From 4f99f868f09bbffa2e15733b8b7c78eba07a199e Mon Sep 17 00:00:00 2001 From: Michele Calgaro Date: Sun, 6 Dec 2020 21:23:48 +0900 Subject: Renaming of files in preparation for code style tools. Signed-off-by: Michele Calgaro --- tdeio/kssl/CMakeLists.txt | 16 +- tdeio/kssl/Makefile.am | 46 +- tdeio/kssl/kopenssl.cc | 2123 --------------------------------- tdeio/kssl/kopenssl.cpp | 2123 +++++++++++++++++++++++++++++++++ tdeio/kssl/ksmimecrypto.cc | 417 ------- tdeio/kssl/ksmimecrypto.cpp | 417 +++++++ tdeio/kssl/kssl.cc | 699 ----------- tdeio/kssl/kssl.cpp | 699 +++++++++++ tdeio/kssl/ksslcertchain.cc | 194 --- tdeio/kssl/ksslcertchain.cpp | 194 +++ tdeio/kssl/ksslcertdlg.cc | 174 --- tdeio/kssl/ksslcertdlg.cpp | 174 +++ tdeio/kssl/ksslcertificate.cc | 1236 ------------------- tdeio/kssl/ksslcertificate.cpp | 1236 +++++++++++++++++++ tdeio/kssl/ksslcertificatecache.cc | 399 ------- tdeio/kssl/ksslcertificatecache.cpp | 399 +++++++ tdeio/kssl/ksslcertificatefactory.cc | 122 -- tdeio/kssl/ksslcertificatefactory.cpp | 122 ++ tdeio/kssl/ksslcertificatehome.cc | 246 ---- tdeio/kssl/ksslcertificatehome.cpp | 246 ++++ tdeio/kssl/ksslconnectioninfo.cc | 66 - tdeio/kssl/ksslconnectioninfo.cpp | 66 + tdeio/kssl/ksslcsessioncache.cc | 120 -- tdeio/kssl/ksslcsessioncache.cpp | 120 ++ tdeio/kssl/ksslinfodlg.cc | 475 -------- tdeio/kssl/ksslinfodlg.cpp | 475 ++++++++ tdeio/kssl/ksslkeygen.cc | 222 ---- tdeio/kssl/ksslkeygen.cpp | 222 ++++ tdeio/kssl/ksslpeerinfo.cc | 171 --- tdeio/kssl/ksslpeerinfo.cpp | 171 +++ tdeio/kssl/ksslpemcallback.cc | 58 - tdeio/kssl/ksslpemcallback.cpp | 58 + tdeio/kssl/ksslpkcs12.cc | 274 ----- tdeio/kssl/ksslpkcs12.cpp | 274 +++++ tdeio/kssl/ksslpkcs7.cc | 189 --- tdeio/kssl/ksslpkcs7.cpp | 189 +++ tdeio/kssl/ksslsession.cc | 82 -- tdeio/kssl/ksslsession.cpp | 82 ++ tdeio/kssl/ksslsettings.cc | 345 ------ tdeio/kssl/ksslsettings.cpp | 345 ++++++ tdeio/kssl/ksslsigners.cc | 251 ---- tdeio/kssl/ksslsigners.cpp | 251 ++++ tdeio/kssl/ksslutils.cc | 103 -- tdeio/kssl/ksslutils.cpp | 103 ++ tdeio/kssl/ksslx509map.cc | 103 -- tdeio/kssl/ksslx509map.cpp | 103 ++ tdeio/kssl/ksslx509v3.cc | 143 --- tdeio/kssl/ksslx509v3.cpp | 143 +++ 48 files changed, 8243 insertions(+), 8243 deletions(-) delete mode 100644 tdeio/kssl/kopenssl.cc create mode 100644 tdeio/kssl/kopenssl.cpp delete mode 100644 tdeio/kssl/ksmimecrypto.cc create mode 100644 tdeio/kssl/ksmimecrypto.cpp delete mode 100644 tdeio/kssl/kssl.cc create mode 100644 tdeio/kssl/kssl.cpp delete mode 100644 tdeio/kssl/ksslcertchain.cc create mode 100644 tdeio/kssl/ksslcertchain.cpp delete mode 100644 tdeio/kssl/ksslcertdlg.cc create mode 100644 tdeio/kssl/ksslcertdlg.cpp delete mode 100644 tdeio/kssl/ksslcertificate.cc create mode 100644 tdeio/kssl/ksslcertificate.cpp delete mode 100644 tdeio/kssl/ksslcertificatecache.cc create mode 100644 tdeio/kssl/ksslcertificatecache.cpp delete mode 100644 tdeio/kssl/ksslcertificatefactory.cc create mode 100644 tdeio/kssl/ksslcertificatefactory.cpp delete mode 100644 tdeio/kssl/ksslcertificatehome.cc create mode 100644 tdeio/kssl/ksslcertificatehome.cpp delete mode 100644 tdeio/kssl/ksslconnectioninfo.cc create mode 100644 tdeio/kssl/ksslconnectioninfo.cpp delete mode 100644 tdeio/kssl/ksslcsessioncache.cc create mode 100644 tdeio/kssl/ksslcsessioncache.cpp delete mode 100644 tdeio/kssl/ksslinfodlg.cc create mode 100644 tdeio/kssl/ksslinfodlg.cpp delete mode 100644 tdeio/kssl/ksslkeygen.cc create mode 100644 tdeio/kssl/ksslkeygen.cpp delete mode 100644 tdeio/kssl/ksslpeerinfo.cc create mode 100644 tdeio/kssl/ksslpeerinfo.cpp delete mode 100644 tdeio/kssl/ksslpemcallback.cc create mode 100644 tdeio/kssl/ksslpemcallback.cpp delete mode 100644 tdeio/kssl/ksslpkcs12.cc create mode 100644 tdeio/kssl/ksslpkcs12.cpp delete mode 100644 tdeio/kssl/ksslpkcs7.cc create mode 100644 tdeio/kssl/ksslpkcs7.cpp delete mode 100644 tdeio/kssl/ksslsession.cc create mode 100644 tdeio/kssl/ksslsession.cpp delete mode 100644 tdeio/kssl/ksslsettings.cc create mode 100644 tdeio/kssl/ksslsettings.cpp delete mode 100644 tdeio/kssl/ksslsigners.cc create mode 100644 tdeio/kssl/ksslsigners.cpp delete mode 100644 tdeio/kssl/ksslutils.cc create mode 100644 tdeio/kssl/ksslutils.cpp delete mode 100644 tdeio/kssl/ksslx509map.cc create mode 100644 tdeio/kssl/ksslx509map.cpp delete mode 100644 tdeio/kssl/ksslx509v3.cc create mode 100644 tdeio/kssl/ksslx509v3.cpp (limited to 'tdeio/kssl') diff --git a/tdeio/kssl/CMakeLists.txt b/tdeio/kssl/CMakeLists.txt index a2c9f00d6..bb49a0ea6 100644 --- a/tdeio/kssl/CMakeLists.txt +++ b/tdeio/kssl/CMakeLists.txt @@ -42,14 +42,14 @@ install( FILES set( target kssl ) set( ${target}_SRCS - kssl.cc ksslcertificatehome.cc ksslsettings.cc - ksslcertificate.cc ksslconnectioninfo.cc ksslcertificatefactory.cc - ksslcertificatecache.cc ksslpeerinfo.cc ksslinfodlg.cc - ksslcertdlg.cc ksslutils.cc kopenssl.cc ksslpkcs12.cc - ksslcertchain.cc ksslkeygen.cc ksslx509v3.cc - ksslsigners.cc ksslpkcs7.cc ksslpemcallback.cc - ksslx509map.cc ksslsession.cc keygenwizard.ui - keygenwizard2.ui ksmimecrypto.cc ksslcsessioncache.cc + kssl.cpp ksslcertificatehome.cpp ksslsettings.cpp + ksslcertificate.cpp ksslconnectioninfo.cpp ksslcertificatefactory.cpp + ksslcertificatecache.cpp ksslpeerinfo.cpp ksslinfodlg.cpp + ksslcertdlg.cpp ksslutils.cpp kopenssl.cpp ksslpkcs12.cpp + ksslcertchain.cpp ksslkeygen.cpp ksslx509v3.cpp + ksslsigners.cpp ksslpkcs7.cpp ksslpemcallback.cpp + ksslx509map.cpp ksslsession.cpp keygenwizard.ui + keygenwizard2.ui ksmimecrypto.cpp ksslcsessioncache.cpp ) tde_add_library( ${target} STATIC_PIC AUTOMOC diff --git a/tdeio/kssl/Makefile.am b/tdeio/kssl/Makefile.am index 5d57ab7ab..1f9038be7 100644 --- a/tdeio/kssl/Makefile.am +++ b/tdeio/kssl/Makefile.am @@ -40,31 +40,31 @@ noinst_HEADERS = ksslcsessioncache.h libkssl_la_SOURCES = \ - kssl.cc \ - ksslcertificatehome.cc \ - ksslsettings.cc \ - ksslcertificate.cc \ - ksslconnectioninfo.cc \ - ksslcertificatefactory.cc \ - ksslcertificatecache.cc \ - ksslpeerinfo.cc \ - ksslinfodlg.cc \ - ksslcertdlg.cc \ - ksslutils.cc \ - kopenssl.cc \ - ksslpkcs12.cc \ - ksslcertchain.cc \ - ksslkeygen.cc \ - ksslx509v3.cc \ - ksslsigners.cc \ - ksslpkcs7.cc \ - ksslpemcallback.cc \ - ksslx509map.cc \ - ksslsession.cc \ + kssl.cpp \ + ksslcertificatehome.cpp \ + ksslsettings.cpp \ + ksslcertificate.cpp \ + ksslconnectioninfo.cpp \ + ksslcertificatefactory.cpp \ + ksslcertificatecache.cpp \ + ksslpeerinfo.cpp \ + ksslinfodlg.cpp \ + ksslcertdlg.cpp \ + ksslutils.cpp \ + kopenssl.cpp \ + ksslpkcs12.cpp \ + ksslcertchain.cpp \ + ksslkeygen.cpp \ + ksslx509v3.cpp \ + ksslsigners.cpp \ + ksslpkcs7.cpp \ + ksslpemcallback.cpp \ + ksslx509map.cpp \ + ksslsession.cpp \ keygenwizard.ui \ keygenwizard2.ui \ - ksmimecrypto.cc \ - ksslcsessioncache.cc + ksmimecrypto.cpp \ + ksslcsessioncache.cpp SUBDIRS = kssl diff --git a/tdeio/kssl/kopenssl.cc b/tdeio/kssl/kopenssl.cc deleted file mode 100644 index a009bd7e9..000000000 --- a/tdeio/kssl/kopenssl.cc +++ /dev/null @@ -1,2123 +0,0 @@ -/* This file is part of the KDE libraries - Copyright (C) 2001-2003 George Staikos - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License version 2 as published by the Free Software Foundation. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public License - along with this library; see the file COPYING.LIB. If not, write to - the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. -*/ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#ifdef KSSL_HAVE_SSL -#include -#endif - -#include -#include -#include -#include - -#include -#include -#include "kopenssl.h" - -#define GET_CRYPTOLIB_SYMBOL(a) ((_cryptoLib->hasSymbol(a)) ? _cryptoLib->symbol(a) : NULL) -#define GET_SSLLIB_SYMBOL(a) ((_sslLib->hasSymbol(a)) ? _sslLib->symbol(a) : NULL) - -// taken from OpenSSL 1.1 header, used to call OPENSSL_init_crypto -#if !defined(OPENSSL_INIT_ADD_ALL_CIPHERS) -# define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L -# define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L -# define OPENSSL_INIT_LOAD_CONFIG 0x00000040L -#endif - -extern "C" { -#ifdef KSSL_HAVE_SSL -static int (*K_SSL_connect) (SSL *) = 0L; -static int (*K_SSL_accept) (SSL *) = 0L; -static int (*K_SSL_read) (SSL *, void *, int) = 0L; -static int (*K_SSL_write) (SSL *, const void *, int) = 0L; -static SSL *(*K_SSL_new) (SSL_CTX *) = 0L; -static void (*K_SSL_free) (SSL *) = 0L; -static int (*K_SSL_shutdown) (SSL *) = 0L; -static SSL_CTX *(*K_SSL_CTX_new)(SSL_METHOD *) = 0L; -static void (*K_SSL_CTX_free) (SSL_CTX *) = 0L; -static int (*K_SSL_set_fd) (SSL *, int) = 0L; -static int (*K_SSL_pending) (SSL *) = 0L; -static int (*K_SSL_peek) (SSL *, void *, int) = 0L; -static int (*K_SSL_CTX_set_cipher_list)(SSL_CTX *, const char *) = 0L; -static void (*K_SSL_CTX_set_verify)(SSL_CTX *, int, - int (*)(int, X509_STORE_CTX *)) = 0L; -static int (*K_SSL_use_certificate)(SSL *, X509 *) = 0L; -static SSL_CIPHER *(*K_SSL_get_current_cipher)(SSL *) = 0L; -static long (*K_SSL_set_options)(SSL *ssl, long options) = 0L; -static int (*K_SSL_session_reused)(SSL *ssl) = 0L; -static long (*K_SSL_ctrl) (SSL *,int, long, void *) = 0L; -static int (*K_RAND_egd) (const char *) = 0L; -static const char* (*K_RAND_file_name) (char *, size_t) = 0L; -static int (*K_RAND_load_file) (const char *, long) = 0L; -static int (*K_RAND_write_file) (const char *) = 0L; -static SSL_METHOD * (*K_TLSv1_client_method) () = 0L; -static SSL_METHOD * (*K_SSLv2_client_method) () = 0L; -static SSL_METHOD * (*K_SSLv3_client_method) () = 0L; -static SSL_METHOD * (*K_TLS_client_method) () = 0L; -static X509 * (*K_SSL_get_peer_certificate) (SSL *) = 0L; -static int (*K_SSL_CIPHER_get_bits) (SSL_CIPHER *,int *) = 0L; -static char * (*K_SSL_CIPHER_get_version) (SSL_CIPHER *) = 0L; -static const char * (*K_SSL_CIPHER_get_name) (SSL_CIPHER *) = 0L; -static char * (*K_SSL_CIPHER_description) (SSL_CIPHER *, char *, int) = 0L; -static X509 * (*K_d2i_X509) (X509 **,unsigned char **,long) = 0L; -static X509_CRL * (*K_d2i_X509_CRL) (X509_CRL **,unsigned char **,long) = 0L; -static int (*K_i2d_X509) (X509 *,unsigned char **) = 0L; -static int (*K_X509_cmp) (X509 *, X509 *) = 0L; -static int (*K_X509_subject_name_cmp) (const X509 *, const X509 *) = 0L; -static void (*K_X509_STORE_CTX_free) (X509_STORE_CTX *) = 0L; -static int (*K_X509_verify_cert) (X509_STORE_CTX *) = 0L; -static X509_STORE_CTX *(*K_X509_STORE_CTX_new) (void) = 0L; -static void (*K_X509_STORE_free) (X509_STORE *) = 0L; -static X509_STORE *(*K_X509_STORE_new) (void) = 0L; -static void (*K_X509_free) (X509 *) = 0L; -static void (*K_X509_CRL_free) (X509_CRL *) = 0L; -static char *(*K_X509_NAME_oneline) (X509_NAME *,char *,int) = 0L; -static X509_NAME *(*K_X509_get_subject_name) (X509 *) = 0L; -static X509_NAME *(*K_X509_get_issuer_name) (X509 *) = 0L; -static X509_LOOKUP *(*K_X509_STORE_add_lookup) (X509_STORE *, X509_LOOKUP_METHOD *) = 0L; -static X509_LOOKUP_METHOD *(*K_X509_LOOKUP_file)(void) = 0L; -static void (*K_X509_LOOKUP_free)(X509_LOOKUP *) = 0L; -static int (*K_X509_LOOKUP_ctrl)(X509_LOOKUP *, int, const char *, long, char **) = 0L; -static void (*K_X509_STORE_CTX_init)(X509_STORE_CTX *, X509_STORE *, X509 *, STACK_OF(X509) *) = 0L; -static void (*K_CRYPTO_free) (void *) = 0L; -static X509* (*K_X509_dup) (X509 *) = 0L; -static void (*K_X509_get0_signature)(const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg, const X509 *x) = 0L; -static BIO_METHOD *(*K_BIO_s_mem) (void) = 0L; -static BIO* (*K_BIO_new) (BIO_METHOD *) = 0L; -static BIO* (*K_BIO_new_fp) (FILE *, int) = 0L; -static BIO* (*K_BIO_new_mem_buf) (void *, int) = 0L; -static int (*K_BIO_free) (BIO *) = 0L; -static long (*K_BIO_ctrl) (BIO *,int,long,void *) = 0L; -static int (*K_BIO_write) (BIO *b, const void *data, int len) = 0L; -static void* (*K_BIO_get_data) (BIO *a) = 0L; -static int (*K_PEM_ASN1_write_bio) (int (*)(),const char *,BIO *,char *, - const EVP_CIPHER *,unsigned char *,int , - pem_password_cb *, void *) = 0L; -#if OPENSSL_VERSION_NUMBER >= 0x10000000L -static int (*K_ASN1_item_i2d_fp)(ASN1_ITEM *,FILE *,unsigned char *) = 0L; -static ASN1_ITEM *K_NETSCAPE_X509_it = 0L; -#else -static ASN1_METHOD* (*K_X509_asn1_meth) (void) = 0L; -static int (*K_ASN1_i2d_fp)(int (*)(),FILE *,unsigned char *) = 0L; -static int (*K_i2d_ASN1_HEADER)(ASN1_HEADER *, unsigned char **) = 0L; -#endif -static int (*K_X509_print_fp) (FILE *, X509*) = 0L; -static int (*K_i2d_PKCS12) (PKCS12*, unsigned char**) = 0L; -static int (*K_i2d_PKCS12_fp) (FILE *, PKCS12*) = 0L; -static int (*K_PKCS12_newpass) (PKCS12*, char*, char*) = 0L; -static PKCS12* (*K_d2i_PKCS12_fp) (FILE*, PKCS12**) = 0L; -static PKCS12* (*K_PKCS12_new) (void) = 0L; -static void (*K_PKCS12_free) (PKCS12 *) = 0L; -static int (*K_PKCS12_parse) (PKCS12*, const char *, EVP_PKEY**, - X509**, STACK_OF(X509)**) = 0L; -static void (*K_EVP_PKEY_free) (EVP_PKEY *) = 0L; -static EVP_PKEY* (*K_EVP_PKEY_new) () = 0L; -static int (*K_EVP_PKEY_base_id)(const EVP_PKEY *pkey) = 0L; -static RSA* (*K_EVP_PKEY_get0_RSA)(EVP_PKEY *pkey) = 0L; -static DSA* (*K_EVP_PKEY_get0_DSA)(EVP_PKEY *pkey) = 0L; -static void (*K_X509_REQ_free) (X509_REQ *) = 0L; -static X509_REQ* (*K_X509_REQ_new) () = 0L; -static int (*K_SSL_CTX_use_PrivateKey) (SSL_CTX*, EVP_PKEY*) = 0L; -static int (*K_SSL_CTX_use_certificate) (SSL_CTX*, X509*) = 0L; -static int (*K_SSL_get_error) (SSL*, int) = 0L; -static STACK_OF(X509)* (*K_SSL_get_peer_cert_chain) (SSL*) = 0L; -static void (*K_X509_STORE_CTX_set0_untrusted) (X509_STORE_CTX *, STACK_OF(X509)*) = 0L; -static void (*K_X509_STORE_CTX_set_purpose) (X509_STORE_CTX *, int) = 0L; -static void (*K_sk_free) (STACK*) = 0L; -static int (*K_sk_num) (STACK*) = 0L; -static char* (*K_sk_pop) (STACK*) = 0L; -static char* (*K_sk_value) (STACK*, int) = 0L; -static STACK* (*K_sk_new) (int (*)()) = 0L; -static int (*K_sk_push) (STACK*, char*) = 0L; -static STACK* (*K_sk_dup) (const STACK *) = 0L; -static char * (*K_i2s_ASN1_INTEGER) (X509V3_EXT_METHOD *, ASN1_INTEGER *) =0L; -static ASN1_INTEGER * (*K_X509_get_serialNumber) (X509 *) = 0L; -static EVP_PKEY *(*K_X509_get_pubkey)(X509 *) = 0L; -static int (*K_i2d_PublicKey)(EVP_PKEY *, unsigned char **) = 0L; -static int (*K_X509_check_private_key)(X509 *, EVP_PKEY *) = 0L; -static char * (*K_BN_bn2hex)(const BIGNUM *) = 0L; -static int (*K_X509_digest)(const X509 *,const EVP_MD *, unsigned char *, unsigned int *) = 0L; -static EVP_MD* (*K_EVP_md5)() = 0L; -static void (*K_ASN1_INTEGER_free)(ASN1_INTEGER *) = 0L; -static int (*K_OBJ_obj2nid)(ASN1_OBJECT *) = 0L; -static const char * (*K_OBJ_nid2ln)(int) = 0L; -static int (*K_X509_get_ext_count)(X509*) = 0L; -static int (*K_X509_get_ext_by_NID)(X509*, int, int) = 0L; -static int (*K_X509_get_ext_by_OBJ)(X509*,ASN1_OBJECT*,int) = 0L; -static X509_EXTENSION *(*K_X509_get_ext)(X509*, int loc) = 0L; -static X509_EXTENSION *(*K_X509_delete_ext)(X509*, int) = 0L; -static int (*K_X509_add_ext)(X509*, X509_EXTENSION*, int) = 0L; -static void *(*K_X509_get_ext_d2i)(X509*, int, int*, int*) = 