cert sigs, comparing, options validation, no redundant global functions

svn path=/trunk/kdesupport/qca/; revision=394990

TODO

@@ -29,9 +29,6 @@
   create qt4 qmake .prf for auto-discovery by applications
 
 * finish code for APIs:
-  redundant global static functions in publickey / cert
-  CertificateOptions: isValid
-  Certificate: operator==
   cert: rfc 2818 hostname validation
   tls
   sasl

include/QtCrypto/qca_cert.h

@@ -175,6 +175,7 @@ namespace QCA
 		bool isSelfSigned() const;
 		int pathLimit() const;
 
+		QSecureArray signature() const;
 		SignatureAlgorithm signatureAlgorithm() const;
 
 		// import / export
@@ -222,6 +223,7 @@ namespace QCA
 		int pathLimit() const;               // PKCS#10 only
 		QString challenge() const;
 
+		QSecureArray signature() const;
 		SignatureAlgorithm signatureAlgorithm() const;
 
 		// import / export - PKCS#10 only
@@ -281,6 +283,7 @@ namespace QCA
 
 		QList<CRLEntry> revoked() const;
 
+		QSecureArray signature() const;
 		SignatureAlgorithm signatureAlgorithm() const;
 
 		// import / export

include/QtCrypto/qcaprovider.h

@@ -224,6 +224,7 @@ public:
 class CertContextProps
 {
 public:
+	int version;                     // cert only
 	QDateTime start, end;            // cert only
 	CertificateInfo subject;
 	CertificateInfo issuer;          // cert only
@@ -233,6 +234,7 @@ public:
 	bool isCA;
 	bool isSelfSigned;               // cert only
 	int pathLimit;
+	QSecureArray sig;
 	SignatureAlgorithm sigalgo;
 	QString challenge;               // csr only
 	CertificateRequestFormat format; // csr only
@@ -245,6 +247,7 @@ public:
 	int number;
 	QDateTime thisUpdate, nextUpdate;
 	QList<CRLEntry> revoked;
+	QSecureArray sig;
 	SignatureAlgorithm sigalgo;
 };
 

src/qca_cert.cpp

@@ -29,43 +29,11 @@ namespace QCA {
 
 Provider::Context *getContext(const QString &type, const QString &provider);
 
-static bool stringToFile(const QString &fileName, const QString &content)
-{
-	QFile f(fileName);
-	if(!f.open(QFile::WriteOnly))
-		return false;
-	QTextStream ts(&f);
-	ts << content;
-	return true;
-}
-
-static bool stringFromFile(const QString &fileName, QString *s)
-{
-	QFile f(fileName);
-	if(!f.open(QFile::ReadOnly))
-		return false;
-	QTextStream ts(&f);
-	*s = ts.readAll();
-	return true;
-}
-
-static bool arrayToFile(const QString &fileName, const QByteArray &content)
-{
-	QFile f(fileName);
-	if(!f.open(QFile::WriteOnly))
-		return false;
-	f.write(content.data(), content.size());
-	return true;
-}
-
-static bool arrayFromFile(const QString &fileName, QByteArray *a)
-{
-	QFile f(fileName);
-	if(!f.open(QFile::ReadOnly))
-		return false;
-	*a = f.readAll();
-	return true;
-}
+// from qca_publickey.cpp
+bool stringToFile(const QString &fileName, const QString &content);
+bool stringFromFile(const QString &fileName, QString *s);
+bool arrayToFile(const QString &fileName, const QByteArray &content);
+bool arrayFromFile(const QString &fileName, QByteArray *a);
 
 //----------------------------------------------------------------------------
 // CertificateOptions
@@ -123,8 +91,14 @@ void CertificateOptions::setFormat(CertificateRequestFormat f)
 
 bool CertificateOptions::isValid() const
 {
-	// TODO: check the content
-	return false;
+	// logic from Botan
+	if(d->info.value(CommonName).isEmpty() || d->info.value(Country).isEmpty())
+		return false;
+	if(d->info.value(Country).length() != 2)
+		return false;
+	if(d->start >= d->end)
+		return false;
+	return true;
 }
 
