1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
/*
# Copyright (c) 2009 - OpenSLX Project, Computer Center University of Freiburg
#
# This program is free software distributed under the GPL version 2.
# See http://openslx.org/COPYING
#
# If you have any feedback please consult http://openslx.org/feedback and
# send your suggestions, praise, or complaints to feedback@openslx.org
#
# General information about OpenSLX can be found at http://openslx.org/
# -----------------------------------------------------------------------------
# src/util/CertManager.cpp
# - Manage SSL certificates
# - provide access by name
# -----------------------------------------------------------------------------
*/
#include "CertManager.h"
#include "util.h"
#include <QMap>
#include <QFileInfo>
#include <cstdlib>
namespace CertManager
{
static QMap<QString, QSslCertificate> _certs;
static QMap<QString, QSslKey> _keys;
void generateFiles(QString key, QString cert);
QSslKey getPrivateKey(QString name) {
if (_keys.contains(name)) return _keys[name];
QString cert = getPolicyFilePath(name);
QString key = cert;
key.append(".rsa");
cert.append(".crt");
//
QFileInfo keyfile(key);
QFileInfo certfile(cert);
if (keyfile.exists() && certfile.exists())
{ // It wouldn't make sense to have one without the other
if (getCertificate(name).isNull()) return QSslKey();
QFile f(key);
f.open(QFile::ReadOnly);
QSslKey k = QSslKey(&f, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey);
_keys.insert(name, k);
return k;
}
generateFiles(key, cert);
keyfile = QFileInfo(key);
if (!keyfile.exists() || getCertificate(name).isNull()) return QSslKey();
QFile f(key);
f.open(QFile::ReadOnly);
QSslKey k = QSslKey(&f, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey);
if (!k.isNull()) _keys.insert(name, k);
return k;
}
QSslCertificate getCertificate(QString name) {
if (_certs.contains(name)) return _certs[name];
QString cert = getPolicyFilePath(name);
cert.append(".crt");
//
QFileInfo certfile(cert);
if (certfile.exists())
{
QList<QSslCertificate> certlist = QSslCertificate::fromPath(cert);
if (certlist.empty()) return QSslCertificate();
QSslCertificate c = certlist.first();
if (!c.isNull()) _certs.insert(name, c);
return c;
}
return QSslCertificate();
}
void generateFiles(QString key, QString cert)
{
char tmp[1000];
unlink(key.toLocal8Bit().data());
unlink(cert.toLocal8Bit().data());
snprintf(tmp, 1000, "openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -subj '/C=DE/ST=BaWue/L=Freiburg/CN=openslx.org' -keyout \"%s\" -out \"%s\"",
key.toLocal8Bit().data(), cert.toLocal8Bit().data());
system(tmp);
snprintf(tmp, 1000, "chmod 0600 \"%s\" \"%s\"", key.toLocal8Bit().data(), cert.toLocal8Bit().data());
system(tmp);
}
}
|
