Search also from Thales LDAP (#1345)

IB-8403

Signed-off-by: Raul Metsma <[email protected]>

Author: metsma

CMakeLists.txt

@@ -17,8 +17,8 @@ set_env( TSL_URL "https://ec.europa.eu/tools/lotl/eu-lotl.xml" CACHE STRING "TSL
 set_env( TSL_INCLUDE "EE" CACHE STRING "TSL list include in binary" )
 set_env(CDOC2_GET_URL "https://cdoc2.id.ee:8444" CACHE STRING "CDoc 2.0 Key Server get URL")
 set_env(CDOC2_POST_URL "https://cdoc2.id.ee:8443" CACHE STRING "CDoc 2.0 Key Server post URL")
-set_env( MOBILEID_URL "https://dd-mid.ria.ee/mid-api" CACHE STRING "URL for Mobile-ID" )
-set_env( SMARTID_URL "https://dd-sid.ria.ee/v1" CACHE STRING "URL for Smart-ID" )
+set_env(MOBILEID_URL "https://eid-dd.ria.ee/mid" CACHE STRING "URL for Mobile-ID")
+set_env(SMARTID_URL "https://eid-dd.ria.ee/sid/v2" CACHE STRING "URL for Smart-ID")
 set(VERSION ${PROJECT_VERSION}.${BUILD_NUMBER})
 set(CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/cmake/modules)
 set(CMAKE_INCLUDE_CURRENT_DIR ON)

client/LdapSearch.cpp

@@ -50,7 +50,7 @@ using namespace std::chrono;
 template<typename T>
 static constexpr auto TO_QSTR(const T *str)
 {
-	if constexpr (std::is_same<T,char>::value)
+	if constexpr (std::is_same_v<T,char>)
 		return QLatin1String(str);
 	else
 		return QStringView(str);
@@ -60,15 +60,15 @@ class LdapSearch::Private
 {
 public:
 	LDAP *ldap {};
-	QByteArray host;
+	QUrl url;
 	QTimer *timer {};
 };
 
-LdapSearch::LdapSearch(QByteArray host, QObject *parent)
+LdapSearch::LdapSearch(const QString &url, QObject *parent)
 :	QObject( parent )
 ,	d(new Private)
 {
-	d->host = std::move(host);
+	d->url = QUrl(url);
 	d->timer = new QTimer(this);
 	d->timer->setSingleShot(true);
 	connect(d->timer, &QTimer::timeout, this, [this]{
@@ -94,18 +94,18 @@ bool LdapSearch::init()
 	}
 
 #ifdef Q_OS_WIN
-	QUrl url(d->host);
-	int ssl = url.scheme() == QStringLiteral("ldaps") ? 1 : 0;
-	QString host = url.host();
-	ULONG port = ULONG(url.port(ssl ? LDAP_SSL_PORT : LDAP_PORT));
+	int ssl = d->url.scheme() == QLatin1String("ldaps") ? 1 : 0;
+	QString host = d->url.host();
+	ULONG port = ULONG(d->url.port(ssl ? LDAP_SSL_PORT : LDAP_PORT));
 	if(d->ldap = ldap_sslinit(TO_STR(host), port, ssl); !d->ldap)
 	{
 		setLastError(tr("Failed to init ldap"), int(LdapGetLastError()));
 		return false;
 	}
 	ULONG err = 0;
 #else
-	int err = ldap_initialize(&d->ldap, d->host.constData());
+	QByteArray host = d->url.toString(QUrl::RemovePath|QUrl::RemoveQuery|QUrl::RemoveFragment).toUtf8();
+	int err = ldap_initialize(&d->ldap, host.constData());
 	if(err)
 	{
 		setLastError(tr("Failed to init ldap"), err);
@@ -148,11 +148,6 @@ bool LdapSearch::init()
 	return !err;
 }
 
-bool LdapSearch::isSSL() const
-{
-	return QUrl(d->host).scheme() == QStringLiteral("ldaps");
-}
-
 void LdapSearch::search(const QString &search, const QVariantMap &userData)
 {
 	if(!init())
@@ -166,7 +161,8 @@ void LdapSearch::search(const QString &search, const QVariantMap &userData)
 	std::array<STR_T, 2> attrs { STR("userCertificate;binary"), nullptr };
 
 	ULONG msg_id = 0;
-	int err = ldap_search_ext(d->ldap, STR("c=EE"), LDAP_SCOPE_SUBTREE,
+	QString path = d->url.path();
+	int err = ldap_search_ext(d->ldap, TO_STR(path.isEmpty() ? "c=EE" : path.remove(0, 1)), LDAP_SCOPE_SUBTREE,
 		TO_STR(search), attrs.data(), 0, nullptr, nullptr, LDAP_NO_LIMIT, LDAP_NO_LIMIT, &msg_id);
 	if(err)
 		return setLastError( tr("Failed to init ldap search"), err );
@@ -175,8 +171,7 @@ void LdapSearch::search(const QString &search, const QVariantMap &userData)
 	connect(timer, &QTimer::timeout, this, [this, msg_id, timer, userData] {
 		LDAPMessage *result = nullptr;
 		LDAP_TIMEVAL t { 5, 0 };
-		int err = ldap_result(d->ldap, msg_id, LDAP_MSG_ALL, &t, &result);
-		switch(err)
+		switch(int err = ldap_result(d->ldap, msg_id, LDAP_MSG_ALL, &t, &result))
 		{
 		case LDAP_SUCCESS: //Timeout
 			return;

