• Skip to content
  • Skip to link menu
Trinity API Reference
  • Trinity API Reference
  • tdeio/kssl
 

tdeio/kssl

  • tdeio
  • kssl
ksslpkcs12.cc
1 /* This file is part of the KDE project
2  *
3  * Copyright (C) 2001 George Staikos <staikos@kde.org>
4  *
5  * This library is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU Library General Public
7  * License as published by the Free Software Foundation; either
8  * version 2 of the License, or (at your option) any later version.
9  *
10  * This library is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  * Library General Public License for more details.
14  *
15  * You should have received a copy of the GNU Library General Public License
16  * along with this library; see the file COPYING.LIB. If not, write to
17  * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18  * Boston, MA 02110-1301, USA.
19  */
20 
21 
22 #ifdef HAVE_CONFIG_H
23 #include <config.h>
24 #endif
25 
26 #include <kopenssl.h>
27 
28 #include <tqstring.h>
29 #include <tqfile.h>
30 #include <ksslall.h>
31 #include <kdebug.h>
32 #include <tdetempfile.h>
33 #include <kmdcodec.h>
34 
35 #include <assert.h>
36 
37 #ifdef KSSL_HAVE_SSL
38 #define sk_new kossl->sk_new
39 #define sk_push kossl->sk_push
40 #define sk_free kossl->sk_free
41 #define sk_value kossl->sk_value
42 #define sk_num kossl->sk_num
43 #define sk_dup kossl->sk_dup
44 #define sk_pop kossl->sk_pop
45 #endif
46 
47 
48 KSSLPKCS12::KSSLPKCS12() {
49  _pkcs = NULL;
50  _pkey = NULL;
51  _cert = NULL;
52  _caStack = NULL;
53  kossl = KOSSL::self();
54 }
55 
56 
57 
58 KSSLPKCS12::~KSSLPKCS12() {
59 #ifdef KSSL_HAVE_SSL
60  if (_pkey) kossl->EVP_PKEY_free(_pkey);
61  if (_caStack) {
62  for (;;) {
63  X509* x5 = sk_X509_pop(_caStack);
64  if (!x5) break;
65  kossl->X509_free(x5);
66  }
67  sk_X509_free(_caStack);
68  }
69  if (_pkcs) kossl->PKCS12_free(_pkcs);
70 #endif
71  if (_cert) delete _cert;
72 }
73 
74 
75 KSSLPKCS12* KSSLPKCS12::fromString(TQString base64, TQString password) {
76 #ifdef KSSL_HAVE_SSL
77 KTempFile ktf;
78 
79  if (base64.isEmpty()) return NULL;
80  TQByteArray qba, qbb = TQCString(base64.latin1()).copy();
81  KCodecs::base64Decode(qbb, qba);
82  ktf.file()->writeBlock(qba);
83  ktf.close();
84  KSSLPKCS12* rc = loadCertFile(ktf.name(), password);
85  ktf.unlink();
86  return rc;
87 #endif
88 return NULL;
89 }
90 
91 
92 
93 KSSLPKCS12* KSSLPKCS12::loadCertFile(TQString filename, TQString password) {
94 #ifdef KSSL_HAVE_SSL
95 TQFile qf(filename);
96 PKCS12 *newpkcs = NULL;
97 
98  if (!qf.open(IO_ReadOnly))
99  return NULL;
100 
101  FILE *fp = fdopen(qf.handle(), "r");
102  if (!fp) return NULL;
103 
104  newpkcs = KOSSL::self()->d2i_PKCS12_fp(fp, &newpkcs);
105 
106  fclose(fp);
107  if (!newpkcs) {
108  KOSSL::self()->ERR_clear_error();
109  return NULL;
110  }
111 
112  KSSLPKCS12 *c = new KSSLPKCS12;
113  c->setCert(newpkcs);
114 
115  // Now we parse it to see if we can decrypt it and interpret it
116  if (!c->parse(password)) {
117  delete c; c = NULL;
118  }
119 
120  return c;
121 #endif
122 return NULL;
123 }
124 
125 
126 void KSSLPKCS12::setCert(PKCS12 *c) {
127 #ifdef KSSL_HAVE_SSL
128  _pkcs = c;
129 #endif
130 }
131 
132 
133 bool KSSLPKCS12::changePassword(TQString pold, TQString pnew) {
134 #ifdef KSSL_HAVE_SSL
135  // OpenSSL makes me cast away the const here. argh
136  return (0 == kossl->PKCS12_newpass(_pkcs,
