120 lines
3.6 KiB
C++
120 lines
3.6 KiB
C++
|
#include <stdexcept>
|
||
|
#include <iostream>
|
||
|
|
||
|
#include <QByteArray>
|
||
|
#include <QSslSocket>
|
||
|
|
||
|
#include <Security/Security.h>
|
||
|
|
||
|
// CFRelease will crash if passed NULL
|
||
|
#define SafeCFRelease(ref) \
|
||
|
if (ref) \
|
||
|
CFRelease(ref);
|
||
|
|
||
|
/*!
|
||
|
* \brief LoadCertificatesFromKeyChain Load all certificates from the KeyChain path provided
|
||
|
* and return them as
|
||
|
* QSslCertificates.
|
||
|
* \param keyChainPath The KeyChain path. Pass an empty string to use the
|
||
|
* user's keychain.
|
||
|
* \return A list of new QSslCertificates generated from the
|
||
|
* KeyChain DER data.
|
||
|
*/
|
||
|
static QList<QSslCertificate> LoadCertificatesFromKeyChain(const std::string &keyChainPath = std::string())
|
||
|
{
|
||
|
QList<QSslCertificate> qtCerts;
|
||
|
|
||
|
SecKeychainRef certsKeyChain = NULL;
|
||
|
SecKeychainSearchRef searchItem = NULL;
|
||
|
SecKeychainItemRef itemRef = NULL;
|
||
|
CSSM_DATA certData = {0, 0};
|
||
|
|
||
|
try
|
||
|
{
|
||
|
OSStatus status = errSecSuccess;
|
||
|
|
||
|
// if a keychain path was provided, obtain a pointer
|
||
|
if (!keyChainPath.empty())
|
||
|
{
|
||
|
status = SecKeychainOpen(keyChainPath.c_str(), &certsKeyChain);
|
||
|
if (status != errSecSuccess)
|
||
|
{
|
||
|
throw status;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// build a search query reference for certificates
|
||
|
status = SecKeychainSearchCreateFromAttributes(certsKeyChain, kSecCertificateItemClass,
|
||
|
NULL, &searchItem);
|
||
|
if (status != errSecSuccess)
|
||
|
{
|
||
|
throw status;
|
||
|
}
|
||
|
|
||
|
// loop through the certificates
|
||
|
while (SecKeychainSearchCopyNext(searchItem, &itemRef) != errSecItemNotFound)
|
||
|
{
|
||
|
// copy the KeyChain item data into a CSSM_DATA struct - this will be the certs Der
|
||
|
// data
|
||
|
status = SecKeychainItemCopyContent(itemRef, NULL, NULL,
|
||
|
reinterpret_cast<UInt32 *>(&certData.Length),
|
||
|
reinterpret_cast<void **>(&certData.Data));
|
||
|
|
||
|
if (status != errSecSuccess)
|
||
|
{
|
||
|
throw status;
|
||
|
}
|
||
|
|
||
|
// create a Qt byte array from the data - the data is NOT copied
|
||
|
const QByteArray byteArray = QByteArray::fromRawData(
|
||
|
reinterpret_cast<const char *>(certData.Data), certData.Length);
|
||
|
|
||
|
// create a Qt certificate from the data and add it to the list
|
||
|
QSslCertificate qtCert(byteArray, QSsl::Der);
|
||
|
std::cout << "COMMON NAME: "
|
||
|
<< qtCert.issuerInfo(QSslCertificate::CommonName).toStdString().c_str()
|
||
|
<< " ORG NAME: "
|
||
|
<< qtCert.issuerInfo(QSslCertificate::Organization).toStdString().c_str()
|
||
|
<< std::endl;
|
||
|
|
||
|
qtCerts << qtCert;
|
||
|
}
|
||
|
}
|
||
|
catch (OSStatus status)
|
||
|
{
|
||
|
CFStringRef errorMessage = SecCopyErrorMessageString(status, NULL);
|
||
|
std::cerr << CFStringGetCStringPtr(errorMessage, kCFStringEncodingMacRoman)
|
||
|
<< std::endl;
|
||
|
SafeCFRelease(errorMessage);
|
||
|
}
|
||
|
|
||
|
SecKeychainItemFreeContent(NULL, certData.Data);
|
||
|
SafeCFRelease(itemRef);
|
||
|
SafeCFRelease(searchItem);
|
||
|
SafeCFRelease(certsKeyChain);
|
||
|
|
||
|
return qtCerts;
|
||
|
}
|
||
|
|
||
|
void RebuildQtCertificates()
|
||
|
{
|
||
|
const QList<QSslCertificate> existingCerts = QSslSocket::defaultCaCertificates();
|
||
|
QList<QSslCertificate> certs = LoadCertificatesFromKeyChain();
|
||
|
certs += LoadCertificatesFromKeyChain(
|
||
|
"/System/Library/Keychains/SystemRootCertificates.keychain");
|
||
|
|
||
|
Q_FOREACH (const QSslCertificate qtCert, certs)
|
||
|
{
|
||
|
if (!existingCerts.contains(qtCert))
|
||
|
{
|
||
|
std::cout << "cert not known to Qt - adding" << std::endl;
|
||
|
std::cout << "COMMON NAME: "
|
||
|
<< qtCert.issuerInfo(QSslCertificate::CommonName).toStdString().c_str()
|
||
|
<< " ORG NAME: "
|
||
|
<< qtCert.issuerInfo(QSslCertificate::Organization).toStdString().c_str()
|
||
|
<< std::endl;
|
||
|
|
||
|
QSslSocket::addDefaultCaCertificate(qtCert);
|
||
|
}
|
||
|
}
|
||
|
}
|