client/LdapSearch.h

@@ -27,10 +27,9 @@ class LdapSearch final: public QObject
 	Q_OBJECT
 
 public:
-	LdapSearch(QByteArray host, QObject *parent = nullptr);
+	LdapSearch(const QString &url, QObject *parent = nullptr);
 	~LdapSearch() final;
 
-	bool isSSL() const;
 	void search(const QString &search, const QVariantMap &userData);
 
 Q_SIGNALS:

client/dialogs/AddRecipients.cpp

@@ -23,7 +23,6 @@
 
 #include "Application.h"
 #include "CheckConnection.h"
-#include "common_enums.h"
 #include "FileDialog.h"
 #include "IKValidator.h"
 #include "LdapSearch.h"
@@ -32,20 +31,28 @@
 #include "TokenData.h"
 #include "dialogs/WarningDialog.h"
 #include "effects/Overlay.h"
+#include "widgets/AddressItem.h"
+#include "widgets/ItemList.h"
 
 #include <QtCore/QDateTime>
 #include <QtCore/QJsonArray>
-#include <QtCore/QJsonObject>
 #include <QtNetwork/QSslConfiguration>
 #include <QtNetwork/QSslError>
 #include <QtWidgets/QMessageBox>
 
 AddRecipients::AddRecipients(ItemList* itemList, QWidget *parent)
 	: QDialog(parent)
 	, ui(new Ui::AddRecipients)
-	, ldap_person(new LdapSearch(defaultUrl(QLatin1String("LDAP-PERSON-URL"), QStringLiteral("ldaps://esteid.ldap.sk.ee")).toUtf8(), this))
-	, ldap_corp(new LdapSearch(defaultUrl(QLatin1String("LDAP-CORP-URL"), QStringLiteral("ldaps://k3.ldap.sk.ee")).toUtf8(), this))
+	, ldap_corp(new LdapSearch(Application::confValue(QLatin1String("LDAP-CORP-URL")).toString(QStringLiteral("ldaps://k3.ldap.sk.ee")), this))
 {
+	for(const auto list = Application::confValue(QLatin1String("LDAP-PERSON-URLS")).toArray(); auto url: list) {
+		ldap_person.append(new LdapSearch(url.toString(), this));
+	}
+	if(ldap_person.isEmpty()) {
+		ldap_person.append(new LdapSearch(QStringLiteral("ldaps://esteid.ldap.sk.ee"), this));
+		ldap_person.append(new LdapSearch(QStringLiteral("ldaps://ldap.eidpki.ee/dc=eidpki,dc=ee"), this));
+	}
+
 	ui->setupUi(this);
 #if defined (Q_OS_WIN)
 	ui->actionLayout->setDirection(QBoxLayout::RightToLeft);
@@ -62,9 +69,11 @@ AddRecipients::AddRecipients(ItemList* itemList, QWidget *parent)
 		ui->leftPane->clear();
 		search(term);
 	});
-	connect(ldap_person, &LdapSearch::searchResult, this, &AddRecipients::showResult);
+	for(auto ldap: ldap_person) {
+		connect(ldap, &LdapSearch::searchResult, this, &AddRecipients::showResult);
+		connect(ldap, &LdapSearch::error, this, &AddRecipients::showError);
+	}
 	connect(ldap_corp, &LdapSearch::searchResult, this, &AddRecipients::showResult);
-	connect(ldap_person, &LdapSearch::error, this, &AddRecipients::showError);
 	connect(ldap_corp, &LdapSearch::error, this, &AddRecipients::showError);
 	connect(this, &AddRecipients::finished, this, &AddRecipients::close);
 
@@ -139,7 +148,7 @@ void AddRecipients::addRecipientFromHistory()
 
 		ui->leftPane->clear();
 		for(const HistoryCertData &certData: selectedCertData) {
-			QString term = (certData.type == QStringLiteral("1") || certData.type == QStringLiteral("3")) ? certData.CN : certData.CN.split(',').value(2);
+			QString term = (certData.type == QLatin1String("1") || certData.type == QLatin1String("3")) ? certData.CN : certData.CN.split(',').value(2);
 			search(term, true, certData.type);
 		}
 	});
@@ -153,13 +162,11 @@ void AddRecipients::addRecipient(const QSslCertificate& cert, bool select)
 	{
 		leftItem = new AddressItem(cert, AddressItem::Add, ui->leftPane);
 		ui->leftPane->addWidget(leftItem);
-		bool contains = rightList.contains(cert);
-		leftItem->setDisabled(contains);
+		leftItem->setDisabled(rightList.contains(cert));
 		connect(leftItem, &AddressItem::add, this, [this](Item *item) { addRecipientToRightPane(item); });
 		if(auto *add = ui->leftPane->findChild<QWidget*>(QStringLiteral("add")))
 			add->setVisible(true);
 	}
-
 	if(select)
 		addRecipientToRightPane(leftItem);
 }
@@ -202,7 +209,6 @@ void AddRecipients::addRecipientToRightPane(Item *item, bool update)
 				return;
 		}
 	}
-	updated = update;
 
 	rightList.append(key);
 