137  pold.isNull() ? (char *)"" : (char *)pold.latin1(),
138  pnew.isNull() ? (char *)"" : (char *)pnew.latin1()));
139 #endif
140 return false;
141 }
142 
143 
144 bool KSSLPKCS12::parse(TQString pass) {
145 #ifdef KSSL_HAVE_SSL
146 X509 *x = NULL;
147 
148  assert(_pkcs); // if you're calling this before pkcs gets set, it's a BUG!
149 
150  if (_cert) delete _cert;
151  if (_pkey) kossl->EVP_PKEY_free(_pkey);
152  if (_caStack) {
153  for (;;) {
154  X509* x5 = sk_X509_pop(_caStack);
155  if (!x5) break;
156  kossl->X509_free(x5);
157  }
158  sk_X509_free(_caStack);
159  }
160  _pkey = NULL;
161  _caStack = NULL;
162  _cert = NULL;
163 
164  int rc = kossl->PKCS12_parse(_pkcs, pass.latin1(), &_pkey, &x, &_caStack);
165 
166  if (rc == 1) {
167  // kdDebug(7029) << "PKCS12_parse success" << endl;
168  if (x) {
169  _cert = new KSSLCertificate;
170  _cert->setCert(x);
171  if (_caStack) {
172  _cert->setChain(_caStack);
173  }
174  return true;
175  }
176  } else {
177  _caStack = NULL;
178  _pkey = NULL;
179  kossl->ERR_clear_error();
180  }
181 #endif
182 return false;
183 }
184 
185 
186 EVP_PKEY *KSSLPKCS12::getPrivateKey() {
187  return _pkey;
188 }
189 
190 
191 KSSLCertificate *KSSLPKCS12::getCertificate() {
192  return _cert;
193 }
194 
195 
196 TQString KSSLPKCS12::toString() {
197 TQString base64;
198 #ifdef KSSL_HAVE_SSL
199 unsigned char *p;
200 int len;
201 
202  len = kossl->i2d_PKCS12(_pkcs, NULL);
203  if (len >= 0) {
204  char *buf = new char[len];
205  p = (unsigned char *)buf;
206  kossl->i2d_PKCS12(_pkcs, &p);
207  TQByteArray qba;
208  qba.setRawData(buf, len);
209  base64 = KCodecs::base64Encode(qba);
210  qba.resetRawData(buf, len);
211  delete[] buf;
212  }
213 #endif
214 return base64;
215 }
216 
217 
218 
219 bool KSSLPKCS12::toFile(TQString filename) {
220 #ifdef KSSL_HAVE_SSL
221 TQFile out(filename);
222 
223  if (!out.open(IO_WriteOnly)) return false;
224 
225  int fd = out.handle();
226  FILE *fp = fdopen(fd, "w");
227 
228  if (!fp) {
229  unlink(filename.latin1());
230  return false;
231  }
232 
233  kossl->i2d_PKCS12_fp(fp, _pkcs);
234 
235  fclose(fp);
236  return true;
237 #endif
238 return false;
239 }
240 
241 
242 KSSLCertificate::KSSLValidation KSSLPKCS12::validate() {
243  return validate(KSSLCertificate::SSLServer);
244 }
245 
246 
247 KSSLCertificate::KSSLValidation KSSLPKCS12::validate(KSSLCertificate::KSSLPurpose p) {
248 #ifdef KSSL_HAVE_SSL
249 KSSLCertificate::KSSLValidation xx = _cert->validate(p);
250  if (1 != kossl->X509_check_private_key(_cert->getCert(), _pkey)) {
251  xx = KSSLCertificate::PrivateKeyFailed;
252  }
253 
254 return xx;
255 #else
256 return KSSLCertificate::NoSSL;
257 #endif
258 }
259 
260 
261 KSSLCertificate::KSSLValidation KSSLPKCS12::revalidate() {
262  return revalidate(KSSLCertificate::SSLServer);
263 }
264 
265 
266 KSSLCertificate::KSSLValidation KSSLPKCS12::revalidate(KSSLCertificate::KSSLPurpose p) {
267  return _cert->revalidate(p);
268 }
269 
270 
271 bool KSSLPKCS12::isValid() {
272 return isValid(KSSLCertificate::SSLServer);
273 }
274 
275 
276 bool KSSLPKCS12::isValid(KSSLCertificate::KSSLPurpose p) {
277 return (validate(p) == KSSLCertificate::Ok);
278 }
279 
280 
281 TQString KSSLPKCS12::name() {
282  return _cert->getSubject();
283 }
284 
285 
286 #ifdef KSSL_HAVE_SSL
287 #undef sk_new
288 #undef sk_push
289 #undef sk_free
290 #undef sk_value
291 #undef sk_num
292 #undef sk_pop
