Katana_mirror/kdelibs
1
0
Fork 0
mirror of https://bitbucket.org/smil3y/kdelibs.git synced 2025-02-24 02:42:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

generic: remove redundant kssl bits

Browse source 
Signed-off-by: Ivailo Monev <xakepa10@gmail.com>
This commit is contained in:
Ivailo Monev 2016-04-02 07:17:17 +00:00
parent b355dff926
commit 891e7c14da
54 changed files with 1 additions and 13601 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
kdecore/network/kssld/kssld.cpp
View file

@ -35,12 +35,8 @@
#include <kpluginfactory.h>
#include <kpluginloader.h>
K_PLUGIN_FACTORY(KSSLDFactory, registerPlugin<KSSLD>();)
K_EXPORT_PLUGIN(KSSLDFactory("kssld"))
//KDE_EXPORT void *__kde_do_unload; // TODO re-add support for this?
class KSSLDPrivate
{

15
kio/CMakeLists.txt
View file

@ -234,16 +234,7 @@ set(kssl_STAT_SRCS
kssl/sslui.cpp
kssl/ksslcertificatebox.cpp
kssl/ksslinfodialog.cpp
# below is what's left of KDE2/3 SSL code, still required for certificate chain validation
# by hand and for key generation. Network code has been removed.
kssl/kopenssl.cpp
kssl/kssl.cpp
kssl/ksslcertchain.cpp
kssl/ksslcertificate.cpp
kssl/ksslkeygen.cpp
kssl/ksslsettings.cpp
kssl/ksslutils.cpp
kssl/ksslx509v3.cpp
)
@ -457,9 +448,3 @@ install(
kio/accept-languages.codes
DESTINATION ${CONFIG_INSTALL_DIR}
)
install(
FILES
kssl/ca-bundle.crt DESTINATION
${DATA_INSTALL_DIR}/kssl
)

3988
kio/kssl/ca-bundle.crt
View file

File diff suppressed because it is too large Load diff

58
kio/kssl/keygenwizard.ui
View file

@ -1,58 +0,0 @@
<ui version="4.0" >
<author>George Staikos &lt;staikos@kde.org></author>
<class>KGWizardPage1</class>
<widget class="QWidget" name="KGWizardPage1" >
<property name="geometry" >
<rect>
<x>0</x>
<y>0</y>
<width>621</width>
<height>98</height>
</rect>
</property>
<layout class="QGridLayout" >
<property name="leftMargin" >
<number>11</number>
</property>
<property name="topMargin" >
<number>11</number>
</property>
<property name="rightMargin" >
<number>11</number>
</property>
<property name="bottomMargin" >
<number>11</number>
</property>
<property name="horizontalSpacing" >
<number>6</number>
</property>
<property name="verticalSpacing" >
<number>6</number>
</property>
<item row="0" column="0" >
<widget class="QLabel" name="TextLabel1" >
<property name="text" >
<string>You have indicated that you wish to obtain or purchase a secure certificate. This wizard is intended to guide you through the procedure. You may cancel at any time, and this will abort the transaction.</string>
</property>
<property name="textFormat" >
<enum>Qt::RichText</enum>
</property>
<property name="scaledContents" >
<bool>false</bool>
</property>
<property name="alignment" >
<set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter</set>
</property>
<property name="wordWrap" >
<bool>true</bool>
</property>
</widget>
</item>
</layout>
</widget>
<includes>
<include location="global" >kdialog.h</include>
</includes>
<resources/>
<connections/>
</ui>

83
kio/kssl/keygenwizard2.ui
View file

@ -1,83 +0,0 @@
<ui version="4.0" >
<author>George Staikos &lt;staikos@kde.org></author>
<class>KGWizardPage2</class>
<widget class="QWidget" name="KGWizardPage2" >
<property name="geometry" >
<rect>
<x>0</x>
<y>0</y>
<width>492</width>
<height>156</height>
</rect>
</property>
<layout class="QGridLayout" >
<property name="leftMargin" >
<number>11</number>
</property>
<property name="topMargin" >
<number>11</number>
</property>
<property name="rightMargin" >
<number>11</number>
</property>
<property name="bottomMargin" >
<number>11</number>
</property>
<property name="horizontalSpacing" >
<number>6</number>
</property>
<property name="verticalSpacing" >
<number>6</number>
</property>
<item row="0" column="0" colspan="2" >
<widget class="QLabel" name="TextLabel4" >
<property name="text" >
<string>You must now provide a password for the certificate request. Please choose a very secure password as this will be used to encrypt your private key.</string>
</property>
<property name="alignment" >
<set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter</set>
</property>
<property name="wordWrap" >
<bool>true</bool>
</property>
</widget>
</item>
<item row="2" column="0" >
<widget class="QLabel" name="TextLabel6" >
<property name="text" >
<string>&amp;Repeat password:</string>
</property>
<property name="buddy" >
<cstring>_password2</cstring>
</property>
</widget>
</item>
<item row="1" column="0" >
<widget class="QLabel" name="TextLabel5" >
<property name="text" >
<string>&amp;Choose password:</string>
</property>
<property name="buddy" >
<cstring>_password1</cstring>
</property>
</widget>
</item>
<item row="1" column="1" >
<widget class="KLineEdit" name="_password1" >
<property name="echoMode" >
<enum>QLineEdit::Password</enum>
</property>
</widget>
</item>
<item row="2" column="1" >
<widget class="KLineEdit" name="_password2" >
<property name="echoMode" >
<enum>QLineEdit::Password</enum>
</property>
</widget>
</item>
</layout>
</widget>
<resources/>
<connections/>
</ui>

1557
kio/kssl/kopenssl.cpp
View file

File diff suppressed because it is too large Load diff

894
kio/kssl/kopenssl.h
View file

@ -1,894 +0,0 @@
/* This file is part of the KDE libraries
Copyright (C) 2001-2003 George Staikos <staikos@kde.org>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
License version 2 as published by the Free Software Foundation.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Library General Public License
along with this library; see the file COPYING.LIB. If not, write to
the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA.
*/
// IF YOU ARE USING THIS CLASS, YOU ARE MAKING A MISTAKE.
#ifndef KOPENSSLPROXY_H
#define KOPENSSLPROXY_H
#define KOSSL KOpenSSLProxy
class KOpenSSLProxyPrivate;
#include <kio/kio_export.h>
#include <ksslconfig.h>
#ifdef KSSL_HAVE_SSL
#define crypt _openssl_crypt
#include <openssl/ssl.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/pem.h>
#include <openssl/bio.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
#include <openssl/pkcs7.h>
#include <openssl/pkcs12.h>
#include <openssl/evp.h>
#include <openssl/stack.h>
#include <openssl/bn.h>
#undef crypt
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
#define STACK _STACK
#define OSSL_SKVALUE_RTYPE void
#define OSSL_MORECONST const
#else
#define OSSL_SKVALUE_RTYPE char
#define OSSL_MORECONST
#endif
#endif
/**
* Dynamically load and wrap OpenSSL.
*
* @author George Staikos <staikos@kde.org>
* @see KSSL
* @short KDE OpenSSL Wrapper
* @internal
*/
class KOpenSSLProxy {
public:
/**
* Return an instance of class KOpenSSLProxy *
* You cannot delete this object. It is a singleton class.
*/
static KOpenSSLProxy *self();
/**
* Return true of libcrypto was found and loaded
*/
bool hasLibCrypto() const;
/**
* Return true of libssl was found and loaded
*/
bool hasLibSSL() const;
/**
* Destroy the class and start over - don't use this unless you know
* what you are doing.
*/
void destroy();
// Here are the symbols that we need.
#ifdef KSSL_HAVE_SSL
/*
* SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server
*/
int SSL_connect(SSL *ssl);
/*
* SSL_accept - initiate the TLS/SSL handshake with an TLS/SSL server
*/
int SSL_accept(SSL *ssl);
/*
* SSL_get_error - get the error code
*/
int SSL_get_error(SSL *ssl, int rc);
/*
* SSL_read - read bytes from a TLS/SSL connection.
*/
int SSL_read(SSL *ssl, void *buf, int num);
/*
* SSL_write - write bytes to a TLS/SSL connection.
*/
int SSL_write(SSL *ssl, const void *buf, int num);
/*
* SSL_new - create a new SSL structure for a connection
*/
SSL *SSL_new(SSL_CTX *ctx);
/*
* SSL_free - free an allocated SSL structure
*/
void SSL_free(SSL *ssl);
/*
* SSL_shutdown - shutdown an allocated SSL connection
*/
int SSL_shutdown(SSL *ssl);
/*
* SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions
*/
SSL_CTX *SSL_CTX_new(SSL_METHOD *method);
/*
* SSL_CTX_free - free an allocated SSL_CTX object
*/
void SSL_CTX_free(SSL_CTX *ctx);
/*
* SSL_set_fd - connect the SSL object with a file descriptor
*/
int SSL_set_fd(SSL *ssl, int fd);
/*
* SSL_pending - obtain number of readable bytes buffered in an SSL object
*/
int SSL_pending(SSL *ssl);
/*
* SSL_peek - obtain bytes buffered in an SSL object
*/
int SSL_peek(SSL *ssl, void *buf, int num);
/*
* SSL_CTX_set_cipher_list - choose list of available SSL_CIPHERs
*/
int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str);
/*
* SSL_CTX_set_verify - set peer certificate verification parameters
*/
void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
int (*verify_callback)(int, X509_STORE_CTX *));
/*
* SSL_use_certificate - load certificate
*/
int SSL_use_certificate(SSL *ssl, X509 *x);
/*
* SSL_get_current_cipher - get SSL_CIPHER of a connection
*/
SSL_CIPHER *SSL_get_current_cipher(SSL *ssl);
/*
* SSL_set_options - manipulate SSL engine options
* Note: These are all mapped to SSL_ctrl so call them as the comment
* specifies but know that they use SSL_ctrl. They are #define
* so they will map to the one in this class if called as a
* member function of this class.
*/
/* long SSL_set_options(SSL *ssl, long options); */
/* Returns 0 if not reused, 1 if session id is reused */
/* int SSL_session_reused(SSL *ssl); */
long SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg);
/*
* RAND_egd - set the path to the EGD
*/
int RAND_egd(const char *path);
/*
* RAND_file_name
*/
const char *RAND_file_name(char *buf, size_t num);
/*
* RAND_load_file
*/
int RAND_load_file(const char *filename, long max_bytes);
/*
* RAND_write_file
*/
int RAND_write_file(const char *filename);
/*
* TLSv1_client_method - return a TLSv1 client method object
*/
SSL_METHOD *TLSv1_client_method();
/*
* SSLv23_client_method - return a SSLv23 client method object
*/
SSL_METHOD *SSLv23_client_method();
/*
* SSL_get_peer_certificate - return the peer's certificate
*/
X509 *SSL_get_peer_certificate(SSL *s);
/*
* SSL_get_peer_cert_chain - get the peer's certificate chain
*/
STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s);
/*
* SSL_CIPHER_get_bits - get the number of bits in this cipher
*/
int SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits);
/*
* SSL_CIPHER_get_version - get the version of this cipher
*/
char *SSL_CIPHER_get_version(SSL_CIPHER *c);
/*
* SSL_CIPHER_get_name - get the name of this cipher
*/
const char *SSL_CIPHER_get_name(SSL_CIPHER *c);
/*
* SSL_CIPHER_description - get the description of this cipher
*/
char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
/*
* SSL_CTX_use_PrivateKey - set the private key for the session.
* - for use with client certificates
*/
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
/*
* SSL_CTX_use_certificate - set the client certificate for the session.
*/
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
/*
* d2i_X509 - Convert a text representation of X509 to an X509 object
*/
X509 * d2i_X509(X509 **a,unsigned char **pp,long length);
/*
* i2d_X509 - Convert an X509 object into a text representation
*/
int i2d_X509(X509 *a,unsigned char **pp);
/*
* X509_cmp - compare two X509 objects
*/
int X509_cmp(X509 *a, X509 *b);
/*
* X509_dup - duplicate an X509 object
*/
X509 *X509_dup(X509 *x509);
/*
* X509_STORE_CTX_new - create an X509 store context
*/
X509_STORE_CTX *X509_STORE_CTX_new(void);
/*
* X509_STORE_CTX_free - free up an X509 store context
*/
void X509_STORE_CTX_free(X509_STORE_CTX *v);
/*
* X509_STORE_CTX_set_chain - set the certificate chain
*/
void X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x);
/*
* X509_STORE_CTX_set_purpose - set the purpose of the certificate
*/
void X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose);
/*
* X509_verify_cert - verify the certificate
*/
int X509_verify_cert(X509_STORE_CTX *v);
/*
* X509_STORE_new - create an X509 store
*/
X509_STORE *X509_STORE_new(void);
/*
* X509_STORE_free - free up an X509 store
*/
void X509_STORE_free(X509_STORE *v);
/*
* X509_free - free up an X509
*/
void X509_free(X509 *v);
/*
* X509_NAME_oneline - return the X509 data in a string
*/
char *X509_NAME_oneline(X509_NAME *a, char *buf, int size);
/*
* X509_get_subject_name - return the X509_NAME for the subject field
*/
X509_NAME *X509_get_subject_name(X509 *a);
/*
* X509_get_issuer_name - return the X509_NAME for the issuer field
*/
X509_NAME *X509_get_issuer_name(X509 *a);
/*
* X509_STORE_add_lookup - add a lookup file/method to an X509 store
*/
X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
/*
* X509_LOOKUP_file - Definition of the LOOKUP_file method
*/
X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
/*
* X509_LOOKUP_free - Free an X509_LOOKUP
*/
void X509_LOOKUP_free(X509_LOOKUP *x);
/*
* X509_LOOKUP_ctrl - This is not normally called directly (use macros)
*/
int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret);
/*
* X509_STORE_CTX_init - initialize an X509 STORE context
*/
void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain);
/*
* CRYPTO_free - free up an internally allocated object
*/
void CRYPTO_free(void *x);
/*
* BIO_new - create new BIO
*/
BIO *BIO_new(BIO_METHOD *type);
/*
* BIO methods - only one defined here yet
*/
BIO_METHOD *BIO_s_mem(void);
/*
* BIO_new_fp - nastiness called BIO - used to create BIO* from FILE*
*/
BIO *BIO_new_fp(FILE *stream, int close_flag);
/*
* BIO_new_mem_buf - read only BIO from memory region
*/
BIO *BIO_new_mem_buf(void *buf, int len);
/*
* BIO_free - nastiness called BIO - used to destroy BIO*
*/
int BIO_free(BIO *a);
/*
* BIO_ctrl - BIO control method
*/
long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
/*
* BIO_write - equivalent to ::write for BIO
*/
int BIO_write(BIO *b, const void *data, int len);
/*
* PEM_write_bio_X509 - write a PEM encoded cert to a BIO*
*/
int PEM_write_bio_X509(BIO *bp, X509 *x);
/*
* ASN1_item_i2d_fp - used for netscape output
*/
int ASN1_item_i2d_fp(FILE *out, unsigned char *x);
/*
* ASN1_d2i_fp - read an X509 from a DER encoded file (buf can be NULL)
*/
X509 *X509_d2i_fp(FILE *out, X509** buf);
/*
* X509_print - print the text form of an X509
*/
int X509_print(FILE *fp, X509 *x);
/*
* Read a PKCS#12 cert from fp
*/
PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
/*
* Change the password on a PKCS#12 cert
*/
int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
/*
* Write a PKCS#12 to mem
*/
int i2d_PKCS12(PKCS12 *p12, unsigned char **p);
/*
* Write a PKCS#12 to FILE*
*/
int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
/*
* Create a new PKCS#12 object
*/
PKCS12 *PKCS12_new(void);
/*
* Destroy that PKCS#12 that you created!
*/
void PKCS12_free(PKCS12 *a);
/*
* Parse the PKCS#12
*/
int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey,
X509 **cert, STACK_OF(X509) **ca);
/*
* Free the Private Key
*/
void EVP_PKEY_free(EVP_PKEY *x);
/*
* Pop off the stack
*/
char *sk_pop(STACK *s);
/*
* Free the stack
*/
void sk_free(STACK *s);
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
void sk_free(void *s) { return sk_free(reinterpret_cast<STACK*>(s)); }
#endif
/*
* Number of elements in the stack
*/
int sk_num(STACK *s);
/*
* Value of element n in the stack
*/
char *sk_value(STACK *s, int n);
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
char *sk_value(void *s, int n) { return sk_value(reinterpret_cast<STACK*>(s), n); }
#endif
/*
* Create a new stack
*/
STACK *sk_new(int (*cmp)());
/*
* Add an element to the stack
*/
int sk_push(STACK *s, char *d);
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
int sk_push(void *s, void *d) { return sk_push(reinterpret_cast<STACK*>(s), reinterpret_cast<char*>(d)); }
#endif
/*
* Duplicate the stack
*/
STACK *sk_dup(STACK *s);
/*
* Convert an ASN1_INTEGER to its text form
*/
char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
/*
* Get the certificate's serial number
*/
ASN1_INTEGER *X509_get_serialNumber(X509 *x);
/*
* Get the certificate's public key
*/
EVP_PKEY *X509_get_pubkey(X509 *x);
/*
* Convert the public key to a decimal form
*/
int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
/*
* Check the private key of a PKCS bundle against the X509
*/
int X509_check_private_key(X509 *x, EVP_PKEY *p);
/*
* Convert a BIGNUM to a hex string
*/
char *BN_bn2hex(const BIGNUM *a);
/*
* Compute the digest of an X.509
*/
int X509_digest(const X509 *x,const EVP_MD *t, unsigned char *md, unsigned int *len);
/*
* EVP_md5
*/
EVP_MD *EVP_md5();
/*
* ASN1_INTEGER free
*/
void ASN1_INTEGER_free(ASN1_INTEGER *x);
/*
* ASN1_STRING_data
*/
unsigned char *ASN1_STRING_data(ASN1_STRING *x);
/*
* ASN1_STRING_length
*/
int ASN1_STRING_length(ASN1_STRING *x);
/*
*
*/
int OBJ_obj2nid(ASN1_OBJECT *o);
/*
*
*/
const char * OBJ_nid2ln(int n);
/*
* get the number of extensions
*/
int X509_get_ext_count(X509 *x);
/*
*
*/
int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
/*
*
*/
int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
/*
*
*/
X509_EXTENSION *X509_get_ext(X509 *x, int loc);
/*
*
*/
X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
/*
*
*/
int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
/*
*
*/
void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
/*
*
*/
char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
/*
*
*/
int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
/*
*
*/
PKCS7 *PKCS7_new(void);
/*
*
*/
void PKCS7_free(PKCS7 *a);
/*
*
*/
void PKCS7_content_free(PKCS7 *a);
/*
*
*/
int i2d_PKCS7(PKCS7 *a, unsigned char **pp);
/*
*
*/
PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp,long length);
/*
*
*/
int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
/*
*
*/
PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7);
/*
*
*/
int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
/*
*
*/
PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7);
/*
*
*/
PKCS7 *PKCS7_dup(PKCS7 *p7);
/*
* Create a PKCS7 signature / signed message
*/
PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
BIO *data, int flags);
/*
* Verify a PKCS7 signature.
*/
int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
BIO *indata, BIO *out, int flags);
/*
* Get signers of a verified PKCS7 signature
*/
STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
/*
* PKCS7 encrypt message
*/
PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher,
int flags);
/*
* decrypt PKCS7 message
*/
int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
/*
* Load a CA list file.
*/
STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
/*
* Load a file of PEM encoded objects.
*/
STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
pem_password_cb *cb, void *u);
/*
* Get the number of purposes available
*/
int X509_PURPOSE_get_count();
/*
* Get the ID of a purpose
*/
int X509_PURPOSE_get_id(X509_PURPOSE *);
/*
* Check the existence of purpose id "id" in x. for CA, set ca = 1, else 0
*/
int X509_check_purpose(X509 *x, int id, int ca);
/*
* Get the purpose with index #idx
*/
X509_PURPOSE * X509_PURPOSE_get0(int idx);
/*
* Create a new Private KEY
*/
EVP_PKEY* EVP_PKEY_new();
/*
* Assign a private key
*/
int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key);
/*
* Generate a RSA key
*/
RSA *RSA_generate_key(int bits, unsigned long e, void
(*callback)(int,int,void *), void *cb_arg);
/*
* Create/destroy a certificate request
*/
X509_REQ *X509_REQ_new();
void X509_REQ_free(X509_REQ *a);
/*
* Set the public key in the REQ object
*/
int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
/* for testing */
int i2d_X509_REQ_fp(FILE *fp, X509_REQ *x);
/* SMime support */
STACK *X509_get1_email(X509 *x);
void X509_email_free(STACK *sk);
/* Ciphers needed for SMime */
EVP_CIPHER *EVP_des_ede3_cbc();
EVP_CIPHER *EVP_des_cbc();
EVP_CIPHER *EVP_rc2_cbc();
EVP_CIPHER *EVP_rc2_64_cbc();
EVP_CIPHER *EVP_rc2_40_cbc();
/* clear the current error - use this often*/
void ERR_clear_error();
/* retrieve the latest error */
unsigned long ERR_get_error();
/* Print the errors to this stream */
void ERR_print_errors_fp(FILE *fp);
/* Get a pointer to the SSL session id (reference counted) */
SSL_SESSION *SSL_get1_session(SSL *ssl);
/* Frees a pointer to the SSL session id (reference decremented if needed) */
void SSL_SESSION_free(SSL_SESSION *session);
/* Set the SSL session to reuse. */
int SSL_set_session(SSL *ssl, SSL_SESSION *session);
/* Decode ASN.1 to SSL_SESSION */
SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, long length);
/* Encode SSL_SESSION to ASN.1 */
int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
/* Write privatekey to FILE stream */
int i2d_PrivateKey_fp(FILE*, EVP_PKEY*);
/* Write PKCS#8privatekey to FILE stream */
int i2d_PKCS8PrivateKey_fp(FILE*, EVP_PKEY*, const EVP_CIPHER*, char*, int, pem_password_cb*, void*);
/* Free RSA structure */
void RSA_free(RSA*);
/* Get a blowfish CBC pointer */
EVP_CIPHER *EVP_bf_cbc();
/* Sign a CSR */
int X509_REQ_sign(X509_REQ*, EVP_PKEY*, const EVP_MD*);
/* add a name entry */
int X509_NAME_add_entry_by_txt(X509_NAME*, char*, int, unsigned char*, int, int, int);
/* Create a name */
X509_NAME *X509_NAME_new();
/* Set the subject */
int X509_REQ_set_subject_name(X509_REQ*,X509_NAME*);
/* get list of available SSL_CIPHER's sorted by preference */
STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL* ssl);
#endif
private:
friend class KOpenSSLProxyPrivate;
KOpenSSLProxy();
~KOpenSSLProxy();
KOpenSSLProxyPrivate * const d;
};
#endif

