ksslcertificatecache.h
00001 /* This file is part of the KDE project 00002 * 00003 * Copyright (C) 2000, 2001 George Staikos <staikos@kde.org> 00004 * 00005 * This library is free software; you can redistribute it and/or 00006 * modify it under the terms of the GNU Library General Public 00007 * License as published by the Free Software Foundation; either 00008 * version 2 of the License, or (at your option) any later version. 00009 * 00010 * This library is distributed in the hope that it will be useful, 00011 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00012 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 00013 * Library General Public License for more details. 00014 * 00015 * You should have received a copy of the GNU Library General Public License 00016 * along with this library; see the file COPYING.LIB. If not, write to 00017 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, 00018 * Boston, MA 02110-1301, USA. 00019 */ 00020 00021 #ifndef _INCLUDE_KSSLCCACHE_H 00022 #define _INCLUDE_KSSLCCACHE_H 00023 00024 class KSSLCertificate; 00025 #include <tqstring.h> 00026 #include <tqstringlist.h> 00027 #include <tqdatetime.h> 00028 00029 #include <kdelibs_export.h> 00030 00031 class KIO_EXPORT KSSLCertificateCache { 00032 public: 00033 00034 enum KSSLCertificatePolicy { Unknown, Reject, Accept, Prompt, Ambiguous }; 00035 // Unknown: no policy has been set for this record 00036 // Reject: user has requested to not accept data from this site 00037 // Accept: user has requested to always accept data from this site 00038 // Prompt: user wishes to be prompted before accepting this certificate 00039 // You may need to set a [non-]permanent policy on this record after 00040 // the user is prompted. 00041 // Ambiguous: The state cannot be uniquely determined. Hopefully this 00042 // doesn't happen. 00043 00044 KSSLCertificateCache(); 00045 ~KSSLCertificateCache(); 00046 00047 void addCertificate(KSSLCertificate& cert, KSSLCertificatePolicy policy, 00048 bool permanent = true); 00049 00050 // WARNING! This is not a "secure" method. You need to actually 00051 // do a getPolicyByCertificate to be cryptographically sure 00052 // that this is an accepted certificate/site pair. 00053 // (note that the site (CN) is encoded in the certificate 00054 // so you should only accept certificates whose CN matches 00055 // the exact FQDN of the site presenting it) 00056 // If you're just doing an OpenSSL connection, I believe it 00057 // tests this for you, but don't take my word for it. 00058 KSSLCertificatePolicy getPolicyByCN(TQString& cn); 00059 00060 KSSLCertificatePolicy getPolicyByCertificate(KSSLCertificate& cert); 00061 00062 bool seenCN(TQString& cn); 00063 bool seenCertificate(KSSLCertificate& cert); 00064 00065 bool removeByCN(TQString& cn); 00066 bool removeByCertificate(KSSLCertificate& cert); 00067 00068 bool isPermanent(KSSLCertificate& cert); 00069 00070 bool modifyByCN(TQString& cn, 00071 KSSLCertificateCache::KSSLCertificatePolicy policy, 00072 bool permanent, 00073 TQDateTime& expires); 00074 00075 bool modifyByCertificate(KSSLCertificate& cert, 00076 KSSLCertificateCache::KSSLCertificatePolicy policy, 00077 bool permanent, 00078 TQDateTime& expires); 00079 00080 TQStringList getHostList(KSSLCertificate& cert); 00081 bool addHost(KSSLCertificate& cert, TQString& host); 00082 bool removeHost(KSSLCertificate& cert, TQString& host); 00083 00084 // SMIME 00085 TQStringList getKDEKeyByEmail(const TQString &email); 00086 KSSLCertificate *getCertByMD5Digest(const TQString &key); 00087 00088 void reload(); 00089 00090 // You shouldn't need to call this but in some weird circumstances 00091 // it might be necessary. 00092 void saveToDisk(); 00093 00094 private: 00095 class KSSLCertificateCachePrivate; 00096 KSSLCertificateCachePrivate *d; 00097 00098 void loadDefaultPolicies(); 00099 void clearList(); 00100 00101 }; 00102 00103 00104 KIO_EXPORT TQDataStream& operator<<(TQDataStream& s, const KSSLCertificateCache::KSSLCertificatePolicy& p); 00105 KIO_EXPORT TQDataStream& operator>>(TQDataStream& s, KSSLCertificateCache::KSSLCertificatePolicy& p); 00106 00107 #endif