293 #undef sk_dup
294 #endif
295 
KSSLPKCS12::toString
TQString toString()
Convert to a Base64 string.
Definition: ksslpkcs12.cc:196
KSSLPKCS12::fromString
static KSSLPKCS12 * fromString(TQString base64, TQString password="")
Create a KSSLPKCS12 object from a Base64 in a TQString.
Definition: ksslpkcs12.cc:75
KSSLPKCS12::setCert
void setCert(PKCS12 *c)
Raw set the PKCS12 object.
Definition: ksslpkcs12.cc:126
KSSLPKCS12::~KSSLPKCS12
virtual ~KSSLPKCS12()
Destroy this PKCS#12 certificate.
Definition: ksslpkcs12.cc:58
KSSLCertificate::validate
KSSLValidation validate()
Check if this is a valid certificate.
Definition: ksslcertificate.cc:590
KSSLPKCS12::changePassword
bool changePassword(TQString pold, TQString pnew)
Change the password of the PKCS#12 in memory.
Definition: ksslpkcs12.cc:133
KSSLCertificate::setCert
bool setCert(TQString &cert)
Re-set the certificate from a base64 string.
Definition: ksslcertificate.cc:1072
KSSLCertificate
KDE X.509 Certificate.
Definition: ksslcertificate.h:75
KSSLCertificate::revalidate
KSSLValidation revalidate()
Check if this is a valid certificate.
Definition: ksslcertificate.cc:753
KSSLPKCS12::loadCertFile
static KSSLPKCS12 * loadCertFile(TQString filename, TQString password="")
Create a KSSLPKCS12 object by reading a PKCS#12 file.
Definition: ksslpkcs12.cc:93
KSSLPKCS12
KDE PKCS#12 Certificate.
Definition: ksslpkcs12.h:61
KSSLPKCS12::name
TQString name()
The name of this certificate.
Definition: ksslpkcs12.cc:281
KSSLPKCS12::revalidate
KSSLCertificate::KSSLValidation revalidate()
Check the X.509 and private key to make sure they&#39;re valid.
Definition: ksslpkcs12.cc:261
KSSLCertificate::KSSLValidation
KSSLValidation
A CA certificate can be validated as Irrelevant when it was not used to sign any other relevant certi...
Definition: ksslcertificate.h:113
KSSLPKCS12::validate
KSSLCertificate::KSSLValidation validate()
Check the X.509 and private key to make sure they&#39;re valid.
Definition: ksslpkcs12.cc:242
KSSLPKCS12::getPrivateKey
EVP_PKEY * getPrivateKey()
Get the private key.
Definition: ksslpkcs12.cc:186
KSSLCertificate::getSubject
TQString getSubject() const
Get the subject of the certificate (X.509 map).
Definition: ksslcertificate.cc:166
KSSLPKCS12::isValid
bool isValid()
Check if the X.509 and private key are valid.
Definition: ksslpkcs12.cc:271
KSSLPKCS12::toFile
bool toFile(TQString filename)
Write the PKCS#12 to a file in raw mode.
Definition: ksslpkcs12.cc:219
KSSLPKCS12::getCertificate
KSSLCertificate * getCertificate()
Get the X.509 certificate.
Definition: ksslpkcs12.cc:191

tdeio/kssl

Skip menu "tdeio/kssl"
  • Main Page
  • Alphabetical List
  • Class List
  • File List
  • Class Members
  • Related Pages

tdeio/kssl

Skip menu "tdeio/kssl"
  • arts
  • dcop
  • dnssd
  • interfaces
  •   kspeech
  •     interface
  •     library
  •   tdetexteditor
  • kate
  • kded
  • kdoctools
  • kimgio
  • kjs
  • libtdemid
  • libtdescreensaver
  • tdeabc
  • tdecmshell
  • tdecore
  • tdefx
  • tdehtml
  • tdeinit
  • tdeio
  •   bookmarks
  •   httpfilter
  •   kpasswdserver
  •   kssl
  •   tdefile
  •   tdeio
  •   tdeioexec
  • tdeioslave
  •   http
  • tdemdi
  •   tdemdi
  • tdenewstuff
  • tdeparts
  • tdeprint
  • tderandr
  • tderesources
  • tdespell2
  • tdesu
  • tdeui
  • tdeunittest
  • tdeutils
  • tdewallet
Generated for tdeio/kssl by doxygen 1.8.11
This website is maintained by Timothy Pearson.