blob: db7339a25a597dc7bbe895292343e95e19db896f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
// Copyright (C) 2021 The Qt Company Ltd.
// Copyright (C) 2019 Luxoft Sweden AB
// Copyright (C) 2018 Pelagicore AG
// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only
#include "signature.h"
#include "signature_p.h"
#include "cryptography.h"
#include "exception.h"
QT_BEGIN_NAMESPACE_AM
Signature::Signature(const QByteArray &hash)
: d(new SignaturePrivate)
{
// We have to use ASCII here since the default S/MIME content is text/plain.
// This is what can be supported easily cross-platform without diving
// deeply into low-level PKCS7 APIs.
d->hash = hash.toBase64();
Cryptography::initialize();
}
Signature::~Signature()
{
delete d;
}
QString Signature::errorString() const
{
return d->error;
}
QByteArray Signature::create(const QByteArray &signingCertificatePkcs12, const QByteArray &signingCertificatePassword)
{
d->error.clear();
try {
// Although OpenSSL could, the macOS Security Framework (pre macOS 12) cannot
// process empty detached data. So we better just not support it at all.
if (d->hash.isEmpty())
throw Exception("cannot sign an empty hash value");
QByteArray sig = d->create(signingCertificatePkcs12, signingCertificatePassword);
// // very useful while debugging
// QFile f(QDir::home().absoluteFilePath("sig.der"));
// if (f.open(QIODevice::WriteOnly | QIODevice::Truncate))
// f.write(sig);
return sig;
} catch (const Exception &e) {
d->error = e.errorString();
return QByteArray();
}
}
bool Signature::verify(const QByteArray &signaturePkcs7, const QList<QByteArray> &chainOfTrust)
{
d->error.clear();
try {
return d->verify(signaturePkcs7, chainOfTrust);
} catch (const Exception &e) {
d->error = e.errorString();
return false;
}
}
QT_END_NAMESPACE_AM
|
