diff options
Diffstat (limited to 'kio/kssl/ksslcertificate.h')
-rw-r--r-- | kio/kssl/ksslcertificate.h | 376 |
1 files changed, 0 insertions, 376 deletions
diff --git a/kio/kssl/ksslcertificate.h b/kio/kssl/ksslcertificate.h deleted file mode 100644 index a7906581a..000000000 --- a/kio/kssl/ksslcertificate.h +++ /dev/null @@ -1,376 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2000-2003 George Staikos <staikos@kde.org> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - -#ifndef _KSSLCERTIFICATE_H -#define _KSSLCERTIFICATE_H - - -// UPDATE: I like the structure of this class less and less every time I look -// at it. I think it needs to change. -// -// -// The biggest reason for making everything protected here is so that -// the class can have all it's methods available even if openssl is not -// available. Also, to create a new certificate you should use the -// KSSLCertificateFactory, and to manage the user's database of certificates, -// you should go through the KSSLCertificateHome. -// -// There should be no reason to touch the X509 stuff directly. -// - -#include <tqcstring.h> -#include <tqvaluelist.h> - -class TQString; -class TQStringList; -class TQCString; -class KSSL; -class KSSLCertificatePrivate; -class TQDateTime; -class KSSLCertChain; -class KSSLX509V3; - -#include <tdelibs_export.h> - -#ifdef Q_WS_WIN -#include "ksslconfig_win.h" -#else -#include "ksslconfig.h" -#endif - -#ifdef KSSL_HAVE_SSL -typedef struct x509_st X509; -#else -class X509; -#endif - -/** - * KDE X.509 Certificate - * - * This class represents an X.509 (SSL) certificate. - * Note: this object is VERY HEAVY TO COPY. Please try to use reference - * or pointer whenever possible - * - * @author George Staikos <staikos@kde.org> - * @see KSSL - * @short KDE X.509 Certificate - */ -class KIO_EXPORT KSSLCertificate { -friend class KSSL; -friend class KSSLCertificateHome; -friend class KSSLCertificateFactory; -friend class KSSLCertificateCache; -friend class KSSLCertChain; -friend class KSSLPeerInfo; -friend class KSSLPKCS12; -friend class KSSLD; -friend class KSMIMECryptoPrivate; - - -public: - /** - * Destroy this X.509 certificate. - */ - ~KSSLCertificate(); - - /** - * Create an X.509 certificate from a base64 encoded string. - * @param cert the certificate in base64 form - * @return the X.509 certificate, or NULL - */ - static KSSLCertificate *fromString(TQCString cert); - - /** - * Create an X.509 certificate from the internal representation. - * This one duplicates the X509 object for itself. - * @param x5 the OpenSSL representation of the certificate - * @return the X.509 certificate, or NULL - * @internal - */ - static KSSLCertificate *fromX509(X509 *x5); - - /** - * A CA certificate can be validated as Irrelevant when it was - * not used to sign any other relevant certificate. - */ - enum KSSLValidation { Unknown, Ok, NoCARoot, InvalidPurpose, - PathLengthExceeded, InvalidCA, Expired, - SelfSigned, ErrorReadingRoot, NoSSL, - Revoked, Untrusted, SignatureFailed, - Rejected, PrivateKeyFailed, InvalidHost, - Irrelevant, SelfSignedChain - }; - - enum KSSLPurpose { None=0, SSLServer=1, SSLClient=2, - SMIMESign=3, SMIMEEncrypt=4, Any=5 }; - - typedef TQValueList<KSSLValidation> KSSLValidationList; - - /** - * Convert this certificate to a string. - * @return the certificate in base64 format - */ - TQString toString(); - - /** - * Get the subject of the certificate (X.509 map). - * @return the subject - */ - TQString getSubject() const; - - /** - * Get the issuer of the certificate (X.509 map). - * @return the issuer - */ - TQString getIssuer() const; - - /** - * Get the date that the certificate becomes valid on. - * @return the date as a string, localised - */ - TQString getNotBefore() const; - - /** - * Get the date that the certificate is valid until. - * @return the date as a string, localised - */ - TQString getNotAfter() const; - - /** - * Get the date that the certificate becomes valid on. - * @return the date - */ - TQDateTime getQDTNotBefore() const; - - /** - * Get the date that the certificate is valid until. - * @return the date - */ - TQDateTime getQDTNotAfter() const; - - /** - * Convert the certificate to DER (ASN.1) format. - * @return the binary data of the DER encoding - */ - TQByteArray toDer(); - - /** - * Convert the certificate to PEM (base64) format. - * @return the binary data of the PEM encoding - */ - TQByteArray toPem(); - - /** - * Convert the certificate to Netscape format. - * @return the binary data of the Netscape encoding - */ - TQByteArray toNetscape(); - - /** - * Convert the certificate to OpenSSL plain text format. - * @return the OpenSSL text encoding - */ - TQString toText(); - - /** - * Get the serial