summaryrefslogtreecommitdiffstats
path: root/kresources/groupwise/soap/ksslsocket.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'kresources/groupwise/soap/ksslsocket.cpp')
-rw-r--r--kresources/groupwise/soap/ksslsocket.cpp408
1 files changed, 0 insertions, 408 deletions
diff --git a/kresources/groupwise/soap/ksslsocket.cpp b/kresources/groupwise/soap/ksslsocket.cpp
deleted file mode 100644
index 90ccf83d6..000000000
--- a/kresources/groupwise/soap/ksslsocket.cpp
+++ /dev/null
@@ -1,408 +0,0 @@
-/*
- ksslsocket.cpp - KDE SSL Socket
-
- Copyright (c) 2004 by Jason Keirstead <jason@keirstead.org>
-
- Kopete (c) 2002-2003 by the Kopete developers <kopete-devel@kde.org>
-
- stolen from kopete, but this is a modified version.
-
- *************************************************************************
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; either version 2 of the License, or *
- * (at your option) any later version. *
- * *
- *************************************************************************
-*/
-
-#include <tqsocketnotifier.h>
-
-#include <dcopclient.h>
-#include <klocale.h>
-#include <kdebug.h>
-#include <kssl.h>
-#include <ksslinfodlg.h>
-#include <ksslpeerinfo.h>
-#include <ksslcertchain.h>
-#include <ksslcertificatecache.h>
-#include <kapplication.h>
-#include <kmessagebox.h>
-
-#include "ksslsocket.h"
-
-#include "stdlib.h"
-
-struct KSSLSocketPrivate
-{
- mutable KSSL *kssl;
- KSSLCertificateCache *cc;
- DCOPClient *dcc;
- TQMap<TQString,TQString> metaData;
- TQSocketNotifier *socketNotifier;
-};
-
-KSSLSocket::KSSLSocket() : KExtendedSocket()
-{
-// kdDebug() << "KSSLSocket() " << (void*)this << endl;
-
- d = new KSSLSocketPrivate;
- d->kssl = 0L;
- d->dcc = 0L;
- d->cc = new KSSLCertificateCache;
- d->cc->reload();
-
- //No blocking
- setBlockingMode(false);
-
- //Connect internal slots
- TQObject::connect( this, TQT_SIGNAL(connectionSuccess()), this, TQT_SLOT(slotConnected()) );
- TQObject::connect( this, TQT_SIGNAL(closed(int)), this, TQT_SLOT(slotDisconnected()) );
- TQObject::connect( this, TQT_SIGNAL(connectionFailed(int)), this, TQT_SLOT(slotDisconnected()));
-}
-
-KSSLSocket::~KSSLSocket()
-{
-// kdDebug() << "KSSLSocket()::~KSSLSocket() " << (void*)this << endl;
-
- //Close connection
- closeNow();
-
- if( d->kssl )
- {
- d->kssl->close();
- delete d->kssl;
- }
-
- if ( d->dcc )
- d->dcc->detach();
- delete d->dcc;
- delete d->cc;
- delete d;
-}
-
-TQ_LONG KSSLSocket::readBlock( char* data, TQ_ULONG maxLen )
-{
- return d->kssl->read( data, maxLen );
-}
-
-TQ_LONG KSSLSocket::writeBlock( const char* data, TQ_ULONG len )
-{
-// kdDebug() << "KSSLSocket::writeBlock() " << (void*)this << endl;
-// kdDebug() << " d->kssl: " << (void*)d->kssl << endl;
- return d->kssl->write( data, len );
-}
-
-void KSSLSocket::slotConnected()
-{
-// kdDebug() << "KSSLSocket::slotConnected() " << (void*)this << endl;
- if( KSSL::doesSSLWork() )
- {
-// kdDebug(0) << k_funcinfo << "Trying SSL connection..." << endl;
- if( !d->kssl )
- {
- d->kssl = new KSSL();
- }
- else
- {
- d->kssl->reInitialize();
- }
- d->kssl->setPeerHost(host());
-// kdDebug() << "SOCKET STATUS: " << sockeStatus() << endl;
- int rc = d->kssl->connect( sockfd );
- if ( rc <= 0 ) {
- kdError() << "Error connecting KSSL: " << rc << endl;
- kdDebug() << "SYSTEM ERROR: " << systemError() << endl;
- emit sslFailure();
- closeNow();
- } else {
- readNotifier()->setEnabled(true);
-
- if( verifyCertificate() != 1 )
- {
- closeNow();
- }
- }
- }
- else
- {
- kdError(0) << k_funcinfo << "SSL not functional!" << endl;
-
- d->kssl = 0L;
- emit sslFailure();
- closeNow();
- }
-}
-
-void KSSLSocket::slotDisconnected()
-{
-// kdDebug() << "KSSLSocket::slotDisconnected() " << (void*)this << endl;
- if( readNotifier() )
- readNotifier()->setEnabled(false);
-}
-
-void KSSLSocket::setMetaData( const TQString &key, const TQVariant &data )
-{
- TQVariant v = data;
- d->metaData[key] = v.asString();
-}
-
-bool KSSLSocket::hasMetaData( const TQString &key )
-{
- return d->metaData.contains(key);
-}
-
-TQString KSSLSocket::metaData( const TQString &key )
-{
- if( d->metaData.contains(key) )
- return d->metaData[key];
- return TQString();
-}
-
-/*
-I basically copied the below from tcpTDEIO::SlaveBase.hpp, with some modificaions and formatting.
