30 #include <tqstringlist.h> 34 #include "ksslcertificate.h" 35 #include "ksslcertchain.h" 36 #include "ksslutils.h" 38 #include <kstandarddirs.h> 40 #include <tdelocale.h> 41 #include <tqdatetime.h> 42 #include <tdetempfile.h> 44 #include <sys/types.h> 46 #ifdef HAVE_SYS_STAT_H 53 #define crypt _openssl_crypt 54 #include <openssl/ssl.h> 55 #include <openssl/x509.h> 56 #include <openssl/x509v3.h> 57 #include <openssl/x509_vfy.h> 58 #include <openssl/pem.h> 63 #include <tqcstring.h> 65 #include "ksslx509v3.h" 69 static char hv[] = {
'0',
'1',
'2',
'3',
'4',
'5',
'6',
'7',
'8',
'9',
'A',
'B',
'C',
'D',
'E',
'F'};
72 class KSSLCertificatePrivate {
74 KSSLCertificatePrivate() {
75 kossl = KOSSL::self();
76 _lastPurpose = KSSLCertificate::None;
79 ~KSSLCertificatePrivate() {
90 KSSLCertificate::KSSLPurpose _lastPurpose;
94 d =
new KSSLCertificatePrivate;
95 d->m_stateCached =
false;
96 TDEGlobal::dirs()->addResourceType(
"kssl", TDEStandardDirs::kde_default(
"data") +
"kssl");
104 d =
new KSSLCertificatePrivate;
105 d->m_stateCached =
false;
106 TDEGlobal::dirs()->addResourceType(
"kssl", TDEStandardDirs::kde_default(
"data") +
"kssl");
109 setCert(KOSSL::self()->X509_dup(const_cast<KSSLCertificate&>(x).getCert()));
121 d->kossl->X509_free(d->m_cert);
137 n->
setCert(KOSSL::self()->X509_dup(x5));
147 if (cert.length() == 0)
150 TQByteArray qba, qbb = cert.copy();
151 KCodecs::base64Decode(qbb, qba);
152 unsigned char *qbap =
reinterpret_cast<unsigned char *
>(qba.data());
153 X509 *x5c = KOSSL::self()->d2i_X509(NULL, &qbap, qba.size());
170 char *t = d->kossl->X509_NAME_oneline(d->kossl->X509_get_subject_name(d->m_cert), 0, 0);
174 d->kossl->OPENSSL_free(t);
184 ASN1_INTEGER *aint = d->kossl->X509_get_serialNumber(d->m_cert);
186 rc = ASN1_INTEGER_QString(aint);
201 i = d->kossl->OBJ_obj2nid(d->m_cert->sig_alg->algorithm);
202 rc = i18n(
"Signature Algorithm: ");
203 rc += (i == NID_undef)?i18n(
"Unknown"):TQString(d->kossl->OBJ_nid2ln(i));
206 rc += i18n(
"Signature Contents:");
207 n = d->m_cert->signature->length;
208 s = (
char *)d->m_cert->signature->data;
209 for (i = 0; i < n; i++) {
210 if (i%20 != 0) rc +=
":";
212 rc.append(hv[(s[i]&0xf0)>>4]);
213 rc.append(hv[s[i]&0x0f]);
228 STACK *s = d->kossl->X509_get1_email(d->m_cert);
230 for(
int n=0; n < s->num; n++) {
231 to.append(d->kossl->sk_value(s,n));
233 d->kossl->X509_email_free(s);
240 return getSubject() +
" (" + getMD5DigestText() +
")";
246 int pos = k.findRev(
'(');
248 unsigned int len = k.length();
249 if (k.at(len-1) ==
')') {
250 rc = k.mid(pos+1, len-pos-2);
262 unsigned char md[EVP_MAX_MD_SIZE];
264 if (!d->kossl->X509_digest(d->m_cert, d->kossl->EVP_md5(), md, &n)) {
268 for (
unsigned int j = 0; j < n; j++) {
271 rc.append(hv[(md[j]&0xf0)>>4]);
272 rc.append(hv[md[j]&0x0f]);
287 unsigned char md[EVP_MAX_MD_SIZE];
289 if (!d->kossl->X509_digest(d->m_cert, d->kossl->EVP_md5(), md, &n)) {
293 for (
unsigned int j = 0; j < n; j++) {
294 rc.append(hv[(md[j]&0xf0)>>4]);
295 rc.append(hv[md[j]&0x0f]);
309 EVP_PKEY *pkey = d->kossl->X509_get_pubkey(d->m_cert);
312 if (pkey->type == EVP_PKEY_RSA)
317 if (pkey->type == EVP_PKEY_DSA)