number of the certificate. - * @return the serial number as a string - */ - TQString getSerialNumber() const; - - /** - * Get the key type (RSA, DSA, etc). - * @return the key type as a string - */ - TQString getKeyType() const; - - /** - * Get the public key. - * @return the public key as a hexidecimal string - */ - TQString getPublicKeyText() const; - - /** - * Get the MD5 digest of the certificate. - * Result is padded with : to separate bytes - it's a text version! - * @return the MD5 digest in a hexidecimal string - */ - TQString getMD5DigestText() const; - - /** - * Get the MD5 digest of the certificate. - * @return the MD5 digest in a hexidecimal string - */ - TQString getMD5Digest() const; - - /** - * Get the signature. - * @return the signature in text format - */ - TQString getSignatureText() const; - - /** - * Check if this is a valid certificate. Will use cached data. - * @return true if it is valid - */ - bool isValid(); - - /** - * Check if this is a valid certificate. Will use cached data. - * @param p the purpose to validate for - * @return true if it is valid - */ - bool isValid(KSSLPurpose p); - - /** - * The alternate subject name. - * @return string list with subjectAltName - */ - TQStringList subjAltNames() const; - - /** - * Check if this is a valid certificate. Will use cached data. - * @return the result of the validation - */ - KSSLValidation validate(); - - /** - * Check if this is a valid certificate. Will use cached data. - * @param p the purpose to validate for - * @return the result of the validation - */ - KSSLValidation validate(KSSLPurpose p); - - /** - * Check if this is a valid certificate. Will use cached data. - * @param p the purpose to validate for - * @return all problems encountered during validation - */ - KSSLValidationList validateVerbose(KSSLPurpose p); - - /** - * Check if the certificate ca is a proper CA for this - * certificate. - * @param p the purpose to validate for - * @param ca the certificate to check - * @return all problems encountered during validation - */ - KSSLValidationList validateVerbose(KSSLPurpose p, KSSLCertificate *ca); - - /** - * Check if this is a valid certificate. Will NOT use cached data. - * @return the result of the validation - */ - KSSLValidation revalidate(); - - /** - * Check if this is a valid certificate. Will NOT use cached data. - * @param p the purpose to validate for - * @return the result of the validation - */ - KSSLValidation revalidate(KSSLPurpose p); - - /** - * Get a reference to the certificate chain. - * @return reference to the chain - */ - KSSLCertChain& chain(); - - /** - * Obtain the localized message that corresponds to a validation result. - * @param x the code to look up - * @return the message text corresponding to the validation code - */ - static TQString verifyText(KSSLValidation x); - - /** - * Explicitly make a copy of this certificate. - * @return a copy of the certificate - */ - KSSLCertificate *replicate(); - - /** - * Copy constructor. Beware, this is very expensive. - * @param x the object to copy from - */ - KSSLCertificate(const KSSLCertificate& x); // copy constructor - - /** - * Re-set the certificate from a base64 string. - * @param cert the certificate to set to - * @return true on success - */ - bool setCert(TQString& cert); - - /** - * Access the X.509v3 parameters. - * @return reference to the extension object - * @see KSSLX509V3 - */ - KSSLX509V3& x509V3Extensions(); - - /** - * Check if this is a signer certificate. - * @return true if this is a signer certificate - */ - bool isSigner(); - - /** - * FIXME: document - */ - void getEmails(TQStringList& to) const; - - /** - * KDEKey is a concatenation "Subject (MD5)", mostly needed for SMIME. - * The result of getKDEKey might change and should not be used for - * persistant storage. - */ - TQString getKDEKey() const; - - /** - * Aegypten semantics force us to search by MD5Digest only. - */ - static TQString getMD5DigestFromKDEKey(const TQString& k); - -private: - KIO_EXPORT friend int operator!=(KSSLCertificate& x, KSSLCertificate& y); - KIO_EXPORT friend int operator==(KSSLCertificate& x, KSSLCertificate& y); - - KSSLCertificatePrivate *d; - int purposeToOpenSSL(KSSLPurpose p) const; - -protected: - KSSLCertificate(); - - void setCert(X509 *c); - void setChain(void *c); - X509 *getCert(); - KSSLValidation processError(int ec); -}; - -KIO_EXPORT TQDataStream& operator<<(TQDataStream& s, const KSSLCertificate& r); -KIO_EXPORT TQDataStream& operator>>(TQDataStream& s, KSSLCertificate& r); - -KIO_EXPORT int operator==(KSSLCertificate& x, KSSLCertificate& y); -KIO_EXPORT inline int operator!=(KSSLCertificate& x, KSSLCertificate& y) -{ return !(x == y); } - -#endif - |