• Skip to content
  • Skip to link menu
Trinity API Reference
  • Trinity API Reference
  • tdeio/kssl
 

tdeio/kssl

  • tdeio
  • kssl
ksslcertificate.cpp
1 /* This file is part of the KDE project
2  *
3  * Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
4  *
5  * This library is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU Library General Public
7  * License as published by the Free Software Foundation; either
8  * version 2 of the License, or (at your option) any later version.
9  *
10  * This library is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  * Library General Public License for more details.
14  *
15  * You should have received a copy of the GNU Library General Public License
16  * along with this library; see the file COPYING.LIB. If not, write to
17  * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18  * Boston, MA 02110-1301, USA.
19  */
20 
21 
22 #ifdef HAVE_CONFIG_H
23 #include <config.h>
24 #endif
25 
26 
27 
28 #include <unistd.h>
29 #include <tqstring.h>
30 #include <tqstringlist.h>
31 #include <tqfile.h>
32 
33 #include "kssldefs.h"
34 #include "ksslcertificate.h"
35 #include "ksslcertchain.h"
36 #include "ksslutils.h"
37 
38 #include <kstandarddirs.h>
39 #include <kmdcodec.h>
40 #include <tdelocale.h>
41 #include <tqdatetime.h>
42 #include <tdetempfile.h>
43 
44 #include <sys/types.h>
45 
46 #ifdef HAVE_SYS_STAT_H
47 #include <sys/stat.h>
48 #endif
49 
50 // this hack provided by Malte Starostik to avoid glibc/openssl bug
51 // on some systems
52 #ifdef KSSL_HAVE_SSL
53 #define crypt _openssl_crypt
54 #include <openssl/ssl.h>
55 #include <openssl/x509.h>
56 #include <openssl/x509v3.h>
57 #include <openssl/x509_vfy.h>
58 #include <openssl/pem.h>
59 #undef crypt
60 #endif
61 
62 #include <kopenssl.h>
63 #include <tqcstring.h>
64 #include <kdebug.h>
65 #include "ksslx509v3.h"
66 
67 
68 
69 static char hv[] = {'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'};
70 
71 
72 class KSSLCertificatePrivate {
73 public:
74  KSSLCertificatePrivate() {
75  kossl = KOSSL::self();
76  _lastPurpose = KSSLCertificate::None;
77  }
78 
79  ~KSSLCertificatePrivate() {
80  }
81 
82  KSSLCertificate::KSSLValidation m_stateCache;
83  bool m_stateCached;
84  #ifdef KSSL_HAVE_SSL
85  X509 *m_cert;
86  X509_CRL *m_cert_crl;
87  #endif
88  KOSSL *kossl;
89  KSSLCertChain _chain;
90  KSSLX509V3 _extensions;
91  KSSLCertificate::KSSLPurpose _lastPurpose;
92 };
93 
94 KSSLCertificate::KSSLCertificate() {
95  d = new KSSLCertificatePrivate;
96  d->m_stateCached = false;
97  TDEGlobal::dirs()->addResourceType("kssl", TDEStandardDirs::kde_default("data") + "kssl");
98  #ifdef KSSL_HAVE_SSL
99  d->m_cert = NULL;
100  d->m_cert_crl = NULL;
101  #endif
102 }
103 
104 
105 KSSLCertificate::KSSLCertificate(const KSSLCertificate& x) {
106  d = new KSSLCertificatePrivate;
107  d->m_stateCached = false;
108  TDEGlobal::dirs()->addResourceType("kssl", TDEStandardDirs::kde_default("data") + "kssl");
109  #ifdef KSSL_HAVE_SSL
110  d->m_cert = NULL;
111  d->m_cert_crl = NULL;
112  setCert(KOSSL::self()->X509_dup(const_cast<KSSLCertificate&>(x).getCert()));
113  KSSLCertChain *c = x.d->_chain.replicate();
114  setChain(c->rawChain());
115  delete c;
116  #endif
117 }
118 
119 
120 
121 KSSLCertificate::~KSSLCertificate() {
122 #ifdef KSSL_HAVE_SSL
123  if (d->m_cert) {
124  d->kossl->X509_free(d->m_cert);
125  }
126  if (d->m_cert_crl) {
127  d->kossl->X509_CRL_free(d->m_cert_crl);
128  }
129 #endif
130  delete d;
131 }
132 
133 
134 KSSLCertChain& KSSLCertificate::chain() {
135  return d->_chain;
136 }
137 
138 
139 KSSLCertificate *KSSLCertificate::fromX509(X509 *x5) {
140 KSSLCertificate *n = NULL;
141 #ifdef KSSL_HAVE_SSL
142  if (x5) {
143  n = new KSSLCertificate;
144  n->setCert(KOSSL::self()->X509_dup(x5));
145  }
146 #endif
147 return n;
148 }
149 
150 
151 KSSLCertificate *KSSLCertificate::fromString(TQCString cert) {
152 KSSLCertificate *n = NULL;
153 #ifdef KSSL_HAVE_SSL
154  if (cert.length() == 0)
155  return NULL;
156 
157  TQByteArray qba, qbb = cert.copy();
158  KCodecs::base64Decode(qbb, qba);
159  unsigned char *qbap = reinterpret_cast<unsigned char *>(qba.data());
160  X509 *x5c = KOSSL::self()->d2i_X509(NULL, &qbap, qba.size());
161  if (!x5c) {
162  return NULL;
163  }
164 
165  n = new KSSLCertificate;
166  n->setCert(x5c);
167 #endif
168 return n;
169 }
170 
171 KSSLCertificate *KSSLCertificate::crlFromString(TQCString cert) {
172 KSSLCertificate *n = NULL;
173 #ifdef KSSL_HAVE_SSL
174  if (cert.length() == 0)
175  return NULL;
176 
177  TQByteArray qba, qbb = cert.copy();
178  KCodecs::base64Decode(qbb, qba);
179  unsigned char *qbap = reinterpret_cast<unsigned char *>(qba.data());
180  X509_CRL *x5c = KOSSL::self()->d2i_X509_CRL(NULL, &qbap, qba.size());
181  if (!x5c) {
182  return NULL;
183  }
184 
185  n = new KSSLCertificate;
186  n->setCRL(x5c);
187 #endif
188 return n;
189 }
190 
191 
192 
193 TQString KSSLCertificate::getSubject() const {
194 TQString rc = "";