322 d->kossl->EVP_PKEY_free(pkey);
336 EVP_PKEY *pkey = d->kossl->X509_get_pubkey(d->m_cert);
338 rc = i18n(
"Unknown",
"Unknown key algorithm");
340 if (pkey->type == EVP_PKEY_RSA) {
341 rc = i18n(
"Key type: RSA (%1 bit)") +
"\n";
343 x = d->kossl->BN_bn2hex(pkey->pkey.rsa->n);
344 rc += i18n(
"Modulus: ");
345 rc = rc.arg(strlen(x)*4);
346 for (
unsigned int i = 0; i < strlen(x); i++) {
347 if (i%40 != 0 && i%2 == 0)
354 d->kossl->OPENSSL_free(x);
356 x = d->kossl->BN_bn2hex(pkey->pkey.rsa->e);
357 rc += i18n(
"Exponent: 0x") + x +
"\n";
358 d->kossl->OPENSSL_free(x);
362 if (pkey->type == EVP_PKEY_DSA) {
363 rc = i18n(
"Key type: DSA (%1 bit)") +
"\n";
365 x = d->kossl->BN_bn2hex(pkey->pkey.dsa->p);
366 rc += i18n(
"Prime: ");
368 rc = rc.arg(strlen(x)*4) ;
369 for (
unsigned int i = 0; i < strlen(x); i++) {
370 if (i%40 != 0 && i%2 == 0)
377 d->kossl->OPENSSL_free(x);
379 x = d->kossl->BN_bn2hex(pkey->pkey.dsa->q);
380 rc += i18n(
"160 bit prime factor: ");
381 for (
unsigned int i = 0; i < strlen(x); i++) {
382 if (i%40 != 0 && i%2 == 0)
389 d->kossl->OPENSSL_free(x);
391 x = d->kossl->BN_bn2hex(pkey->pkey.dsa->g);
392 rc += TQString(
"g: ");
393 for (
unsigned int i = 0; i < strlen(x); i++) {
394 if (i%40 != 0 && i%2 == 0)
401 d->kossl->OPENSSL_free(x);
403 x = d->kossl->BN_bn2hex(pkey->pkey.dsa->pub_key);
404 rc += i18n(
"Public key: ");
405 for (
unsigned int i = 0; i < strlen(x); i++) {
406 if (i%40 != 0 && i%2 == 0)
413 d->kossl->OPENSSL_free(x);
416 d->kossl->EVP_PKEY_free(pkey);
429 char *t = d->kossl->X509_NAME_oneline(d->kossl->X509_get_issuer_name(d->m_cert), 0, 0);
435 d->kossl->OPENSSL_free(t);
441 void KSSLCertificate::setChain(
void *c) {
443 d->_chain.setChain(c);
445 d->m_stateCached =
false;
446 d->m_stateCache = KSSLCertificate::Unknown;
453 d->_extensions.flags = 0;
454 d->kossl->X509_check_purpose(c, -1, 0);
457 kdDebug(7029) <<
"---------------- Certificate ------------------" 459 kdDebug(7029) << getSubject() << endl;
462 for (
int j = 0; j < d->kossl->X509_PURPOSE_get_count(); j++) {
463 X509_PURPOSE *ptmp = d->kossl->X509_PURPOSE_get0(j);
464 int id = d->kossl->X509_PURPOSE_get_id(ptmp);
465 for (
int ca = 0; ca < 2; ca++) {
466 int idret = d->kossl->X509_check_purpose(c,
id, ca);
467 if (idret == 1 || idret == 2) {
470 d->_extensions.flags |= (1L <<(
id-1));
471 else d->_extensions.flags |= (1L <<(16+
id-1));
474 d->_extensions.flags &= ~(1L <<(
id-1));
475 else d->_extensions.flags &= ~(1L <<(16+
id-1));
481 kdDebug(7029) <<
"flags: " << TQString::number(c->ex_flags, 2)
482 <<
"\nkeyusage: " << TQString::number(c->ex_kusage, 2)
483 <<
"\nxkeyusage: " << TQString::number(c->ex_xkusage, 2)
484 <<
"\nnscert: " << TQString::number(c->ex_nscert, 2)
486 if (c->ex_flags & EXFLAG_KUSAGE)
487 kdDebug(7029) <<
" --- Key Usage extensions found" << endl;
488 else kdDebug(7029) <<
" --- Key Usage extensions NOT found" << endl;
490 if (c->ex_flags & EXFLAG_XKUSAGE)
491 kdDebug(7029) <<
" --- Extended key usage extensions found" << endl;
492 else kdDebug(7029) <<
" --- Extended key usage extensions NOT found" << endl;
494 if (c->ex_flags & EXFLAG_NSCERT)
