00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023 #include "kssld.h"
00024
00025 #include "ksslcertificatemanager.h"
00026 #include "kssld_adaptor.h"
00027
00028 #if 0
00029 #include <QtNetwork/QSslCertificate>
00030 #include <QtNetwork/QSslError>
00031 #include <QtCore/QString>
00032 #include <QtCore/QStringList>
00033 #include <QtCore/QDate>
00034 #endif
00035
00036
00037
00038
00039 #include <kconfig.h>
00040 #include <kconfiggroup.h>
00041 #include <QtCore/QFile>
00042 #include <kglobal.h>
00043 #include <kstandarddirs.h>
00044 #include <kdebug.h>
00045 #include <QtCore/QDate>
00046 #include <kpluginfactory.h>
00047 #include <kpluginloader.h>
00048
00049
00050
00051 K_PLUGIN_FACTORY(KSSLDFactory, registerPlugin<KSSLD>();)
00052 K_EXPORT_PLUGIN(KSSLDFactory("kssld"))
00053
00054
00055
00056 class KSSLDPrivate
00057 {
00058 public:
00059 KSSLDPrivate()
00060 : config("ksslcertificatemanager", KConfig::SimpleConfig)
00061
00062 {
00063 struct strErr {
00064 const char *str;
00065 KSslError::Error err;
00066 };
00067
00068
00069 const static strErr strError[] = {
00070 {"NoError", KSslError::NoError},
00071 {"UnknownError", KSslError::UnknownError},
00072 {"InvalidCertificateAuthority", KSslError::InvalidCertificateAuthority},
00073 {"InvalidCertificate", KSslError::InvalidCertificate},
00074 {"CertificateSignatureFailed", KSslError::CertificateSignatureFailed},
00075 {"SelfSignedCertificate", KSslError::SelfSignedCertificate},
00076 {"RevokedCertificate", KSslError::RevokedCertificate},
00077 {"InvalidCertificatePurpose", KSslError::InvalidCertificatePurpose},
00078 {"RejectedCertificate", KSslError::RejectedCertificate},
00079 {"UntrustedCertificate", KSslError::UntrustedCertificate},
00080 {"ExpiredCertificate", KSslError::ExpiredCertificate},
00081 {"HostNameMismatch", KSslError::HostNameMismatch}
00082 };
00083
00084 for (int i = 0; i < int(sizeof(strError)/sizeof(strErr)); i++) {
00085 QString s = QString::fromLatin1(strError[i].str);
00086 KSslError::Error e = strError[i].err;
00087 stringToSslError.insert(s, e);
00088 sslErrorToString.insert(e, s);
00089 }
00090 }
00091
00092 KConfig config;
00093 QHash<QString, KSslError::Error> stringToSslError;
00094 QHash<KSslError::Error, QString> sslErrorToString;
00095 };
00096
00097
00098
00099 KSSLD::KSSLD(QObject* parent, const QVariantList&)
00100 : KDEDModule(parent),
00101 d(new KSSLDPrivate())
00102 {
00103 new KSSLDAdaptor(this);
00104 QDBusConnection::sessionBus().registerObject("/KdedKssl", this);
00105 }
00106
00107
00108 KSSLD::~KSSLD()
00109 {
00110 delete d;
00111 }
00112
00113
00114 void KSSLD::setRule(const KSslCertificateRule &rule)
00115 {
00116 if (rule.hostName().isEmpty()) {
00117 return;
00118 }
00119 KConfigGroup group = d->config.group(rule.certificate().digest());
00120
00121 QStringList sl;
00122
00123 QString dtString("ExpireUTC ");
00124 dtString.append(rule.expiryDateTime().toString(Qt::ISODate));
00125 sl.append(dtString);
00126
00127 if (rule.isRejected()) {
00128 sl.append("Reject");
00129 } else {
00130 foreach (KSslError::Error e, rule.ignoredErrors())
00131 sl.append(d->sslErrorToString.value(e));
00132 }
00133
00134 if (!group.hasKey("CertificatePEM"))
00135 group.writeEntry("CertificatePEM", rule.certificate().toPem());
00136 #ifdef PARANOIA
00137 else
00138 if (group.readEntry("CertificatePEM") != rule.certificate().toPem())
00139 return;
00140 #endif
00141 group.writeEntry(rule.hostName(), sl);
00142 group.sync();
00143 }
00144
00145
00146 void KSSLD::clearRule(const KSslCertificateRule &rule)
00147 {
00148 clearRule(rule.certificate(), rule.hostName());
00149 }
00150
00151
00152 void KSSLD::clearRule(const QSslCertificate &cert, const QString &hostName)
00153 {
00154 KConfigGroup group = d->config.group(cert.digest());
00155 group.deleteEntry(hostName);
00156 if (group.keyList().size() < 2) {
00157 group.deleteGroup();
00158 }
00159 group.sync();
00160 }
00161
00162
00163 KSslCertificateRule KSSLD::rule(const QSslCertificate &cert, const QString &hostName) const
00164 {
00165 KConfigGroup group = d->config.group(cert.digest());
00166
00167
00168 QString key = hostName;
00169 bool foundHostName = false;
00170 if (group.hasKey(key)) {
00171 foundHostName = true;
00172 } else {
00173 QString starDot("*.");
00174 while (!key.isEmpty()) {
00175 if (group.hasKey(starDot + key)) {
00176 foundHostName = true;
00177 break;
00178 }
00179
00180 int dotIndex = key.indexOf('.');
00181 if (dotIndex < 0)
00182 break;
00183 key.remove(0, dotIndex + 1);
00184 }
00185 key.prepend(starDot);
00186 }
00187 if (!foundHostName) {
00188
00189 return KSslCertificateRule(cert, hostName);
00190 }
00191
00192
00193 KSslCertificateRule ret(cert, key);
00194
00195 #ifdef PARANOIA
00196 if (group.readEntry("CertificatePEM") != cert.toPem())
00197 return ret;
00198 #endif
00199
00200
00201 QStringList sl = group.readEntry(key, QStringList());
00202
00203 QString dtString = sl.takeFirst();
00204 if (!dtString.startsWith("ExpireUTC "))
00205 return ret;
00206 dtString.remove(0, 10);
00207
00208 QDateTime expiryDt = QDateTime::fromString(dtString, Qt::ISODate);
00209 if (!expiryDt.isValid() || expiryDt < QDateTime::currentDateTime()) {
00210
00211 group.deleteEntry(key);
00212
00213 if (group.keyList().size() < 2)
00214 group.deleteGroup();
00215 group.sync();
00216 return ret;
00217 }
00218
00219 QList<KSslError::Error> ignoredErrors;
00220 bool isRejected = false;
00221 foreach (const QString &s, sl) {
00222 if (s == "Reject") {
00223 isRejected = true;
00224 ignoredErrors.clear();
00225 break;
00226 }
00227 if (!d->stringToSslError.contains(s))
00228 continue;
00229 ignoredErrors.append(d->stringToSslError.value(s));
00230 }
00231
00232
00233 ret.setExpiryDateTime(expiryDt);
00234 ret.setRejected(isRejected);
00235 ret.setIgnoredErrors(ignoredErrors);
00236 return ret;
00237 }
00238
00239
00240 void KSSLD::setRootCertificates(const QList<QSslCertificate> &rootCertificates)
00241 {
00242
00243 }
00244
00245
00246 QList<QSslCertificate> KSSLD::rootCertificates() const
00247 {
00248
00249 return QList<QSslCertificate>();
00250 }
00251
00252
00253 #include "kssld.moc"
00254 #include "kssld_adaptor.moc"