Katana_mirror/kdelibs
1
0
Fork 0
mirror of https://bitbucket.org/smil3y/kdelibs.git synced 2025-02-23 18:32:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

generic: drop SSL configuration support

Browse source 
SSL socket is used only in the ftp slave and in the dictionary
data engine for plasma which should use QSslConfiguration to
apply any prefernces - they do not

Signed-off-by: Ivailo Monev <xakepa10@gmail.com>
This commit is contained in:
Ivailo Monev 2022-02-20 01:28:13 +02:00
parent 2d86198f48
commit 11ea54d213
42 changed files with 0 additions and 4324 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
kdecore/CMakeLists.txt
View file

@ -12,9 +12,6 @@ configure_file(
${CMAKE_CURRENT_BINARY_DIR}/kdeversion.h
)
# Configure checks for network/
include(network/ConfigureChecks.cmake)
# Configure checks for date/
include(date/ConfigureChecks.cmake)
configure_file(
@ -102,7 +99,6 @@ if(ENABLE_TESTING)
add_subdirectory(tests)
add_subdirectory(sonnet/tests)
endif()
add_subdirectory(network/kssld)
########### next target ###############
@ -205,7 +201,6 @@ set(kdecore_LIB_SRCS
sonnet/backgroundengine.cpp
sonnet/globals.cpp
network/ksslcertificatemanager.cpp
localization/kcatalog.cpp
localization/kcurrencycode.cpp
localization/kcharsets.cpp

20
kdecore/network/ConfigureChecks.cmake
View file

@ -1,20 +0,0 @@
####### checks for kdecore/network ###############
include(CMakePushCheckState)
cmake_reset_check_state()
set(CMAKE_REQUIRED_INCLUDES "${QT_INCLUDE_DIR}")
set(CMAKE_REQUIRED_DEFINITIONS "${QT_DEFINITIONS}")
check_cxx_source_compiles(
"#include <QtNetwork/QSslSocket>
int main()
{
QSslSocket *socket;
return 0;
}" HAVE_QSSLSOCKET
)
if (NOT HAVE_QSSLSOCKET)
message(SEND_ERROR "KDE Requires Katie to be built with SSL support")
endif()
cmake_reset_check_state()

534
kdecore/network/ksslcertificatemanager.cpp
View file

@ -1,534 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2007, 2008, 2010 Andreas Hartmetz <ahartmetz@gmail.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include "ksslcertificatemanager.h"
#include "ksslcertificatemanager_p.h"
#include <kconfig.h>
#include <kconfiggroup.h>
#include <kdebug.h>
#include <kglobal.h>
#include <klocale.h>
#include <kstandarddirs.h>
#include <ktoolinvocation.h>
#include <QtDBus/QtDBus>
#include <QtCore/qfile.h>
#include <QtCore/qdir.h>
#include <QSslSocket>
#include "kssld/kssld_interface.h"
/*
Config file format:
[<MD5-Digest>]
<Host> = <Date> <List of ignored errors>
#for example
#mail.kdab.net = ExpireUTC 2008-08-20T18:22:14, SelfSigned, Expired
#very.old.com = ExpireUTC 2008-08-20T18:22:14, TooWeakEncryption <- not actually planned to implement
#clueless.admin.com = ExpireUTC 2008-08-20T18:22:14, HostNameMismatch
#
#Wildcard syntax
#* = ExpireUTC 2008-08-20T18:22:14, SelfSigned
#*.kdab.net = ExpireUTC 2008-08-20T18:22:14, SelfSigned
#mail.kdab.net = ExpireUTC 2008-08-20T18:22:14, All <- not implemented
#* = ExpireUTC 9999-12-31T23:59:59, Reject #we know that something is wrong with that certificate
CertificatePEM = <PEM-encoded certificate> #host entries are all lowercase, thus no clashes
*/
// TODO GUI for managing exception rules
class KSslCertificateRulePrivate
{
public:
QSslCertificate certificate;
QString hostName;
bool isRejected;
QDateTime expiryDateTime;
QList<QSslError::SslError> ignoredErrors;
};
KSslCertificateRule::KSslCertificateRule(const QSslCertificate &cert, const QString &hostName)
: d(new KSslCertificateRulePrivate())
{
d->certificate = cert;
d->hostName = hostName;
d->isRejected = false;
}
KSslCertificateRule::KSslCertificateRule(const KSslCertificateRule &other)
: d(new KSslCertificateRulePrivate())
{
*d = *other.d;
}
KSslCertificateRule::~KSslCertificateRule()
{
delete d;
}
KSslCertificateRule &KSslCertificateRule::operator=(const KSslCertificateRule &other)
{
*d = *other.d;
return *this;
}
QSslCertificate KSslCertificateRule::certificate() const
{
return d->certificate;
}
QString KSslCertificateRule::hostName() const
{
return d->hostName;
}
void KSslCertificateRule::setExpiryDateTime(const QDateTime &dateTime)
{
d->expiryDateTime = dateTime;
}
QDateTime KSslCertificateRule::expiryDateTime() const
{
return d->expiryDateTime;
}
void KSslCertificateRule::setRejected(bool rejected)
{
d->isRejected = rejected;
}
bool KSslCertificateRule::isRejected() const
{
return d->isRejected;
}
bool KSslCertificateRule::isErrorIgnored(QSslError::SslError error) const
{
foreach (QSslError::SslError ignoredError, d->ignoredErrors)
if (error == ignoredError)
return true;
return false;
}
void KSslCertificateRule::setIgnoredErrors(const QList<QSslError::SslError> &errors)
{
d->ignoredErrors.clear();
//### Quadratic runtime, woohoo! Use a QSet if that should ever be an issue.
foreach(QSslError::SslError e, errors)
if (!isErrorIgnored(e))
d->ignoredErrors.append(e);
}
void KSslCertificateRule::setIgnoredErrors(const QList<QSslError> &errors)
{
QList<QSslError::SslError> el;
foreach(const QSslError &e, errors)
el.append(e.error());
setIgnoredErrors(el);
}
QList<QSslError::SslError> KSslCertificateRule::ignoredErrors() const
{
return d->ignoredErrors;
}
QList<QSslError::SslError> KSslCertificateRule::filterErrors(const QList<QSslError::SslError> &errors) const
{
QList<QSslError::SslError> ret;
foreach (QSslError::SslError error, errors) {
if (!isErrorIgnored(error))
ret.append(error);
}
return ret;
}
QList<QSslError> KSslCertificateRule::filterErrors(const QList<QSslError> &errors) const
{
QList<QSslError> ret;
foreach (const QSslError &error, errors) {
if (!isErrorIgnored(error.error()))
ret.append(error);
}
return ret;
}
////////////////////////////////////////////////////////////////////
static QList<QSslCertificate> deduplicate(const QList<QSslCertificate> &certs)
{
QSet<QByteArray> digests;
QList<QSslCertificate> ret;
foreach (const QSslCertificate &cert, certs) {
QByteArray digest = cert.digest();
if (!digests.contains(digest)) {
digests.insert(digest);
ret.append(cert);
}
}
return ret;
}
KSslCertificateManagerPrivate::KSslCertificateManagerPrivate()
: config(QString::fromLatin1("ksslcertificatemanager"), KConfig::SimpleConfig),
iface(new org::kde::KSSLDInterface(QString::fromLatin1("org.kde.kded"),
QString::fromLatin1("/modules/kssld"),
QDBusConnection::sessionBus())),
isCertListLoaded(false),
userCertDir(KGlobal::dirs()->saveLocation("data", QString::fromLatin1("kssl/userCaCertificates/")))
{
// set Qt's set to empty; this is protected by the lock in K_GLOBAL_STATIC.
QSslSocket::setDefaultCaCertificates(QList<QSslCertificate>());
}
KSslCertificateManagerPrivate::~KSslCertificateManagerPrivate()
{
delete iface;
iface = 0;
}
void KSslCertificateManagerPrivate::loadDefaultCaCertificates()
{
defaultCaCertificates.clear();
if (!KGlobal::hasMainComponent()) {
Q_ASSERT(false);
return; // we need KGlobal::dirs() available
}
QList<QSslCertificate> certs = deduplicate(QSslSocket::systemCaCertificates());
KConfig config(QString::fromLatin1("ksslcablacklist"), KConfig::SimpleConfig);
KConfigGroup group = config.group("Blacklist of CA Certificates");
certs.append(QSslCertificate::fromPath(userCertDir + QLatin1String("*"), QSsl::Pem,
QRegExp::Wildcard));
foreach (const QSslCertificate &cert, certs) {
const QByteArray digest = cert.digest().toHex();
if (!group.hasKey(digest.constData())) {
defaultCaCertificates += cert;
}
}
isCertListLoaded = true;
}
bool KSslCertificateManagerPrivate::addCertificate(const KSslCaCertificate &in)
{
kDebug(7029);
// cannot add a certificate to the system store
if (in.store == KSslCaCertificate::SystemStore) {
Q_ASSERT(false);
return false;
}
if (knownCerts.contains(in.certHash)) {
Q_ASSERT(false);
return false;
}
QString certFilename = userCertDir + QString::fromLatin1(in.certHash);
kDebug(7029) << certFilename;
QFile certFile(certFilename);
if (certFile.open(QIODevice::ReadOnly)) {
return false;
}
if (!certFile.open(QIODevice::WriteOnly)) {
return false;
}
if (certFile.write(in.cert.toPem()) < 1) {
return false;
}
knownCerts.insert(in.certHash);
updateCertificateBlacklisted(in);
return true;
}
bool KSslCertificateManagerPrivate::removeCertificate(const KSslCaCertificate &old)
{
kDebug(7029);
// cannot remove a certificate from the system store
if (old.store == KSslCaCertificate::SystemStore) {
Q_ASSERT(false);
return false;
}
if (!QFile::remove(userCertDir + QString::fromLatin1(old.certHash))) {
// suppose somebody copied a certificate file into userCertDir without changing the
// filename to the digest.
// the rest of the code will work fine because it loads all certificate files from
// userCertDir without asking for the name, we just can't remove the certificate using
// its digest as filename - so search the whole directory.
// if the certificate was added with the digest as name *and* with a different name, we
// still fail to remove it completely at first try - BAD USER! BAD!
bool removed = false;
QDir dir(userCertDir);
foreach (const QString &certFilename, dir.entryList(QDir::Files)) {
const QString certPath = userCertDir + certFilename;
QList<QSslCertificate> certs = QSslCertificate::fromPath(certPath);
if (!certs.isEmpty() && certs.at(0).digest().toHex() == old.certHash) {
if (QFile::remove(certPath)) {
removed = true;
} else {
// maybe the file is readable but not writable
return false;
}
}
}
if (!removed) {
// looks like the file is not there
return false;
}
}
// note that knownCerts *should* need no updating due to the way setAllCertificates() works -
// it should never call addCertificate and removeCertificate for the same cert in one run
// clean up the blacklist
setCertificateBlacklisted(old.certHash, false);
return true;
}
static bool certLessThan(const KSslCaCertificate &cacert1, const KSslCaCertificate &cacert2)
{
if (cacert1.store != cacert2.store) {
// SystemStore is numerically smaller so the system certs come first; this is important
// so that system certificates come first in case the user added an already-present
// certificate as a user certificate.
return cacert1.store < cacert2.store;
}
return cacert1.certHash < cacert2.certHash;
}
void KSslCertificateManagerPrivate::setAllCertificates(const QList<KSslCaCertificate> &certsIn)
{
Q_ASSERT(knownCerts.isEmpty());
QList<KSslCaCertificate> in = certsIn;
QList<KSslCaCertificate> old = allCertificates();
qSort(in.begin(), in.end(), certLessThan);
qSort(old.begin(), old.end(), certLessThan);
for (int ii = 0, oi = 0; ii < in.size() || oi < old.size(); ++ii, ++oi) {
// look at all elements in both lists, even if we reach the end of one early.
if (ii >= in.size()) {
removeCertificate(old.at(oi));
continue;
} else if (oi >= old.size()) {
addCertificate(in.at(ii));
continue;
}
if (certLessThan (old.at(oi), in.at(ii))) {
// the certificate in "old" is not in "in". only advance the index of "old".
removeCertificate(old.at(oi));
ii--;
} else if (certLessThan(in.at(ii), old.at(oi))) {
// the certificate in "in" is not in "old". only advance the index of "in".
addCertificate(in.at(ii));
oi--;
} else { // in.at(ii) "==" old.at(oi)
if (in.at(ii).cert != old.at(oi).cert) {
// hash collision, be prudent(?) and don't do anything.
} else {
knownCerts.insert(old.at(oi).certHash);
if (in.at(ii).isBlacklisted != old.at(oi).isBlacklisted) {
updateCertificateBlacklisted(in.at(ii));
}
}
}
}
knownCerts.clear();
QMutexLocker certListLocker(&certListMutex);
isCertListLoaded = false;
loadDefaultCaCertificates();
}
QList<KSslCaCertificate> KSslCertificateManagerPrivate::allCertificates() const
{
kDebug(7029);
QList<KSslCaCertificate> ret;
foreach (const QSslCertificate &cert, deduplicate(QSslSocket::systemCaCertificates())) {
ret += KSslCaCertificate(cert, KSslCaCertificate::SystemStore, false);
}
foreach (const QSslCertificate &cert, QSslCertificate::fromPath(userCertDir + QLatin1String("*"),
QSsl::Pem, QRegExp::Wildcard)) {
ret += KSslCaCertificate(cert, KSslCaCertificate::UserStore, false);
}
KConfig config(QString::fromLatin1("ksslcablacklist"), KConfig::SimpleConfig);
KConfigGroup group = config.group("Blacklist of CA Certificates");
for (int i = 0; i < ret.size(); i++) {
if (group.hasKey(ret[i].certHash.constData())) {
ret[i].isBlacklisted = true;
kDebug(7029) << "is blacklisted";
}
}
return ret;
}
bool KSslCertificateManagerPrivate::updateCertificateBlacklisted(const KSslCaCertificate &cert)
{
return setCertificateBlacklisted(cert.certHash, cert.isBlacklisted);
}
bool KSslCertificateManagerPrivate::setCertificateBlacklisted(const QByteArray &certHash,
bool isBlacklisted)
{
kDebug(7029) << isBlacklisted;
KConfig config(QString::fromLatin1("ksslcablacklist"), KConfig::SimpleConfig);
KConfigGroup group = config.group("Blacklist of CA Certificates");
if (isBlacklisted) {
// TODO check against certificate list ?
group.writeEntry(certHash.constData(), QString());
} else {
if (!group.hasKey(certHash.constData())) {
return false;
}
group.deleteEntry(certHash.constData());
}
return true;
}
class KSslCertificateManagerContainer
{
public:
KSslCertificateManager sslCertificateManager;
};
K_GLOBAL_STATIC(KSslCertificateManagerContainer, g_instance)
KSslCertificateManager::KSslCertificateManager()
: d(new KSslCertificateManagerPrivate())
{
// Make sure kded is running
if (!QDBusConnection::sessionBus().interface()->isServiceRegistered(QString::fromLatin1("org.kde.kded"))) {
KToolInvocation::klauncher(); // this calls startKdeinit
}
}
KSslCertificateManager::~KSslCertificateManager()
{
delete d;
}
//static
KSslCertificateManager *KSslCertificateManager::self()
{
return &g_instance->sslCertificateManager;
}
void KSslCertificateManager::setRule(const KSslCertificateRule &rule)
{
d->iface->setRule(rule);
}
void KSslCertificateManager::clearRule(const KSslCertificateRule &rule)
{
d->iface->clearRule(rule);
}
void KSslCertificateManager::clearRule(const QSslCertificate &cert, const QString &hostName)
{
d->iface->clearRule(cert, hostName);
}
KSslCertificateRule KSslCertificateManager::rule(const QSslCertificate &cert,
const QString &hostName) const
{
return d->iface->rule(cert, hostName);
}
QList<QSslCertificate> KSslCertificateManager::caCertificates() const
{
QMutexLocker certLocker(&d->certListMutex);
if (!d->isCertListLoaded) {
d->loadDefaultCaCertificates();
}
return d->defaultCaCertificates;
}
//static
QList<QSslError> KSslCertificateManager::nonIgnorableErrors(const QList<QSslError> &/*e*/)
{
QList<QSslError> ret;
// ### add filtering here...
return ret;
}
//static
QList<QSslError::SslError> KSslCertificateManager::nonIgnorableErrors(const QList<QSslError::SslError> &/*e*/)
{
QList<QSslError::SslError> ret;
// ### add filtering here...
return ret;
}
QList<KSslCaCertificate> _allKsslCaCertificates(KSslCertificateManager *cm)
{
return KSslCertificateManagerPrivate::get(cm)->allCertificates();
}
void _setAllKsslCaCertificates(KSslCertificateManager *cm, const QList<KSslCaCertificate> &certsIn)
{
KSslCertificateManagerPrivate::get(cm)->setAllCertificates(certsIn);
}
#include "kssld/moc_kssld_interface.cpp"

