diff options
Diffstat (limited to 'kio/misc/kssld')
| -rw-r--r-- | kio/misc/kssld/CMakeLists.txt | 47 | ||||
| -rw-r--r-- | kio/misc/kssld/Makefile.am | 33 | ||||
| -rw-r--r-- | kio/misc/kssld/kssld.cpp | 1027 | ||||
| -rw-r--r-- | kio/misc/kssld/kssld.desktop | 156 | ||||
| -rw-r--r-- | kio/misc/kssld/kssld.h | 154 |
5 files changed, 0 insertions, 1417 deletions
diff --git a/kio/misc/kssld/CMakeLists.txt b/kio/misc/kssld/CMakeLists.txt deleted file mode 100644 index 14d2de1ac..000000000 --- a/kio/misc/kssld/CMakeLists.txt +++ /dev/null @@ -1,47 +0,0 @@ -################################################# -# -# (C) 2010 Serghei Amelian -# serghei (DOT) amelian (AT) gmail.com -# -# Improvements and feedback are welcome -# -# This file is released under GPL >= 2 -# -################################################# - -include_directories( - ${TQT_INCLUDE_DIRS} - ${CMAKE_CURRENT_BINARY_DIR} - ${CMAKE_BINARY_DIR} - ${CMAKE_BINARY_DIR}/kio/kssl - ${CMAKE_BINARY_DIR}/tdecore - ${CMAKE_SOURCE_DIR} - ${CMAKE_SOURCE_DIR}/dcop - ${CMAKE_SOURCE_DIR}/tdecore - ${CMAKE_SOURCE_DIR}/kio/kssl -) - -link_directories( - ${TQT_LIBRARY_DIRS} -) - - -##### other data ################################ - -install(FILES kssld.desktop DESTINATION ${SERVICES_INSTALL_DIR}/kded ) - - -##### kded_kssld ########################### - -set( target kded_kssld ) - -set( ${target}_SRCS - kssld.cpp kssld.skel -) - -tde_add_kpart( ${target} AUTOMOC - SOURCES ${${target}_SRCS} - LINK tdeinit_kded-shared - DEPENDENCIES dcopidl - DESTINATION ${PLUGIN_INSTALL_DIR} -) diff --git a/kio/misc/kssld/Makefile.am b/kio/misc/kssld/Makefile.am deleted file mode 100644 index 18193018e..000000000 --- a/kio/misc/kssld/Makefile.am +++ /dev/null @@ -1,33 +0,0 @@ -# This file is part of the KDE libraries -# Copyright (C) 2001 George Staikos <staikos@kde.org> - -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Library General Public -# License as published by the Free Software Foundation; either -# version 2 of the License, or (at your option) any later version. - -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Library General Public License for more details. - -# You should have received a copy of the GNU Library General Public License -# along with this library; see the file COPYING.LIB. If not, write to -# the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. - -INCLUDES= -I$(srcdir)/.. -I$(top_srcdir) $(SSL_INCLUDES) -I$(top_srcdir)/kio/kssl -I$(top_builddir)/kio/kssl $(all_includes) - -kde_module_LTLIBRARIES = kded_kssld.la - -kded_kssld_la_LDFLAGS = $(all_libraries) -module -avoid-version -kded_kssld_la_LIBADD = $(LIB_KIO) $(LIB_KDED) $(LIB_QT) $(top_builddir)/dcop/libDCOP.la $(LIB_TDECORE) -kded_kssld_la_SOURCES = kssld.cpp kssld.skel - -METASOURCES = AUTO - -noinst_HEADERS = kssld.h - -services_DATA = kssld.desktop -servicesdir = $(kde_servicesdir)/kded - diff --git a/kio/misc/kssld/kssld.cpp b/kio/misc/kssld/kssld.cpp deleted file mode 100644 index 760e654d7..000000000 --- a/kio/misc/kssld/kssld.cpp +++ /dev/null @@ -1,1027 +0,0 @@ -/* - This file is part of the KDE libraries - - Copyright (c) 2001-2005 George Staikos <staikos@kde.org> - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public License - along with this library; see the file COPYING.LIB. If not, write to - the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. - -*/ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif - -#include <tqtimer.h> - -#include "kssld.h" -#include <kconfig.h> -#include <ksimpleconfig.h> -#include <ksslcertchain.h> -#include <ksslcertificate.h> -#include <ksslcertificatehome.h> -#include <ksslpkcs12.h> -#include <ksslx509map.h> -#include <tqptrlist.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <stdlib.h> -#include <pwd.h> -#include <unistd.h> -#include <tqfile.h> -#include <tqsortedlist.h> -#include <kglobal.h> -#include <kstandarddirs.h> -#include <kdebug.h> -#include <tqdatetime.h> - -#include <kmdcodec.h> -#include <kopenssl.h> - -// See design notes at end - -extern "C" { - KDE_EXPORT KDEDModule *create_kssld(const TQCString &name) { - return new KSSLD(name); - } - - KDE_EXPORT void *__kde_do_unload; -} - - -static void updatePoliciesConfig(KConfig *cfg) { - TQStringList groups = cfg->groupList(); - - for (TQStringList::Iterator i = groups.begin(); i != groups.end(); ++i) { - if ((*i).isEmpty() || *i == "General") { - continue; - } - - cfg->setGroup(*i); - - // remove it if it has expired - if (!cfg->readBoolEntry("Permanent") && cfg->readDateTimeEntry("Expires") < TQDateTime::currentDateTime()) { - cfg->deleteGroup(*i); - continue; - } - - TQString