495 kdDebug(7029) <<
" --- NS extensions found" << endl;
496 else kdDebug(7029) <<
" --- NS extensions NOT found" << endl;
498 if (d->_extensions.certTypeSSLCA())
499 kdDebug(7029) <<
"NOTE: this is an SSL CA file." << endl;
500 else kdDebug(7029) <<
"NOTE: this is NOT an SSL CA file." << endl;
502 if (d->_extensions.certTypeEmailCA())
503 kdDebug(7029) <<
"NOTE: this is an EMAIL CA file." << endl;
504 else kdDebug(7029) <<
"NOTE: this is NOT an EMAIL CA file." << endl;
506 if (d->_extensions.certTypeCodeCA())
507 kdDebug(7029) <<
"NOTE: this is a CODE CA file." << endl;
508 else kdDebug(7029) <<
"NOTE: this is NOT a CODE CA file." << endl;
510 if (d->_extensions.certTypeSSLClient())
511 kdDebug(7029) <<
"NOTE: this is an SSL client." << endl;
512 else kdDebug(7029) <<
"NOTE: this is NOT an SSL client." << endl;
514 if (d->_extensions.certTypeSSLServer())
515 kdDebug(7029) <<
"NOTE: this is an SSL server." << endl;
516 else kdDebug(7029) <<
"NOTE: this is NOT an SSL server." << endl;
518 if (d->_extensions.certTypeNSSSLServer())
519 kdDebug(7029) <<
"NOTE: this is a NETSCAPE SSL server." << endl;
520 else kdDebug(7029) <<
"NOTE: this is NOT a NETSCAPE SSL server." << endl;
522 if (d->_extensions.certTypeSMIME())
523 kdDebug(7029) <<
"NOTE: this is an SMIME certificate." << endl;
524 else kdDebug(7029) <<
"NOTE: this is NOT an SMIME certificate." << endl;
526 if (d->_extensions.certTypeSMIMEEncrypt())
527 kdDebug(7029) <<
"NOTE: this is an SMIME encrypt cert." << endl;
528 else kdDebug(7029) <<
"NOTE: this is NOT an SMIME encrypt cert." << endl;
530 if (d->_extensions.certTypeSMIMESign())
531 kdDebug(7029) <<
"NOTE: this is an SMIME sign cert." << endl;
532 else kdDebug(7029) <<
"NOTE: this is NOT an SMIME sign cert." << endl;
534 if (d->_extensions.certTypeCRLSign())
535 kdDebug(7029) <<
"NOTE: this is a CRL signer." << endl;
536 else kdDebug(7029) <<
"NOTE: this is NOT a CRL signer." << endl;
538 kdDebug(7029) <<
"-----------------------------------------------" 543 d->m_stateCached =
false;
544 d->m_stateCache = KSSLCertificate::Unknown;
547 X509 *KSSLCertificate::getCert() {
557 #include "ksslcallback.c" 561 return (validate(p) == KSSLCertificate::Ok);
566 return isValid(KSSLCertificate::SSLServer);
570 int KSSLCertificate::purposeToOpenSSL(KSSLCertificate::KSSLPurpose p)
const {
573 if (p == KSSLCertificate::SSLServer) {
574 rc = X509_PURPOSE_SSL_SERVER;
575 }
else if (p == KSSLCertificate::SSLClient) {
576 rc = X509_PURPOSE_SSL_CLIENT;
577 }
else if (p == KSSLCertificate::SMIMEEncrypt) {
578 rc = X509_PURPOSE_SMIME_ENCRYPT;
579 }
else if (p == KSSLCertificate::SMIMESign) {
580 rc = X509_PURPOSE_SMIME_SIGN;
581 }
else if (p == KSSLCertificate::Any) {
582 rc = X509_PURPOSE_ANY;
591 return validate(KSSLCertificate::SSLServer);
596 KSSLValidationList result = validateVerbose(purpose);
597 if (result.isEmpty())
598 return KSSLCertificate::Ok;
600 return result.first();
610 return validateVerbose(purpose, 0);
615 KSSLValidationList errors;
616 if (ca || (d->_lastPurpose != purpose)) {
617 d->m_stateCached =
false;
620 if (!d->m_stateCached)
621 d->_lastPurpose = purpose;
