kio Library API Documentation

ksslpeerinfo.cc

00001 /* This file is part of the KDE project 00002 * 00003 * Copyright (C) 2000-2003 George Staikos <staikos@kde.org> 00004 * 00005 * This library is free software; you can redistribute it and/or 00006 * modify it under the terms of the GNU Library General Public 00007 * License as published by the Free Software Foundation; either 00008 * version 2 of the License, or (at your option) any later version. 00009 * 00010 * This library is distributed in the hope that it will be useful, 00011 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00012 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 00013 * Library General Public License for more details. 00014 * 00015 * You should have received a copy of the GNU Library General Public License 00016 * along with this library; see the file COPYING.LIB. If not, write to 00017 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, 00018 * Boston, MA 02111-1307, USA. 00019 */ 00020 00021 #ifdef HAVE_CONFIG_H 00022 #include <config.h> 00023 #endif 00024 00025 #include <qregexp.h> 00026 00027 #include "ksslpeerinfo.h" 00028 #include <kdebug.h> 00029 00030 #include <ksockaddr.h> 00031 #include <kextsock.h> 00032 #include <netsupp.h> 00033 00034 #include "ksslx509map.h" 00035 00036 class KSSLPeerInfoPrivate { 00037 public: 00038 KSSLPeerInfoPrivate() {} 00039 ~KSSLPeerInfoPrivate() { } 00040 QString peerHost; 00041 }; 00042 00043 00044 00045 KSSLPeerInfo::KSSLPeerInfo() { 00046 d = new KSSLPeerInfoPrivate; 00047 } 00048 00049 KSSLPeerInfo::~KSSLPeerInfo() { 00050 delete d; 00051 } 00052 00053 KSSLCertificate& KSSLPeerInfo::getPeerCertificate() { 00054 return m_cert; 00055 } 00056 00057 void KSSLPeerInfo::setPeerHost(QString realHost) { 00058 d->peerHost = realHost.stripWhiteSpace(); 00059 while(d->peerHost.endsWith(".")) 00060 d->peerHost.truncate(d->peerHost.length()-1); 00061 00062 d->peerHost = d->peerHost.lower(); 00063 } 00064 00065 bool KSSLPeerInfo::certMatchesAddress() { 00066 #ifdef KSSL_HAVE_SSL 00067 KSSLX509Map certinfo(m_cert.getSubject()); 00068 QStringList cns = QStringList::split(QRegExp("[ \n\r]"), certinfo.getValue("CN")); 00069 00070 for (QStringList::Iterator cn = cns.begin(); cn != cns.end(); ++cn) { 00071 if (cnMatchesAddress((*cn).stripWhiteSpace().lower())) 00072 return true; 00073 } 00074 00075 #endif 00076 00077 return false; 00078 } 00079 00080 00081 bool KSSLPeerInfo::cnMatchesAddress(QString cn) { 00082 #ifdef KSSL_HAVE_SSL 00083 QRegExp rx; 00084 00085 00086 kdDebug(7029) << "Matching CN=[" << cn << "] to [" 00087 << d->peerHost << "]" << endl; 00088 00089 // Check for invalid characters 00090 if (QRegExp("[^a-zA-Z0-9\\.\\*\\-]").search(cn) >= 0) { 00091 kdDebug(7029) << "CN contains invalid characters! Failing." << endl; 00092 return false; 00093 } 00094 00095 // Domains can legally end with '.'s. We don't need them though. 00096 while(cn.endsWith(".")) 00097 cn.truncate(cn.length()-1); 00098 00099 // Do not let empty CN's get by!! 00100 if (cn.isEmpty()) 00101 return false; 00102 00103 // Check for IPv4 address 00104 rx.setPattern("[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}"); 00105 if (rx.exactMatch(d->peerHost)) 00106 return d->peerHost == cn; 00107 00108 // Check for IPv6 address here... 00109 rx.setPattern("^\\[.*\\]$"); 00110 if (rx.exactMatch(d->peerHost)) 00111 return d->peerHost == cn; 00112 00113 if (cn.contains('*')) { 00114 // First make sure that there are at least two valid parts 00115 // after the wildcard (*). 00116 QStringList parts = QStringList::split('.', cn, false); 00117 00118 while(parts.count() > 2) 00119 parts.remove(parts.begin()); 00120 00121 if (parts.count() != 2) { 00122 return false; // we don't allow *.root - that's bad 00123 } 00124 00125 if (parts[0].contains('*') || parts[1].contains('*')) { 00126 return false; 00127 } 00128 00129 // RFC2818 says that *.example.com should match against 00130 // foo.example.com but not bar.foo.example.com 00131 // (ie. they must have the same number of parts) 00132 if (QRegExp(cn, false, true).exactMatch(d->peerHost) && 00133 QStringList::split('.', cn, false).count() == 00134 QStringList::split('.', d->peerHost, false).count()) 00135 return true; 00136 00137 return false; 00138 } 00139 00140 // We must have an exact match in this case (insensitive though) 00141 // (note we already did .lower()) 00142 if (cn == d->peerHost) 00143 return true; 00144 #endif 00145 return false; 00146 } 00147 00148 00149 void KSSLPeerInfo::reset() { 00150 d->peerHost = QString::null; 00151 } 00152 00153
KDE Logo
This file is part of the documentation for kio Library Version 3.2.3.
Documentation copyright © 1996-2004 the KDE developers.
Generated on Sat Jun 12 15:08:46 2004 by doxygen 1.3.7 written by Dimitri van Heesch, © 1997-2003