• Skip to content
  • Skip to link menu
Trinity API Reference
  • Trinity API Reference
  • tdeio/kssl
 

tdeio/kssl

  • tdeio
  • kssl
ksslpeerinfo.cpp
1 /* This file is part of the KDE project
2  *
3  * Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
4  *
5  * This library is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU Library General Public
7  * License as published by the Free Software Foundation; either
8  * version 2 of the License, or (at your option) any later version.
9  *
10  * This library is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  * Library General Public License for more details.
14  *
15  * You should have received a copy of the GNU Library General Public License
16  * along with this library; see the file COPYING.LIB. If not, write to
17  * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18  * Boston, MA 02110-1301, USA.
19  */
20 
21 #ifdef HAVE_CONFIG_H
22 #include <config.h>
23 #endif
24 
25 #include <tqregexp.h>
26 
27 #include "ksslpeerinfo.h"
28 #include <kdebug.h>
29 
30 #include <ksockaddr.h>
31 #include <kextsock.h>
32 #include <netsupp.h>
33 #ifndef TQ_WS_WIN //TODO kresolver not ported
34 #include "kresolver.h"
35 #endif
36 
37 #include "ksslx509map.h"
38 
39 class KSSLPeerInfoPrivate {
40 public:
41  KSSLPeerInfoPrivate() {}
42  ~KSSLPeerInfoPrivate() { }
43  TQString peerHost;
44 };
45 
46 
47 
48 KSSLPeerInfo::KSSLPeerInfo() {
49  d = new KSSLPeerInfoPrivate;
50 }
51 
52 KSSLPeerInfo::~KSSLPeerInfo() {
53  delete d;
54 }
55 
56 KSSLCertificate& KSSLPeerInfo::getPeerCertificate() {
57  return m_cert;
58 }
59 
60 void KSSLPeerInfo::setPeerHost(TQString realHost) {
61  d->peerHost = realHost.stripWhiteSpace();
62  while(d->peerHost.endsWith("."))
63  d->peerHost.truncate(d->peerHost.length()-1);
64 
65 #ifdef TQ_WS_WIN //TODO kresolver not ported
66  d->peerHost = d->peerHost.lower();
67 #else
68  d->peerHost = TQString::fromLatin1(KNetwork::KResolver::domainToAscii(d->peerHost));
69 #endif
70 }
71 
72 bool KSSLPeerInfo::certMatchesAddress() {
73 #ifdef KSSL_HAVE_SSL
74  KSSLX509Map certinfo(m_cert.getSubject());
75  TQStringList cns = TQStringList::split(TQRegExp("[ \n\r]"), certinfo.getValue("CN"));
76  cns += m_cert.subjAltNames();
77 
78  for (TQStringList::Iterator cn = cns.begin(); cn != cns.end(); ++cn) {
79  if (cnMatchesAddress((*cn).stripWhiteSpace().lower()))
80  return true;
81  }
82 
83 #endif
84 
85  return false;
86 }
87 
88 
89 bool KSSLPeerInfo::cnMatchesAddress(TQString cn) {
90 #ifdef KSSL_HAVE_SSL
91  TQRegExp rx;
92 
93  kdDebug(7029) << "Matching CN=[" << cn << "] to ["
94  << d->peerHost << "]" << endl;
95 
96  // Check for invalid characters
97  if (TQRegExp("[^a-zA-Z0-9\\.\\*\\-]").search(cn) >= 0) {
98  kdDebug(7029) << "CN contains invalid characters! Failing." << endl;
99  return false;
100  }
101 
102  // Domains can legally end with '.'s. We don't need them though.
103  while(cn.endsWith("."))
104  cn.truncate(cn.length()-1);
105 
106  // Do not let empty CN's get by!!
107  if (cn.isEmpty())
108  return false;
109 
110  // Check for IPv4 address
111  rx.setPattern("[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}");
112  if (rx.exactMatch(d->peerHost))
113  return d->peerHost == cn;
114 
115  // Check for IPv6 address here...
116  rx.setPattern("^\\[.*\\]$");
117  if (rx.exactMatch(d->peerHost))
118  return d->peerHost == cn;
119 
120  if (cn.contains('*')) {
121  // First make sure that there are at least two valid parts
122  // after the wildcard (*).
123  TQStringList parts = TQStringList::split('.', cn, false);
124 
125  while (parts.count() > 2)
126  parts.remove(parts.begin());
127 
128  if (parts.count() != 2) {
129  return false; // we don't allow *.root - that's bad
130  }
131 
132  if (parts[0].contains('*') || parts[1].contains('*')) {
133  return false;
134  }
135 
136  // RFC2818 says that *.example.com should match against
137  // foo.example.com but not bar.foo.example.com
138  // (ie. they must have the same number of parts)
139  if (TQRegExp(cn, false, true).exactMatch(d->peerHost) &&
140  TQStringList::split('.', cn, false).count() ==
141  TQStringList::split('.', d->peerHost, false).count())
142  return true;
143 
144  // *.example.com must match example.com also. Sigh..
145  if (cn.startsWith("*.")) {
146  TQString chopped = cn.mid(2);
147  if (chopped == d->peerHost) {
148  return true;
149  }
150  }
151  return false;
152  }
153 
154  // We must have an exact match in this case (insensitive though)
155  // (note we already did .lower())
156  if (cn == d->peerHost)
157  return true;
158 #endif
159  return false;
160 }
161 
162 
163 void KSSLPeerInfo::reset() {
164  d->peerHost = TQString::null;
165 }
166 
167 
168 const TQString& KSSLPeerInfo::peerHost() const {
169  return d->peerHost;
170 }
171 
KSSLCertificate
KDE X.509 Certificate.
Definition: ksslcertificate.h:77
KSSLCertificate::subjAltNames
TQStringList subjAltNames() const
The alternate subject name.
Definition: ksslcertificate.cpp:1176
KSSLCertificate::getSubject
TQString getSubject() const
Get the subject of the certificate (X.509 map).
Definition: ksslcertificate.cpp:193
KSSLPeerInfo::~KSSLPeerInfo
~KSSLPeerInfo()
Destroy this instance.
Definition: ksslpeerinfo.cpp:52
KSSLPeerInfo::cnMatchesAddress
bool cnMatchesAddress(TQString cn)
Determine if the given "common name" matches the address set with setPeerHost().
Definition: ksslpeerinfo.cpp:89
KSSLPeerInfo::reset
void reset()
Clear out the host name.
Definition: ksslpeerinfo.cpp:163
KSSLPeerInfo::getPeerCertificate
KSSLCertificate & getPeerCertificate()
Get a reference to the peer's certificate.
Definition: ksslpeerinfo.cpp:56
KSSLPeerInfo::certMatchesAddress
bool certMatchesAddress()
Determine if the peer's certificate matches the address set with setPeerHost().
Definition: ksslpeerinfo.cpp:72
KSSLPeerInfo::peerHost
const TQString & peerHost() const
Returns the host we are connected to.
Definition: ksslpeerinfo.cpp:168
KSSLPeerInfo::setPeerHost
void setPeerHost(TQString host=TQString::null)
Set the host that we are connected to.
Definition: ksslpeerinfo.cpp:60
KSSLX509Map
X.509 Map Parsing Class.
Definition: ksslx509map.h:39
KSSLX509Map::getValue
TQString getValue(const TQString &key) const
Get the value of an entry in the map.
Definition: ksslx509map.cpp:40

tdeio/kssl

Skip menu "tdeio/kssl"
  • Main Page
  • Alphabetical List
  • Class List
  • File List
  • Class Members
  • Related Pages

tdeio/kssl

Skip menu "tdeio/kssl"
  • arts
  • dcop
  • dnssd
  • interfaces
  •   kspeech
  •     interface
  •     library
  •   tdetexteditor
  • kate
  • kded
  • kdoctools
  • kimgio
  • kjs
  • libtdemid
  • libtdescreensaver
  • tdeabc
  • tdecmshell
  • tdecore
  • tdefx
  • tdehtml
  • tdeinit
  • tdeio
  •   bookmarks
  •   httpfilter
  •   kpasswdserver
  •   kssl
  •   tdefile
  •   tdeio
  •   tdeioexec
  • tdeioslave
  •   http
  • tdemdi
  •   tdemdi
  • tdenewstuff
  • tdeparts
  • tdeprint
  • tderandr
  • tderesources
  • tdespell2
  • tdesu
  • tdeui
  • tdeunittest
  • tdeutils
  • tdewallet
Generated for tdeio/kssl by doxygen 1.9.1
This website is maintained by Timothy Pearson.