summaryrefslogtreecommitdiffstats
path: root/kio/misc/kssld/kssld.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'kio/misc/kssld/kssld.cpp')
-rw-r--r--kio/misc/kssld/kssld.cpp1027
1 files changed, 0 insertions, 1027 deletions
diff --git a/kio/misc/kssld/kssld.cpp b/kio/misc/kssld/kssld.cpp
deleted file mode 100644
index 760e654d7..000000000
--- a/kio/misc/kssld/kssld.cpp
+++ /dev/null
@@ -1,1027 +0,0 @@
-/*
- This file is part of the KDE libraries
-
- Copyright (c) 2001-2005 George Staikos <staikos@kde.org>
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Library General Public
- License as published by the Free Software Foundation; either
- version 2 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Library General Public License
- along with this library; see the file COPYING.LIB. If not, write to
- the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
- Boston, MA 02110-1301, USA.
-
-*/
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <tqtimer.h>
-
-#include "kssld.h"
-#include <kconfig.h>
-#include <ksimpleconfig.h>
-#include <ksslcertchain.h>
-#include <ksslcertificate.h>
-#include <ksslcertificatehome.h>
-#include <ksslpkcs12.h>
-#include <ksslx509map.h>
-#include <tqptrlist.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <stdlib.h>
-#include <pwd.h>
-#include <unistd.h>
-#include <tqfile.h>
-#include <tqsortedlist.h>
-#include <kglobal.h>
-#include <kstandarddirs.h>
-#include <kdebug.h>
-#include <tqdatetime.h>
-
-#include <kmdcodec.h>
-#include <kopenssl.h>
-
-// See design notes at end
-
-extern "C" {
- KDE_EXPORT KDEDModule *create_kssld(const TQCString &name) {
- return new KSSLD(name);
- }
-
- KDE_EXPORT void *__kde_do_unload;
-}
-
-
-static void updatePoliciesConfig(KConfig *cfg) {
- TQStringList groups = cfg->groupList();
-
- for (TQStringList::Iterator i = groups.begin(); i != groups.end(); ++i) {
- if ((*i).isEmpty() || *i == "General") {
- continue;
- }
-
- cfg->setGroup(*i);
-
- // remove it if it has expired
- if (!cfg->readBoolEntry("Permanent") && cfg->readDateTimeEntry("Expires") < TQDateTime::currentDateTime()) {
- cfg->deleteGroup(*i);
- continue;
- }
-
- TQString encodedCertStr = cfg->readEntry("Certificate");
- TQCString encodedCert = encodedCertStr.local8Bit();
- KSSLCertificate *newCert = KSSLCertificate::fromString(encodedCert);
- if (!newCert) {
- cfg->deleteGroup(*i);
- continue;
- }
-
- KSSLCertificateCache::KSSLCertificatePolicy policy = (KSSLCertificateCache::KSSLCertificatePolicy) cfg->readNumEntry("Policy");
- bool permanent = cfg->readBoolEntry("Permanent");
- TQDateTime expires = cfg->readDateTimeEntry("Expires");
- TQStringList hosts = cfg->readListEntry("Hosts");
- TQStringList chain = cfg->readListEntry("Chain");
- cfg->deleteGroup(*i);
-
- cfg->setGroup(newCert->getMD5Digest());
- cfg->writeEntry("Certificate", encodedCertStr);
- cfg->writeEntry("Policy", policy);
- cfg->writeEntry("Permanent", permanent);
- cfg->writeEntry("Expires", expires);
- cfg->writeEntry("Hosts", hosts);
- cfg->writeEntry("Chain", chain);
- delete newCert;
- }
-
- cfg->setGroup("General");
- cfg->writeEntry("policies version", 2);
-
- cfg->sync();
-}
-
-
-KSSLD::KSSLD(const TQCString &name) : KDEDModule(name)
-{
-// ----------------------- FOR THE CACHE ------------------------------------
- cfg = new KSimpleConfig("ksslpolicies", false);
- cfg->setGroup("General");
- if (2 != cfg->readNumEntry("policies version", 0)) {
- ::updatePoliciesConfig(cfg);
- }
- KGlobal::dirs()->addResourceType("kssl", KStandardDirs::kde_default("data") + "kssl");
- caVerifyUpdate();
- cacheLoadDefaultPolicies();
- certList.setAutoDelete(false);
- kossl = KOSSL::self();
-
-// ----------------------- FOR THE HOME -------------------------------------
-}
-
-
-KSSLD::~KSSLD()
-{
-// ----------------------- FOR THE CACHE ------------------------------------
- cacheClearList();
- delete cfg;
-
-// ----------------------- FOR THE HOME -------------------------------------
-}
-
-
-
-
-// A node in the cache
-class KSSLCNode {
- public:
- KSSLCertificate *cert;
- KSSLCertificateCache::KSSLCertificatePolicy policy;
- bool permanent;
- TQDateTime expires;
- TQStringList hosts;
- KSSLCNode() { cert = 0L;
- policy = KSSLCertificateCache::Unknown;
- permanent = true;
- }
- ~KSSLCNode() { delete cert; }
-};
-
-
-
-void KSSLD::cacheSaveToDisk() {
-KSSLCNode *node;
-
- cfg->setGroup("General");
- cfg->writeEntry("policies version", 2);
-
- for (node = certList.first(); node; node = certList.next()) {
- if (node->permanent ||
- node->expires > TQDateTime::currentDateTime()) {
- // First convert to a binary format and then write the
- // kconfig entry write the (CN, policy, cert) to
- // KSimpleConfig
- cfg->setGroup(node->cert->getMD5Digest());
- cfg->writeEntry("Certificate", node->cert->toString());
- cfg->writeEntry("Policy", node->policy);
- cfg->writeEntry("Expires", node->expires);
- cfg->writeEntry("Permanent", node->permanent);
- cfg->writeEntry("Hosts", node->hosts);
-
- // Also write the chain
- TQStringList qsl;
- TQPtrList<KSSLCertificate> cl =
- node->cert->chain().getChain();
- for (KSSLCertificate *c = cl.first();
- c != 0;
- c = cl.next()) {
- //kdDebug() << "Certificate in chain: "
- // << c->toString() << endl;
- qsl << c->toString();
- }
-
- cl.setAutoDelete(true);
- cfg->writeEntry("Chain", qsl);
- }
- }
-
- cfg->sync();
-
- // insure proper permissions -- contains sensitive data
- TQString cfgName(KGlobal::dirs()->findResource("config", "ksslpolicies"));
-
- if (!cfgName.isEmpty()) {
- ::chmod(TQFile::encodeName(cfgName), 0600);
- }
-}
-
-
-void KSSLD::cacheReload() {
- cacheClearList();
- delete cfg;
- cfg = new KSimpleConfig("ksslpolicies", false);
- cacheLoadDefaultPolicies();
-}
-
-
-void KSSLD::cacheClearList() {
-KSSLCNode *node;
-
- for (node = certList.first(); node; node = certList.next()) {
- certList.remove(node);
- delete node;
- }
-
- skEmail.clear();
- skMD5Digest.clear();
-}
-
-
-void KSSLD::cacheLoadDefaultPolicies() {
-TQStringList groups = cfg->groupList();
-
- for (TQStringList::Iterator i = groups.begin();
- i != groups.end();
- ++i) {
- if ((*i).isEmpty() || *i == "General") {
- continue;
- }
-
- cfg->setGroup(*i);
-
- // remove it if it has expired
- if (!cfg->readBoolEntry("Permanent") &&
- cfg->readDateTimeEntry("Expires") <
- TQDateTime::currentDateTime()) {
- cfg->deleteGroup(*i);
- continue;
- }
-
- TQCString encodedCert;
- KSSLCertificate *newCert;
-
- encodedCert = cfg->readEntry("Certificate").local8Bit();
- newCert = KSSLCertificate::fromString(encodedCert);
-
- if (!newCert) {
- continue;
- }
-
- KSSLCNode *n = new KSSLCNode;
- n->cert = newCert;
- n->policy = (KSSLCertificateCache::KSSLCertificatePolicy) cfg->readNumEntry("Policy");
- n->permanent = cfg->readBoolEntry("Permanent");
- n->expires = cfg->readDateTimeEntry("Expires");
- n->hosts = cfg->readListEntry("Hosts");
- newCert->chain().setCertChain(cfg->readListEntry("Chain"));
- certList.append(n);
- searchAddCert(newCert);
- }
-}
-
-
-void KSSLD::cacheAddCertificate(KSSLCertificate cert,
- KSSLCertificateCache::KSSLCertificatePolicy policy,
- bool permanent) {
-KSSLCNode *node;
-
- for (node = certList.first(); node; node = certList.next()) {
- if (cert == *(node->cert)) {
- node->policy = policy;
- node->permanent = permanent;
-
- if (!permanent) {
- node->expires = TQDateTime::currentDateTime();
- // FIXME: make this configurable
- node->expires = TQT_TQDATETIME_OBJECT(node->expires.addSecs(3600));
- }
-
- cacheSaveToDisk();
- return;
- }
- }
-
- KSSLCNode *n = new KSSLCNode;
- n->cert = cert.replicate();
- n->policy = policy;
- n->permanent = permanent;
- // remove the old one
- cacheRemoveByCertificate(*(n->cert));
- certList.prepend(n);
-
- if (!permanent) {
- n->expires = TQDateTime::currentDateTime();
- n->expires = TQT_TQDATETIME_OBJECT(n->expires.addSecs(3600));
- }
-
- searchAddCert(n->cert);
- cacheSaveToDisk();
-}
-
-
-KSSLCertificateCache::KSSLCertificatePolicy KSSLD::cacheGetPolicyByCN(TQString cn) {
-KSSLCNode *node;
-
- for (node = certList.first(); node; node = certList.next()) {
- if (KSSLX509Map(node->cert->getSubject()).getValue("CN") == cn) {
- if (!node->permanent &&
- node->expires < TQDateTime::currentDateTime()) {
- certList.remove(node);
- cfg->deleteGroup(node->cert->getMD5Digest());
- delete node;
- continue;
- }
-
- certList.remove(node);
- certList.prepend(node);
- cacheSaveToDisk();
- return node->policy;
- }
- }
-
- cacheSaveToDisk();
-
-return KSSLCertificateCache::Unknown;
-}
-
-
-KSSLCertificateCache::KSSLCertificatePolicy KSSLD::cacheGetPolicyByCertificate(KSSLCertificate cert) {
-KSSLCNode *node;
-
- for (node = certList.first(); node; node = certList.next()) {
- if (cert == *(node->cert)) {
- if (!node->permanent &&
- node->expires < TQDateTime::currentDateTime()) {
- certList.remove(node);
- cfg->deleteGroup(node->cert->getMD5Digest());
- delete node;
- cacheSaveToDisk();
- return KSSLCertificateCache::Unknown;
- }
-
- certList.remove(node);
- certList.prepend(node);
- return node->policy;
- }
- }
-
-return KSSLCertificateCache::Unknown;
-}
-
-
-bool KSSLD::cacheSeenCN(TQString cn) {
-KSSLCNode *node;
-
- for (node = certList.first(); node; node = certList.next()) {
- if (KSSLX509Map(node->cert->getSubject()).getValue("CN") == cn) {
- if (!node->permanent &&
- node->expires < TQDateTime::currentDateTime()) {
- certList.remove(node);
- cfg->deleteGroup(node->cert->getMD5Digest());
- delete node;
- cacheSaveToDisk();
- continue;
- }
-
- certList.remove(node);
- certList.prepend(node);
- return true;
- }
- }
-
-return false;
-}
-
-
-bool KSSLD::cacheSeenCertificate(KSSLCertificate cert) {
-KSSLCNode *node;
-
- for (node = certList.first(); node; node = certList.next()) {
- if (cert == *(node->cert)) {
- if (!node->permanent &&
- node->expires < TQDateTime::currentDateTime()) {
- certList.remove(node);
- cfg->deleteGroup(node->cert->getMD5Digest());
- delete node;
- cacheSaveToDisk();
- return false;
- }
-
- certList.remove(node);
- certList.prepend(node);
- return true;
- }
- }
-
-return false;
-}
-
-
-bool KSSLD::cacheIsPermanent(KSSLCertificate cert) {
-KSSLCNode *node;
-
- for (node = certList.first(); node; node = certList.next()) {
- if (cert == *(node->cert)) {
- if (!node->permanent && node->expires <
- TQDateTime::currentDateTime()) {
- certList.remove(node);
- cfg->deleteGroup(node->cert->getMD5Digest());
- delete node;
- cacheSaveToDisk();
- return false;
- }
-
- certList.remove(node);
- certList.prepend(node);
- return node->permanent;
- }
- }
-
-return false;
-}
-
-
-bool KSSLD::cacheRemoveBySubject(TQString subject) {
-KSSLCNode *node;
-bool gotOne = false;
-
- for (node = certList.first(); node; node = certList.next()) {
- if (node->cert->getSubject() == subject) {
- certList.remove(node);
- cfg->deleteGroup(node->cert->getMD5Digest());
- searchRemoveCert(node->cert);
- delete node;
- gotOne = true;
- }
- }
-
- cacheSaveToDisk();
-
-return gotOne;
-}
-
-
-bool KSSLD::cacheRemoveByCN(TQString cn) {
-KSSLCNode *node;
-bool gotOne = false;
-
- for (node = certList.first(); node; node = certList.next()) {
- if (KSSLX509Map(node->cert->getSubject()).getValue("CN") == cn) {
- certList.remove(node);
- cfg->deleteGroup(node->cert->getMD5Digest());
- searchRemoveCert(node->cert);
- delete node;
- gotOne = true;
- }
- }
-
- cacheSaveToDisk();
-
-return gotOne;
-}
-
-
-bool KSSLD::cacheRemoveByCertificate(KSSLCertificate cert) {
-KSSLCNode *node;
-
- for (node = certList.first(); node; node = certList.next()) {
- if (cert == *(node->cert)) {
- certList.remove(node);
- cfg->deleteGroup(node->cert->getMD5Digest());
- searchRemoveCert(node->cert);
- delete node;
- cacheSaveToDisk();
- return true;
- }
- }
-
-return false;
-}
-
-
-bool KSSLD::cacheModifyByCN(TQString cn,
- KSSLCertificateCache::KSSLCertificatePolicy policy, bool permanent,
- TQDateTime expires) {
-KSSLCNode *node;
-
- for (node = certList.first(); node; node = certList.next()) {
- if (KSSLX509Map(node->cert->getSubject()).getValue("CN") == cn) {
- node->permanent = permanent;
- node->expires = expires;
- node->policy = policy;
- certList.remove(node);
- certList.prepend(node);
- cacheSaveToDisk();
- return true;
- }
- }
-
-return false;
-}
-
-
-bool KSSLD::cacheModifyByCertificate(KSSLCertificate cert,
- KSSLCertificateCache::KSSLCertificatePolicy policy,
- bool permanent,
- TQDateTime expires) {
-KSSLCNode *node;
-
- for (node = certList.first(); node; node = certList.next()) {
- if (cert == *(node->cert)) {
- node->permanent = permanent;
- node->expires = expires;
- node->policy = policy;
- certList.remove(node);
- certList.prepend(node);
- cacheSaveToDisk();
- return true;
- }
- }
-
-return false;
-}
-
-
-TQStringList KSSLD::cacheGetHostList(KSSLCertificate cert) {
-KSSLCNode *node;
-
- for (node = certList.first(); node; node = certList.next()) {
- if (cert == *(node->cert)) {
- if (!node->permanent && node->expires <
- TQDateTime::currentDateTime()) {
- certList.remove(node);
- cfg->deleteGroup(node->cert->getMD5Digest());
- searchRemoveCert(node->cert);
- delete node;
- cacheSaveToDisk();
- return TQStringList();
- }
-
- certList.remove(node);
- certList.prepend(node);
- return node->hosts;
- }
- }
-
-return TQStringList();
-}
-
-
-bool KSSLD::cacheAddHost(KSSLCertificate cert, TQString host) {
-KSSLCNode *node;
-
- if (host.isEmpty())
- return true;
-
- for (node = certList.first(); node; node = certList.next()) {
- if (cert == *(node->cert)) {
- if (!node->permanent && node->expires <
- TQDateTime::currentDateTime()) {
- certList.remove(node);
- cfg->deleteGroup(node->cert->getMD5Digest());
- searchRemoveCert(node->cert);
- delete node;
- cacheSaveToDisk();
- return false;
- }
-
- if (!node->hosts.contains(host)) {
- node->hosts << host;
- }
-
- certList.remove(node);
- certList.prepend(node);
- cacheSaveToDisk();
- return true;
- }
- }
-
-return false;
-}
-
-
-bool KSSLD::cacheRemoveHost(KSSLCertificate cert, TQString host) {
-KSSLCNode *node;
-
- for (node = certList.first(); node; node = certList.next()) {
- if (cert == *(node->cert)) {
- if (!node->permanent && node->expires <
- TQDateTime::currentDateTime()) {
- certList.remove(node);
- cfg->deleteGroup(node->cert->getMD5Digest());
- searchRemoveCert(node->cert);
- delete node;
- cacheSaveToDisk();
- return false;
- }
- node->hosts.remove(host);
- certList.remove(node);
- certList.prepend(node);
- cacheSaveToDisk();
- return true;
- }
- }
-
-return false;
-}
-
-
-
-
