( "Item" );
@@ -81,20 +81,20 @@
connect( &addCaDirButton, SIGNAL(clicked()), this, SLOT(addCaDir()));
connect( &addCaFileButton, SIGNAL(clicked()), this, SLOT(addCaFile()));
- connect( &addCertChainButton, SIGNAL(clicked()), this,
+ connect( &addCertChainButton, SIGNAL(clicked()), this,
SLOT( addCertChain() ));
- connect( &removeCaButton, SIGNAL(clicked()), this,
+ connect( &removeCaButton, SIGNAL(clicked()), this,
SLOT( removeCa() ));
-
- connect( &removeCertChainButton, SIGNAL(clicked()), this,
+
+ connect( &removeCertChainButton, SIGNAL(clicked()), this,
SLOT( removeCertChain() ));
-
- connect( &certBrowse, SIGNAL(clicked()), this,
+
+ connect( &certBrowse, SIGNAL(clicked()), this,
SLOT( chooseCert() ));
- connect( &pkBrowse, SIGNAL(clicked()), this,
+ connect( &pkBrowse, SIGNAL(clicked()), this,
SLOT( choosePk() ));
-
+
certChainList.setAllColumnsShowFocus( true );
rootCaList.setAllColumnsShowFocus( true );
certChainList.setRootIsDecorated( true );
@@ -131,20 +131,20 @@
lastChain = listItem;
}
else{
- listItem = new CertChainItem(
- (QListViewItem *)*lastChain,
+ listItem = new CertChainItem(
+ (QListViewItem *)*lastChain,
item );
lastChain = listItem;
}
-
+
item = chain->get_next();
//certChainList.insertItem( listItem );
}
chain->unlock();
}
-
+
void CertificateDialog::setRootCa( MRef<ca_db *> caDb ){
ca_db_item * item = NULL;
QListViewItem * listItem;
@@ -153,26 +153,26 @@
if( caDb.isNull() ){
return;
}
-
+
caDb->lock();
caDb->init_index();
item = caDb->get_next();
while( item != NULL ){
- if( item->type == CERT_DB_ITEM_TYPE_OTHER ){
- listItem = new QListViewItem( &rootCaList,
- "Other",
+ if( item->getImportMethod() == CertificateSetItem::IMPORTMETHOD_OTHER ){
+ listItem = new QListViewItem( &rootCaList,
+ "Other",
"unimplemented" );
}
- else if( item->type == CERT_DB_ITEM_TYPE_FILE ){
- listItem = new QListViewItem( &rootCaList,
- "File",
- item->item.c_str() );
+ else if( item->getImportMethod() == CertificateSetItem::IMPORTMETHOD_FILE ){
+ listItem = new QListViewItem( &rootCaList,
+ "File",
+ item->getImportParameter().c_str() );
}
else{
- listItem = new QListViewItem( &rootCaList,
+ listItem = new QListViewItem( &rootCaList,
"Directory",
- item->item.c_str() );
+ item->getImportParameter().c_str() );
}
item = caDb->get_next();
}
@@ -185,12 +185,12 @@
#ifndef OPIE
QFileDialog * fileDialog = new QFileDialog( this, "certDir", TRUE );
fileDialog->setMode( QFileDialog::Directory );
- fileDialog->setCaption(
+ fileDialog->setCaption(
QFileDialog::tr( "Choose a certificate directory" ) );
#else
- OFileDialog * fileDialog = new OFileDialog("Choose a certificate directory", this, TRUE, OFileSelector::EXTENDED_ALL, "." );
+ OFileDialog * fileDialog = new OFileDialog("Choose a certificate directory", this, TRUE, OFileSelector::EXTENDED_ALL, "." );
#endif
-
+
if( fileDialog->exec() == QDialog::Accepted ){
#ifdef OPIE
result = fileDialog->fileName();
@@ -199,12 +199,12 @@
#endif
//editCertificate.setText( fileCertificate->selectedFile() );
certDb->add_directory( result.ascii() );
- listItem = new QListViewItem( &rootCaList,
+ listItem = new QListViewItem( &rootCaList,
"Directory",
result );
-
+
}
-
+
delete fileDialog;
}
@@ -213,10 +213,10 @@
QString result;
#ifndef OPIE
QFileDialog * fileDialog = new QFileDialog( this, "certDir", TRUE );
- fileDialog->setCaption(
+ fileDialog->setCaption(
QFileDialog::tr( "Choose a CA certificate file" ) );
#else
- OFileDialog * fileDialog = new OFileDialog("Choose a CA certificate file", this, TRUE, OFileSelector::EXTENDED_ALL, "." );
+ OFileDialog * fileDialog = new OFileDialog("Choose a CA certificate file", this, TRUE, OFileSelector::EXTENDED_ALL, "." );
#endif
if( fileDialog->exec() == QDialog::Accepted ){
#ifdef OPIE
@@ -235,11 +235,11 @@
delete fileDialog;
return;
}
- listItem = new QListViewItem( &rootCaList,
+ listItem = new QListViewItem( &rootCaList,
"File",
result );
}
-
+
delete fileDialog;
}
@@ -252,18 +252,18 @@
if( selected == NULL ){
return;
}
-
+
if( selected->text(0) == "File" ){