86
kdecore/network/ksslcertificatemanager.h
View file

@ -1,86 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2007, 2008, 2010 Andreas Hartmetz <ahartmetz@gmail.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef INCLUDE_KSSLCERTIFICATEMANAGER_H
#define INCLUDE_KSSLCERTIFICATEMANAGER_H
#include "kdecore_export.h"
#include <QtNetwork/QSslCertificate>
#include <QtNetwork/QSslError>
#include <QtCore/qdatetime.h>
#include <QSslCertificate>
class KSslCertificateRulePrivate;
class KSslCertificateManagerPrivate;
//### document this... :/
class KDECORE_EXPORT KSslCertificateRule
{
public:
KSslCertificateRule(const QSslCertificate &cert = QSslCertificate(),
const QString &hostName = QString());
KSslCertificateRule(const KSslCertificateRule &other);
~KSslCertificateRule();
KSslCertificateRule &operator=(const KSslCertificateRule &other);
QSslCertificate certificate() const;
QString hostName() const;
void setExpiryDateTime(const QDateTime &dateTime);
QDateTime expiryDateTime() const;
void setRejected(bool rejected);
bool isRejected() const;
bool isErrorIgnored(QSslError::SslError error) const;
void setIgnoredErrors(const QList<QSslError::SslError> &errors);
void setIgnoredErrors(const QList<QSslError> &errors);
QList<QSslError::SslError> ignoredErrors() const;
QList<QSslError::SslError> filterErrors(const QList<QSslError::SslError> &errors) const;
QList<QSslError> filterErrors(const QList<QSslError> &errors) const;
private:
KSslCertificateRulePrivate *const d;
};
//### document this too... :/
class KDECORE_EXPORT KSslCertificateManager
{
public:
static KSslCertificateManager *self();
void setRule(const KSslCertificateRule &rule);
void clearRule(const KSslCertificateRule &rule);
void clearRule(const QSslCertificate &cert, const QString &hostName);
KSslCertificateRule rule(const QSslCertificate &cert, const QString &hostName) const;
QList<QSslCertificate> caCertificates() const;
static QList<QSslError> nonIgnorableErrors(const QList<QSslError> &);
static QList<QSslError::SslError> nonIgnorableErrors(const QList<QSslError::SslError> &);
private:
friend class KSslCertificateManagerContainer;
friend class KSslCertificateManagerPrivate;
KSslCertificateManager();
~KSslCertificateManager();
KSslCertificateManagerPrivate *const d;
};
#endif

103
kdecore/network/ksslcertificatemanager_p.h
View file

@ -1,103 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2010 Andreas Hartmetz <ahartmetz@gmail.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSLCERTIFICATEMANAGER_P_H
#define KSSLCERTIFICATEMANAGER_P_H
#include <QMutex>
#include <QSet>
#include "kconfig.h"
class KSslCaCertificate
{
public:
enum Store {
SystemStore = 0,
UserStore
};
// TODO see if we can get rid of the .toHex() for storage and comparison; requires
// several changes in KSslCertificateManager and CaCertificatesPage!
KSslCaCertificate(const QSslCertificate &c, Store s, bool _isBlacklisted)
: cert(c),
certHash(c.digest().toHex()),
store(s),
isBlacklisted(_isBlacklisted) { }
const QSslCertificate cert;
const QByteArray certHash;
const Store store;
bool isBlacklisted;
// the synthesized version without the const_casts doesn't compile
const KSslCaCertificate &operator=(const KSslCaCertificate &other)
{
const_cast<QSslCertificate &>(cert) = other.cert;
const_cast<QByteArray &>(certHash) = other.certHash;
const_cast<Store &>(store) = other.store;
isBlacklisted = other.isBlacklisted;
return *this;
}
};
class OrgKdeKSSLDInterface; // aka org::kde::KSSLDInterface
namespace org { namespace kde {
typedef ::OrgKdeKSSLDInterface KSSLDInterface;
}}
class KSslCertificateManagerPrivate
{
public:
KSslCertificateManagerPrivate();
~KSslCertificateManagerPrivate();
static KSslCertificateManagerPrivate *get(KSslCertificateManager *q)
{ return q->d; }
void loadDefaultCaCertificates();
// helpers for setAllCertificates()
bool addCertificate(const KSslCaCertificate &in);
bool removeCertificate(const KSslCaCertificate &old);
bool updateCertificateBlacklisted(const KSslCaCertificate &cert);
bool setCertificateBlacklisted(const QByteArray &certHash, bool isBlacklisted);
void setAllCertificates(const QList<KSslCaCertificate> &certsIn);
QList<KSslCaCertificate> allCertificates() const;
KConfig config;
org::kde::KSSLDInterface *iface;
QHash<QString, QSslError::SslError> stringToSslError;
QHash<QSslError::SslError, QString> sslErrorToString;
QList<QSslCertificate> defaultCaCertificates;
// for use in setAllCertificates() only
QSet<QByteArray> knownCerts;
QMutex certListMutex;
bool isCertListLoaded;
QString userCertDir;
};
// don't export KSslCertificateManagerPrivate to avoid unnecessary symbols in libkdecore
KDECORE_EXPORT QList<KSslCaCertificate> _allKsslCaCertificates(KSslCertificateManager *cm);
KDECORE_EXPORT void _setAllKsslCaCertificates(KSslCertificateManager *cm,
const QList<KSslCaCertificate> &certsIn);
#endif //KSSLCERTIFICATEMANAGER_P_H

20
kdecore/network/kssld/CMakeLists.txt
View file

@ -1,20 +0,0 @@
kde4_add_plugin(kded_kssld kssld.cpp)
target_link_libraries(kded_kssld
${KDE4_KDECORE_LIBS}
${QT_QTNETWORK_LIBRARY}
)
install(
TARGETS kded_kssld
DESTINATION ${KDE4_PLUGIN_INSTALL_DIR}
)
install(
FILES kssld.desktop
DESTINATION ${KDE4_SERVICES_INSTALL_DIR}/kded
)

280
kdecore/network/kssld/kssld.cpp
View file

@ -1,280 +0,0 @@
/*
This file is part of the KDE libraries
Copyright (c) 2007, 2008, 2010 Andreas Hartmetz <ahartmetz@gmail.com>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Library General Public License
along with this library; see the file COPYING.LIB. If not, write to
the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA.
*/
#include "kssld.h"
#include "ksslcertificatemanager.h"
#include "kssld_adaptor.h"
#include <kconfig.h>
#include <kconfiggroup.h>
#include <QtCore/QFile>
#include <kglobal.h>
#include <kstandarddirs.h>
#include <kdebug.h>
#include <QtCore/qdatetime.h>
#include <kpluginfactory.h>
#include <kpluginloader.h>
K_PLUGIN_FACTORY(KSSLDFactory, registerPlugin<KSSLD>();)
K_EXPORT_PLUGIN(KSSLDFactory("kssld"))
class KSSLDPrivate
{
public:
KSSLDPrivate()
: config(QString::fromLatin1("ksslcertificatemanager"), KConfig::SimpleConfig)
{
struct strErr {
const char *str;
QSslError::SslError err;
};
//hmmm, looks like these are all of the errors where it is possible to continue.
const static strErr strError[] = {
{"NoError", QSslError::NoError},
{"UnspecifiedError", QSslError::UnspecifiedError},
{"UnableToGetLocalIssuerCertificate", QSslError::UnableToGetLocalIssuerCertificate},
{"InvalidCaCertificate", QSslError::InvalidCaCertificate},
{"CertificateSignatureFailed", QSslError::CertificateSignatureFailed},
{"SelfSignedCertificate", QSslError::SelfSignedCertificate},
{"RevokedCertificate", QSslError::CertificateRevoked},
{"InvalidPurpose", QSslError::InvalidPurpose},
{"CertificateRejected", QSslError::CertificateRejected},
{"CertificateUntrusted", QSslError::CertificateUntrusted},
{"CertificateExpired", QSslError::CertificateExpired},
{"HostNameMismatch", QSslError::HostNameMismatch}
};
for (int i = 0; i < int(sizeof(strError)/sizeof(strErr)); i++) {
QString s = QString::fromLatin1(strError[i].str);
QSslError::SslError e = strError[i].err;
stringToSslError.insert(s, e);
sslErrorToString.insert(e, s);
}
}
KConfig config;
QHash<QString, QSslError::SslError> stringToSslError;
QHash<QSslError::SslError, QString> sslErrorToString;
};
KSSLD::KSSLD(QObject* parent, const QVariantList&)
: KDEDModule(parent),
d(new KSSLDPrivate())
{
new KSSLDAdaptor(this);
pruneExpiredRules();
}
KSSLD::~KSSLD()
{
delete d;
}
void KSSLD::setRule(const KSslCertificateRule &rule)
{
if (rule.hostName().isEmpty()) {
return;
}
KConfigGroup group = d->config.group(rule.certificate().digest().toHex());
QStringList sl;
QString dtString = QString::fromLatin1("ExpireUTC ");
dtString.append(rule.expiryDateTime().toString(Qt::ISODate));
sl.append(dtString);
if (rule.isRejected()) {
sl.append(QString::fromLatin1("Reject"));
} else {
foreach (QSslError::SslError e, rule.ignoredErrors())
sl.append(d->sslErrorToString.value(e));
}
if (!group.hasKey("CertificatePEM"))
group.writeEntry("CertificatePEM", rule.certificate().toPem());
#ifdef PARANOIA
else
if (group.readEntry("CertificatePEM") != rule.certificate().toPem())
return;
#endif
group.writeEntry(rule.hostName(), sl);
group.sync();
}
void KSSLD::clearRule(const KSslCertificateRule &rule)
{
clearRule(rule.certificate(), rule.hostName());
}
void KSSLD::clearRule(const QSslCertificate &cert, const QString &hostName)
{
KConfigGroup group = d->config.group(cert.digest().toHex());
group.deleteEntry(hostName);
if (group.keyList().size() < 2) {
group.deleteGroup();
}
group.sync();
}
void KSSLD::pruneExpiredRules()
{
// expired rules are deleted when trying to load them, so we just try to load all rules.
// be careful about iterating over KConfig(Group) while changing it
foreach (const QString &groupName, d->config.groupList()) {
QByteArray certDigest = groupName.toLatin1();
foreach (const QString &key, d->config.group(groupName).keyList()) {
if (key == QLatin1String("CertificatePEM")) {
continue;
}
KSslCertificateRule r = rule(certDigest, key);
}
}
}
// check a domain name with subdomains for well-formedness and count the dot-separated parts
static QString normalizeSubdomains(const QString &hostName, int *namePartsCount)
{
QString ret;
int partsCount = 0;
bool wasPrevDot = true; // -> allow no dot at the beginning and count first name part
const int length = hostName.length();
for (int i = 0; i < length; i++) {
const QChar c = hostName.at(i);
if (c == QLatin1Char('.')) {
if (wasPrevDot || (i + 1 == hostName.length())) {
// consecutive dots or a dot at the end are forbidden
partsCount = 0;
ret.clear();
break;
}
wasPrevDot = true;
} else {
if (wasPrevDot) {
partsCount++;
}
wasPrevDot = false;
}
ret.append(c);
}
*namePartsCount = partsCount;
return ret;
}
KSslCertificateRule KSSLD::rule(const QSslCertificate &cert, const QString &hostName) const
{
const QByteArray certDigest = cert.digest().toHex();
KConfigGroup group = d->config.group(certDigest);
KSslCertificateRule ret(cert, hostName);
bool foundHostName = false;
int needlePartsCount;
QString needle = normalizeSubdomains(hostName, &needlePartsCount);
// Find a rule for the hostname, either...
if (group.hasKey(needle)) {
// directly (host, site.tld, a.site.tld etc)
if (needlePartsCount >= 1) {
foundHostName = true;
}
} else {
// or with wildcards
// "tld" <- "*." and "site.tld" <- "*.tld" are not valid matches,
// "a.site.tld" <- "*.site.tld" is
while (--needlePartsCount >= 2) {
const int dotIndex = needle.indexOf(QLatin1Char('.'));
Q_ASSERT(dotIndex > 0); // if this fails normalizeSubdomains() failed
needle.remove(0, dotIndex - 1);
needle[0] = QChar::fromLatin1('*');
if (group.hasKey(needle)) {
foundHostName = true;
break;
}
needle.remove(0, 2); // remove "*."
}
}
if (!foundHostName) {
//Don't make a rule with the failed wildcard pattern - use the original hostname.
return KSslCertificateRule(cert, hostName);
}
//parse entry of the format "ExpireUTC <date>, Reject" or
//"ExpireUTC <date>, HostNameMismatch, ExpiredCertificate, ..."
QStringList sl = group.readEntry(needle, QStringList());
QDateTime expiryDt;
// the rule is well-formed if it contains at least the expire date and one directive
if (sl.size() >= 2) {
QString dtString = sl.takeFirst();
if (dtString.startsWith(QLatin1String("ExpireUTC "))) {
dtString.remove(0, 10/* length of "ExpireUTC " */);
expiryDt = QDateTime::fromString(dtString, Qt::ISODate);
}
}
if (!expiryDt.isValid() || expiryDt < QDateTime::currentDateTime()) {
//the entry is malformed or expired so we remove it
group.deleteEntry(needle);
//the group is useless once only the CertificatePEM entry left
if (group.keyList().size() < 2) {
group.deleteGroup();
}
return ret;
}
QList<QSslError::SslError> ignoredErrors;
bool isRejected = false;
foreach (const QString &s, sl) {
if (s == QLatin1String("Reject")) {
isRejected = true;
ignoredErrors.clear();
break;
}
if (!d->stringToSslError.contains(s)) {
continue;
}
ignoredErrors.append(d->stringToSslError.value(s));
}
//Everything is checked and we can make ret valid
ret.setExpiryDateTime(expiryDt);
ret.setRejected(isRejected);
ret.setIgnoredErrors(ignoredErrors);
return ret;
}
#include "moc_kssld.cpp"
#include "moc_kssld_adaptor.cpp"