-
- * Copyright (C) 2000 Alex Zepeda <zipzippy@sonic.net
- * Copyright (C) 2001-2003 George Staikos <staikos@kde.org>
- * Copyright (C) 2001 Dawit Alemayehu <adawit@kde.org>
-*/
-
-int KSSLSocket::messageBox( TDEIO::SlaveBase::MessageBoxType type, const TQString &text, const TQString &caption,
- const TQString &buttonYes, const TQString &buttonNo )
-{
- kdDebug(0) << "messageBox " << type << " " << text << " - " << caption << buttonYes << buttonNo << endl;
- TQByteArray data, result;
- TQCString returnType;
- TQDataStream arg(data, IO_WriteOnly);
- arg << (int)1 << (int)type << text << caption << buttonYes << buttonNo;
-
- if ( ! d->dcc ){
- d->dcc = new DCOPClient();
- d->dcc->attach();
- }
- if (!d->dcc->isApplicationRegistered("kio_uiserver"))
- {
- TDEApplication::startServiceByDesktopPath("kio_uiserver.desktop",TQStringList());
- }
-
- d->dcc->call("kio_uiserver", "UIServer",
- "messageBox(int,int,TQString,TQString,TQString,TQString)", data, returnType, result);
-
- if( returnType == "int" )
- {
- int res;
- TQDataStream r(result, IO_ReadOnly);
- r >> res;
- return res;
- }
- else
- return 0; // communication failure
-}
-
-
-// Returns 0 for failed verification, -1 for rejected cert and 1 for ok
-int KSSLSocket::verifyCertificate()
-{
- int rc = 0;
- bool permacache = false;
- bool _IPmatchesCN = false;
- int result;
- bool doAddHost = false;
- TQString ourHost = host();
- TQString ourIp = peerAddress()->pretty();
-
- TQString theurl = "https://" + ourHost + ":" + port();
-
- if (!d->cc)
- d->cc = new KSSLCertificateCache;
-
- KSSLCertificate& pc = d->kssl->peerInfo().getPeerCertificate();
-
- KSSLCertificate::KSSLValidationList ksvl = pc.validateVerbose(KSSLCertificate::SSLServer);
-
- if ( ksvl.count() == 1 && ksvl.first() == KSSLCertificate::Unknown ) {
- kdDebug() << "Unknown validation error" << endl;
- return 0;
- }
-
- _IPmatchesCN = d->kssl->peerInfo().certMatchesAddress();
-
- if (!_IPmatchesCN && (metaData("ssl_militant") == "TRUE") )
- {
- ksvl << KSSLCertificate::InvalidHost;
- }
-
- KSSLCertificate::KSSLValidation ksv = KSSLCertificate::Ok;
- if (!ksvl.isEmpty())
- ksv = ksvl.first();
-
- /* Setting the various bits of meta-info that will be needed. */
- setMetaData("ssl_cipher", d->kssl->connectionInfo().getCipher());
- setMetaData("ssl_cipher_desc", d->kssl->connectionInfo().getCipherDescription());
- setMetaData("ssl_cipher_version", d->kssl->connectionInfo().getCipherVersion());
- setMetaData("ssl_cipher_used_bits", TQString::number(d->kssl->connectionInfo().getCipherUsedBits()));
- setMetaData("ssl_cipher_bits", TQString::number(d->kssl->connectionInfo().getCipherBits()));
- setMetaData("ssl_peer_ip", ourIp );
-
- TQString errorStr;
- for(KSSLCertificate::KSSLValidationList::ConstIterator it = ksvl.begin();
- it != ksvl.end(); ++it)
- {
- errorStr += TQString::number(*it)+":";
- }
-
- setMetaData("ssl_cert_errors", errorStr);
- setMetaData("ssl_peer_certificate", pc.toString());
-
- if (pc.chain().isValid() && pc.chain().depth() > 1)
- {
- TQString theChain;
- TQPtrList<KSSLCertificate> chain = pc.chain().getChain();
- for (KSSLCertificate *c = chain.first(); c; c = chain.next())
- {
- theChain += c->toString();
- theChain += "\n";
- }
- setMetaData("ssl_peer_chain", theChain);
- }
- else
- {
- setMetaData("ssl_peer_chain", "");
- }
-
- setMetaData("ssl_cert_state", TQString::number(ksv));
-
- if (ksv == KSSLCertificate::Ok)
- {
- rc = 1;
- setMetaData("ssl_action", "accept");
- }
-
- // Since we're the parent, we need to teach the child.