195 
196 #ifdef KSSL_HAVE_SSL
197  char *t = d->kossl->X509_NAME_oneline(d->kossl->X509_get_subject_name(d->m_cert), 0, 0);
198  if (!t)
199  return rc;
200  rc = t;
201  d->kossl->CRYPTO_free(t);
202 #endif
203 return rc;
204 }
205 
206 
207 TQString KSSLCertificate::getSerialNumber() const {
208 TQString rc = "";
209 
210 #ifdef KSSL_HAVE_SSL
211  ASN1_INTEGER *aint = d->kossl->X509_get_serialNumber(d->m_cert);
212  if (aint) {
213  rc = ASN1_INTEGER_QString(aint);
214  // d->kossl->ASN1_INTEGER_free(aint); this makes the sig test fail
215  }
216 #endif
217 return rc;
218 }
219 
220 
221 TQString KSSLCertificate::getSignatureText() const {
222 TQString rc = "";
223 
224 #ifdef KSSL_HAVE_SSL
225 char *s;
226 int n, i;
227 
228  const ASN1_BIT_STRING *signature = 0L;
229  const X509_ALGOR *sig_alg = 0L;
230  d->kossl->X509_get0_signature(&signature, &sig_alg, d->m_cert);
231  i = d->kossl->OBJ_obj2nid(sig_alg->algorithm);
232  rc = i18n("Signature Algorithm: ");
233  rc += (i == NID_undef)?i18n("Unknown"):TQString(d->kossl->OBJ_nid2ln(i));
234 
235  rc += "\n";
236  rc += i18n("Signature Contents:");
237  n = signature->length;
238  s = (char *)signature->data;
239  for (i = 0; i < n; i++) {
240  if (i%20 != 0) rc += ":";
241  else rc += "\n";
242  rc.append(hv[(s[i]&0xf0)>>4]);
243  rc.append(hv[s[i]&0x0f]);
244  }
245 
246 #endif
247 
248 return rc;
249 }
250 
251 
252 void KSSLCertificate::getEmails(TQStringList &to) const {
253  to.clear();
254 #ifdef KSSL_HAVE_SSL
255  if (!d->m_cert)
256  return;
257 
258  STACK *s = d->kossl->X509_get1_email(d->m_cert);
259  if (s) {
260  for(int n=0; n < d->kossl->OPENSSL_sk_num(s); n++) {
261  to.append(d->kossl->OPENSSL_sk_value(s,n));
262  }
263  d->kossl->X509_email_free(s);
264  }
265 #endif
266 }
267 
268 
269 TQString KSSLCertificate::getKDEKey() const {
270  return getSubject() + " (" + getMD5DigestText() + ")";
271 }
272 
273 
274 TQString KSSLCertificate::getMD5DigestFromKDEKey(const TQString &k) {
275  TQString rc;
276  int pos = k.findRev('(');
277  if (pos != -1) {
278  unsigned int len = k.length();
279  if (k.at(len-1) == ')') {
280  rc = k.mid(pos+1, len-pos-2);
281  }
282  }
283  return rc;
284 }
285 
286 
287 TQString KSSLCertificate::getMD5DigestText() const {
288 TQString rc = "";
289 
290 #ifdef KSSL_HAVE_SSL
291  unsigned int n;
292  unsigned char md[EVP_MAX_MD_SIZE];
293 
294  if (!d->kossl->X509_digest(d->m_cert, d->kossl->EVP_md5(), md, &n)) {
295  return rc;
296  }
297 
298  for (unsigned int j = 0; j < n; j++) {
299  if (j > 0)
300  rc += ":";
301  rc.append(hv[(md[j]&0xf0)>>4]);
302  rc.append(hv[md[j]&0x0f]);
303  }
304 
305 #endif
306 
307 return rc;
308 }
309 
310 
311 
312 TQString KSSLCertificate::getMD5Digest() const {
313 TQString rc = "";
314 
315 #ifdef KSSL_HAVE_SSL
316  unsigned int n;
317  unsigned char md[EVP_MAX_MD_SIZE];
318 
319  if (!d->kossl->X509_digest(d->m_cert, d->kossl->EVP_md5(), md, &n)) {
320  return rc;
321  }
322 
323  for (unsigned int j = 0; j < n; j++) {
324  rc.append(hv[(md[j]&0xf0)>>4]);
325  rc.append(hv[md[j]&0x0f]);
326  }
327 
328 #endif
329 
330 return rc;
331 }
332 
333 
334 
335 TQString KSSLCertificate::getKeyType() const {
336 TQString rc = "";
337 
338 #ifdef KSSL_HAVE_SSL
339  EVP_PKEY *pkey = d->kossl->X509_get_pubkey(d->m_cert);
340  if (pkey) {
341  #ifndef NO_RSA
342  if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA)
343  rc = "RSA";
344  else
345  #endif
346  #ifndef NO_DSA
347  if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA)
348  rc = "DSA";
349  else
350  #endif
351  rc = "Unknown";
352  d->kossl->EVP_PKEY_free(pkey);
353  }
354 #endif
355 
356 return rc;
357 }
358 
359 
360 
361 TQString KSSLCertificate::getPublicKeyText() const {
362 TQString rc = "";
363 char *x = NULL;
364 
365 #ifdef KSSL_HAVE_SSL
366  EVP_PKEY *pkey = d->kossl->X509_get_pubkey(d->m_cert);
367  if (pkey) {
368  rc = i18n("Unknown", "Unknown key algorithm");
369  #ifndef NO_RSA
370  if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) {
371  rc = i18n("Key type: RSA (%1 bit)") + "\n";
372 
373  RSA *pkey_rsa = d->kossl->EVP_PKEY_get0_RSA(pkey);
374  const BIGNUM *bn_n = 0L;
375  const BIGNUM *bn_e = 0L;
376  d->kossl->RSA_get0_key(pkey_rsa, &bn_n, &bn_e, NULL);
377  x = d->kossl->BN_bn2hex(bn_n);
378  rc += i18n("Modulus: ");
379  rc = rc.arg(strlen(x)*4);
380  for (unsigned int i = 0; i < strlen(x); i++) {
381  if (i%40 != 0 && i%2 == 0)
382  rc += ":";
383  else if (i%40 == 0)
384  rc += "\n";
385  rc += x[i];
386  }
387  rc += "\n";
388  d->kossl->CRYPTO_free(x);
389 
390  x = d->kossl->BN_bn2hex(bn_e);
391  rc += i18n("Exponent: 0x") + x + "\n";
392  d->kossl->CRYPTO_free(x);
393  }
394  #endif
395  #ifndef NO_DSA
396  if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA) {
397  rc = i18n("Key type: DSA (%1 bit)") + "\n";
398 
399  DSA *pkey_dsa = d->kossl->EVP_PKEY_get0_DSA(pkey);
400  const BIGNUM *bn_p = 0L;
401  const BIGNUM *bn_q = 0L;
402  const BIGNUM *bn_g = 0L;