138
kdecore/network/kssld/kssld.desktop
View file

@ -1,138 +0,0 @@
[Desktop Entry]
Type=Service
X-KDE-ServiceTypes=KDEDModule
X-KDE-Library=kssld
X-KDE-DBus-ModuleName=kssld
X-KDE-Kded-autoload=false
X-KDE-Kded-load-on-demand=true
Name=SSL Certificate Policy
Name[ar]=سياسة شهادات SSL
Name[bg]=Политика за SSL-сертификати
Name[bs]=SSL certifikat o privatnosti
Name[ca]=Política pels certificats SSL
Name[ca@valencia]=Política de certificats SSL
Name[cs]=Chování SSL certifikátů
Name[da]=Politik for SSL-certifikat
Name[de]=SSL-Zertifikat-Regel
Name[el]=Πολιτική πιστοποιητικών SSL
Name[en_GB]=SSL Certificate Policy
Name[es]=Política de certificados SSL
Name[et]=SSL sertifikadi reegel
Name[eu]=SSL ziurtagiri politika
Name[fa]=سیاست گواهینامهی اساسال
Name[fi]=SSL-varmennekäytäntö
Name[fr]=Politique de certificats SSL
Name[ga]=Polasaí Teastas SSL
Name[gl]=Política de certificados de SSL
Name[gu]=SSL િિ િ
Name[he]=מדיניות אישורי SSL
Name[hr]=SSL certificirana pravila
Name[hu]=SSL tanúsítvány-házirend
Name[hy]=SSL-ի վկայականի սկզբունք
Name[ia]=Politica del certificato SSL
Name[id]=Kebijakan Sertifikat SSL
Name[is]=SSL skilríkjastefna
Name[it]=Regole certificati SSL
Name[ja]=SSL
Name[kk]=SSL куәлік ережесі
Name[km]= SSL
Name[kn]=SSL ಿ
Name[ko]=SSL
Name[ku]=Polîçeya Bawernameya SSL
Name[lt]=SSL liudijimų politika
Name[lv]=SSL sertifikātu politika
Name[mr]=ssl
Name[ms]=Polisi Sijil SSL
Name[nb]=SSL-sertifikatpraksis
Name[nds]=SSL-Zertifikatregel
Name[nl]=SSL-certificaat-beleid
Name[pa]=SSL ਿ
Name[pl]=Polityka certyfikatów SSL
Name[pt]=Política de Certificados de SSL
Name[pt_BR]=Política de certificados SSL
Name[ro]=Politică de certificate SSL
Name[ru]=Политика сертификатов SSL
Name[se]=SSL-sertifikáhttanjuolggadusat
Name[si]=SSL
Name[sk]=Politika SSL certifikátov
Name[sl]=Pravilnik za potrdila SSL
Name[sr]=Смернице ССЛ сертификата
Name[sr@ijekavian]=Смјернице ССЛ сертификата
Name[sr@ijekavianlatin]=Smjernice SSL sertifikata
Name[sr@latin]=Smernice SSL sertifikata
Name[sv]=SSL-certifikatpolicy
Name[ta]=SSL
Name[tg]=Сиёсати иҷозатномаи SSL
Name[th]= SSL
Name[tr]=SSL Sertifika Politikası
Name[tt]=SSL Таныклыкларның Күрсәтмәсе
Name[ug]=SSL گۇۋاھنامە تەدبىرى
Name[uk]=Правила для сертифікатів SSL
Name[vi]=Chế đ chng ch SSL
Name[wa]=Politike d' acertinaedje SSL
Name[x-test]=xxSSL Certificate Policyxx
Name[zh_CN]=SSL
Name[zh_TW]=SSL
Comment=Provides SSL certificate policy to applications
Comment[ar]=يقدم سياسة شهادات SSL للتطبيقات
Comment[bg]=Осигурява управление на SSL-сертификати за приложения
Comment[bs]=Pruža programima smjernice za SSL sertifikate
Comment[ca]=Proporciona la política pels certificats SSL a les aplicacions
Comment[ca@valencia]=Proporciona la política de certificats SSL a les aplicacions
Comment[cs]=Poskytuje politiky SSL certifikátů pro aplikace
Comment[da]=Leverer politik for SSL-certifikat til programmer
Comment[de]=SSL-Zertifikat-Regel den Anwendungen zur Verfügung stellen
Comment[el]=Παρέχει την πολιτική πιστοποιητικών SSL στις εφαρμογές
Comment[en_GB]=Provides SSL certificate policy to applications
Comment[es]=Proporciona a las aplicaciones una política de certificados SSL
Comment[et]=SSL sertifikaadi reegli edastamine rakendustele
Comment[eu]=Aplikazioei SSL ziurtagiri politika hornitzen die
Comment[fi]=Tarjoaa SSL-varmennekäytännön sovelluksille
Comment[fr]=Fournit une politique de certificats SSL aux applications
Comment[ga]=Soláthraíonn sé polasaí teastas SSL d'fheidhmchláir
Comment[gl]=Fornece a política de certificados de SSL para os programas
Comment[gu]= SSL િિ િ
Comment[he]=מדיניות מתן אישורי SSL ליישומים
Comment[hr]=Pruža SSL certificirana pravila aplikacijama
Comment[hu]=SSL tanúsítvány-házirend biztosítása alkalmazásokhoz
Comment[hy]=Տրամադրում է SSL-ի վկայականի սկզբունքը գործադրումներին
Comment[ia]=Il forni le politica de certification SSL pro le applicationes
Comment[id]=Menyediakan kebijakan sertifikat SSL bagi aplikasi
Comment[is]=Gefur út stefnu fyrir SSL-skilríki til forrita
Comment[it]=Fornisce alle applicazioni regole per i certificati SSL
Comment[ja]= SSL
Comment[kk]=Қолданбалар үшін SSL куәлік ережелерін орнату
Comment[km]= SSL
Comment[ko]= SSL
Comment[ku]=Ji bo sepanan plîçeya bawernameya SSL peyde dike
Comment[lv]=Nodrošina programmas ar SSL politiku
Comment[mr]=SSL ि
Comment[nb]=Forsyner programmer med praksis for SSL-sertifikater
Comment[nds]=Stellt SSL-Zertifikaatregeln för Programmen praat.
Comment[nl]=Levert het SSL-certificaat-beleid aan applicaties
Comment[pa]= SSL ਿ ਿ
Comment[pl]=Udostępnia politykę certyfikatów SSL programom
Comment[pt]=Fornece uma política de certificados de SSL para as aplicações
Comment[pt_BR]=Fornece uma política de certificados SSL aos aplicativos
Comment[ro]=Oferă applicațiilor politică de certificate SSL
Comment[ru]=Политика сертификатов SSL для приложений
Comment[se]=Addá sertifikáhttanjuolggadusaid prográmmaide
Comment[sk]=Poskytuje politiku SSL certifikátov pre aplikácie
Comment[sl]=Programom ponuja pravilnike za potrdila SSL
Comment[sr]=Пружа програмима смернице за ССЛ сертификате
Comment[sr@ijekavian]=Пружа програмима смјернице за ССЛ сертификате
Comment[sr@ijekavianlatin]=Pruža programima smjernice za SSL sertifikate
Comment[sr@latin]=Pruža programima smernice za SSL sertifikate
Comment[sv]=Tillhandahåller SSL-certifikatpolicyn till program
Comment[ta]= SSL ி
Comment[tg]=Сиёсати иҷозатномаи SSL-ро ба барномаҳо дастрас мекунад
Comment[th]= SSL
Comment[tr]=Uygulamalar için SSL sertifika politikası sağlar
Comment[tt]=Кушылмалар өчен SSL таныклыкларның күрсәтмәсе
Comment[ug]=پروگراممىغا SSL گۇۋاھنامە تەدبىرى تەمىنلەيدۇ
Comment[uk]=Правила роботи з сертифікатами SSL для програм
Comment[vi]=Cung cp các chế đ chng ch SSL cho ng dng
Comment[wa]=Dene li politike d' acertinaedje SSL ås programes
Comment[x-test]=xxProvides SSL certificate policy to applicationsxx
Comment[zh_CN]= SSL
Comment[zh_TW]= SSL

53
kdecore/network/kssld/kssld.h
View file

@ -1,53 +0,0 @@
/*
This file is part of the KDE libraries
Copyright (c) 2007, 2008, 2010 Andreas Hartmetz <ahartmetz@gmail.com>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Library General Public License
along with this library; see the file COPYING.LIB. If not, write to
the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA.
*/
#ifndef KSSLD_H
#define KSSLD_H
#include <kdedmodule.h>
#include <QtCore/qvariant.h>
class KSSLDPrivate;
class KSslCertificateRule;
#include <QSslCertificate>
#include <QString>
class KSSLD : public KDEDModule
{
Q_OBJECT
public:
KSSLD(QObject *parent, const QVariantList &);
~KSSLD();
void setRule(const KSslCertificateRule &rule);
void clearRule(const KSslCertificateRule &rule);
void clearRule(const QSslCertificate &cert, const QString &hostName);
void pruneExpiredRules();
KSslCertificateRule rule(const QSslCertificate &cert, const QString &hostName) const;
private:
//AFAICS we don't need the d-pointer technique here but it makes the code look
//more like the rest of kdelibs and it can be reused anywhere in kdelibs.
KSSLDPrivate *const d;
};
#endif //KSSLD_H

61
kdecore/network/kssld/kssld_adaptor.h
View file

@ -1,61 +0,0 @@
/*
This file is part of the KDE libraries
Copyright (C) 2007 Andreas Hartmetz <ahartmetz@gmail.com>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Library General Public License
along with this library; see the file COPYING.LIB. If not, write to
the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA.
*/
#ifndef KSSLD_ADAPTOR_H
#define KSSLD_ADAPTOR_H
#include <QtDBus/QDBusAbstractAdaptor>
#include "kssld_dbusmetatypes.h"
class KSSLDAdaptor: public QDBusAbstractAdaptor
{
Q_OBJECT
Q_CLASSINFO("D-Bus Interface", "org.kde.KSSLD")
public:
KSSLDAdaptor(KSSLD *parent)
: QDBusAbstractAdaptor(parent)
{
Q_ASSERT(parent);
registerMetaTypesForKSSLD();
}
private:
inline KSSLD *p()
{ return static_cast<KSSLD *>(parent()); }
public Q_SLOTS:
inline void setRule(const KSslCertificateRule &rule)
{ return p()->setRule(rule); }
inline void clearRule__rule(const KSslCertificateRule &rule)
{ return p()->clearRule(rule); }
inline void clearRule__certHost(const QSslCertificate &cert, const QString &hostName)
{ return p()->clearRule(cert, hostName); }
inline KSslCertificateRule rule(const QSslCertificate &cert, const QString &hostName)
{ return p()->rule(cert, hostName); }
};
#endif //KSSLD_ADAPTOR_H

117
kdecore/network/kssld/kssld_dbusmetatypes.h
View file

@ -1,117 +0,0 @@
/*
This file is part of the KDE libraries
Copyright (c) 2007 Andreas Hartmetz <ahartmetz@gmail.com>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Library General Public License
along with this library; see the file COPYING.LIB. If not, write to
the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA.
*/
#ifndef KSSLD_DBUSMETATYPES_H
#define KSSLD_DBUSMETATYPES_H
#include <QtDBus/qdbusargument.h>
#include <QtDBus/qdbusmetatype.h>
Q_DECLARE_METATYPE(QSslCertificate)
Q_DECLARE_METATYPE(KSslCertificateRule)
Q_DECLARE_METATYPE(QList<QSslCertificate>)
Q_DECLARE_METATYPE(QSslError::SslError)
Q_DECLARE_METATYPE(QList<QSslError::SslError>)
QT_BEGIN_NAMESPACE
QDBusArgument &operator<<(QDBusArgument &argument, const QSslCertificate &cert)
{
argument.beginStructure();
argument << cert.toDer();
argument.endStructure();
return argument;
}
const QDBusArgument &operator>>(const QDBusArgument &argument, QSslCertificate &cert)
{
QByteArray data;
argument.beginStructure();
argument >> data;
argument.endStructure();
cert = QSslCertificate(data, QSsl::Der);
return argument;
}
QDBusArgument &operator<<(QDBusArgument &argument, const KSslCertificateRule &rule)
{
argument.beginStructure();
argument << rule.certificate() << rule.hostName()
<< rule.isRejected() << rule.expiryDateTime().toString(Qt::ISODate)
<< rule.ignoredErrors();
argument.endStructure();
return argument;
}
const QDBusArgument &operator>>(const QDBusArgument &argument, KSslCertificateRule &rule)
{
QSslCertificate cert;
QString hostName;
bool isRejected;
QString expiryStr;
QList<QSslError::SslError> ignoredErrors;
argument.beginStructure();
argument >> cert >> hostName >> isRejected >> expiryStr >> ignoredErrors;
argument.endStructure();
KSslCertificateRule ret(cert, hostName);
ret.setRejected(isRejected);
ret.setExpiryDateTime(QDateTime::fromString(expiryStr, Qt::ISODate));
ret.setIgnoredErrors(ignoredErrors);
rule = ret;
return argument;
}
QDBusArgument &operator<<(QDBusArgument &argument, const QSslError::SslError &error)
{
argument.beginStructure(); //overhead ho!
argument << static_cast<int>(error);
argument.endStructure();
return argument;
}
const QDBusArgument &operator>>(const QDBusArgument &argument, QSslError::SslError &error)
{
int data;
argument.beginStructure();
argument >> data;
argument.endStructure();
error = static_cast<QSslError::SslError>(data);
return argument;
}
QT_END_NAMESPACE
static void registerMetaTypesForKSSLD()
{
qDBusRegisterMetaType<QSslCertificate>();
qDBusRegisterMetaType<KSslCertificateRule>();
qDBusRegisterMetaType<QList<QSslCertificate> >();
qDBusRegisterMetaType<QSslError::SslError>();
qDBusRegisterMetaType<QList<QSslError::SslError> >();
}
#endif //KSSLD_DBUSMETATYPES_H

95
kdecore/network/kssld/kssld_interface.h
View file

@ -1,95 +0,0 @@
/*
This file is part of the KDE libraries
Copyright (C) 2007 Andreas Hartmetz <ahartmetz@gmail.com>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Library General Public License
along with this library; see the file COPYING.LIB. If not, write to
the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA.
*/
#ifndef KSSLDINTERFACE_H
#define KSSLDINTERFACE_H
#include <QtCore/QVariant>
#include <QtDBus/QDBusAbstractInterface>
#include "kssld_dbusmetatypes.h"
/*
* Proxy class for interface org.kde.KSSLD
*/
class OrgKdeKSSLDInterface: public QDBusAbstractInterface
{
Q_OBJECT
public:
static inline const char *staticInterfaceName()
{
return "org.kde.KSSLD";
}
public:
OrgKdeKSSLDInterface(const QString &service, const QString &path,
const QDBusConnection &connection,
QObject *parent = 0)
: QDBusAbstractInterface(service, path, staticInterfaceName(), connection, parent)
{
registerMetaTypesForKSSLD();
}
~OrgKdeKSSLDInterface() {}
public Q_SLOTS: // METHODS
void setRule(const KSslCertificateRule &rule)
{
QList<QVariant> argumentList;
argumentList << qVariantFromValue(rule);
callWithArgumentList(QDBus::Block, QLatin1String("setRule"),
argumentList);
}
void clearRule(const KSslCertificateRule &rule)
{
QList<QVariant> argumentList;
argumentList << qVariantFromValue(rule);
callWithArgumentList(QDBus::Block, QLatin1String("clearRule__rule"),
argumentList);
}
void clearRule(const QSslCertificate &cert, const QString &hostName)
{
QList<QVariant> argumentList;
argumentList << qVariantFromValue(cert) << qVariantFromValue(hostName);
callWithArgumentList(QDBus::Block, QLatin1String("clearRule__certHost"),
argumentList);
}
QDBusReply<KSslCertificateRule> rule(const QSslCertificate &cert, const QString &hostName)
{
QList<QVariant> argumentList;
argumentList << qVariantFromValue(cert) << qVariantFromValue(hostName);
return callWithArgumentList(QDBus::Block, QLatin1String("rule"),
argumentList);
}
};
namespace org {
namespace kde {
typedef ::OrgKdeKSSLDInterface KSSLDInterface;
}
}
#endif //KSSLDINTERFACE_H

1
kdeui/dialogs/kcupsoptionswidget_p.cpp
View file

@ -25,7 +25,6 @@
#include <QPrintEngine>
#include <QPrintDialog>
#include <QFile>
#include <QtNetwork/QTcpSocket>
#include <kdebug.h>

13
kio/CMakeLists.txt
View file

@ -9,11 +9,9 @@ include_directories(
${CMAKE_CURRENT_SOURCE_DIR}/bookmarks
${CMAKE_CURRENT_SOURCE_DIR}/kio
${CMAKE_CURRENT_SOURCE_DIR}/kfile
${CMAKE_CURRENT_SOURCE_DIR}/kssl
# for including kio/kio_export.h
${CMAKE_CURRENT_SOURCE_DIR}
${CMAKE_CURRENT_BINARY_DIR}/kio
${CMAKE_CURRENT_BINARY_DIR}/kssl
# e.g. for observer_stub.h
${CMAKE_CURRENT_BINARY_DIR}
${KDE4_KDEUI_INCLUDES}
@ -35,7 +33,6 @@ configure_file(
${CMAKE_CURRENT_BINARY_DIR}/kio/config-kio.h
)
add_subdirectory(kssl/kcm)
add_subdirectory(misc)
if(ENABLE_TESTING)
add_subdirectory(tests)
@ -171,21 +168,12 @@ set(kfile_STAT_SRCS
qt4_add_resources(kfile_STAT_SRCS kfile/kacleditwidget.qrc)
set(kssl_STAT_SRCS
kssl/sslui.cpp
# for sslui.cpp
kssl/ksslcertificatebox.cpp
kssl/ksslinfodialog.cpp
kssl/ksslsettings.cpp
)
########### next target ###############
set(kio_LIB_SRCS
${kiocore_STAT_SRCS}
${kbookmarks_STAT_SRCS}
${kfile_STAT_SRCS}
${kssl_STAT_SRCS}
)
add_library(kio ${LIBRARY_TYPE} ${kio_LIB_SRCS})
@ -269,7 +257,6 @@ install(
kio/renamedialog.h
kio/skipdialog.h
kio/udsentry.h
kssl/sslui.h
DESTINATION ${KDE4_INCLUDE_INSTALL_DIR}/kio
COMPONENT Devel
)

1
kio/kio/jobuidelegate.cpp
View file

@ -27,7 +27,6 @@
#include <klocale.h>
#include <kmessagebox.h>
#include <ksharedconfig.h>
#include <ksslinfodialog.h>
#include <kmessage.h>
#include <QPointer>

1
kio/kio/kprotocolmanager.cpp
View file

@ -28,7 +28,6 @@
#include <sys/utsname.h>
#include <QtCore/QCoreApplication>
#include <QtNetwork/QSslSocket>
#include <QtNetwork/QHostAddress>
#include <QtNetwork/QHostInfo>
#include <QtDBus/QtDBus>

2
kio/kio/slaveinterface.cpp
View file

@ -34,8 +34,6 @@
#include <QtDBus/QtDBus>
#include <QtCore/QPointer>
#include <QtNetwork/QSslCertificate>
#include <QtNetwork/QSslError>
using namespace KIO;

2
kio/kssl/KPMG-SSL-DOCUMENTATION
View file

@ -1,2 +0,0 @@
http://www.us.kpmg.com/RutUS_prod/Documents/12/DC80502.pdf
also on ktown under ~ftpubuntu

18
kio/kssl/README
View file

@ -1,18 +0,0 @@
This library includes cryptographic software written by Eric Young
(eay@cryptsoft.com).
This set of classes is designed to make SSL easier to integrate in KDE
applications. It currently uses OpenSSL and if it is not successfully
compiled with OpenSSL, then it will do virtually nothing. The SSL settings
for a user are shared across applications and managed with the kcontrol
module "crypto". If this file is not updated by release, you can contact
the author for development information.
The CA Root Certificates bundle was obtained from the cURL project which in
turn converts raw data to bundle from Mozilla. See
http://curl.haxx.se/docs/caextract.html for more details.
George Staikos <staikos@kde.org>

1
kio/kssl/RFCs
View file

@ -1 +0,0 @@
3546: Transport Layer Security (TLS) Extensions

17
kio/kssl/SECURITY-HOLES
View file

@ -1,17 +0,0 @@
List of known security holes in KDE's SSL implementation and HTTPS support in
Konqueror.
-----------------------------------------------------------------------------
1) Caching should be done on a per-host basis, not per-certificate.
2) Autocompletion in form fields in HTTPS mode will result in various fields
such as pin numbers and possibly credit cards or other sensitive information
being silently written to disk in some cases.
3) Certificate revocation lists (CRLs) are not implemented. This should be
done after 2.2.

23
kio/kssl/TODO
View file

@ -1,23 +0,0 @@
- KSSLServer class needs to be written (in a separate lib!!) so that an app
can act as an SSL server.
- The certificate factory is not done. This is needed to generate personal
certificates (self signed) for users.
This should be a separate app I guess, and can include a CA signer even.
- KDE4 - fix constness and reference arguments
- CRL support (not much left to do?)
- Code checking for OCX.
- KSSLD should emit dcop signals to tell people when things change
- <keygen> is not working.
- Namespace it all to KIO::SSL:: in KDE4
- Fix ksslcalist and any code that uses subject/issuer name as provided by
openssl since this is broken by design. Use MD5 sum for indexing the database
instead

151
kio/kssl/certificateparty.ui
View file

@ -1,151 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<ui version="4.0">
<class>CertificateParty</class>
<widget class="QWidget" name="CertificateParty">
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>390</width>
<height>214</height>
</rect>
</property>
<layout class="QGridLayout">
<item row="0" column="0">
<layout class="QFormLayout" name="formLayout">
<property name="fieldGrowthPolicy">
<enum>QFormLayout::ExpandingFieldsGrow</enum>
</property>
<property name="horizontalSpacing">
<number>4</number>
</property>
<property name="verticalSpacing">
<number>0</number>
</property>
<item row="0" column="0">
<widget class="QLabel" name="commonNameTag">
<property name="text">
<string>Common name:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="QLabel" name="commonName">
<property name="text">
<string>Acme Co.</string>
</property>
<property name="textInteractionFlags">
<set>Qt::TextSelectableByMouse</set>
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QLabel" name="organizationTag">
<property name="text">
<string>Organization:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QLabel" name="organization">
<property name="text">
<string>Acme Sundry Products Company</string>
</property>
<property name="textInteractionFlags">
<set>Qt::TextSelectableByMouse</set>
</property>
</widget>
</item>
<item row="2" column="0">
<widget class="QLabel" name="organizationalUnitTag">
<property name="text">
<string>Organizational unit:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="2" column="1">
<widget class="QLabel" name="organizationalUnit">
<property name="text">
<string>Fraud Department</string>
</property>
<property name="textInteractionFlags">
<set>Qt::TextSelectableByMouse</set>
</property>
</widget>
</item>
<item row="3" column="0">
<widget class="QLabel" name="countryTag">
<property name="text">
<string>Country:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="3" column="1">
<widget class="QLabel" name="country">
<property name="text">
<string>Canada</string>
</property>
<property name="textInteractionFlags">
<set>Qt::TextSelectableByMouse</set>
</property>
</widget>
</item>
<item row="4" column="0">
<widget class="QLabel" name="stateTag">
<property name="text">
<string>State:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="4" column="1">
<widget class="QLabel" name="state">
<property name="text">
<string>Quebec</string>
</property>
<property name="textInteractionFlags">
<set>Qt::TextSelectableByMouse</set>
</property>
</widget>
</item>
<item row="5" column="0">
<widget class="QLabel" name="cityTag">
<property name="text">
<string>City:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="5" column="1">
<widget class="QLabel" name="city">
<property name="text">
<string>Lakeridge Meadows</string>
</property>
<property name="textInteractionFlags">
<set>Qt::TextSelectableByMouse</set>
</property>
</widget>
</item>
</layout>
</item>
</layout>
</widget>
<resources/>
<connections/>
</ui>

20
kio/kssl/kcm/CMakeLists.txt
View file

@ -1,20 +0,0 @@
########### next target ###############
set(kcmssl_SRCS
kcmssl.cpp
cacertificatespage.cpp
displaycertdialog.cpp
)
kde4_add_plugin(kcm_ssl ${kcmssl_SRCS})
target_link_libraries(kcm_ssl ${KDE4_KIO_LIBS})
########### install files ###############
install(TARGETS kcm_ssl DESTINATION ${KDE4_PLUGIN_INSTALL_DIR})
install(
FILES
kcm_ssl.desktop
DESTINATION ${KDE4_SERVICES_INSTALL_DIR}
)

128
kio/kssl/kcm/cacertificates.ui
View file

@ -1,128 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<ui version="4.0">
<class>CaCertificatesPage</class>
<widget class="QWidget" name="CaCertificatesPage">
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>586</width>
<height>562</height>
</rect>
</property>
<layout class="QVBoxLayout" name="verticalLayout">
<item>
<widget class="QTreeWidget" name="treeWidget">
<property name="selectionMode">
<enum>QAbstractItemView::ExtendedSelection</enum>
</property>
<property name="verticalScrollMode">
<enum>QAbstractItemView::ScrollPerPixel</enum>
</property>
<column>
<property name="text">
<string>Organization / Common Name</string>
</property>
</column>
<column>
<property name="text">
<string>Organizational Unit</string>
</property>
</column>
</widget>
</item>
<item>
<layout class="QHBoxLayout" name="horizontalLayout">
<item>
<widget class="QPushButton" name="displaySelection">
<property name="enabled">
<bool>false</bool>
</property>
<property name="text">
<string>Display...</string>
</property>
</widget>
</item>
<item>
<spacer name="horizontalSpacer">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeType">
<enum>QSizePolicy::Fixed</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item>
<widget class="KPushButton" name="disableSelection">
<property name="enabled">
<bool>false</bool>
</property>
<property name="text">
<string>Disable</string>
</property>
</widget>
</item>
<item>
<widget class="QPushButton" name="enableSelection">
<property name="enabled">
<bool>false</bool>
</property>
<property name="text">
<string>Enable</string>
</property>
</widget>
</item>
<item>
<spacer name="spacer">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeType">
<enum>QSizePolicy::Fixed</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item>
<widget class="KPushButton" name="removeSelection">
<property name="enabled">
<bool>false</bool>
</property>
<property name="text">
<string>Remove</string>
</property>
</widget>
</item>
<item>
<widget class="KPushButton" name="add">
<property name="text">
<string>Add...</string>
</property>
</widget>
</item>
</layout>
</item>
</layout>
</widget>
<customwidgets>
<customwidget>
<class>KPushButton</class>
<extends>QPushButton</extends>
<header>kpushbutton.h</header>
</customwidget>
</customwidgets>
<resources/>
<connections/>
</ui>

385
kio/kssl/kcm/cacertificatespage.cpp
View file

@ -1,385 +0,0 @@
/* This file is part of the KDE project
Copyright (C) 2010 Andreas Hartmetz <ahartmetz@gmail.com>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301, USA.
*/
#include "cacertificatespage.h"
#include "displaycertdialog_p.h"
#include <ksslcertificatemanager.h>
#include <ksslcertificatemanager_p.h>
#include <kdebug.h>
#include <kfiledialog.h>
#include <klocale.h>
#include <QList>
#include <QSslCertificate>
#include <QtGui/qtreewidget.h>
#include <QtGui/QStandardItemModel>
enum Columns {
OrgCnColumn = 0,
OrgUnitColumn,
HiddenSortColumn
};
static QString nonemptyIssuer(const QSslCertificate &cert)
{
QString issuerText;
static const QSslCertificate::SubjectInfo fields[3] = {
QSslCertificate::Organization,
QSslCertificate::CommonName,
QSslCertificate::OrganizationalUnitName
};
for (int i = 0; i < 3; i++) {
issuerText = cert.issuerInfo(fields[i]);
if (!issuerText.isEmpty()) {
return issuerText;
}
}
return issuerText;
}
class CaCertificateItem : public QTreeWidgetItem
{
public:
CaCertificateItem(QTreeWidgetItem *parent, const QSslCertificate &cert, bool isEnabled)
: QTreeWidgetItem(parent, m_type),
m_cert(cert)
{
setEnabled(isEnabled);
}
QVariant data(int column, int role) const
{
switch (role) {
case Qt::DisplayRole:
switch (column) {
case OrgCnColumn:
case HiddenSortColumn: {
QString subjectText = m_cert.issuerInfo(QSslCertificate::CommonName);
if (column == HiddenSortColumn) {
return subjectText.toLower();
}
return subjectText; }
case OrgUnitColumn:
return m_cert.issuerInfo(QSslCertificate::OrganizationalUnitName);
}
}
return QTreeWidgetItem::data(column, role);
}
bool isEnabled() const
{
return data(OrgCnColumn, Qt::CheckStateRole).toInt() == Qt::Checked;
}
void setEnabled(bool enabled)
{
setData(OrgCnColumn, Qt::CheckStateRole, enabled ? Qt::Checked : Qt::Unchecked);
}
static const int m_type = QTreeWidgetItem::UserType;
QSslCertificate m_cert;
};
CaCertificatesPage::CaCertificatesPage(QWidget *parent)
: QWidget(parent),
m_firstShowEvent(true),
m_blockItemChanged(false)
{
m_ui.setupUi(this);
connect(m_ui.displaySelection, SIGNAL(clicked()), SLOT(displaySelectionClicked()));
connect(m_ui.disableSelection, SIGNAL(clicked()), SLOT(disableSelectionClicked()));
connect(m_ui.enableSelection, SIGNAL(clicked()), SLOT(enableSelectionClicked()));
connect(m_ui.removeSelection, SIGNAL(clicked()), SLOT(removeSelectionClicked()));
connect(m_ui.add, SIGNAL(clicked()), SLOT(addCertificateClicked()));
connect(m_ui.treeWidget, SIGNAL(itemChanged(QTreeWidgetItem*,int)),
SLOT(itemChanged(QTreeWidgetItem*,int)));
connect(m_ui.treeWidget, SIGNAL(itemSelectionChanged()),
SLOT(itemSelectionChanged()));
m_ui.treeWidget->setColumnCount(HiddenSortColumn + 1);
m_ui.treeWidget->setColumnHidden(HiddenSortColumn, true);
}
void CaCertificatesPage::load()
{
m_ui.treeWidget->clear();
m_ui.treeWidget->sortByColumn(-1); // disable during mass insertion
m_knownCertificates.clear();
m_systemCertificatesParent = new QTreeWidgetItem(m_ui.treeWidget);
m_systemCertificatesParent->setText(0, i18n("System certificates"));
// make system certificates come first in the sorted view
m_systemCertificatesParent->setText(HiddenSortColumn, QLatin1String("a"));
m_systemCertificatesParent->setExpanded(true);
m_systemCertificatesParent->setFlags(m_systemCertificatesParent->flags() & ~Qt::ItemIsSelectable);
m_userCertificatesParent = new QTreeWidgetItem(m_ui.treeWidget);
m_userCertificatesParent->setText(0, i18n("User-added certificates"));
m_userCertificatesParent->setText(HiddenSortColumn, QLatin1String("b"));
m_userCertificatesParent->setExpanded(true);
m_userCertificatesParent->setFlags(m_userCertificatesParent->flags() & ~Qt::ItemIsSelectable);
QList<KSslCaCertificate> caCerts = _allKsslCaCertificates(KSslCertificateManager::self());
kDebug(7029) << "# certs:" << caCerts.count();
foreach (const KSslCaCertificate &caCert, caCerts) {
addCertificateItem(caCert);
}
m_ui.treeWidget->sortByColumn(HiddenSortColumn, Qt::AscendingOrder);
}
void CaCertificatesPage::showEvent(QShowEvent *event)
{
if (m_firstShowEvent) {
// TODO use QTextMetrics
m_ui.treeWidget->setColumnWidth(OrgCnColumn, 420);
m_firstShowEvent = false;
}
QWidget::showEvent(event);
}
void CaCertificatesPage::save()
{
QList<KSslCaCertificate> newState;
KSslCaCertificate::Store store = KSslCaCertificate::SystemStore;
QTreeWidgetItem *grandParent = m_systemCertificatesParent;
for (int i = 0; i < 2; i++) {
for (int j = 0; j < grandParent->childCount(); j++) {
QTreeWidgetItem *parentItem = grandParent->child(j);
for (int k = 0; k < parentItem->childCount(); k++) {
CaCertificateItem *item = static_cast<CaCertificateItem *>(parentItem->child(k));
newState += KSslCaCertificate(item->m_cert, store, !item->isEnabled());
}
}
store = KSslCaCertificate::UserStore;
grandParent = m_userCertificatesParent;
}
kDebug(7029) << "# certs:" << newState.count();
_setAllKsslCaCertificates(KSslCertificateManager::self(), newState);
emit changed(false);
}
void CaCertificatesPage::defaults()
{
//### is that all?
load();
emit changed(false);
}
// private slot
void CaCertificatesPage::itemSelectionChanged()
{
kDebug(7029) << m_ui.treeWidget->selectionModel()->hasSelection();
int numRemovable = 0;
int numEnabled = 0;
int numDisplayable = 0;
foreach(const QTreeWidgetItem *twItem, m_ui.treeWidget->selectedItems()) {
const CaCertificateItem *item = dynamic_cast<const CaCertificateItem *>(twItem);
Q_ASSERT(item);
if (item) {
numDisplayable++;
if (item->parent()->parent() == m_userCertificatesParent) {
numRemovable++;
}
if (item->isEnabled()) {
numEnabled++;
}
}
}
m_ui.displaySelection->setEnabled(numDisplayable);
m_ui.removeSelection->setEnabled(numRemovable);
m_ui.disableSelection->setEnabled(numEnabled);
m_ui.enableSelection->setEnabled(numDisplayable > numEnabled); // the rest is disabled
}
// private slot
void CaCertificatesPage::displaySelectionClicked()
{
QList<QSslCertificate> certs;
foreach(const QTreeWidgetItem *twItem, m_ui.treeWidget->selectedItems()) {
const CaCertificateItem *item = dynamic_cast<const CaCertificateItem *>(twItem);
Q_ASSERT(item);
if (item) {
certs += item->m_cert;
}
}
DisplayCertDialog dc(this);
dc.setCertificates(certs);
dc.exec();
}
// private slot
void CaCertificatesPage::disableSelectionClicked()
{
enableDisableSelectionClicked(false);
}
// private slot
void CaCertificatesPage::enableSelectionClicked()
{
enableDisableSelectionClicked(true);
}
void CaCertificatesPage::enableDisableSelectionClicked(bool isEnable)
{
const bool prevBlockItemChanged = m_blockItemChanged;
m_blockItemChanged = true;
foreach(QTreeWidgetItem *twItem, m_ui.treeWidget->selectedItems()) {
CaCertificateItem *item = dynamic_cast<CaCertificateItem *>(twItem);
Q_ASSERT(item);
if (item) {
item->setEnabled(isEnable);
}
}
emit changed(true);
m_blockItemChanged = prevBlockItemChanged;
// now make sure that the buttons are enabled as appropriate
itemSelectionChanged();
}
// private slot
void CaCertificatesPage::removeSelectionClicked()
{
bool didRemove = false;
foreach(QTreeWidgetItem *twItem, m_ui.treeWidget->selectedItems()) {
const CaCertificateItem *item = dynamic_cast<const CaCertificateItem *>(twItem);
Q_ASSERT(item);
if (!item || item->parent()->parent() != m_userCertificatesParent) {
continue;
}
QTreeWidgetItem *parent = item->parent();
m_knownCertificates.remove(item->m_cert.digest().toHex());
delete item;
didRemove = true;
if (parent->childCount() == 0) {
delete parent;
}
}
if (didRemove) {
emit changed(true);
}
}
// private slot
void CaCertificatesPage::addCertificateClicked()
{
QStringList certFiles
= KFileDialog::getOpenFileNames(KUrl(), QLatin1String("application/x-x509-ca-cert"),
this, i18n("Pick Certificates"));
QList<QSslCertificate> certs;
foreach (const QString &certFile, certFiles) {
// trying both formats is easiest to program and most user-friendly if somewhat sloppy
const int prevCertCount = certs.count();
QFile file (certFile);
if (file.open(QIODevice::ReadOnly)) {
certs += QSslCertificate::fromDevice(&file, QSsl::Pem);
if (prevCertCount == certs.count()) {
file.reset();
certs += QSslCertificate::fromDevice(&file, QSsl::Der);
}
}
if (prevCertCount == certs.count()) {
kDebug(7029) << "failed to load certificate file" << certFile;
}
}
bool didAddCertificates = false;
foreach (const QSslCertificate &cert, certs) {
KSslCaCertificate caCert(cert, KSslCaCertificate::UserStore, false);
if (!addCertificateItem(caCert)) {
// ### tell the user?
} else {
didAddCertificates = true;
}
}
if (didAddCertificates) {
emit changed(true);
}
}
// private slot
void CaCertificatesPage::itemChanged(QTreeWidgetItem *item, int column)
{
Q_UNUSED(item)
Q_UNUSED(column)
if (m_blockItemChanged) {
return;
}
kDebug(7029);
// we could try to emit changed(false) if everything was changed back to status quo
// a click on the checkbox of an unselected item first invokes itemSelectionChanged(),
// then itemChanged(). we'll have to rerun the checks in itemSelectionChanged().
itemSelectionChanged();
emit changed(true);
}
static QTreeWidgetItem *findImmediateChild(QTreeWidgetItem *parent, const QString &issuerText)
{
for (int i = 0; i < parent->childCount(); i ++) {
QTreeWidgetItem *candidate = parent->child(i);
if (candidate->text(OrgCnColumn) == issuerText) {
return candidate;
}
}
return 0;
}
bool CaCertificatesPage::addCertificateItem(const KSslCaCertificate &caCert)
{
if (m_knownCertificates.contains(caCert.certHash)) {
kDebug(7029) << "CaCertificatesPage::addCertificateItem(): refusing duplicate";
return false;
}
const bool prevBlockItemChanged = m_blockItemChanged;
m_blockItemChanged = true;
QTreeWidgetItem *grandParent = caCert.store == KSslCaCertificate::SystemStore ?
m_systemCertificatesParent : m_userCertificatesParent;
const QString issuerOrganization = nonemptyIssuer(caCert.cert);
QTreeWidgetItem *parent = findImmediateChild(grandParent, issuerOrganization);
if (!parent) {
parent = new QTreeWidgetItem(grandParent);
parent->setText(OrgCnColumn, issuerOrganization);
parent->setText(HiddenSortColumn, issuerOrganization.toLower());
parent->setExpanded(true);
parent->setFlags(parent->flags() & ~Qt::ItemIsSelectable);
}
(void) new CaCertificateItem(parent, caCert.cert, !caCert.isBlacklisted);
m_knownCertificates.insert(caCert.certHash);
m_blockItemChanged = prevBlockItemChanged;
return true;
}
#include "moc_cacertificatespage.cpp"

67
kio/kssl/kcm/cacertificatespage.h
View file

@ -1,67 +0,0 @@
/* This file is part of the KDE project
Copyright (C) 2010 Andreas Hartmetz <ahartmetz@gmail.com>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301, USA.
*/
#ifndef CACERTIFICATESPAGE_H
#define CACERTIFICATESPAGE_H
#include "ui_cacertificates.h"
#include <QWidget>
#include <QTreeWidgetItem>
class KSslCaCertificate;
class CaCertificatesPage : public QWidget
{
Q_OBJECT
public:
CaCertificatesPage(QWidget *parent);
void load();
void save();
void defaults();
private Q_SLOTS:
void itemSelectionChanged();
void displaySelectionClicked();
void disableSelectionClicked();
void enableSelectionClicked();
void removeSelectionClicked();
void addCertificateClicked();
void itemChanged(QTreeWidgetItem *item, int column);
Q_SIGNALS:
void changed(bool state);
protected:
void showEvent(QShowEvent *event);
private:
bool addCertificateItem(const KSslCaCertificate &caCert);
void enableDisableSelectionClicked(bool isEnable);
Ui::CaCertificatesPage m_ui;
QTreeWidgetItem *m_systemCertificatesParent;
QTreeWidgetItem *m_userCertificatesParent;
QSet<QByteArray> m_knownCertificates;
bool m_firstShowEvent;
bool m_blockItemChanged;
};
#endif

131
kio/kssl/kcm/displaycert.ui
View file

@ -1,131 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<ui version="4.0">
<class>DisplayCert</class>
<widget class="QWidget" name="DisplayCert">
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>374</width>
<height>479</height>
</rect>
</property>
<layout class="QVBoxLayout" name="verticalLayout">
<item>
<widget class="QLabel" name="subjectHeading">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>&lt;b&gt;Subject Information&lt;/b&gt;</string>
</property>
</widget>
</item>
<item>
<widget class="KSslCertificateBox" name="subjectCertBox" native="true"/>
</item>
<item>
<widget class="QLabel" name="issuerHeading">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>&lt;b&gt;Issuer Information&lt;/b&gt;</string>
</property>
</widget>
</item>
<item>
<widget class="KSslCertificateBox" name="issuerCertBox" native="true"/>
</item>
<item>
<widget class="QLabel" name="label">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>&lt;b&gt;Other&lt;/b&gt;</string>
</property>
</widget>
</item>
<item>
<layout class="QFormLayout" name="formLayout">
<item row="0" column="0">
<widget class="QLabel" name="validityPeriodLabel">
<property name="text">
<string>Validity period</string>
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="QLabel" name="validityPeriod">
<property name="text">
<string comment="KDE::DoNotExtract">TextLabel</string>
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QLabel" name="serialNumberLabel">
<property name="text">
<string>Serial number</string>
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QLabel" name="serialNumber">
<property name="text">
<string comment="KDE::DoNotExtract">TextLabel</string>
</property>
</widget>
</item>
<item row="2" column="0">
<widget class="QLabel" name="md5DigestLabel">
<property name="text">
<string>MD5 digest</string>
</property>
</widget>
</item>
<item row="2" column="1">
<widget class="QLabel" name="md5Digest">
<property name="text">
<string comment="KDE::DoNotExtract">TextLabel</string>
</property>
</widget>
</item>
<item row="3" column="0">
<widget class="QLabel" name="sha1DigestLabel">
<property name="text">
<string>SHA1 digest</string>
</property>
</widget>
</item>
<item row="3" column="1">
<widget class="QLabel" name="sha1Digest">
<property name="text">
<string comment="KDE::DoNotExtract">TextLabel</string>
</property>
</widget>
</item>
</layout>
</item>
</layout>
</widget>
<customwidgets>
<customwidget>
<class>KSslCertificateBox</class>
<extends>QWidget</extends>
<header>ksslcertificatebox.h</header>
<container>1</container>
</customwidget>
</customwidgets>
<resources/>
<connections/>
</ui>

86
kio/kssl/kcm/displaycertdialog.cpp
View file

@ -1,86 +0,0 @@
/* This file is part of the KDE project
Copyright (C) 2010 Andreas Hartmetz <ahartmetz@gmail.com>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301, USA.
*/
#include "displaycertdialog_p.h"
#include <kpushbutton.h>
#include <kstandardguiitem.h>
#include <klocale.h>
#include <QDateTime>
DisplayCertDialog::DisplayCertDialog(QWidget *parent)
: KDialog(parent),
m_index(0)
{
m_ui.setupUi(mainWidget());
setButtons(KDialog::Ok | KDialog::User1 | KDialog::User2);
QPair<KGuiItem, KGuiItem> bAndF = KStandardGuiItem::backAndForward();
setButtonGuiItem(KDialog::User2, bAndF.first);
setButtonGuiItem(KDialog::User1, bAndF.second);
connect(button(KDialog::User2), SIGNAL(clicked()), SLOT(previousClicked()));
connect(button(KDialog::User1), SIGNAL(clicked()), SLOT(nextClicked()));
}
void DisplayCertDialog::setCertificates(const QList<QSslCertificate> &certs)
{
Q_ASSERT(!certs.isEmpty());
m_certs = certs;
m_index = 0;
showCertificate(0);
button(KDialog::User2)->setEnabled(certs.size() > 1);
button(KDialog::User1)->setEnabled(certs.size() > 1);
}
void DisplayCertDialog::showCertificate(int index)
{
const QSslCertificate &cert = m_certs.at(index);
m_ui.subjectCertBox->setCertificate(cert, KSslCertificateBox::Subject);
m_ui.issuerCertBox->setCertificate(cert, KSslCertificateBox::Issuer);
QString vp = i18nc("%1 is the effective date of the certificate, %2 is the expiry date", "%1 to %2",
KGlobal::locale()->formatDateTime(cert.effectiveDate()),
KGlobal::locale()->formatDateTime(cert.expiryDate()));
m_ui.validityPeriod->setText(vp);
m_ui.serialNumber->setText(cert.serialNumber());
m_ui.md5Digest->setText(cert.digest().toHex());
m_ui.sha1Digest->setText(cert.digest(QCryptographicHash::Sha1).toHex());
}
//private slot
void DisplayCertDialog::nextClicked()
{
if (m_index == m_certs.size() - 1) {
m_index = 0;
} else {
m_index++;
}
showCertificate(m_index);
}
//private slot
void DisplayCertDialog::previousClicked()
{
if (m_index == 0) {
m_index = m_certs.size() - 1;
} else {
m_index--;
}
showCertificate(m_index);
}

44
kio/kssl/kcm/displaycertdialog_p.h
View file

@ -1,44 +0,0 @@
/* This file is part of the KDE project
Copyright (C) 2010 Andreas Hartmetz <ahartmetz@gmail.com>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301, USA.
*/
#ifndef DISPLAYCERTDIALOG_P_H
#define DISPLAYCERTDIALOG_P_H
#include "ui_displaycert.h"
#include <kdialog.h>
#include <QtNetwork/QSslCertificate>
class DisplayCertDialog : public KDialog
{
Q_OBJECT
public:
DisplayCertDialog(QWidget *parent);
void setCertificates(const QList<QSslCertificate> &certs);
private:
void showCertificate(int index);
private Q_SLOTS:
void nextClicked();
void previousClicked();
private:
Ui::DisplayCert m_ui;
QList<QSslCertificate> m_certs;
int m_index;
};
#endif // DISPLAYCERTDIALOG_P_H

194
kio/kssl/kcm/kcm_ssl.desktop
View file

@ -1,194 +0,0 @@
[Desktop Entry]
Exec=kcmshell4 kcm_ssl
Icon=preferences-system-ssl
Type=Service
X-KDE-ServiceTypes=KCModule
X-KDE-Library=kcm_ssl
X-KDE-ParentApp=kcontrol
X-KDE-System-Settings-Parent-Category=network-and-connectivity
X-DocPath=kcontrol/kcm_ssl/index.html
Name=SSL Preferences
Name[ar]=تفضيلات SSL
Name[bg]=Настройки на SSL
Name[bs]=SSL postavke
Name[ca]=Preferències SSL
Name[ca@valencia]=Preferències SSL
Name[cs]=Nastavení SSL
Name[da]=SSL-indstillinger
Name[de]=SSL-Einstellungen
Name[el]=Προτιμήσεις SSL
Name[en_GB]=SSL Preferences
Name[es]=Preferencias de SSL
Name[et]=SSL-i seadistused
Name[eu]=SSL hobespenak
Name[fa]=ترجیحات اساسال
Name[fi]=SSL-asetukset
Name[fr]=Préférences SSL
Name[ga]=Sainroghanna SSL
Name[gl]=Preferencias de SSL
Name[gu]=SSL િ
Name[he]=הגדרות SSL
Name[hi]=SSL ि
Name[hr]=Postavke SSL-a
Name[hu]=SSL beállítások
Name[hy]=SSL-ի նախընտրանքներ
Name[ia]=Preferentias de SSL
Name[id]=Pengaturan SSL
Name[is]=Stillingar SSL
Name[it]=Preferenze SSL
Name[ja]=SSL
Name[kk]=SSL параметрлері
Name[km]= SSL
Name[ko]=SSL
Name[lt]=SSL nustatymai
Name[lv]=SSL iestatījumi
Name[mr]=SSL
Name[nb]=SSL-innstillinger
Name[nds]=SSL-Instellen
Name[nl]=SSL-voorkeuren
Name[pa]=SSL
Name[pl]=Ustawienia SSL
Name[pt]=Preferências do SSL
Name[pt_BR]=Preferências do SSL
Name[ro]=Preferințe SSL
Name[ru]=Настройка SSL
Name[se]=SSL-oidimat
Name[sk]=Nastavenie SSL
Name[sl]=Možnosti SSL
Name[sr]=Поставке ССЛа
Name[sr@ijekavian]=Поставке ССЛа
Name[sr@ijekavianlatin]=Postavke SSLa
Name[sr@latin]=Postavke SSLa
Name[sv]=SSL-inställningar
Name[tg]=Хусусиятҳои SSL
Name[th]= SSL
Name[tr]=SSL Tercihleri
Name[tt]=SSL көйләүләре
Name[ug]=SSL مايىللىق
Name[uk]=Параметри SSL
Name[vi]=Tùy thích SSL
Name[wa]=Preferinces SSL
Name[x-test]=xxSSL Preferencesxx
Name[zh_CN]=SSL
Name[zh_TW]=SSL
Comment=SSL Versions and Certificates
Comment[ar]=إصدارات وشهادات SSL
Comment[bg]=Версии и сертификати на SSL
Comment[bs]=SSL verzije i certifikati
Comment[ca]=Versions i certificats SSL
Comment[ca@valencia]=Versions i certificats SSL
Comment[cs]=SSL verze a certifikáty
Comment[da]=SSL-versioner og -certifikater
Comment[de]=SSL-Versionen und -Zertifikate
Comment[el]=Εκδόσεις και πιστοποιητικά SSL
Comment[en_GB]=SSL Versions and Certificates
Comment[es]=Versiones y certificados SSL
Comment[et]=SSL-i versioonid ja sertifikaadid
Comment[eu]=SSL bertsioak eta ziurtagiriak
Comment[fa]=نسخهها و ترجیحات اساسال
Comment[fi]=SSL-versioiden ja varmenteiden asetukset
Comment[fr]=Certificats et versions SSL
Comment[ga]=Leaganacha agus Teastais SSL
Comment[gl]=Versións e certificados de SSL
Comment[gu]=SSL િ
Comment[he]=גרסאות SSL ואישורים
Comment[hi]=SSL
Comment[hr]=Inačice i certifikati SSL-a
Comment[hu]=SSL verziók és tanúsítványok
Comment[hy]=SSL-ի տարբերակները եւ վկայականները
Comment[ia]=Versiones de SSL e Certificatos
Comment[id]=Versi dan Sertifikat SSL
Comment[is]=Útgáfur og skilríki SSL
Comment[it]=Versioni e certificati SSL
Comment[kk]=SSL нұсқалары мен куәліктері
Comment[km]= SSL
Comment[ko]=SSL
Comment[lt]=SSL versijos ir liudijimai
Comment[lv]=SSL versijas un sertifikāti
Comment[mr]=SSL
Comment[nb]=SSL-versjoner og sertifikater
Comment[nds]=SSL-Verschonen un Zertifikaten
Comment[nl]=SSL-versies en certificaten
Comment[pa]=SSL ਿ
Comment[pl]=Wersje SSL i certyfikaty
Comment[pt]=Versões e Certificados de SSL
Comment[pt_BR]=Versões e certificados SSL
Comment[ro]=Certificate și versiuni SSL partener
Comment[ru]=Версии и сертификаты SSL
Comment[se]=SSL-veršuvnnat ja -duođaštusat
Comment[sk]=SSL verzie a certifikáty
Comment[sl]=Različice SSL in potrdila
Comment[sr]=Сертификати и верзије ССЛа
Comment[sr@ijekavian]=Сертификати и верзије ССЛа
Comment[sr@ijekavianlatin]=Sertifikati i verzije SSLa
Comment[sr@latin]=Sertifikati i verzije SSLa
Comment[sv]=SSL-versioner och -certifikat
Comment[tg]=Версияҳо ва иҷозатномаҳои SSL
Comment[th]= SSL
Comment[tr]=SSL Sürümleri ve Sertifikaları
Comment[tt]=SSL версияләре һәм Таныклыклары
Comment[ug]=SSL نەشر ۋە گۇۋاھنامە
Comment[uk]=Версія і сертифікати SSL
Comment[vi]=Các phiên bn và chng ch SSL
Comment[wa]=Modêyes eyet acertineures SSL
Comment[x-test]=xxSSL Versions and Certificatesxx
Comment[zh_CN]=SSL
Comment[zh_TW]=SSL
X-KDE-Keywords=SSL,Security,Network,Protocol,Certificates,Encryption,HTTPS
X-KDE-Keywords[ar]=SSL,الأمن,الشبكة,البرتوكول,الشهادات,التشفير,HTTPS
X-KDE-Keywords[bg]=SSL,Security,Network,Protocol,Certificates,Encryption,HTTPS,Сигурност,Мрежа,Протокол,Удостоверение,Сертификат,Шифриране
X-KDE-Keywords[bs]=SSL,Security,Network,Protocol,Certificates,Encryption,HTTPS,Sigurnost,Mreža,Kriptografija,Certifikati
X-KDE-Keywords[ca]=SSL,Seguretat,Xarxa,Protocol,Certificats,Encriptatge,HTTPS
X-KDE-Keywords[ca@valencia]=SSL,Seguretat,Xarxa,Protocol,Certificats,Encriptatge,HTTPS
X-KDE-Keywords[cs]=SSL,Bezpečnost,Síť,Protokol,Certifikáty,Šifrování,HTTPS
X-KDE-Keywords[da]=SSL,Sikkerhed,Netværk,Protokol,Certifikater,Kryptering,HTTPS
X-KDE-Keywords[de]=ssl,sicherheit,netzwerk,netz,protokoll,zertifikat,verschlüsselung,https
X-KDE-Keywords[el]=SSL,Ασφάλεια,Δίκτυο,Πρωτόκολλο,Πιστοποιητικά,Κρυπτογράφηση,HTTPS
X-KDE-Keywords[en_GB]=SSL,Security,Network,Protocol,Certificates,Encryption,HTTPS
X-KDE-Keywords[es]=SSL,Seguridad,Red,Protocolo,Certificados,Cifrado,HTTPS
X-KDE-Keywords[et]=SSL,turvalisus,võrk,protokoll,sertifikaadid,serdid,krüptimine,krüpto,HTTPS
X-KDE-Keywords[eu]=SSL,Segurtasuna,Saregintza,Protokoloa,Ziurtagiriak,Zifraketa,HTTPS
X-KDE-Keywords[fi]=SSL,Turvallisuus,Verkko,Yhteyskäytäntö,Protokolla,Varmenteet,Sertifikaatit,Salaus,HTTPS
X-KDE-Keywords[fr]=SSL, Sécurité, Réseau, Protocole, Certificats, Chiffrement, HTTPS
X-KDE-Keywords[ga]=SSL,Slándáil,Líonra,Prótacal,Teastais,Criptiú,HTTPS
X-KDE-Keywords[gl]=SSL,Seguridade,Rede,Protocolo,Certificados,Cifrado,HTTPS
X-KDE-Keywords[gu]=SSL,,,,,િ,HTTPS
X-KDE-Keywords[he]=אבטחה,רשת,פרוטוקול,אישורים,הצפנהSSL,Security,Network,Protocol,Certificates,Encryption,HTTPS
X-KDE-Keywords[hi]=SSL, , , , , ि, HTTPS
X-KDE-Keywords[hu]=SSL,Biztonság,Hálózat,Protokoll,Tanúsítványok,Titkosítás,HTTPS
X-KDE-Keywords[hy]=SLL,ամահովություն,ցանց,սկզբունք,վկայական,կոդավորում,HTTPS
X-KDE-Keywords[ia]=SSL,Securitate,Rete,Protocollo,Certificatos,Cryptation,HTTPS
X-KDE-Keywords[id]=SSL,Keamanan,Jaringan,Protokol,Sertifikat,Enkripsi,HTTPS
X-KDE-Keywords[is]=SSL,Öryggi,Netkerfi,Samskiptamáti,Skilríki,Dulritun,HTTPS
X-KDE-Keywords[it]=SSL,sicurezza,rete,protocollo,certificati,cifratura,HTTPS
X-KDE-Keywords[kk]=SSL,Security,Network,Protocol,Certificates,Encryption,HTTPS
X-KDE-Keywords[km]=SSL,,,,,,HTTPS
X-KDE-Keywords[ko]=SSL,Security,Network,Protocol,Certificates,Encryption,HTTPS,,,,,
X-KDE-Keywords[mr]=SSL, , , ि, , ि, HTTPS
X-KDE-Keywords[nb]=SSL,Sikkerhet,Nettverk,Protokoll,Sertifikater,Kryptering,HTTPS
X-KDE-Keywords[nds]=SSL,Sekerheit,Nettwark,Protokoll,Zertifikaten,Verslöteln,HTTPS
X-KDE-Keywords[nl]=SSL,beveiliging,netwerk,protocol,certificaten,versleuteling,HTTPS
X-KDE-Keywords[pa]=SSL,ਿ,,,ਿ,ਿ,HTTPS
X-KDE-Keywords[pl]=SSL,Bezpieczeństwo,Sieć,Protokół,Certyfikaty,Szyfrowanie,HTTPS
X-KDE-Keywords[pt]=SSL,Segurança,Rede,Protocolo,Certificados,Encriptação,HTTPS
X-KDE-Keywords[pt_BR]=SSL,segurança,rede,protocolo,certificados,criptografia,HTTPS
X-KDE-Keywords[ro]=SSL,Securitate,Rețea,Protocol,Certificate,Criptare,HTTPS
X-KDE-Keywords[ru]=SSL,Security,Network,Protocol,Certificates,Encryption,HTTPS,протокол,защищенный,защищённый,сеть,сертификаты,безопасность,шифрование
X-KDE-Keywords[sk]=SSL,Security,Network,Protocol,Certificates,Encryption,HTTPS
X-KDE-Keywords[sl]=SSL,varnost,omrežje,protokol,potrdila,šifriranje,HTTPS
X-KDE-Keywords[sr]=SSL,Security,Network,Protocol,Certificates,Encryption,HTTPS,ССЛ,безбедност,мрежа,протокол,сертификат,шифровање,ХТТПС
X-KDE-Keywords[sr@ijekavian]=SSL,Security,Network,Protocol,Certificates,Encryption,HTTPS,ССЛ,безбедност,мрежа,протокол,сертификат,шифровање,ХТТПС
X-KDE-Keywords[sr@ijekavianlatin]=SSL,Security,Network,Protocol,Certificates,Encryption,HTTPS,SSL,bezbednost,mreža,protokol,sertifikat,šifrovanje,HTTPS
X-KDE-Keywords[sr@latin]=SSL,Security,Network,Protocol,Certificates,Encryption,HTTPS,SSL,bezbednost,mreža,protokol,sertifikat,šifrovanje,HTTPS
X-KDE-Keywords[sv]=SSL,Säkerhet,Nätverk,Protokoll,Certifikat,Kryptering,HTTPS
X-KDE-Keywords[tg]=SSL,Амният,Шабака,Протокол,иҷозатномаҳо,Рамзгузорӣ,HTTPS
X-KDE-Keywords[tr]=SSL,Güvenlik,Ağ,Protokol,Sertifikalar,Şifreleme,HTTPS
X-KDE-Keywords[ug]=SSL,بىخەتەرلىك,تور,كېلىشىم,گۇۋاھنامە,شىفىرلاش,HTTPS
X-KDE-Keywords[uk]=SSL,Security,Network,Protocol,Certificates,Encryption,HTTPS,захист,мережа,протокол,сертифікат,сертифікати,шифрування,криптографія
X-KDE-Keywords[vi]=SSL,Bo mt,Mng,Giao thc,Chng thc,Mã hóa,HTTPS,Security,Network,Protocol,Certificates,Encryption
X-KDE-Keywords[x-test]=xxSSL,Security,Network,Protocol,Certificates,Encryption,HTTPSxx
X-KDE-Keywords[zh_CN]=SSL,Security,Network,Protocol,Certificates,Encryption,HTTPS,,,,,
X-KDE-Keywords[zh_TW]=SSL,Security,Network,Protocol,Certificates,Encryption,HTTPS

82
kio/kssl/kcm/kcmssl.cpp
View file

@ -1,82 +0,0 @@
/* This file is part of the KDE project
Copyright (C) 2010 Andreas Hartmetz <ahartmetz@gmail.com>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301, USA.
*/
#include "kcmssl.h"
#include "cacertificatespage.h"
#include <kaboutdata.h>
#include <kdeversion.h>
#include <ktabwidget.h>
#include <QVBoxLayout>
#include <kpluginfactory.h>
#include <kpluginloader.h>
K_PLUGIN_FACTORY(KcmSslFactory, registerPlugin<KcmSsl>();)
K_EXPORT_PLUGIN(KcmSslFactory("kcm_ssl"))
KcmSsl::KcmSsl(QWidget *parent, const QVariantList &args)
: KCModule(KcmSslFactory::componentData(), parent, args)
{
KAboutData *about = new KAboutData(
"kcm_ssl", 0, ki18n("SSL Configuration Module"),
KDE_VERSION_STRING, KLocalizedString(), KAboutData::License_GPL,
ki18n("Copyright 2010 Andreas Hartmetz"));
about->addAuthor(ki18n("Andreas Hartmetz"), KLocalizedString(), "ahartmetz@gmail.com");
setAboutData(about);
setButtons(Apply | Default | Help);
m_tabs = new KTabWidget(this);
// tell the tab widget to resize itself to fill all space, basically...
setLayout(new QVBoxLayout);
layout()->setMargin(0);
layout()->setSpacing(0);
layout()->addWidget(m_tabs);
m_caCertificatesPage = new CaCertificatesPage(m_tabs);
m_tabs->addTab(m_caCertificatesPage, i18n("SSL Signers"));
connect(m_caCertificatesPage, SIGNAL(changed(bool)), SLOT(pageChanged(bool)));
}
void KcmSsl::load()
{
m_caCertificatesPage->load();
}
void KcmSsl::save()
{
m_caCertificatesPage->save();
}
void KcmSsl::defaults()
{
m_caCertificatesPage->defaults();
}
// slot
void KcmSsl::pageChanged(bool isChanged)
{
// HACK
emit changed(isChanged);
}
#include "moc_kcmssl.cpp"

46
kio/kssl/kcm/kcmssl.h
View file

@ -1,46 +0,0 @@
/* This file is part of the KDE project
Copyright (C) 2010 Andreas Hartmetz <ahartmetz@gmail.com>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301, USA.
*/
#ifndef KCMSSL_H
#define KCMSSL_H
#include <kcmodule.h>
class KTabWidget;
class CaCertificatesPage;
class KcmSsl : public KCModule
{
Q_OBJECT
public:
KcmSsl(QWidget *parent, const QVariantList &);
virtual void load();
virtual void save();
virtual void defaults();
private Q_SLOTS:
void pageChanged(bool isChanged);
private:
KTabWidget *m_tabs;
CaCertificatesPage *m_caCertificatesPage;
};
#endif

85
kio/kssl/ksslcertificatebox.cpp
View file

@ -1,85 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2007 Andreas Hartmetz <ahartmetz@gmail.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include "ksslcertificatebox.h"
#include "ui_certificateparty.h"
#include <QtNetwork/QSslCertificate>
class KSslCertificateBoxPrivate
{
public:
Ui::CertificateParty ui;
};
KSslCertificateBox::KSslCertificateBox(QWidget *parent)
: QWidget(parent),
d(new KSslCertificateBoxPrivate())
{
d->ui.setupUi(this);
// No fooling us with html tags
Q_FOREACH(QLabel* label, this->findChildren<QLabel *>()) {
label->setTextFormat(Qt::PlainText);
}
}
KSslCertificateBox::~KSslCertificateBox()
{
delete d;
}
void KSslCertificateBox::setCertificate(const QSslCertificate &cert, CertificateParty party)
{
if (party == Subject) {
d->ui.commonName->setText(cert.subjectInfo(QSslCertificate::CommonName));
d->ui.organization->setText(cert.subjectInfo(QSslCertificate::Organization));
d->ui.organizationalUnit
->setText(cert.subjectInfo(QSslCertificate::OrganizationalUnitName));
d->ui.country->setText(cert.subjectInfo(QSslCertificate::CountryName));
d->ui.state->setText(cert.subjectInfo(QSslCertificate::StateOrProvinceName));
d->ui.city->setText(cert.subjectInfo(QSslCertificate::LocalityName));
} else if (party == Issuer) {
d->ui.commonName->setText(cert.issuerInfo(QSslCertificate::CommonName));
d->ui.organization->setText(cert.issuerInfo(QSslCertificate::Organization));
d->ui.organizationalUnit
->setText(cert.issuerInfo(QSslCertificate::OrganizationalUnitName));
d->ui.country->setText(cert.issuerInfo(QSslCertificate::CountryName));
d->ui.state->setText(cert.issuerInfo(QSslCertificate::StateOrProvinceName));
d->ui.city->setText(cert.issuerInfo(QSslCertificate::LocalityName));
}
}
void KSslCertificateBox::clear()
{
d->ui.commonName->clear();
d->ui.organization->clear();
d->ui.organizationalUnit->clear();
d->ui.country->clear();
d->ui.state->clear();
d->ui.city->clear();
}
#include "moc_ksslcertificatebox.cpp"

50
kio/kssl/ksslcertificatebox.h
View file

@ -1,50 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2007 Andreas Hartmetz <ahartmetz@gmail.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSLCERTIFICATEBOX_H
#define KSSLCERTIFICATEBOX_H
#include "kio_export.h"
#include <QtGui/QWidget>
#include <QSslCertificate>
class KSslCertificateBoxPrivate;
class KIO_EXPORT KSslCertificateBox : public QWidget
{
Q_OBJECT
public:
enum CertificateParty {
Subject = 0,
Issuer
};
explicit KSslCertificateBox(QWidget *parent = 0);
~KSslCertificateBox();
void setCertificate(const QSslCertificate &cert, CertificateParty party);
void clear();
KSslCertificateBoxPrivate *const d;
};
#endif // KSSLCERTIFICATEBOX_H

244
kio/kssl/ksslinfodialog.cpp
View file

@ -1,244 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000,2001 George Staikos <staikos@kde.org>
* Copyright (C) 2000 Malte Starostik <malte@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include "ksslinfodialog.h"
#include "ui_sslinfo.h"
#include "ksslcertificatebox.h"
#include <QtGui/QFrame>
#include <QtCore/qdatetime.h>
#include <QtCore/QFile>
#include <QtGui/QLabel>
#include <QtGui/QLayout>
#include <QtCore/qprocess.h>
#include <QtNetwork/QSslCertificate>
#include <kglobal.h>
#include <klocale.h>
class KSslInfoDialog::KSslInfoDialogPrivate
{
public:
QList<QSslCertificate> certificateChain;
QList<QList<QSslError::SslError> > certificateErrors;
bool isMainPartEncrypted;
bool auxPartsEncrypted;
Ui::SslInfo ui;
KSslCertificateBox *subject;
KSslCertificateBox *issuer;
};
KSslInfoDialog::KSslInfoDialog(QWidget *parent)
: KDialog(parent),
d(new KSslInfoDialogPrivate)
{
setCaption(i18n("KDE SSL Information"));
setAttribute(Qt::WA_DeleteOnClose);
d->ui.setupUi(mainWidget());
setButtons(KDialog::Close);
d->subject = new KSslCertificateBox(d->ui.certParties);
d->issuer = new KSslCertificateBox(d->ui.certParties);
d->ui.certParties->addTab(d->subject, i18nc("The receiver of the SSL certificate", "Subject"));
d->ui.certParties->addTab(d->issuer, i18nc("The authority that issued the SSL certificate", "Issuer"));
d->isMainPartEncrypted = true;
d->auxPartsEncrypted = true;
updateWhichPartsEncrypted();
#if 0
if (KSSL::doesSSLWork()) {
if (d->m_secCon) {
d->pixmap->setPixmap(BarIcon("security-high"));
d->info->setText(i18n("Current connection is secured with SSL."));
} else {
d->pixmap->setPixmap(BarIcon("security-low"));
d->info->setText(i18n("Current connection is not secured with SSL."));
}
} else {
d->pixmap->setPixmap(BarIcon("security-low"));
d->info->setText(i18n("SSL support is not available in this build of KDE."));
}
#endif
}
KSslInfoDialog::~KSslInfoDialog()
{
delete d;
}
//slot
void KSslInfoDialog::launchConfig()
{
QProcess::startDetached("kcmshell4", QStringList() << "crypto");
}
void KSslInfoDialog::setMainPartEncrypted(bool mainEncrypted)
{
d->isMainPartEncrypted = mainEncrypted;
updateWhichPartsEncrypted();
}
void KSslInfoDialog::setAuxiliaryPartsEncrypted(bool auxEncrypted)
{
d->auxPartsEncrypted = auxEncrypted;
updateWhichPartsEncrypted();
}
void KSslInfoDialog::updateWhichPartsEncrypted()
{
if (d->isMainPartEncrypted) {
if (d->auxPartsEncrypted) {
d->ui.encryptionIndicator->setPixmap(BarIcon("security-high"));
d->ui.explanation->setText(i18n("Current connection is secured with SSL."));
} else {
d->ui.encryptionIndicator->setPixmap(BarIcon("security-medium"));
d->ui.explanation->setText(i18n("The main part of this document is secured "
"with SSL, but some parts are not."));
}
} else {
if (d->auxPartsEncrypted) {
d->ui.encryptionIndicator->setPixmap(BarIcon("security-medium"));
d->ui.explanation->setText(i18n("Some of this document is secured with SSL, "
"but the main part is not."));
} else {
d->ui.encryptionIndicator->setPixmap(BarIcon("security-low"));
d->ui.explanation->setText(i18n("Current connection is not secured with SSL."));
}
}
}
void KSslInfoDialog::setSslInfo(const QList<QSslCertificate> &certificateChain,
const QString &ip, const QString &host,
const QString &sslProtocol, const QString &cipher,
int usedBits, int bits,
const QList<QList<QSslError::SslError> > &validationErrors) {
d->certificateChain = certificateChain;
d->certificateErrors = validationErrors;
d->ui.certSelector->clear();
for (int i = 0; i < certificateChain.size(); i++) {
const QSslCertificate &cert = certificateChain[i];
QString name;
static const QSslCertificate::SubjectInfo si[] = {
QSslCertificate::CommonName,
QSslCertificate::Organization,
QSslCertificate::OrganizationalUnitName
};
for (int j = 0; j < 3 && name.isEmpty(); j++)
name = cert.subjectInfo(si[j]);
d->ui.certSelector->addItem(name);
}
if (certificateChain.size() < 2) {
d->ui.certSelector->setEnabled(false);
}
connect(d->ui.certSelector, SIGNAL(currentIndexChanged(int)),
this, SLOT(displayFromChain(int)));
if (d->certificateChain.isEmpty())
d->certificateChain.append(QSslCertificate());
displayFromChain(0);
d->ui.ip->setText(ip);
d->ui.address->setText(host);
d->ui.sslVersion->setText(sslProtocol);
const QStringList cipherInfo = cipher.split('\n', QString::SkipEmptyParts);
if (cipherInfo.size() >= 4) {
d->ui.encryption->setText(i18nc("%1, using %2 bits of a %3 bit key", "%1, %2 %3", cipherInfo[0],
i18ncp("Part of: %1, using %2 bits of a %3 bit key",
"using %1 bit", "using %1 bits", usedBits),
i18ncp("Part of: %1, using %2 bits of a %3 bit key",
"of a %1 bit key", "of a %1 bit key", bits)));
d->ui.details->setText(QString("Auth = %1, Kx = %2, MAC = %3")
.arg(cipherInfo[1], cipherInfo[2],
cipherInfo[3]));
} else {
d->ui.encryption->setText("");
d->ui.details->setText("");
}
}
void KSslInfoDialog::displayFromChain(int i)
{
const QSslCertificate &cert = d->certificateChain[i];
QString trusted;
if (!d->certificateErrors[i].isEmpty()) {
trusted = i18nc("The certificate is not trusted", "NO, there were errors:");
foreach (QSslError::SslError e, d->certificateErrors[i]) {
QSslError errorclass = QSslError(e);
trusted.append('\n');
trusted.append(errorclass.errorString());
}
} else {
trusted = i18nc("The certificate is trusted", "Yes");
}
d->ui.trusted->setText(trusted);
QString vp = i18nc("%1 is the effective date of the certificate, %2 is the expiry date", "%1 to %2",
KGlobal::locale()->formatDateTime(cert.effectiveDate()),
KGlobal::locale()->formatDateTime(cert.expiryDate()));
d->ui.validityPeriod->setText(vp);
d->ui.serial->setText(cert.serialNumber());
d->ui.digest->setText(cert.digest().toHex());
d->ui.sha1Digest->setText(cert.digest(QCryptographicHash::Sha1).toHex());
d->subject->setCertificate(cert, KSslCertificateBox::Subject);
d->issuer->setCertificate(cert, KSslCertificateBox::Issuer);
}
//static
QList<QList<QSslError::SslError> > KSslInfoDialog::errorsFromString(const QString &es)
{
QStringList sl = es.split('\n', QString::KeepEmptyParts);
QList<QList<QSslError::SslError> > ret;
foreach (const QString &s, sl) {
QList<QSslError::SslError> certErrors;
QStringList sl2 = s.split('\t', QString::SkipEmptyParts);
foreach (const QString &s2, sl2) {
bool didConvert;
QSslError::SslError error = static_cast<QSslError::SslError>(s2.toInt(&didConvert));
if (didConvert) {
certErrors.append(error);
}
}
ret.append(certErrors);
}
return ret;
}
#include "moc_ksslinfodialog.cpp"

102
kio/kssl/ksslinfodialog.h
View file

@ -1,102 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
* Copyright (C) 2000 Malte Starostik <malte@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSLINFODIALOG_H
#define KSSLINFODIALOG_H
#include <kio/kio_export.h>
#include <kdialog.h>
#include <QSslCertificate>
#include <QSslError>
/**
* KDE SSL Information Dialog
*
* This class creates a dialog that can be used to display information about
* an SSL session.
*
* There are NO GUARANTEES that KSslInfoDialog will remain binary compatible/
* Contact staikos@kde.org for details if needed.
*
* @author George Staikos <staikos@kde.org>
* @see KSSL
* @short KDE SSL Information Dialog
*/
class KIO_EXPORT KSslInfoDialog : public KDialog {
Q_OBJECT
public:
/**
* Construct a KSSL Information Dialog
*
* @param parent the parent widget
*/
explicit KSslInfoDialog(QWidget *parent = 0);
/**
* Destroy this dialog
*/
virtual ~KSslInfoDialog();
/**
* Tell the dialog if the connection has portions that may not be
* secure (ie. a mixture of secure and insecure frames)
*
* @param isIt true if security is in question
*/
void setSecurityInQuestion(bool isIt);
/**
* Set information to display about the SSL connection.
*
* @param certificateChain the certificate chain leading from the certificate
* authority to the peer.
* @param ip the ip of the remote host
* @param host the remote hostname
* @param sslProtocol the version of SSL in use (SSLv3, TLSv1)
* @param cipher the cipher in use
* @param usedBits the used bits of the key
* @param bits the key size of the cipher in use
* @param validationErrors errors validating the certificates, if any
*/
void setSslInfo(const QList<QSslCertificate> &certificateChain,
const QString &ip, const QString &host,
const QString &sslProtocol, const QString &cipher,
int usedBits, int bits,
const QList<QList<QSslError::SslError> > &validationErrors);
void setMainPartEncrypted(bool);
void setAuxiliaryPartsEncrypted(bool);
static QList<QList<QSslError::SslError> > errorsFromString(const QString &s);
private:
void updateWhichPartsEncrypted();
class KSslInfoDialogPrivate;
KSslInfoDialogPrivate* const d;
private Q_SLOTS:
void launchConfig();
void displayFromChain(int);
};
#endif

188
kio/kssl/ksslsettings.cpp
View file

@ -1,188 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include "config.h"
#include "ksslsettings.h"
#include <sys/types.h>
#include <sys/stat.h>
#include <stdlib.h>
#include <pwd.h>
#include <unistd.h>
#include <QtCore/QFile>
#include <kglobal.h>
#include <kstandarddirs.h>
#include <kdebug.h>
#include <kconfiggroup.h>
class CipherNode {
public:
CipherNode(const char *_name, int _keylen) :
name(_name), keylen(_keylen) {}
QString name;
int keylen;
inline int operator==(CipherNode &x)
{ return ((x.keylen == keylen) && (x.name == name)); }
inline int operator< (CipherNode &x) { return keylen < x.keylen; }
inline int operator<=(CipherNode &x) { return keylen <= x.keylen; }
inline int operator> (CipherNode &x) { return keylen > x.keylen; }
inline int operator>=(CipherNode &x) { return keylen >= x.keylen; }
};
class KSSLSettingsPrivate {
public:
KSSLSettingsPrivate() {
}
~KSSLSettingsPrivate() {
}
bool m_bUseEGD;
bool m_bUseEFile;
QString m_EGDPath;
bool m_bSendX509;
bool m_bPromptX509;
};
//
// FIXME
// Implementation note: for now, we only read cipher settings from disk,
// and do not store them in memory. This should change.
//
KSSLSettings::KSSLSettings(bool readConfig)
:d(new KSSLSettingsPrivate)
{
m_cfg = new KConfig("cryptodefaults", KConfig::NoGlobals);
if (!KGlobal::dirs()->addResourceType("kssl", "data", "kssl")) {
//kDebug(7029) << "Error adding (kssl, share/apps/kssl)";
}
if (readConfig) load();
}
// we don't save settings incase it was a temporary object
KSSLSettings::~KSSLSettings() {
delete m_cfg;
delete d;
}
QString KSSLSettings::getCipherList() {
QString clist;
// TODO fill in list here (or just remove this method!)
return clist;
}
// FIXME - sync these up so that we can use them with the control module!!
void KSSLSettings::load() {
m_cfg->reparseConfiguration();
KConfigGroup cfg(m_cfg, "Warnings");
m_bWarnOnEnter = cfg.readEntry("OnEnter", false);
m_bWarnOnLeave = cfg.readEntry("OnLeave", true);
m_bWarnOnUnencrypted = cfg.readEntry("OnUnencrypted", false);
m_bWarnOnMixed = cfg.readEntry("OnMixed", true);
cfg = KConfigGroup(m_cfg, "Validation");
m_bWarnSelfSigned = cfg.readEntry("WarnSelfSigned", true);
m_bWarnExpired = cfg.readEntry("WarnExpired", true);
m_bWarnRevoked = cfg.readEntry("WarnRevoked", true);
cfg = KConfigGroup(m_cfg, "EGD");
d->m_bUseEGD = cfg.readEntry("UseEGD", false);
d->m_bUseEFile = cfg.readEntry("UseEFile", false);
d->m_EGDPath = cfg.readPathEntry("EGDPath", QString());
cfg = KConfigGroup(m_cfg, "Auth");
d->m_bSendX509 = ("send" == cfg.readEntry("AuthMethod", ""));
d->m_bPromptX509 = ("prompt" == cfg.readEntry("AuthMethod", ""));
}
void KSSLSettings::defaults() {
m_bWarnOnEnter = false;
m_bWarnOnLeave = true;
m_bWarnOnUnencrypted = true;
m_bWarnOnMixed = true;
m_bWarnSelfSigned = true;
m_bWarnExpired = true;
m_bWarnRevoked = true;
d->m_bUseEGD = false;
d->m_bUseEFile = false;
d->m_EGDPath = "";
}
void KSSLSettings::save() {
KConfigGroup cfg(m_cfg, "Warnings");
cfg.writeEntry("OnEnter", m_bWarnOnEnter);
cfg.writeEntry("OnLeave", m_bWarnOnLeave);
cfg.writeEntry("OnUnencrypted", m_bWarnOnUnencrypted);
cfg.writeEntry("OnMixed", m_bWarnOnMixed);
cfg = KConfigGroup(m_cfg, "Validation");
cfg.writeEntry("WarnSelfSigned", m_bWarnSelfSigned);
cfg.writeEntry("WarnExpired", m_bWarnExpired);
cfg.writeEntry("WarnRevoked", m_bWarnRevoked);
cfg = KConfigGroup(m_cfg, "EGD");
cfg.writeEntry("UseEGD", d->m_bUseEGD);
cfg.writeEntry("UseEFile", d->m_bUseEFile);
cfg.writePathEntry("EGDPath", d->m_EGDPath);
m_cfg->sync();
// FIXME - ciphers
#if 0
cfg.setGroup("SSLv3");
for (unsigned int i = 0; i < v3ciphers.count(); i++) {
QString ciphername;
ciphername.sprintf("cipher_%s", v3ciphers[i].ascii());
if (v3selectedciphers.contains(v3ciphers[i])) {
cfg.writeEntry(ciphername, true);
} else cfg.writeEntry(ciphername, false);
}
m_cfg->sync();
// insure proper permissions -- contains sensitive data
QString cfgName(KGlobal::dirs()->findResource("config", "cryptodefaults"));
if (!cfgName.isEmpty())
KDE::chmod(cfgName, 0600);
#endif
}
bool KSSLSettings::warnOnEnter() const { return m_bWarnOnEnter; }
void KSSLSettings::setWarnOnEnter(bool x) { m_bWarnOnEnter = x; }
bool KSSLSettings::warnOnUnencrypted() const { return m_bWarnOnUnencrypted; }
void KSSLSettings::setWarnOnUnencrypted(bool x) { m_bWarnOnUnencrypted = x; }
bool KSSLSettings::warnOnLeave() const { return m_bWarnOnLeave; }
void KSSLSettings::setWarnOnLeave(bool x) { m_bWarnOnLeave = x; }
bool KSSLSettings::warnOnMixed() const { return m_bWarnOnMixed; }
bool KSSLSettings::useEGD() const { return d->m_bUseEGD; }
bool KSSLSettings::useEFile() const { return d->m_bUseEFile; }
bool KSSLSettings::autoSendX509() const { return d->m_bSendX509; }
bool KSSLSettings::promptSendX509() const { return d->m_bPromptX509; }
QString& KSSLSettings::getEGDPath() { return d->m_EGDPath; }

169
kio/kssl/ksslsettings.h
View file

@ -1,169 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSLSETTINGS_H
#define KSSLSETTINGS_H
#include <kio/kio_export.h>
#include <QtCore/QString>
#include <kconfig.h>
class KSSLSettingsPrivate;
/**
* KDE SSL Settings
*
* This class contains some of the SSL settings for easy use.
*
* @author George Staikos <staikos@kde.org>
* @see KSSL
* @short KDE SSL Settings
*/
class KIO_EXPORT KSSLSettings {
public:
/**
* Construct a KSSL Settings object
*
* @param readConfig read in the configuration immediately if true
*/
KSSLSettings(bool readConfig = true);
/**
* Destroy this KSSL Settings object
*/
~KSSLSettings();
/**
* Does the user want to be warned on entering SSL mode
* @return true if the user wants to be warned
*/
bool warnOnEnter() const;
/**
* Change the user's warnOnEnter() setting
* @param x true if the user is to be warned
* @see warnOnEnter
*/
void setWarnOnEnter(bool x);
/**
* Does the user want to be warned on sending unencrypted data
* @return true if the user wants to be warned
* @see setWarnOnUnencrypted
*/
bool warnOnUnencrypted() const;
/**
* Change the user's warnOnUnencrypted() setting
* @param x true if the user is to be warned
* @see warnOnUnencrypted
*/
void setWarnOnUnencrypted(bool x);
/**
* Does the user want to be warned on leaving SSL mode
* @return true if the user wants to be warned
*/
bool warnOnLeave() const;
/**
* Change the user's warnOnLeave() setting
* @param x true if the user is to be warned
* @see warnOnLeave
*/
void setWarnOnLeave(bool x);
/**
* Does the user want to be warned during mixed SSL/non-SSL mode
* @return true if the user wants to be warned
*/
bool warnOnMixed() const;
/**
* Does the user want to use the Entropy Gathering Daemon?
* @return true if the user wants to use EGD
*/
bool useEGD() const;
/**
* Does the user want to use an entropy file?
* @return true if the user wants to use an entropy file
*/
bool useEFile() const;
/**
* Does the user want X.509 client certificates to always be sent when
* possible?
* @return true if the user always wants a certificate sent
*/
bool autoSendX509() const;
/**
* Does the user want to be prompted to send X.509 client certificates
* when possible?
* @return true if the user wants to be prompted
*/
bool promptSendX509() const;
/**
* Get the OpenSSL cipher list for selecting the list of ciphers to
* use in a connection.
* @return the cipher list
*/
QString getCipherList();
/**
* Get the configured path to the entropy gathering daemon or entropy
* file.
* @return the path
*/
QString& getEGDPath();
/**
* Load the user's settings.
*/
void load();
/**
* Revert to default settings.
*/
void defaults();
/**
* Save the current settings.
*/
void save();
private:
KConfig *m_cfg;
bool m_bWarnOnEnter, m_bWarnOnUnencrypted, m_bWarnOnLeave, m_bWarnOnMixed;
bool m_bWarnSelfSigned, m_bWarnRevoked, m_bWarnExpired;
QList<QString> v3ciphers, v3selectedciphers;
QList<int> v3bits;
KSSLSettingsPrivate* const d;
};
#endif

282
kio/kssl/sslinfo.ui
View file

@ -1,282 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<ui version="4.0">
<class>SslInfo</class>
<widget class="QWidget" name="SslInfo">
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>474</width>
<height>510</height>
</rect>
</property>
<layout class="QGridLayout">
<item row="0" column="0">
<widget class="QLabel" name="encryptionIndicator">
<property name="text">
<string>[padlock]</string>
</property>
</widget>
</item>
<item row="0" column="1" colspan="2">
<widget class="QLabel" name="explanation">
<property name="text">
<string comment="KDE::DoNotExtract">Bruce Schneier secure</string>
</property>
<property name="textInteractionFlags">
<set>Qt::TextSelectableByMouse</set>
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QLabel" name="addressTag">
<property name="text">
<string comment="Web page address">Address:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="KSqueezedTextLabel" name="address">
<property name="text">
<string comment="KDE::DoNotExtract">KSqueezedTextLabel</string>
</property>
<property name="textInteractionFlags">
<set>Qt::TextSelectableByMouse</set>
</property>
</widget>
</item>
<item row="2" column="0">
<widget class="QLabel" name="ipTag">
<property name="text">
<string>IP address:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="2" column="1">
<widget class="QLabel" name="ip">
<property name="text">
<string comment="KDE::DoNotExtract">is not there</string>
</property>
<property name="textInteractionFlags">
<set>Qt::TextSelectableByMouse</set>
</property>
</widget>
</item>
<item row="3" column="0">
<widget class="QLabel" name="encryptionTag">
<property name="text">
<string>Encryption:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="3" column="1" colspan="2">
<widget class="QLabel" name="encryption">
<property name="text">
<string comment="KDE::DoNotExtract">SnakeOilCrypt 3000</string>
</property>
<property name="textInteractionFlags">
<set>Qt::TextSelectableByMouse</set>
</property>
</widget>
</item>
<item row="4" column="0">
<widget class="QLabel" name="detailsTag">
<property name="text">
<string>Details:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="4" column="1" colspan="2">
<widget class="QLabel" name="details">
<property name="text">
<string comment="KDE::DoNotExtract">Kx = DH, Auth = RSA, MAC = SHA1</string>
</property>
<property name="textInteractionFlags">
<set>Qt::TextSelectableByMouse</set>
</property>
</widget>
</item>
<item row="5" column="0">
<widget class="QLabel" name="sslVersionTag">
<property name="text">
<string>SSL version:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="5" column="1">
<widget class="QLabel" name="sslVersion">
<property name="text">
<string comment="KDE::DoNotExtract">ElboniaTLS v0.0.0</string>
</property>
<property name="textInteractionFlags">
<set>Qt::TextSelectableByMouse</set>
</property>
</widget>
</item>
<item row="6" column="0">
<widget class="QLabel" name="certSelectorTag">
<property name="text">
<string>Certificate chain:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="6" column="1">
<widget class="KComboBox" name="certSelector"/>
</item>
<item row="6" column="2">
<spacer>
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>239</width>
<height>16</height>
</size>
</property>
</spacer>
</item>
<item row="7" column="0" colspan="3">
<widget class="KTabWidget" name="certParties"/>
</item>
<item row="8" column="0">
<widget class="QLabel" name="trustedTag">
<property name="text">
<string>Trusted:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="8" column="1">
<widget class="QLabel" name="trusted">
<property name="text">
<string comment="KDE::DoNotExtract">Maybe... no.</string>
</property>
<property name="textInteractionFlags">
<set>Qt::TextSelectableByMouse</set>
</property>
</widget>
</item>
<item row="9" column="0">
<widget class="QLabel" name="validityPeriodTag">
<property name="text">
<string>Validity period:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="9" column="1" colspan="2">
<widget class="QLabel" name="validityPeriod">
<property name="text">
<string comment="KDE::DoNotExtract">August 34 2004 to Undecimber 0 2008</string>
</property>
<property name="textInteractionFlags">
<set>Qt::TextSelectableByMouse</set>
</property>
</widget>
</item>
<item row="10" column="0">
<widget class="QLabel" name="serialTag">
<property name="text">
<string>Serial number:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="10" column="1">
<widget class="QLabel" name="serial">
<property name="text">
<string comment="KDE::DoNotExtract">23</string>
</property>
<property name="textInteractionFlags">
<set>Qt::TextSelectableByMouse</set>
</property>
</widget>
</item>
<item row="11" column="0">
<widget class="QLabel" name="digestTag">
<property name="text">
<string>MD5 digest:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="11" column="1">
<widget class="QLabel" name="digest">
<property name="text">
<string/>
</property>
<property name="textInteractionFlags">
<set>Qt::TextSelectableByMouse</set>
</property>
</widget>
</item>
<item row="12" column="0">
<widget class="QLabel" name="sha1DigestTag">
<property name="text">
<string>SHA1 digest:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="12" column="1">
<widget class="QLabel" name="sha1Digest">
<property name="text">
<string comment="KDE::DoNotExtract">B4:DB:00:2E</string>
</property>
<property name="textInteractionFlags">
<set>Qt::TextSelectableByMouse</set>
</property>
</widget>
</item>
</layout>
</widget>
<customwidgets>
<customwidget>
<class>KComboBox</class>
<extends>QComboBox</extends>
<header>kcombobox.h</header>
</customwidget>
<customwidget>
<class>KTabWidget</class>
<extends>QTabWidget</extends>
<header>ktabwidget.h</header>
<container>1</container>
</customwidget>
<customwidget>
<class>KSqueezedTextLabel</class>
<extends>QLabel</extends>
<header>ksqueezedtextlabel.h</header>
</customwidget>
</customwidgets>
<resources/>
<connections/>
</ui>

205
kio/kssl/sslui.cpp
View file

@ -1,205 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2009 Andreas Hartmetz <ahartmetz@gmail.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include "sslui.h"
#include <kdebug.h>
#include <klocalizedstring.h>
#include <kmessagebox.h>
#include <ksslcertificatemanager.h>
#include <ksslinfodialog.h>
#include <QSslCipher>
#include <QHostAddress>
namespace KIO {
namespace SslUi {
// TODO: remove private data class
class KSslErrorUiData::Private
{
public:
static const KSslErrorUiData::Private *get(const KSslErrorUiData *uiData)
{ return uiData->d; }
QList<QSslCertificate> certificateChain;
QList<QSslError> sslErrors; // parallel list to certificateChain
QString ip;
QString host;
QString sslProtocol;
QString cipher;
int usedBits;
int bits;
};
KSslErrorUiData::KSslErrorUiData()
: d(new Private())
{
d->usedBits = 0;
d->bits = 0;
}
KSslErrorUiData::KSslErrorUiData(const QSslSocket *socket)
: d(new Private())
{
d->certificateChain = socket->peerCertificateChain();
d->sslErrors = socket->sslErrors();
d->ip = socket->peerAddress().toString();
d->host = socket->peerName();
if (socket->isEncrypted()) {
d->sslProtocol = socket->sessionCipher().protocolString();
}
d->cipher = socket->sessionCipher().name();
d->usedBits = socket->sessionCipher().usedBits();
d->bits = socket->sessionCipher().supportedBits();
}
KSslErrorUiData::KSslErrorUiData(const KSslErrorUiData &other)
: d(new Private(*other.d))
{}
KSslErrorUiData::~KSslErrorUiData()
{
delete d;
}
KSslErrorUiData &KSslErrorUiData::operator=(const KSslErrorUiData &other)
{
*d = *other.d;
return *this;
}
bool askIgnoreSslErrors(const QSslSocket *socket, RulesStorage storedRules)
{
KSslErrorUiData uiData(socket);
return askIgnoreSslErrors(uiData, storedRules);
}
bool askIgnoreSslErrors(const KSslErrorUiData &uiData, RulesStorage storedRules)
{
const KSslErrorUiData::Private *ud = KSslErrorUiData::Private::get(&uiData);
if (ud->sslErrors.isEmpty()) {
return true;
}
QList<QSslError> fatalErrors = KSslCertificateManager::nonIgnorableErrors(ud->sslErrors);
if (!fatalErrors.isEmpty()) {
//TODO message "sorry, fatal error, you can't override it"
return false;
}
if (ud->certificateChain.isEmpty()) {
// SSL without certificates is quite useless and should never happen
KMessageBox::sorry(0, i18n("The remote host did not send any SSL certificates.\n"
"Aborting because the identity of the host cannot be established."));
return false;
}
KSslCertificateManager *const cm = KSslCertificateManager::self();
KSslCertificateRule rule(ud->certificateChain.first(), ud->host);
if (storedRules & RecallRules) {
rule = cm->rule(ud->certificateChain.first(), ud->host);
// remove previously seen and acknowledged errors
QList<QSslError> remainingErrors = rule.filterErrors(ud->sslErrors);
if (remainingErrors.isEmpty()) {
kDebug(7029) << "Error list empty after removing errors to be ignored. Continuing.";
return true;
}
}
//### We don't ask to permanently reject the certificate
QString message = i18n("The server failed the authenticity check (%1).\n\n", ud->host);
foreach (const QSslError &err, ud->sslErrors) {
message.append(err.errorString());
message.append('\n');
}
message = message.trimmed();
int msgResult;
do {
msgResult = KMessageBox::warningYesNoCancel(0, message, i18n("Server Authentication"),
KGuiItem(i18n("&Details"), "help-about"),
KGuiItem(i18n("Co&ntinue"), "arrow-right"));
if (msgResult == KMessageBox::Yes) {
//Details was chosen - show the certificate and error details
QList<QList<QSslError::SslError> > meh; // parallel list to cert list :/
foreach (const QSslCertificate &cert, ud->certificateChain) {
QList<QSslError::SslError> errors;
foreach(const QSslError &error, ud->sslErrors) {
if (error.certificate() == cert) {
// we keep only the error code enum here
errors.append(error.error());
}
}
meh.append(errors);
}
KSslInfoDialog *dialog = new KSslInfoDialog();
dialog->setSslInfo(ud->certificateChain, ud->ip, ud->host, ud->sslProtocol,
ud->cipher, ud->usedBits, ud->bits, meh);
dialog->exec();
} else if (msgResult == KMessageBox::Cancel) {
return false;
}
//fall through on KMessageBox::No
} while (msgResult == KMessageBox::Yes);
if (storedRules & StoreRules) {
//Save the user's choice to ignore the SSL errors.
msgResult = KMessageBox::warningYesNo(0,
i18n("Would you like to accept this "
"certificate forever without "
"being prompted?"),
i18n("Server Authentication"),
KGuiItem(i18n("&Forever"), "flag-green"),
KGuiItem(i18n("&Current Session only"), "chronometer"));
QDateTime ruleExpiry = QDateTime::currentDateTime();
if (msgResult == KMessageBox::Yes) {
//accept forever ("for a very long time")
ruleExpiry = ruleExpiry.addYears(1000);
} else {
//accept "for a short time", half an hour.
ruleExpiry = ruleExpiry.addSecs(30*60);
}
//TODO special cases for wildcard domain name in the certificate!
//rule = KSslCertificateRule(d->socket.peerCertificateChain().first(), whatever);
rule.setExpiryDateTime(ruleExpiry);
rule.setIgnoredErrors(ud->sslErrors);
cm->setRule(rule);
}
return true;
}
}
}

74
kio/kssl/sslui.h
View file

@ -1,74 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2009 Andreas Hartmetz <ahartmetz@gmail.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSLUI_H
#define KSSLUI_H
#include <kio/kio_export.h>
#include <QSslSocket>
namespace KIO {
namespace SslUi {
/**
* This class can hold all the necessary data from a KTcpSocket to ask the user
* to continue connecting in the face of SSL errors.
* It can be used to carry the data for the UI over time or over thread boundaries.
*
* @see: KSslCertificateManager::askIgnoreSslErrors()
*/
class KIO_EXPORT KSslErrorUiData
{
public:
/**
* Default construct an instance with no useful data.
*/
KSslErrorUiData();
/**
* Create an instance and initialize it with SSL error data from @p socket.
*/
KSslErrorUiData(const QSslSocket *socket);
KSslErrorUiData(const KSslErrorUiData &other);
KSslErrorUiData &operator=(const KSslErrorUiData &);
/**
* Destructor
* @since 4.7
*/
~KSslErrorUiData();
class Private;
private:
friend class Private;
Private *const d;
};
enum RulesStorage {
RecallRules = 1, ///< apply stored certificate rules (typically ignored errors)
StoreRules = 2, ///< make new ignore rules from the user's choice and store them
RecallAndStoreRules = 3 ///< apply stored rules and store new rules
};
bool KIO_EXPORT askIgnoreSslErrors(const QSslSocket *socket,
RulesStorage storedRules = RecallAndStoreRules);
bool KIO_EXPORT askIgnoreSslErrors(const KSslErrorUiData &uiData,
RulesStorage storedRules = RecallAndStoreRules);
}
}
#endif