kio Library API Documentation

ksslpkcs12.cc

00001 /* This file is part of the KDE project
00002  *
00003  * Copyright (C) 2001 George Staikos <staikos@kde.org>
00004  *
00005  * This library is free software; you can redistribute it and/or
00006  * modify it under the terms of the GNU Library General Public
00007  * License as published by the Free Software Foundation; either
00008  * version 2 of the License, or (at your option) any later version.
00009  *
00010  * This library is distributed in the hope that it will be useful,
00011  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00012  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00013  * Library General Public License for more details.
00014  *
00015  * You should have received a copy of the GNU Library General Public License
00016  * along with this library; see the file COPYING.LIB.  If not, write to
00017  * the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
00018  * Boston, MA 02111-1307, USA.
00019  */
00020 
00021 
00022 #ifdef HAVE_CONFIG_H
00023 #include <config.h>
00024 #endif
00025 
00026 #include <kopenssl.h>
00027 
00028 #include <qstring.h>
00029 #include <qfile.h>
00030 #include <ksslall.h>
00031 #include <kdebug.h>
00032 #include <ktempfile.h>
00033 #include <kmdcodec.h>
00034 
00035 #include <assert.h>
00036 
00037 #ifdef KSSL_HAVE_SSL
00038 #define sk_new kossl->sk_new
00039 #define sk_push kossl->sk_push
00040 #define sk_free kossl->sk_free
00041 #define sk_value kossl->sk_value
00042 #define sk_num kossl->sk_num
00043 #define sk_dup kossl->sk_dup
00044 #define sk_pop kossl->sk_pop
00045 #endif
00046 
00047 
00048 KSSLPKCS12::KSSLPKCS12() {
00049    _pkcs = NULL;
00050    _pkey = NULL;
00051    _cert = NULL;
00052    _caStack = NULL;
00053    kossl = KOSSL::self();
00054 }
00055 
00056 
00057 
00058 KSSLPKCS12::~KSSLPKCS12() {
00059 #ifdef KSSL_HAVE_SSL
00060    if (_pkey) kossl->EVP_PKEY_free(_pkey);
00061    if (_caStack) {
00062       for (;;) {
00063          X509* x5 = sk_X509_pop(_caStack);
00064          if (!x5) break;
00065          kossl->X509_free(x5);
00066       }
00067       sk_X509_free(_caStack);
00068    }
00069    if (_pkcs) kossl->PKCS12_free(_pkcs);
00070 #endif
00071    if (_cert) delete _cert;
00072 }
00073 
00074 
00075 KSSLPKCS12* KSSLPKCS12::fromString(QString base64, QString password) {
00076 #ifdef KSSL_HAVE_SSL
00077 KTempFile ktf;
00078 
00079     if (base64.isEmpty()) return NULL;
00080     QByteArray qba, qbb = QCString(base64.latin1()).copy();
00081     KCodecs::base64Decode(qbb, qba);
00082     ktf.file()->writeBlock(qba);
00083     ktf.close();
00084     KSSLPKCS12* rc = loadCertFile(ktf.name(), password);
00085     ktf.unlink();
00086     return rc;
00087 #endif
00088 return NULL;
00089 }
00090 
00091 
00092 
00093 KSSLPKCS12* KSSLPKCS12::loadCertFile(QString filename, QString password) {
00094 #ifdef KSSL_HAVE_SSL
00095 QFile qf(filename);
00096 PKCS12 *newpkcs = NULL;
00097 
00098   if (!qf.open(IO_ReadOnly))
00099     return NULL;
00100 
00101   FILE *fp = fdopen(qf.handle(), "r");
00102   if (!fp) return NULL;
00103 
00104   newpkcs = KOSSL::self()->d2i_PKCS12_fp(fp, &newpkcs);
00105 
00106   fclose(fp);
00107   if (!newpkcs) {
00108     KOSSL::self()->ERR_clear_error();
00109     return NULL;
00110   }
00111 
00112   KSSLPKCS12 *c = new KSSLPKCS12;
00113   c->setCert(newpkcs);
00114 
00115   // Now we parse it to see if we can decrypt it and interpret it
00116   if (!c->parse(password)) {
00117         delete c;  c = NULL;
00118   }
00119 
00120   return c;
00121 #endif
00122 return NULL;
00123 }
00124 
00125 
00126 void KSSLPKCS12::setCert(PKCS12 *c) {
00127 #ifdef KSSL_HAVE_SSL
00128    _pkcs = c;
00129 #endif
00130 }
00131 
00132 
00133 bool KSSLPKCS12::changePassword(QString pold, QString pnew) {
00134 #ifdef KSSL_HAVE_SSL
00135    // OpenSSL makes me cast away the const here.  argh
00136    return (0 == kossl->PKCS12_newpass(_pkcs, 
00137                                       (char *)pold.latin1(), 
00138                                       (char *)pnew.latin1()));
00139 #endif
00140 return false;
00141 }
00142 
00143 
00144 bool KSSLPKCS12::parse(QString pass) {
00145 #ifdef KSSL_HAVE_SSL
00146 X509 *x = NULL;
00147 
00148   assert(_pkcs);   // if you're calling this before pkcs gets set, it's a BUG!
