I'm trying to unpack my pkcs12 file in my Qt application - but having no luck. I'm building a Qt Console App (GUI disabled).
(I've followed this guide: https://github.com/trueos/sysadm-ui-qt/blob/master/src-qt5/gui_client/SSLNotes.txt)
Pkcs12 creation commands:
"openssl req -newkey rsa:2048 -nodes -keyout test_key.pem"
"openssl req -key test_key -new -x509 -out test_crt.crt"
"openssl pkcs12 -inkey test_key.pem -in test_crt.crt -export -passout stdin -out new.pfx"
Qt Code:
QString password="1234";
QFile pkcs("/Users/test/Desktop/certs/new.pfx");
pkcs.open(QFile::ReadOnly);
QSslKey key;
QSslCertificate cert;
QList<QSslCertificate> imported_certs;
static bool import=QSslCertificate::importPkcs12(&pkcs,&key,&cert,&imported_certs,QByteArray::fromStdString(password.toStdString()));
pkcs.close();
qDebug()<<import;
Manually extracting the key and the file have worked using openssl commands.
Error Message:
"Unimplemented Code."
Any ideas?
Try using Qt < 5.6 like Qt 5.5.
In the Qt 5.6 the default SSL backend was changed from OpenSSL to Secure Transport on the Mac OS platform.
This problem already filled as a Bug: https://bugreports.qt.io/browse/QTBUG-56596
After beating my head against the wall with this a few times with this sort of thing, I found a good shortcut.
I import the certificate into a Windows machine (ensuring that the private key is marked as exportable) and verify that the certificate path is valid in the certificate manager. If I need to import certificates, I do it here until the issued certificate path is good. Once this is done, I re-export the certificate and private key into a new PKCS12 file, including the root and intermediary certificates. This produces a single file that can be imported into an ASA or IOS router and works flawlessly because everything the unit needs is present in one file.
Be sure to delete the certificate from the Windows machine when you're done exporting the certificate set.
Maybe this link will help you out:
TAKEN FROM: https://supportforums.cisco.com/discussion/12347971/failed-parse-or-verify-imported-certifiate-asa-5505-831
QSslCertificate::importPkcs12() will return "Unimplemented code." on macOS or iOS platforms because those Qt kits were been configured to use Secure Transport instead of OpenSSL.
To get the best of both worlds, I found that one could keep their Qt kits configured for Secure Transport, but, at the same time, link to OpenSSL to implement an OpenSSL specific implementation of importPkcs12.
The following is a snippet where we turn on our custom implementation for macOS and iOS:
#ifdef Q_OS_IOS
#define IMPORTPKCS12_OPENSSL
#endif
#ifdef Q_OS_MACOS
#define IMPORTPKCS12_OPENSSL
#endif
bool ImportPkcs12Patch::importPkcs12(QIODevice *device, QSslKey *key, QSslCertificate *certificate, QList<QSslCertificate> *caCertificates, const QByteArray &passPhrase)
{
#ifdef IMPORTPKCS12_OPENSSL
return importPkcs12_openssl(device, key, certificate, caCertificates, passPhrase );
#else
return QSslCertificate::importPkcs12(device, key, certificate, caCertificates, passPhrase );
#endif
}
For a complete working example, consult the sample here:
https://github.com/stephenquan/QtImportPKCS12
To build OpenSSL prerequisites for iOS and macOS, consult here:
来源:https://stackoverflow.com/questions/39394029/qsslcertificateimportpkcs12-fails-to-parse-pfx-file