• Skip to content
  • Skip to link menu
Trinity API Reference
  • Trinity API Reference
  • tdeio/kssl
 

tdeio/kssl

  • tdeio
  • kssl
ksslpkcs12.cpp
1 /* This file is part of the KDE project
2  *
3  * Copyright (C) 2001 George Staikos <staikos@kde.org>
4  *
5  * This library is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU Library General Public
7  * License as published by the Free Software Foundation; either
8  * version 2 of the License, or (at your option) any later version.
9  *
10  * This library is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  * Library General Public License for more details.
14  *
15  * You should have received a copy of the GNU Library General Public License
16  * along with this library; see the file COPYING.LIB. If not, write to
17  * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18  * Boston, MA 02110-1301, USA.
19  */
20 
21 
22 #ifdef HAVE_CONFIG_H
23 #include <config.h>
24 #endif
25 
26 #include <kopenssl.h>
27 
28 #include <tqstring.h>
29 #include <tqfile.h>
30 #include <ksslall.h>
31 #include <kdebug.h>
32 #include <tdetempfile.h>
33 #include <kmdcodec.h>
34 
35 #include <assert.h>
36 
37 
38 KSSLPKCS12::KSSLPKCS12() {
39  _pkcs = NULL;
40  _pkey = NULL;
41  _cert = NULL;
42  _caStack = NULL;
43  kossl = KOSSL::self();
44 }
45 
46 
47 
48 KSSLPKCS12::~KSSLPKCS12() {
49 #ifdef KSSL_HAVE_SSL
50  if (_pkey) kossl->EVP_PKEY_free(_pkey);
51  if (_caStack) {
52  for (;;) {
53  X509* x5 = reinterpret_cast<X509*>(kossl->OPENSSL_sk_pop(_caStack));
54  if (!x5) break;
55  kossl->X509_free(x5);
56  }
57  kossl->OPENSSL_sk_free(_caStack);
58  }
59  if (_pkcs) kossl->PKCS12_free(_pkcs);
60 #endif
61  if (_cert) delete _cert;
62 }
63 
64 
65 KSSLPKCS12* KSSLPKCS12::fromString(TQString base64, TQString password) {
66 #ifdef KSSL_HAVE_SSL
67 KTempFile ktf;
68 
69  if (base64.isEmpty()) return NULL;
70  TQByteArray qba, qbb = TQCString(base64.latin1()).copy();
71  KCodecs::base64Decode(qbb, qba);
72  ktf.file()->writeBlock(qba);
73  ktf.close();
74  KSSLPKCS12* rc = loadCertFile(ktf.name(), password);
75  ktf.unlink();
76  return rc;
77 #endif
78 return NULL;
79 }
80 
81 
82 
83 KSSLPKCS12* KSSLPKCS12::loadCertFile(TQString filename, TQString password) {
84 #ifdef KSSL_HAVE_SSL
85 TQFile qf(filename);
86 PKCS12 *newpkcs = NULL;
87 
88  if (!qf.open(IO_ReadOnly))
89  return NULL;
90 
91  FILE *fp = fdopen(qf.handle(), "r");
92  if (!fp) return NULL;
93 
94  newpkcs = KOSSL::self()->d2i_PKCS12_fp(fp, &newpkcs);
95 
96  fclose(fp);
97  if (!newpkcs) {
98  KOSSL::self()->ERR_clear_error();
99  return NULL;
100  }
101 
102  KSSLPKCS12 *c = new KSSLPKCS12;
103  c->setCert(newpkcs);
104 
105  // Now we parse it to see if we can decrypt it and interpret it
106  if (!c->parse(password)) {
107  delete c; c = NULL;
108  }
109 
110  return c;
111 #endif
112 return NULL;
113 }
114 
115 
116 void KSSLPKCS12::setCert(PKCS12 *c) {
117 #ifdef KSSL_HAVE_SSL
118  _pkcs = c;
119 #endif
120 }
121 
122 
123 bool KSSLPKCS12::changePassword(TQString pold, TQString pnew) {
124 #ifdef KSSL_HAVE_SSL
125  // OpenSSL makes me cast away the const here. argh
126  return (0 == kossl->PKCS12_newpass(_pkcs,
127  pold.isNull() ? (char *)"" : (char *)pold.latin1(),
128  pnew.isNull() ? (char *)"" : (char *)pnew.latin1()));
129 #endif
130 return false;
131 }
132 
133 
134 bool KSSLPKCS12::parse(TQString pass) {
135 #ifdef KSSL_HAVE_SSL
136 X509 *x = NULL;
137 
138  assert(_pkcs); // if you're calling this before pkcs gets set, it's a BUG!
139 
140  if (_cert) delete _cert;
141  if (_pkey) kossl->EVP_PKEY_free(_pkey);
142  if (_caStack) {
143  for (;;) {
144  X509* x5 = reinterpret_cast<X509*>(kossl->OPENSSL_sk_pop(_caStack));
145  if (!x5) break;
146  kossl->X509_free(x5);
147  }
148  kossl->OPENSSL_sk_free(_caStack);
149  }
150  _pkey = NULL;
151  _caStack = NULL;
152  _cert = NULL;
153 
154  int rc = kossl->PKCS12_parse(_pkcs, pass.latin1(), &_pkey, &x, &_caStack);
155 
156  if (rc == 1) {
157  // kdDebug(7029) << "PKCS12_parse success" << endl;
158  if (x) {
159  _cert = new KSSLCertificate;
160  _cert->setCert(x);
161  if (_caStack) {
162  _cert->setChain(_caStack);
163  }
164  return true;
165  }
166  } else {
167  _caStack = NULL;
168  _pkey = NULL;
169  kossl->ERR_clear_error();
170  }
171 #endif
172 return false;
173 }
174 
175 
176 EVP_PKEY *KSSLPKCS12::getPrivateKey() {
177  return _pkey;
178 }
179 
180 
181 KSSLCertificate *KSSLPKCS12::getCertificate() {
182  return _cert;
183 }
184 
185 
186 TQString KSSLPKCS12::toString() {
187 TQString base64;
188 #ifdef KSSL_HAVE_SSL
189 unsigned char *p;
190 int len;
191 
192  len = kossl->i2d_PKCS12(_pkcs, NULL);
193  if (len >= 0) {
194  char *buf = new char[len];
195  p = (unsigned char *)buf;
196  kossl->i2d_PKCS12(_pkcs, &p);
197  TQByteArray qba;
198  qba.setRawData(buf, len);
199  base64 = KCodecs::base64Encode(qba);
200  qba.resetRawData(buf, len);
201  delete[] buf;
202  }
203 #endif
204 return base64;
205 }
206 
207 
208 
209 bool KSSLPKCS12::toFile(TQString filename) {
210 #ifdef KSSL_HAVE_SSL
211 TQFile out(filename);
212 
213  if (!out.open(IO_WriteOnly)) return false;
214 
215  int fd = out.handle();
216  FILE *fp = fdopen(fd, "w");
217 
218  if (!fp) {
219  unlink(filename.latin1());
220  return false;
221  }
222 
223  kossl->i2d_PKCS12_fp(fp, _pkcs);
224 
225  fclose(fp);
226  return true;
227 #endif
228 return false;
229 }
230 
231 
232 KSSLCertificate::KSSLValidation KSSLPKCS12::validate() {
233  return validate(KSSLCertificate::SSLServer);
234 }
235 
236 
237 KSSLCertificate::KSSLValidation KSSLPKCS12::validate(KSSLCertificate::KSSLPurpose p) {
238 #ifdef KSSL_HAVE_SSL
239 KSSLCertificate::KSSLValidation xx = _cert->validate(p);
240  if (1 != kossl->X509_check_private_key(_cert->getCert(), _pkey)) {
241  xx = KSSLCertificate::PrivateKeyFailed;
242  }
243 
244 return xx;
245 #else
246 return KSSLCertificate::NoSSL;
247 #endif
248 }
249 
250 
251 KSSLCertificate::KSSLValidation KSSLPKCS12::revalidate() {
252  return revalidate(KSSLCertificate::SSLServer);
253 }
254 
255 
256 KSSLCertificate::KSSLValidation KSSLPKCS12::revalidate(KSSLCertificate::KSSLPurpose p) {
257  return _cert->revalidate(p);
258 }
259 
260 
261 bool KSSLPKCS12::isValid() {
262 return isValid(KSSLCertificate::SSLServer);
263 }
264 
265 
266 bool KSSLPKCS12::isValid(KSSLCertificate::KSSLPurpose p) {
267 return (validate(p) == KSSLCertificate::Ok);
268 }
269 
270 
271 TQString KSSLPKCS12::name() {
272  return _cert->getSubject();
273 }
274 
KSSLPKCS12::toString
TQString toString()
Convert to a Base64 string.
Definition: ksslpkcs12.cpp:186
