• Skip to content
  • Skip to link menu
KDE 4.1 API Reference
  • KDE API Reference
  • kdelibs
  • Sitemap
  • Contact Us
 

KIO

kssld.cpp

Go to the documentation of this file.
00001 /*
00002    This file is part of the KDE libraries
00003 
00004    Copyright (c) 2001-2005 George Staikos <staikos@kde.org>
00005 
00006    This library is free software; you can redistribute it and/or
00007    modify it under the terms of the GNU Library General Public
00008    License as published by the Free Software Foundation; either
00009    version 2 of the License, or (at your option) any later version.
00010 
00011    This library is distributed in the hope that it will be useful,
00012    but WITHOUT ANY WARRANTY; without even the implied warranty of
00013    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00014    Library General Public License for more details.
00015 
00016    You should have received a copy of the GNU Library General Public License
00017    along with this library; see the file COPYING.LIB.  If not, write to
00018    the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
00019    Boston, MA 02110-1301, USA.
00020 
00021 */
00022 
00023 #include "kssld.h"
00024 
00025 #include "ksslcertificatemanager.h"
00026 #include "kssld_adaptor.h"
00027 
00028 #if 0
00029 #include <QtNetwork/QSslCertificate>
00030 #include <QtNetwork/QSslError>
00031 #include <QtCore/QString>
00032 #include <QtCore/QStringList>
00033 #include <QtCore/QDate>
00034 #endif
00035 
00036 
00037 //#include <QtCore/QTimer>
00038 
00039 #include <kconfig.h>
00040 #include <kconfiggroup.h>
00041 #include <QtCore/QFile>
00042 #include <kglobal.h>
00043 #include <kstandarddirs.h>
00044 #include <kdebug.h>
00045 #include <QtCore/QDate>
00046 #include <kpluginfactory.h>
00047 #include <kpluginloader.h>
00048 
00049 
00050 
00051 K_PLUGIN_FACTORY(KSSLDFactory, registerPlugin<KSSLD>();)
00052 K_EXPORT_PLUGIN(KSSLDFactory("kssld"))
00053 //KDE_EXPORT void *__kde_do_unload; // TODO re-add support for this?
00054 
00055 
00056 class KSSLDPrivate
00057 {
00058 public:
00059     KSSLDPrivate()
00060      : config("ksslcertificatemanager", KConfig::SimpleConfig)
00061         //TODO find a really good name for the config file
00062     {
00063         struct strErr {
00064             const char *str;
00065             KSslError::Error err;
00066         };
00067 
00068         //hmmm, looks like these are all of the errors where it is possible to continue.
00069         const static strErr strError[] = {
00070             {"NoError", KSslError::NoError},
00071             {"UnknownError", KSslError::UnknownError},
00072             {"InvalidCertificateAuthority", KSslError::InvalidCertificateAuthority},
00073             {"InvalidCertificate", KSslError::InvalidCertificate},
00074             {"CertificateSignatureFailed", KSslError::CertificateSignatureFailed},
00075             {"SelfSignedCertificate", KSslError::SelfSignedCertificate},
00076             {"RevokedCertificate", KSslError::RevokedCertificate},
00077             {"InvalidCertificatePurpose", KSslError::InvalidCertificatePurpose},
00078             {"RejectedCertificate", KSslError::RejectedCertificate},
00079             {"UntrustedCertificate", KSslError::UntrustedCertificate},
00080             {"ExpiredCertificate", KSslError::ExpiredCertificate},
00081             {"HostNameMismatch", KSslError::HostNameMismatch}
00082         };
00083 
00084         for (int i = 0; i < int(sizeof(strError)/sizeof(strErr)); i++) {
00085             QString s = QString::fromLatin1(strError[i].str);
00086             KSslError::Error e = strError[i].err;
00087             stringToSslError.insert(s, e);
00088             sslErrorToString.insert(e, s);
00089         }        
00090     }
00091 
00092     KConfig config;
00093     QHash<QString, KSslError::Error> stringToSslError;
00094     QHash<KSslError::Error, QString> sslErrorToString;
00095 };
00096 
00097 
00098 
00099 KSSLD::KSSLD(QObject* parent, const QVariantList&)
00100  : KDEDModule(parent),
00101    d(new KSSLDPrivate())
00102 {
00103     new KSSLDAdaptor(this);
00104     QDBusConnection::sessionBus().registerObject("/KdedKssl", this);
00105 }
00106 
00107 
00108 KSSLD::~KSSLD()
00109 {
00110     delete d;
00111 }
00112 
00113 
00114 void KSSLD::setRule(const KSslCertificateRule &rule)
00115 {
00116     if (rule.hostName().isEmpty()) {
00117         return;
00118     }
00119     KConfigGroup group = d->config.group(rule.certificate().digest());
00120 
00121     QStringList sl;
00122 
00123     QString dtString("ExpireUTC ");
00124     dtString.append(rule.expiryDateTime().toString(Qt::ISODate));
00125     sl.append(dtString);
00126 
00127     if (rule.isRejected()) {
00128         sl.append("Reject");
00129     } else {
00130         foreach (KSslError::Error e, rule.ignoredErrors())
00131             sl.append(d->sslErrorToString.value(e));
00132     }
00133 
00134     if (!group.hasKey("CertificatePEM"))