- setMetaData("ssl_parent_ip", ourIp );
- setMetaData("ssl_parent_cert", pc.toString());
-
- // - Read from cache and see if there is a policy for this
- KSSLCertificateCache::KSSLCertificatePolicy cp = d->cc->getPolicyByCertificate(pc);
- // - validation code
- if (ksv != KSSLCertificate::Ok)
- {
- if( cp == KSSLCertificateCache::Unknown || cp == KSSLCertificateCache::Ambiguous)
- {
- cp = KSSLCertificateCache::Prompt;
- }
- else
- {
- // A policy was already set so let's honor that.
- permacache = d->cc->isPermanent(pc);
- }
-
- if (!_IPmatchesCN && (metaData("ssl_militant") == "TRUE")
- && cp == KSSLCertificateCache::Accept)
- {
- cp = KSSLCertificateCache::Prompt;
- }
-
- // Precondition: cp is one of Reject, Accept or Prompt
- switch (cp)
- {
- case KSSLCertificateCache::Accept:
- rc = 1;
- break;
-
- case KSSLCertificateCache::Reject:
- rc = -1;
- break;
-
- case KSSLCertificateCache::Prompt:
- {
- do
- {
- if (ksv == KSSLCertificate::InvalidHost)
- {
- TQString msg = i18n("The IP address of the host %1 "
- "does not match the one the "
- "certificate was issued to.");
- result = messageBox( TDEIO::SlaveBase::WarningYesNoCancel,
- msg.arg(ourHost),
- i18n("Server Authentication"),
- i18n("&Details"),
- KStdGuiItem::cont().text() );
- }
- else
- {
- TQString msg = i18n("The server certificate failed the "
- "authenticity test (%1).");
- result = messageBox( TDEIO::SlaveBase::WarningYesNoCancel,
- msg.arg(ourHost),
- i18n("Server Authentication"),
- i18n("&Details"),
- KStdGuiItem::cont().text() );
- }
- }
- while (result == KMessageBox::Yes);
-
- if (result == KMessageBox::No)
- {
- rc = 1;
- cp = KSSLCertificateCache::Accept;
- doAddHost = true;
- result = messageBox( TDEIO::SlaveBase::WarningYesNo,
- i18n("Would you like to accept this "
- "certificate forever without "
- "being prompted?"),
- i18n("Server Authentication"),
- i18n("&Forever"),
- i18n("&Current Sessions Only"));
- if (result == KMessageBox::Yes)
- permacache = true;
- else
- permacache = false;
- }
- else
- {
- rc = -1;
- cp = KSSLCertificateCache::Prompt;
- }
-
- break;
- }
- default:
- kdDebug(0) << "SSL error in cert code."
- << endl;
- break;
- }
- }
-
- // - cache the results
- d->cc->addCertificate(pc, cp, permacache);
- if (doAddHost)
- d->cc->addHost(pc, ourHost);
-
-
- if (rc == -1)
- return rc;
-
- if ( getenv("DEBUG_GW_RESOURCE") ) {
- kdDebug(0) << "SSL connection information follows:" << endl
- << "+-----------------------------------------------" << endl
- << "| Cipher: " << d->kssl->connectionInfo().getCipher() << endl
- << "| Description: " << d->kssl->connectionInfo().getCipherDescription() << endl
- << "| Version: " << d->kssl->connectionInfo().getCipherVersion() << endl
- << "| Strength: " << d->kssl->connectionInfo().getCipherUsedBits()
- << " of " << d->kssl->connectionInfo().getCipherBits()
- << " bits used." << endl
- << "| PEER:" << endl
- << "| Subject: " << d->kssl->peerInfo().getPeerCertificate().getSubject() << endl
- << "| Issuer: " << d->kssl->peerInfo().getPeerCertificate().getIssuer() << endl
- << "| Validation: " << (int)ksv << endl
- << "| Certificate matches IP: " << _IPmatchesCN << endl
- << "+-----------------------------------------------"
- << endl;
- }
- return rc;
-}
-
-
-#include "ksslsocket.moc"