422
kio/kssl/ksmimecrypto.cpp
View file

@ -1,422 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2003 Stefan Rompf <sux@loplof.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include "ksmimecrypto.h"
#include <QtCore/QList>
#include <QtCore/QString>
#include <kdebug.h>
#include "kopenssl.h"
#include "ksslcertificate.h"
#include "ksslpkcs12.h"
// this hack provided by Malte Starostik to avoid glibc/openssl bug
// on some systems
#ifdef KSSL_HAVE_SSL
#define crypt _openssl_crypt
#include <openssl/err.h>
#undef crypt
#endif
// forward included macros to KOpenSSLProxy
#define sk_new kossl->sk_new
#define sk_free kossl->sk_free
#define sk_push kossl->sk_push
#define sk_value kossl->sk_value
#define sk_num kossl->sk_num
#define BIO_ctrl kossl->BIO_ctrl
#ifdef KSSL_HAVE_SSL
static const char eot = 0;
class KSMIMECryptoPrivate {
KOpenSSLProxy *kossl;
public:
KSMIMECryptoPrivate(KOpenSSLProxy *kossl);
STACK_OF(X509) *certsToX509(const QList<KSSLCertificate *> &certs);
KSMIMECrypto::rc signMessage(BIO *clearText,
BIO *cipherText,
KSSLPKCS12 &privKey, QList<KSSLCertificate *> &certs,
bool detached);
KSMIMECrypto::rc encryptMessage(BIO *clearText,
BIO *cipherText, KSMIMECrypto::algo algorithm,
QList<KSSLCertificate *> &recip);
KSMIMECrypto::rc checkSignature(BIO *clearText,
BIO *signature, bool detached,
QList<KSSLCertificate *> &recip);
KSMIMECrypto::rc decryptMessage(BIO *cipherText,
BIO *clearText,
KSSLPKCS12 &privKey);
void MemBIOToQByteArray(BIO *src, QByteArray &dest);
KSMIMECrypto::rc sslErrToRc(void);
};
KSMIMECryptoPrivate::KSMIMECryptoPrivate(KOpenSSLProxy *kossl): kossl(kossl) {
}
STACK_OF(X509) *KSMIMECryptoPrivate::certsToX509(const QList<KSSLCertificate *> &certs) {
STACK_OF(X509) *x509 = sk_new(NULL);
foreach(KSSLCertificate *cert, certs) {
sk_X509_push(x509, cert->getCert());
}
return x509;
}
KSMIMECrypto::rc KSMIMECryptoPrivate::signMessage(BIO *clearText,
BIO *cipherText,
KSSLPKCS12 &privKey, QList<KSSLCertificate *> &certs,
bool detached) {
STACK_OF(X509) *other = NULL;
KSMIMECrypto::rc rc;
int flags = detached?PKCS7_DETACHED:0;
if (certs.count()) other = certsToX509(certs);
PKCS7 *p7 = kossl->PKCS7_sign(privKey.getCertificate()->getCert(), privKey.getPrivateKey(),
other, clearText, flags);
if (other) sk_X509_free(other);
if (!p7) return sslErrToRc();
if (kossl->i2d_PKCS7_bio(cipherText, p7)) {
rc = KSMIMECrypto::KSC_R_OK;
} else {
rc = sslErrToRc();
}
kossl->PKCS7_free(p7);
return rc;
}
KSMIMECrypto::rc KSMIMECryptoPrivate::encryptMessage(BIO *clearText,
BIO *cipherText, KSMIMECrypto::algo algorithm,
QList<KSSLCertificate *> &recip) {
EVP_CIPHER *cipher = NULL;
KSMIMECrypto::rc rc;
switch(algorithm) {
case KSMIMECrypto::KSC_C_DES3_CBC:
cipher = kossl->EVP_des_ede3_cbc();
break;
case KSMIMECrypto::KSC_C_RC2_CBC_128:
cipher = kossl->EVP_rc2_cbc();
break;
case KSMIMECrypto::KSC_C_RC2_CBC_64:
cipher = kossl->EVP_rc2_64_cbc();
break;
case KSMIMECrypto::KSC_C_DES_CBC:
cipher = kossl->EVP_des_cbc();
break;
case KSMIMECrypto::KSC_C_RC2_CBC_40:
cipher = kossl->EVP_rc2_40_cbc();
break;
}
if (!cipher) return KSMIMECrypto::KSC_R_NOCIPHER;
STACK_OF(X509) *certs = certsToX509(recip);
PKCS7 *p7 = kossl->PKCS7_encrypt(certs, clearText, cipher, 0);
sk_X509_free(certs);
if (!p7) return sslErrToRc();
if (kossl->i2d_PKCS7_bio(cipherText, p7)) {
rc = KSMIMECrypto::KSC_R_OK;
} else {
rc = sslErrToRc();
}
kossl->PKCS7_free(p7);
return rc;
}
KSMIMECrypto::rc KSMIMECryptoPrivate::checkSignature(BIO *clearText,
BIO *signature, bool detached,
QList<KSSLCertificate *> &recip) {
PKCS7 *p7 = kossl->d2i_PKCS7_bio(signature, NULL);
KSMIMECrypto::rc rc = KSMIMECrypto::KSC_R_OTHER;
if (!p7) return sslErrToRc();
BIO *in;
BIO *out;
if (detached) {
in = clearText;
out = NULL;
} else {
in = NULL;
out = clearText;
}
X509_STORE *dummystore = kossl->X509_STORE_new();
if (kossl->PKCS7_verify(p7, NULL, dummystore, in, out, PKCS7_NOVERIFY)) {
STACK_OF(X509) *signers = kossl->PKCS7_get0_signers(p7, 0, PKCS7_NOVERIFY);
int num = sk_X509_num(signers);
for(int n=0; n<num; n++) {
KSSLCertificate *signer = KSSLCertificate::fromX509(sk_X509_value(signers, n));
recip.append(signer);
}
sk_X509_free(signers);
rc = KSMIMECrypto::KSC_R_OK;
} else {
rc = sslErrToRc();
}
kossl->X509_STORE_free(dummystore);
kossl->PKCS7_free(p7);
return rc;
}
KSMIMECrypto::rc KSMIMECryptoPrivate::decryptMessage(BIO *cipherText,
BIO *clearText,
KSSLPKCS12 &privKey) {
PKCS7 *p7 = kossl->d2i_PKCS7_bio(cipherText, NULL);
KSMIMECrypto::rc rc;
if (!p7) return sslErrToRc();
if (kossl->PKCS7_decrypt(p7, privKey.getPrivateKey(), privKey.getCertificate()->getCert(),
clearText, 0)) {
rc = KSMIMECrypto::KSC_R_OK;
} else {
rc = sslErrToRc();
}
kossl->PKCS7_free(p7);
return rc;
}
void KSMIMECryptoPrivate::MemBIOToQByteArray(BIO *src, QByteArray &dest) {
char *buf;
long len = BIO_get_mem_data(src, &buf);
dest = QByteArray(buf, len);
/* Now this goes quite a bit into openssl internals.
We assume that openssl uses malloc() (it does in
default config) and rip out the buffer.
*/
reinterpret_cast<BUF_MEM *>(src->ptr)->data = NULL;
}
KSMIMECrypto::rc KSMIMECryptoPrivate::sslErrToRc(void) {
unsigned long cerr = kossl->ERR_get_error();
// To be completed and possibly fixed
switch(ERR_GET_REASON(cerr)) {
case ERR_R_MALLOC_FAILURE:
return KSMIMECrypto::KSC_R_NOMEM;
}
switch(ERR_GET_LIB(cerr)) {
case ERR_LIB_PKCS7:
switch(ERR_GET_REASON(cerr)) {
case PKCS7_R_WRONG_CONTENT_TYPE:
case PKCS7_R_NO_CONTENT:
case PKCS7_R_NO_SIGNATURES_ON_DATA:
return KSMIMECrypto::KSC_R_FORMAT;
break;
case PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:
case PKCS7_R_DECRYPT_ERROR: // Hmm?
return KSMIMECrypto::KSC_R_WRONGKEY;
break;
case PKCS7_R_DIGEST_FAILURE:
return KSMIMECrypto::KSC_R_VERIFY;
default:
break;
}
break;
default:
break;
}
kDebug(7029) <<"KSMIMECrypto: uncaught error " <<ERR_GET_LIB(cerr)
<<" " <<ERR_GET_REASON(cerr) <<endl;
return KSMIMECrypto::KSC_R_OTHER;
}
#endif
KSMIMECrypto::KSMIMECrypto() {
#ifdef KSSL_HAVE_SSL
kossl = KOpenSSLProxy::self();
priv = new KSMIMECryptoPrivate(kossl);
if (!kossl->hasLibCrypto()) kossl = 0L;
#else
kossl = 0L;
priv = 0L;
#endif
}
KSMIMECrypto::~KSMIMECrypto() {
#ifdef KSSL_HAVE_SSL
delete priv;
#endif
}
KSMIMECrypto::rc KSMIMECrypto::signMessage(const QByteArray &clearText,
QByteArray &cipherText,
const KSSLPKCS12 &privKey,
const QList<KSSLCertificate *> &certs,
bool detached) {
#ifdef KSSL_HAVE_SSL
if (!kossl) return KSC_R_NO_SSL;
BIO *in = kossl->BIO_new_mem_buf((char *)clearText.data(), clearText.size());
BIO *out = kossl->BIO_new(kossl->BIO_s_mem());
rc rc = priv->signMessage(in, out,
const_cast<KSSLPKCS12 &>(privKey),
const_cast<QList<KSSLCertificate *> &>(certs),
detached);
if (!rc) priv->MemBIOToQByteArray(out, cipherText);
kossl->BIO_free(out);
kossl->BIO_free(in);
return rc;
#else
return KSC_R_NO_SSL;
#endif
}
KSMIMECrypto::rc KSMIMECrypto::checkDetachedSignature(const QByteArray &clearText,
const QByteArray &signature,
QList<KSSLCertificate *> &foundCerts) {
#ifdef KSSL_HAVE_SSL
if (!kossl) return KSC_R_NO_SSL;
BIO *txt = kossl->BIO_new_mem_buf((char *)clearText.data(), clearText.length());
BIO *sig = kossl->BIO_new_mem_buf((char *)signature.data(), signature.size());
rc rc = priv->checkSignature(txt, sig, true, foundCerts);
kossl->BIO_free(sig);
kossl->BIO_free(txt);
return rc;
#else
return KSC_R_NO_SSL;
#endif
}
KSMIMECrypto::rc KSMIMECrypto::checkOpaqueSignature(const QByteArray &signedText,
QByteArray &clearText,
QList<KSSLCertificate *> &foundCerts) {
#ifdef KSSL_HAVE_SSL
if (!kossl) return KSC_R_NO_SSL;
BIO *in = kossl->BIO_new_mem_buf((char *)signedText.data(), signedText.size());
BIO *out = kossl->BIO_new(kossl->BIO_s_mem());
rc rc = priv->checkSignature(out, in, false, foundCerts);
kossl->BIO_write(out, &eot, 1);
priv->MemBIOToQByteArray(out, clearText);
kossl->BIO_free(out);
kossl->BIO_free(in);
return rc;
#else
return KSC_R_NO_SSL;
#endif
}
KSMIMECrypto::rc KSMIMECrypto::encryptMessage(const QByteArray &clearText,
QByteArray &cipherText,
algo algorithm,
const QList<KSSLCertificate *> &recip) {
#ifdef KSSL_HAVE_SSL
if (!kossl) return KSC_R_NO_SSL;
BIO *in = kossl->BIO_new_mem_buf((char *)clearText.data(), clearText.size());
BIO *out = kossl->BIO_new(kossl->BIO_s_mem());
rc rc = priv->encryptMessage(in,out,algorithm,
const_cast< QList<KSSLCertificate *> &>(recip));
if (!rc) priv->MemBIOToQByteArray(out, cipherText);
kossl->BIO_free(out);
kossl->BIO_free(in);
return rc;
#else
return KSC_R_NO_SSL;
#endif
}
KSMIMECrypto::rc KSMIMECrypto::decryptMessage(const QByteArray &cipherText,
QByteArray &clearText,
const KSSLPKCS12 &privKey) {
#ifdef KSSL_HAVE_SSL
if (!kossl) return KSC_R_NO_SSL;
BIO *in = kossl->BIO_new_mem_buf((char *)cipherText.data(), cipherText.size());
BIO *out = kossl->BIO_new(kossl->BIO_s_mem());
rc rc = priv->decryptMessage(in,out,
const_cast<KSSLPKCS12 &>(privKey));
kossl->BIO_write(out, &eot, 1);
priv->MemBIOToQByteArray(out, clearText);
kossl->BIO_free(out);
kossl->BIO_free(in);
return rc;
#else
return KSC_R_NO_SSL;
#endif
}

127
kio/kssl/ksmimecrypto.h
View file

@ -1,127 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2003 Stefan Rompf <sux@loplof.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSMIMECRYPTO_H
#define KSMIMECRYPTO_H
#include <QtCore/QList>
#include "ksslpkcs12.h"
#include "ksslcertificate.h"
class KOpenSSLProxy;
class KSMIMECryptoPrivate;
class KIO_EXPORT KSMIMECrypto {
public:
KSMIMECrypto();
~KSMIMECrypto();
enum algo { KSC_C_DES3_CBC = 1,
KSC_C_RC2_CBC_128,
KSC_C_RC2_CBC_64,
KSC_C_DES_CBC,
KSC_C_RC2_CBC_40 };
enum rc { KSC_R_OK, /* everything ok */
KSC_R_OTHER, /* unspecified error */
KSC_R_NO_SSL, /* No crypto lib / compiled without SSL */
KSC_R_NOCIPHER, /* encryption cipher n/a */
KSC_R_NOMEM, /* out of memory */
KSC_R_FORMAT, /* wrong input data format */
KSC_R_WRONGKEY, /* wrong decryption/signature key */
KSC_R_VERIFY /* data does not match signature */
};
/**
* Sign a message
* @param clearText MIME representation of the message (part) to sign
* @param cipherText signature to append or signature block
* @param privKey private key/certificate to sign with
* @param certs additional certificates (may be empty)
* @param detached create detached or opaque signature
* @return 0 on success
*/
rc signMessage(const QByteArray &clearText,
QByteArray &cipherText,
const KSSLPKCS12 &privKey,
const QList<KSSLCertificate *> &certs,
bool detached);
/**
* Check a detached message signature
* Will check if messages matches signature and extract certificates
* Does not check certificates for validity!
* @param clearText MIME representation of signed message (without SIG)
* @param signature signature
* @param foundCerts certificates found in this message
* @return 0 on success
*/
rc checkDetachedSignature(const QByteArray &clearText,
const QByteArray &signature,
QList<KSSLCertificate *> &foundCerts);
/**
* Check an opaque signed message
* Will check if signature matches and extract message
* Does not check certificates for validity!
* @param signedText signed message block
* @param clearText cleartext of signed message
* @param foundCerts certificates found in this mesasge
* @return 0 on success
*/
rc checkOpaqueSignature(const QByteArray &signedText,
QByteArray &clearText,
QList<KSSLCertificate *> &foundCerts);
/**
* Encrypt a message
* encrypts a message for the given list of recipients and the
* selected algorithm. Note that any algorithm <128 bytes is
* insecure and should never be used, even if SMIME-2 requires
* only RC2-40
* @param clearText MIME representation of message to encrypt
* @param cipherText returned encrypted message
* @param algorithm encryption algorithm
* @param recip recipient certificates
* @return 0 on success
*/
rc encryptMessage(const QByteArray &clearText,
QByteArray &cipherText,
algo algorithm,
const QList<KSSLCertificate *> &recip);
/**
* Decrypt a message
* @param cipherText encrypted message block
* @param clearText returns decrypted message
* @param privKey private key to use
* @return 0 on success
*/
rc decryptMessage(const QByteArray &cipherText,
QByteArray &clearText,
const KSSLPKCS12 &privKey);
private:
KSMIMECryptoPrivate *priv;
KOpenSSLProxy *kossl;
};
#endif