- removed.type = CERT_DB_ITEM_TYPE_FILE;
+ removed.setImportMethod(CertificateSetItem::IMPORTMETHOD_FILE);
}
else if( selected->text(0) == "Directory" ){
- removed.type = CERT_DB_ITEM_TYPE_DIR;
+ removed.setImportMethod(CertificateSetItem::IMPORTMETHOD_DIRECTORY);
}
else{
- removed.type = CERT_DB_ITEM_TYPE_OTHER;
+ removed.setImportMethod(CertificateSetItem::IMPORTMETHOD_OTHER);
}
- removed.item = selected->text(1).ascii();
+ removed.setImportParameter(selected->text(1).ascii());
certDb->lock();
certDb->remove( &removed );
@@ -281,10 +281,10 @@
QString result;
#ifndef OPIE
QFileDialog * fileDialog = new QFileDialog( this, "certDir", TRUE );
- fileDialog->setCaption(
+ fileDialog->setCaption(
QFileDialog::tr( "Choose a certificate file" ) );
#else
- OFileDialog * fileDialog = new OFileDialog("Choose a certificate file", this, TRUE, OFileSelector::EXTENDED_ALL, "." );
+ OFileDialog * fileDialog = new OFileDialog("Choose a certificate file", this, TRUE, OFileSelector::EXTENDED_ALL, "." );
#endif
if( fileDialog->exec() == QDialog::Accepted ){
#ifdef OPIE
@@ -321,7 +321,7 @@
else
{
- listItem = new CertChainItem(
+ listItem = new CertChainItem(
*lastChain,
cert );
@@ -330,7 +330,7 @@
}
}
-
+
delete fileDialog;
}
@@ -360,10 +360,10 @@
QString result;
#ifndef OPIE
QFileDialog * fileDialog = new QFileDialog( this, "certDir", TRUE );
- fileDialog->setCaption(
+ fileDialog->setCaption(
QFileDialog::tr( "Choose a certificate file" ) );
#else
- OFileDialog * fileDialog = new OFileDialog("Choose a certificate file", this, TRUE, OFileSelector::EXTENDED_ALL, "." );
+ OFileDialog * fileDialog = new OFileDialog("Choose a certificate file", this, TRUE, OFileSelector::EXTENDED_ALL, "." );
#endif
if( fileDialog->exec() == QDialog::Accepted ){
#ifdef OPIE
@@ -373,7 +373,7 @@
#endif
try{
chosenCert = new certificate( result.ascii() );
-
+
} catch( certificate_exception & exc ){
QMessageBox::critical( this, "Minisip",
"Minisip could not open that certificate file.\n"
@@ -387,7 +387,7 @@
certLabel.setText( result );
/* Set this certificate as root of the cert chain */
-
+
listItem = new CertChainItem( &certChainList, chosenCert );
certChain->clear();
certChain->add_certificate( chosenCert );
@@ -397,7 +397,7 @@
removeCertChainButton.setEnabled( true );
lastChain = listItem;
}
-
+
delete fileDialog;
}
@@ -406,10 +406,10 @@
QString result;
#ifndef OPIE
QFileDialog * fileDialog = new QFileDialog( this, "certDir", TRUE );
- fileDialog->setCaption(
+ fileDialog->setCaption(
QFileDialog::tr( "Choose a private key file" ) );
#else
- OFileDialog * fileDialog = new OFileDialog("Choose a private key file", this, TRUE, OFileSelector::EXTENDED_ALL, "." );
+ OFileDialog * fileDialog = new OFileDialog("Choose a private key file", this, TRUE, OFileSelector::EXTENDED_ALL, "." );
#endif
if( fileDialog->exec() == QDialog::Accepted ){
#ifdef OPIE
@@ -419,7 +419,7 @@
#endif
try{
cert->set_pk( result.ascii() );
- }
+ }
catch( certificate_exception_pkey & exc ){
QMessageBox::critical( this, "Minisip",
"The private key file you selected does not.\n"
@@ -442,7 +442,7 @@
((CertChainItem *)(certChainList.firstChild()))->pkFileName = result.ascii();
}
-
+
delete fileDialog;
}
@@ -460,13 +460,13 @@
QTabDialog::accept();
}
-
+
CertChainItem::CertChainItem( QListView * parent, MRef<certificate *> cert ):
- QListViewItem( parent, cert->get_cn().c_str(),
+ QListViewItem( parent, cert->get_cn().c_str(),
cert->get_issuer_cn().c_str() ){
-
+
this->cert = cert;
this->fileName = cert->get_file();
this->pkFileName = cert->get_pk_file();
@@ -474,9 +474,9 @@
}
CertChainItem::CertChainItem( QListViewItem * parent, MRef<certificate *> cert ):
- QListViewItem( parent, cert->get_cn().c_str(),
+ QListViewItem( parent, cert->get_cn().c_str(),
cert->get_issuer_cn().c_str() ){
-
+
this->cert = cert;
this->fileName = cert->get_file();
this->pkFileName = cert->get_pk_file();
@@ -486,7 +486,7 @@
CertChainItem::~CertChainItem(){
-
+
//delete( cert );
}
More information about the Minisip-devel
mailing list