00135         group.writeEntry("CertificatePEM", rule.certificate().toPem());
00136 #ifdef PARANOIA
00137     else
00138         if (group.readEntry("CertificatePEM") != rule.certificate().toPem())
00139             return;
00140 #endif
00141     group.writeEntry(rule.hostName(), sl);
00142     group.sync();
00143 }
00144 
00145 
00146 void KSSLD::clearRule(const KSslCertificateRule &rule)
00147 {
00148     clearRule(rule.certificate(), rule.hostName());
00149 }
00150 
00151 
00152 void KSSLD::clearRule(const QSslCertificate &cert, const QString &hostName)
00153 {
00154     KConfigGroup group = d->config.group(cert.digest());
00155     group.deleteEntry(hostName);
00156     if (group.keyList().size() < 2) {
00157         group.deleteGroup();
00158     }
00159     group.sync();
00160 }
00161 
00162 
00163 KSslCertificateRule KSSLD::rule(const QSslCertificate &cert, const QString &hostName) const
00164 {
00165     KConfigGroup group = d->config.group(cert.digest());
00166 
00167     //Find a rule for the hostname, either directly or with wildcards
00168     QString key = hostName;
00169     bool foundHostName = false;
00170     if (group.hasKey(key)) {
00171         foundHostName = true;
00172     } else {
00173         QString starDot("*.");
00174         while (!key.isEmpty()) {
00175             if (group.hasKey(starDot + key)) {
00176                 foundHostName = true;
00177                 break;
00178             }
00179             //now look for rules for higher-level domains
00180             int dotIndex = key.indexOf('.');
00181             if (dotIndex < 0)
00182                 break;
00183             key.remove(0, dotIndex + 1);    //foo.bar -> bar
00184         }
00185         key.prepend(starDot);
00186     }
00187     if (!foundHostName) {
00188         //Don't make a rule with the failed wildcard pattern - use the original hostname.
00189         return KSslCertificateRule(cert, hostName);
00190     }
00191 
00192     //### This suprising behavior (rule.hostName() being the wildcard) needs documentation!
00193     KSslCertificateRule ret(cert, key);
00194 
00195 #ifdef PARANOIA
00196     if (group.readEntry("CertificatePEM") != cert.toPem())
00197         return ret;
00198 #endif
00199     //parse entry of the format "ExpireUTC <date>, Reject" or
00200     //"ExpireUTC <date>, HostNameMismatch, ExpiredCertificate, ..."
00201     QStringList sl = group.readEntry(key, QStringList());
00202 
00203     QString dtString = sl.takeFirst();
00204     if (!dtString.startsWith("ExpireUTC "))
00205         return ret;
00206     dtString.remove(0, 10/* length of "ExpireUTC " */);
00207 
00208     QDateTime expiryDt = QDateTime::fromString(dtString, Qt::ISODate);
00209     if (!expiryDt.isValid() || expiryDt < QDateTime::currentDateTime()) {
00210         //the entry is malformed or expired so we remove it
00211         group.deleteEntry(key);
00212         //the group is useless once only the CertificatePEM entry left
00213         if (group.keyList().size() < 2)
00214             group.deleteGroup();
00215         group.sync();
00216         return ret;
00217     }
00218 
00219     QList<KSslError::Error> ignoredErrors;
00220     bool isRejected = false;
00221     foreach (const QString &s, sl) {
00222         if (s == "Reject") {
00223             isRejected = true;
00224             ignoredErrors.clear();
00225             break;
00226         }
00227         if (!d->stringToSslError.contains(s))
00228             continue;
00229         ignoredErrors.append(d->stringToSslError.value(s));
00230     }
00231 
00232     //Everything is checked and we can make ret valid
00233     ret.setExpiryDateTime(expiryDt);
00234     ret.setRejected(isRejected);
00235     ret.setIgnoredErrors(ignoredErrors);
00236     return ret;
00237 }
00238 
00239 
00240 void KSSLD::setRootCertificates(const QList<QSslCertificate> &rootCertificates)
00241 {
00242     //TODO
00243 }
00244 
00245 
00246 QList<QSslCertificate> KSSLD::rootCertificates() const
00247 {
00248     //TODO
00249     return QList<QSslCertificate>();
00250 }
00251 
00252 
00253 #include "kssld.moc"
00254 #include "kssld_adaptor.moc"

KIO

Skip menu "KIO"
  • Main Page
  • Namespace List
  • Class Hierarchy
  • Alphabetical List
  • Class List
  • File List
  • Namespace Members
  • Class Members
  • Related Pages

kdelibs

Skip menu "kdelibs"
  • DNSSD
  • Interfaces
  •   KHexEdit
  •   KMediaPlayer
  •   KSpeech
  •   KTextEditor
  • Kate
  • kconf_update
  • KDE3Support
  •   KUnitTest
  • KDECore
  • KDED
  • KDEsu
  • KDEUI
  • KDocTools
  • KFile
  • KHTML
  • KImgIO
  • KInit
  • KIO
  • KIOSlave
  • KJS
  •   KJS-API
  •   WTF
  • kjsembed
  • KNewStuff
  • KParts
  • Kross
  • KUtils
  • Nepomuk
  • Solid
  • Sonnet
  • ThreadWeaver
Generated for kdelibs by doxygen 1.5.4
This website is maintained by Adriaan de Groot and Allen Winter.
KDE® and the K Desktop Environment® logo are registered trademarks of KDE e.V. | Legal