0L; -static char *(*K_i2s_ASN1_OCTET_STRING)(X509V3_EXT_METHOD*, ASN1_OCTET_STRING*) = 0L; -static int (*K_ASN1_BIT_STRING_get_bit)(ASN1_BIT_STRING*, int) = 0L; -static PKCS7 *(*K_PKCS7_new)() = 0L; -static void (*K_PKCS7_free)(PKCS7*) = 0L; -static void (*K_PKCS7_content_free)(PKCS7*) = 0L; -static int (*K_i2d_PKCS7)(PKCS7*, unsigned char**) = 0L; -static PKCS7 *(*K_d2i_PKCS7)(PKCS7**, unsigned char**,long) = 0L; -static int (*K_i2d_PKCS7_fp)(FILE*,PKCS7*) = 0L; -static PKCS7* (*K_d2i_PKCS7_fp)(FILE*,PKCS7**) = 0L; -static int (*K_i2d_PKCS7_bio)(BIO *bp,PKCS7 *p7) = 0L; -static PKCS7 *(*K_d2i_PKCS7_bio)(BIO *bp,PKCS7 **p7) = 0L; -static PKCS7* (*K_PKCS7_dup)(PKCS7*) = 0L; -static STACK_OF(X509_NAME) *(*K_SSL_load_client_CA_file)(const char*) = 0L; -static STACK_OF(X509_INFO) *(*K_PEM_X509_INFO_read)(FILE*, STACK_OF(X509_INFO)*, pem_password_cb*, void*) = 0L; -static char *(*K_ASN1_d2i_fp)(char *(*)(),char *(*)(),FILE*,unsigned char**) = 0L; -static X509 *(*K_X509_new)() = 0L; -static int (*K_X509_PURPOSE_get_count)() = 0L; -static int (*K_X509_PURPOSE_get_id)(X509_PURPOSE *) = 0L; -static int (*K_X509_check_purpose)(X509*,int,int) = 0L; -static X509_PURPOSE* (*K_X509_PURPOSE_get0)(int) = 0L; -static int (*K_EVP_PKEY_assign)(EVP_PKEY*, int, char*) = 0L; -static int (*K_X509_REQ_set_pubkey)(X509_REQ*, EVP_PKEY*) = 0L; -static void (*K_RSA_get0_key)(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) = 0L; -static RSA *(*K_RSA_generate_key)(int, unsigned long, void (*)(int,int,void *), void *) = 0L; -static void (*K_DSA_get0_pqg)(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) = 0L; -static void (*K_DSA_get0_key)(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) = 0L; -static int (*K_i2d_X509_REQ_fp)(FILE*, X509_REQ*) = 0L; -static void (*K_ERR_clear_error)() = 0L; -static unsigned long (*K_ERR_get_error)() = 0L; -static void (*K_ERR_print_errors_fp)(FILE*) = 0L; -static PKCS7 *(*K_PKCS7_sign)(X509*, EVP_PKEY*, STACK_OF(X509)*, BIO*, int) = 0L; -static int (*K_PKCS7_verify)(PKCS7*,STACK_OF(X509)*,X509_STORE*,BIO*,BIO*,int) = 0L; -static STACK_OF(X509) *(*K_PKCS7_get0_signers)(PKCS7 *, STACK_OF(X509) *, int) = 0L; -static PKCS7 *(*K_PKCS7_encrypt)(STACK_OF(X509) *, BIO *, EVP_CIPHER *, int) = 0L; -static int (*K_PKCS7_decrypt)(PKCS7 *, EVP_PKEY *, X509 *, BIO *, int) = 0L; -static SSL_SESSION* (*K_SSL_get1_session)(SSL*) = 0L; -static void (*K_SSL_SESSION_free)(SSL_SESSION*) = 0L; -static int (*K_SSL_set_session)(SSL*,SSL_SESSION*) = 0L; -static SSL_SESSION* (*K_d2i_SSL_SESSION)(SSL_SESSION**,unsigned char**, long) = 0L; -static int (*K_i2d_SSL_SESSION)(SSL_SESSION*,unsigned char**) = 0L; -static STACK *(*K_X509_get1_email)(X509 *x) = 0L; -static void (*K_X509_email_free)(STACK *sk) = 0L; -static EVP_CIPHER *(*K_EVP_des_ede3_cbc)() = 0L; -static EVP_CIPHER *(*K_EVP_des_cbc)() = 0L; -static EVP_CIPHER *(*K_EVP_rc2_cbc)() = 0L; -static EVP_CIPHER *(*K_EVP_rc2_64_cbc)() = 0L; -static EVP_CIPHER *(*K_EVP_rc2_40_cbc)() = 0L; -static int (*K_i2d_PrivateKey_fp)(FILE*,EVP_PKEY*) = 0L; -static int (*K_i2d_PKCS8PrivateKey_fp)(FILE*, EVP_PKEY*, const EVP_CIPHER*, char*, int, pem_password_cb*, void*) = 0L; -static void (*K_RSA_free)(RSA*) = 0L; -static EVP_CIPHER *(*K_EVP_bf_cbc)() = 0L; -static int (*K_X509_REQ_sign)(X509_REQ*, EVP_PKEY*, const EVP_MD*) = 0L; -static int (*K_X509_NAME_add_entry_by_txt)(X509_NAME*, char*, int, unsigned char*, int, int, int) = 0L; -static X509_NAME *(*K_X509_NAME_new)() = 0L; -static int (*K_X509_REQ_set_subject_name)(X509_REQ*,X509_NAME*) = 0L; -static unsigned char *(*K_ASN1_STRING_data)(ASN1_STRING*) = 0L; -static int (*K_ASN1_STRING_length)(ASN1_STRING*) = 0L; -static STACK_OF(SSL_CIPHER) *(*K_SSL_get_ciphers)(const SSL *ssl) = 0L; -static const ASN1_TIME* (*K_X509_CRL_get0_lastUpdate)(const X509_CRL *crl) = 0L; -static const ASN1_TIME* (*K_X509_CRL_get0_nextUpdate)(const X509_CRL *crl) = 0L; -static X509* (*K_X509_STORE_CTX_get_current_cert)(X509_STORE_CTX *ctx) = 0L; -static int (*K_X509_STORE_CTX_get_error)(X509_STORE_CTX *ctx) = 0L; -static int (*K_X509_STORE_CTX_get_error_depth)(X509_STORE_CTX *ctx) = 0L; -static void (*K_X509_STORE_CTX_set_error)(X509_STORE_CTX *ctx, int s) = 0L; -static void (*K_X509_STORE_set_verify_cb)(X509_STORE *ctx, - X509_STORE_CTX_verify_cb verify_cb) = 0L; -static STACK_OF(X509_OBJECT)* (*K_X509_STORE_get0_objects)(X509_STORE *v) = 0L; -static X509_LOOKUP_TYPE (*K_X509_OBJECT_get_type)(const X509_OBJECT *a) = 0L; -static X509* (*K_X509_OBJECT_get0_X509)(const X509_OBJECT *a) = 0L; -static ASN1_TIME* (*K_X509_getm_notAfter)(const X509 *x) = 0L; -static ASN1_TIME* (*K_X509_getm_notBefore)(const X509 *x) = 0L; -#endif -} - - -bool KOpenSSLProxy::hasLibSSL() const { - return _sslLib != 0L; -} - - -bool KOpenSSLProxy::hasLibCrypto() const { - return _cryptoLib != 0L; -} - - -void KOpenSSLProxy::destroy() { - delete this; - _me = 0L; -} - -#ifdef __OpenBSD__ -#include -#include -#include - -static TQString findMostRecentLib(TQString dir, TQString name) -{ - // Grab all shared libraries in the directory - TQString filter = "lib"+name+".so.*"; - TQDir d(dir, filter); - if (!d.exists()) - return 0L; - TQStringList l = d.entryList(); - - // Find the best one - int bestmaj = -1; - int bestmin = -1; - TQString best = 0L; - // where do we start - uint s = filter.length()-1; - for (TQStringList::Iterator it = l.begin(); it != l.end(); ++it) { - TQString numberpart = (*it).mid(s); - uint endmaj = numberpart.find('.'); - if (endmaj == -1) - continue; - bool ok; - int maj = numberpart.left(endmaj).toInt(&ok); - if (!ok) - continue; - int min = numberpart.mid(endmaj+1).toInt(&ok); - if (!ok) - continue; - if (maj > bestmaj || (maj == bestmaj && min > bestmin)) { - bestmaj = maj; - bestmin = min; - best = (*it); - } - } - if (best.isNull()) - return 0L; - else - return dir+"/"+best; -} -#endif - - -KOpenSSLProxy::KOpenSSLProxy() { -KLibLoader *ll = KLibLoader::self(); -_ok = false; -TQStringList libpaths, libnamesc, libnamess; -TDEConfig *cfg; - - _cryptoLib = 0L; - _sslLib = 0L; - - cfg = new TDEConfig("cryptodefaults", false, false); - cfg->setGroup("OpenSSL"); - TQString upath = cfg->readPathEntry("Path"); - if (!upath.isEmpty()) - libpaths << upath; - - delete cfg; - -#ifdef __OpenBSD__ - { - TQString libname = findMostRecentLib("/usr/" SYSTEM_LIBDIR, "crypto"); - if (!libname.isNull()) - _cryptoLib = ll->globalLibrary(libname.latin1()); - } -#elif defined(__CYGWIN__) - libpaths << "/usr/bin/" - << "/usr/local/bin" - << "/usr/local/openssl/bin" - << "/opt/openssl/bin" - << "/opt/trinity/bin" - << ""; - - libnamess << "cygssl-0.9.7.dll" - << "cygssl.dll" - << "libssl.dll" - << ""; - - libnamesc << "cygcrypto.dll" - << "libcrypto.dll" - << ""; -#else - libpaths - #ifdef _AIX - << "/opt/freeware/lib/" - #endif - << "/usr/" SYSTEM_LIBDIR "/" - << "/usr/ssl/" SYSTEM_LIBDIR "/" - << "/usr/local/" SYSTEM_LIBDIR "/" - << "/usr/local/openssl/" SYSTEM_LIBDIR "/" - << "/usr/local/ssl/" SYSTEM_LIBDIR "/" - << "/opt/openssl/" SYSTEM_LIBDIR "/" - << "/" SYSTEM_LIBDIR "/" - << ""; - -// FIXME: #define here for the various OS types to optimize - libnamess - #ifdef hpux - << "libssl.sl" - #elif defined(_AIX) - << "libssl.a(libssl.so.0)" - #elif defined(__APPLE__) - << "libssl.dylib" - << "libssl.0.9.dylib" - #else - #ifdef SHLIB_VERSION_NUMBER - << "libssl.so." SHLIB_VERSION_NUMBER - #endif - << "libssl.so" - << "libssl.so.0" - #endif - ; - - libnamesc - #ifdef hpux - << "libcrypto.sl" - #elif defined(_AIX) - << "libcrypto.a(libcrypto.so.0)" - #elif defined(__APPLE__) - << "libcrypto.dylib" - << "libcrypto.0.9.dylib" - #else - #ifdef SHLIB_VERSION_NUMBER - << "libcrypto.so." SHLIB_VERSION_NUMBER - #endif - << "libcrypto.so" - << "libcrypto.so.0" - #endif - ; -#endif - - for (TQStringList::Iterator it = libpaths.begin(); - it != libpaths.end(); - ++it) { - for (TQStringList::Iterator shit = libnamesc.begin(); - shit != libnamesc.end(); - ++shit) { - TQString alib = *it; - if (!alib.isEmpty() && !alib.endsWith("/")) - alib += "/"; - alib += *shit; - TQString tmpStr(alib.latin1()); - tmpStr.replace(TQRegExp("\\(.