ksslcertchain.cc
00001 /* This file is part of the KDE project 00002 * 00003 * Copyright (C) 2001 George Staikos <staikos@kde.org> 00004 * 00005 * This library is free software; you can redistribute it and/or 00006 * modify it under the terms of the GNU Library General Public 00007 * License as published by the Free Software Foundation; either 00008 * version 2 of the License, or (at your option) any later version. 00009 * 00010 * This library is distributed in the hope that it will be useful, 00011 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00012 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 00013 * Library General Public License for more details. 00014 * 00015 * You should have received a copy of the GNU Library General Public License 00016 * along with this library; see the file COPYING.LIB. If not, write to 00017 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, 00018 * Boston, MA 02110-1301, USA. 00019 */ 00020 #ifdef HAVE_CONFIG_H 00021 #include <config.h> 00022 #endif 00023 00024 #include "kssldefs.h" 00025 #include "ksslcertificate.h" 00026 #include "ksslcertchain.h" 00027 00028 // this hack provided by Malte Starostik to avoid glibc/openssl bug 00029 // on some systems 00030 #ifdef KSSL_HAVE_SSL 00031 #define crypt _openssl_crypt 00032 #include <openssl/ssl.h> 00033 #include <openssl/x509.h> 00034 #include <openssl/x509v3.h> 00035 #include <openssl/x509_vfy.h> 00036 #include <openssl/pem.h> 00037 #include <openssl/stack.h> 00038 #include <openssl/safestack.h> 00039 #undef crypt 00040 #endif 00041 00042 #include <kopenssl.h> 00043 #include <kdebug.h> 00044 #include <tqstringlist.h> 00045 00046 00047 class KSSLCertChainPrivate { 00048 public: 00049 KSSLCertChainPrivate() { 00050 kossl = KOSSL::self(); 00051 } 00052 00053 ~KSSLCertChainPrivate() { 00054 } 00055 00056 KOSSL *kossl; 00057 }; 00058 00059 KSSLCertChain::KSSLCertChain() { 00060 d = new KSSLCertChainPrivate; 00061 _chain = NULL; 00062 } 00063 00064 00065 KSSLCertChain::~KSSLCertChain() { 00066 #ifdef KSSL_HAVE_SSL 00067 if (_chain) { 00068 STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; 00069 00070 for (;;) { 00071 X509* x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_pop(x)); 00072 if (!x5) break; 00073 d->kossl->X509_free(x5); 00074 } 00075 d->kossl->OPENSSL_sk_free(x); 00076 } 00077 #endif 00078 delete d; 00079 } 00080 00081 00082 bool KSSLCertChain::isValid() { 00083 return (_chain && depth() > 0); 00084 } 00085 00086 00087 KSSLCertChain *KSSLCertChain::replicate() { 00088 KSSLCertChain *x = new KSSLCertChain; 00089 TQPtrList<KSSLCertificate> ch = getChain(); 00090 00091 x->setChain(ch); // this will do a deep copy for us 00092 ch.setAutoDelete(true); 00093 return x; 00094 } 00095 00096 00097 int KSSLCertChain::depth() { 00098 #ifdef KSSL_HAVE_SSL 00099 return d->kossl->OPENSSL_sk_num((STACK_OF(X509)*)_chain); 00100 #endif 00101 return 0; 00102 } 00103 00104 00105 TQPtrList<KSSLCertificate> KSSLCertChain::getChain() { 00106 TQPtrList<KSSLCertificate> cl; 00107 if (!_chain) return cl; 00108 #ifdef KSSL_HAVE_SSL 00109 STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; 00110 00111 for (int i = 0; i < d->kossl->OPENSSL_sk_num(x); i++) { 00112 X509* x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_value(x, i)); 00113 if (!x5) continue; 00114 KSSLCertificate *nc = new KSSLCertificate; 00115 nc->setCert(d->kossl->X509_dup(x5)); 00116 cl.append(nc); 00117 } 00118 00119 #endif 00120 return cl; 00121 } 00122 00123 00124 void KSSLCertChain::setChain(TQPtrList<KSSLCertificate>& chain) { 00125 #ifdef KSSL_HAVE_SSL 00126 if (_chain) { 00127 STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; 00128 00129 for (;;) { 00130 X509* x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_pop(x)); 00131 if (!x5) break; 00132 d->kossl->X509_free(x5); 00133 } 00134 d->kossl->OPENSSL_sk_free(x); 00135 _chain = NULL; 00136 } 00137 00138 if (chain.count() == 0) return; 00139 _chain = reinterpret_cast<STACK_OF(X509)*>(d->kossl->OPENSSL_sk_new(NULL)); 00140 for (KSSLCertificate *x = chain.first(); x != 0; x = chain.next()) { 00141 d->kossl->OPENSSL_sk_push((STACK_OF(X509) *)_chain, d->kossl->X509_dup(x->getCert())); 00142 } 00143 00144 #endif 00145 } 00146 00147 00148 void KSSLCertChain::setChain(void *stack_of_x509) { 00149 #ifdef KSSL_HAVE_SSL 00150 if (_chain) { 00151 STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; 00152 00153 for (;;) { 00154 X509* x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_pop(x)); 00155 if (!x5) break; 00156 d->kossl->X509_free(x5); 00157 } 00158 d->kossl->OPENSSL_sk_free(x); 00159 _chain = NULL; 00160 } 00161 00162 if (!stack_of_x509) return; 00163 00164 _chain = reinterpret_cast<STACK_OF(X509)*>(d->kossl->OPENSSL_sk_new(NULL)); 00165 STACK_OF(X509) *x = (STACK_OF(X509) *)stack_of_x509; 00166 00167 for (int i = 0; i < d->kossl->OPENSSL_sk_num(x); i++) { 00168 X509* x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_value(x, i)); 00169 if (!x5) continue; 00170 d->kossl->OPENSSL_sk_push((STACK_OF(X509)*)_chain,d->kossl->X509_dup(x5)); 00171 } 00172 00173 #else 00174 _chain = NULL; 00175 #endif 00176 } 00177 00178 00179 void KSSLCertChain::setChain(TQStringList chain) { 00180 setCertChain(chain); 00181 } 00182 00183 void KSSLCertChain::setCertChain(const TQStringList& chain) { 00184 TQPtrList<KSSLCertificate> cl; 00185 cl.setAutoDelete(true); 00186 for (TQStringList::ConstIterator s = chain.begin(); s != chain.end(); ++s) { 00187 KSSLCertificate *c = KSSLCertificate::fromString((*s).local8Bit()); 00188 if (c) { 00189 cl.append(c); 00190 } 00191 } 00192 setChain(cl); 00193 } 00194