encodedCertStr = cfg->readEntry("Certificate"); - TQCString encodedCert = encodedCertStr.local8Bit(); - KSSLCertificate *newCert = KSSLCertificate::fromString(encodedCert); - if (!newCert) { - cfg->deleteGroup(*i); - continue; - } - - KSSLCertificateCache::KSSLCertificatePolicy policy = (KSSLCertificateCache::KSSLCertificatePolicy) cfg->readNumEntry("Policy"); - bool permanent = cfg->readBoolEntry("Permanent"); - TQDateTime expires = cfg->readDateTimeEntry("Expires"); - TQStringList hosts = cfg->readListEntry("Hosts"); - TQStringList chain = cfg->readListEntry("Chain"); - cfg->deleteGroup(*i); - - cfg->setGroup(newCert->getMD5Digest()); - cfg->writeEntry("Certificate", encodedCertStr); - cfg->writeEntry("Policy", policy); - cfg->writeEntry("Permanent", permanent); - cfg->writeEntry("Expires", expires); - cfg->writeEntry("Hosts", hosts); - cfg->writeEntry("Chain", chain); - delete newCert; - } - - cfg->setGroup("General"); - cfg->writeEntry("policies version", 2); - - cfg->sync(); -} - - -KSSLD::KSSLD(const TQCString &name) : KDEDModule(name) -{ -// ----------------------- FOR THE CACHE ------------------------------------ - cfg = new KSimpleConfig("ksslpolicies", false); - cfg->setGroup("General"); - if (2 != cfg->readNumEntry("policies version", 0)) { - ::updatePoliciesConfig(cfg); - } - KGlobal::dirs()->addResourceType("kssl", KStandardDirs::kde_default("data") + "kssl"); - caVerifyUpdate(); - cacheLoadDefaultPolicies(); - certList.setAutoDelete(false); - kossl = KOSSL::self(); - -// ----------------------- FOR THE HOME ------------------------------------- -} - - -KSSLD::~KSSLD() -{ -// ----------------------- FOR THE CACHE ------------------------------------ - cacheClearList(); - delete cfg; - -// ----------------------- FOR THE HOME ------------------------------------- -} - - - - -// A node in the cache -class KSSLCNode { - public: - KSSLCertificate *cert; - KSSLCertificateCache::KSSLCertificatePolicy policy; - bool permanent; - TQDateTime expires; - TQStringList hosts; - KSSLCNode() { cert = 0L; - policy = KSSLCertificateCache::Unknown; - permanent = true; - } - ~KSSLCNode() { delete cert; } -}; - - - -void KSSLD::cacheSaveToDisk() { -KSSLCNode *node; - - cfg->setGroup("General"); - cfg->writeEntry("policies version", 2); - - for (node = certList.first(); node; node = certList.next()) { - if (node->permanent || - node->expires > TQDateTime::currentDateTime()) { - // First convert to a binary format and then write the - // kconfig entry write the (CN, policy, cert) to - // KSimpleConfig - cfg->setGroup(node->cert->getMD5Digest()); - cfg->writeEntry("Certificate", node->cert->toString()); - cfg->writeEntry("Policy", node->policy); - cfg->writeEntry("Expires", node->expires); - cfg->writeEntry("Permanent", node->permanent); - cfg->writeEntry("Hosts", node->hosts); - - // Also write the chain - TQStringList qsl; - TQPtrList<KSSLCertificate> cl = - node->cert->chain().getChain(); - for (KSSLCertificate *c = cl.first(); - c != 0; - c = cl.next()) { - //kdDebug() << "Certificate in chain: " - // << c->toString() << endl; - qsl << c->toString(); - } - - cl.setAutoDelete(true); - cfg->writeEntry("Chain", qsl); - } - } - - cfg->sync(); - - // insure proper permissions -- contains sensitive data - TQString cfgName(KGlobal::dirs()->findResource("config", "ksslpolicies")); - - if (!cfgName.isEmpty()) { - ::chmod(TQFile::encodeName(cfgName), 0600); - } -} - - -void KSSLD::cacheReload() { - cacheClearList(); - delete cfg; - cfg = new KSimpleConfig("ksslpolicies", false); - cacheLoadDefaultPolicies(); -} - - -void KSSLD::cacheClearList() { -KSSLCNode *node; - - for (node = certList.first(); node; node = certList.next()) { - certList.remove(node); - delete node; - } - - skEmail.clear(); - skMD5Digest.clear(); -} - - -void KSSLD::cacheLoadDefaultPolicies() { -TQStringList groups = cfg->groupList(); - - for (TQStringList::Iterator i = groups.begin(); - i != groups.end(); - ++i) { - if ((*i).isEmpty() || *i == "General") { - continue; - } - - cfg->setGroup(*i); - - // remove it if it has expired - if (!cfg->readBoolEntry("Permanent") && - cfg->readDateTimeEntry("Expires") < - TQDateTime::currentDateTime()) { - cfg->deleteGroup(*i); - continue; - } - - TQCString encodedCert; - KSSLCertificate *newCert; - - encodedCert = cfg->readEntry("Certificate").local8Bit(); - newCert = KSSLCertificate::fromString(encodedCert); - - if (!newCert) { - continue; - } - - KSSLCNode *n = new KSSLCNode; - n->cert = newCert; - n->policy = (KSSLCertificateCache::KSSLCertificatePolicy) cfg->readNumEntry("Policy"); - n->permanent = cfg->readBoolEntry("Permanent"); - n->expires = cfg->readDateTimeEntry("Expires"); - n->hosts = cfg->readListEntry("Hosts"); - newCert->chain().setCertChain(cfg->readListEntry("Chain")); - certList.append(n); - searchAddCert(newCert); - } -} - - -void KSSLD::cacheAddCertificate(KSSLCertificate cert, - KSSLCertificateCache::KSSLCertificatePolicy policy, - bool permanent) { -KSSLCNode *node; - - for (node = certList.first(); node; node = certList.next()) { - if (cert == *(node->cert)) { - node->policy = policy; - node->permanent = permanent; - - if (!permanent) { - node->expires = TQDateTime::currentDateTime(); - // FIXME: make this configurable - node->expires = TQT_TQDATETIME_OBJECT(node->expires.addSecs(3600)); - } - - cacheSaveToDisk(); - return; - } - } - - KSSLCNode *n = new KSSLCNode; - n->cert = cert.replicate(); - n->policy = policy; - n->permanent = permanent; - // remove the old one - cacheRemoveByCertificate(*(n->cert)); - certList.prepend(n); - - if (!permanent) { - n->expires = TQDateTime::currentDateTime(); - n->expires = TQT_TQDATETIME_OBJECT(n->expires.addSecs(3600)); - } - - searchAddCert(n->cert); - cacheSaveToDisk(); -} - - -KSSLCertificateCache::KSSLCertificatePolicy KSSLD::cacheGetPolicyByCN(TQString cn) { -KSSLCNode *node; - - for (node = certList.first(); node; node = certList.next()) { - if (KSSLX509Map(node->cert->getSubject()).getValue("CN") == cn) { - if (!node->permanent && - node->expires < TQDateTime::currentDateTime()) { - certList.remove(node); - cfg->deleteGroup(node->cert->getMD5Digest()); - delete node; - continue; - } - - certList.remove(node); - certList.prepend(node); - cacheSaveToDisk(); - return node->policy; - } - } - - cacheSaveToDisk(); - -return KSSLCertificateCache::Unknown; -} - - -KSSLCertificateCache::KSSLCertificatePolicy KSSLD::cacheGetPolicyByCertificate(KSSLCertificate cert) { -KSSLCNode *node; - - for (node = certList.first(); node; node = certList.next()) { - if (cert == *(node->cert)) { - if (!node->permanent && - node->expires < TQDateTime::currentDateTime()) { - certList.remove(node); - cfg->deleteGroup(node->cert->getMD5Digest()); - delete node; - cacheSaveToDisk(); - return KSSLCertificateCache::Unknown; - } - - certList.remove(node); - certList.prepend(node); - return node->policy; - } - } - -return KSSLCertificateCache::Unknown; -} - - -bool KSSLD::cacheSeenCN(TQString cn) { -KSSLCNode *node; - - for (node = certList.first(); node; node = certList.next()) { - if (KSSLX509Map(node->cert->getSubject()).getValue("CN") == cn) { - if (!node->permanent && - node->expires < TQDateTime::currentDateTime()) { - certList.remove(node); - cfg->deleteGroup(node->cert->getMD5Digest()); - delete node; - cacheSaveToDisk(); - continue; - } - - certList.remove(node); - certList.prepend(node); - return true; - } - } - -return false; -} - - -bool KSSLD::cacheSeenCertificate(KSSLCertificate cert) { -KSSLCNode *node; - - for (node = certList.first(); node; node = certList.next()) { - if (cert == *(node->cert)) { - if (!node->permanent && - node->expires < TQDateTime::currentDateTime()) { - certList.remove(node); - cfg->deleteGroup(node->cert->getMD5Digest()); - delete node; - cacheSaveToDisk(); - return false; - } - - certList.remove(node); - certList.prepend(node); - return true; - } - } - -return false; -} - - -bool KSSLD::cacheIsPermanent(KSSLCertificate cert) { -KSSLCNode *node; - - for (node = certList.first(); node; node = certList.next()) { - if (cert == *(node->cert)) { - if (!node->permanent && node->expires < - TQDateTime::currentDateTime()) { - certList.remove(node); - cfg->deleteGroup(node->cert->getMD5Digest()); - delete node; - cacheSaveToDisk(); - return false; - } - - certList.remove(node); - certList.prepend(node); - return node->permanent; - } - } - -return false; -} - - -bool KSSLD::cacheRemoveBySubject(TQString subject) { -KSSLCNode *node; -bool gotOne = false; - - for (node = certList.first(); node; node = certList.next()) { - if (node->cert->getSubject() == subject) { - certList.remove(node); - cfg->deleteGroup(node->cert->getMD5Digest()); - searchRemoveCert(node->cert); - delete node; - gotOne = true; - } - } - - cacheSaveToDisk(); - -return gotOne; -} - - -bool KSSLD::cacheRemoveByCN(TQString cn) { -KSSLCNode *node; -bool gotOne = false; - - for (node = certList.first(); node; node = certList.next()) { - if (KSSLX509Map(node->cert->getSubject()).getValue("CN") == cn) { - certList.remove(node); - cfg->deleteGroup(node->cert->getMD5Digest()); - searchRemoveCert(node->cert); - delete node; - gotOne = true; - } - } - - cacheSaveToDisk(); - -return gotOne; -} - - -bool KSSLD::cacheRemoveByCertificate(KSSLCertificate