*\\)"), ""); - if (!access(tmpStr.latin1(), R_OK)) - _cryptoLib = ll->globalLibrary(alib.latin1()); - if (_cryptoLib) break; - } - if (_cryptoLib) break; - } - - if (_cryptoLib) { -#ifdef KSSL_HAVE_SSL - K_X509_free = (void (*) (X509 *)) GET_CRYPTOLIB_SYMBOL("X509_free"); - K_X509_CRL_free = (void (*) (X509_CRL *)) GET_CRYPTOLIB_SYMBOL("X509_CRL_free"); - K_RAND_egd = (int (*)(const char *)) GET_CRYPTOLIB_SYMBOL("RAND_egd"); - K_RAND_load_file = (int (*)(const char *, long)) GET_CRYPTOLIB_SYMBOL("RAND_load_file"); - K_RAND_file_name = (const char* (*)(char *, size_t)) GET_CRYPTOLIB_SYMBOL("RAND_file_name"); - K_RAND_write_file = (int (*)(const char *)) GET_CRYPTOLIB_SYMBOL("RAND_write_file"); - K_CRYPTO_free = (void (*) (void *)) GET_CRYPTOLIB_SYMBOL("CRYPTO_free"); - K_d2i_X509 = (X509 * (*)(X509 **,unsigned char **,long)) GET_CRYPTOLIB_SYMBOL("d2i_X509"); - K_d2i_X509_CRL = (X509_CRL * (*)(X509_CRL **,unsigned char **,long)) GET_CRYPTOLIB_SYMBOL("d2i_X509_CRL"); - K_i2d_X509 = (int (*)(X509 *,unsigned char **)) GET_CRYPTOLIB_SYMBOL("i2d_X509"); - K_X509_cmp = (int (*)(X509 *, X509 *)) GET_CRYPTOLIB_SYMBOL("X509_cmp"); - K_X509_subject_name_cmp = (int (*)(const X509 *, const X509 *)) GET_CRYPTOLIB_SYMBOL("X509_subject_name_cmp"); - K_X509_STORE_CTX_new = (X509_STORE_CTX * (*) (void)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_new"); - K_X509_STORE_CTX_free = (void (*) (X509_STORE_CTX *)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_free"); - K_X509_verify_cert = (int (*) (X509_STORE_CTX *)) GET_CRYPTOLIB_SYMBOL("X509_verify_cert"); - K_X509_STORE_new = (X509_STORE * (*) (void)) GET_CRYPTOLIB_SYMBOL("X509_STORE_new"); - K_X509_STORE_free = (void (*) (X509_STORE *)) GET_CRYPTOLIB_SYMBOL("X509_STORE_free"); - K_X509_NAME_oneline = (char * (*) (X509_NAME *,char *,int)) GET_CRYPTOLIB_SYMBOL("X509_NAME_oneline"); - K_X509_get_subject_name = (X509_NAME * (*) (X509 *)) GET_CRYPTOLIB_SYMBOL("X509_get_subject_name"); - K_X509_get_issuer_name = (X509_NAME * (*) (X509 *)) GET_CRYPTOLIB_SYMBOL("X509_get_issuer_name"); - K_X509_STORE_add_lookup = (X509_LOOKUP *(*) (X509_STORE *, X509_LOOKUP_METHOD *)) GET_CRYPTOLIB_SYMBOL("X509_STORE_add_lookup"); - K_X509_LOOKUP_file = (X509_LOOKUP_METHOD *(*)(void)) GET_CRYPTOLIB_SYMBOL("X509_LOOKUP_file"); - K_X509_LOOKUP_free = (void (*)(X509_LOOKUP *)) GET_CRYPTOLIB_SYMBOL("X509_LOOKUP_free"); - K_X509_LOOKUP_ctrl = (int (*)(X509_LOOKUP *, int, const char *, long, char **)) GET_CRYPTOLIB_SYMBOL("X509_LOOKUP_ctrl"); - K_X509_STORE_CTX_init = (void (*)(X509_STORE_CTX *, X509_STORE *, X509 *, STACK_OF(X509) *)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_init"); - K_X509_dup = (X509* (*)(X509*)) GET_CRYPTOLIB_SYMBOL("X509_dup"); - K_X509_get0_signature = (void (*)(const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg, const X509 *x)) GET_CRYPTOLIB_SYMBOL("X509_get0_signature"); - K_BIO_s_mem = (BIO_METHOD *(*) (void)) GET_CRYPTOLIB_SYMBOL("BIO_s_mem"); - K_BIO_new = (BIO* (*)(BIO_METHOD *)) GET_CRYPTOLIB_SYMBOL("BIO_new"); - K_BIO_new_fp = (BIO* (*)(FILE*, int)) GET_CRYPTOLIB_SYMBOL("BIO_new_fp"); - K_BIO_new_mem_buf = (BIO* (*)(void *, int)) GET_CRYPTOLIB_SYMBOL("BIO_new_mem_buf"); - K_BIO_free = (int (*)(BIO*)) GET_CRYPTOLIB_SYMBOL("BIO_free"); - K_BIO_ctrl = (long (*) (BIO *,int,long,void *)) GET_CRYPTOLIB_SYMBOL("BIO_ctrl"); - K_BIO_write = (int (*) (BIO *b, const void *data, int len)) GET_CRYPTOLIB_SYMBOL("BIO_write"); - K_BIO_get_data = (void* (*)(BIO *a)) GET_CRYPTOLIB_SYMBOL("BIO_get_data"); - K_PEM_ASN1_write_bio = (int (*)(int (*)(), const char *,BIO*, char*, const EVP_CIPHER *, unsigned char *, int, pem_password_cb *, void *)) GET_CRYPTOLIB_SYMBOL("PEM_ASN1_write_bio"); -#if OPENSSL_VERSION_NUMBER >= 0x10000000L - K_ASN1_item_i2d_fp = (int (*)(ASN1_ITEM *, FILE*, unsigned char *)) GET_CRYPTOLIB_SYMBOL("ASN1_item_i2d_fp"); - K_NETSCAPE_X509_it = (ASN1_ITEM *) GET_CRYPTOLIB_SYMBOL("NETSCAPE_X509_it"); -#else - K_X509_asn1_meth = (ASN1_METHOD* (*)(void)) GET_CRYPTOLIB_SYMBOL("X509_asn1_meth"); - K_ASN1_i2d_fp = (int (*)(int (*)(), FILE*, unsigned char *)) GET_CRYPTOLIB_SYMBOL("ASN1_i2d_fp"); - K_i2d_ASN1_HEADER = (int (*)(ASN1_HEADER *, unsigned char **)) GET_CRYPTOLIB_SYMBOL("i2d_ASN1_HEADER"); -#endif - K_X509_print_fp = (int (*)(FILE*, X509*)) GET_CRYPTOLIB_SYMBOL("X509_print_fp"); - K_i2d_PKCS12 = (int (*)(PKCS12*, unsigned char**)) GET_CRYPTOLIB_SYMBOL("i2d_PKCS12"); - K_i2d_PKCS12_fp = (int (*)(FILE *, PKCS12*)) GET_CRYPTOLIB_SYMBOL("i2d_PKCS12_fp"); - K_PKCS12_newpass = (int (*)(PKCS12*, char*, char*)) GET_CRYPTOLIB_SYMBOL("PKCS12_newpass"); - K_d2i_PKCS12_fp = (PKCS12* (*)(FILE*, PKCS12**)) GET_CRYPTOLIB_SYMBOL("d2i_PKCS12_fp"); - K_PKCS12_new = (PKCS12* (*)()) GET_CRYPTOLIB_SYMBOL("PKCS12_new"); - K_PKCS12_free = (void (*)(PKCS12 *)) GET_CRYPTOLIB_SYMBOL("PKCS12_free"); - K_PKCS12_parse = (int (*)(PKCS12*, const char *, EVP_PKEY**, - X509**, STACK_OF(X509)**)) GET_CRYPTOLIB_SYMBOL("PKCS12_parse"); - K_EVP_PKEY_free = (void (*) (EVP_PKEY *)) GET_CRYPTOLIB_SYMBOL("EVP_PKEY_free"); - K_EVP_PKEY_new = (EVP_PKEY* (*)()) GET_CRYPTOLIB_SYMBOL("EVP_PKEY_new"); - K_EVP_PKEY_base_id = (int (*)(const EVP_PKEY *pkey)) GET_CRYPTOLIB_SYMBOL("EVP_PKEY_base_id"); - K_EVP_PKEY_get0_RSA = (RSA* (*)(EVP_PKEY *pkey)) GET_CRYPTOLIB_SYMBOL("EVP_PKEY_get0_RSA"); - K_EVP_PKEY_get0_DSA = (DSA* (*)(EVP_PKEY *pkey)) GET_CRYPTOLIB_SYMBOL("EVP_PKEY_get0_DSA"); - K_X509_REQ_free = (void (*)(X509_REQ*)) GET_CRYPTOLIB_SYMBOL("X509_REQ_free"); - K_X509_REQ_new = (X509_REQ* (*)()) GET_CRYPTOLIB_SYMBOL("X509_REQ_new"); - K_X509_STORE_CTX_set0_untrusted = (void (*)(X509_STORE_CTX *, STACK_OF(X509)*)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_set0_untrusted"); - if (!K_X509_STORE_CTX_set0_untrusted) K_X509_STORE_CTX_set0_untrusted = (void (*)(X509_STORE_CTX *, STACK_OF(X509)*)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_set_chain"); - K_X509_STORE_CTX_set_purpose = (void (*)(X509_STORE_CTX *, int)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_set_purpose"); - K_sk_free = (void (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_free"); - if (!K_sk_free) K_sk_free = (void (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("sk_free"); - K_sk_num = (int (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_num"); - if (!K_sk_num) K_sk_num = (int (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("sk_num"); - K_sk_pop = (char* (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_pop"); - if (!K_sk_pop) K_sk_pop = (char* (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("sk_pop"); - K_sk_value = (char* (*) (STACK *, int)) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_value"); - if (!K_sk_value) K_sk_value = (char* (*) (STACK *, int)) GET_CRYPTOLIB_SYMBOL("sk_value"); - K_sk_new = (STACK* (*) (int (*)())) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_new"); - if (!K_sk_new) K_sk_new = (STACK* (*) (int (*)())) GET_CRYPTOLIB_SYMBOL("sk_new"); - K_sk_push = (int (*) (STACK*, char*)) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_push"); - if (!K_sk_push) K_sk_push = (int (*) (STACK*, char*)) GET_CRYPTOLIB_SYMBOL("sk_push"); - K_sk_dup = (STACK* (*) (const STACK *)) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_dup"); - if (!K_sk_dup) K_sk_dup = (STACK* (*) (const STACK *)) GET_CRYPTOLIB_SYMBOL("sk_dup"); - K_i2s_ASN1_INTEGER = (char *(*) (X509V3_EXT_METHOD *, ASN1_INTEGER *)) GET_CRYPTOLIB_SYMBOL("i2s_ASN1_INTEGER"); - K_X509_get_serialNumber = (ASN1_INTEGER * (*) (X509 *)) GET_CRYPTOLIB_SYMBOL("X509_get_serialNumber"); - K_X509_get_pubkey = (EVP_PKEY *(*)(X509 *)) GET_CRYPTOLIB_SYMBOL("X509_get_pubkey"); - K_i2d_PublicKey = (int (*)(EVP_PKEY *, unsigned char **)) GET_CRYPTOLIB_SYMBOL("i2d_PublicKey"); - K_X509_check_private_key = (int (*)(X509 *, EVP_PKEY *)) GET_CRYPTOLIB_SYMBOL("X509_check_private_key"); - K_BN_bn2hex = (char *(*)(const BIGNUM *)) GET_CRYPTOLIB_SYMBOL("BN_bn2hex"); - K_X509_digest = (int (*)(const X509 *,const EVP_MD *, unsigned char *, unsigned int *)) GET_CRYPTOLIB_SYMBOL("X509_digest"); - K_EVP_md5 = (EVP_MD *(*)()) GET_CRYPTOLIB_SYMBOL("EVP_md5"); - K_ASN1_INTEGER_free = (void (*)(ASN1_INTEGER *)) GET_CRYPTOLIB_SYMBOL("ASN1_INTEGER_free"); - K_OBJ_obj2nid = (int (*)(ASN1_OBJECT *)) GET_CRYPTOLIB_SYMBOL("OBJ_obj2nid"); - K_OBJ_nid2ln = (const char *(*)(int)) GET_CRYPTOLIB_SYMBOL("OBJ_nid2ln"); - K_X509_get_ext_count = (int (*)(X509*)) GET_CRYPTOLIB_SYMBOL("X509_get_ext_count"); - K_X509_get_ext_by_NID = (int (*)(X509*,int,int)) GET_CRYPTOLIB_SYMBOL("X509_get_ext_by_NID"); - K_X509_get_ext_by_OBJ = (int (*)(X509*,ASN1_OBJECT*,int)) GET_CRYPTOLIB_SYMBOL("X509_get_ext_by_OBJ"); - K_X509_get_ext = (X509_EXTENSION* (*)(X509*,int)) GET_CRYPTOLIB_SYMBOL("X509_get_ext"); - K_X509_delete_ext = (X509_EXTENSION* (*)(X509*,int)) GET_CRYPTOLIB_SYMBOL("X509_delete_ext"); - K_X509_add_ext = (int (*)(X509*,X509_EXTENSION*,int)) GET_CRYPTOLIB_SYMBOL("X509_add_ext"); - K_X509_get_ext_d2i = (void* (*)(X509*,int,int*,int*)) GET_CRYPTOLIB_SYMBOL("X509_get_ext_d2i"); - K_i2s_ASN1_OCTET_STRING = (char *(*)(X509V3_EXT_METHOD*,ASN1_OCTET_STRING*)) GET_CRYPTOLIB_SYMBOL("i2s_ASN1_OCTET_STRING"); - K_ASN1_BIT_STRING_get_bit = (int (*)(ASN1_BIT_STRING*,int)) GET_CRYPTOLIB_SYMBOL("ASN1_BIT_STRING_get_bit"); - K_PKCS7_new = (PKCS7 *(*)()) GET_CRYPTOLIB_SYMBOL("PKCS7_new"); - K_PKCS7_free = (void (*)(PKCS7*)) GET_CRYPTOLIB_SYMBOL("PKCS7_free"); - K_PKCS7_content_free = (void (*)(PKCS7*)) GET_CRYPTOLIB_SYMBOL("PKCS7_content_free"); - K_i2d_PKCS7 = (int (*)(PKCS7*, unsigned char**)) GET_CRYPTOLIB_SYMBOL("i2d_PKCS7"); - K_i2d_PKCS7_fp = (int (*)(FILE*,PKCS7*)) GET_CRYPTOLIB_SYMBOL("i2d_PKCS7_fp"); - K_i2d_PKCS7_bio = (int (*)(BIO *bp,PKCS7 *p7)) GET_CRYPTOLIB_SYMBOL("i2d_PKCS7_bio"); - K_d2i_PKCS7 = (PKCS7* (*)(PKCS7**,unsigned char**,long)) GET_CRYPTOLIB_SYMBOL("d2i_PKCS7"); - K_d2i_PKCS7_fp = (PKCS7 *(*)(FILE *,PKCS7**)) GET_CRYPTOLIB_SYMBOL("d2i_PKCS7_fp"); - K_d2i_PKCS7_bio = (PKCS7 *(*)(BIO *bp,PKCS7 **p7)) GET_CRYPTOLIB_SYMBOL("d2i_PKCS7_bio"); - K_PKCS7_dup = (PKCS7* (*)(PKCS7*)) GET_CRYPTOLIB_SYMBOL("PKCS7_dup"); - K_PKCS7_sign = (PKCS7 *(*)(X509*, EVP_PKEY*, STACK_OF(X509)*, BIO*, int)) GET_CRYPTOLIB_SYMBOL("PKCS7_sign"); - K_PKCS7_verify = (int (*)(PKCS7*,STACK_OF(X509)*,X509_STORE*,BIO*,BIO*,int)) GET_CRYPTOLIB_SYMBOL("PKCS7_verify"); - K_PKCS7_get0_signers = (STACK_OF(X509) *(*)(PKCS7 *, STACK_OF(X509) *, int)) GET_CRYPTOLIB_SYMBOL("PKCS7_get0_signers"); - K_PKCS7_encrypt = (PKCS7* (*)(STACK_OF(X509) *, BIO *, EVP_CIPHER *, int)) GET_CRYPTOLIB_SYMBOL("PKCS7_encrypt"); - K_PKCS7_decrypt = (int (*)(PKCS7 *, EVP_PKEY *, X509 *, BIO *, int)) GET_CRYPTOLIB_SYMBOL("PKCS7_decrypt"); - K_PEM_X509_INFO_read = (STACK_OF(X509_INFO) *(*)(FILE*, STACK_OF(X509_INFO)*, pem_password_cb*, void *)) GET_CRYPTOLIB_SYMBOL("PEM_X509_INFO_read"); - K_ASN1_d2i_fp = (char *(*)(char *(*)(),char *(*)(),FILE*,unsigned char**)) GET_CRYPTOLIB_SYMBOL("ASN1_d2i_fp"); - K_X509_new = (X509 *(*)()) GET_CRYPTOLIB_SYMBOL("X509_new"); - K_X509_PURPOSE_get_count = (int (*)()) GET_CRYPTOLIB_SYMBOL("X509_PURPOSE_get_count"); - K_X509_PURPOSE_get_id = (int (*)(X509_PURPOSE *)) GET_CRYPTOLIB_SYMBOL("X509_PURPOSE_get_id"); - K_X509_check_purpose = (int (*)(X509*,int,int)) GET_CRYPTOLIB_SYMBOL("X509_check_purpose"); - K_X509_PURPOSE_get0 = (X509_PURPOSE *(*)(int)) GET_CRYPTOLIB_SYMBOL("X509_PURPOSE_get0"); - K_EVP_PKEY_assign = (int (*)(EVP_PKEY*, int, char*)) GET_CRYPTOLIB_SYMBOL("EVP_PKEY_assign"); - K_X509_REQ_set_pubkey = (int (*)(X509_REQ*, EVP_PKEY*)) GET_CRYPTOLIB_SYMBOL("X509_REQ_set_pubkey"); - K_RSA_get0_key = (void (*)(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)) GET_CRYPTOLIB_SYMBOL("RSA_get0_key"); - K_RSA_generate_key = (RSA* (*)(int, unsigned long, void (*)(int,int,void *), void *)) GET_CRYPTOLIB_SYMBOL("RSA_generate_key"); - K_DSA_get0_pqg = (void (*)(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)) GET_CRYPTOLIB_SYMBOL("DSA_get0_pqg"); - K_DSA_get0_key = (void (*)(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key)) GET_CRYPTOLIB_SYMBOL("DSA_get0_key"); - K_i2d_X509_REQ_fp = (int (*)(FILE *, X509_REQ *)) GET_CRYPTOLIB_SYMBOL("i2d_X509_REQ_fp"); - K_ERR_clear_error = (void (*)()) GET_CRYPTOLIB_SYMBOL("ERR_clear_error"); - K_ERR_get_error = (unsigned long (*)()) GET_CRYPTOLIB_SYMBOL("ERR_get_error"); - K_ERR_print_errors_fp = (void (*)(FILE*)) GET_CRYPTOLIB_SYMBOL("ERR_print_errors_fp"); - K_X509_get1_email = (STACK *(*)(X509 *x)) GET_CRYPTOLIB_SYMBOL("X509_get1_email"); - K_X509_email_free = (void (*)(STACK *sk)) GET_CRYPTOLIB_SYMBOL("X509_email_free"); - K_EVP_des_ede3_cbc = (EVP_CIPHER *(*)()) GET_CRYPTOLIB_SYMBOL("EVP_des_ede3_cbc"); - K_EVP_des_cbc = (EVP_CIPHER *(*)()) GET_CRYPTOLIB_SYMBOL("EVP_des_cbc"); - K_EVP_rc2_cbc = (EVP_CIPHER *(*)()) GET_CRYPTOLIB_SYMBOL("EVP_rc2_cbc"); - K_EVP_rc2_64_cbc = (EVP_CIPHER *(*)()) GET_CRYPTOLIB_SYMBOL("EVP_rc2_64_cbc"); - K_EVP_rc2_40_cbc = (EVP_CIPHER *(*)()) GET_CRYPTOLIB_SYMBOL("EVP_rc2_40_cbc"); - K_i2d_PrivateKey_fp = (int (*)(FILE*,EVP_PKEY*)) GET_CRYPTOLIB_SYMBOL("i2d_PrivateKey_fp"); - K_i2d_PKCS8PrivateKey_fp = (int (*)(FILE*, EVP_PKEY*, const EVP_CIPHER*, char*, int, pem_password_cb*, void*)) GET_CRYPTOLIB_SYMBOL("i2d_PKCS8PrivateKey_fp"); - K_RSA_free = (void (*)(RSA*)) GET_CRYPTOLIB_SYMBOL("RSA_free"); - K_EVP_bf_cbc = (EVP_CIPHER *(*)()) GET_CRYPTOLIB_SYMBOL("EVP_bf_cbc"); - K_X509_REQ_sign = (int (*)(X509_REQ*, EVP_PKEY*, const EVP_MD*)) GET_CRYPTOLIB_SYMBOL("X509_REQ_sign"); - K_X509_NAME_add_entry_by_txt = (int (*)(X509_NAME*, char*, int, unsigned char*, int, int, int)) GET_CRYPTOLIB_SYMBOL("X509_NAME_add_entry_by_txt"); - K_X509_NAME_new = (X509_NAME *(*)()) GET_CRYPTOLIB_SYMBOL("X509_NAME_new"); - K_X509_REQ_set_subject_name = (int (*)(X509_REQ*,X509_NAME*)) GET_CRYPTOLIB_SYMBOL("X509_REQ_set_subject_name"); - K_ASN1_STRING_data = (unsigned char *(*)(ASN1_STRING*)) GET_CRYPTOLIB_SYMBOL("ASN1_STRING_data"); - K_ASN1_STRING_length = (int (*)(ASN1_STRING*)) GET_CRYPTOLIB_SYMBOL("ASN1_STRING_length"); - K_X509_CRL_get0_lastUpdate = (const ASN1_TIME* (*)(const X509_CRL *crl)) GET_CRYPTOLIB_SYMBOL("X509_CRL_get0_lastUpdate"); - K_X509_CRL_get0_nextUpdate = (const ASN1_TIME* (*)(const X509_CRL *crl)) GET_CRYPTOLIB_SYMBOL("X509_CRL_get0_nextUpdate"); - K_X509_STORE_CTX_get_current_cert = (X509* (*)(X509_STORE_CTX *ctx)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_get_current_cert"); - K_X509_STORE_CTX_get_error = (int (*)(X509_STORE_CTX *ctx)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_get_error"); - K_X509_STORE_CTX_get_error_depth = (int (*)(X509_STORE_CTX *ctx)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_get_error_depth"); - K_X509_STORE_CTX_set_error = (void (*)(X509_STORE_CTX *ctx, int s)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_set_error"); - K_X509_STORE_set_verify_cb = (void (*)(X509_STORE *ctx, - X509_STORE_CTX_verify_cb verify_cb)) GET_CRYPTOLIB_SYMBOL("X509_STORE_set_verify_cb"); - K_X509_STORE_get0_objects = (STACK_OF(X509_OBJECT)* (*)(X509_STORE *v)) GET_CRYPTOLIB_SYMBOL("X509_STORE_get0_objects"); - K_X509_OBJECT_get_type = (X509_LOOKUP_TYPE (*)(const X509_OBJECT *a)) GET_CRYPTOLIB_SYMBOL("X509_OBJECT_get_type"); - K_X509_OBJECT_get0_X509 = (X509* (*)(const X509_OBJECT *a)) GET_CRYPTOLIB_SYMBOL("X509_OBJECT_get0_X509"); - K_X509_getm_notAfter = (ASN1_TIME* (*)(const X509 *x)) GET_CRYPTOLIB_SYMBOL("X509_getm_notAfter"); - K_X509_getm_notBefore = (ASN1_TIME* (*)(const X509 *x)) GET_CRYPTOLIB_SYMBOL("X509_getm_notBefore"); -#endif - } - -#ifdef __OpenBSD__ - { - TQString libname = findMostRecentLib("/usr/lib", "ssl"); - if (!libname.isNull()) - _sslLib = ll->globalLibrary(libname.latin1()); - } -#else - for (TQStringList::Iterator it = libpaths.begin(); - it != libpaths.end(); - ++it) { - for (TQStringList::Iterator shit = libnamess.begin(); - shit != libnamess.end(); - ++shit) { - TQString alib = *it; - if (!alib.isEmpty() && !alib.endsWith("/")) - alib += "/"; - alib += *shit; - TQString tmpStr(alib.latin1()); - tmpStr.replace(TQRegExp("\\(.*\\)"), ""); - if (!access(tmpStr.latin1(), R_OK)) - _sslLib = ll->globalLibrary(alib.latin1()); - if (_sslLib) break; - } - if (_sslLib) break; - } -#endif - - if (_sslLib) { -#ifdef KSSL_HAVE_SSL - // stand back from your monitor and look at this. it's fun! :) - K_SSL_connect = (int (*)(SSL *)) GET_SSLLIB_SYMBOL("SSL_connect"); - K_SSL_accept = (int (*)(SSL *)) GET_SSLLIB_SYMBOL("SSL_accept"); - K_SSL_read = (int (*)(SSL *, void *, int)) GET_SSLLIB_SYMBOL("SSL_read"); - K_SSL_write = (int (*)(SSL *, const void *, int)) - GET_SSLLIB_SYMBOL("SSL_write"); - K_SSL_new = (SSL* (*)(SSL_CTX *)) GET_SSLLIB_SYMBOL("SSL_new"); - K_SSL_free = (void (*)(SSL *)) GET_SSLLIB_SYMBOL("SSL_free"); - K_SSL_shutdown = (int (*)(SSL *)) GET_SSLLIB_SYMBOL("SSL_shutdown"); - K_SSL_CTX_new = (SSL_CTX* (*)(SSL_METHOD*)) GET_SSLLIB_SYMBOL("SSL_CTX_new"); - K_SSL_CTX_free = (void (*)(SSL_CTX*)) GET_SSLLIB_SYMBOL("SSL_CTX_free"); - K_SSL_set_fd = (int (*)(SSL *, int)) GET_SSLLIB_SYMBOL("SSL_set_fd"); - K_SSL_pending = (int (*)(SSL *)) GET_SSLLIB_SYMBOL("SSL_pending"); - K_SSL_CTX_set_cipher_list = (int (*)(SSL_CTX *, const char *)) - GET_SSLLIB_SYMBOL("SSL_CTX_set_cipher_list"); - K_SSL_CTX_set_verify = (void (*)(SSL_CTX*, int, int (*)(int, X509_STORE_CTX*))) GET_SSLLIB_SYMBOL("SSL_CTX_set_verify"); - K_SSL_use_certificate = (int (*)(SSL*, X509*)) - GET_SSLLIB_SYMBOL("SSL_CTX_use_certificate"); - K_SSL_get_current_cipher = (SSL_CIPHER *(*)(SSL *)) - GET_SSLLIB_SYMBOL("SSL_get_current_cipher"); - K_SSL_set_options = (long (*)(SSL *ssl, long options)) GET_SSLLIB_SYMBOL("SSL_set_options"); - K_SSL_session_reused = (int (*)(SSL *ssl)) GET_SSLLIB_SYMBOL("SSL_session_reused"); - K_SSL_ctrl = (long (*)(SSL * ,int, long, void *)) - GET_SSLLIB_SYMBOL("SSL_ctrl"); - K_TLSv1_client_method = (SSL_METHOD *(*)()) GET_SSLLIB_SYMBOL("TLSv1_client_method"); - K_SSLv2_client_method = (SSL_METHOD *(*)()) GET_SSLLIB_SYMBOL("SSLv2_client_method"); - K_SSLv3_client_method = (SSL_METHOD *(*)()) GET_SSLLIB_SYMBOL("SSLv3_client_method"); - K_TLS_client_method = (SSL_METHOD *(*)()) GET_SSLLIB_SYMBOL("TLS_client_method"); - if (!K_TLS_client_method) K_TLS_client_method = (SSL_METHOD *(*)()) GET_SSLLIB_SYMBOL("SSLv23_client_method"); - K_SSL_get_peer_certificate = (X509 *(*)(SSL *)) GET_SSLLIB_SYMBOL("SSL_get_peer_certificate"); - K_SSL_CIPHER_get_bits = (int (*)(SSL_CIPHER *,int *)) GET_SSLLIB_SYMBOL("SSL_CIPHER_get_bits"); - K_SSL_CIPHER_get_version = (char * (*)(SSL_CIPHER *)) GET_SSLLIB_SYMBOL("SSL_CIPHER_get_version"); - K_SSL_CIPHER_get_name = (const char * (*)(SSL_CIPHER *)) GET_SSLLIB_SYMBOL("SSL_CIPHER_get_name"); - K_SSL_CIPHER_description = (char * (*)(SSL_CIPHER *, char *, int)) GET_SSLLIB_SYMBOL("SSL_CIPHER_description"); - K_SSL_CTX_use_PrivateKey = (int (*)(SSL_CTX*, EVP_PKEY*)) GET_SSLLIB_SYMBOL("SSL_CTX_use_PrivateKey"); - K_SSL_CTX_use_certificate = (int (*)(SSL_CTX*, X509*)) GET_SSLLIB_SYMBOL("SSL_CTX_use_certificate"); - K_SSL_get_error = (int (*)(SSL*, int)) GET_SSLLIB_SYMBOL("SSL_get_error"); - K_SSL_get_peer_cert_chain = (STACK_OF(X509)* (*)(SSL*)) GET_SSLLIB_SYMBOL("SSL_get_peer_cert_chain"); - K_SSL_load_client_CA_file = (STACK_OF(X509_NAME)* (*)(const char *)) GET_SSLLIB_SYMBOL("SSL_load_client_CA_file"); - K_SSL_peek = (int (*)(SSL*,void*,int)) GET_SSLLIB_SYMBOL("SSL_peek"); - K_SSL_get1_session = (SSL_SESSION* (*)(SSL*)) GET_SSLLIB_SYMBOL("SSL_get1_session"); - K_SSL_SESSION_free = (void (*)(SSL_SESSION*)) GET_SSLLIB_SYMBOL("SSL_SESSION_free"); - K_SSL_set_session = (int (*)(SSL*,SSL_SESSION*)) GET_SSLLIB_SYMBOL("SSL_set_session"); - K_d2i_SSL_SESSION = (SSL_SESSION* (*)(SSL_SESSION**,unsigned char**, long)) GET_SSLLIB_SYMBOL("d2i_SSL_SESSION"); - K_i2d_SSL_SESSION = (int (*)(SSL_SESSION*,unsigned char**)) GET_SSLLIB_SYMBOL("i2d_SSL_SESSION"); - K_SSL_get_ciphers = (STACK_OF(SSL_CIPHER) *(*)(const SSL*)) GET_SSLLIB_SYMBOL("SSL_get_ciphers"); -#endif - - - // Initialize the library (once only!) - void *x; - x = GET_SSLLIB_SYMBOL("OPENSSL_init_ssl"); - if (x) { - // OpenSSL >= 1.1 - if (_cryptoLib) { - ((int (*)(unsigned long long, void*))x)(0, NULL); - x = GET_CRYPTOLIB_SYMBOL("OPENSSL_init_crypto"); - if (x) ((int (*)(unsigned long long, void*))x)(OPENSSL_INIT_ADD_ALL_CIPHERS - | OPENSSL_INIT_ADD_ALL_DIGESTS - | OPENSSL_INIT_LOAD_CONFIG, - NULL); - } - } - else { - // OpenSSL < 1.1 - x = GET_SSLLIB_SYMBOL("SSL_library_init"); - if (_cryptoLib) { - if (x) ((int (*)())x)(); - x = GET_CRYPTOLIB_SYMBOL("OpenSSL_add_all_algorithms"); - if (!x) - x = GET_CRYPTOLIB_SYMBOL("OPENSSL_add_all_algorithms"); - if (x) { - ((void (*)())x)(); - } else { - x = GET_CRYPTOLIB_SYMBOL("OpenSSL_add_all_algorithms_conf"); - if (!x) - x = GET_CRYPTOLIB_SYMBOL("OPENSSL_add_all_algorithms_conf"); - if (x) { - ((void (*)())x)(); - } else { - x = GET_CRYPTOLIB_SYMBOL("OpenSSL_add_all_algorithms_noconf"); - if (!x) - x = GET_CRYPTOLIB_SYMBOL("OPENSSL_add_all_algorithms_noconf"); - if (x) - ((void (*)())x)(); - } - } - x = GET_CRYPTOLIB_SYMBOL("OpenSSL_add_all_ciphers"); - if (!x) - x = GET_CRYPTOLIB_SYMBOL("OPENSSL_add_all_ciphers"); - if (x) ((void (*)())x)(); - x = GET_CRYPTOLIB_SYMBOL("OpenSSL_add_all_digests"); - if (!x) - x = GET_CRYPTOLIB_SYMBOL("OPENSSL_add_all_digests"); - if (x) ((void (*)())x)(); - } - } - } - -} - - -KOpenSSLProxy* KOpenSSLProxy::_me = 0L; -static KStaticDeleter medProxy; - - - -KOpenSSLProxy::~KOpenSSLProxy() { - if (_sslLib) { - _sslLib->unload(); - } - if (_cryptoLib) { - _cryptoLib->unload(); - } - medProxy.setObject(0); -} - - -// FIXME: we should check "ok" and allow this to init the lib if !ok. - -KOpenSSLProxy *KOpenSSLProxy::self() { -#ifdef KSSL_HAVE_SSL - if (!