403  const BIGNUM *bn_pub_key = 0L;
404  d->kossl->DSA_get0_pqg(pkey_dsa, &bn_p, &bn_q, &bn_g);
405  d->kossl->DSA_get0_key(pkey_dsa, &bn_pub_key, NULL);
406 
407  x = d->kossl->BN_bn2hex(bn_p);
408  rc += i18n("Prime: ");
409  // hack - this may not be always accurate
410  rc = rc.arg(strlen(x)*4) ;
411  for (unsigned int i = 0; i < strlen(x); i++) {
412  if (i%40 != 0 && i%2 == 0)
413  rc += ":";
414  else if (i%40 == 0)
415  rc += "\n";
416  rc += x[i];
417  }
418  rc += "\n";
419  d->kossl->CRYPTO_free(x);
420 
421  x = d->kossl->BN_bn2hex(bn_q);
422  rc += i18n("160 bit prime factor: ");
423  for (unsigned int i = 0; i < strlen(x); i++) {
424  if (i%40 != 0 && i%2 == 0)
425  rc += ":";
426  else if (i%40 == 0)
427  rc += "\n";
428  rc += x[i];
429  }
430  rc += "\n";
431  d->kossl->CRYPTO_free(x);
432 
433  x = d->kossl->BN_bn2hex(bn_g);
434  rc += TQString("g: ");
435  for (unsigned int i = 0; i < strlen(x); i++) {
436  if (i%40 != 0 && i%2 == 0)
437  rc += ":";
438  else if (i%40 == 0)
439  rc += "\n";
440  rc += x[i];
441  }
442  rc += "\n";
443  d->kossl->CRYPTO_free(x);
444 
445  x = d->kossl->BN_bn2hex(bn_pub_key);
446  rc += i18n("Public key: ");
447  for (unsigned int i = 0; i < strlen(x); i++) {
448  if (i%40 != 0 && i%2 == 0)
449  rc += ":";
450  else if (i%40 == 0)
451  rc += "\n";
452  rc += x[i];
453  }
454  rc += "\n";
455  d->kossl->CRYPTO_free(x);
456  }
457  #endif
458  d->kossl->EVP_PKEY_free(pkey);
459  }
460 #endif
461 
462 return rc;
463 }
464 
465 
466 
467 TQString KSSLCertificate::getIssuer() const {
468 TQString rc = "";
469 
470 #ifdef KSSL_HAVE_SSL
471  char *t = d->kossl->X509_NAME_oneline(d->kossl->X509_get_issuer_name(d->m_cert), 0, 0);
472 
473  if (!t)
474  return rc;
475 
476  rc = t;
477  d->kossl->CRYPTO_free(t);
478 #endif
479 
480 return rc;
481 }
482 
483 void KSSLCertificate::setChain(void *c) {
484 #ifdef KSSL_HAVE_SSL
485  d->_chain.setChain(c);
486 #endif
487  d->m_stateCached = false;
488  d->m_stateCache = KSSLCertificate::Unknown;
489 }
490 
491 void KSSLCertificate::setCert(X509 *c) {
492 #ifdef KSSL_HAVE_SSL
493 d->m_cert = c;
494 if (c) {
495  d->_extensions.flags = 0;
496  d->kossl->X509_check_purpose(c, -1, 0); // setup the fields (!!)
497 
498 #if 0
499  kdDebug(7029) << "---------------- Certificate ------------------"
500  << endl;
501  kdDebug(7029) << getSubject() << endl;
502 #endif
503 
504  for (int j = 0; j < d->kossl->X509_PURPOSE_get_count(); j++) {
505  X509_PURPOSE *ptmp = d->kossl->X509_PURPOSE_get0(j);
506  int id = d->kossl->X509_PURPOSE_get_id(ptmp);
507  for (int ca = 0; ca < 2; ca++) {
508  int idret = d->kossl->X509_check_purpose(c, id, ca);
509  if (idret == 1 || idret == 2) { // have it
510 // kdDebug() << "PURPOSE: " << id << (ca?" CA":"") << endl;
511  if (!ca)
512  d->_extensions.flags |= (1L <<(id-1));
513  else d->_extensions.flags |= (1L <<(16+id-1));
514  } else {
515  if (!ca)
516  d->_extensions.flags &= ~(1L <<(id-1));
517  else d->_extensions.flags &= ~(1L <<(16+id-1));
518  }
519  }
520  }
521 
522 #if 0
523  kdDebug(7029) << "flags: " << TQString::number(c->ex_flags, 2)
524  << "\nkeyusage: " << TQString::number(c->ex_kusage, 2)
525  << "\nxkeyusage: " << TQString::number(c->ex_xkusage, 2)
526  << "\nnscert: " << TQString::number(c->ex_nscert, 2)
527  << endl;
528  if (c->ex_flags & EXFLAG_KUSAGE)
529  kdDebug(7029) << " --- Key Usage extensions found" << endl;
530  else kdDebug(7029) << " --- Key Usage extensions NOT found" << endl;
531 
532  if (c->ex_flags & EXFLAG_XKUSAGE)
533  kdDebug(7029) << " --- Extended key usage extensions found" << endl;
534  else kdDebug(7029) << " --- Extended key usage extensions NOT found" << endl;
535 
536  if (c->ex_flags & EXFLAG_NSCERT)
537  kdDebug(7029) << " --- NS extensions found" << endl;
538  else kdDebug(7029) << " --- NS extensions NOT found" << endl;
539 
540  if (d->_extensions.certTypeSSLCA())
541  kdDebug(7029) << "NOTE: this is an SSL CA file." << endl;
542  else kdDebug(7029) << "NOTE: this is NOT an SSL CA file." << endl;
543 
544  if (d->_extensions.certTypeEmailCA())
545  kdDebug(7029) << "NOTE: this is an EMAIL CA file." << endl;
546  else kdDebug(7029) << "NOTE: this is NOT an EMAIL CA file." << endl;
547 
548  if (d->_extensions.certTypeCodeCA())
549  kdDebug(7029) << "NOTE: this is a CODE CA file." << endl;
550  else kdDebug(7029) << "NOTE: this is NOT a CODE CA file." << endl;
551 
552  if (d->_extensions.certTypeSSLClient())
553  kdDebug(7029) << "NOTE: this is an SSL client." << endl;
554  else kdDebug(7029) << "NOTE: this is NOT an SSL client." << endl;
555 
556  if (d->_extensions.certTypeSSLServer())
557  kdDebug(7029) << "NOTE: this is an SSL server." << endl;
558  else kdDebug(7029) << "NOTE: this is NOT an SSL server." << endl;
559 
560  if (d->_extensions.certTypeNSSSLServer())
561  kdDebug(7029) << "NOTE: this is a NETSCAPE SSL server." << endl;
562  else kdDebug(7029) << "NOTE: this is NOT a NETSCAPE SSL server." << endl;
563 