cert) { -KSSLCNode *node; - - for (node = certList.first(); node; node = certList.next()) { - if (cert == *(node->cert)) { - certList.remove(node); - cfg->deleteGroup(node->cert->getMD5Digest()); - searchRemoveCert(node->cert); - delete node; - cacheSaveToDisk(); - return true; - } - } - -return false; -} - - -bool KSSLD::cacheModifyByCN(TQString cn, - KSSLCertificateCache::KSSLCertificatePolicy policy, bool permanent, - TQDateTime expires) { -KSSLCNode *node; - - for (node = certList.first(); node; node = certList.next()) { - if (KSSLX509Map(node->cert->getSubject()).getValue("CN") == cn) { - node->permanent = permanent; - node->expires = expires; - node->policy = policy; - certList.remove(node); - certList.prepend(node); - cacheSaveToDisk(); - return true; - } - } - -return false; -} - - -bool KSSLD::cacheModifyByCertificate(KSSLCertificate cert, - KSSLCertificateCache::KSSLCertificatePolicy policy, - bool permanent, - TQDateTime expires) { -KSSLCNode *node; - - for (node = certList.first(); node; node = certList.next()) { - if (cert == *(node->cert)) { - node->permanent = permanent; - node->expires = expires; - node->policy = policy; - certList.remove(node); - certList.prepend(node); - cacheSaveToDisk(); - return true; - } - } - -return false; -} - - -TQStringList KSSLD::cacheGetHostList(KSSLCertificate cert) { -KSSLCNode *node; - - for (node = certList.first(); node; node = certList.next()) { - if (cert == *(node->cert)) { - if (!node->permanent && node->expires < - TQDateTime::currentDateTime()) { - certList.remove(node); - cfg->deleteGroup(node->cert->getMD5Digest()); - searchRemoveCert(node->cert); - delete node; - cacheSaveToDisk(); - return TQStringList(); - } - - certList.remove(node); - certList.prepend(node); - return node->hosts; - } - } - -return TQStringList(); -} - - -bool KSSLD::cacheAddHost(KSSLCertificate cert, TQString host) { -KSSLCNode *node; - - if (host.isEmpty()) - return true; - - for (node = certList.first(); node; node = certList.next()) { - if (cert == *(node->cert)) { - if (!node->permanent && node->expires < - TQDateTime::currentDateTime()) { - certList.remove(node); - cfg->deleteGroup(node->cert->getMD5Digest()); - searchRemoveCert(node->cert); - delete node; - cacheSaveToDisk(); - return false; - } - - if (!node->hosts.contains(host)) { - node->hosts << host; - } - - certList.remove(node); - certList.prepend(node); - cacheSaveToDisk(); - return true; - } - } - -return false; -} - - -bool KSSLD::cacheRemoveHost(KSSLCertificate cert, TQString host) { -KSSLCNode *node; - - for (node = certList.first(); node; node = certList.next()) { - if (cert == *(node->cert)) { - if (!node->permanent && node->expires < - TQDateTime::currentDateTime()) { - certList.remove(node); - cfg->deleteGroup(node->cert->getMD5Digest()); - searchRemoveCert(node->cert); - delete node; - cacheSaveToDisk(); - return false; - } - node->hosts.remove(host); - certList.remove(node); - certList.prepend(node); - cacheSaveToDisk(); - return true; - } - } - -return false; -} - - - - -/////////////////////////////////////////////////////////////////////////// - -void KSSLD::caVerifyUpdate() { - TQString path = KGlobal::dirs()->saveLocation("kssl") + "/ca-bundle.crt"; - if (!TQFile::exists(path)) - return; - - cfg->setGroup(TQString::null); - TQ_UINT32 newStamp = KGlobal::dirs()->calcResourceHash("config", "ksslcalist", true); - TQ_UINT32 oldStamp = cfg->readUnsignedNumEntry("ksslcalistStamp"); - if (oldStamp != newStamp) - { - caRegenerate(); - cfg->writeEntry("ksslcalistStamp", newStamp); - cfg->sync(); - } -} - -bool KSSLD::caRegenerate() { -TQString path = KGlobal::dirs()->saveLocation("kssl") + "/ca-bundle.crt"; - -TQFile out(path); - - if (!out.open(IO_WriteOnly)) - return false; - -KConfig cfg("ksslcalist", true, false); - -TQStringList x = cfg.groupList(); - - for (TQStringList::Iterator i = x.begin(); - i != x.end(); - ++i) { - if ((*i).isEmpty() || *i == "<default>") continue; - - cfg.setGroup(*i); - - if (!cfg.readBoolEntry("site", false)) continue; - - TQString cert = cfg.readEntry("x509", ""); - if (cert.length() <= 0) continue; - - unsigned int xx = cert.length() - 1; - for (unsigned int j = 0; j < xx/64; j++) { - cert.insert(64*(j+1)+j, '\n'); - } - out.writeBlock("-----BEGIN CERTIFICATE-----\n", 28); - out.writeBlock(cert.latin1(), cert.length()); - out.writeBlock("\n-----END CERTIFICATE-----\n\n", 28); - out.flush(); - } - -return true; -} - - - -bool KSSLD::caAdd(TQString certificate, bool ssl, bool email, bool code) { -KSSLCertificate *x = KSSLCertificate::fromString(certificate.local8Bit()); - - if (!x) return false; - -KConfig cfg("ksslcalist", false, false); - - cfg.setGroup(x->getSubject()); - cfg.writeEntry("x509", certificate); - cfg.writeEntry("site", ssl); - cfg.writeEntry("email", email); - cfg.writeEntry("code", code); - - cfg.sync(); - delete x; - -return true; -} - - -/** - * @internal - * Returns a list of certificates as QStrings read from the given file - */ -static TQStringList caReadCerticatesFromFile(TQString filename) { - - TQStringList certificates; - TQString certificate, temp; - TQFile file(filename); - - if (!file.open(IO_ReadOnly)) - return certificates; - - while (!file.atEnd()) { - file.readLine(temp, 999); - if (temp.startsWith("-----BEGIN CERTIFICATE-----")) { - certificate = TQString::null; - continue; - } - - if (temp.startsWith("-----END CERTIFICATE-----")) { - certificates.append(certificate); - certificate = TQString::null; - continue; - } - - certificate += temp.stripWhiteSpace(); - } - - file.close(); - - return certificates; -} - -bool KSSLD::caAddFromFile(TQString filename, bool ssl, bool email, bool code) { - - TQStringList certificates; - certificates = caReadCerticatesFromFile(filename); - if (certificates.isEmpty()) - return false; - - bool ok = true; - - for (TQStringList::Iterator it = certificates.begin(); - it != certificates.end(); ++it ) { - ok &= caAdd(*it, ssl, email, code); - } - - return ok; -} - -bool KSSLD::caRemoveFromFile(TQString filename) { - - TQStringList certificates; - certificates = caReadCerticatesFromFile(filename); - if (certificates.isEmpty()) - return false; - - bool ok = true; - - for (TQStringList::Iterator it = certificates.begin(); - it != certificates.end(); ++it ) { - TQString certificate = *it; - KSSLCertificate *x = KSSLCertificate::fromString(certificate.local8Bit()); - ok &= x && caRemove(x->getSubject()); - delete x; - } - - return ok; -} - - -TQStringList KSSLD::caList() { -TQStringList x; -KConfig cfg("ksslcalist", true, false); - - x = cfg.groupList(); - x.remove("<default>"); - -return x; -} - - -bool KSSLD::caUseForSSL(TQString subject) { -KConfig cfg("ksslcalist", true, false); - - if (!cfg.hasGroup(subject)) - return false; - - cfg.setGroup(subject); -return cfg.readBoolEntry("site", false); -} - - - -bool KSSLD::caUseForEmail(TQString subject) { -KConfig cfg("ksslcalist", true, false); - - if (!cfg.hasGroup(subject)) - return false; - - cfg.setGroup(subject); -return cfg.readBoolEntry("email", false); -} - - - -bool KSSLD::caUseForCode(TQString subject) { -KConfig cfg("ksslcalist", true, false); - - if (!cfg.hasGroup(subject)) - return false; - - cfg.setGroup(subject); -return cfg.readBoolEntry("code", false); -} - - -bool KSSLD::caRemove(TQString subject) { -KConfig cfg("ksslcalist", false, false); - if (!cfg.hasGroup(subject)) - return false; - - cfg.deleteGroup(subject); - cfg.sync(); - -return true; -} - - -TQString KSSLD::caGetCert(TQString subject) { -KConfig cfg("ksslcalist", true, false); - if (!cfg.hasGroup(subject)) - return TQString::null; - - cfg.setGroup(subject); - -return cfg.readEntry("x509", TQString::null); -} - - -bool KSSLD::caSetUse(TQString subject, bool ssl, bool email, bool code) { -KConfig cfg("ksslcalist", false, false); - if (!cfg.hasGroup(subject)) - return false; - - cfg.setGroup(subject); - - cfg.writeEntry("site", ssl); - cfg.writeEntry("email", email); - cfg.writeEntry("code", code); - cfg.sync(); - -return true; -} - -/////////////////////////////////////////////////////////////////////////// - -void KSSLD::searchAddCert(KSSLCertificate *cert) { - skMD5Digest.insert(cert->getMD5Digest(), cert, true); - - TQStringList mails; - cert->getEmails(mails); - for(TQStringList::const_iterator iter = mails.begin(); iter != mails.end(); ++iter) { - TQString email = static_cast<const TQString &>(*iter).lower(); - TQMap<TQString, TQPtrVector<KSSLCertificate> >::iterator it = skEmail.find(email); - - if (it == skEmail.end()) - it = skEmail.insert(email, TQPtrVector<KSSLCertificate>()); - - TQPtrVector<KSSLCertificate> &elem = *it; - - if (elem.findRef(cert) == -1) { - unsigned int n = 0; - for(; n < elem.size(); n++) { - if (!elem.at(n)) { - elem.insert(n, cert); - break; - } - } - if (n == elem.size()) { - elem.resize(n+1); - elem.insert(n, cert); - } - } - } -} - - -void KSSLD::searchRemoveCert(KSSLCertificate *cert) { - skMD5Digest.remove(cert->getMD5Digest()); - - TQStringList mails; - cert->getEmails(mails); - for(TQStringList::const_iterator iter = mails.begin(); iter != mails.end(); ++iter) { - TQMap<TQString, TQPtrVector<KSSLCertificate> >::iterator it = skEmail.find(static_cast<const TQString &>(*iter).lower()); - - if (it == skEmail.end()) - break; - - TQPtrVector<KSSLCertificate> &elem = *it; - - int n = elem.findRef(cert); - if (n != -1) - elem.remove(n); - } -} - - -TQStringList KSSLD::getKDEKeyByEmail(const TQString &email) { - TQStringList rc; - TQMap<TQString, TQPtrVector<KSSLCertificate> >::iterator it = skEmail.find(email.lower()); - - kdDebug() << "GETKDEKey " << email.latin1() << endl; - - if (it == skEmail.end()) - return rc; - - TQPtrVector<KSSLCertificate> &elem = *it; - for (unsigned int n = 0; n < elem.size(); n++) { - KSSLCertificate *cert = elem.at(n); - if (cert) { - rc.append(cert->getKDEKey()); - } - } - - kdDebug() << "ergebnisse: " << rc.size() << " " << elem.size() << endl; - return rc; -} - - -KSSLCertificate KSSLD::getCertByMD5Digest(const TQString &key) { - TQMap<TQString, KSSLCertificate *>::iterator iter = skMD5Digest.find(key); - - kdDebug() << "Searching cert for " << key.latin1() << endl; - - if (iter != skMD5Digest.end()) - return **iter; - - KSSLCertificate rc; // FIXME: Better way to return a not found condition? - kdDebug() << "Not found: " << rc.toString().latin1() << endl; - return rc; -} - - -/////////////////////////////////////////////////////////////////////////// - -// -// Certificate Home methods -// - -TQStringList KSSLD::getHomeCertificateList() { - return KSSLCertificateHome::getCertificateList(); -} - -bool KSSLD::addHomeCertificateFile(TQString filename, TQString password, bool storePass) { - return KSSLCertificateHome::addCertificate(filename, password, storePass); -} - -bool KSSLD::addHomeCertificatePKCS12(TQString base64cert, TQString passToStore) { - bool ok; - KSSLPKCS12 *pkcs12 = KSSLPKCS12::fromString(base64cert, passToStore); - ok = KSSLCertificateHome::addCertificate(pkcs12, passToStore); - delete pkcs12; - return ok; -} - -bool KSSLD::deleteHomeCertificateByFile(TQString filename, TQString password) { - return KSSLCertificateHome::deleteCertificate(filename, password); -} - -bool KSSLD::deleteHomeCertificateByPKCS12(TQString base64cert, TQString password) { - bool ok; - KSSLPKCS12 *pkcs12 = KSSLPKCS12::fromString(base64cert, password); - ok = KSSLCertificateHome::deleteCertificate(pkcs12); - delete pkcs12; - return ok; -} - -bool KSSLD::deleteHomeCertificateByName(TQString name) { - return KSSLCertificateHome::deleteCertificateByName(name); -} - - - -/////////////////////////////////////////////////////////////////////////// - -#include "kssld.moc" - - -/* - - DESIGN - KSSLCertificateCache - ------ - - This is the first implementation and I think this cache actually needs - experimentation to determine which implementation works best. My current - options are: - - (1) Store copies of the X509 certificates in a TQPtrList using a self - organizing heuristic as described by Munro and Suwanda. - (2) Store copies of the X509 certificates in a tree structure, perhaps - a redblack tree, avl tree, or even just a simple binary tree. - (3) Store the CN's in a tree or list and use them as a hash to retrieve - the X509 certificates. - (4) Create "nodes" containing the X509 certificate and place them in - two structures concurrently, one organized by CN, the other by - X509 serial number. - - This implementation uses (1). (4) is definitely attractive, but I don't - think it will be necessary to go so crazy with performance, and perhaps - end up performing poorly in situations where there are very few entries in - the cache (which is most likely the case most of the time). The style of - heuristic is move-to-front, not swap-forward. This seems to make more - sense because the typical user will hit a site at least a few times in a - row before moving to a new one. - - What I worry about most with respect to performance is that cryptographic - routines are expensive and if we have to perform them on each X509 - certificate until the right one is found, we will perform poorly. - - All in all, this code is actually quite crucial for performance on SSL - website, especially those with many image files loaded via SSL. If a - site loads 15 images, we will have to run through this code 15 times. - A heuristic for self organization will make each successive lookup faster. - Sounds good, doesn't it? - - DO NOT ATTEMPT TO GUESS WHICH CERTIFICATES ARE ACCEPTIBLE IN YOUR CODE!! - ALWAYS USE THE CACHE. IT MAY CHECK THINGS THAT YOU DON'T THINK OF, AND - ALSO IF THERE IS A BUG IN THE CHECKING CODE, IF IT IS ALL CONTAINED IN - THIS LIBRARY, A MINOR FIX WILL FIX ALL APPLICATIONS. - */ - diff --git a/kio/misc/kssld/kssld.desktop b/kio/misc/kssld/kssld.desktop deleted file mode 100644 index 