-///////////////////////////////////////////////////////////////////////////
-
-void KSSLD::caVerifyUpdate() {
- TQString path = KGlobal::dirs()->saveLocation("kssl") + "/ca-bundle.crt";
- if (!TQFile::exists(path))
- return;
-
- cfg->setGroup(TQString::null);
- TQ_UINT32 newStamp = KGlobal::dirs()->calcResourceHash("config", "ksslcalist", true);
- TQ_UINT32 oldStamp = cfg->readUnsignedNumEntry("ksslcalistStamp");
- if (oldStamp != newStamp)
- {
- caRegenerate();
- cfg->writeEntry("ksslcalistStamp", newStamp);
- cfg->sync();
- }
-}
-
-bool KSSLD::caRegenerate() {
-TQString path = KGlobal::dirs()->saveLocation("kssl") + "/ca-bundle.crt";
-
-TQFile out(path);
-
- if (!out.open(IO_WriteOnly))
- return false;
-
-KConfig cfg("ksslcalist", true, false);
-
-TQStringList x = cfg.groupList();
-
- for (TQStringList::Iterator i = x.begin();
- i != x.end();
- ++i) {
- if ((*i).isEmpty() || *i == "<default>") continue;
-
- cfg.setGroup(*i);
-
- if (!cfg.readBoolEntry("site", false)) continue;
-
- TQString cert = cfg.readEntry("x509", "");
- if (cert.length() <= 0) continue;
-
- unsigned int xx = cert.length() - 1;
- for (unsigned int j = 0; j < xx/64; j++) {
- cert.insert(64*(j+1)+j, '\n');
- }
- out.writeBlock("-----BEGIN CERTIFICATE-----\n", 28);
- out.writeBlock(cert.latin1(), cert.length());
- out.writeBlock("\n-----END CERTIFICATE-----\n\n", 28);
- out.flush();
- }
-
-return true;
-}
-
-
-
-bool KSSLD::caAdd(TQString certificate, bool ssl, bool email, bool code) {
-KSSLCertificate *x = KSSLCertificate::fromString(certificate.local8Bit());
-
- if (!x) return false;
-
-KConfig cfg("ksslcalist", false, false);
-
- cfg.setGroup(x->getSubject());
- cfg.writeEntry("x509", certificate);
- cfg.writeEntry("site", ssl);
- cfg.writeEntry("email", email);
- cfg.writeEntry("code", code);
-
- cfg.sync();
- delete x;
-
-return true;
-}
-
-
-/**
- * @internal
- * Returns a list of certificates as QStrings read from the given file
- */
-static TQStringList caReadCerticatesFromFile(TQString filename) {
-
- TQStringList certificates;
- TQString certificate, temp;
- TQFile file(filename);
-
- if (!file.open(IO_ReadOnly))
- return certificates;
-
- while (!file.atEnd()) {
- file.readLine(temp, 999);
- if (temp.startsWith("-----BEGIN CERTIFICATE-----")) {
- certificate = TQString::null;
- continue;
- }
-
- if (temp.startsWith("-----END CERTIFICATE-----")) {
- certificates.append(certificate);
- certificate = TQString::null;
- continue;
- }
-
- certificate += temp.stripWhiteSpace();
- }
-
- file.close();
-
- return certificates;
-}
-
-bool KSSLD::caAddFromFile(TQString filename, bool ssl, bool email, bool code) {
-
- TQStringList certificates;
- certificates = caReadCerticatesFromFile(filename);
- if (certificates.isEmpty())
- return false;
-
- bool ok = true;
-
- for (TQStringList::Iterator it = certificates.begin();
- it != certificates.end(); ++it ) {
- ok &= caAdd(*it, ssl, email, code);
- }
-
- return ok;
-}
-
-bool KSSLD::caRemoveFromFile(TQString filename) {
-
- TQStringList certificates;
- certificates = caReadCerticatesFromFile(filename);
- if (certificates.isEmpty())
- return false;
-
- bool ok = true;
-
- for (TQStringList::Iterator it = certificates.begin();
- it != certificates.end(); ++it ) {
- TQString certificate = *it;
- KSSLCertificate *x = KSSLCertificate::fromString(certificate.local8Bit());
- ok &= x && caRemove(x->getSubject());
- delete x;
- }
-
- return ok;
-}
-
-
-TQStringList KSSLD::caList() {
-TQStringList x;
-KConfig cfg("ksslcalist", true, false);
-
- x = cfg.groupList();
- x.remove("<default>");
-
-return x;
-}
-
-
-bool KSSLD::caUseForSSL(TQString subject) {