KSSLPKCS12::fromString
static KSSLPKCS12 * fromString(TQString base64, TQString password="")
Create a KSSLPKCS12 object from a Base64 in a TQString.
Definition: ksslpkcs12.cpp:65
KSSLPKCS12::setCert
void setCert(PKCS12 *c)
Raw set the PKCS12 object.
Definition: ksslpkcs12.cpp:116
KSSLPKCS12::~KSSLPKCS12
virtual ~KSSLPKCS12()
Destroy this PKCS#12 certificate.
Definition: ksslpkcs12.cpp:48
KSSLCertificate::validate
KSSLValidation validate()
Check if this is a valid certificate.
Definition: ksslcertificate.cpp:643
KSSLPKCS12::changePassword
bool changePassword(TQString pold, TQString pnew)
Change the password of the PKCS#12 in memory.
Definition: ksslpkcs12.cpp:123
KSSLCertificate::setCert
bool setCert(TQString &cert)
Re-set the certificate from a base64 string.
Definition: ksslcertificate.cpp:1151
KSSLCertificate
KDE X.509 Certificate.
Definition: ksslcertificate.h:77
KSSLCertificate::revalidate
KSSLValidation revalidate()
Check if this is a valid certificate.
Definition: ksslcertificate.cpp:805
KSSLPKCS12::loadCertFile
static KSSLPKCS12 * loadCertFile(TQString filename, TQString password="")
Create a KSSLPKCS12 object by reading a PKCS#12 file.
Definition: ksslpkcs12.cpp:83
KSSLPKCS12
KDE PKCS#12 Certificate.
Definition: ksslpkcs12.h:61
KSSLPKCS12::name
TQString name()
The name of this certificate.
Definition: ksslpkcs12.cpp:271
KSSLPKCS12::revalidate
KSSLCertificate::KSSLValidation revalidate()
Check the X.509 and private key to make sure they're valid.
Definition: ksslpkcs12.cpp:251
KSSLCertificate::KSSLValidation
KSSLValidation
A CA certificate can be validated as Irrelevant when it was not used to sign any other relevant certi...
Definition: ksslcertificate.h:122
KSSLPKCS12::validate
KSSLCertificate::KSSLValidation validate()
Check the X.509 and private key to make sure they're valid.
Definition: ksslpkcs12.cpp:232
KSSLPKCS12::getPrivateKey
EVP_PKEY * getPrivateKey()
Get the private key.
Definition: ksslpkcs12.cpp:176
KSSLCertificate::getSubject
TQString getSubject() const
Get the subject of the certificate (X.509 map).
Definition: ksslcertificate.cpp:193
KSSLPKCS12::isValid
bool isValid()
Check if the X.509 and private key are valid.
Definition: ksslpkcs12.cpp:261
KSSLPKCS12::toFile
bool toFile(TQString filename)
Write the PKCS#12 to a file in raw mode.
Definition: ksslpkcs12.cpp:209
KSSLPKCS12::getCertificate
KSSLCertificate * getCertificate()
Get the X.509 certificate.
Definition: ksslpkcs12.cpp:181

tdeio/kssl

Skip menu "tdeio/kssl"
  • Main Page
  • Alphabetical List
  • Class List
  • File List
  • Class Members
  • Related Pages

tdeio/kssl

Skip menu "tdeio/kssl"
  • arts
  • dcop
  • dnssd
  • interfaces
  •   kspeech
  •     interface
  •     library
  •   tdetexteditor
  • kate
  • kded
  • kdoctools
  • kimgio
  • kjs
  • libtdemid
  • libtdescreensaver
  •     tdecore
  • tdeabc
  • tdecmshell
  • tdecore
  • tdefx
  • tdehtml
  • tdeinit
  • tdeio
  •   bookmarks
  •   httpfilter
  •   kpasswdserver
  •   kssl
  • tdeioslave
  •   http
  •   tdefile
  •   tdeio
  •   tdeioexec
  • tdemdi
  •   tdemdi
  • tdenewstuff
  • tdeparts
  • tdeprint
  • tderandr
  • tderesources
  • tdespell2
  • tdesu
  • tdeui
  • tdeunittest
  • tdeutils
  • tdewallet
Generated for tdeio/kssl by doxygen 1.8.8
This website is maintained by Timothy Pearson.