7054f8bad..000000000 --- a/kio/misc/kssld/kssld.desktop +++ /dev/null @@ -1,156 +0,0 @@ -[Desktop Entry] -Type=Service -ServiceTypes=KDEDModule -X-TDE-ModuleType=Library -X-TDE-Library=kssld -X-TDE-FactoryName=kssld -X-TDE-Kded-autoload=false -X-TDE-Kded-load-on-demand=true -Name=KSSL Daemon Module -Name[af]=Kssl Bediener Module -Name[ar]=وحدة مراقب KSSL -Name[az]=KSSL Demon Modulu -Name[be]=Модуль сервіса KSSL -Name[bg]=Демон KSSL -Name[bn]=KSSL ডিমন মডিউল -Name[br]=Mollad an diaoul KSSL -Name[ca]=Mòdul del dimoni KSSL -Name[cs]=Modul démona KSSL -Name[csb]=KSSL -Name[cy]=Modiwl Daemon KSSL -Name[da]=KSSL Dæmonmodul -Name[de]=SSL-Dienst -Name[el]=Άρθρωμα δαίμονα KSSL -Name[eo]=SSL-demono-modulo -Name[es]=Módulo de demonio KSSL -Name[et]=KSSL deemoni moodul -Name[eu]=KSSL daemon modulua -Name[fa]=پیمانۀ شبح KSSL -Name[fi]=KSSL-palvelinmoduuli -Name[fr]=Module démon KSSL -Name[ga]=Modúl Deamhain KSSL -Name[gl]=Módulo do Demo KSSL -Name[he]=מודול תהליך הרקע של SSL -Name[hi]=KSSL ङेमन घटक -Name[hr]=Modul KSSL demona -Name[hu]=KSSL szolgáltatásmodul -Name[id]=Modul Daemon KSSL -Name[is]=KSSL þjónseining -Name[it]=Modulo demone KSSL -Name[ja]=KSSL デーモンモジュール -Name[ka]=KSSL გუშაგის მოდული -Name[kk]=KSSL қызметтің модулі -Name[km]=ម៉ូឌុល Daemon KSSL -Name[ko]=KSSL 데몬 모듈 -Name[lb]=KSSL-Dämonmodul -Name[lt]=KSSL tarnybos modulis -Name[lv]=KSSL Dēmona Modulis -Name[mn]=KSSL Daemon Modul -Name[ms]=Modul Daemon KSSL -Name[mt]=Modulu daemon KSSL -Name[nb]=KSSL nisse-modul -Name[nds]=KSSL-Dämoon -Name[ne]=KSSL डेइमन मोड्युल -Name[nl]=KSSL daemon-module -Name[nn]=KSSL-nissemodul -Name[nso]=Seripa sa Daemon ya KSSL -Name[pa]=KSSL ਡਾਇਮੋਨ ਮੈਡੀਊਲ -Name[pl]=KSSL -Name[pt]=Módulo do Servidor de KSSL -Name[pt_BR]=Módulo do Serviço do KSSL -Name[ro]=Modul demon KSSL -Name[ru]=Служба KSSL -Name[rw]=Igice Dayimoni KSSL -Name[se]=KSSL-bálvámoduvla -Name[sk]=Modul démona KSSL -Name[sl]=Strežniški modul KSSL -Name[sq]=Demoni për Modulin KSSL -Name[sr]=KSSL демон модул -Name[sr@Latn]=KSSL demon modul -Name[sv]=KSSL-demonmodul -Name[ta]=KSSL டெமான் பகுதி -Name[te]=కెఎస్ ఎస్ ఎల్ సూత్రధారి మాడ్యూల్ -Name[tg]=Модули Демон KSSL -Name[th]=โมดูลเดมอน KSSL -Name[tr]=KSSL Program Modülü -Name[tt]=KSSL Xezmäteneñ Modulı -Name[uk]=Модуль демону KSSL -Name[uz]=KSSL xizmatining moduli -Name[uz@cyrillic]=KSSL хизматининг модули -Name[ven]=Modulu wa Daemon wa KSSL -Name[vi]=Mô-đun trình nền KSSL -Name[xh]=Isicatshulwa se KSSL Daemon -Name[zh_CN]=KSSL 守护进程模块 -Name[zh_HK]=KSSL 伺服程式模組 -Name[zh_TW]=KSSL 伺服程式模組 -Name[zu]=Ingxenye ye-daemon ye-KSSL -Comment=KSSL daemon module for KDED -Comment[af]=KSSL bediener module vir KDED -Comment[be]=Модуль сервіса KSSL для KDED -Comment[bg]=Модул демон за KSSL за KDED -Comment[bn]=KDED-র জন্য KSSL ডিমন মডিউল -Comment[br]=Mollad an diaoul KSSL evit KDED -Comment[bs]=KSSL Daemon Module za KDED -Comment[ca]=Mòdul del dimoni KSSL per a KDED -Comment[cs]=Modul démona KSSL pro KDED -Comment[csb]=Ùsłëżnota SSL w KDED -Comment[da]=KSSL Dæmonmodul for KDED -Comment[de]=Unterstützung für SSL-Verschlüsselung in KDED -Comment[el]=Άρθρωμα δαίμονα KSSL για το KDED -Comment[eo]=SSL-demono-modulo por KDED -Comment[es]=Módulo de demonio KSSL para KDED -Comment[et]=KDED KSSL deemoni moodul -Comment[eu]=KSSL daemon modulua KDEDrako -Comment[fa]=پیمانۀ شبح KSSL برای KDED -Comment[fi]=KSSL-palvelinmoduuli KDED:lle -Comment[fr]=Module démon KSSL pour KDED -Comment[fy]=KSSL daemon module foar KDED -Comment[ga]=Modúl deamhain KSSL le haghaidh KDED -Comment[gl]=Módulo do Demo KSSL para KDED -Comment[he]=מודול תהליך רקע של SSL עבור KDED -Comment[hi]=केडीईडी के लिए केएसएसएल डेमन मॉड्यूल -Comment[hr]=KSSL demon modul za KDED -Comment[hu]=KSSL szolgáltatásmodul a KDED-hez -Comment[id]=Modul daemon KSSL untuk KDED -Comment[is]=KSSL þjónseining fyrir KDED -Comment[it]=Modulo demone KSSL per KDED -Comment[ja]=KDED 用 の KSSL デーモンモジュール -Comment[ka]=KSSL გუშაგის მოდული KDED-სთვის -Comment[kk]=KDED KSSL куәліктерді басқару қызметтің модулі -Comment[km]=ម៉ូឌុល daemon KSSL សម្រាប់ KDED -Comment[lb]=KSSL-Dämonmodul fir KDED -Comment[lt]=KSSL tarnybos modulis, skirtas KDED -Comment[lv]=KSSL Dēmona Modulis priekš KDED -Comment[mk]=KSSL даемон модул за KDED -Comment[ms]=Modul Daemon KSSL untuk KDED -Comment[nb]=KSSL nissemodul for KDED -Comment[nds]=KSSL-Dämoonmoduul för KDED -Comment[ne]=KDED का लागि डेइमन मोड्युल KSSL -Comment[nl]=KSSL daemon-module voor KDED -Comment[nn]=KSSL-nissemodul for KDED -Comment[pa]=KDED ਲਈ KSSL ਪੇਸ਼ਕਾਰੀ -Comment[pl]=Obsługa SSL w KDED -Comment[pt]=Módulo servidor de KSSL para o KDED -Comment[pt_BR]=Módulo de serviço KSSL para o KDED -Comment[ro]=Modul