214
kio/kssl/kssl.cpp
View file

@ -1,214 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include "kssl.h"
#include <config.h>
#include <ksslconfig.h>
// this hack provided by Malte Starostik to avoid glibc/openssl bug
// on some systems
#ifdef KSSL_HAVE_SSL
#include <unistd.h>
#include <netinet/in.h>
#include <sys/socket.h>
#define crypt _openssl_crypt
#include <openssl/ssl.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/pem.h>
#include <openssl/rand.h>
#undef crypt
#endif
#include <kdebug.h>
#include <kstandarddirs.h>
#include <kopenssl.h>
#include <ksslx509v3.h>
#include <ksslcertificate.h>
#include <klocale.h>
#include <QtNetwork/QAbstractSocket>
#ifdef __GNUC__
#warning "kssl.cc contains temporary functions! Clean up"
#warning "kssl.cc needs to be ported to QSslSocket"
#endif
#define sk_dup d->kossl->sk_dup
class KSSLPrivate {
public:
KSSLPrivate() {
kossl = KOpenSSLProxy::self();
}
~KSSLPrivate() {}
KSSLCertificate::KSSLValidation m_cert_vfy_res;
#ifdef KSSL_HAVE_SSL
SSL *m_ssl;
SSL_CTX *m_ctx;
SSL_METHOD *m_meth;
#endif
KOSSL *kossl;
};
KSSL::KSSL(bool init) {
d = new KSSLPrivate;
m_bInit = false;
m_bAutoReconfig = true;
m_cfg = new KSSLSettings();
#ifdef KSSL_HAVE_SSL
d->m_ssl = 0L;
#endif
if (init)
initialize();
}
KSSL::~KSSL() {
close();
delete m_cfg;
delete d;
}
int KSSL::seedWithEGD() {
int rc = 0;
#ifdef KSSL_HAVE_SSL
if (m_cfg->useEGD() && !m_cfg->getEGDPath().isEmpty()) {
rc = d->kossl->RAND_egd(m_cfg->getEGDPath().toLatin1().constData());
if (rc < 0)
kDebug(7029) << "KSSL: Error seeding PRNG with the EGD.";
else kDebug(7029) << "KSSL: PRNG was seeded with " << rc
<< " bytes from the EGD." << endl;
} else if (m_cfg->useEFile() && !m_cfg->getEGDPath().isEmpty()) {
rc = d->kossl->RAND_load_file(m_cfg->getEGDPath().toLatin1().constData(), -1);
if (rc < 0)
kDebug(7029) << "KSSL: Error seeding PRNG with the entropy file.";
else kDebug(7029) << "KSSL: PRNG was seeded with " << rc
<< " bytes from the entropy file." << endl;
}
#endif
return rc;
}
bool KSSL::initialize() {
#ifdef KSSL_HAVE_SSL
kDebug(7029) << "KSSL initialize";
if (m_bInit)
return false;
if (m_bAutoReconfig)
m_cfg->load();
seedWithEGD();
d->m_meth = d->kossl->SSLv23_client_method();
d->m_ctx = d->kossl->SSL_CTX_new(d->m_meth);
if (d->m_ctx == 0L) {
return false;
}
// set cipher list
QString clist = m_cfg->getCipherList();
kDebug(7029) << "Cipher list: " << clist;
if (!clist.isEmpty())
d->kossl->SSL_CTX_set_cipher_list(d->m_ctx, const_cast<char *>(clist.toLatin1().constData()));
m_bInit = true;
return true;
#else
return false;
#endif
}
void KSSL::close() {
#ifdef KSSL_HAVE_SSL
//kDebug(7029) << "KSSL close";
if (!m_bInit)
return;
if (d->m_ssl) {
d->kossl->SSL_shutdown(d->m_ssl);
d->kossl->SSL_free(d->m_ssl);
d->m_ssl = 0L;
}
d->kossl->SSL_CTX_free(d->m_ctx);
if (m_cfg->useEFile() && !m_cfg->getEGDPath().isEmpty()) {
d->kossl->RAND_write_file(m_cfg->getEGDPath().toLatin1().constData());
}
m_bInit = false;
#endif
}
bool KSSL::reInitialize() {
close();
return initialize();
}
// get the callback file - it's hidden away in here
//#include "ksslcallback.c"
bool KSSL::reconfig() {
return reInitialize();
}
void KSSL::setAutoReconfig(bool ar) {
m_bAutoReconfig = ar;
}
bool KSSL::setSettings(KSSLSettings *settings) {
delete m_cfg;
m_cfg = settings;
return reconfig();
}
KSSLSettings * KSSL::settings()
{
return m_cfg;
}
#ifdef KSSL_HAVE_SSL
bool KSSL::m_bSSLWorks = true;
#else
bool KSSL::m_bSSLWorks = false;
#endif
bool KSSL::doesSSLWork() {
return m_bSSLWorks;
}
#undef sk_dup

169
kio/kssl/kssl.h
View file

@ -1,169 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000-2005 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSL_H
#define KSSL_H
#include <ksslsettings.h>
class QIODevice;
class KSSLPrivate;
class KSSLSession;
/**
* KDE SSL Wrapper Class
*
* This class implements KDE's SSL support by wrapping OpenSSL.
*
* @author George Staikos <staikos@kde.org>
* @see KExtendedSocket, TCPSlaveBase
* @short KDE SSL Class
*/
class KIO_EXPORT KSSL {
public:
/**
* Construct a KSSL object
*
* @param init Set this to false if you do not want this class to
* immediately initialize OpenSSL.
*/
KSSL(bool init = true);
/**
* Destroy this KSSL object
*
* Does not close any socket.
*/
~KSSL();
/**
* Determine if SSL is available and works.
*
* @return true is SSL is available and usable
*/
static bool doesSSLWork();
/**
* Initialize OpenSSL.
*
* @return true on success
*
* This will do nothing if it is already initialized.
* @see reInitialize
*/
bool initialize();
/**
* This is used for applicationss which do STARTTLS or something
* similar. It creates a TLS method regardless of the user's settings.
*
* @return true if TLS is successfully initialized
*/
bool TLSInit();
/**
* Set an SSL session to use. This deep copies the session so it
* doesn't have to remain valid. You need to call it after calling
* initialize or reInitialize. The ID is cleared in close().
*
* @param session A valid session to reuse. If 0L, it will clear the
* session ID in memory.
*
* @return true on success
*/
bool setSession(const KSSLSession *session);
/**
* Close the SSL session.
*/
void close();
/**
* Reinitialize OpenSSL.
*
* @return true on success
*
* This is not generally needed unless you are reusing the KSSL object
* for a new session.
* @see initialize
*/
bool reInitialize();
/**
* Trigger a reread of KSSL configuration and reInitialize() KSSL.
*
* @return true on successful reinitalizations
*
* If you setAutoReconfig() to false, then this will simply
* reInitialize() and not read in the new configuration.
* @see setAutoReconfig
*/
bool reconfig();
/**
* Enable or disable automatic reconfiguration on initialize().
*
* @param ar Set to false in order to disable auto-reloading of the
* KSSL configuration during initialize().
*
* By default, KSSL will read its configuration on initialize(). You
* might want to disable this for performance reasons.
*/
void setAutoReconfig(bool ar);
/**
* This will reseed the pseudo-random number generator with the EGD
* (entropy gathering daemon) if the EGD is configured and enabled.
* You don't need to call this yourself normally.
*
* @return 0 on success
*/
int seedWithEGD();
/**
* Set a new KSSLSettings instance as the settings. This deletes the
* current instance of KSSLSettings.
*
* @param settings A new, valid settings object.
*
* @return true on success
*/
bool setSettings(KSSLSettings *settings);
/**
* One is built by the constructor, so this will only return a NULL
* pointer if you set one with setSettings().
*
* @return the current settings instance
*/
KSSLSettings * settings();
private:
static bool m_bSSLWorks;
bool m_bInit;
bool m_bAutoReconfig;
KSSLSettings *m_cfg;
KSSLPrivate *d;
};
#endif

40
kio/kssl/ksslall.h
View file

@ -1,40 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2001-2003 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef INC_KSSL_ALL_H
#define INC_KSSL_ALL_H
#include <ksslcertificatefactory.h>
#include <ksslinfodialog.h>
#include <ksslx509map.h>
#include <kssl.h>
#include <ksslcertificatehome.h>
#include <ksslpeerinfo.h>
#include <ksslcertificate.h>
#include <ksslconnectioninfo.h>
#include <ksslsettings.h>
#include <ksslcertificatemanager.h>
#include <ksslutils.h>
#include <ksslpkcs7.h>
#include <ksslcertchain.h>
#include <ksslx509v3.h>
#include <ksslsigners.h>
#include <ksslsession.h>
#endif

89
kio/kssl/ksslcallback.c
View file

@ -1,89 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifdef KSSL_HAVE_SSL
#ifndef _kde_ksslcallback_c
#define _kde_ksslcallback_c
X509 *KSSL_X509CallBack_ca;
bool KSSL_X509CallBack_ca_found;
extern "C" {
static int X509Callback(int ok, X509_STORE_CTX *ctx) {
kDebug(7029) << "X509Callback: ok = " << ok << " error = " << ctx->error << " depth = " << ctx->error_depth;
// Here is how this works. We put "ok = 1;" in any case that we
// don't consider to be an error. In that case, it will return OK
// for the certificate check as long as there are no other critical
// errors. Don't forget that there can be multiple errors.
//
// Of course we can also put other code in here but any data returned
// back will not be threadsafe ofcourse.
if (KSSL_X509CallBack_ca)
{
if (KOSSL::self()->X509_cmp(ctx->current_cert, KSSL_X509CallBack_ca) != 0)
return 1; // Ignore errors for this certificate
KSSL_X509CallBack_ca_found = true;
}
if (!ok) {
switch (ctx->error) {
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
case X509_V_ERR_UNABLE_TO_GET_CRL:
case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
case X509_V_ERR_CERT_SIGNATURE_FAILURE:
case X509_V_ERR_CRL_SIGNATURE_FAILURE:
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_CERT_HAS_EXPIRED:
case X509_V_ERR_CRL_NOT_YET_VALID:
case X509_V_ERR_CRL_HAS_EXPIRED:
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
case X509_V_ERR_OUT_OF_MEM:
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
case X509_V_ERR_CERT_CHAIN_TOO_LONG:
case X509_V_ERR_CERT_REVOKED:
case X509_V_ERR_INVALID_CA:
case X509_V_ERR_PATH_LENGTH_EXCEEDED:
case X509_V_ERR_INVALID_PURPOSE:
case X509_V_ERR_CERT_UNTRUSTED:
case X509_V_ERR_CERT_REJECTED:
case X509_V_ERR_APPLICATION_VERIFICATION:
default:
break;
}
}
return(ok);
}
}
#endif
#endif

215
kio/kssl/ksslcertchain.cpp
View file

@ -1,215 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2001 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include "ksslcertchain.h"
#include <config.h>
#include <ksslconfig.h>
#include "kssldefs.h"
#include "ksslcertificate.h"
// this hack provided by Malte Starostik to avoid glibc/openssl bug
// on some systems
#ifdef KSSL_HAVE_SSL
#define crypt _openssl_crypt
#include <openssl/ssl.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/x509_vfy.h>
#include <openssl/pem.h>
#include <openssl/stack.h>
#include <openssl/safestack.h>
#undef crypt
#endif
#include <kopenssl.h>
#include <kdebug.h>
#include <QtCore/QStringList>
#ifdef KSSL_HAVE_SSL
#define sk_new d->kossl->sk_new
#define sk_push d->kossl->sk_push
#define sk_free d->kossl->sk_free
#define sk_value d->kossl->sk_value
#define sk_num d->kossl->sk_num
#define sk_dup d->kossl->sk_dup
#define sk_pop d->kossl->sk_pop
#endif
class KSSLCertChainPrivate {
public:
KSSLCertChainPrivate() {
kossl = KOSSL::self();
}
~KSSLCertChainPrivate() {
}
KOSSL *kossl;
};
KSSLCertChain::KSSLCertChain()
:d(new KSSLCertChainPrivate)
{
_chain = NULL;
}
KSSLCertChain::~KSSLCertChain() {
#ifdef KSSL_HAVE_SSL
if (_chain) {
STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
for (;;) {
X509* x5 = sk_X509_pop(x);
if (!x5) break;
d->kossl->X509_free(x5);
}
sk_X509_free(x);
}
#endif
delete d;
}
bool KSSLCertChain::isValid() {
return (_chain && depth() > 0);
}
KSSLCertChain *KSSLCertChain::replicate() {
KSSLCertChain *x = new KSSLCertChain;
QList<KSSLCertificate *> ch = getChain();
x->setChain(ch); // this will do a deep copy for us
qDeleteAll(ch);
return x;
}
int KSSLCertChain::depth() {
#ifdef KSSL_HAVE_SSL
return sk_X509_num((STACK_OF(X509)*)_chain);
#endif
return 0;
}
void *KSSLCertChain::rawChain()
{
return _chain;
}
QList<KSSLCertificate *> KSSLCertChain::getChain() const {
QList<KSSLCertificate *> cl;
if (!_chain) return cl;
#ifdef KSSL_HAVE_SSL
STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
for (int i = 0; i < sk_X509_num(x); i++) {
X509* x5 = sk_X509_value(x, i);
if (!x5) continue;
KSSLCertificate *nc = new KSSLCertificate;
nc->setCert(d->kossl->X509_dup(x5));
cl.append(nc);
}
#endif
return cl;
}
void KSSLCertChain::setChain(const QList<KSSLCertificate *>& chain) {
#ifdef KSSL_HAVE_SSL
if (_chain) {
STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
for (;;) {
X509* x5 = sk_X509_pop(x);
if (!x5) break;
d->kossl->X509_free(x5);
}
sk_X509_free(x);
_chain = NULL;
}
if (chain.isEmpty()) return;
_chain = (void *)sk_new(NULL);
foreach (KSSLCertificate *x, chain) {
sk_X509_push((STACK_OF(X509)*)_chain, d->kossl->X509_dup(x->getCert()));
}
#endif
}
void KSSLCertChain::setChain(void *stack_of_x509) {
#ifdef KSSL_HAVE_SSL
if (_chain) {
STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
for (;;) {
X509* x5 = sk_X509_pop(x);
if (!x5) break;
d->kossl->X509_free(x5);
}
sk_X509_free(x);
_chain = NULL;
}
if (!stack_of_x509) return;
_chain = (void *)sk_new(NULL);
STACK_OF(X509) *x = (STACK_OF(X509) *)stack_of_x509;
for (int i = 0; i < sk_X509_num(x); i++) {
X509* x5 = sk_X509_value(x, i);
if (!x5) continue;
sk_X509_push((STACK_OF(X509)*)_chain,d->kossl->X509_dup(x5));
}
#else
_chain = NULL;
#endif
}
void KSSLCertChain::setCertChain(const QStringList& chain) {
QList<KSSLCertificate *> cl;
for (QStringList::ConstIterator s = chain.begin(); s != chain.end(); ++s) {
KSSLCertificate *c = KSSLCertificate::fromString((*s).toLocal8Bit());
if (c) {
cl.append(c);
}
}
setChain(cl);
}
#ifdef KSSL_HAVE_SSL
#undef sk_new
#undef sk_push
#undef sk_free
#undef sk_value
#undef sk_num
#undef sk_dup
#undef sk_pop
#endif

126
kio/kssl/ksslcertchain.h
View file

@ -1,126 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2001-2003 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSLCERTCHAIN_H
#define KSSLCERTCHAIN_H
#include <QtCore/QList>
#include <kdemacros.h>
class QString;
class KSSL;
class KSSLCertChainPrivate;
class QStringList;
#include <ksslcertificate.h>
/**
* KDE Certificate Chain Representation Class
*
* This class provides a representation for an X.509 certificate chain.
*
* @author George Staikos <staikos@kde.org>
* @see KSSL, KSSLCertificate, KSSLPeerInfo
* @short KDE X.509 Certificate Chain
*/
class KIO_EXPORT KSSLCertChain {
friend class KSSL;
friend class KSSLPeerInfo;
public:
/**
* Construct a KSSLCertChain object
*/
KSSLCertChain();
/**
* Destroy this KSSLCertChain object
*/
~KSSLCertChain();
/**
* Determine if this represents a valid certificate chain
*
* @return true if it is a valid certificate chain
*/
bool isValid();
/**
* Do a deep copy of the certificate chain.
*
* @return pointer to a new certificate chain object
*
* This is an expensive operation, and you are responsible for deleting
* the returned object yourself.
*/
KSSLCertChain *replicate();
/**
* Set the raw chain from OpenSSL
* @internal
*/
void setChain(void *stack_of_x509);
/**
* Set the certificate chain as a pointer list of KSSL certificates.
*
* @param chain the certificate chain
* @see KSSLCertificate
*/
void setChain(const QList<KSSLCertificate *>& chain);
/**
* Set the certificate chain as a list of base64 encoded X.509
* certificates.
*
* @param chain the certificate chain
*/
void setCertChain(const QStringList& chain);
/**
* Obtain a copy of the certificate chain.
* The caller is responsible for deleting all certificates in the chain.
*
* @return a deep copy of the certificate chain.
* @see KSSLCertificate
*/
QList<KSSLCertificate *> getChain() const;
/**
* Determine the number of entries (depth) of the chain.
*
* @return the number of entries in the certificate chain
*/
int depth();
/**
* Read the raw chain in OpenSSL format
* @internal
*/
void *rawChain();
private:
KSSLCertChainPrivate* const d;
void *_chain;
};
#endif

