58 lines
1.6 KiB
C++
58 lines
1.6 KiB
C++
/*!
|
|
* \copyright Copyright (c) 2014-2018 Governikus GmbH & Co. KG, Germany
|
|
*/
|
|
|
|
#include "CertificateChecker.h"
|
|
|
|
#include "AppSettings.h"
|
|
#include "paos/retrieve/DidAuthenticateEac1.h"
|
|
#include "TlsChecker.h"
|
|
|
|
#include <QCryptographicHash>
|
|
#include <QDate>
|
|
#include <QLoggingCategory>
|
|
|
|
using namespace governikus;
|
|
|
|
|
|
Q_DECLARE_LOGGING_CATEGORY(developermode)
|
|
|
|
|
|
CertificateChecker::CertificateStatus CertificateChecker::checkAndSaveCertificate(const QSslCertificate& pCertificate,
|
|
const QUrl& pUrl,
|
|
const QSharedPointer<DIDAuthenticateEAC1>& pEAC1,
|
|
const QSharedPointer<const CVCertificate>& pDvCvc,
|
|
const std::function<void(const QUrl& pUrl, const QSslCertificate& pCert)>& pSaveCertificateFunc)
|
|
{
|
|
if (!TlsChecker::hasValidCertificateKeyLength(pCertificate))
|
|
{
|
|
return CertificateStatus::Unsupported_Algorithm_Or_Length;
|
|
}
|
|
|
|
if (pEAC1 && pDvCvc)
|
|
{
|
|
if (auto certificateDescription = pEAC1->getCertificateDescription())
|
|
{
|
|
const QSet<QString> certHashes = certificateDescription->getCommCertificates();
|
|
QCryptographicHash::Algorithm hashAlgo = pDvCvc->getBody().getHashAlgorithm();
|
|
if (!TlsChecker::checkCertificate(pCertificate, hashAlgo, certHashes))
|
|
{
|
|
auto hashError = QStringLiteral("hash of certificate not in certificate description");
|
|
|
|
if (AppSettings::getInstance().getGeneralSettings().isDeveloperMode())
|
|
{
|
|
qCCritical(developermode) << hashError;
|
|
}
|
|
else
|
|
{
|
|
qCritical() << hashError;
|
|
return CertificateStatus::Hash_Not_In_Description;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
pSaveCertificateFunc(pUrl, pCertificate);
|
|
return CertificateStatus::Good;
|
|
}
|