00149 
00150    if (_cert) delete _cert;
00151    if (_pkey) kossl->EVP_PKEY_free(_pkey);
00152    if (_caStack) {
00153       for (;;) {
00154          X509* x5 = sk_X509_pop(_caStack);
00155          if (!x5) break;
00156          kossl->X509_free(x5);
00157       }
00158       sk_X509_free(_caStack);
00159    }
00160    _pkey = NULL;
00161    _caStack = NULL;
00162    _cert = NULL;
00163 
00164   int rc = kossl->PKCS12_parse(_pkcs, pass.latin1(), &_pkey, &x, &_caStack);
00165 
00166   if (rc == 1) {
00167      // kdDebug(7029) << "PKCS12_parse success" << endl;
00168      if (x) {
00169         _cert = new KSSLCertificate;
00170         _cert->setCert(x);
00171         if (_caStack) {
00172            _cert->setChain(_caStack);
00173         }
00174         return true;
00175      }
00176   } else {
00177     _caStack = NULL;
00178     _pkey = NULL;
00179     kossl->ERR_clear_error();
00180   }
00181 #endif
00182 return false;  
00183 }
00184 
00185 
00186 EVP_PKEY *KSSLPKCS12::getPrivateKey() {
00187    return _pkey;
00188 }
00189 
00190 
00191 KSSLCertificate *KSSLPKCS12::getCertificate() {
00192    return _cert;
00193 }
00194 
00195 
00196 QString KSSLPKCS12::toString() {
00197 QString base64;
00198 #ifdef KSSL_HAVE_SSL
00199 unsigned char *p;
00200 int len;
00201 
00202    len = kossl->i2d_PKCS12(_pkcs, NULL);
00203    char *buf = new char[len];
00204    p = (unsigned char *)buf;
00205    kossl->i2d_PKCS12(_pkcs, &p);
00206    QByteArray qba;
00207    qba.setRawData(buf, len);
00208    base64 = KCodecs::base64Encode(qba);
00209    qba.resetRawData(buf, len);
00210    delete[] buf;
00211 #endif
00212 return base64;
00213 }
00214 
00215 
00216 
00217 bool KSSLPKCS12::toFile(QString filename) {
00218 #ifdef KSSL_HAVE_SSL
00219 QFile out(filename);
00220 
00221    if (!out.open(IO_WriteOnly)) return false;
00222 
00223    int fd = out.handle();
00224    FILE *fp = fdopen(fd, "w");
00225 
00226    if (!fp) {
00227       unlink(filename.latin1());
00228       return false;
00229    }
00230 
00231    kossl->i2d_PKCS12_fp(fp, _pkcs);
00232 
00233    fclose(fp);
00234    return true;
00235 #endif
00236 return false;
00237 }
00238 
00239 
00240 KSSLCertificate::KSSLValidation KSSLPKCS12::validate() {
00241     return validate(KSSLCertificate::SSLServer);
00242 }
00243 
00244 
00245 KSSLCertificate::KSSLValidation KSSLPKCS12::validate(KSSLCertificate::KSSLPurpose p) {
00246 #ifdef KSSL_HAVE_SSL
00247 KSSLCertificate::KSSLValidation xx = _cert->validate(p);
00248    if (1 != kossl->X509_check_private_key(_cert->getCert(), _pkey)) {
00249       xx = KSSLCertificate::PrivateKeyFailed;
00250    }
00251 
00252 return xx;
00253 #else
00254 return KSSLCertificate::NoSSL;
00255 #endif
00256 }
00257 
00258 
00259 KSSLCertificate::KSSLValidation KSSLPKCS12::revalidate() {
00260    return revalidate(KSSLCertificate::SSLServer);
00261 }
00262 
00263 
00264 KSSLCertificate::KSSLValidation KSSLPKCS12::revalidate(KSSLCertificate::KSSLPurpose p) {
00265    return _cert->revalidate(p);
00266 }
00267 
00268 
00269 bool KSSLPKCS12::isValid() {
00270 return isValid(KSSLCertificate::SSLServer);
00271 }
00272 
00273 
00274 bool KSSLPKCS12::isValid(KSSLCertificate::KSSLPurpose p) {
00275 return (validate(p) == KSSLCertificate::Ok);
00276 }
00277 
00278 
00279 QString KSSLPKCS12::name() {
00280    return _cert->getSubject();
00281 }
00282 
00283  
00284 #ifdef KSSL_HAVE_SSL
00285 #undef sk_new
00286 #undef sk_push
00287 #undef sk_free
00288 #undef sk_value
00289 #undef sk_num
00290 #undef sk_pop
00291 #undef sk_dup
00292 #endif
00293 
KDE Logo
This file is part of the documentation for kdelibs Version 3.1.0.
Documentation copyright © 1996-2002 the KDE developers.
Generated on Wed Oct 8 12:21:32 2003 by doxygen 1.2.18 written by Dimitri van Heesch, © 1997-2001