demon KSSL pentru KDED -Comment[ru]=Управление сертификатами SSL -Comment[rw]=Igice cya dayimoni KSSL cya KDED -Comment[se]=KDED:a KSSL-bálvámoduvla -Comment[sk]=Modul démona KSSL pre KDED -Comment[sl]=Strežniški modul KSSL za KDED -Comment[sr]=KSSL демон модул за KDED -Comment[sr@Latn]=KSSL demon modul za KDED -Comment[sv]=KSSL-demonmodul för KDED -Comment[ta]=KDEDக்கான KSSL டெமான் பகுதி -Comment[te]=కెడిఈడి కొరకు కెఎస్ ఎస్ ఎల్ సూత్రధారి మాడ్యూల్ -Comment[tg]=Модули Демон KSSL брои KDED -Comment[th]=โมดูลเดมอน KSSL สำหรับ KDED -Comment[tr]=KDED için KSSL program biirmi -Comment[tt]=KDED öçen KSSL xezmät -Comment[uk]=Модуль демону KSSL для KDED -Comment[uz]=KDED uchun KSSL xizmatining moduli -Comment[uz@cyrillic]=KDED учун KSSL хизматининг модули -Comment[vi]=Mô-đun trình nền KSSL cho KDED. -Comment[zh_CN]=KDED 的 KSSL 守护进程模块 -Comment[zh_HK]=KDED 使用的 SSL 伺服程式模組 -Comment[zh_TW]=KDED 使用的 KSSL 伺服程式模組 diff --git a/kio/misc/kssld/kssld.h b/kio/misc/kssld/kssld.h deleted file mode 100644 index 028a30809..000000000 --- a/kio/misc/kssld/kssld.h +++ /dev/null @@ -1,154 +0,0 @@ -/* - This file is part of the KDE libraries - - Copyright (c) 2001-2005 George Staikos <staikos@kde.org> - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public License - along with this library; see the file COPYING.LIB. If not, write to - the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. - -*/ -#ifndef __KSSLD_H__ -#define __KSSLD_H__ - -#include <kded/kdedmodule.h> -#include <ksslcertificate.h> -#include <ksslcertificatecache.h> -#include <tqstring.h> -#include <tqstringlist.h> -#include <tqvaluelist.h> -#include <tqmap.h> -#include <tqptrvector.h> - - -class KSimpleConfig; -class KSSLCNode; -class KOpenSSLProxy; - -class KSSLD : public KDEDModule -{ - Q_OBJECT - K_DCOP - -public: - - KSSLD(const TQCString &name); - - virtual ~KSSLD(); - -k_dcop: - // - // Certificate Cache methods - // - void cacheAddCertificate(KSSLCertificate cert, - KSSLCertificateCache::KSSLCertificatePolicy policy, - bool permanent = true); - KSSLCertificateCache::KSSLCertificatePolicy cacheGetPolicyByCN(TQString cn); - - KSSLCertificateCache::KSSLCertificatePolicy cacheGetPolicyByCertificate(KSSLCertificate cert); - - bool cacheSeenCN(TQString cn); - bool cacheSeenCertificate(KSSLCertificate cert); - - bool cacheRemoveByCN(TQString cn); - bool cacheRemoveBySubject(TQString subject); - bool cacheRemoveByCertificate(KSSLCertificate cert); - - bool cacheIsPermanent(KSSLCertificate cert); - - void cacheReload(); - - bool cacheModifyByCN(TQString cn, - KSSLCertificateCache::KSSLCertificatePolicy policy, - bool permanent, - TQDateTime expires); - - bool cacheModifyByCertificate(KSSLCertificate cert, - KSSLCertificateCache::KSSLCertificatePolicy policy, - bool permanent, - TQDateTime expires); - - TQStringList cacheGetHostList(KSSLCertificate cert); - - bool cacheAddHost(KSSLCertificate cert, TQString host); - - bool cacheRemoveHost(KSSLCertificate cert, TQString host); - - /* Certificate Authorities */ - void caVerifyUpdate(); - bool caRegenerate(); - - TQStringList caList(); - - bool caUseForSSL(TQString subject); - - bool caUseForEmail(TQString subject); - - bool caUseForCode(TQString subject); - - bool caAdd(TQString certificate, bool ssl, bool email, bool code); - - bool caAddFromFile(TQString filename, bool ssl, bool email, bool code); - - bool caRemove(TQString subject); - - bool caRemoveFromFile(TQString filename); - - TQString caGetCert(TQString subject); - - bool caSetUse(TQString subject, bool ssl, bool email, bool code); - - TQStringList getKDEKeyByEmail(const TQString &email); - - KSSLCertificate getCertByMD5Digest(const TQString &key); - - // - // Certificate Home methods - // - - TQStringList getHomeCertificateList(); - - bool addHomeCertificateFile(TQString filename, TQString password, bool storePass /*=false*/); - - bool addHomeCertificatePKCS12(TQString base64cert, TQString passToStore); - - bool deleteHomeCertificateByFile(TQString filename, TQString password); - - bool deleteHomeCertificateByPKCS12(TQString base64cert, TQString password); - - bool deleteHomeCertificateByName(TQString name); - -private: - - void cacheClearList(); - void cacheSaveToDisk(); - void cacheLoadDefaultPolicies(); - - // for the cache portion: - KSimpleConfig *cfg; - TQPtrList<KSSLCNode> certList; - - // Our pointer to OpenSSL - KOpenSSLProxy *kossl; - - // - void searchAddCert(KSSLCertificate *cert); - void searchRemoveCert(KSSLCertificate *cert); - - TQMap<TQString, TQPtrVector<KSSLCertificate> > skEmail; - TQMap<TQString, KSSLCertificate *> skMD5Digest; -}; - - -#endif |