[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: [libnm-qt/8021x-make-pki-cool] settings: Finish the ca cert parts
From: Will Stephenson <wstephenson () kde ! org>
Date: 2013-05-16 13:56:42
Message-ID: 20130516135642.59535A609F () git ! kde ! org
[Download RAW message or body]
Git commit 6900c6af73960e55b4c6c892ecbd713a4cbb2e15 by Will Stephenson.
Committed on 15/05/2013 at 12:32.
Pushed by wstephens into branch '8021x-make-pki-cool'.
Finish the ca cert parts
M +48 -19 settings/802-1x.cpp
M +2 -0 settings/802-1x.h
http://commits.kde.org/libnm-qt/6900c6af73960e55b4c6c892ecbd713a4cbb2e15
diff --git a/settings/802-1x.cpp b/settings/802-1x.cpp
index cce7d4e..ae2dc65 100644
--- a/settings/802-1x.cpp
+++ b/settings/802-1x.cpp
@@ -1,5 +1,6 @@
/*
Copyright 2012-2013 Jan Grulich <jgrulich@redhat.com>
+ Copyright 2013 Will Stephenson <wstephenson@suse.de>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -84,7 +85,8 @@ NetworkManager::Settings::Security8021xSetting::Security8021xSetting(const \
Ptr & setIdentity(other->identity());
setAnonymousIdentity(other->anonymousIdentity());
setPacFile(other->pacFile());
- // WILL FIX THIS d->caCert = other.d->caCert;
+ // WILL is this a hack?
+ d->caCert = other.data()->d_ptr->caCert;
setSubjectMatch(other->subjectMatch());
setAltSubjectMatches(other->altSubjectMatches());
setClientCertificate(other->clientCertificate());
@@ -178,13 +180,20 @@ QString \
NetworkManager::Settings::Security8021xSetting::pacFile() const return d->pacFile;
}
+NetworkManager::Settings::Security8021xSetting::CertKeyScheme \
NetworkManager::Settings::Security8021xSetting::caCertificateScheme() const +{
+ Q_D(const Security8021xSetting);
+ return d->caCert.scheme;
+}
+
void NetworkManager::Settings::Security8021xSetting::setCaCertificate(const QString \
&caCertPath, CertKeyScheme scheme) {
Q_D(Security8021xSetting);
QCA::ConvertResult result;
- // this is a guess, because NM and wpa_supplicant don't define the format the \
file should
- // have, but wpa_supplicant.conf shows .pem files as input
+ // http://projects.gnome.org/NetworkManager/developers/api/09/ref-settings.html#idp8706528
+ // says this can be a PEM or DER encoded file, but QCA only has a method for \
PEM from a file, + // and i don't feel like doing file access in here myself today
d->caCert.cert = QCA::Certificate::fromPEMFile(caCertPath, &result);
if (result == QCA::ConvertGood) {
d->caCert.scheme = scheme;
@@ -202,8 +211,8 @@ QByteArray \
NetworkManager::Settings::Security8021xSetting::caCertificateBlob() c {
Q_D(const Security8021xSetting);
if (d->caCert.scheme == CertKeySchemeBlob) {
- // this is a guess, because NM and wpa_supplicant don't define the format \
the blob should
- // have, and QCA::Certificate only has one QByteArray export method.
+ // DER encoded data according to
+ // http://projects.gnome.org/NetworkManager/developers/api/09/ref-settings.html#idp8706528
return d->caCert.cert.toDER();
}
return QByteArray();
@@ -658,6 +667,8 @@ QVariantMap \
NetworkManager::Settings::Security8021xSetting::secretsToMap() const
void NetworkManager::Settings::Security8021xSetting::fromMap(const QVariantMap& \
setting) {
+ Q_D(Security8021xSetting);
+
if (setting.contains(QLatin1String(NM_SETTING_802_1X_EAP))) {
QStringList methods = \
setting.value(QLatin1String(NM_SETTING_802_1X_EAP)).toStringList(); QList<EapMethod> \
eapMethods; @@ -695,11 +706,17 @@ void \
NetworkManager::Settings::Security8021xSetting::fromMap(const QVariantMap& }
if (setting.contains(QLatin1String(NM_SETTING_802_1X_CA_CERT))) {
- // WILL FIX THIS \
setCaCertificate(setting.value(QLatin1String(NM_SETTING_802_1X_CA_CERT)).toByteArray());
+ d->caCert.cert = \
QCA::Certificate::fromDER(setting.value(QLatin1String(NM_SETTING_802_1X_CA_CERT)).toByteArray());