624 X509_STORE *certStore;
625 X509_LOOKUP *certLookup;
626 X509_STORE_CTX *certStoreCTX;
631 errors << KSSLCertificate::Unknown;
635 if (d->m_stateCached) {
636 errors << d->m_stateCache;
640 TQStringList qsl = TDEGlobal::dirs()->resourceDirs(
"kssl");
643 errors << KSSLCertificate::NoCARoot;
649 for (TQStringList::Iterator j = qsl.begin(); j != qsl.end(); ++j) {
651 TQString _j = (*j) +
"ca-bundle.crt";
652 if (-1 == stat(_j.ascii(), &sb)) {
656 certStore = d->kossl->X509_STORE_new();
658 errors << KSSLCertificate::Unknown;
662 X509_STORE_set_verify_cb_func(certStore, X509Callback);
664 certLookup = d->kossl->X509_STORE_add_lookup(certStore, d->kossl->X509_LOOKUP_file());
666 ksslv = KSSLCertificate::Unknown;
667 d->kossl->X509_STORE_free(certStore);
671 if (!d->kossl->X509_LOOKUP_load_file(certLookup, _j.ascii(), X509_FILETYPE_PEM)) {
673 kdDebug(7029) <<
"KSSL couldn't read CA root: " 675 ksslv = KSSLCertificate::ErrorReadingRoot;
676 d->kossl->X509_STORE_free(certStore);
681 certStoreCTX = d->kossl->X509_STORE_CTX_new();
686 kdDebug(7029) <<
"KSSL couldn't create an X509 store context." << endl;
687 d->kossl->X509_STORE_free(certStore);
691 d->kossl->X509_STORE_CTX_init(certStoreCTX, certStore, d->m_cert, NULL);
692 if (d->_chain.isValid()) {
693 d->kossl->X509_STORE_CTX_set_chain(certStoreCTX, (STACK_OF(X509)*)d->_chain.rawChain());
699 d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX, purposeToOpenSSL(purpose));
701 KSSL_X509CallBack_ca = ca ? ca->d->m_cert : 0;
702 KSSL_X509CallBack_ca_found =
false;
704 certStoreCTX->error = X509_V_OK;
705 rc = d->kossl->X509_verify_cert(certStoreCTX);
706 int errcode = certStoreCTX->error;
707 if (ca && !KSSL_X509CallBack_ca_found) {
708 ksslv = KSSLCertificate::Irrelevant;
710 ksslv = processError(errcode);
713 if ( (ksslv != KSSLCertificate::Ok) &&
714 (ksslv != KSSLCertificate::Irrelevant) &&
715 purpose == KSSLCertificate::SSLServer) {
716 d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX,
717 X509_PURPOSE_NS_SSL_SERVER);
719 certStoreCTX->error = X509_V_OK;
720 rc = d->kossl->X509_verify_cert(certStoreCTX);
721 errcode = certStoreCTX->error;
722 ksslv = processError(errcode);
724 d->kossl->X509_STORE_CTX_free(certStoreCTX);
725 d->kossl->X509_STORE_free(certStore);
736 if (ksslv != NoCARoot && ksslv != InvalidCA) {
737 d->m_stateCached =
true;
738 d->m_stateCache = ksslv;
743 if (ksslv != KSSLCertificate::Ok)
746 errors << KSSLCertificate::NoSSL;
754 return revalidate(KSSLCertificate::SSLServer);
759 d->m_stateCached =
false;
767 rc = KSSLCertificate::Unknown;
771 rc = KSSLCertificate::Ok;
775 case X509_V_ERR_CERT_REJECTED:
776 rc = KSSLCertificate::Rejected;
780 case X509_V_ERR_CERT_UNTRUSTED:
781 rc = KSSLCertificate::Untrusted;
785 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
786 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
787 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
788 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
789 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
790 rc = KSSLCertificate::SignatureFailed;
793 case X509_V_ERR_INVALID_CA:
794 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
795 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
796 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
797 rc = KSSLCertificate::InvalidCA;
801 case X509_V_ERR_INVALID_PURPOSE:
802 rc = KSSLCertificate::InvalidPurpose;
806 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
807 rc = KSSLCertificate::SelfSigned;
810 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
811 rc = KSSLCertificate::SelfSignedChain;
814 case X509_V_ERR_CERT_REVOKED:
815 rc = KSSLCertificate::Revoked;
818 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
819 rc = KSSLCertificate::PathLengthExceeded;
822 case X509_V_ERR_CERT_NOT_YET_VALID:
823 case X509_V_ERR_CERT_HAS_EXPIRED:
824 case X509_V_ERR_CRL_NOT_YET_VALID:
825 case X509_V_ERR_CRL_HAS_EXPIRED:
826 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
827 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
828 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
829 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
830 rc = KSSLCertificate::Expired;
831 kdDebug(7029) <<
"KSSL apparently this is expired. Not after: " 832 << getNotAfter() << endl;
836 case X509_V_ERR_APPLICATION_VERIFICATION:
837 case X509_V_ERR_OUT_OF_MEM:
838 case X509_V_ERR_UNABLE_TO_GET_CRL:
839 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
841 rc = KSSLCertificate::Unknown;
845 d->m_stateCache = rc;
846 d->m_stateCached =
true;
854 return ASN1_UTCTIME_QString(X509_get_notBefore(d->m_cert));
856 return TQString::null;
863 return ASN1_UTCTIME_QString(X509_get_notAfter(d->m_cert));
865 return TQString::null;
872 return ASN1_UTCTIME_QDateTime(X509_get_notBefore(d->m_cert), NULL);
874 return TQDateTime::currentDateTime();
881 return ASN1_UTCTIME_QDateTime(X509_get_notAfter(d->m_cert), NULL);
883 return TQDateTime::currentDateTime();
889 #ifndef KSSL_HAVE_SSL 892 if (!KOSSL::self()->X509_cmp(x.getCert(), y.getCert()))
return 1;
903 newOne->
setCert(d->kossl->X509_dup(getCert()));
913 return KCodecs::base64Encode(toDer());
919 case KSSLCertificate::Ok:
920 return i18n(
"The certificate is valid.");
921 case KSSLCertificate::PathLengthExceeded:
922 case KSSLCertificate::ErrorReadingRoot:
923 case KSSLCertificate::NoCARoot:
924 return i18n(
"Certificate signing authority root files could not be found so the certificate is not verified.");
925 case KSSLCertificate::SelfSignedChain:
926 case KSSLCertificate::InvalidCA:
927 return i18n(
"Certificate signing authority is unknown or invalid.");
928 case KSSLCertificate::SelfSigned:
929 return i18n(
"Certificate is self-signed and thus may not be trustworthy.");
930 case KSSLCertificate::Expired:
931 return i18n(
"Certificate has expired.");
932 case KSSLCertificate::Revoked:
933 return i18n(
"Certificate has been revoked.");
934 case KSSLCertificate::NoSSL:
935 return i18n(
"SSL support was not found.");
936 case KSSLCertificate::Untrusted:
937 return i18n(
"Signature is untrusted.");
938 case KSSLCertificate::SignatureFailed:
939 return i18n(
"Signature test failed.");
940 case KSSLCertificate::Rejected:
941 case KSSLCertificate::InvalidPurpose:
942 return i18n(