171
kio/kssl/ksslcertdialog.cpp
View file

@ -1,171 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2001-2003 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include "ksslcertdialog.h"
#include <kssl.h>
#include <QtGui/QLayout>
#include <QtGui/QRadioButton>
#include <QtGui/QCheckBox>
#include <QtGui/QFrame>
#include <QtGui/QLabel>
#include <QtGui/QListWidget>
#include <klocale.h>
#include <kglobalsettings.h>
#include <kpushbutton.h>
#include <kseparator.h>
#include <kdebug.h>
class KSSLCertDialog::KSSLCertDialogPrivate {
private:
friend class KSSLCertDialog;
QLabel *p_message;
QPushButton *p_pb_dontsend;
bool p_send_flag;
};
KSSLCertDialog::KSSLCertDialog(QWidget *parent, const char *name, bool modal)
: KDialog(parent), d(new KSSLCertDialogPrivate) {
setObjectName(name);
setModal(modal);
QBoxLayout * grid = new QVBoxLayout( this );
d->p_message = new QLabel(QString(), this);
grid->addWidget(d->p_message);
setHost(_host);
QLabel* lblCertificate = new QLabel(i18n("Certificate"));
grid->addWidget(lblCertificate);
_certs = new QListWidget(this);
QFontMetrics fm( KGlobalSettings::generalFont() );
_certs->setMinimumHeight(4*fm.height());
grid->addWidget(_certs);
_save = new QCheckBox(i18n("Save selection for this host."), this);
grid->addWidget(_save);
grid->addWidget(new KSeparator(Qt::Horizontal, this));
QBoxLayout * h = new QHBoxLayout(this);
h->insertStretch(0);
grid->addLayout(h);
_ok = new KPushButton(i18n("Send certificate"), this);
h->addWidget(_ok);
connect(_ok, SIGNAL(clicked()), SLOT(slotSend()));
d->p_pb_dontsend = new KPushButton(i18n("Do not send a certificate"), this);
h->addWidget(d->p_pb_dontsend);
connect(d->p_pb_dontsend, SIGNAL(clicked()), SLOT(slotDont()));
#ifndef QT_NO_WIDGET_TOPEXTRA
setCaption(i18n("KDE SSL Certificate Dialog"));
#endif
}
KSSLCertDialog::~KSSLCertDialog() {
delete d;
}
void KSSLCertDialog::setupDialog(const QStringList& certs, bool saveChecked, bool sendChecked) {
_save->setChecked(saveChecked);
d->p_send_flag = sendChecked;
if (sendChecked)
_ok->setDefault(true); // "do send" is the "default action".
else
d->p_pb_dontsend->setDefault(true); // "do not send" is the "default action".
for (QStringList::ConstIterator i = certs.begin(); i != certs.end(); ++i) {
if ((*i).isEmpty())
continue;
new QListWidgetItem(*i, _certs);
}
_certs->setCurrentItem(_certs->item(0));
}
bool KSSLCertDialog::saveChoice() {
return _save->isChecked();
}
bool KSSLCertDialog::wantsToSend() {
return d->p_send_flag;
}
QString KSSLCertDialog::getChoice() {
QListWidgetItem *selected = _certs->currentItem();
if (selected && d->p_send_flag)
return selected->text();
else
return QString();
}
void KSSLCertDialog::setHost(const QString& host) {
_host = host;
d->p_message->setText(i18n("The server <b>%1</b> requests a certificate.<br /><br />"
"Select a certificate to use from the list below:",
_host));
}
void KSSLCertDialog::slotSend() {
d->p_send_flag = true;
accept();
}
void KSSLCertDialog::slotDont() {
d->p_send_flag = false;
reject();
}
QDataStream& operator<<(QDataStream& s, const KSSLCertDialogRet& r) {
s << qint8(r.ok?1:0) << r.choice << qint8(r.save?1:0) << qint8(r.send?1:0);
return s;
}
QDataStream& operator>>(QDataStream& s, KSSLCertDialogRet& r) {
qint8 tmp;
s >> tmp; r.ok = (tmp == 1);
s >> r.choice;
s >> tmp; r.save = (tmp == 1);
s >> tmp; r.send = (tmp == 1);
return s;
}
#include "moc_ksslcertdialog.cpp"

132
kio/kssl/ksslcertdialog.h
View file

@ -1,132 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2001-2003 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSLCERTDIALOG_H
#define KSSLCERTDIALOG_H
#include <kio/kio_export.h>
#include <QtCore/QStringList>
#include <kdialog.h>
class QWidget;
class QCheckBox;
class QRadioButton;
class QListWidget;
class QPushButton;
/**
* KDE X.509 Certificate Dialog
*
* This class is used to create and display a dialog which contains the user's
* X.509 certificates and allows the user to present it during SSL sessions.
*
* @author George Staikos <staikos@kde.org>
* @see KSSL
* @short KDE X.509 Certificate Dialog
*/
class KIO_EXPORT KSSLCertDialog : public KDialog {
Q_OBJECT
public:
/**
* Construct a KSSL certificate dialog
*
* @param parent the parent widget
* @param name the internal name of this instance
* @param modal create a modal dialog if set to true
*/
explicit KSSLCertDialog(QWidget *parent=0L, const char *name=0L,
bool modal=false);
/**
* Destroy this object and close the dialog
*/
virtual ~KSSLCertDialog();
/**
* Setup the dialog. Call this before you display the dialog.
*
* @param certs the list of possible certificates
* @param saveChecked save the checked item for the future
* @param sendChecked send the checked item to the remote host
*/
void setupDialog(const QStringList& certs, bool saveChecked = false, bool sendChecked = true);
/**
* Obtain the name of the certificate the user wants to send
*
* @return the name of the certificate
*/
QString getChoice();
/**
* Determine if the user wants to send a certificate.
*
* @return true if the user wants to send a certificate
*/
bool wantsToSend();
/**
* Determine if the user wants to save the choice for the future.
*
* @return true if the user wants to save the choice.
*/
bool saveChoice();
/**
* Set the hostname that we are connecting to.
*
* @param host the hostname
*/
void setHost(const QString& host);
private Q_SLOTS:
void slotSend();
void slotDont();
private:
class KSSLCertDialogPrivate;
KSSLCertDialogPrivate* const d;
QCheckBox *_save;
QRadioButton *_send, *_dont;
QListWidget *_certs;
QPushButton *_ok;
QString _host;
};
/**
* This class is used in the internal DCOP communication between TPCSlaveBase and kuiserver.
* Don't use it directly.
* \internal
*/
class KIO_EXPORT KSSLCertDialogRet {
public:
QString choice;
bool ok;
bool send;
bool save;
};
KIO_EXPORT QDataStream& operator<<(QDataStream& s, const KSSLCertDialogRet& r);
KIO_EXPORT QDataStream& operator>>(QDataStream& s, KSSLCertDialogRet& r);
#endif

1346
kio/kssl/ksslcertificate.cpp
View file

File diff suppressed because it is too large Load diff

401
kio/kssl/ksslcertificate.h
View file

@ -1,401 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
* 2008 Richard Hartmann <richih-kde@net.in.tum.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSLCERTIFICATE_H
#define KSSLCERTIFICATE_H
// UPDATE: I like the structure of this class less and less every time I look
// at it. I think it needs to change.
//
//
// The biggest reason for making everything protected here is so that
// the class can have all its methods available even if openssl is not
// available. Also, to create a new certificate you should use the
// KSSLCertificateFactory, and to manage the user's database of certificates,
// you should go through the KSSLCertificateHome.
//
// There should be no reason to touch the X509 stuff directly.
//
class QByteArray;
class QString;
class QStringList;
class KSSL;
class KSSLCertificatePrivate;
class QDateTime;
class KSSLCertChain;
class KSSLX509V3;
#include <kio/kio_export.h>
#include <ksslconfig.h>
#include <QtCore/QList>
#ifdef KSSL_HAVE_SSL
typedef struct x509_st X509;
#else
#if !defined(QT_NO_OPENSSL)
#include <QtNetwork/QSslCertificate>
#else
class X509;
#endif
#endif
/**
* KDE X.509 Certificate
*
* This class represents an X.509 (SSL) certificate.
* Note: this object is VERY HEAVY TO COPY. Please try to use reference
* or pointer whenever possible
*
* @author George Staikos <staikos@kde.org>
* @see KSSL
* @short KDE X.509 Certificate
*/
class KIO_EXPORT KSSLCertificate
{
friend class KSSL;
friend class KSSLCertificateHome;
friend class KSSLCertificateFactory;
friend class KSSLCertificateCache;
friend class KSSLCertChain;
friend class KSSLPeerInfo;
friend class KSSLD;
friend class KSMIMECryptoPrivate;
public:
/**
* Destroy this X.509 certificate.
*/
~KSSLCertificate();
/**
* Create an X.509 certificate from a base64 encoded string.
* @param cert the certificate in base64 form
* @return the X.509 certificate, or NULL
*/
static KSSLCertificate *fromString(const QByteArray &cert);
/**
* Create an X.509 certificate from the internal representation.
* This one duplicates the X509 object for itself.
* @param x5 the OpenSSL representation of the certificate
* @return the X.509 certificate, or NULL
* @internal
*/
static KSSLCertificate *fromX509(X509 *x5);
// TODO for KDE5
// The enum values list below have to be kept for backwards comapability
// They should be deleted when KDE5 comes around the corner. I am writing
// this on 20080202 ;)
// Rejected, Revoked, Untrusted, SelfSignedChain, SignatureFailed, Expired
/**
* Result of the validate() call.
*
* A CA certificate can be validated as Irrelevant when it was
* not used to sign any other relevant certificate.
*/
enum KSSLValidation { Unknown, Ok, NoCARoot, InvalidPurpose,
PathLengthExceeded, InvalidCA, Expired,
SelfSigned, ErrorReadingRoot, NoSSL,
Revoked, Untrusted, SignatureFailed,
Rejected, PrivateKeyFailed, InvalidHost,
Irrelevant, SelfSignedChain,
GetIssuerCertFailed, DecodeIssuerPublicKeyFailed,
GetIssuerCertLocallyFailed,
CertificateNotYetValid, CertificateHasExpired,
CRLNotYetValid, CRLHasExpired,
CertificateFieldNotBeforeErroneous,
CertificateFieldNotAfterErroneous,
CRLFieldLastUpdateErroneous,
CRLFieldNextUpdateErroneous,
CertificateRevoked,
CertificateUntrusted, VerifyLeafSignatureFailed,
CertificateSignatureFailed, CRLSignatureFailed,
DecryptCertificateSignatureFailed,
DecryptCRLSignatureFailed, CertificateRejected,
SelfSignedInChain, ApplicationVerificationFailed,
AuthAndSubjectKeyIDAndNameMismatched,
AuthAndSubjectKeyIDMismatched, OutOfMemory,
GetCRLFailed, CertificateChainTooLong,
KeyMayNotSignCertificate,
IssuerSubjectMismatched
};
enum KSSLPurpose { None=0, SSLServer=1, SSLClient=2,
SMIMESign=3, SMIMEEncrypt=4, Any=5 };
typedef QList<KSSLValidation> KSSLValidationList;
/**
* Convert this certificate to a string.
* @return the certificate in base64 format
*/
QString toString();
/**
* Get the subject of the certificate (X.509 map).
* @return the subject
*/
QString getSubject() const;
/**
* Get the issuer of the certificate (X.509 map).
* @return the issuer
*/
QString getIssuer() const;
/**
* Get the date that the certificate becomes valid on.
* @return the date as a string, localised
*/
QString getNotBefore() const;
/**
* Get the date that the certificate is valid until.
* @return the date as a string, localised
*/
QString getNotAfter() const;
/**
* Get the date that the certificate becomes valid on.
* @return the date
*/
QDateTime getQDTNotBefore() const;
/**
* Get the date that the certificate is valid until.
* @return the date
*/
QDateTime getQDTNotAfter() const;
/**
* Convert the certificate to DER (ASN.1) format.
* @return the binary data of the DER encoding
*/
QByteArray toDer();
/**
* Convert the certificate to PEM (base64) format.
* @return the binary data of the PEM encoding
*/
QByteArray toPem();
/**
* Convert the certificate to Netscape format.
* @return the binary data of the Netscape encoding
*/
QByteArray toNetscape();
/**
* Convert the certificate to OpenSSL plain text format.
* @return the OpenSSL text encoding
*/
QString toText();
/**
* Get the serial number of the certificate.
* @return the serial number as a string
*/
QString getSerialNumber() const;
/**
* Get the key type (RSA, DSA, etc).
* @return the key type as a string
*/
QString getKeyType() const;
/**
* Get the public key.
* @return the public key as a hexidecimal string
*/
QString getPublicKeyText() const;
/**
* Get the MD5 digest of the certificate.
* Result is padded with : to separate bytes - it's a text version!
* @return the MD5 digest in a hexidecimal string
*/
QString getMD5DigestText() const;
/**
* Get the MD5 digest of the certificate.
* @return the MD5 digest in a hexidecimal string
*/
QString getMD5Digest() const;
/**
* Get the signature.
* @return the signature in text format
*/
QString getSignatureText() const;
/**
* Check if this is a valid certificate. Will use cached data.
* @return true if it is valid
*/
bool isValid();
/**
* Check if this is a valid certificate. Will use cached data.
* @param p the purpose to validate for
* @return true if it is valid
*/
bool isValid(KSSLPurpose p);
/**
* The alternate subject name.
* @return string list with subjectAltName
*/
QStringList subjAltNames() const;
/**
* Check if this is a valid certificate. Will use cached data.
* @return the result of the validation
*/
KSSLValidation validate();
/**
* Check if this is a valid certificate. Will use cached data.
* @param p the purpose to validate for
* @return the result of the validation
*/
KSSLValidation validate(KSSLPurpose p);
/**
* Check if this is a valid certificate. Will use cached data.
* @param p the purpose to validate for
* @return all problems encountered during validation
*/
KSSLValidationList validateVerbose(KSSLPurpose p);
/**
* Check if the certificate ca is a proper CA for this
* certificate.
* @param p the purpose to validate for
* @param ca the certificate to check
* @return all problems encountered during validation
*/
KSSLValidationList validateVerbose(KSSLPurpose p, KSSLCertificate *ca);
/**
* Check if this is a valid certificate. Will NOT use cached data.
* @return the result of the validation
*/
KSSLValidation revalidate();
/**
* Check if this is a valid certificate. Will NOT use cached data.
* @param p the purpose to validate for
* @return the result of the validation
*/
KSSLValidation revalidate(KSSLPurpose p);
/**
* Get a reference to the certificate chain.
* @return reference to the chain
*/
KSSLCertChain& chain();
/**
* Obtain the localized message that corresponds to a validation result.
* @param x the code to look up
* @return the message text corresponding to the validation code
*/
static QString verifyText(KSSLValidation x);
/**
* Explicitly make a copy of this certificate.
* @return a copy of the certificate
*/
KSSLCertificate *replicate();
/**
* Copy constructor. Beware, this is very expensive.
* @param x the object to copy from
*/
KSSLCertificate(const KSSLCertificate& x); // copy constructor
/**
* Re-set the certificate from a base64 string.
* @param cert the certificate to set to
* @return true on success
*/
bool setCert(const QString& cert);
/**
* Access the X.509v3 parameters.
* @return reference to the extension object
* @see KSSLX509V3
*/
KSSLX509V3& x509V3Extensions();
/**
* Check if this is a signer certificate.
* @return true if this is a signer certificate
*/
bool isSigner();
/**
* FIXME: document
*/
void getEmails(QStringList& to) const;
/**
* KDEKey is a concatenation "Subject (MD5)", mostly needed for SMIME.
* The result of getKDEKey might change and should not be used for
* persistant storage.
*/
QString getKDEKey() const;
/**
* Aegypten semantics force us to search by MD5Digest only.
*/
static QString getMD5DigestFromKDEKey(const QString& k);
private:
KIO_EXPORT friend int operator!=(KSSLCertificate& x, KSSLCertificate& y);
KIO_EXPORT friend int operator==(KSSLCertificate& x, KSSLCertificate& y);
KSSLCertificatePrivate *d;
int purposeToOpenSSL(KSSLPurpose p) const;
protected:
KSSLCertificate();
void setCert(X509 *c);
void setChain(void *c);
X509 *getCert();
KSSLValidation processError(int ec);
};
KIO_EXPORT QDataStream& operator<<(QDataStream& s, const KSSLCertificate& r);
KIO_EXPORT QDataStream& operator>>(QDataStream& s, KSSLCertificate& r);
KIO_EXPORT int operator==(KSSLCertificate& x, KSSLCertificate& y);
KIO_EXPORT inline int operator!=(KSSLCertificate& x, KSSLCertificate& y)
{ return !(x == y); }
#endif

122
kio/kssl/ksslcertificatefactory.cpp
View file

@ -1,122 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include <ksslcertificatefactory.h>
#include <ksslcertificate.h>
#include <stdlib.h>
//#include <kopenssl.h>
KSSLCertificate*
KSSLCertificateFactory::generateSelfSigned(KSSLKeyType /*keytype*/) {
#if 0
//#ifdef KSSL_HAVE_SSL
X509_NAME *x509name = X509_NAME_new();
X509 *x509;
ASN1_UTCTIME *beforeafter;
KSSLCertificate *newcert;
int rc;
// FIXME: generate the private key
if (keytype == KEYTYPE_UNKNOWN || (key=EVP_PKEY_new()) == NULL) {
X509_NAME_free(x509name);
return NULL;
}
switch(keytype) {
case KEYTYPE_RSA:
if (!EVP_PKEY_assign_RSA(key, RSA_generate_key(newkey,0x10001,
req_cb,bio_err))) {
}
break;
case KEYTYPE_DSA:
if (!DSA_generate_key(dsa_params)) goto end;
if (!EVP_PKEY_assign_DSA(pkey,dsa_params)) goto end;
dsa_params=NULL;
if (pkey->type == EVP_PKEY_DSA)
digest=EVP_dss1();
break;
}
// FIXME: dn doesn't exist
// FIXME: allow the notAfter value to be parameterized
// FIXME: allow a password to lock the key with
// Fill in the certificate
X509_NAME_add_entry_by_NID(x509name, OBJ_txt2nid("CN"), 0x1001,
(unsigned char *) dn, -1, -1, 0);
x509 = X509_new();
rc = X509_set_issuer_name(x509, x509name);
if (rc != 0) {
X509_free(x509);
X509_NAME_free(x509name);
return NULL;
}
rc = X509_set_subject_name(x509, x509name);
if (rc != 0) {
X509_free(x509);
X509_NAME_free(x509name);
return NULL;
}
ASN1_INTEGER_set(X509_get_serialNumber(*x509), 0);
X509_NAME_free(x509name);
// Make it a 1 year certificate
beforeafter = ASN1_UTCTIME_new();
if (!X509_gmtime_adj(beforeafter, -60*60*24)) { // yesterday
X509_free(x509);
return NULL;
}
if (!X509_set_notBefore(x509, beforeafter)) {
X509_free(x509);
return NULL;
}
if (!X509_gmtime_adj(beforeafter, 60*60*24*364)) { // a year from yesterday
X509_free(x509);
return NULL;
}
if (!X509_set_notAfter(x509, beforeafter)) {
X509_free(x509);
return NULL;
}
ASN1_UTCTIME_free(beforeafter);
if (!X509_set_pubkey(x509, key)) {
X509_free(x509);
return NULL;
}
rc = X509_sign(x509, key, EVP_sha1());
if (rc != 0) {
X509_free(x509);
return NULL;
}
newCert = new KSSLCertificate;
newCert->setCert(x509);
return newCert;
#else
return NULL;
#endif
}