+ d->caCert.scheme = CertKeySchemeBlob;
+ d->caCert.fileName = QString();
+ // WILL also clear hash
}
if (setting.contains(QLatin1String(NM_SETTING_802_1X_CA_PATH))) {
- // WILL FIX THIS \
setCaPath(setting.value(QLatin1String(NM_SETTING_802_1X_CA_PATH)).toString()); + \
d->caCert.cert = QCA::Certificate(); + d->caCert.scheme = CertKeySchemePath;
+ d->caCert.fileName = \
setting.value(QLatin1String(NM_SETTING_802_1X_CA_PATH)).toString(); + // WILL \
also clear hash }
if (setting.contains(QLatin1String(NM_SETTING_802_1X_SUBJECT_MATCH))) {
@@ -859,6 +876,7 @@ void \
NetworkManager::Settings::Security8021xSetting::fromMap(const QVariantMap&
QVariantMap NetworkManager::Settings::Security8021xSetting::toMap() const
{
+ Q_D(const Security8021xSetting);
QVariantMap setting;
if (!eapMethods().isEmpty()) {
@@ -897,15 +915,17 @@ QVariantMap \
NetworkManager::Settings::Security8021xSetting::toMap() const
setting.insert(QLatin1String(NM_SETTING_802_1X_PAC_FILE), pacFile());
}
- /* WILL FIX THIS
- if (!caCertificate().isEmpty()) {
- setting.insert(QLatin1String(NM_SETTING_802_1X_CA_CERT), caCertificate());
- }
+ switch (d->caCert.scheme) {
+ case CertKeySchemeNone:
+ break;
+ case CertKeySchemeBlob:
+ setting.insert(QLatin1String(NM_SETTING_802_1X_CA_CERT), \
d->caCert.cert.toDER()); + break;
+ case CertKeySchemePath:
+ setting.insert(QLatin1String(NM_SETTING_802_1X_CA_PATH), \
d->caCert.fileName); + break;
+ };
- if (!caPath().isEmpty()) {
- setting.insert(QLatin1String(NM_SETTING_802_1X_CA_PATH), caPath());
- }
- */
if (!subjectMatch().isEmpty()) {
setting.insert(QLatin1String(NM_SETTING_802_1X_SUBJECT_MATCH), \
subjectMatch()); }
@@ -1098,10 +1118,19 @@ QDebug NetworkManager::Settings::operator <<(QDebug dbg, \
const NetworkManager::S
dbg.nospace() << NM_SETTING_802_1X_IDENTITY << ": " << setting.identity() << \
'\n';
dbg.nospace() << NM_SETTING_802_1X_ANONYMOUS_IDENTITY << ": " << \
setting.anonymousIdentity() << '\n';
dbg.nospace() << NM_SETTING_802_1X_PAC_FILE << ": " << setting.pacFile() << \
'\n';
- /* WILL FIX THIS
- dbg.nospace() << NM_SETTING_802_1X_CA_CERT << ": " << setting.caCertificate() << \
'\n';
- dbg.nospace() << NM_SETTING_802_1X_CA_PATH << ": " << setting.caPath() << '\n';
- */
+
+ switch (setting.caCertificateScheme()) {
+ case NetworkManager::Settings::Security8021xSetting::CertKeySchemeNone:
+ dbg.nospace() << NM_SETTING_802_1X_CA_CERT << ": " << "NONE";
+ break;
+ case NetworkManager::Settings::Security8021xSetting::CertKeySchemeBlob:
+ dbg.nospace() << NM_SETTING_802_1X_CA_CERT << ": " << \
setting.caCertificateBlob(); + break;
+ case NetworkManager::Settings::Security8021xSetting::CertKeySchemePath:
+ dbg.nospace() << NM_SETTING_802_1X_CA_PATH << ": " << \
setting.caCertificatePath(); + break;
+ };
+
dbg.nospace() << NM_SETTING_802_1X_SUBJECT_MATCH << ": " << \
setting.subjectMatch() << '\n';
dbg.nospace() << NM_SETTING_802_1X_ALTSUBJECT_MATCHES << ": " << \
setting.altSubjectMatches() << '\n';
dbg.nospace() << NM_SETTING_802_1X_CLIENT_CERT << ": " << \
setting.clientCertificate() << '\n';
diff --git a/settings/802-1x.h b/settings/802-1x.h
index 629b28c..59db6c8 100644
--- a/settings/802-1x.h
+++ b/settings/802-1x.h
@@ -1,5 +1,6 @@
/*
Copyright 2012-2013 Jan Grulich <jgrulich@redhat.com>
+ Copyright 2013 Will Stephenson <wstephenson@suse.de>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -65,6 +66,7 @@ public:
void setPacFile(const QString & file);
QString pacFile() const;
+ CertKeyScheme caCertificateScheme() const;
void setCaCertificate(const QString &caCertPath, CertKeyScheme scheme);
QByteArray caCertificateBlob() const;
QString caCertificatePath() const;
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic