kio Library API Documentation

ksslpkcs12.cc

00001 /* This file is part of the KDE project 00002 * 00003 * Copyright (C) 2001 George Staikos <staikos@kde.org> 00004 * 00005 * This library is free software; you can redistribute it and/or 00006 * modify it under the terms of the GNU Library General Public 00007 * License as published by the Free Software Foundation; either 00008 * version 2 of the License, or (at your option) any later version. 00009 * 00010 * This library is distributed in the hope that it will be useful, 00011 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00012 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 00013 * Library General Public License for more details. 00014 * 00015 * You should have received a copy of the GNU Library General Public License 00016 * along with this library; see the file COPYING.LIB. If not, write to 00017 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, 00018 * Boston, MA 02111-1307, USA. 00019 */ 00020 00021 00022 #ifdef HAVE_CONFIG_H 00023 #include <config.h> 00024 #endif 00025 00026 #include <kopenssl.h> 00027 00028 #include <qstring.h> 00029 #include <qfile.h> 00030 #include <ksslall.h> 00031 #include <kdebug.h> 00032 #include <ktempfile.h> 00033 #include <kmdcodec.h> 00034 00035 #include <assert.h> 00036 00037 #ifdef KSSL_HAVE_SSL 00038 #define sk_new kossl->sk_new 00039 #define sk_push kossl->sk_push 00040 #define sk_free kossl->sk_free 00041 #define sk_value kossl->sk_value 00042 #define sk_num kossl->sk_num 00043 #define sk_dup kossl->sk_dup 00044 #define sk_pop kossl->sk_pop 00045 #endif 00046 00047 00048 KSSLPKCS12::KSSLPKCS12() { 00049 _pkcs = NULL; 00050 _pkey = NULL; 00051 _cert = NULL; 00052 _caStack = NULL; 00053 kossl = KOSSL::self(); 00054 } 00055 00056 00057 00058 KSSLPKCS12::~KSSLPKCS12() { 00059 #ifdef KSSL_HAVE_SSL 00060 if (_pkey) kossl->EVP_PKEY_free(_pkey); 00061 if (_caStack) { 00062 for (;;) { 00063 X509* x5 = sk_X509_pop(_caStack); 00064 if (!x5) break; 00065 kossl->X509_free(x5); 00066 } 00067 sk_X509_free(_caStack); 00068 } 00069 if (_pkcs) kossl->PKCS12_free(_pkcs); 00070 #endif 00071 if (_cert) delete _cert; 00072 } 00073 00074 00075 KSSLPKCS12* KSSLPKCS12::fromString(QString base64, QString password) { 00076 #ifdef KSSL_HAVE_SSL 00077 KTempFile ktf; 00078 00079 if (base64.isEmpty()) return NULL; 00080 QByteArray qba, qbb = QCString(base64.latin1()).copy(); 00081 KCodecs::base64Decode(qbb, qba); 00082 ktf.file()->writeBlock(qba); 00083 ktf.close(); 00084 KSSLPKCS12* rc = loadCertFile(ktf.name(), password); 00085 ktf.unlink(); 00086 return rc; 00087 #endif 00088 return NULL; 00089 } 00090 00091 00092 00093 KSSLPKCS12* KSSLPKCS12::loadCertFile(QString filename, QString password) { 00094 #ifdef KSSL_HAVE_SSL 00095 QFile qf(filename); 00096 PKCS12 *newpkcs = NULL; 00097 00098 if (!qf.open(IO_ReadOnly)) 00099 return NULL; 00100 00101 FILE *fp = fdopen(qf.handle(), "r"); 00102 if (!fp) return NULL; 00103 00104 newpkcs = KOSSL::self()->d2i_PKCS12_fp(fp, &newpkcs); 00105 00106 fclose(fp); 00107 if (!newpkcs) { 00108 KOSSL::self()->ERR_clear_error(); 00109 return NULL; 00110 } 00111 00112 KSSLPKCS12 *c = new KSSLPKCS12; 00113 c->setCert(newpkcs); 00114 00115 // Now we parse it to see if we can decrypt it and interpret it 00116 if (!c->parse(password)) { 00117 delete c; c = NULL; 00118 } 00119 00120 return c; 00121 #endif 00122 return NULL; 00123 } 00124 00125 00126 void KSSLPKCS12::setCert(PKCS12 *c) { 00127 #ifdef KSSL_HAVE_SSL 00128 _pkcs = c; 00129 #endif 00130 } 00131 00132 00133 bool KSSLPKCS12::changePassword(QString pold, QString pnew) { 00134 #ifdef KSSL_HAVE_SSL 00135 // OpenSSL makes me cast away the const here. argh 00136 return (0 == kossl->PKCS12_newpass(_pkcs, 00137 (char *)pold.latin1(), 00138 (char *)pnew.latin1())); 00139 #endif 00140 return false; 00141 } 00142 00143 00144 bool KSSLPKCS12::parse(QString pass) { 00145 #ifdef KSSL_HAVE_SSL 00146 X509 *x = NULL; 00147 00148 assert(_pkcs); // if you're calling this before pkcs gets set, it's a BUG! 00149 00150 if (_cert) delete _cert; 00151 if (_pkey) kossl->EVP_PKEY_free(_pkey); 00152 if (_caStack) { 00153 for (;;) { 00154 X509* x5 = sk_X509_pop(_caStack); 00155 if (!x5) break; 00156 kossl->X509_free(x5); 00157 } 00158 sk_X509_free(_caStack); 00159 } 00160 _pkey = NULL; 00161 _caStack = NULL; 00162 _cert = NULL; 00163 00164 int rc = kossl->PKCS12_parse(_pkcs, pass.latin1(), &_pkey, &x, &_caStack); 00165 00166 if (rc == 1) { 00167 // kdDebug(7029) << "PKCS12_parse success" << endl; 00168 if (x) { 00169 _cert = new KSSLCertificate; 00170 _cert->setCert(x); 00171 if (_caStack) { 00172 _cert->setChain(_caStack); 00173 } 00174 return true; 00175 } 00176 } else { 00177 _caStack = NULL; 00178 _pkey = NULL; 00179 kossl->ERR_clear_error(); 00180 } 00181 #endif 00182 return false; 00183 } 00184 00185 00186 EVP_PKEY *KSSLPKCS12::getPrivateKey() { 00187 return _pkey; 00188 } 00189 00190 00191 KSSLCertificate *KSSLPKCS12::getCertificate() { 00192 return _cert; 00193 } 00194 00195 00196 QString KSSLPKCS12::toString() { 00197 QString base64; 00198 #ifdef KSSL_HAVE_SSL 00199 unsigned char *p; 00200 int len; 00201 00202 len = kossl->i2d_PKCS12(_pkcs, NULL); 00203 char *buf = new char[len]; 00204 p = (unsigned char *)buf; 00205 kossl->i2d_PKCS12(_pkcs, &p); 00206 QByteArray qba; 00207 qba.setRawData(buf, len); 00208 base64 = KCodecs::base64Encode(qba); 00209 qba.resetRawData(buf, len); 00210 delete[] buf; 00211 #endif 00212 return base64; 00213 } 00214 00215 00216 00217 bool KSSLPKCS12::toFile(QString filename) { 00218 #ifdef KSSL_HAVE_SSL 00219 QFile out(filename); 00220 00221 if (!out.open(IO_WriteOnly)) return false; 00222 00223 int fd = out.handle(); 00224 FILE *fp = fdopen(fd, "w"); 00225 00226 if (!fp) { 00227 unlink(filename.latin1()); 00228 return false; 00229 } 00230 00231 kossl->i2d_PKCS12_fp(fp, _pkcs); 00232 00233 fclose(fp); 00234 return true; 00235 #endif 00236 return false; 00237 } 00238 00239 00240 KSSLCertificate::KSSLValidation KSSLPKCS12::validate() { 00241 return validate(KSSLCertificate::SSLServer); 00242 } 00243 00244 00245 KSSLCertificate::KSSLValidation KSSLPKCS12::validate(KSSLCertificate::KSSLPurpose p) { 00246 #ifdef KSSL_HAVE_SSL 00247 KSSLCertificate::KSSLValidation xx = _cert->validate(p); 00248 if (1 != kossl->X509_check_private_key(_cert->getCert(), _pkey)) { 00249 xx = KSSLCertificate::PrivateKeyFailed; 00250 } 00251 00252 return xx; 00253 #else 00254 return KSSLCertificate::NoSSL; 00255 #endif 00256 } 00257 00258 00259 KSSLCertificate::KSSLValidation KSSLPKCS12::revalidate() { 00260 return revalidate(KSSLCertificate::SSLServer); 00261 } 00262 00263 00264 KSSLCertificate::KSSLValidation KSSLPKCS12::revalidate(KSSLCertificate::KSSLPurpose p) { 00265 return _cert->revalidate(p); 00266 } 00267 00268 00269 bool KSSLPKCS12::isValid() { 00270 return isValid(KSSLCertificate::SSLServer); 00271 } 00272 00273 00274 bool KSSLPKCS12::isValid(KSSLCertificate::KSSLPurpose p) { 00275 return (validate(p) == KSSLCertificate::Ok); 00276 } 00277 00278 00279 QString KSSLPKCS12::name() { 00280 return _cert->getSubject(); 00281 } 00282 00283 00284 #ifdef KSSL_HAVE_SSL 00285 #undef sk_new 00286 #undef sk_push 00287 #undef sk_free 00288 #undef sk_value 00289 #undef sk_num 00290 #undef sk_pop 00291 #undef sk_dup 00292 #endif 00293
KDE Logo
This file is part of the documentation for kio Library Version 3.2.3.
Documentation copyright © 1996-2004 the KDE developers.
Generated on Mon Aug 30 22:54:42 2004 by doxygen 1.3.8 written by Dimitri van Heesch, © 1997-2003