51
kio/kssl/ksslcertificatefactory.h
View file

@ -1,51 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
// WARNING: THIS CODE IS INCOMPLETE AND MAY CHANGE WITHOUT NOTICE
#ifndef KSSLCERTIFICATEFACTORY_H
#define KSSLCERTIFICATEFACTORY_H
#include <kio/kio_export.h>
class KSSLCertificate;
typedef enum {KEYTYPE_UNKNOWN, KEYTYPE_RSA, KEYTYPE_DSA} KSSLKeyType;
class KIO_EXPORT KSSLCertificateFactory {
public:
static KSSLCertificate* generateSelfSigned(KSSLKeyType keytype);
// static KSSLCertificate* generateSigned();
// static bool generateRequest();
private:
// add this if you ever add a constructor to this class
//class KSSLCertificateFactoryPrivate;
//KSSLCertificateFactoryPrivate* const d;
protected:
};
#endif

222
kio/kssl/ksslcertificatehome.cpp
View file

@ -1,222 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000-2005 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include <ksslcertificatehome.h>
#include <ksslcertificate.h>
#include <ksslpkcs12.h>
#include <kconfiggroup.h>
#include <kconfig.h>
QStringList KSSLCertificateHome::getCertificateList()
{
KConfig cfg("ksslcertificates", KConfig::SimpleConfig);
return cfg.groupList();
}
void KSSLCertificateHome::setDefaultCertificate(const QString & name, const QString &host, bool send, bool prompt)
{
KConfig file("ksslauthmap", KConfig::SimpleConfig);
KConfigGroup cfg(&file, QString::fromLatin1(QUrl::toAce(host)));
cfg.writeEntry("certificate", name);
cfg.writeEntry("send", send);
cfg.writeEntry("prompt", prompt);
cfg.sync();
}
void KSSLCertificateHome::setDefaultCertificate(KSSLPKCS12 *cert, const QString &host, bool send, bool prompt) {
if (cert)
KSSLCertificateHome::setDefaultCertificate(cert->name(), host, send, prompt);
}
bool KSSLCertificateHome::addCertificate(const QString &filename, const QString &password, bool storePass) {
KSSLPKCS12 *pkcs = KSSLPKCS12::loadCertFile(filename, password);
if (!pkcs) return false;
KSSLCertificateHome::addCertificate(pkcs, storePass?password:QString(""));
delete pkcs;
return true;
}
bool KSSLCertificateHome::addCertificate(KSSLPKCS12 *cert, const QString &passToStore) {
if (!cert) return false;
KConfig file("ksslcertificates", KConfig::SimpleConfig);
KConfigGroup cfg = file.group(cert->name().toLatin1());
cfg.writeEntry("PKCS12Base64", cert->toString());
cfg.writeEntry("Password", passToStore);
cfg.sync();
return true;
}
bool KSSLCertificateHome::deleteCertificate(const QString &filename, const QString &password) {
KSSLPKCS12 *pkcs = KSSLPKCS12::loadCertFile(filename, password);
if (!pkcs) return false;
bool ok = deleteCertificate(pkcs);
delete pkcs;
return ok;
}
bool KSSLCertificateHome::deleteCertificate(KSSLPKCS12 *cert) {
if (!cert) return false;
return deleteCertificateByName(cert->name());
}
bool KSSLCertificateHome::deleteCertificateByName(const QString &name) {
if (name.isEmpty()) return false;
KConfig cfg("ksslcertificates", KConfig::SimpleConfig);
cfg.deleteGroup(name);
cfg.sync();
return true;
}
KSSLPKCS12* KSSLCertificateHome::getCertificateByName(const QString &name, const QString &password)
{
KConfig cfg("ksslcertificates", KConfig::SimpleConfig);
if (!cfg.hasGroup(name)) return NULL;
KConfigGroup cg(&cfg, name);
return KSSLPKCS12::fromString(cg.readEntry("PKCS12Base64", ""), password);
}
KSSLPKCS12* KSSLCertificateHome::getCertificateByName(const QString &name)
{
KConfig cfg("ksslcertificates", KConfig::SimpleConfig);
if (!cfg.hasGroup(name)) return NULL;
KConfigGroup cg(&cfg, name);
return KSSLPKCS12::fromString(cg.readEntry("PKCS12Base64", ""), cg.readEntry("Password", ""));
}
bool KSSLCertificateHome::hasCertificateByName(const QString &name) {
KConfig cfg("ksslcertificates", KConfig::SimpleConfig);
if (!cfg.hasGroup(name)) return false;
return true;
}
KSSLPKCS12* KSSLCertificateHome::getCertificateByHost(const QString &host,
const QString &password, KSSLAuthAction *aa)
{
return KSSLCertificateHome::getCertificateByName(KSSLCertificateHome::getDefaultCertificateName(host, aa), password);
}
QString KSSLCertificateHome::getDefaultCertificateName(const QString &host, KSSLAuthAction *aa)
{
KConfig file("ksslauthmap", KConfig::SimpleConfig);
KConfigGroup cfg = file.group(QString::fromLatin1(QUrl::toAce(host)));
if (!cfg.exists()) {
if (aa) *aa = AuthNone;
return QString();
} else {
if (aa) {
bool tmp = cfg.readEntry("send", false);
*aa = AuthSend;
if (!tmp) {
tmp = cfg.readEntry("prompt", false);
*aa = AuthPrompt;
if (!tmp) {
*aa = AuthDont;
}
}
}
return cfg.readEntry("certificate", "");
}
}
QString KSSLCertificateHome::getDefaultCertificateName(KSSLAuthAction *aa)
{
KConfig _cfg("cryptodefaults", KConfig::NoGlobals);
KConfigGroup cfg(&_cfg, "Auth");
if (aa) {
QString am = cfg.readEntry("AuthMethod", "");
if (am == "send")
*aa = AuthSend;
else if (am == "prompt")
*aa = AuthPrompt;
else
*aa = AuthDont;
}
return cfg.readEntry("DefaultCert", "");
}
KSSLPKCS12* KSSLCertificateHome::getDefaultCertificate(const QString &password, KSSLAuthAction *aa) {
QString name = KSSLCertificateHome::getDefaultCertificateName(aa);
KConfig cfg("ksslcertificates", KConfig::SimpleConfig);
if (name.isEmpty()) return NULL;
KConfigGroup cg(&cfg, name);
return KSSLPKCS12::fromString(cg.readEntry("PKCS12Base64", ""), password);
}
KSSLPKCS12* KSSLCertificateHome::getDefaultCertificate(KSSLAuthAction *aa) {
QString name = KSSLCertificateHome::getDefaultCertificateName(aa);
KConfig cfg("ksslcertificates", KConfig::SimpleConfig);
if (name.isEmpty()) return NULL;
KConfigGroup cg(&cfg, name);
return KSSLPKCS12::fromString(cg.readEntry("PKCS12Base64", ""),
cg.readEntry("Password", ""));
}
void KSSLCertificateHome::setDefaultCertificate(const QString &name, bool send, bool prompt)
{
KConfig cfg("ksslauthmap", KConfig::SimpleConfig);
KConfigGroup cg(&cfg, "<default>");
cg.writeEntry("defaultCertificate", name);
cg.writeEntry("send", send);
cg.writeEntry("prompt", prompt);
}
void KSSLCertificateHome::setDefaultCertificate(KSSLPKCS12 *cert, bool send, bool prompt) {
if (cert)
KSSLCertificateHome::setDefaultCertificate(cert->name(), send, prompt);
}

90
kio/kssl/ksslcertificatehome.h
View file

@ -1,90 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSLCERTIFICATEHOME_H
#define KSSLCERTIFICATEHOME_H
class KSSLCertificate;
class KSSLPKCS12;
#include <QtCore/QString>
#include <QtCore/QStringList>
#include <kio/kio_export.h>
class KIO_EXPORT KSSLCertificateHome {
public:
// AuthNone means there is no policy. AuthDont means _don't_ _send_!!
enum KSSLAuthAction {AuthNone, AuthSend, AuthPrompt, AuthDont};
/*
* These methods might dynamically allocate an object for you. Be sure
* to delete them when you are done.
*/
static KSSLPKCS12* getCertificateByHost(const QString &host, const QString &password, KSSLAuthAction* aa);
static KSSLPKCS12* getCertificateByName(const QString &name, const QString &password);
static KSSLPKCS12* getCertificateByName(const QString &name);
static QString getDefaultCertificateName(const QString &host, KSSLAuthAction *aa = NULL);
static QString getDefaultCertificateName(KSSLAuthAction *aa = NULL);
static KSSLPKCS12* getDefaultCertificate(const QString &password, KSSLAuthAction *aa = NULL);
static KSSLPKCS12* getDefaultCertificate(KSSLAuthAction *aa = NULL);
static bool hasCertificateByName(const QString &name);
/*
* These set the default certificate for hosts without a policy.
*/
static void setDefaultCertificate(const QString &name, bool send = true, bool prompt = false);
static void setDefaultCertificate(KSSLPKCS12 *cert, bool send = true, bool prompt = false);
/*
* These set the default certificate for a host.
*/
static void setDefaultCertificate(const QString &name, const QString &host, bool send = true, bool prompt = false);
static void setDefaultCertificate(KSSLPKCS12 *cert, const QString &host, bool send = true, bool prompt = false);
/*
* These add a certificate to the repository.
* Returns: true on success, false error
*/
static bool addCertificate(const QString &filename, const QString &password, bool storePass = false);
static bool addCertificate(KSSLPKCS12 *cert, const QString &passToStore = QString());
/*
* These deletes a certificate from the repository.
* Returns: true on success, false error
*/
static bool deleteCertificate(const QString &filename, const QString &password);
static bool deleteCertificate(KSSLPKCS12 *cert);
static bool deleteCertificateByName(const QString &name);
/*
* Returns the list of certificates available
*/
static QStringList getCertificateList();
private:
class KSSLCertificateHomePrivate;
KSSLCertificateHomePrivate* d;
};
#endif

66
kio/kssl/ksslconnectioninfo.cpp
View file

@ -1,66 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include "ksslconnectioninfo.h"
KSSLConnectionInfo::KSSLConnectionInfo() {
clean();
}
KSSLConnectionInfo::~KSSLConnectionInfo() {
}
void KSSLConnectionInfo::clean() {
m_iCipherUsedBits = 0;
m_iCipherBits = 0;
m_cipherName = "";
}
const QString& KSSLConnectionInfo::getCipherVersion() const {
return m_cipherVersion;
}
const QString& KSSLConnectionInfo::getCipherDescription() const {
return m_cipherDescription;
}
const QString& KSSLConnectionInfo::getCipher() const {
return m_cipherName;
}
int KSSLConnectionInfo::getCipherUsedBits() const {
return m_iCipherUsedBits;
}
int KSSLConnectionInfo::getCipherBits() const {
return m_iCipherBits;
}

95
kio/kssl/ksslconnectioninfo.h
View file

@ -1,95 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSLCONNECTIONINFO_H
#define KSSLCONNECTIONINFO_H
#include <QtCore/QString>
#include <kio/kio_export.h>
class KSSL;
/**
* KDE SSL Connection Information
*
* This class contains the information about an SSL connection. It is
* generally referenced through KSSL.
*
* @author George Staikos <staikos@kde.org>
* @see KSSL
* @short KDE SSL Connection Information
*/
class KIO_EXPORT KSSLConnectionInfo {
friend class KSSL;
public:
/**
* Destroy this object.
*/
~KSSLConnectionInfo();
/**
* Get the cipher in use.
* @return the cipher in use
*/
const QString& getCipher() const;
/**
* Describe the cipher in use.
* @return the cipher description (from OpenSSL)
*/
const QString& getCipherDescription() const;
/**
* Get the version of the cipher in use.
* @return the version of the cipher
*/
const QString& getCipherVersion() const;
/**
* Get the number of bits of the cipher that are actually used.
* @return the number of bits in use
*/
int getCipherUsedBits() const;
/**
* Get bit-size of the cipher
* @return the number of bits
*/
int getCipherBits() const;
protected:
KSSLConnectionInfo();
void clean();
// These are here so KSSL can access them directly
// It's just as easy as making accessors - they're friends afterall!
int m_iCipherUsedBits, m_iCipherBits;
QString m_cipherName;
QString m_cipherDescription;
QString m_cipherVersion;
private:
class KSSLConnectionInfoPrivate;
KSSLConnectionInfoPrivate *d;
};
#endif

120
kio/kssl/ksslcsessioncache.cpp
View file

@ -1,120 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2003 Stefan Rompf <sux@loplof.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include "ksslcsessioncache.h"
#include <QtCore/QCoreApplication>
#include <QtCore/QPair>
#include <QtCore/QString>
#include <kdebug.h>
#include <kurl.h>
#include <ksslconfig.h>
/*
* Operation:
*
* Sessions will be stored per running application, not KDE
* wide, to avoid security problems with hostile programs
* that negotiate sessions with weak cryptographic keys and store
* them for everybody to use - I really don't want that.
*
* Retrieval is organized similar to George's thoughts in the KSSLD
* certificate cache: The cache is organised as a list, with the
* recently fetched (or stored) session first.
*
* The cache has an artificial limit of 32 sessions (should really
* be enough), and relies on the peer server for timeouts
*
*/
#define MAX_ENTRIES 32
#ifdef KSSL_HAVE_SSL
typedef QPair<QString,QString> KSSLCSession;
typedef QList<KSSLCSession> KSSLCSessions;
static KSSLCSessions *sessions = 0L;
static QString URLtoKey(const KUrl &kurl) {
return kurl.host() + ':' + kurl.protocol() + ':' + QString::number(kurl.port());
}
static void cleanupKSSLCSessions() {
delete sessions;
sessions = 0;
}
static void setup() {
sessions = new KSSLCSessions;
qAddPostRoutine(cleanupKSSLCSessions);
}
#endif
QString KSSLCSessionCache::getSessionForUrl(const KUrl &kurl) {
#ifdef KSSL_HAVE_SSL
if (!sessions) return QString();
QString key = URLtoKey(kurl);
for (int i = 0; i < sessions->size(); ++i) {
if (sessions->at(i).first == key) {
QString snd = sessions->at(i).second;
sessions->prepend(sessions->takeAt(i));
return snd;
}
}
// Negative caching disabled: cache pollution
#if 0
kDebug(7029) <<"Negative caching " <<key;
if (sessions->count() >= MAX_ENTRIES) sessions->removeLast();
sessions->prepend(new KSSLCSession(key, QString()));
#endif
#endif
return QString();
}
void KSSLCSessionCache::putSessionForUrl(const KUrl &kurl, const QString &session) {
#ifdef KSSL_HAVE_SSL
if (!sessions) setup();
QString key = URLtoKey(kurl);
KSSLCSessions::iterator it = sessions->begin();
while ( it != sessions->end() ) {
if ( it->first == key )
break;
++it;
}
if (it != sessions->end()) {
it->second = session;
} else {
if (sessions->size() >= MAX_ENTRIES)
sessions->removeLast();
sessions->prepend(KSSLCSession(key, session));
}
#endif
}

47
kio/kssl/ksslcsessioncache.h
View file

@ -1,47 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2003 Stefan Rompf <sux@loplof.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSLCSESSIONCACHE_H
#define KSSLCSESSIONCACHE_H
#include <kio/kio_export.h>
class KUrl;
class QString;
class KIO_EXPORT KSSLCSessionCache {
public:
/**
* Store a SSL session (client side only)
* @param kurl URL the key belongs to. Method, host and port are used
* @param session QString representing session to store
*/
static void putSessionForUrl(const KUrl &kurl, const QString &session);
/**
* Retrieve a SSL session (client side only)
* @param kurl URL the key belongs to
* @return if a key can be found, QString() otherwise
*/
static QString getSessionForUrl(const KUrl &kurl);
};
#endif

28
kio/kssl/kssldefs.h
View file

@ -1,28 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSLDEFS_H
#define KSSLDEFS_H
#include <ksslconfig.h>
/* Other openssl-global defines can go here, don't clean this up, IMHO. */
#endif

5
kio/kssl/ksslinfodialog.cpp
View file

@ -23,8 +23,6 @@
#include "ui_sslinfo.h"
#include "ksslcertificatebox.h"
#include <kssl.h>
#include <QtGui/QFrame>
#include <QtCore/qdatetime.h>
#include <QtCore/QFile>
@ -36,9 +34,6 @@
#include <kglobal.h>
#include <klocale.h>
#include "ksslcertificate.h"
#include "ksslcertchain.h"
#include "ksslsigners.h"
#include "ktcpsocket.h"

2
kio/kssl/ksslinfodialog.h
View file

@ -22,7 +22,7 @@
#ifndef KSSLINFODIALOG_H
#define KSSLINFODIALOG_H
#include <kssl.h>
#include <kio/kio_export.h>
#include <kdialog.h>
#include "ktcpsocket.h"