"Rejected, possibly due to an invalid purpose.");
943 case KSSLCertificate::PrivateKeyFailed:
944 return i18n(
"Private key test failed.");
945 case KSSLCertificate::InvalidHost:
946 return i18n(
"The certificate has not been issued for this host.");
947 case KSSLCertificate::Irrelevant:
948 return i18n(
"This certificate is not relevant.");
953 return i18n(
"The certificate is invalid.");
960 unsigned int certlen = d->kossl->i2d_X509(getCert(), NULL);
961 unsigned char *cert =
new unsigned char[certlen];
962 unsigned char *p = cert;
964 d->kossl->i2d_X509(getCert(), &p);
967 qba.duplicate((
const char*)cert, certlen);
977 TQString thecert = toString();
978 const char *header =
"-----BEGIN CERTIFICATE-----\n";
979 const char *footer =
"-----END CERTIFICATE-----\n";
983 unsigned int xx = thecert.length() - 1;
984 for (
unsigned int i = 0; i < xx/64; i++) {
985 thecert.insert(64*(i+1)+i,
'\n');
988 thecert.prepend(header);
990 if (thecert[thecert.length()-1] !=
'\n')
993 thecert.append(footer);
995 qba.duplicate(thecert.local8Bit(), thecert.length());
1000 #define NETSCAPE_CERT_HDR "certificate" 1005 #ifdef KSSL_HAVE_SSL 1006 #if OPENSSL_VERSION_NUMBER >= 0x10000000L 1008 ASN1_OCTET_STRING hdr;
1011 ASN1_OCTET_STRING os;
1015 #if OPENSSL_VERSION_NUMBER >= 0x10000000L 1016 hdr.data = (
unsigned char *)NETSCAPE_CERT_HDR;
1017 hdr.length = strlen(NETSCAPE_CERT_HDR);
1019 nx.cert = getCert();
1021 d->kossl->ASN1_i2d_fp(ktf.fstream(),(
unsigned char *)&nx);
1023 os.data = (
unsigned char *)NETSCAPE_CERT_HDR;
1024 os.length = strlen(NETSCAPE_CERT_HDR);
1026 ah.data = (
char *)getCert();
1027 ah.meth = d->kossl->X509_asn1_meth();
1029 d->kossl->ASN1_i2d_fp(ktf.fstream(),(
unsigned char *)&ah);
1034 TQFile qf(ktf.name());
1035 qf.open(IO_ReadOnly);
1036 char *buf =
new char[qf.size()];
1037 qf.readBlock(buf, qf.size());
1038 qba.duplicate(buf, qf.size());
1052 #ifdef KSSL_HAVE_SSL 1055 d->kossl->X509_print(ktf.fstream(), getCert());
1058 TQFile qf(ktf.name());
1059 qf.open(IO_ReadOnly);
1060 char *buf =
new char[qf.size()+1];
1061 qf.readBlock(buf, qf.size());
1073 #ifdef KSSL_HAVE_SSL 1074 TQByteArray qba, qbb = cert.local8Bit().copy();
1075 KCodecs::base64Decode(qbb, qba);
1076 unsigned char *qbap =
reinterpret_cast<unsigned char *
>(qba.data());
1077 X509 *x5c = KOSSL::self()->d2i_X509(NULL, &qbap, qba.size());
1088 return d->_extensions;
1093 return d->_extensions.certTypeCA();
1099 #ifdef KSSL_HAVE_SSL 1100 STACK_OF(GENERAL_NAME) *names;
1101 names = (STACK_OF(GENERAL_NAME)*)d->kossl->X509_get_ext_d2i(d->m_cert, NID_subject_alt_name, 0, 0);
1107 int cnt = d->kossl->sk_GENERAL_NAME_num(names);
1109 for (
int i = 0; i < cnt; i++) {
1110 const GENERAL_NAME *val = (
const GENERAL_NAME *)d->kossl->sk_value(names, i);
1111 if (val->type != GEN_DNS) {
1115 TQString s = (
const char *)d->kossl->ASN1_STRING_data(val->d.ia5);
1118 s.length() == d->kossl->ASN1_STRING_length(val->d.ia5)) {
1122 d->kossl->sk_free(names);
1130 TQPtrList<KSSLCertificate> cl =
const_cast<KSSLCertificate&
>(r).chain().getChain();
1136 cl.setAutoDelete(
true);
1138 s << const_cast<KSSLCertificate&>(r).toString() << qsl;
1150 if (r.