564  if (d->_extensions.certTypeSMIME())
565  kdDebug(7029) << "NOTE: this is an SMIME certificate." << endl;
566  else kdDebug(7029) << "NOTE: this is NOT an SMIME certificate." << endl;
567 
568  if (d->_extensions.certTypeSMIMEEncrypt())
569  kdDebug(7029) << "NOTE: this is an SMIME encrypt cert." << endl;
570  else kdDebug(7029) << "NOTE: this is NOT an SMIME encrypt cert." << endl;
571 
572  if (d->_extensions.certTypeSMIMESign())
573  kdDebug(7029) << "NOTE: this is an SMIME sign cert." << endl;
574  else kdDebug(7029) << "NOTE: this is NOT an SMIME sign cert." << endl;
575 
576  if (d->_extensions.certTypeCRLSign())
577  kdDebug(7029) << "NOTE: this is a CRL signer." << endl;
578  else kdDebug(7029) << "NOTE: this is NOT a CRL signer." << endl;
579 
580  kdDebug(7029) << "-----------------------------------------------"
581  << endl;
582 #endif
583 }
584 #endif
585 d->m_stateCached = false;
586 d->m_stateCache = KSSLCertificate::Unknown;
587 }
588 
589 void KSSLCertificate::setCRL(X509_CRL *c) {
590 #ifdef KSSL_HAVE_SSL
591 d->m_cert_crl = c;
592 if (c) {
593  d->_extensions.flags = 0;
594 }
595 #endif
596 d->m_stateCached = false;
597 d->m_stateCache = KSSLCertificate::Unknown;
598 }
599 
600 X509 *KSSLCertificate::getCert() {
601 #ifdef KSSL_HAVE_SSL
602  return d->m_cert;
603 #endif
604 return 0;
605 }
606 
607 // pull in the callback. It's common across multiple files but we want
608 // it to be hidden.
609 
610 #include "ksslcallback.c"
611 
612 
613 bool KSSLCertificate::isValid(KSSLCertificate::KSSLPurpose p) {
614  return (validate(p) == KSSLCertificate::Ok);
615 }
616 
617 
618 bool KSSLCertificate::isValid() {
619  return isValid(KSSLCertificate::SSLServer);
620 }
621 
622 
623 int KSSLCertificate::purposeToOpenSSL(KSSLCertificate::KSSLPurpose p) const {
624 int rc = 0;
625 #ifdef KSSL_HAVE_SSL
626  if (p == KSSLCertificate::SSLServer) {
627  rc = X509_PURPOSE_SSL_SERVER;
628  } else if (p == KSSLCertificate::SSLClient) {
629  rc = X509_PURPOSE_SSL_CLIENT;
630  } else if (p == KSSLCertificate::SMIMEEncrypt) {
631  rc = X509_PURPOSE_SMIME_ENCRYPT;
632  } else if (p == KSSLCertificate::SMIMESign) {
633  rc = X509_PURPOSE_SMIME_SIGN;
634  } else if (p == KSSLCertificate::Any) {
635  rc = X509_PURPOSE_ANY;
636  }
637 #endif
638 return rc;
639 }
640 
641 
642 // For backward compatibility
643 KSSLCertificate::KSSLValidation KSSLCertificate::validate() {
644  return validate(KSSLCertificate::SSLServer);
645 }
646 
647 KSSLCertificate::KSSLValidation KSSLCertificate::validate(KSSLCertificate::KSSLPurpose purpose)
648 {
649  KSSLValidationList result = validateVerbose(purpose);
650  if (result.isEmpty())
651  return KSSLCertificate::Ok;
652  else
653  return result.first();
654 }
655 
656 //
657 // See apps/verify.c in OpenSSL for the source of most of this logic.
658 //
659 
660 // CRL files? we don't do that yet
661 KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertificate::KSSLPurpose purpose)
662 {
663  return validateVerbose(purpose, 0);
664 }
665 
666 KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertificate::KSSLPurpose purpose, KSSLCertificate *ca)
667 {
668  KSSLValidationList errors;
669  if (ca || (d->_lastPurpose != purpose)) {
670  d->m_stateCached = false;
671  }
672 
673  if (!d->m_stateCached)
674  d->_lastPurpose = purpose;
675 
676 #ifdef KSSL_HAVE_SSL
677  X509_STORE *certStore;
678  X509_LOOKUP *certLookup;
679  X509_STORE_CTX *certStoreCTX;
680 
681  if (!d->m_cert)
682  {
683  errors << KSSLCertificate::Unknown;
684  return errors;
685  }
686 
687  if (d->m_stateCached) {
688  errors << d->m_stateCache;
689  return errors;
690  }
691 
692  TQStringList qsl = TDEGlobal::dirs()->resourceDirs("kssl");
693 
694  if (qsl.isEmpty()) {
695  errors << KSSLCertificate::NoCARoot;
696  return errors;
697  }
698 
699  KSSLCertificate::KSSLValidation ksslv = Unknown;
700 
701  for (TQStringList::Iterator j = qsl.begin(); j != qsl.end(); ++j) {
702  struct stat sb;
703  TQString _j = (*j) + "ca-bundle.crt";
704  if (-1 == stat(_j.ascii(), &sb)) {
705  continue;
706  }
707 
708  certStore = d->kossl->X509_STORE_new();
709  if (!certStore) {
710  errors << KSSLCertificate::Unknown;
711  return errors;
712  }
713 
714  d->kossl->X509_STORE_set_verify_cb(certStore, X509Callback);
715 
716  certLookup = d->kossl->X509_STORE_add_lookup(certStore, d->kossl->X509_LOOKUP_file());
717  if (!certLookup) {
718  ksslv = KSSLCertificate::Unknown;
719  d->kossl->X509_STORE_free(certStore);
720  continue;
721  }
722 
723  if (!d->kossl->X509_LOOKUP_load_file(certLookup, _j.ascii(), X509_FILETYPE_PEM)) {
724  // error accessing directory and loading pems
725  kdDebug(7029) << "KSSL couldn't read CA root: "
726  << _j << endl;
727  ksslv = KSSLCertificate::ErrorReadingRoot;
728  d->kossl->X509_STORE_free(certStore);
729  continue;
730  }
731 
732  // This is the checking code
733  certStoreCTX = d->kossl->X509_STORE_CTX_new();
734 
735  // this is a bad error - could mean no free memory.