296
kio/kssl/ksslkeygen.cpp
View file

@ -1,296 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2001 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include "ksslkeygen.h"
#include "ksslkeygen_p.h"
#include "ui_keygenwizard.h"
#include <kdebug.h>
#include <klocale.h>
#include <kmessagebox.h>
#include <kopenssl.h>
#include <kprogressdialog.h>
#include <kstandarddirs.h>
#include <ktemporaryfile.h>
#include <kwallet.h>
#include <assert.h>
KSSLKeyGenWizardPage2::KSSLKeyGenWizardPage2(QWidget* parent)
: QWizardPage(parent)
{
ui2 = new Ui_KGWizardPage2;
ui2->setupUi(this);
connect(ui2->_password1, SIGNAL(textChanged(QString)), this, SLOT(slotPassChanged()));
connect(ui2->_password2, SIGNAL(textChanged(QString)), this, SLOT(slotPassChanged()));
}
bool KSSLKeyGenWizardPage2::isComplete() const
{
return ui2->_password1->text() == ui2->_password2->text() && ui2->_password1->text().length() >= 4;
}
void KSSLKeyGenWizardPage2::slotPassChanged()
{
emit completeChanged(); // well maybe it hasn't changed, but it might have; QWizard calls isComplete() to find out
}
QString KSSLKeyGenWizardPage2::password() const
{
Q_ASSERT(isComplete());
return ui2->_password1->text();
}
////
class KSSLKeyGenPrivate
{
public:
KSSLKeyGenPrivate()
: idx(-1)
{
}
int idx;
Ui_KGWizardPage1 *ui1;
KSSLKeyGenWizardPage2* page2;
};
KSSLKeyGen::KSSLKeyGen(QWidget *parent)
: QWizard(parent), d(new KSSLKeyGenPrivate)
{
#ifdef KSSL_HAVE_SSL
QWizardPage* page1 = new QWizardPage(this);
page1->setTitle(i18n("KDE Certificate Request"));
d->ui1 = new Ui_KGWizardPage1;
d->ui1->setupUi(page1);
addPage(page1);
//setHelpEnabled(page1, false);
d->page2 = new KSSLKeyGenWizardPage2(this);
d->page2->setTitle(i18n("KDE Certificate Request - Password"));
addPage(d->page2);
#else
// tell him he doesn't have SSL
#endif
}
KSSLKeyGen::~KSSLKeyGen() {
delete d->ui1;
delete d;
}
bool KSSLKeyGen::validateCurrentPage() {
if (currentPage() != d->page2)
return true;
assert(d->idx >= 0 && d->idx <= 3); // for now
// Generate the CSR
int bits;
switch (d->idx) {
case 0:
bits = 2048;
break;
case 1:
bits = 1024;
break;
case 2:
bits = 768;
break;
case 3:
bits = 512;
break;
default:
KMessageBox::sorry(this, i18n("Unsupported key size."), i18n("KDE SSL Information"));
return false;
}
KProgressDialog *kpd = new KProgressDialog(this);
kpd->setObjectName("progress dialog");
kpd->setWindowTitle(i18n("KDE"));
kpd->setLabelText(i18n("Please wait while the encryption keys are generated..."));
kpd->progressBar()->setValue(0);
kpd->show();
// FIXME - progress dialog won't show this way
int rc = generateCSR("This CSR" /*FIXME */, d->page2->password(), bits, 0x10001 /* This is the traditional exponent used */);
if (rc != 0) // error
return false;
kpd->progressBar()->setValue(100);
#if 0 // TODO: implement
if (rc == 0 && KWallet::Wallet::isEnabled()) {
rc = KMessageBox::questionYesNo(this, i18n("Do you wish to store the passphrase in your wallet file?"), QString(), KGuiItem(i18n("Store")), KGuiItem(i18n("Do Not Store")));
if (rc == KMessageBox::Yes) {
KWallet::Wallet *w = KWallet::Wallet::openWallet(KWallet::Wallet::LocalWallet(), winId());
if (w) {
// FIXME: store passphrase in wallet
delete w;
}
}
}
#endif
kpd->deleteLater();
return true;
}
int KSSLKeyGen::generateCSR(const QString& name, const QString& pass, int bits, int e) {
#ifdef KSSL_HAVE_SSL
KOSSL *kossl = KOSSL::self();
X509_REQ *req = kossl->X509_REQ_new();
if (!req) {
return -2;
}
EVP_PKEY *pkey = kossl->EVP_PKEY_new();
if (!pkey) {
kossl->X509_REQ_free(req);
return -4;
}
RSA *rsakey = kossl->RSA_generate_key(bits, e, NULL, NULL);
if (!rsakey) {
kossl->X509_REQ_free(req);
kossl->EVP_PKEY_free(pkey);
return -3;
}
int rc;
rc = kossl->EVP_PKEY_assign(pkey, EVP_PKEY_RSA, (char *)rsakey);
if (!rc) {
kossl->X509_REQ_free(req);
kossl->EVP_PKEY_free(pkey);
return -6;
}
rc = kossl->X509_REQ_set_pubkey(req, pkey);
if (!rc) {
kossl->X509_REQ_free(req);
kossl->EVP_PKEY_free(pkey);
return -6;
}
// Set the subject
X509_NAME *n = kossl->X509_NAME_new();
kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_countryName, MBSTRING_UTF8, (unsigned char*)name.toLocal8Bit().data(), -1, -1, 0);
kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_organizationName, MBSTRING_UTF8, (unsigned char*)name.toLocal8Bit().data(), -1, -1, 0);
kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_organizationalUnitName, MBSTRING_UTF8, (unsigned char*)name.toLocal8Bit().data(), -1, -1, 0);
kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_localityName, MBSTRING_UTF8, (unsigned char*)name.toLocal8Bit().data(), -1, -1, 0);
kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_stateOrProvinceName, MBSTRING_UTF8, (unsigned char*)name.toLocal8Bit().data(), -1, -1, 0);
kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_commonName, MBSTRING_UTF8, (unsigned char*)name.toLocal8Bit().data(), -1, -1, 0);
kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_pkcs9_emailAddress, MBSTRING_UTF8, (unsigned char*)name.toLocal8Bit().data(), -1, -1, 0);
rc = kossl->X509_REQ_set_subject_name(req, n);
if (!rc) {
kossl->X509_REQ_free(req);
kossl->EVP_PKEY_free(pkey);
return -6;
}
rc = kossl->X509_REQ_sign(req, pkey, kossl->EVP_md5());
if (!rc) {
kossl->X509_REQ_free(req);
kossl->EVP_PKEY_free(pkey);
return -6;
}
// We write it to the database and then the caller can obtain it
// back from there. Yes it's inefficient, but it doesn't happen
// often and this way things are uniform.
KGlobal::dirs()->addResourceType("kssl", "data", "kssl");
QString path = KGlobal::dirs()->saveLocation("kssl");
KTemporaryFile csrFile;
csrFile.setAutoRemove(false);
csrFile.setPrefix(path + "csr_");
csrFile.setSuffix(".der");
if (!csrFile.open()) {
kossl->X509_REQ_free(req);
kossl->EVP_PKEY_free(pkey);
return -5;
}
KTemporaryFile p8File;
p8File.setAutoRemove(false);
p8File.setPrefix(path + "pkey_");
p8File.setSuffix(".p8");
if (!p8File.open()) {
kossl->X509_REQ_free(req);
kossl->EVP_PKEY_free(pkey);
return -5;
}
FILE *csr_fs = fopen(QFile::encodeName(csrFile.fileName()), "r+");
FILE *p8_fs = fopen(QFile::encodeName(p8File.fileName()), "r+");
kossl->i2d_X509_REQ_fp(csr_fs, req);
kossl->i2d_PKCS8PrivateKey_fp(p8_fs, pkey,
kossl->EVP_bf_cbc(), pass.toLocal8Bit().data(),
pass.length(), 0L, 0L);
// FIXME Write kconfig entry to store the filenames under the md5 hash
kossl->X509_REQ_free(req);
kossl->EVP_PKEY_free(pkey);
fclose(csr_fs);
fclose(p8_fs);
return 0;
#else
return -1;
#endif
}
QStringList KSSLKeyGen::supportedKeySizes() {
QStringList x;
#ifdef KSSL_HAVE_SSL
x << i18n("2048 (High Grade)")
<< i18n("1024 (Medium Grade)")
<< i18n("768 (Low Grade)")
<< i18n("512 (Low Grade)");
#else
x << i18n("No SSL support.");
#endif
return x;
}
void KSSLKeyGen::setKeySize(int idx)
{
d->idx = idx;
}
#include "moc_ksslkeygen.cpp"
#include "moc_ksslkeygen_p.cpp"

87
kio/kssl/ksslkeygen.h
View file

@ -1,87 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2001 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSLKEYGEN_H
#define KSSLKEYGEN_H
#include <kio/kio_export.h>
#include <QtCore/QStringList>
#include <QtGui/QWizard>
class KSSLKeyGenPrivate;
/**
* KDE Key Generation dialog
*
* This is used to display a key generation dialog for cases such as the
* html \<keygen\> tag. It also does the certificate signing request generation.
*
* @author George Staikos <staikos@kde.org>
* @see KSSL, KSSLCertificate, KSSLPKCS12
* @short KDE Key Generation Dialog
*/
class KIO_EXPORT KSSLKeyGen : public QWizard {
Q_OBJECT
public:
/**
* Construct a keygen dialog.
* @param parent the parent widget
*/
explicit KSSLKeyGen(QWidget *parent=0L);
/**
* Destroy this dialog.
*/
virtual ~KSSLKeyGen();
/**
* List the supported key sizes.
* @return the supported key sizes
*/
static QStringList supportedKeySizes();
/**
* Generate the certificate signing request.
* @param name the name for the certificate
* @param pass the password for the request
* @param bits the bitsize for the key
* @param e the value of the "e" parameter in RSA
* @return 0 on success, non-zero on error
*/
int generateCSR(const QString& name, const QString& pass, int bits, int e = 0x10001);
/**
* Set the key size.
* @param idx an index into supportedKeySizes()
*/
void setKeySize(int idx);
private:
/*reimp*/ bool validateCurrentPage();
private:
KSSLKeyGenPrivate * const d;
};
#endif

43
kio/kssl/ksslkeygen_p.h
View file

@ -1,43 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2001 George Staikos <staikos@kde.org>
* Copyright (C) 2007 David Faure <faure@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSLKEYGEN_P_H
#define KSSLKEYGEN_P_H
#include <QtGui/qwizard.h>
#include "ui_keygenwizard2.h"
class KSSLKeyGenWizardPage2 : public QWizardPage
{
Q_OBJECT
public:
KSSLKeyGenWizardPage2(QWidget* parent);
~KSSLKeyGenWizardPage2() { delete ui2; }
/*reimp*/ bool isComplete() const;
QString password() const;
private Q_SLOTS:
void slotPassChanged();
private:
Ui_KGWizardPage2 *ui2;
};
#endif /* KSSLKEYGEN_P_H */

162
kio/kssl/ksslpeerinfo.cpp
View file

@ -1,162 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include "ksslpeerinfo.h"
#include <config.h>
#include <ksslconfig.h>
#include <QtCore/QRegExp>
#include <QtCore/QUrl>
#include <kdebug.h>
#include "ksslx509map.h"
class KSSLPeerInfoPrivate {
public:
KSSLPeerInfoPrivate() {}
~KSSLPeerInfoPrivate() { }
QString peerHost;
};
KSSLPeerInfo::KSSLPeerInfo()
:d(new KSSLPeerInfoPrivate)
{
}
KSSLPeerInfo::~KSSLPeerInfo() {
delete d;
}
KSSLCertificate& KSSLPeerInfo::getPeerCertificate() {
return m_cert;
}
void KSSLPeerInfo::setPeerHost(const QString &realHost) {
d->peerHost = realHost.trimmed();
while(d->peerHost.endsWith('.'))
d->peerHost.truncate(d->peerHost.length()-1);
d->peerHost = QString::fromLatin1(QUrl::toAce(d->peerHost));
}
bool KSSLPeerInfo::certMatchesAddress() {
#ifdef KSSL_HAVE_SSL
KSSLX509Map certinfo(m_cert.getSubject());
QStringList cns = certinfo.getValue("CN").split(QRegExp("[ \n\r]"), QString::SkipEmptyParts);
cns += m_cert.subjAltNames();
for (QStringList::const_iterator cn = cns.constBegin(); cn != cns.constEnd(); ++cn) {
if (cnMatchesAddress((*cn).trimmed().toLower()))
return true;
}
#endif
return false;
}
bool KSSLPeerInfo::cnMatchesAddress(QString cn) {
#ifdef KSSL_HAVE_SSL
QRegExp rx;
kDebug(7029) << "Matching CN=[" << cn << "] to ["
<< d->peerHost << "]" << endl;
// Check for invalid characters
if (QRegExp("[^a-zA-Z0-9\\.\\*\\-]").indexIn(cn) >= 0) {
kDebug(7029) << "CN contains invalid characters! Failing.";
return false;
}
// Domains can legally end with '.'s. We don't need them though.
while(cn.endsWith('.'))
cn.truncate(cn.length()-1);
// Do not let empty CN's get by!!
if (cn.isEmpty())
return false;
// Check for IPv4 address
rx.setPattern("[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}");
if (rx.exactMatch(d->peerHost))
return d->peerHost == cn;
// Check for IPv6 address here...
rx.setPattern("^\\[.*\\]$");
if (rx.exactMatch(d->peerHost))
return d->peerHost == cn;
if (cn.contains('*')) {
// First make sure that there are at least two valid parts
// after the wildcard (*).
QStringList parts = cn.split('.', QString::SkipEmptyParts);
while (parts.count() > 2)
parts.removeFirst();
if (parts.count() != 2) {
return false; // we don't allow *.root - that's bad
}
if (parts[0].contains('*') || parts[1].contains('*')) {
return false;
}
// RFC2818 says that *.example.com should match against
// foo.example.com but not bar.foo.example.com
// (ie. they must have the same number of parts)
if (QRegExp(cn, Qt::CaseInsensitive, QRegExp::Wildcard).exactMatch(d->peerHost) &&
cn.split('.', QString::SkipEmptyParts).count() ==
d->peerHost.split('.', QString::SkipEmptyParts).count())
return true;
// *.example.com must match example.com also. Sigh..
if (cn.startsWith(QLatin1String("*."))) {
QString chopped = cn.mid(2);
if (chopped == d->peerHost) {
return true;
}
}
return false;
}
// We must have an exact match in this case (insensitive though)
// (note we already did .toLower())
if (cn == d->peerHost)
return true;
#endif
return false;
}
void KSSLPeerInfo::reset() {
d->peerHost.clear();
}
const QString& KSSLPeerInfo::peerHost() const {
return d->peerHost;
}

107
kio/kssl/ksslpeerinfo.h
View file

@ -1,107 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSLPEERINFO_H
#define KSSLPEERINFO_H
class KSSL;
#include <QtCore/qglobal.h>
#include <QtCore/QStringList>
#include <ksslcertificate.h>
class KSSLPeerInfoPrivate;
/**
* KDE SSL Peer Data
*
* This class contains data about the peer of an SSL connection.
*
* @author George Staikos <staikos@kde.org>
* @see KSSL
* @short KDE SSL Peer Data
*/
class KIO_EXPORT KSSLPeerInfo {
friend class KSSL;
public:
/**
* Destroy this instance
*/
~KSSLPeerInfo();
/**
* Get a reference to the peer's certificate
*
* @return a reference to the peer's certificate
* @see KSSLCertificate
*/
KSSLCertificate& getPeerCertificate();
/**
* Determine if the peer's certificate matches the address set with
* setPeerHost(). Note that this is a match in the "https"
* sense, taking into account, for instance, wildcards.
*
* @return true if it matches
* @see setPeerHost
*/
bool certMatchesAddress();
/**
* Determine if the given "common name" matches the address set with
* setPeerHost(). Note that this is a match in the "https"
* sense, taking into account, for instance, wildcards.
*
* @return true if it matches
* @see setPeerHost
*/
bool cnMatchesAddress(QString cn);
/**
* Set the host that we are connected to. This is generally set by
* KSSL, and should be exactly what the user -thinks- he is connected
* to. (for instance, the host name in the url)
*
* @param host the hostname
*/
void setPeerHost(const QString &host = QString());
/**
* Returns the host we are connected to.
*/
const QString& peerHost() const;
/**
* Clear out the host name.
*/
void reset();
protected:
KSSLPeerInfo();
KSSLCertificate m_cert;
private:
KSSLPeerInfoPrivate* const d;
};
#endif

53
kio/kssl/ksslpemcallback.cpp
View file

@ -1,53 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2001 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include "ksslpemcallback.h"
#include <config.h>
#include <ksslconfig.h>
#include <kpassworddialog.h>
#include <klocale.h>
int KSSLPemCallback(char *buf, int size, int rwflag, void *userdata) {
#ifdef KSSL_HAVE_SSL
Q_UNUSED(userdata);
Q_UNUSED(rwflag);
if (!buf) return -1;
KPasswordDialog dlg;
dlg.setPrompt(i18n("Certificate password"));
if( !dlg.exec() )
return -1;
qstrncpy(buf, dlg.password().toLocal8Bit(), size-1);
return (int)qstrlen(buf);
#else
Q_UNUSED(buf);
Q_UNUSED(size);
Q_UNUSED(rwflag);
Q_UNUSED(userdata);
return -1;
#endif
}

29
kio/kssl/ksslpemcallback.h
View file

@ -1,29 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2001 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KDE_KSSLPEMCALLBACK_H
#define KDE_KSSLPEMCALLBACK_H
#include <kio/kio_export.h>
int KIO_EXPORT KSSLPemCallback(char *buf, int size, int rwflag, void *userdata);
#endif

291
kio/kssl/ksslpkcs12.cpp
View file

@ -1,291 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2001 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include <config.h>
#include <ksslconfig.h>
#include <kopenssl.h>
#include <QtCore/QString>
#include <QtCore/QFile>
#include <ksslall.h>
#include <kdebug.h>
#include <ktemporaryfile.h>
#include <assert.h>
#ifdef KSSL_HAVE_SSL
#define sk_new kossl->sk_new
#define sk_push kossl->sk_push
#define sk_free kossl->sk_free
#define sk_value kossl->sk_value
#define sk_num kossl->sk_num
#define sk_dup kossl->sk_dup
#define sk_pop kossl->sk_pop
#endif
KSSLPKCS12::KSSLPKCS12() {
_pkcs = NULL;
_pkey = NULL;
_cert = NULL;
_caStack = NULL;
kossl = KOSSL::self();
}
KSSLPKCS12::~KSSLPKCS12() {
#ifdef KSSL_HAVE_SSL
if (_pkey) kossl->EVP_PKEY_free(_pkey);
if (_caStack) {
for (;;) {
X509* x5 = sk_X509_pop(_caStack);
if (!x5) break;
kossl->X509_free(x5);
}
sk_X509_free(_caStack);
}
if (_pkcs) kossl->PKCS12_free(_pkcs);
#endif
delete _cert;
}
KSSLPKCS12* KSSLPKCS12::fromString(const QString &base64, const QString &password) {
#ifdef KSSL_HAVE_SSL
KTemporaryFile ktf;
ktf.open();
if (base64.isEmpty()) return NULL;
QByteArray qba = QByteArray::fromBase64(base64.toLatin1());
ktf.write(qba);
ktf.flush();
KSSLPKCS12* rc = loadCertFile(ktf.fileName(), password);
return rc;
#endif
return NULL;
}
KSSLPKCS12* KSSLPKCS12::loadCertFile(const QString &filename, const QString &password) {
#ifdef KSSL_HAVE_SSL
QFile qf(filename);
PKCS12 *newpkcs = NULL;
if (!qf.open(QIODevice::ReadOnly))
return NULL;
FILE *fp = fdopen(qf.handle(), "r");
if (!fp) return NULL;
newpkcs = KOSSL::self()->d2i_PKCS12_fp(fp, &newpkcs);
fclose(fp);
if (!newpkcs) {
KOSSL::self()->ERR_clear_error();
return NULL;
}
KSSLPKCS12 *c = new KSSLPKCS12;
c->setCert(newpkcs);
// Now we parse it to see if we can decrypt it and interpret it
if (!c->parse(password)) {
delete c; c = NULL;
}
return c;
#endif
return NULL;
}
void KSSLPKCS12::setCert(PKCS12 *c) {
#ifdef KSSL_HAVE_SSL
_pkcs = c;
#endif
}
bool KSSLPKCS12::changePassword(const QString &pold, const QString &pnew) {
#ifdef KSSL_HAVE_SSL
// OpenSSL makes me cast away the const here. argh
return (0 == kossl->PKCS12_newpass(_pkcs,
pold.isNull() ? (char *)"" : (char *)pold.toLatin1().constData(),
pnew.isNull() ? (char *)"" : (char *)pnew.toLatin1().constData()));
#endif
return false;
}
bool KSSLPKCS12::parse(const QString &pass) {
#ifdef KSSL_HAVE_SSL
X509 *x = NULL;
assert(_pkcs); // if you're calling this before pkcs gets set, it's a BUG!
delete _cert;
if (_pkey) kossl->EVP_PKEY_free(_pkey);
if (_caStack) {
for (;;) {
X509* x5 = sk_X509_pop(_caStack);
if (!x5) break;
kossl->X509_free(x5);
}
sk_X509_free(_caStack);
}
_pkey = NULL;
_caStack = NULL;
_cert = NULL;
int rc = kossl->PKCS12_parse(_pkcs, pass.toLatin1(), &_pkey, &x, &_caStack);
if (rc == 1) {
// kDebug(7029) << "PKCS12_parse success";
if (x) {
_cert = new KSSLCertificate;
_cert->setCert(x);
if (_caStack) {
_cert->setChain(_caStack);
}
return true;
}
} else {
_caStack = NULL;
_pkey = NULL;
kossl->ERR_clear_error();
}
#endif
return false;
}
EVP_PKEY *KSSLPKCS12::getPrivateKey() {
return _pkey;
}
KSSLCertificate *KSSLPKCS12::getCertificate() {
return _cert;
}
QString KSSLPKCS12::toString()
{
QString base64;
#ifdef KSSL_HAVE_SSL
unsigned char *p;
int len;
len = kossl->i2d_PKCS12(_pkcs, NULL);
if (len > 0) {
char *buf = new char[len];
p = (unsigned char *)buf;
kossl->i2d_PKCS12(_pkcs, &p);
base64 = QByteArray::fromRawData(buf, len).toBase64();
delete[] buf;
}
#endif
return base64;
}
bool KSSLPKCS12::toFile(const QString &filename) {
#ifdef KSSL_HAVE_SSL
QFile out(filename);
if (!out.open(QIODevice::WriteOnly)) return false;
int fd = out.handle();
FILE *fp = fdopen(fd, "w");
if (!fp) {
unlink(filename.toLatin1());
return false;
}
kossl->i2d_PKCS12_fp(fp, _pkcs);
fclose(fp);
return true;
#endif
return false;
}
KSSLCertificate::KSSLValidation KSSLPKCS12::validate() {
return validate(KSSLCertificate::SSLServer);
}
KSSLCertificate::KSSLValidation KSSLPKCS12::validate(KSSLCertificate::KSSLPurpose p) {
#ifdef KSSL_HAVE_SSL
KSSLCertificate::KSSLValidation xx = _cert->validate(p);
if (1 != kossl->X509_check_private_key(_cert->getCert(), _pkey)) {
xx = KSSLCertificate::PrivateKeyFailed;
}
return xx;
#else
return KSSLCertificate::NoSSL;
#endif
}
KSSLCertificate::KSSLValidation KSSLPKCS12::revalidate() {
return revalidate(KSSLCertificate::SSLServer);
}
KSSLCertificate::KSSLValidation KSSLPKCS12::revalidate(KSSLCertificate::KSSLPurpose p) {
return _cert->revalidate(p);
}
bool KSSLPKCS12::isValid() {
return isValid(KSSLCertificate::SSLServer);
}
bool KSSLPKCS12::isValid(KSSLCertificate::KSSLPurpose p) {
return (validate(p) == KSSLCertificate::Ok);
}
QString KSSLPKCS12::name() const {
return _cert->getSubject();
}
#ifdef KSSL_HAVE_SSL
#undef sk_new
#undef sk_push
#undef sk_free
#undef sk_value
#undef sk_num
#undef sk_pop
#undef sk_dup
#endif