 QString CertificateOptions::challenge() const
@@ -359,6 +333,11 @@ int Certificate::pathLimit() const
 	return static_cast<const CertContext *>(context())->props()->pathLimit;
 }
 
+QSecureArray Certificate::signature() const
+{
+	return static_cast<const CertContext *>(context())->props()->sig;
+}
+
 SignatureAlgorithm Certificate::signatureAlgorithm() const
 {
 	return static_cast<const CertContext *>(context())->props()->sigalgo;
@@ -428,10 +407,21 @@ bool Certificate::matchesHostname(const QString &realHost) const
 	return false;
 }
 
-bool Certificate::operator==(const Certificate &) const
+bool Certificate::operator==(const Certificate &cert) const
 {
-	// TODO
-	return false;
+	const CertContextProps *a = static_cast<const CertContext *>(context())->props();
+	const CertContextProps *b = static_cast<const CertContext *>(cert.context())->props();
+
+	// logic from Botan
+	if(a->sig != b->sig || a->sigalgo != b->sigalgo || subjectPublicKey() != cert.subjectPublicKey())
+		return false;
+	if(a->issuer != b->issuer || a->subject != b->subject)
+		return false;
+	if(a->serial != b->serial || a->version != b->version)
+		return false;
+	if(a->start != b->start || a->end != b->end)
+		return false;
+	return true;
 }
 
 bool Certificate::operator!=(const Certificate &a) const
@@ -535,6 +525,11 @@ QString CertificateRequest::challenge() const
 	return static_cast<const CSRContext *>(context())->props()->challenge;
 }
 
+QSecureArray CertificateRequest::signature() const
+{
+	return static_cast<const CSRContext *>(context())->props()->sig;
+}
+
 SignatureAlgorithm CertificateRequest::signatureAlgorithm() const
 {
 	return static_cast<const CSRContext *>(context())->props()->sigalgo;
@@ -675,6 +670,11 @@ QList<CRLEntry> CRL::revoked() const
 	return static_cast<const CRLContext *>(context())->props()->revoked;
 }
 
+QSecureArray CRL::signature() const
+{
+	return static_cast<const CRLContext *>(context())->props()->sig;
+}
+
 SignatureAlgorithm CRL::signatureAlgorithm() const
 {
 	return static_cast<const CRLContext *>(context())->props()->sigalgo;

src/qca_publickey.cpp

@@ -28,7 +28,7 @@ namespace QCA {
 
 Provider::Context *getContext(const QString &type, const QString &provider);
 
-static bool stringToFile(const QString &fileName, const QString &content)
+bool stringToFile(const QString &fileName, const QString &content)
 {
 	QFile f(fileName);
 	if(!f.open(QFile::WriteOnly))
@@ -38,13 +38,31 @@ static bool stringToFile(const QString &fileName, const QString &content)
 	return true;
 }
 
-static bool stringFromFile(const QString &fileName, QString *str)
+bool stringFromFile(const QString &fileName, QString *s)
 {
 	QFile f(fileName);
 	if(!f.open(QFile::ReadOnly))
 		return false;
 	QTextStream ts(&f);
-	*str = ts.readAll();
+	*s = ts.readAll();
+	return true;
+}
+
+bool arrayToFile(const QString &fileName, const QByteArray &content)
+{
+	QFile f(fileName);
+	if(!f.open(QFile::WriteOnly))
+		return false;
+	f.write(content.data(), content.size());
+	return true;
+}
+
+bool arrayFromFile(const QString &fileName, QByteArray *a)
+{
+	QFile f(fileName);
+	if(!f.open(QFile::ReadOnly))
+		return false;
+	*a = f.readAll();
 	return true;
 }