ksslcertificate.h
00001 /* This file is part of the KDE project 00002 * 00003 * Copyright (C) 2000-2003 George Staikos <staikos@kde.org> 00004 * 00005 * This library is free software; you can redistribute it and/or 00006 * modify it under the terms of the GNU Library General Public 00007 * License as published by the Free Software Foundation; either 00008 * version 2 of the License, or (at your option) any later version. 00009 * 00010 * This library is distributed in the hope that it will be useful, 00011 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00012 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 00013 * Library General Public License for more details. 00014 * 00015 * You should have received a copy of the GNU Library General Public License 00016 * along with this library; see the file COPYING.LIB. If not, write to 00017 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, 00018 * Boston, MA 02110-1301, USA. 00019 */ 00020 00021 #ifndef _KSSLCERTIFICATE_H 00022 #define _KSSLCERTIFICATE_H 00023 00024 00025 // UPDATE: I like the structure of this class less and less every time I look 00026 // at it. I think it needs to change. 00027 // 00028 // 00029 // The biggest reason for making everything protected here is so that 00030 // the class can have all it's methods available even if openssl is not 00031 // available. Also, to create a new certificate you should use the 00032 // KSSLCertificateFactory, and to manage the user's database of certificates, 00033 // you should go through the KSSLCertificateHome. 00034 // 00035 // There should be no reason to touch the X509 stuff directly. 00036 // 00037 00038 #include <tqcstring.h> 00039 #include <tqvaluelist.h> 00040 00041 class TQString; 00042 class TQStringList; 00043 class TQCString; 00044 class KSSL; 00045 class KSSLCertificatePrivate; 00046 class TQDateTime; 00047 class KSSLCertChain; 00048 class KSSLX509V3; 00049 00050 #include <kdelibs_export.h> 00051 00052 #ifdef Q_WS_WIN 00053 #include "ksslconfig_win.h" 00054 #else 00055 #include "ksslconfig.h" 00056 #endif 00057 00058 #ifdef KSSL_HAVE_SSL 00059 typedef struct x509_st X509; 00060 typedef struct X509_crl_st X509_CRL; 00061 #else 00062 class X509; 00063 class X509_CRL; 00064 #endif 00065 00077 class KIO_EXPORT KSSLCertificate { 00078 friend class KSSL; 00079 friend class KSSLCertificateHome; 00080 friend class KSSLCertificateFactory; 00081 friend class KSSLCertificateCache; 00082 friend class KSSLCertChain; 00083 friend class KSSLPeerInfo; 00084 friend class KSSLPKCS12; 00085 friend class KSSLD; 00086 friend class KSMIMECryptoPrivate; 00087 00088 00089 public: 00093 ~KSSLCertificate(); 00094 00100 static KSSLCertificate *fromString(TQCString cert); 00101 00107 static KSSLCertificate *crlFromString(TQCString cert); 00108 00116 static KSSLCertificate *fromX509(X509 *x5); 00117 00122 enum KSSLValidation { Unknown, Ok, NoCARoot, InvalidPurpose, 00123 PathLengthExceeded, InvalidCA, Expired, 00124 SelfSigned, ErrorReadingRoot, NoSSL, 00125 Revoked, Untrusted, SignatureFailed, 00126 Rejected, PrivateKeyFailed, InvalidHost, 00127 Irrelevant, SelfSignedChain 00128 }; 00129 00130 enum KSSLPurpose { None=0, SSLServer=1, SSLClient=2, 00131 SMIMESign=3, SMIMEEncrypt=4, Any=5 }; 00132 00133 typedef TQValueList<KSSLValidation> KSSLValidationList; 00134 00139 TQString toString(); 00140 00145 TQString getSubject() const; 00146 00151 TQString getIssuer() const; 00152 00157 TQString getNotBefore() const; 00158 00163 TQString getNotAfter() const; 00164 00169 TQDateTime getQDTNotBefore() const; 00170 00175 TQDateTime getQDTNotAfter() const; 00176 00181 TQDateTime getQDTLastUpdate() const; 00182 00187 TQDateTime getQDTNextUpdate() const; 00188 00193 TQByteArray toDer(); 00194 00199 TQByteArray toPem(); 00200 00205 TQByteArray toNetscape(); 00206 00211 TQString toText(); 00212 00217 TQString getSerialNumber() const; 00218 00223 TQString getKeyType() const; 00224 00229 TQString getPublicKeyText() const; 00230 00236 TQString getMD5DigestText() const; 00237 00242 TQString getMD5Digest() const; 00243 00248 TQString getSignatureText() const; 00249 00254 bool isValid(); 00255 00261 bool isValid(KSSLPurpose p); 00262 00267 TQStringList subjAltNames() const; 00268 00273 KSSLValidation validate(); 00274 00280 KSSLValidation validate(KSSLPurpose p); 00281 00287 KSSLValidationList validateVerbose(KSSLPurpose p); 00288 00296 KSSLValidationList validateVerbose(KSSLPurpose p, KSSLCertificate *ca); 00297 00302 KSSLValidation revalidate(); 00303 00309 KSSLValidation revalidate(KSSLPurpose p); 00310 00315 KSSLCertChain& chain(); 00316 00322 static TQString verifyText(KSSLValidation x); 00323 00328 KSSLCertificate *replicate(); 00329 00334 KSSLCertificate(const KSSLCertificate& x); // copy constructor 00335 00341 bool setCert(TQString& cert); 00342 00348 KSSLX509V3& x509V3Extensions(); 00349 00354 bool isSigner(); 00355 00359 void getEmails(TQStringList& to) const; 00360 00366 TQString getKDEKey() const; 00367 00371 static TQString getMD5DigestFromKDEKey(const TQString& k); 00372 00373 private: 00374 KIO_EXPORT friend int operator!=(KSSLCertificate& x, KSSLCertificate& y); 00375 KIO_EXPORT friend int operator==(KSSLCertificate& x, KSSLCertificate& y); 00376 00377 KSSLCertificatePrivate *d; 00378 int purposeToOpenSSL(KSSLPurpose p) const; 00379 00380 protected: 00381 KSSLCertificate(); 00382 00383 void setCert(X509 *c); 00384 void setCRL(X509_CRL *c); 00385 void setChain(void *c); 00386 X509 *getCert(); 00387 KSSLValidation processError(int ec); 00388 }; 00389 00390 KIO_EXPORT TQDataStream& operator<<(TQDataStream& s, const KSSLCertificate& r); 00391 KIO_EXPORT TQDataStream& operator>>(TQDataStream& s, KSSLCertificate& r); 00392 00393 KIO_EXPORT int operator==(KSSLCertificate& x, KSSLCertificate& y); 00394 KIO_EXPORT inline int operator!=(KSSLCertificate& x, KSSLCertificate& y) 00395 { return !(x == y); } 00396 00397 #endif 00398