[auth] Add PKCS8 to PKCS1 key conversion for macOS (deps on libtasn1)

See description of QgsAuthCertUtils::pkcs8PrivateKey. This fix may be needed on other platforms (untested at this point), because Qt5 QSslkey class *still* does not directly support creation using non-PKCS1 PEM- or DER-encoded data, though QCA, whose qca-ossl plugin is linked to OpenSSL, does support PKCS1 and PKCS8.
qgis · Oct 18, 2017 · c66de14 · c66de14
1 parent 8107f91
commit c66de14
Show file tree

Hide file tree

Showing 16 changed files with 480 additions and 2 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -320,6 +320,11 @@ IF(WITH_CORE)
   FIND_QCAOSSL_PLUGIN_CPP(ENABLE_TESTS)
   ENDIF(NOT MSVC)
 
+  IF (APPLE)
+    # Libtasn1 is for DER-encoded PKI ASN.1 parsing/extracting workarounds
+    FIND_PACKAGE(Libtasn1 REQUIRED)
+  ENDIF (APPLE)
+
   IF (SUPPRESS_QT_WARNINGS)
     # Newer versions of UseQt4.cmake include Qt with -isystem automatically
     # This can be used to force this behavior on older systems

diff --git a/cmake/FindLibtasn1.cmake b/cmake/FindLibtasn1.cmake
@@ -0,0 +1,45 @@
+# Find Libtasn1
+# ~~~~~~~~~~~~~~~
+# CMake module to search for Libtasn1 ASN.1 library and header(s) from:
+#    https://www.gnu.org/software/libtasn1/
+#
+# If it's found it sets LIBTASN1_FOUND to TRUE
+# and following variables are set:
+#    LIBTASN1_INCLUDE_DIR
+#    LIBTASN1_LIBRARY
+#
+# Copyright (c) 2017, Boundless Spatial
+# Author: Larry Shaffer <lshaffer (at) boundlessgeo (dot) com>
+#
+# Redistribution and use is allowed according to the terms of the BSD license.
+# For details see the accompanying COPYING-CMAKE-SCRIPTS file.
+
+
+find_path(LIBTASN1_INCLUDE_DIR
+    NAMES libtasn1.h
+    PATHS
+    ${LIB_DIR}/include
+    "$ENV{LIB_DIR}/include"
+    $ENV{INCLUDE}
+    /usr/local/include
+    /usr/include
+)
+
+find_library(LIBTASN1_LIBRARY
+    NAMES tasn1
+    PATHS
+    ${LIB_DIR}
+    "$ENV{LIB_DIR}"
+    $ENV{LIB}
+    /usr/local/lib
+    /usr/lib
+)
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(
+  Libtasn1
+  REQUIRED_VARS LIBTASN1_INCLUDE_DIR LIBTASN1_LIBRARY
+  FOUND_VAR LIBTASN1_FOUND
+)
+
+mark_as_advanced(LIBTASN1_INCLUDE_DIR LIBTASN1_LIBRARY)
diff --git a/resources/CMakeLists.txt b/resources/CMakeLists.txt
@@ -9,3 +9,9 @@ INSTALL(DIRECTORY data DESTINATION ${QGIS_DATA_DIR}/resources)
 IF (WITH_SERVER)
         INSTALL(DIRECTORY server DESTINATION ${QGIS_DATA_DIR}/resources)
 ENDIF (WITH_SERVER)
+
+IF (APPLE)
+  # ASN.1 definition files of PKIX elements
+  INSTALL(FILES pkcs8.asn
+          DESTINATION ${QGIS_DATA_DIR}/resources)
+ENDIF (APPLE)
diff --git a/resources/pkcs8.asn b/resources/pkcs8.asn
@@ -0,0 +1,63 @@
+PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-8(8)
+         modules(1) pkcs-8(1)}
+
+-- $Revision: 1.5 $
+
+-- This module has been checked for conformance with the ASN.1
+-- standard by the OSS ASN.1 Tools
+
+DEFINITIONS EXPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS All --
+-- All types and values defined in this module is exported for use in
+-- other ASN.1 modules.
+
+-- attribute data types --
+
+Attribute       ::=     SEQUENCE {
+        type            AttributeType,
+        values  SET OF AttributeValue
+                -- at least one value is required --
+}
+
+AttributeType           ::=   OBJECT IDENTIFIER
+
+AttributeValue          ::=   ANY DEFINED BY type
+
+AttributeTypeAndValue           ::=     SEQUENCE {
+        type    AttributeType,
+        value   AttributeValue }
+
+AlgorithmIdentifier  ::=  SEQUENCE  {
+     algorithm               OBJECT IDENTIFIER,
+     parameters              ANY DEFINED BY algorithm OPTIONAL  }
+                                -- contains a value of the type
+                                -- registered for use with the
+                                -- algorithm object identifier value
+
+-- Private-key information syntax
+
+PrivateKeyInfo ::= SEQUENCE {
+  version Version,
+  privateKeyAlgorithm AlgorithmIdentifier,
+  privateKey PrivateKey,
+  attributes [0] Attributes OPTIONAL }
+
+Version ::= INTEGER {v1(0)}
+
+PrivateKey ::= OCTET STRING
+
+Attributes ::= SET OF Attribute
+
+-- Encrypted private-key information syntax
+
+EncryptedPrivateKeyInfo ::= SEQUENCE {
+    encryptionAlgorithm AlgorithmIdentifier,
+    encryptedData EncryptedData
+}
+
+EncryptedData ::= OCTET STRING
+
+END
diff --git a/src/core/CMakeLists.txt b/src/core/CMakeLists.txt
@@ -1179,6 +1179,13 @@ INCLUDE_DIRECTORIES(SYSTEM
   ${QTKEYCHAIN_INCLUDE_DIR}
 )
 
+IF (APPLE)
+  # Libtasn1 is for DER-encoded PKI ASN.1 parsing/extracting workarounds
+  INCLUDE_DIRECTORIES(SYSTEM
+    ${LIBTASN1_INCLUDE_DIR}
+  )
+ENDIF (APPLE)
+
 
 #for PAL classes
 IF (WIN32)
@@ -1249,7 +1256,7 @@ IF (WIN32)
 ENDIF (WIN32)
 
 IF (APPLE)
-  TARGET_LINK_LIBRARIES(qgis_core qgis_native)
+  TARGET_LINK_LIBRARIES(qgis_core qgis_native ${LIBTASN1_LIBRARY})
 ENDIF (APPLE)
 
 IF (NOT WITH_INTERNAL_QEXTSERIALPORT)