-KConfig cfg("ksslcalist", true, false);
-
- if (!cfg.hasGroup(subject))
- return false;
-
- cfg.setGroup(subject);
-return cfg.readBoolEntry("site", false);
-}
-
-
-
-bool KSSLD::caUseForEmail(TQString subject) {
-KConfig cfg("ksslcalist", true, false);
-
- if (!cfg.hasGroup(subject))
- return false;
-
- cfg.setGroup(subject);
-return cfg.readBoolEntry("email", false);
-}
-
-
-
-bool KSSLD::caUseForCode(TQString subject) {
-KConfig cfg("ksslcalist", true, false);
-
- if (!cfg.hasGroup(subject))
- return false;
-
- cfg.setGroup(subject);
-return cfg.readBoolEntry("code", false);
-}
-
-
-bool KSSLD::caRemove(TQString subject) {
-KConfig cfg("ksslcalist", false, false);
- if (!cfg.hasGroup(subject))
- return false;
-
- cfg.deleteGroup(subject);
- cfg.sync();
-
-return true;
-}
-
-
-TQString KSSLD::caGetCert(TQString subject) {
-KConfig cfg("ksslcalist", true, false);
- if (!cfg.hasGroup(subject))
- return TQString::null;
-
- cfg.setGroup(subject);
-
-return cfg.readEntry("x509", TQString::null);
-}
-
-
-bool KSSLD::caSetUse(TQString subject, bool ssl, bool email, bool code) {
-KConfig cfg("ksslcalist", false, false);
- if (!cfg.hasGroup(subject))
- return false;
-
- cfg.setGroup(subject);
-
- cfg.writeEntry("site", ssl);
- cfg.writeEntry("email", email);
- cfg.writeEntry("code", code);
- cfg.sync();
-
-return true;
-}
-
-///////////////////////////////////////////////////////////////////////////
-
-void KSSLD::searchAddCert(KSSLCertificate *cert) {
- skMD5Digest.insert(cert->getMD5Digest(), cert, true);
-
- TQStringList mails;
- cert->getEmails(mails);
- for(TQStringList::const_iterator iter = mails.begin(); iter != mails.end(); ++iter) {
- TQString email = static_cast<const TQString &>(*iter).lower();
- TQMap<TQString, TQPtrVector<KSSLCertificate> >::iterator it = skEmail.find(email);
-
- if (it == skEmail.end())
- it = skEmail.insert(email, TQPtrVector<KSSLCertificate>());
-
- TQPtrVector<KSSLCertificate> &elem = *it;
-
- if (elem.findRef(cert) == -1) {
- unsigned int n = 0;
- for(; n < elem.size(); n++) {
- if (!elem.at(n)) {
- elem.insert(n, cert);
- break;
- }
- }
- if (n == elem.size()) {
- elem.resize(n+1);
- elem.insert(n, cert);
- }
- }
- }
-}
-
-
-void KSSLD::searchRemoveCert(KSSLCertificate *cert) {
- skMD5Digest.remove(cert->getMD5Digest());
-
- TQStringList mails;
- cert->getEmails(mails);
- for(TQStringList::const_iterator iter = mails.begin(); iter != mails.end(); ++iter) {
- TQMap<TQString, TQPtrVector<KSSLCertificate> >::iterator it = skEmail.find(static_cast<const TQString &>(*iter).lower());
-
- if (it == skEmail.end())
- break;
-
- TQPtrVector<KSSLCertificate> &elem = *it;
-
- int n = elem.findRef(cert);
- if (n != -1)
- elem.remove(n);
- }
-}
-
-
-TQStringList KSSLD::getKDEKeyByEmail(const TQString &email) {
- TQStringList rc;
- TQMap<TQString, TQPtrVector<KSSLCertificate> >::iterator it = skEmail.find(email.lower());
-
- kdDebug() << "GETKDEKey " << email.latin1() << endl;
-
- if (it == skEmail.end())
- return rc;
-
- TQPtrVector<KSSLCertificate> &elem = *it;
- for (unsigned int n = 0; n < elem.size(); n++) {
- KSSLCertificate *cert = elem.at(n);
- if (cert) {
- rc.append(cert->getKDEKey());
- }
- }
-
- kdDebug() << "ergebnisse: " << rc.size() << " " << elem.size() << endl;
- return rc;
-}
-
-
-KSSLCertificate KSSLD::getCertByMD5Digest(const TQString &key) {
- TQMap<TQString, KSSLCertificate *>::iterator iter = skMD5Digest.find(key);
-
- kdDebug() << "Searching cert for " << key.latin1() << endl;
-
- if (iter != skMD5Digest.end())
- return **iter;
-
- KSSLCertificate rc; // FIXME: Better way to return a not found condition?
- kdDebug() << "Not found: " << rc.toString().latin1() << endl;
- return rc;
-}
-
-
-///////////////////////////////////////////////////////////////////////////
-
-//
-// Certificate Home methods
-//
-
-TQStringList KSSLD::getHomeCertificateList() {
- return KSSLCertificateHome::getCertificateList();
-}
-
-bool KSSLD::addHomeCertificateFile(TQString filename, TQString password, bool storePass) {
- return KSSLCertificateHome::addCertificate(filename, password, storePass);
-}
-
-bool KSSLD::addHomeCertificatePKCS12(TQString base64cert, TQString passToStore) {
- bool ok;
- KSSLPKCS12 *pkcs12 = KSSLPKCS12::fromString(base64cert, passToStore);
- ok = KSSLCertificateHome::addCertificate(pkcs12, passToStore);
- delete pkcs12;
- return ok;
-}
-
-bool KSSLD::deleteHomeCertificateByFile(TQString filename, TQString password) {
- return KSSLCertificateHome::deleteCertificate(filename, password);
-}
-
-bool KSSLD::deleteHomeCertificateByPKCS12(TQString base64cert, TQString password) {
- bool ok;
- KSSLPKCS12 *pkcs12 = KSSLPKCS12::fromString(base64cert, password);
- ok = KSSLCertificateHome::deleteCertificate(pkcs12);
- delete pkcs12;
- return ok;
-}
-
-bool KSSLD::deleteHomeCertificateByName(TQString name) {
- return KSSLCertificateHome::deleteCertificateByName(name);
-}
-
-
-
-///////////////////////////////////////////////////////////////////////////
-
-#include "kssld.moc"
-
-
-/*
-
- DESIGN - KSSLCertificateCache
- ------
-
- This is the first implementation and I think this cache actually needs
- experimentation to determine which implementation works best. My current
- options are:
-
- (1) Store copies of the X509 certificates in a TQPtrList using a self
- organizing heuristic as described by Munro and Suwanda.
- (2) Store copies of the X509 certificates in a tree structure, perhaps
- a redblack tree, avl tree, or even just a simple binary tree.
- (3) Store the CN's in a tree or list and use them as a hash to retrieve
- the X509 certificates.
- (4) Create "nodes" containing the X509 certificate and place them in
- two structures concurrently, one organized by CN, the other by
- X509 serial number.
-
- This implementation uses (1). (4) is definitely attractive, but I don't
- think it will be necessary to go so crazy with performance, and perhaps
- end up performing poorly in situations where there are very few entries in
- the cache (which is most likely the case most of the time). The style of
- heuristic is move-to-front, not swap-forward. This seems to make more
- sense because the typical user will hit a site at least a few times in a
- row before moving to a new one.
-
- What I worry about most with respect to performance is that cryptographic
- routines are expensive and if we have to perform them on each X509
- certificate until the right one is found, we will perform poorly.
-
- All in all, this code is actually quite crucial for performance on SSL
- website, especially those with many image files loaded via SSL. If a
- site loads 15 images, we will have to run through this code 15 times.
- A heuristic for self organization will make each successive lookup faster.
- Sounds good, doesn't it?
-
- DO NOT ATTEMPT TO GUESS WHICH CERTIFICATES ARE ACCEPTIBLE IN YOUR CODE!!
- ALWAYS USE THE CACHE. IT MAY CHECK THINGS THAT YOU DON'T THINK OF, AND
- ALSO IF THERE IS A BUG IN THE CHECKING CODE, IF IT IS ALL CONTAINED IN
- THIS LIBRARY, A MINOR FIX WILL FIX ALL APPLICATIONS.
- */
-