736  // This may be the wrong thing to do here
737  if (!certStoreCTX) {
738  kdDebug(7029) << "KSSL couldn't create an X509 store context." << endl;
739  d->kossl->X509_STORE_free(certStore);
740  continue;
741  }
742 
743  d->kossl->X509_STORE_CTX_init(certStoreCTX, certStore, d->m_cert, NULL);
744  if (d->_chain.isValid()) {
745  d->kossl->X509_STORE_CTX_set0_untrusted(certStoreCTX, (STACK_OF(X509)*)d->_chain.rawChain());
746  }
747 
748  //kdDebug(7029) << "KSSL setting CRL.............." << endl;
749  // int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
750 
751  d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX, purposeToOpenSSL(purpose));
752 
753  KSSL_X509CallBack_ca = ca ? ca->d->m_cert : 0;
754  KSSL_X509CallBack_ca_found = false;
755 
756  d->kossl->X509_STORE_CTX_set_error(certStoreCTX, X509_V_OK);
757  d->kossl->X509_verify_cert(certStoreCTX);
758  int errcode = d->kossl->X509_STORE_CTX_get_error(certStoreCTX);
759  if (ca && !KSSL_X509CallBack_ca_found) {
760  ksslv = KSSLCertificate::Irrelevant;
761  } else {
762  ksslv = processError(errcode);
763  }
764  // For servers, we can try NS_SSL_SERVER too
765  if ( (ksslv != KSSLCertificate::Ok) &&
766  (ksslv != KSSLCertificate::Irrelevant) &&
767  purpose == KSSLCertificate::SSLServer) {
768  d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX,
769  X509_PURPOSE_NS_SSL_SERVER);
770 
771  d->kossl->X509_STORE_CTX_set_error(certStoreCTX, X509_V_OK);
772  d->kossl->X509_verify_cert(certStoreCTX);
773  errcode = d->kossl->X509_STORE_CTX_get_error(certStoreCTX);
774  ksslv = processError(errcode);
775  }
776  d->kossl->X509_STORE_CTX_free(certStoreCTX);
777  d->kossl->X509_STORE_free(certStore);
778  // end of checking code
779  //
780 
781  //kdDebug(7029) << "KSSL Validation procedure RC: "
782  // << rc << endl;
783  //kdDebug(7029) << "KSSL Validation procedure errcode: "
784  // << errcode << endl;
785  //kdDebug(7029) << "KSSL Validation procedure RESULTS: "
786  // << ksslv << endl;
787 
788  if (ksslv != NoCARoot && ksslv != InvalidCA) {
789  d->m_stateCached = true;
790  d->m_stateCache = ksslv;
791  }
792  break;
793  }
794 
795  if (ksslv != KSSLCertificate::Ok)
796  errors << ksslv;
797 #else
798  errors << KSSLCertificate::NoSSL;
799 #endif
800  return errors;
801 }
802 
803 
804 
805 KSSLCertificate::KSSLValidation KSSLCertificate::revalidate() {
806  return revalidate(KSSLCertificate::SSLServer);
807 }
808 
809 
810 KSSLCertificate::KSSLValidation KSSLCertificate::revalidate(KSSLCertificate::KSSLPurpose p) {
811  d->m_stateCached = false;
812  return validate(p);
813 }
814 
815 
816 KSSLCertificate::KSSLValidation KSSLCertificate::processError(int ec) {
817 KSSLCertificate::KSSLValidation rc;
818 
819 rc = KSSLCertificate::Unknown;
820 #ifdef KSSL_HAVE_SSL
821  switch (ec) {
822  case X509_V_OK: // OK
823  rc = KSSLCertificate::Ok;
824  break;
825 
826 
827  case X509_V_ERR_CERT_REJECTED:
828  rc = KSSLCertificate::Rejected;
829  break;
830 
831 
832  case X509_V_ERR_CERT_UNTRUSTED:
833  rc = KSSLCertificate::Untrusted;
834  break;
835 
836 
837  case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
838  case X509_V_ERR_CERT_SIGNATURE_FAILURE:
839  case X509_V_ERR_CRL_SIGNATURE_FAILURE:
840  case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
841  case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
842  rc = KSSLCertificate::SignatureFailed;
843  break;
844 
845  case X509_V_ERR_INVALID_CA:
846  case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
847  case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
848  case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
849  rc = KSSLCertificate::InvalidCA;
850  break;
851 
852 
853  case X509_V_ERR_INVALID_PURPOSE:
854  rc = KSSLCertificate::InvalidPurpose;
855  break;
856 
857 
858  case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
859  rc = KSSLCertificate::SelfSigned;
860  break;
861 
862  case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
863  rc = KSSLCertificate::SelfSignedChain;
864  break;
865 
866  case X509_V_ERR_CERT_REVOKED:
867  rc = KSSLCertificate::Revoked;
868  break;
869 
870  case X509_V_ERR_PATH_LENGTH_EXCEEDED:
871  rc = KSSLCertificate::PathLengthExceeded;
872  break;
873 
874  case X509_V_ERR_CERT_NOT_YET_VALID:
875  case X509_V_ERR_CERT_HAS_EXPIRED:
876  case X509_V_ERR_CRL_NOT_YET_VALID:
877  case X509_V_ERR_CRL_HAS_EXPIRED:
878  case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
879  case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
880  case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
881  case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