setCert(cert) && !qsl.isEmpty())
void setCertChain(const TQStringList &chain)
Set the certificate chain as a list of base64 encoded X.509 certificates.
TQString getSignatureText() const
Get the signature.
TQDateTime getQDTNotAfter() const
Get the date that the certificate is valid until.
TQString getKDEKey() const
KDEKey is a concatenation "Subject (MD5)", mostly needed for SMIME.
KSSLCertificate(const KSSLCertificate &x)
Copy constructor.
KSSLCertificate * replicate()
Explicitly make a copy of this certificate.
TQString getPublicKeyText() const
Get the public key.
TQString getIssuer() const
Get the issuer of the certificate (X.509 map).
static TQString verifyText(KSSLValidation x)
Obtain the localized message that corresponds to a validation result.
KSSLValidation validate()
Check if this is a valid certificate.
KSSLX509V3 & x509V3Extensions()
Access the X.509v3 parameters.
KSSLCertChain & chain()
Get a reference to the certificate chain.
TQString toText()
Convert the certificate to OpenSSL plain text format.
void * rawChain()
Read the raw chain in OpenSSL format.
static TQString getMD5DigestFromKDEKey(const TQString &k)
Aegypten semantics force us to search by MD5Digest only.
bool setCert(TQString &cert)
Re-set the certificate from a base64 string.
TQString getSerialNumber() const
Get the serial number of the certificate.
TQByteArray toDer()
Convert the certificate to DER (ASN.1) format.
TQString toString()
Convert this certificate to a string.
KSSLValidation revalidate()
Check if this is a valid certificate.
TQString getMD5DigestText() const
Get the MD5 digest of the certificate.
void getEmails(TQStringList &to) const
FIXME: document.
TQStringList subjAltNames() const
The alternate subject name.
TQString getNotAfter() const
Get the date that the certificate is valid until.
KDE Certificate Chain Representation Class.
TQByteArray toPem()
Convert the certificate to PEM (base64) format.
TQDateTime getQDTNotBefore() const
Get the date that the certificate becomes valid on.
~KSSLCertificate()
Destroy this X.509 certificate.
TQByteArray toNetscape()
Convert the certificate to Netscape format.
KSSLValidation
A CA certificate can be validated as Irrelevant when it was not used to sign any other relevant certi...
TQString getMD5Digest() const
Get the MD5 digest of the certificate.
TQString getNotBefore() const
Get the date that the certificate becomes valid on.
bool isSigner()
Check if this is a signer certificate.
static KSSLCertificate * fromString(TQCString cert)
Create an X.509 certificate from a base64 encoded string.
bool isValid()
Check if this is a valid certificate.
static KSSLCertificate * fromX509(X509 *x5)
Create an X.509 certificate from the internal representation.
TQString getSubject() const
Get the subject of the certificate (X.509 map).
KSSLValidationList validateVerbose(KSSLPurpose p)
Check if this is a valid certificate.
TQString getKeyType() const
Get the key type (RSA, DSA, etc).