196
kio/kssl/ksslpkcs12.h
View file

@ -1,196 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2001 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSLPKCS12_H
#define KSSLPKCS12_H
#include <ksslconfig.h>
#ifdef KSSL_HAVE_SSL
#define crypt _openssl_crypt
#include <openssl/pkcs12.h>
#undef crypt
#else
class PKCS12;
class EVP_PKEY;
#if !defined(QT_NO_OPENSSL)
#include <QtNetwork/QSslCertificate>
#else
class X509;
#endif
#endif
#include <ksslcertificate.h>
#include <ksslcertchain.h>
#include <QtCore/QString>
#ifndef STACK_OF
#define STACK_OF(x) void
#endif
class KSSL;
class KSSLPKCS12Private;
class KOpenSSLProxy;
/**
* KDE PKCS#12 Certificate
*
* As of yet, this class is being defined. if you use it, let it be known
* that BC will break on you until this message is removed.
*
* @author George Staikos <staikos@kde.org>
* @see KSSL, KSSLCertificate
* @short KDE PKCS#12 Certificate
*/
class KIO_EXPORT KSSLPKCS12 {
friend class KSSL;
public:
/**
* Destroy this PKCS#12 certificate
*/
virtual ~KSSLPKCS12();
/**
* The name of this certificate. This can be used to refer to the
* certificate instead of passing the object itself.
* @return the name of the certificate
*/
QString name() const;
/**
* Create a KSSLPKCS12 object from a Base64 in a QString.
* @param base64 the base64 encoded certificate
* @param password a password for the certificate if encrypted
* @return the PKCS#12 object, or NULL on failure.
*/
static KSSLPKCS12* fromString(const QString &base64, const QString &password = QLatin1String(""));
/**
* Create a KSSLPKCS12 object by reading a PKCS#12 file.
* @param filename the filename of the certificate
* @param password a password for the certificate if encrypted
* @return the PKCS#12 object, or NULL on failure.
*/
static KSSLPKCS12* loadCertFile(const QString &filename, const QString &password = QLatin1String(""));
/**
* Convert to a Base64 string.
* @return the certificate in base64 form
*/
QString toString();
/**
* Raw set the PKCS12 object.
* @param c the openssl PKCS12 object
* @internal
*/
void setCert(PKCS12 *c);
/**
* Change the password of the PKCS#12 in memory.
* @param pold the old password
* @param pnew the new password
* @return true on success
*/
bool changePassword(const QString &pold, const QString &pnew);
/**
* Get the private key.
* @return the internal OpenSSL private key format
* @internal
*/
EVP_PKEY *getPrivateKey();
/**
* Get the X.509 certificate.
* @return the X.509 certificate for the PKCS#12 object, or NULL
*/
KSSLCertificate *getCertificate();
/**
* Write the PKCS#12 to a file in raw mode.
* @param filename the file to write to
* @return true on success
*/
bool toFile(const QString &filename);
/**
* Check the X.509 and private key to make sure they're valid.
* @return the result of the validation
* @see KSSLCertificate
*/
KSSLCertificate::KSSLValidation validate();
/**
* Check the X.509 and private key to make sure they're valid.
* @param p the purpose to validate for
* @return the result of the validation
* @see KSSLCertificate
*/
KSSLCertificate::KSSLValidation validate(KSSLCertificate::KSSLPurpose p);
/**
* Check the X.509 and private key to make sure they're valid.
* Ignore any cached validation result.
* @return the result of the validation
* @see KSSLCertificate
*/
KSSLCertificate::KSSLValidation revalidate();
/**
* Check the X.509 and private key to make sure they're valid.
* Ignore any cached validation result.
* @param p the purpose to validate for
* @return the result of the validation
* @see KSSLCertificate
*/
KSSLCertificate::KSSLValidation revalidate(KSSLCertificate::KSSLPurpose p);
/**
* Check if the X.509 and private key are valid.
* @return true if valid
*/
bool isValid();
/**
* Check if the X.509 and private key are valid.
* @param p the purpose to validate for
* @return true if valid
*/
bool isValid(KSSLCertificate::KSSLPurpose p);
protected:
KSSLPKCS12();
bool parse(const QString &pass);
private:
KSSLPKCS12Private *d;
PKCS12 *_pkcs;
KOpenSSLProxy *kossl;
EVP_PKEY *_pkey;
KSSLCertificate *_cert;
STACK_OF(X509) *_caStack;
};
#endif

203
kio/kssl/ksslpkcs7.cpp
View file

@ -1,203 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2001 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include <config.h>
#include <ksslconfig.h>
#include <kopenssl.h>
#include <QtCore/QString>
#include <QtCore/QFile>
#include <ksslall.h>
#include <kdebug.h>
#include <ktemporaryfile.h>
#include <assert.h>
#ifdef KSSL_HAVE_SSL
#define sk_new kossl->sk_new
#define sk_push kossl->sk_push
#define sk_free kossl->sk_free
#define sk_value kossl->sk_value
#define sk_num kossl->sk_num
#define sk_dup kossl->sk_dup
#endif
KSSLPKCS7::KSSLPKCS7() {
_pkcs = NULL;
_cert = NULL;
kossl = KOSSL::self();
}
KSSLPKCS7::~KSSLPKCS7() {
#ifdef KSSL_HAVE_SSL
if (_pkcs) kossl->PKCS7_free(_pkcs);
#endif
delete _cert;
}
KSSLPKCS7* KSSLPKCS7::fromString(const QString &base64) {
#ifdef KSSL_HAVE_SSL
KTemporaryFile ktf;
ktf.open();
if (base64.isEmpty()) return NULL;
QByteArray qba = QByteArray::fromBase64(base64.toLatin1());
ktf.write(qba);
ktf.flush();
KSSLPKCS7* rc = loadCertFile(ktf.fileName());
return rc;
#endif
return NULL;
}
KSSLPKCS7* KSSLPKCS7::loadCertFile(const QString &filename) {
#ifdef KSSL_HAVE_SSL
QFile qf(filename);
PKCS7 *newpkcs = NULL;
if (!qf.open(QIODevice::ReadOnly))
return NULL;
FILE *fp = fdopen(qf.handle(), "r");
if (!fp) return NULL;
newpkcs = KOSSL::self()->d2i_PKCS7_fp(fp, &newpkcs);
if (!newpkcs) return NULL;
KSSLPKCS7 *c = new KSSLPKCS7;
c->setCert(newpkcs);
return c;
#endif
return NULL;
}
void KSSLPKCS7::setCert(PKCS7 *c) {
#ifdef KSSL_HAVE_SSL
_pkcs = c;
//STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
//X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
// set _chain and _cert here.
#endif
}
KSSLCertificate *KSSLPKCS7::getCertificate() {
return _cert;
}
KSSLCertChain *KSSLPKCS7::getChain() {
return _chain;
}
QString KSSLPKCS7::toString() const {
QString base64;
#ifdef KSSL_HAVE_SSL
unsigned char *p;
int len;
len = kossl->i2d_PKCS7(_pkcs, NULL);
if (len >= 0) {
char *buf = new char[len];
p = (unsigned char *)buf;
kossl->i2d_PKCS7(_pkcs, &p);
base64 = QByteArray::fromRawData(buf,len).toBase64();
delete[] buf;
}
#endif
return base64;
}
bool KSSLPKCS7::toFile(const QString &filename) {
#ifdef KSSL_HAVE_SSL
QFile out(filename);
if (!out.open(QIODevice::WriteOnly)) return false;
int fd = out.handle();
FILE *fp = fdopen(fd, "w");
if (!fp) {
unlink(filename.toLatin1());
return false;
}
kossl->i2d_PKCS7_fp(fp, _pkcs);
fclose(fp);
return true;
#endif
return false;
}
KSSLCertificate::KSSLValidation KSSLPKCS7::validate() const {
#ifdef KSSL_HAVE_SSL
KSSLCertificate::KSSLValidation xx = _cert->validate();
return xx;
#else
return KSSLCertificate::NoSSL;
#endif
}
KSSLCertificate::KSSLValidation KSSLPKCS7::revalidate() {
if (_cert)
return _cert->revalidate();
return KSSLCertificate::Unknown;
}
bool KSSLPKCS7::isValid() const {
return (validate() == KSSLCertificate::Ok);
}
QString KSSLPKCS7::name() const {
if (_cert)
return _cert->getSubject();
return QString();
}
#ifdef KSSL_HAVE_SSL
#undef sk_new
#undef sk_push
#undef sk_free
#undef sk_value
#undef sk_num
#undef sk_dup
#endif

151
kio/kssl/ksslpkcs7.h
View file

@ -1,151 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2001-2003 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSLPKCS7_H
#define KSSLPKCS7_H
#include <ksslconfig.h>
#ifdef KSSL_HAVE_SSL
#define crypt _openssl_crypt
#include <openssl/pkcs7.h>
#undef crypt
#else
class PKCS7;
#endif
//#include <kopenssl.h>
#include <ksslcertificate.h>
#include <ksslcertchain.h>
#ifndef STACK_OF
#define STACK_OF(x) void
#endif
class KSSL;
class KSSLPKCS7Private;
class KOpenSSLProxy;
/**
* KDE PKCS#7 Certificate
*
* This class represents a PKCS#7 certificate
*
* @author George Staikos <staikos@kde.org>
* @see KSSL
* @short KDE PKCS#7 Certificate
*/
class KIO_EXPORT KSSLPKCS7 {
friend class KSSL;
public:
/**
* Destroy this PKCS#7 certificate
*/
virtual ~KSSLPKCS7();
/**
* The name of this certificate. This can be used to refer to the
* certificate instead of passing the object itself.
* @return the name of the certificate
*/
QString name() const;
/**
* Create a KSSLPKCS7 object from a Base64 in a QString.
* @param base64 the base64 representation of the certificate
* @return a PKCS#7 object, or NULL on failure
*/
static KSSLPKCS7* fromString(const QString &base64);
/**
* Create a KSSLPKCS7 object by reading a PKCS#7 file.
* @param filename the filename to read the certificate from
* @return a PKCS#7 object, or NULL on failure
*/
static KSSLPKCS7* loadCertFile(const QString &filename);
/**
* Convert to a Base64 string.
* @return the PKCS#7 object in base64 form
*/
QString toString() const;
/**
* Raw set the PKCS7 object.
* @param c the PKCS7 object
* @internal
*/
void setCert(PKCS7 *c);
/**
* Get the bottom level X.509 certificate.
* @return the certificate, or NULL on failure
* @see KSSLCertificate
*/
KSSLCertificate *getCertificate();
/**
* Get the certificate chain.
* @return the certificate chain
* @see KSSLCertChain
*/
KSSLCertChain *getChain();
/**
* Write the PKCS#7 to a file in raw mode.
* @param filename the filename to write
* @return true on success
*/
bool toFile(const QString &filename);
/**
* Check the chain to make sure it's valid.
* @return the result of the validation procedure
*/
KSSLCertificate::KSSLValidation validate() const;
/**
* Check the chain to make sure it's valid.
* Ignore any cached validation result.
* @return the result of the validation
* @see KSSLCertificate
*/
KSSLCertificate::KSSLValidation revalidate();
/**
* Return true if the chain is valid.
*/
bool isValid() const;
protected:
KSSLPKCS7();
private:
KSSLPKCS7Private *d;
PKCS7 *_pkcs;
KOpenSSLProxy *kossl;
KSSLCertificate *_cert;
KSSLCertChain *_chain;
};
#endif

83
kio/kssl/ksslsession.cpp
View file

@ -1,83 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2003 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include "ksslsession.h"
#include <config.h>
#include <ksslconfig.h>
#include <kopenssl.h>
KSSLSession::KSSLSession() : _session(0L) {
}
KSSLSession::~KSSLSession() {
#ifdef KSSL_HAVE_SSL
if (_session) {
KOpenSSLProxy::self()->SSL_SESSION_free(static_cast<SSL_SESSION*>(_session));
_session = 0L;
}
#endif
}
QString KSSLSession::toString() const {
QString rc;
#ifdef KSSL_HAVE_SSL
SSL_SESSION *session = static_cast<SSL_SESSION*>(_session);
int slen = KOpenSSLProxy::self()->i2d_SSL_SESSION(session, 0L);
if (slen >= 0) {
// These should technically be unsigned char * but it doesn't matter
// for our purposes
char *csess = new char[slen];
unsigned char *p = (unsigned char*)csess;
if (!KOpenSSLProxy::self()->i2d_SSL_SESSION(session, &p)) {
delete[] csess;
return QString();
}
// encode it into a QString
rc = QByteArray(csess,slen).toBase64();
delete[] csess;
}
#endif
return rc;
}
KSSLSession *KSSLSession::fromString(const QString& s) {
KSSLSession *session = 0L;
#ifdef KSSL_HAVE_SSL
QByteArray qba, qbb = s.toLocal8Bit();
qba = QByteArray::fromBase64(qbb);
unsigned char *qbap = reinterpret_cast<unsigned char *>(qba.data());
SSL_SESSION *ss = KOSSL::self()->d2i_SSL_SESSION(0L, &qbap, qba.size());
if (ss) {
session = new KSSLSession;
session->_session = ss;
}
#endif
return session;
}

73
kio/kssl/ksslsession.h
View file

@ -1,73 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2003 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSLSESSION_H
#define KSSLSESSION_H
#include <QtCore/QString>
#include <kio/kio_export.h>
class KSSL;
class KSSLSessionPrivate;
/**
* KDE SSL Session Information
*
* This class contains data about an SSL session.
* It is just used as a container that is taken from or passed to KSSL objects.
*
* @author George Staikos <staikos@kde.org>
* @see KSSL
* @short KDE SSL Session Information
*/
class KIO_EXPORT KSSLSession {
friend class KSSL;
public:
/**
* Destroy this instance
*/
~KSSLSession();
/**
* Convert to a base64 encoded string (so it can be copied safely)
*/
QString toString() const;
/**
* Create as session ID object from a base64 encoded string.
* @param s the session id in base64 encoded ASN.1 format
* @return a KSSLSession object, or 0L on error
*/
static KSSLSession* fromString(const QString& s);
protected:
KSSLSession();
KSSLSession(const KSSLSession&);
void *_session;
private:
KSSLSessionPrivate *d;
};
#endif

4
kio/kssl/ksslsettings.cpp
View file

@ -45,8 +45,6 @@
#undef crypt
#endif
#include <kopenssl.h>
#ifdef KSSL_HAVE_SSL
#define sk_new d->kossl->sk_new
#define sk_push d->kossl->sk_push
@ -75,13 +73,11 @@ class CipherNode {
class KSSLSettingsPrivate {
public:
KSSLSettingsPrivate() {
kossl = 0L; // try to delay this as long as possible
}
~KSSLSettingsPrivate() {
}
KOSSL *kossl;
bool m_bUseEGD;
bool m_bUseEFile;
QString m_EGDPath;