882  rc = KSSLCertificate::Expired;
883  kdDebug(7029) << "KSSL apparently this is expired. Not after: "
884  << getNotAfter() << endl;
885  break;
886 
887  //case 1:
888  case X509_V_ERR_APPLICATION_VERIFICATION:
889  case X509_V_ERR_OUT_OF_MEM:
890  case X509_V_ERR_UNABLE_TO_GET_CRL:
891  case X509_V_ERR_CERT_CHAIN_TOO_LONG:
892  default:
893  rc = KSSLCertificate::Unknown;
894  break;
895 }
896 
897 d->m_stateCache = rc;
898 d->m_stateCached = true;
899 #endif
900 return rc;
901 }
902 
903 
904 TQString KSSLCertificate::getNotBefore() const {
905 #ifdef KSSL_HAVE_SSL
906 return ASN1_UTCTIME_QString(d->kossl->X509_getm_notBefore(d->m_cert));
907 #else
908 return TQString::null;
909 #endif
910 }
911 
912 
913 TQString KSSLCertificate::getNotAfter() const {
914 #ifdef KSSL_HAVE_SSL
915 return ASN1_UTCTIME_QString(d->kossl->X509_getm_notAfter(d->m_cert));
916 #else
917 return TQString::null;
918 #endif
919 }
920 
921 
922 TQDateTime KSSLCertificate::getQDTNotBefore() const {
923 #ifdef KSSL_HAVE_SSL
924 return ASN1_UTCTIME_QDateTime(d->kossl->X509_getm_notBefore(d->m_cert), NULL);
925 #else
926 return TQDateTime::currentDateTime();
927 #endif
928 }
929 
930 
931 TQDateTime KSSLCertificate::getQDTNotAfter() const {
932 #ifdef KSSL_HAVE_SSL
933 return ASN1_UTCTIME_QDateTime(d->kossl->X509_getm_notAfter(d->m_cert), NULL);
934 #else
935 return TQDateTime::currentDateTime();
936 #endif
937 }
938 
939 
940 TQDateTime KSSLCertificate::getQDTLastUpdate() const {
941 #ifdef KSSL_HAVE_SSL
942 return ASN1_UTCTIME_QDateTime((ASN1_UTCTIME*)d->kossl->X509_CRL_get0_lastUpdate(d->m_cert_crl), NULL);
943 #else
944 return TQDateTime::currentDateTime();
945 #endif
946 }
947 
948 
949 TQDateTime KSSLCertificate::getQDTNextUpdate() const {
950 #ifdef KSSL_HAVE_SSL
951 return ASN1_UTCTIME_QDateTime((ASN1_UTCTIME*)d->kossl->X509_CRL_get0_nextUpdate(d->m_cert_crl), NULL);
952 #else
953 return TQDateTime::currentDateTime();
954 #endif
955 }
956 
957 
958 int operator==(KSSLCertificate &x, KSSLCertificate &y) {
959 #ifndef KSSL_HAVE_SSL
960  return 1;
961 #else
962  if (!KOSSL::self()->X509_cmp(x.getCert(), y.getCert())) return 1;
963  return 0;
964 #endif
965 }
966 
967 
968 KSSLCertificate *KSSLCertificate::replicate() {
969 // The new certificate doesn't have the cached value. It's probably
970 // better this way. We can't anticipate every reason for doing this.
971 KSSLCertificate *newOne = new KSSLCertificate();
972 #ifdef KSSL_HAVE_SSL
973  newOne->setCert(d->kossl->X509_dup(getCert()));
974  KSSLCertChain *c = d->_chain.replicate();
975  newOne->setChain(c->rawChain());
976  delete c;
977 #endif
978 return newOne;
979 }
980 
981 
982 TQString KSSLCertificate::toString() {
983 return KCodecs::base64Encode(toDer());
984 }
985 
986 
987 TQString KSSLCertificate::verifyText(KSSLValidation x) {
988 switch (x) {
989 case KSSLCertificate::Ok:
990  return i18n("The certificate is valid.");
991 case KSSLCertificate::PathLengthExceeded:
992 case KSSLCertificate::ErrorReadingRoot:
993 case KSSLCertificate::NoCARoot:
994  return i18n("Certificate signing authority root files could not be found so the certificate is not verified.");
995 case KSSLCertificate::SelfSignedChain:
996 case KSSLCertificate::InvalidCA:
997  return i18n("Certificate signing authority is unknown or invalid.");
998 case KSSLCertificate::SelfSigned:
999  return i18n("Certificate is self-signed and thus may not be trustworthy.");
1000 case KSSLCertificate::Expired:
1001  return i18n("Certificate has expired.");
1002 case KSSLCertificate::Revoked:
1003  return i18n("Certificate has been revoked.");
1004 case KSSLCertificate::NoSSL:
1005  return i18n("SSL support was not found.");
1006 case KSSLCertificate::Untrusted:
1007  return i18n("Signature is untrusted.");
1008 case KSSLCertificate::SignatureFailed:
1009  return i18n("Signature test failed.");
1010 case KSSLCertificate::Rejected:
1011 case KSSLCertificate::InvalidPurpose:
1012  return i18n("Rejected, possibly due to an invalid purpose.");
1013 case KSSLCertificate::PrivateKeyFailed:
1014  return i18n("Private key test failed.");
1015 case KSSLCertificate::InvalidHost:
1016  return i18n("The certificate has not been issued for this host.");
1017 case KSSLCertificate::Irrelevant:
1018  return i18n("This certificate is not relevant.");
1019 default:
1020 break;
1021 }
1022 
1023 return i18n("The certificate is invalid.");
1024 }
1025 
1026 
1027 TQByteArray KSSLCertificate::toDer() {
1028 TQByteArray qba;
1029 #ifdef KSSL_HAVE_SSL
1030 unsigned int certlen = d->kossl->i2d_X509(getCert(), NULL);
1031 unsigned char *cert = new unsigned char[certlen];
1032 unsigned char *p = cert;
1033  // FIXME: return code!
1034  d->kossl->i2d_X509(getCert(), &p);
1035 
1036  // encode it into a TQString
1037  qba.duplicate((const char*)cert, certlen);
1038  delete[] cert;
1039 #endif
1040 return qba;
1041 }
1042 
1043 
1044 
1045 TQByteArray KSSLCertificate::toPem() {
1046 TQByteArray qba;
1047 TQString thecert = toString();
1048 const char *header = "-----BEGIN CERTIFICATE-----\n";
1049 const char *footer = "-----END CERTIFICATE-----\n";
1050 
1051  // We just do base64 on the ASN1
1052  // 64 character lines (unpadded)
1053  unsigned int xx = thecert.length() - 1;
1054  for (unsigned int i = 0; i < xx/64; i++) {
1055  thecert.insert(64*(i+1)+i, '\n');
1056  }
1057 
1058  thecert.prepend(header);
1059 
1060  if (thecert[thecert.length()-1] != '\n')
1061  thecert += "\n";
1062 
1063  thecert.append(footer);
1064 
1065  qba.duplicate(thecert.local8Bit(), thecert.length());
1066 return qba;
1067 }
1068 
1069 
1070 #define NETSCAPE_CERT_HDR "certificate"
1071 #ifdef KSSL_HAVE_SSL
1072 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
1073 typedef struct NETSCAPE_X509_st
1074 {
1075  ASN1_OCTET_STRING *header;
1076  X509 *cert;
1077 } NETSCAPE_X509;
1078 #endif
1079 #endif
1080 
1081 // what a piece of crap this is
1082 TQByteArray KSSLCertificate::toNetscape() {
1083 TQByteArray qba;
1084 #ifdef KSSL_HAVE_SSL
1085 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
1086  NETSCAPE_X509 nx;
1087  ASN1_OCTET_STRING hdr;
1088 #else
1089  ASN1_HEADER ah;
1090  ASN1_OCTET_STRING os;
1091 #endif
1092  KTempFile ktf;
1093 
1094 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
1095  hdr.data = (unsigned char *)NETSCAPE_CERT_HDR;
1096  hdr.length = strlen(NETSCAPE_CERT_HDR);
1097  nx.header = &hdr;
1098  nx.cert = getCert();
1099 
1100  d->kossl->ASN1_i2d_fp(ktf.fstream(),(unsigned char *)&nx);
1101 #else
1102  os.data = (unsigned char *)NETSCAPE_CERT_HDR;
1103  os.length = strlen(NETSCAPE_CERT_HDR);
1104  ah.header = &os;
1105  ah.data = (char *)getCert();
1106  ah.meth = d->kossl->X509_asn1_meth();
1107 
1108  d->kossl->ASN1_i2d_fp(ktf.fstream(),(unsigned char *)&ah);
1109 #endif
1110 
1111  ktf.close();
1112 
1113  TQFile qf(ktf.name());
1114  qf.open(IO_ReadOnly);
1115  char *buf = new char[qf.size()];
1116  qf.readBlock(buf, qf.size());
1117  qba.duplicate(buf, qf.size());
1118  qf.close();
1119  delete[] buf;
1120 
1121  ktf.unlink();
1122 
1123 #endif
1124 return qba;
1125 }
1126 
1127 
1128 
1129 TQString KSSLCertificate::toText() {
1130 TQString text;
1131 #ifdef KSSL_HAVE_SSL
1132 KTempFile ktf;
1133 
1134  d->kossl->X509_print(ktf.fstream(), getCert());
1135  ktf.close();
1136 
1137  TQFile qf(ktf.name());
1138  qf.open(IO_ReadOnly);
1139  char *buf = new char[qf.size()+1];
1140  qf.readBlock(buf, qf.size());
1141  buf[qf.size()] = 0;
1142  text = buf;
1143  delete[] buf;
1144  qf.close();
1145  ktf.unlink();
1146 #endif
1147 return text;
1148 }
1149 
1150 // KDE 4: Make it const TQString &
1151 bool KSSLCertificate::setCert(TQString& cert) {
1152 #ifdef KSSL_HAVE_SSL
1153 TQByteArray qba, qbb = cert.local8Bit().copy();
1154  KCodecs::base64Decode(qbb, qba);
1155  unsigned char *qbap = reinterpret_cast<unsigned char *>(qba.data());
1156  X509 *x5c = KOSSL::self()->d2i_X509(NULL, &qbap, qba.size());
1157  if (x5c) {
1158  setCert(x5c);
1159  return true;
1160  }
1161 #endif
1162 return false;
1163 }
1164 
1165 
1166 KSSLX509V3& KSSLCertificate::x509V3Extensions() {
1167 return d->_extensions;
1168 }
1169 
1170 
1171 bool KSSLCertificate::isSigner() {
1172 return d->_extensions.certTypeCA();
1173 }
1174 
1175 
1176 TQStringList KSSLCertificate::subjAltNames() const {
1177  TQStringList rc;
1178 #ifdef KSSL_HAVE_SSL
1179  STACK_OF(GENERAL_NAME) *names;
1180  names = (STACK_OF(GENERAL_NAME)*)d->kossl->X509_get_ext_d2i(d->m_cert, NID_subject_alt_name, 0, 0);
1181 
1182  if (!names) {
1183  return rc;
1184  }
1185 
1186  int cnt = d->kossl->OPENSSL_sk_num(names);
1187 
1188  for (int i = 0; i < cnt; i++) {
1189  const GENERAL_NAME *val = (const GENERAL_NAME *)d->kossl->OPENSSL_sk_value(names, i);
1190  if (val->type != GEN_DNS) {
1191  continue;
1192  }
1193 
1194  TQString s = (const char *)d->kossl->ASN1_STRING_data(val->d.ia5);
1195  if (!s.isEmpty() &&
1196  /* skip subjectAltNames with embedded NULs */
1197  s.length() == (unsigned int)d->kossl->ASN1_STRING_length(val->d.ia5)) {
1198  rc += s;
1199  }
1200  }
1201  d->kossl->OPENSSL_sk_free(names);
1202 #endif
1203  return rc;
1204 }
1205 
1206 
1207 TQDataStream& operator<<(TQDataStream& s, const KSSLCertificate& r) {
1208 TQStringList qsl;
1209 TQPtrList<KSSLCertificate> cl = const_cast<KSSLCertificate&>(r).chain().getChain();
1210 
1211  for (KSSLCertificate *c = cl.first(); c != 0; c = cl.next()) {
1212  qsl << c->toString();
1213  }
1214 
1215  cl.setAutoDelete(true);
1216 
1217  s << const_cast<KSSLCertificate&>(r).toString() << qsl;
1218 
1219 return s;
1220 }
1221 
1222 
1223 TQDataStream& operator>>(TQDataStream& s, KSSLCertificate& r) {
1224 TQStringList qsl;
1225 TQString cert;
1226 
1227 s >> cert >> qsl;
1228 
1229  if (r.setCert(cert) && !qsl.isEmpty())
1230  r.chain().setCertChain(qsl);
1231 
1232 return s;
1233 }
1234 
1235 
1236 
KSSLCertChain
KDE Certificate Chain Representation Class.
Definition: ksslcertchain.h:45
KSSLCertChain::setCertChain
void setCertChain(const TQStringList &chain)
Set the certificate chain as a list of base64 encoded X.509 certificates.
Definition: ksslcertchain.cpp:183
KSSLCertChain::rawChain
void * rawChain()
Read the raw chain in OpenSSL format.
Definition: ksslcertchain.h:127
KSSLCertificate
KDE X.509 Certificate.
Definition: ksslcertificate.h:77
KSSLCertificate::getQDTLastUpdate
TQDateTime getQDTLastUpdate() const
Get the date that the CRL was generated on.
Definition: ksslcertificate.cpp:940
KSSLCertificate::toText
TQString toText()
Convert the certificate to OpenSSL plain text format.
Definition: ksslcertificate.cpp:1129
KSSLCertificate::KSSLCertificate
KSSLCertificate(const KSSLCertificate &x)
Copy constructor.
Definition: ksslcertificate.cpp:105
KSSLCertificate::x509V3Extensions
KSSLX509V3 & x509V3Extensions()
Access the X.509v3 parameters.
Definition: ksslcertificate.cpp:1166
KSSLCertificate::getEmails
void getEmails(TQStringList &to) const
FIXME: document.
Definition: ksslcertificate.cpp:252
KSSLCertificate::toNetscape
TQByteArray toNetscape()
Convert the certificate to Netscape format.
Definition: ksslcertificate.cpp:1082
KSSLCertificate::getNotBefore
TQString getNotBefore() const
Get the date that the certificate becomes valid on.
Definition: ksslcertificate.cpp:904
KSSLCertificate::KSSLValidation
KSSLValidation
A CA certificate can be validated as Irrelevant when it was not used to sign any other relevant certi...
Definition: ksslcertificate.h:122
KSSLCertificate::getKeyType
TQString getKeyType() const
Get the key type (RSA, DSA, etc).
Definition: ksslcertificate.cpp:335
KSSLCertificate::getQDTNotAfter
TQDateTime getQDTNotAfter() const
Get the date that the certificate is valid until.
Definition: ksslcertificate.cpp:931
KSSLCertificate::getSignatureText
TQString getSignatureText() const
Get the signature.
Definition: ksslcertificate.cpp:221
KSSLCertificate::revalidate
KSSLValidation revalidate()
Check if this is a valid certificate.
Definition: ksslcertificate.cpp:805
KSSLCertificate::getQDTNextUpdate
TQDateTime getQDTNextUpdate() const
Get the date that the CRL must be updated by.
Definition: ksslcertificate.cpp:949
KSSLCertificate::isValid
bool isValid()
Check if this is a valid certificate.
Definition: ksslcertificate.cpp:618
KSSLCertificate::crlFromString
static KSSLCertificate * crlFromString(TQCString cert)
Create an X.509 CRL certificate from a base64 encoded string.
Definition: ksslcertificate.cpp:171
KSSLCertificate::getMD5Digest
TQString getMD5Digest() const
Get the MD5 digest of the certificate.
Definition: ksslcertificate.cpp:312
KSSLCertificate::toPem
TQByteArray toPem()
Convert the certificate to PEM (base64) format.
Definition: ksslcertificate.cpp:1045
KSSLCertificate::getKDEKey
TQString getKDEKey() const
KDEKey is a concatenation "Subject (MD5)", mostly needed for SMIME.
Definition: ksslcertificate.cpp:269
KSSLCertificate::toString
TQString toString()
Convert this certificate to a string.
Definition: ksslcertificate.cpp:982
KSSLCertificate::validateVerbose
KSSLValidationList validateVerbose(KSSLPurpose p)
Check if this is a valid certificate.
Definition: ksslcertificate.cpp:661
KSSLCertificate::getNotAfter
TQString getNotAfter() const
Get the date that the certificate is valid until.
Definition: ksslcertificate.cpp:913
KSSLCertificate::fromString
static KSSLCertificate * fromString(TQCString cert)
Create an X.509 certificate from a base64 encoded string.
Definition: ksslcertificate.cpp:151
KSSLCertificate::toDer
TQByteArray toDer()
Convert the certificate to DER (ASN.1) format.
Definition: ksslcertificate.cpp:1027
KSSLCertificate::subjAltNames
TQStringList subjAltNames() const
The alternate subject name.
Definition: ksslcertificate.cpp:1176
KSSLCertificate::getIssuer
TQString getIssuer() const
Get the issuer of the certificate (X.509 map).
Definition: ksslcertificate.cpp:467
KSSLCertificate::getSubject
TQString getSubject() const
Get the subject of the certificate (X.509 map).
Definition: ksslcertificate.cpp:193
KSSLCertificate::validate
KSSLValidation validate()
Check if this is a valid certificate.
Definition: ksslcertificate.cpp:643
KSSLCertificate::verifyText
static TQString verifyText(KSSLValidation x)
Obtain the localized message that corresponds to a validation result.
Definition: ksslcertificate.cpp:987
KSSLCertificate::setCert
bool setCert(TQString &cert)
Re-set the certificate from a base64 string.
Definition: ksslcertificate.cpp:1151
KSSLCertificate::fromX509
static KSSLCertificate * fromX509(X509 *x5)
Create an X.509 certificate from the internal representation.
Definition: ksslcertificate.cpp:139
KSSLCertificate::~KSSLCertificate
~KSSLCertificate()
Destroy this X.509 certificate.
Definition: ksslcertificate.cpp:121
KSSLCertificate::getPublicKeyText
TQString getPublicKeyText() const
Get the public key.
Definition: ksslcertificate.cpp:361
KSSLCertificate::getMD5DigestFromKDEKey
static TQString getMD5DigestFromKDEKey(const TQString &k)
Aegypten semantics force us to search by MD5Digest only.
Definition: ksslcertificate.cpp:274
KSSLCertificate::getSerialNumber
TQString getSerialNumber() const
Get the serial number of the certificate.
Definition: ksslcertificate.cpp:207
KSSLCertificate::chain
KSSLCertChain & chain()
Get a reference to the certificate chain.
Definition: ksslcertificate.cpp:134
KSSLCertificate::replicate
KSSLCertificate * replicate()
Explicitly make a copy of this certificate.
Definition: ksslcertificate.cpp:968
KSSLCertificate::isSigner
bool isSigner()
Check if this is a signer certificate.
Definition: ksslcertificate.cpp:1171
KSSLCertificate::getMD5DigestText
TQString getMD5DigestText() const
Get the MD5 digest of the certificate.
Definition: ksslcertificate.cpp:287
KSSLCertificate::getQDTNotBefore
TQDateTime getQDTNotBefore() const
Get the date that the certificate becomes valid on.
Definition: ksslcertificate.cpp:922
KSSLX509V3
KDE X509v3 Flag Class.
Definition: ksslx509v3.h:38

tdeio/kssl

Skip menu "tdeio/kssl"
  • Main Page
  • Alphabetical List
  • Class List
  • File List
  • Class Members
  • Related Pages

tdeio/kssl

Skip menu "tdeio/kssl"
  • arts
  • dcop
  • dnssd
  • interfaces
  •   kspeech
  •     interface
  •     library
  •   tdetexteditor
  • kate
  • kded
  • kdoctools
  • kimgio
  • kjs
  • libtdemid
  • libtdescreensaver
  • tdeabc
  • tdecmshell
  • tdecore
  • tdefx
  • tdehtml
  • tdeinit
  • tdeio
  •   bookmarks
  •   httpfilter
  •   kpasswdserver
  •   kssl
  •   tdefile
  •   tdeio
  •   tdeioexec
  • tdeioslave
  •   http
  • tdemdi
  •   tdemdi
  • tdenewstuff
  • tdeparts
  • tdeprint
  • tderandr
  • tderesources
  • tdespell2
  • tdesu
  • tdeui
  • tdeunittest
  • tdeutils
  • tdewallet
Generated for tdeio/kssl by doxygen 1.9.1
This website is maintained by Timothy Pearson.