@@ -212,7 +218,6 @@ void AddRecipients::addRecipientToRightPane(Item *item, bool update)
 		if(auto *leftItem = itemListValue(ui->leftPane, rightItem->getKey().cert))
 			leftItem->setDisabled(false);
 		rightList.removeAll(rightItem->getKey());
-		updated = true;
 		ui->confirm->setDisabled(rightList.isEmpty());
 	});
 	ui->rightPane->addWidget(rightItem);
@@ -222,14 +227,9 @@ void AddRecipients::addRecipientToRightPane(Item *item, bool update)
 		leftItem->setDisabled(true);
 }
 
-QString AddRecipients::defaultUrl(QLatin1String key, const QString &defaultValue)
-{
-	return Application::confValue(key).toString(defaultValue);
-}
-
 bool AddRecipients::isUpdated() const
 {
-	return updated;
+	return ui->confirm->isEnabled();
 }
 
 AddressItem* AddRecipients::itemListValue(ItemList *list, const CKey &cert)
@@ -273,6 +273,7 @@ void AddRecipients::search(const QString &term, bool select, const QString &type
 		.replace(QStringLiteral("("), QStringLiteral("\\("))
 		.replace(QStringLiteral(")"), QStringLiteral("\\)"));
 #endif
+	multiSearch = 0;
 	bool isDigit = false;
 	void(cleanTerm.toULongLong(&isDigit));
 	if(!isDigit || (cleanTerm.size() != 11 && cleanTerm.size() != 8))
@@ -282,7 +283,10 @@ void AddRecipients::search(const QString &term, bool select, const QString &type
 	else if(IKValidator::isValid(cleanTerm))
 	{
 		userData[QStringLiteral("personSearch")] = true;
-		ldap_person->search(QStringLiteral("(serialNumber=%1%2)" ).arg(ldap_person->isSSL() ? QStringLiteral("PNOEE-") : QString(), cleanTerm), userData);
+		for(auto *ldap: ldap_person) {
+			ldap->search(QStringLiteral("(serialNumber=PNOEE-%1)").arg(cleanTerm), userData);
+			++multiSearch;
+		}
 	}
 	else
 	{
@@ -314,7 +318,7 @@ void AddRecipients::showResult(const QList<QSslCertificate> &result, int resultC
 	}
 	if(resultCount >= 50)
 		showError(tr("The name you were looking for gave too many results, please refine your search."));
-	else if(ui->leftPane->items.isEmpty())
+	else if(--multiSearch <= 0 && ui->leftPane->items.isEmpty())
 	{
 		showError(tr("Person or company does not own a valid certificate.<br />"
 			"It is necessary to have a valid certificate for encryption.<br />"

client/dialogs/AddRecipients.h

@@ -20,16 +20,16 @@
 #pragma once
 
 #include "CertificateHistory.h"
-#include "widgets/AddressItem.h"
-#include "widgets/ItemList.h"
 
 #include <QDialog>
-#include <QHash>
 
 namespace Ui {
 class AddRecipients;
 }
 
+class AddressItem;
+class Item;
+class ItemList;
 class LdapSearch;
 class QSslCertificate;
 
@@ -50,17 +50,17 @@ class AddRecipients final : public QDialog
 	void addRecipient(const QSslCertificate& cert, bool select = true);
 	void addRecipientToRightPane(Item *item, bool update = true);
 
-	AddressItem* itemListValue(ItemList *list, const CKey &cert);
 	void search(const QString &term, bool select = false, const QString &type = {});
 	void showError(const QString &msg, const QString &details = {});
 	void showResult(const QList<QSslCertificate> &result, int resultCount, const QVariantMap &userData);
 
-	static QString defaultUrl(QLatin1String key, const QString &defaultValue);
+	static AddressItem* itemListValue(ItemList *list, const CKey &cert);
 
 	Ui::AddRecipients *ui;
 	QList<CKey> rightList;
-	LdapSearch *ldap_person, *ldap_corp;
-	bool updated = false;
+	QList<LdapSearch*> ldap_person;
+	LdapSearch *ldap_corp;
+	int multiSearch = 0;
 
 	HistoryList historyCertData;
 };

client/widgets/ItemList.cpp

@@ -171,7 +171,6 @@ void ItemList::init(ItemType item, const char *header)
 {
 	itemType = item;
 	ui->listHeader->setText(tr(header));
-	ui->listHeader->setAccessibleName(tr(header));
 	listText = header;
 	ui->listHeader->setFont( Styles::font(Styles::Regular, 20));