124
kio/kssl/ksslsigners.cpp
View file

@ -1,124 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2001 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include "ksslsigners.h"
#include <QtCore/QString>
#include <QtCore/QStringList>
#include <QtDBus/QtDBus>
#include "ksslcertificate.h"
#include <stdlib.h>
#include <kdebug.h>
KSSLSigners::KSSLSigners() {
}
KSSLSigners::~KSSLSigners() {
}
bool KSSLSigners::addCA(KSSLCertificate& cert,
bool ssl,
bool email,
bool code) const {
return addCA(cert.toString(), ssl, email, code);
}
bool KSSLSigners::addCA(const QString &cert,
bool ssl,
bool email,
bool code) const {
return QDBusReply<bool>(QDBusInterface("org.kde.kded", "/modules/kssld").
call("caAdd", cert, ssl, email, code));
}
bool KSSLSigners::regenerate() {
return QDBusReply<bool>(QDBusInterface("org.kde.kded", "/modules/kssld").
call("caRegenerate"));
}
bool KSSLSigners::useForSSL(KSSLCertificate& cert) const {
return useForSSL(cert.getSubject());
}
bool KSSLSigners::useForSSL(const QString &subject) const{
return QDBusReply<bool>(QDBusInterface("org.kde.kded", "/modules/kssld").
call("caUseForSSL", subject));
}
bool KSSLSigners::useForEmail(KSSLCertificate& cert) const{
return useForEmail(cert.getSubject());
}
bool KSSLSigners::useForEmail(const QString &subject) const{
return QDBusReply<bool>(QDBusInterface("org.kde.kded", "/modules/kssld").
call("caUseForEmail", subject));
}
bool KSSLSigners::useForCode(KSSLCertificate& cert) const{
return useForCode(cert.getSubject());
}
bool KSSLSigners::useForCode(const QString &subject) const{
return QDBusReply<bool>(QDBusInterface("org.kde.kded", "/modules/kssld").
call("caUseForCode", subject));
}
bool KSSLSigners::remove(KSSLCertificate& cert) {
return remove(cert.getSubject());
}
bool KSSLSigners::remove(const QString &subject) {
return QDBusReply<bool>(QDBusInterface("org.kde.kded", "/modules/kssld").
call("caRemove", subject));
}
QStringList KSSLSigners::list() {
return QDBusReply<QStringList>(QDBusInterface("org.kde.kded", "/modules/kssld").
call("caList"));
}
QString KSSLSigners::getCert(const QString &subject) {
return QDBusReply<QString>(QDBusInterface("org.kde.kded", "/modules/kssld").
call("caGetCert", subject));
}
bool KSSLSigners::setUse(const QString &subject, bool ssl, bool email, bool code) {
return QDBusReply<bool>(QDBusInterface("org.kde.kded", "/modules/kssld").
call("caSetUse", subject, ssl, email, code));
}

169
kio/kssl/ksslsigners.h
View file

@ -1,169 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2001-2003 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef INCLUDE_KSSLSIGNERS_H
#define INCLUDE_KSSLSIGNERS_H
class KSSLCertificate;
#include <QtCore/QStringList>
#include <kio/kio_export.h>
// ### KDE4 - Fix constness
/**
* KDE SSL Signer Database
*
* This class is used to manipulate the KDE SSL signer database. It
* communicates to the KDE SSL daemon via dcop for backend integration.
*
* @author George Staikos <staikos@kde.org>
* @see KSSL, KSSLCertificate
* @short KDE SSL Signer Database
*/
class KIO_EXPORT KSSLSigners {
public:
/**
* Construct a KSSLSigner object.
*/
KSSLSigners();
/**
* Destroy this KSSLSigner object.
*/
~KSSLSigners();
/**
* Add a signer to the database.
*
* @param cert the signer's certificate
* @param ssl allow it to sign for SSL
* @param email allow it to sign for S/MIME
* @param code allow it to sign for code signing
* @return true on success
*/
bool addCA(KSSLCertificate& cert, bool ssl, bool email, bool code) const;
/**
* Add a signer to the database.
*
* @param cert the signer's certificate in base64 form
* @param ssl allow it to sign for SSL
* @param email allow it to sign for S/MIME
* @param code allow it to sign for code signing
* @return true on success
*/
bool addCA(const QString &cert, bool ssl, bool email, bool code) const;
/**
* Regenerate the signer-root file from the user's settings.
* @return true on success
*/
bool regenerate();
/**
* Determine if a certificate can be used for SSL certificate signing
* @param cert the certificate
* @return true if it can be used for SSL
*/
bool useForSSL(KSSLCertificate& cert) const;
/**
* Determine if a certificate can be used for SSL certificate signing
* @param subject the certificate subject
* @return true if it can be used for SSL
*/
bool useForSSL( const QString &subject) const;
/**
* Determine if a certificate can be used for S/MIME certificate signing
* @param cert the certificate
* @return true if it can be used for S/MIME
*/
bool useForEmail(KSSLCertificate& cert) const;
/**
* Determine if a certificate can be used for S/MIME certificate signing
* @param subject the certificate subject
* @return true if it can be used for S/MIME
*/
bool useForEmail(const QString &subject) const;
/**
* Determine if a certificate can be used for code certificate signing
* @param cert the certificate
* @return true if it can be used for code
*/
bool useForCode(KSSLCertificate& cert) const;
/**
* Determine if a certificate can be used for code certificate signing
* @param subject the certificate subject
* @return true if it can be used for code
*/
bool useForCode(const QString &subject) const;
/**
* Remove a certificate signer from the database
* @param cert the certificate to remove
* @return true on success
*/
bool remove(KSSLCertificate& cert);
/**
* Remove a certificate signer from the database
* @param subject the subject of the certificate to remove
* @return true on success
*/
bool remove(const QString &subject);
/**
* List the signers in the database.
* @return the list of subjects in the database
* @see getCert
*/
QStringList list();
/**
* Get a signer certificate from the database.
*
* @param subject the subject of the certificate desired
* @return the base64 encoded certificate
*/
QString getCert(const QString &subject);
/**
* Set the use of a particular entry in the certificate signer database.
* @param subject the subject of the certificate in question
* @param ssl allow this for SSL certificate signing
* @param email allow this for S/MIME certificate signing
* @param code allow this for code certificate signing
* @return true on success
*/
bool setUse(const QString &subject, bool ssl, bool email, bool code);
private:
class KSSLSignersPrivate;
KSSLSignersPrivate *d;
};
#endif

93
kio/kssl/ksslutils.cpp
View file

@ -1,93 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000,2001 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include "ksslutils.h"
#include <QtCore/QString>
#include <kglobal.h>
#include <klocale.h>
#include <QtCore/qdatetime.h>
#include "kopenssl.h"
#ifdef KSSL_HAVE_SSL
// This code is mostly taken from OpenSSL v0.9.5a
// by Eric Young
QDateTime ASN1_UTCTIME_QDateTime(ASN1_UTCTIME *tm, int *isGmt) {
QDateTime qdt;
char *v;
int gmt=0;
int i;
int y=0,M=0,d=0,h=0,m=0,s=0;
QDate qdate;
QTime qtime;
i = tm->length;
v = (char *)tm->data;
if (i < 10) goto auq_err;
if (v[i-1] == 'Z') gmt=1;
for (i=0; i<10; ++i)
if ((v[i] > '9') || (v[i] < '0')) goto auq_err;
y = (v[0]-'0')*10+(v[1]-'0');
if (y < 50) y+=100;
M = (v[2]-'0')*10+(v[3]-'0');
if ((M > 12) || (M < 1)) goto auq_err;
d = (v[4]-'0')*10+(v[5]-'0');
h = (v[6]-'0')*10+(v[7]-'0');
m = (v[8]-'0')*10+(v[9]-'0');
if ( (v[10] >= '0') && (v[10] <= '9') &&
(v[11] >= '0') && (v[11] <= '9'))
s = (v[10]-'0')*10+(v[11]-'0');
// localize the date and display it.
qdate.setYMD(y+1900, M, d);
qtime.setHMS(h,m,s);
qdt.setDate(qdate); qdt.setTime(qtime);
auq_err:
if (isGmt) *isGmt = gmt;
return qdt;
}
QString ASN1_UTCTIME_QString(ASN1_UTCTIME *tm) {
QString qstr;
int gmt;
QDateTime qdt = ASN1_UTCTIME_QDateTime(tm, &gmt);
qstr = KGlobal::locale()->formatDateTime(qdt, KLocale::LongDate, true);
if (gmt) {
qstr += ' ';
qstr += i18n("GMT");
}
return qstr;
}
QString ASN1_INTEGER_QString(ASN1_INTEGER *aint) {
char *rep = KOSSL::self()->i2s_ASN1_INTEGER(NULL, aint);
QString yy = rep;
KOSSL::self()->OPENSSL_free(rep);
return yy;
}
#endif

71
kio/kssl/ksslutils.h
View file

@ -1,71 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef INCLUDE_KSSLUTILS_H
#define INCLUDE_KSSLUTILS_H
#include <kio/kio_export.h>
#include <ksslconfig.h>
#include <unistd.h>
#ifdef KSSL_HAVE_SSL
#define crypt _openssl_crypt
#include <openssl/x509.h>
#undef crypt
#endif
class QString;
class QDateTime;
#ifdef KSSL_HAVE_SSL
// This functionality is missing in OpenSSL
/**
* Convert an ASN1 UTCTIME value to a string. Uses KLocale settings.
*
* @param tm the OpenSSL ASN1_UTCTIME pointer
*
* @return the date formatted in a QString
* @see ASN1_UTCTIME_QDateTime
*/
QString ASN1_UTCTIME_QString(ASN1_UTCTIME *tm);
/**
* Convert an ASN1 UTCTIME value to a QDateTime. Uses KLocale settings.
*
* @param tm the OpenSSL ASN1_UTCTIME pointer
* @param isGmt set to 1 if the date is set to GMT
*
* @return the date formatted in a QDateTime
*/
QDateTime ASN1_UTCTIME_QDateTime(ASN1_UTCTIME *tm, int *isGmt);
/**
* Convert an ASN1 INTEGER value to a string.
*
* @param aint the OpenSSL ASN1_INTEGER pointer
*
* @return the number formatted in a QString
*/
QString ASN1_INTEGER_QString(ASN1_INTEGER *aint);
#endif
#endif

106
kio/kssl/ksslx509map.cpp
View file

@ -1,106 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include "ksslx509map.h"
#include <QtCore/QStringList>
#include <QtCore/QRegExp>
KSSLX509Map::KSSLX509Map(const QString& name) {
parse(name);
}
KSSLX509Map::~KSSLX509Map() {
}
void KSSLX509Map::setValue(const QString& key, const QString& value) {
m_pairs.insert(key, value);
}
QString KSSLX509Map::getValue(const QString& key) const {
if (!m_pairs.contains(key)) {
return QString();
}
return m_pairs[key];
}
static QStringList tokenizeBy(const QString& str, const QRegExp& tok, bool keepEmpties = false) {
QStringList tokens;
unsigned int head, tail;
QByteArray bastr = str.toLatin1();
const char *chstr = bastr.constData();
unsigned int length = str.length();
if (length < 1) {
return tokens;
}
if (length == 1) {
tokens.append(str);
return tokens;
}
for(head = 0, tail = 0; tail < length-1; head = tail+1) {
QString thisline;
tail = str.indexOf(tok, head);
if (tail > length) // last token - none at end
tail = length;
if (tail-head > 0 || keepEmpties) { // it has to be at least 1 long!
thisline = &(chstr[head]);
thisline.truncate(tail-head);
tokens.append(thisline);
}
}
return tokens;
}
void KSSLX509Map::parse(const QString& name) {
const QStringList vl = tokenizeBy(name, QRegExp("/[A-Za-z]+="), false);
m_pairs.clear();
for (QStringList::ConstIterator j = vl.begin(); j != vl.end(); ++j) {
const QStringList apair = tokenizeBy(*j, QRegExp("="), false);
if( apair.count() >0 ) {
if (m_pairs.contains(apair[0])) {
QString oldValue = m_pairs[apair[0]];
oldValue += '\n';
oldValue += (apair.count()>1) ? apair[1]:"";
m_pairs.insert(apair[0], oldValue);
} else {
m_pairs.insert(apair[0], (apair.count()>1) ? apair[1]: "" );
}
}
}
}
void KSSLX509Map::reset(const QString& name) {
parse(name);
}

86
kio/kssl/ksslx509map.h
View file

@ -1,86 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSLX509MAP_H
#define KSSLX509MAP_H
#include <QtCore/QMap>
#include <QtCore/QString>
#include <kio/kio_export.h>
/**
* X.509 Map Parsing Class
*
* This class is used to parse and store a map as used in X.509 certificates.
* It is of the form /name=value/name=value/name=value
*
* @author George Staikos <staikos@kde.org>
* @see KSSL, KSSLCertificate
* @short X.509 Map Parser
*/
class KIO_EXPORT KSSLX509Map {
public:
/**
* Construct an X.509 Map
*
* @param name the map to parse
*/
KSSLX509Map(const QString& name);
/**
* Destroy this map
*/
~KSSLX509Map();
/**
* Set a value in the map
*
* @param key the key
* @param value the value
*/
void setValue(const QString& key, const QString& value);
/**
* Get the value of an entry in the map
*
* @param key the key
*
* @return the value
*/
QString getValue(const QString& key) const;
/**
* Reset (clear) the internal storage.
*
* @param name if this is not empty, it will be parsed and used as
* the new map internally
*/
void reset(const QString& name = QLatin1String(""));
private:
class KSSLX509MapPrivate;
KSSLX509MapPrivate *d;
QMap<QString, QString> m_pairs;
void parse(const QString& name);
};
#endif

141
kio/kssl/ksslx509v3.cpp
View file

@ -1,141 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2001 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include "ksslx509v3.h"
#include <config.h>
#include <ksslconfig.h>
#include <kopenssl.h>
#include <kdebug.h>
KSSLX509V3::KSSLX509V3() {
flags = 0;
}
KSSLX509V3::~KSSLX509V3() {
}
/* When reading this, please remember that
* !A || B is logically equivalent to A => B
*/
bool KSSLX509V3::certTypeCA() const {
#ifdef KSSL_HAVE_SSL
// First try CA without X509_PURPOSE_ANY CA, then just try SSLCA
return (flags & (65471L << 16)) ? true : certTypeSSLCA();
#endif
return false;
}
bool KSSLX509V3::certTypeSSLCA() const {
#ifdef KSSL_HAVE_SSL
return (flags & ((1 << (16+X509_PURPOSE_NS_SSL_SERVER-1))|
(1 << (16+X509_PURPOSE_SSL_SERVER-1))|
(1 << (16+X509_PURPOSE_SSL_CLIENT-1)))) ? true :
( certTypeSSLServer() ||
certTypeSSLClient() ||
certTypeNSSSLServer());
#endif
return false;
}
bool KSSLX509V3::certTypeEmailCA() const {
#ifdef KSSL_HAVE_SSL
return (flags & ((1 << (16+X509_PURPOSE_SMIME_ENCRYPT-1))|
(1 << (16+X509_PURPOSE_SMIME_SIGN-1)))) ? true :
certTypeSMIME();
#endif
return false;
}
bool KSSLX509V3::certTypeCodeCA() const {
#ifdef KSSL_HAVE_SSL
return (flags & (1 << (16+X509_PURPOSE_ANY-1))) ? true : false;
#endif
return false;
}
bool KSSLX509V3::certTypeSSLClient() const {
#ifdef KSSL_HAVE_SSL
return (flags & (1 << (X509_PURPOSE_SSL_CLIENT-1))) ? true : false;
#endif
return false;
}
bool KSSLX509V3::certTypeSSLServer() const {
#ifdef KSSL_HAVE_SSL
return (flags & (1 << (X509_PURPOSE_SSL_SERVER-1))) ? true : false;
#endif
return false;
}
bool KSSLX509V3::certTypeNSSSLServer() const {
#ifdef KSSL_HAVE_SSL
return (flags & (1 << (X509_PURPOSE_NS_SSL_SERVER-1))) ? true : false;
#endif
return false;
}
bool KSSLX509V3::certTypeSMIME() const {
#ifdef KSSL_HAVE_SSL
return certTypeSMIMEEncrypt()||certTypeSMIMESign();
#endif
return false;
}
bool KSSLX509V3::certTypeSMIMEEncrypt() const {
#ifdef KSSL_HAVE_SSL
return (flags & (1 << (X509_PURPOSE_SMIME_ENCRYPT-1))) ? true : false;
#endif
return false;
}
bool KSSLX509V3::certTypeSMIMESign() const {
#ifdef KSSL_HAVE_SSL
return (flags & (1 << (X509_PURPOSE_SMIME_SIGN-1))) ? true : false;
#endif
return false;
}
bool KSSLX509V3::certTypeCRLSign() const {
#ifdef KSSL_HAVE_SSL
return (flags & (1 << (X509_PURPOSE_CRL_SIGN-1))) ? true : false;
#endif
return false;
}

121
kio/kssl/ksslx509v3.h
View file

@ -1,121 +0,0 @@
/* This file is part of the KDE project
*
* Copyright (C) 2001-2003 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef KSSLX509V3_H
#define KSSLX509V3_H
#include <QtCore/QString>
#include <kio/kio_export.h>
/**
* KDE X509v3 Flag Class
*
* This class is used to track X509v3 flags for
*
* @author George Staikos <staikos@kde.org>
* @see KExtendedSocket, TCPSlaveBase
* @short KDE SSL Class
*/
class KIO_EXPORT KSSLX509V3 {
friend class KSSLCertificate;
friend class KSSLCertificatePrivate;
public:
/**
* Destroy this object
*/
~KSSLX509V3();
/**
* Determine if this certificate can be used by a certificate authority
* @return true if it can be used by a certificate authority
*/
bool certTypeCA() const;
/**
* Determine if this certificate can be used by an SSL signer
* @return true if it can be used by an SSL signer
*/
bool certTypeSSLCA() const;
/**
* Determine if this certificate can be used by an S/MIME signer
* @return true if it can be used by an S/MIME signer
*/
bool certTypeEmailCA() const;
/**
* Determine if this certificate can be used by a code certificate signer
* @return true if it can be used by a code certificate signer
*/
bool certTypeCodeCA() const;
/**
* Determine if this certificate can be used by an SSL client
* @return true if it can be used by an SSL client
*/
bool certTypeSSLClient() const;
/**
* Determine if this certificate can be used by an SSL server
* @return true if it can be used by an SSL server
*/
bool certTypeSSLServer() const;
/**
* Determine if this certificate can be used by a Netscape SSL server
* @return true if it can be used by a Netscape SSL server
*/
bool certTypeNSSSLServer() const;
/**
* Determine if this certificate can be used for S/MIME
* @return true if it can be used for S/MIME
*/
bool certTypeSMIME() const;
/**
* Determine if this certificate can be used for S/MIME encryption
* @return true if it can be used for S/MIME encryption
*/
bool certTypeSMIMEEncrypt() const;
/**
* Determine if this certificate can be used for S/MIME signing
* @return true if it can be used for S/MIME signing
*/
bool certTypeSMIMESign() const;
/**
* Determine if this certificate can be used for revocation signing
* @return true if it can be used for revocation signing
*/
bool certTypeCRLSign() const;
private:
class KSSLX509V3Private;
KSSLX509V3Private *d;
protected:
KSSLX509V3();
long flags; // warning: this is only valid for up to 16 flags + 16 CA.
};
#endif

1
kio/tests/CMakeLists.txt
View file

@ -53,7 +53,6 @@ KIO_EXECUTABLE_TESTS(
netaccesstest
kdirmodeltest_gui
kmimetypechoosertest_gui
ksslkeygentest
kdbusservicestartertest
kurlrequestertest
kopenwithtest

13
kio/tests/ksslkeygentest.cpp
View file

@ -1,13 +0,0 @@
#include <qapplication.h>
#include <ksslkeygen.h>
#include <kcomponentdata.h>
int main( int argc, char** argv ) {
QApplication app( argc, argv );
KComponentData data(QByteArray("ksslkeygentest"));
KSSLKeyGen wizard(0);
wizard.setKeySize(0);
return wizard.exec();
}