AusweisApp2/src/core/CertificateChecker.cpp

/*!
 * \copyright Copyright (c) 2014-2018 Governikus GmbH & Co. KG, Germany
 */

#include "CertificateChecker.h"

#include "AppSettings.h"
#include "paos/retrieve/DidAuthenticateEac1.h"
#include "TlsChecker.h"

#include <QCryptographicHash>
#include <QDate>
#include <QLoggingCategory>

using namespace governikus;


Q_DECLARE_LOGGING_CATEGORY(developermode)


CertificateChecker::CertificateStatus CertificateChecker::checkAndSaveCertificate(const QSslCertificate& pCertificate,
		const QUrl& pUrl,
		const QSharedPointer<DIDAuthenticateEAC1>& pEAC1,
		const QSharedPointer<const CVCertificate>& pDvCvc,
		const std::function<void(const QUrl& pUrl, const QSslCertificate& pCert)>& pSaveCertificateFunc)
{
	if (!TlsChecker::hasValidCertificateKeyLength(pCertificate))
	{
		return CertificateStatus::Unsupported_Algorithm_Or_Length;
	}

	if (pEAC1 && pDvCvc)
	{
		if (auto certificateDescription = pEAC1->getCertificateDescription())
		{
			const QSet<QString> certHashes = certificateDescription->getCommCertificates();
			QCryptographicHash::Algorithm hashAlgo = pDvCvc->getBody().getHashAlgorithm();
			if (!TlsChecker::checkCertificate(pCertificate, hashAlgo, certHashes))
			{
				auto hashError = QStringLiteral("hash of certificate not in certificate description");

				if (AppSettings::getInstance().getGeneralSettings().isDeveloperMode())
				{
					qCCritical(developermode) << hashError;
				}
				else
				{
					qCritical() << hashError;
					return CertificateStatus::Hash_Not_In_Description;
				}
			}
		}
	}

	pSaveCertificateFunc(pUrl, pCertificate);
	return CertificateStatus::Good;
}
Initial revision: v1.10.3 2017-07-03 09:30:10 +02:00			`/*!`
Add revision: v1.14.1 2018-03-28 15:10:51 +02:00			`* \copyright Copyright (c) 2014-2018 Governikus GmbH & Co. KG, Germany`
Initial revision: v1.10.3 2017-07-03 09:30:10 +02:00			`*/`

			`#include "CertificateChecker.h"`

Add revision: v1.14.0 2017-12-20 14:54:05 +01:00			`#include "AppSettings.h"`
			`#include "paos/retrieve/DidAuthenticateEac1.h"`
			`#include "TlsChecker.h"`
Initial revision: v1.10.3 2017-07-03 09:30:10 +02:00
Add revision: v1.14.0 2017-12-20 14:54:05 +01:00			`#include <QCryptographicHash>`
			`#include <QDate>`
			`#include <QLoggingCategory>`
Initial revision: v1.10.3 2017-07-03 09:30:10 +02:00
			`using namespace governikus;`

Add revision: v1.12.2 2017-07-03 09:33:28 +02:00
Initial revision: v1.10.3 2017-07-03 09:30:10 +02:00			`Q_DECLARE_LOGGING_CATEGORY(developermode)`


Add revision: v1.14.0 2017-12-20 14:54:05 +01:00			`CertificateChecker::CertificateStatus CertificateChecker::checkAndSaveCertificate(const QSslCertificate& pCertificate,`
			`const QUrl& pUrl,`
			`const QSharedPointer<DIDAuthenticateEAC1>& pEAC1,`
			`const QSharedPointer<const CVCertificate>& pDvCvc,`
			`const std::function<void(const QUrl& pUrl, const QSslCertificate& pCert)>& pSaveCertificateFunc)`
Initial revision: v1.10.3 2017-07-03 09:30:10 +02:00			`{`
Add revision: v1.14.0 2017-12-20 14:54:05 +01:00			`if (!TlsChecker::hasValidCertificateKeyLength(pCertificate))`
Initial revision: v1.10.3 2017-07-03 09:30:10 +02:00			`{`
Add revision: v1.12.2 2017-07-03 09:33:28 +02:00			`return CertificateStatus::Unsupported_Algorithm_Or_Length;`
			`}`

Add revision: v1.14.0 2017-12-20 14:54:05 +01:00			`if (pEAC1 && pDvCvc)`
Add revision: v1.12.2 2017-07-03 09:33:28 +02:00			`{`
Add revision: v1.14.0 2017-12-20 14:54:05 +01:00			`if (auto certificateDescription = pEAC1->getCertificateDescription())`
Initial revision: v1.10.3 2017-07-03 09:30:10 +02:00			`{`
Add revision: v1.12.2 2017-07-03 09:33:28 +02:00			`const QSet<QString> certHashes = certificateDescription->getCommCertificates();`
Add revision: v1.14.0 2017-12-20 14:54:05 +01:00			`QCryptographicHash::Algorithm hashAlgo = pDvCvc->getBody().getHashAlgorithm();`
			`if (!TlsChecker::checkCertificate(pCertificate, hashAlgo, certHashes))`
Initial revision: v1.10.3 2017-07-03 09:30:10 +02:00			`{`
Add revision: v1.12.2 2017-07-03 09:33:28 +02:00			`auto hashError = QStringLiteral("hash of certificate not in certificate description");`

Initial revision: v1.10.3 2017-07-03 09:30:10 +02:00			`if (AppSettings::getInstance().getGeneralSettings().isDeveloperMode())`
			`{`
Add revision: v1.12.2 2017-07-03 09:33:28 +02:00			`qCCritical(developermode) << hashError;`
Initial revision: v1.10.3 2017-07-03 09:30:10 +02:00			`}`
			`else`
			`{`
Add revision: v1.12.2 2017-07-03 09:33:28 +02:00			`qCritical() << hashError;`
			`return CertificateStatus::Hash_Not_In_Description;`
Initial revision: v1.10.3 2017-07-03 09:30:10 +02:00			`}`
			`}`
			`}`
Add revision: v1.12.2 2017-07-03 09:33:28 +02:00			`}`
Initial revision: v1.10.3 2017-07-03 09:30:10 +02:00
Add revision: v1.14.0 2017-12-20 14:54:05 +01:00			`pSaveCertificateFunc(pUrl, pCertificate);`
Add revision: v1.12.2 2017-07-03 09:33:28 +02:00			`return CertificateStatus::Good;`
			`}`