tdeio/kssl
ksslcertchain.cc
00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020 #ifdef HAVE_CONFIG_H
00021 #include <config.h>
00022 #endif
00023
00024 #include "kssldefs.h"
00025 #include "ksslcertificate.h"
00026 #include "ksslcertchain.h"
00027
00028
00029
00030 #ifdef KSSL_HAVE_SSL
00031 #define crypt _openssl_crypt
00032 #include <openssl/ssl.h>
00033 #include <openssl/x509.h>
00034 #include <openssl/x509v3.h>
00035 #include <openssl/x509_vfy.h>
00036 #include <openssl/pem.h>
00037 #include <openssl/stack.h>
00038 #include <openssl/safestack.h>
00039 #undef crypt
00040 #endif
00041
00042 #include <kopenssl.h>
00043 #include <kdebug.h>
00044 #include <tqstringlist.h>
00045
00046
00047 class KSSLCertChainPrivate {
00048 public:
00049 KSSLCertChainPrivate() {
00050 kossl = KOSSL::self();
00051 }
00052
00053 ~KSSLCertChainPrivate() {
00054 }
00055
00056 KOSSL *kossl;
00057 };
00058
00059 KSSLCertChain::KSSLCertChain() {
00060 d = new KSSLCertChainPrivate;
00061 _chain = NULL;
00062 }
00063
00064
00065 KSSLCertChain::~KSSLCertChain() {
00066 #ifdef KSSL_HAVE_SSL
00067 if (_chain) {
00068 STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
00069
00070 for (;;) {
00071 X509* x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_pop(x));
00072 if (!x5) break;
00073 d->kossl->X509_free(x5);
00074 }
00075 d->kossl->OPENSSL_sk_free(x);
00076 }
00077 #endif
00078 delete d;
00079 }
00080
00081
00082 bool KSSLCertChain::isValid() {
00083 return (_chain && depth() > 0);
00084 }
00085
00086
00087 KSSLCertChain *KSSLCertChain::replicate() {
00088 KSSLCertChain *x = new KSSLCertChain;
00089 TQPtrList<KSSLCertificate> ch = getChain();
00090
00091 x->setChain(ch);
00092 ch.setAutoDelete(true);
00093 return x;
00094 }
00095
00096
00097 int KSSLCertChain::depth() {
00098 #ifdef KSSL_HAVE_SSL
00099 return d->kossl->OPENSSL_sk_num((STACK_OF(X509)*)_chain);
00100 #endif
00101 return 0;
00102 }
00103
00104
00105 TQPtrList<KSSLCertificate> KSSLCertChain::getChain() {
00106 TQPtrList<KSSLCertificate> cl;
00107 if (!_chain) return cl;
00108 #ifdef KSSL_HAVE_SSL
00109 STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
00110
00111 for (int i = 0; i < d->kossl->OPENSSL_sk_num(x); i++) {
00112 X509* x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_value(x, i));
00113 if (!x5) continue;
00114 KSSLCertificate *nc = new KSSLCertificate;
00115 nc->setCert(d->kossl->X509_dup(x5));
00116 cl.append(nc);
00117 }
00118
00119 #endif
00120 return cl;
00121 }
00122
00123
00124 void KSSLCertChain::setChain(TQPtrList<KSSLCertificate>& chain) {
00125 #ifdef KSSL_HAVE_SSL
00126 if (_chain) {
00127 STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
00128
00129 for (;;) {
00130 X509* x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_pop(x));
00131 if (!x5) break;
00132 d->kossl->X509_free(x5);
00133 }
00134 d->kossl->OPENSSL_sk_free(x);
00135 _chain = NULL;
00136 }
00137
00138 if (chain.count() == 0) return;
00139 _chain = reinterpret_cast<STACK_OF(X509)*>(d->kossl->OPENSSL_sk_new(NULL));
00140 for (KSSLCertificate *x = chain.first(); x != 0; x = chain.next()) {
00141 d->kossl->OPENSSL_sk_push((STACK_OF(X509) *)_chain, d->kossl->X509_dup(x->getCert()));
00142 }
00143
00144 #endif
00145 }
00146
00147
00148 void KSSLCertChain::setChain(void *stack_of_x509) {
00149 #ifdef KSSL_HAVE_SSL
00150 if (_chain) {
00151 STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
00152
00153 for (;;) {
00154 X509* x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_pop(x));
00155 if (!x5) break;
00156 d->kossl->X509_free(x5);
00157 }
00158 d->kossl->OPENSSL_sk_free(x);
00159 _chain = NULL;
00160 }
00161
00162 if (!stack_of_x509) return;
00163
00164 _chain = reinterpret_cast<STACK_OF(X509)*>(d->kossl->OPENSSL_sk_new(NULL));
00165 STACK_OF(X509) *x = (STACK_OF(X509) *)stack_of_x509;
00166
00167 for (int i = 0; i < d->kossl->OPENSSL_sk_num(x); i++) {
00168 X509* x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_value(x, i));
00169 if (!x5) continue;
00170 d->kossl->OPENSSL_sk_push((STACK_OF(X509)*)_chain,d->kossl->X509_dup(x5));
00171 }
00172
00173 #else
00174 _chain = NULL;
00175 #endif
00176 }
00177
00178
00179 void KSSLCertChain::setChain(TQStringList chain) {
00180 setCertChain(chain);
00181 }
00182
00183 void KSSLCertChain::setCertChain(const TQStringList& chain) {
00184 TQPtrList<KSSLCertificate> cl;
00185 cl.setAutoDelete(true);
00186 for (TQStringList::ConstIterator s = chain.begin(); s != chain.end(); ++s) {
00187 KSSLCertificate *c = KSSLCertificate::fromString((*s).local8Bit());
00188 if (c) {
00189 cl.append(c);
00190 }
00191 }
00192 setChain(cl);
00193 }
00194