_me) { - _me = medProxy.setObject(_me, new KOpenSSLProxy); - } -#endif - return _me; -} - - - - - - - -#ifdef KSSL_HAVE_SSL - - - -int KOpenSSLProxy::SSL_connect(SSL *ssl) { - if (K_SSL_connect) return (K_SSL_connect)(ssl); - kdWarning() << "SSL_connect not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::SSL_accept(SSL *ssl) { - if (K_SSL_accept) return (K_SSL_accept)(ssl); - kdWarning() << "SSL_accept not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::SSL_read(SSL *ssl, void *buf, int num) { - if (K_SSL_read) return (K_SSL_read)(ssl, buf, num); - kdWarning() << "SSL_read not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::SSL_write(SSL *ssl, const void *buf, int num) { - if (K_SSL_write) return (K_SSL_write)(ssl, buf, num); - kdWarning() << "SSL_write not defined!" << endl; - return -1; -} - - -SSL *KOpenSSLProxy::SSL_new(SSL_CTX *ctx) { - if (K_SSL_new) return (K_SSL_new)(ctx); - kdWarning() << "SSL_new not defined!" << endl; - return 0L; -} - - -void KOpenSSLProxy::SSL_free(SSL *ssl) { - if (K_SSL_free) (K_SSL_free)(ssl); - else kdWarning() << "SSL_free not defined!" << endl; -} - - -int KOpenSSLProxy::SSL_shutdown(SSL *ssl) { - if (K_SSL_shutdown) return (K_SSL_shutdown)(ssl); - kdWarning() << "SSL_shutdown not defined!" << endl; - return -1; -} - - -SSL_CTX *KOpenSSLProxy::SSL_CTX_new(SSL_METHOD *method) { - if (K_SSL_CTX_new) return (K_SSL_CTX_new)(method); - kdWarning() << "SSL_CTX_new not defined!" << endl; - return 0L; -} - - -void KOpenSSLProxy::SSL_CTX_free(SSL_CTX *ctx) { - if (K_SSL_CTX_free) (K_SSL_CTX_free)(ctx); - else kdWarning() << "SSL_CTX_free not defined!" << endl; -} - - -int KOpenSSLProxy::SSL_set_fd(SSL *ssl, int fd) { - if (K_SSL_set_fd) return (K_SSL_set_fd)(ssl, fd); - kdWarning() << "SSL_sed_fd not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::SSL_pending(SSL *ssl) { - if (K_SSL_pending) return (K_SSL_pending)(ssl); - kdWarning() << "SSL_pending not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) { - if (K_SSL_CTX_set_cipher_list) return (K_SSL_CTX_set_cipher_list)(ctx, str); - kdWarning() << "SSL_CTX_set_cipher_list not defined!" << endl; - return -1; -} - - -void KOpenSSLProxy::SSL_CTX_set_verify(SSL_CTX *ctx, int mode, - int (*verify_callback)(int, X509_STORE_CTX *)) { - if (K_SSL_CTX_set_verify) (K_SSL_CTX_set_verify)(ctx, mode, verify_callback); - else kdWarning() << "SSL_CTX_set_verify not defined!" << endl; -} - - -int KOpenSSLProxy::SSL_use_certificate(SSL *ssl, X509 *x) { - if (K_SSL_use_certificate) return (K_SSL_use_certificate)(ssl, x); - kdWarning() << "SSL_use_certificate not defined!" << endl; - return -1; -} - - -SSL_CIPHER *KOpenSSLProxy::SSL_get_current_cipher(SSL *ssl) { - if (K_SSL_get_current_cipher) return (K_SSL_get_current_cipher)(ssl); - kdWarning() << "SSL_get_current_cipher not defined!" << endl; - return 0L; -} - - -long KOpenSSLProxy::_SSL_set_options(SSL *ssl, long options) { - if (K_SSL_set_options) return (K_SSL_set_options)(ssl, options); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - return this->SSL_set_options(ssl, options); -#endif - kdWarning() << "SSL_set_options not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::_SSL_session_reused(SSL *ssl) { - if (K_SSL_session_reused) return (K_SSL_session_reused)(ssl); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - return this->SSL_session_reused(ssl); -#endif - kdWarning() << "SSL_session_reused not defined!" << endl; - return -1; -} - - -long KOpenSSLProxy::SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg) { - if (K_SSL_ctrl) return (K_SSL_ctrl)(ssl, cmd, larg, parg); - kdWarning() << "SSL_ctrl not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::RAND_egd(const char *path) { - if (K_RAND_egd) return (K_RAND_egd)(path); - kdWarning() << "RAND_egd not defined!" << endl; - return -1; -} - - -SSL_METHOD *KOpenSSLProxy::TLSv1_client_method() { - if (K_TLSv1_client_method) return (K_TLSv1_client_method)(); - kdWarning() << "TLSv1_client_method not defined!" << endl; - return 0L; -} - - -SSL_METHOD *KOpenSSLProxy::SSLv2_client_method() { - if (K_SSLv2_client_method) return (K_SSLv2_client_method)(); - kdWarning() << "SSLv2_client_method not defined!" << endl; - return 0L; -} - - -SSL_METHOD *KOpenSSLProxy::SSLv3_client_method() { - if (K_SSLv3_client_method) return (K_SSLv3_client_method)(); - kdWarning() << "SSLv3_client_method not defined!" << endl; - return 0L; -} - - -SSL_METHOD *KOpenSSLProxy::TLS_client_method() { - if (K_TLS_client_method) return (K_TLS_client_method)(); - kdWarning() << "TLS_client_method not defined!" << endl; - return 0L; -} - - -X509 *KOpenSSLProxy::SSL_get_peer_certificate(SSL *s) { - if (K_SSL_get_peer_certificate) return (K_SSL_get_peer_certificate)(s); - kdWarning() << "SSL_get_peer_certificate not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits) { - if (K_SSL_CIPHER_get_bits) return (K_SSL_CIPHER_get_bits)(c, alg_bits); - kdWarning() << "SSL_CIPHER_get_bits not defined!" << endl; - return -1; -} - - -char * KOpenSSLProxy::SSL_CIPHER_get_version(SSL_CIPHER *c) { - if (K_SSL_CIPHER_get_version) return (K_SSL_CIPHER_get_version)(c); - kdWarning() << "SSL_CIPHER_get_version not defined!" << endl; - return 0L; -} - - -const char * KOpenSSLProxy::SSL_CIPHER_get_name(SSL_CIPHER *c) { - if (K_SSL_CIPHER_get_name) return (K_SSL_CIPHER_get_name)(c); - kdWarning() << "SSL_CIPHER_get_name not defined!" << endl; - return 0L; -} - - -char * KOpenSSLProxy::SSL_CIPHER_description(SSL_CIPHER *c,char *buf,int size) { - if (K_SSL_CIPHER_description) return (K_SSL_CIPHER_description)(c,buf,size); - kdWarning() << "SSL_CIPHER_description not defined!" << endl; - return 0L; -} - - -X509 * KOpenSSLProxy::d2i_X509(X509 **a,unsigned char **pp,long length) { - if (K_d2i_X509) return (K_d2i_X509)(a,pp,length); - kdWarning() << "d2i_X509 not defined!" << endl; - return 0L; -} - - -X509_CRL * KOpenSSLProxy::d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length) { - if (K_d2i_X509_CRL) return (K_d2i_X509_CRL)(a,pp,length); - kdWarning() << "d2i_X509_CRL not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::i2d_X509(X509 *a,unsigned char **pp) { - if (K_i2d_X509) return (K_i2d_X509)(a,pp); - kdWarning() << "i2d_X509 not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::X509_cmp(X509 *a, X509 *b) { - if (K_X509_cmp) return (K_X509_cmp)(a,b); - kdWarning() << "X509_cmp not defined!" << endl; - return 0; -} - - -int KOpenSSLProxy::X509_subject_name_cmp(const X509 *a, const X509 *b) { - if (K_X509_subject_name_cmp) return (K_X509_subject_name_cmp)(a, b); - kdWarning() << "X509_subject_name_cmp not defined!" << endl; - return 0; -} - - -X509_STORE *KOpenSSLProxy::X509_STORE_new(void) { - if (K_X509_STORE_new) return (K_X509_STORE_new)(); - kdWarning() << "X509_STORE_new not defined!" << endl; - return 0L; -} - - -void KOpenSSLProxy::X509_STORE_free(X509_STORE *v) { - if (K_X509_STORE_free) (K_X509_STORE_free)(v); - else kdWarning() << "X509_STORE_free not defined!" << endl; -} - - -X509_STORE_CTX *KOpenSSLProxy::X509_STORE_CTX_new(void) { - if (K_X509_STORE_CTX_new) return (K_X509_STORE_CTX_new)(); - kdWarning() << "X509_STORE_CTX_new not defined!" << endl; - return 0L; -} - - -void KOpenSSLProxy::X509_STORE_CTX_free(X509_STORE_CTX *ctx) { - if (K_X509_STORE_CTX_free) (K_X509_STORE_CTX_free)(ctx); - else kdWarning() << "X509_STORE_CTX_free not defined!" << endl; -} - - -int KOpenSSLProxy::X509_verify_cert(X509_STORE_CTX *ctx) { - if (K_X509_verify_cert) return (K_X509_verify_cert)(ctx); - kdWarning() << "X509_verify_cert not defined!" << endl; - return -1; -} - - -void KOpenSSLProxy::X509_free(X509 *a) { - if (K_X509_free) (K_X509_free)(a); - else kdWarning() << "X509_free not defined!" << endl; -} - - -void KOpenSSLProxy::X509_CRL_free(X509_CRL *a) { - if (K_X509_CRL_free) (K_X509_CRL_free)(a); - else kdWarning() << "X509_CRL_free not defined!" << endl; -} - - -char *KOpenSSLProxy::X509_NAME_oneline(X509_NAME *a,char *buf,int size) { - if (K_X509_NAME_oneline) return (K_X509_NAME_oneline)(a,buf,size); - kdWarning() << "X509_NAME_online not defined!" << endl; - return 0L; -} - - -X509_NAME *KOpenSSLProxy::X509_get_subject_name(X509 *a) { - if (K_X509_get_subject_name) return (K_X509_get_subject_name)(a); - kdWarning() << "X509_get_subject not defined!" << endl; - return 0L; -} - - -X509_NAME *KOpenSSLProxy::X509_get_issuer_name(X509 *a) { - if (K_X509_get_issuer_name) return (K_X509_get_issuer_name)(a); - kdWarning() << "X509_get_issuer not defined!" << endl; - return 0L; -} - - -X509_LOOKUP *KOpenSSLProxy::X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) { - if (K_X509_STORE_add_lookup) return (K_X509_STORE_add_lookup)(v,m); - kdWarning() << "X509_STORE_add_lookup not defined!" << endl; - return 0L; -} - - -X509_LOOKUP_METHOD *KOpenSSLProxy::X509_LOOKUP_file(void) { - if (K_X509_LOOKUP_file) return (K_X509_LOOKUP_file)(); - kdWarning() << "X509_LOOKUP_file not defined!" << endl; - return 0L; -} - - -void KOpenSSLProxy::X509_LOOKUP_free(X509_LOOKUP *x) { - if (K_X509_LOOKUP_free) (K_X509_LOOKUP_free)(x); - else kdWarning() << "X509_LOOKUP_free not defined!" << endl; -} - - -int KOpenSSLProxy::X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret) { - if (K_X509_LOOKUP_ctrl) return (K_X509_LOOKUP_ctrl)(ctx,cmd,argc,argl,ret); - kdWarning() << "X509_LOOKUP_ctrl not defined!" << endl; - return -1; -} - - -void KOpenSSLProxy::X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain) { - if (K_X509_STORE_CTX_init) (K_X509_STORE_CTX_init)(ctx,store,x509,chain); - else kdWarning() << "X509_STORE_CTX_init not defined!" << endl; -} - - -void KOpenSSLProxy::CRYPTO_free(void *x) { - if (K_CRYPTO_free) (K_CRYPTO_free)(x); - else kdWarning() << "CRYPTO_free not defined!" << endl; -} - - -X509 *KOpenSSLProxy::X509_dup(X509 *x509) { - if (K_X509_dup) return (K_X509_dup)(x509); - kdWarning() << "X509_dup not defined!" << endl; - return 0L; -} - - -void KOpenSSLProxy::X509_get0_signature(const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg, const X509 *x) { - if (K_X509_get0_signature) { - (X509_get0_signature)(psig, palg, x); - return; - } -#if OPENSSL_VERSION_NUMBER < 0x10100000L - if (!x) return; - if (psig) *psig = x->signature; - if (palg) *palg = x->sig_alg; - return; -#endif - kdWarning() << "X509_get0_signature not defined!" << endl; -} - - -BIO *KOpenSSLProxy::BIO_new(BIO_METHOD *type) { - if (K_BIO_new) return (K_BIO_new)(type); - kdWarning() << "BIO_new not defined!" << endl; - return 0L; -} - - -BIO_METHOD *KOpenSSLProxy::BIO_s_mem(void) { - if (K_BIO_s_mem) return (K_BIO_s_mem)(); - kdWarning() << "BIO_s_mem not defined!" << endl; - return 0L; -} - - -BIO *KOpenSSLProxy::BIO_new_fp(FILE *stream, int close_flag) { - if (K_BIO_new_fp) return (K_BIO_new_fp)(stream, close_flag); - kdWarning() << "BIO_new_fp not defined!" << endl; - return 0L; -} - - -BIO *KOpenSSLProxy::BIO_new_mem_buf(void *buf, int len) { - if (K_BIO_new_mem_buf) return (K_BIO_new_mem_buf)(buf,len); - kdWarning() << "BIO_new_mem_buf not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::BIO_free(BIO *a) { - if (K_BIO_free) return (K_BIO_free)(a); - kdWarning() << "BIO_free not defined!" << endl; - return -1; -} - - -long KOpenSSLProxy::BIO_ctrl(BIO *bp,int cmd,long larg,void *parg) { - if (K_BIO_ctrl) return (K_BIO_ctrl)(bp,cmd,larg,parg); - kdWarning() << "BIO_ctrl not defined!" << endl; - return 0; // failure return for BIO_ctrl is quite individual, maybe we should abort() instead -} - - -int KOpenSSLProxy::BIO_write(BIO *b, const void *data, int len) { - if (K_BIO_write) return (K_BIO_write)(b, data, len); - kdWarning() << "BIO_write not defined!" << endl; - return -1; -} - - -void *KOpenSSLProxy::BIO_get_data(BIO *a) { - if (K_BIO_get_data) return (K_BIO_get_data)(a); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - return a->ptr; -#endif - kdWarning() << "BIO_get_data not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::PEM_write_bio_X509(BIO *bp, X509 *x) { - if (K_PEM_ASN1_write_bio) return (K_PEM_ASN1_write_bio) ((int (*)())K_i2d_X509, PEM_STRING_X509, bp, (char *)x, 0L, 0L, 0, 0L, 0L); - kdWarning() << "PEM_write_bio_X509 not defined!" << endl; - return -1; -} - -#if OPENSSL_VERSION_NUMBER >= 0x10000000L -int KOpenSSLProxy::ASN1_i2d_fp(FILE *out,unsigned char *x) { - if (K_ASN1_item_i2d_fp && K_NETSCAPE_X509_it) - return (K_ASN1_item_i2d_fp)(K_NETSCAPE_X509_it, out, x); - kdWarning() << "ANS1_i2d_fp not defined!" << endl; - return -1; -} -#else -ASN1_METHOD *KOpenSSLProxy::X509_asn1_meth(void) { - if (K_X509_asn1_meth) return (K_X509_asn1_meth)(); - kdWarning() << "X509_ans1_meth not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::ASN1_i2d_fp(FILE *out,unsigned char *x) { - if (K_ASN1_i2d_fp && K_i2d_ASN1_HEADER) - return (K_ASN1_i2d_fp)((int (*)())K_i2d_ASN1_HEADER, out, x); - kdWarning() << "ANS1_i2d_fp not defined!" << endl; - return -1; -} -#endif - -int KOpenSSLProxy::X509_print(FILE *fp, X509 *x) { - if (K_X509_print_fp) return (K_X509_print_fp)(fp, x); - kdWarning() << "X509_print not defined!" << endl; - return -1; -} - - -PKCS12 *KOpenSSLProxy::d2i_PKCS12_fp(FILE *fp, PKCS12 **p12) { - if (K_d2i_PKCS12_fp) return (K_d2i_PKCS12_fp)(fp, p12); - kdWarning() << "d2i_PKCS12_fp not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass) { - if (K_PKCS12_newpass) return (K_PKCS12_newpass)(p12, oldpass, newpass); - kdWarning() << "PKCS12_newpass not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::i2d_PKCS12(PKCS12 *p12, unsigned char **p) { - if (K_i2d_PKCS12) return (K_i2d_PKCS12)(p12, p); - kdWarning() << "i2d_PKCS12 not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::i2d_PKCS12_fp(FILE *fp, PKCS12 *p12) { - if (K_i2d_PKCS12_fp) return (K_i2d_PKCS12_fp)(fp, p12); - kdWarning() << "i2d_PKCS12_fp not defined!" << endl; - return -1; -} - - -PKCS12 *KOpenSSLProxy::PKCS12_new(void) { - if (K_PKCS12_new) return (K_PKCS12_new)(); - kdWarning() << "PKCS12_new not defined!" << endl; - return 0L; -} - - -void KOpenSSLProxy::PKCS12_free(PKCS12 *a) { - if (K_PKCS12_free) (K_PKCS12_free)(a); - else kdWarning() << "PKCS12_free not defined!" << endl; -} - - -int KOpenSSLProxy::PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, - X509 **cert, STACK_OF(X509) **ca) { - if (K_PKCS12_parse) return (K_PKCS12_parse) (p12, pass, pkey, cert, ca); - kdWarning() << "PKCS12_parse not defined!" << endl; - return -1; -} - - -void KOpenSSLProxy::EVP_PKEY_free(EVP_PKEY *x) { - if (K_EVP_PKEY_free) (K_EVP_PKEY_free)(x); - else kdWarning() << "EVP_PKEY_free not defined!" << endl; -} - - -EVP_PKEY* KOpenSSLProxy::EVP_PKEY_new() { - if (K_EVP_PKEY_new) return (K_EVP_PKEY_new)(); - kdWarning() << "EVP_PKEY_new not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::EVP_PKEY_base_id(const EVP_PKEY *pkey) { - if (K_EVP_PKEY_base_id) return (K_EVP_PKEY_base_id)(pkey); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - return pkey->type; -#endif - kdWarning() << "EVP_PKEY_base_id not defined!" << endl; - return -1; -} - - -RSA* KOpenSSLProxy::EVP_PKEY_get0_RSA(EVP_PKEY *pkey) { - if (K_EVP_PKEY_get0_RSA) return (K_EVP_PKEY_get0_RSA)(pkey); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - return pkey->pkey.rsa; -#endif - kdWarning() << "EVP_PKEY_get0_RSA not defined!" << endl; - return 0L; -} - - -DSA* KOpenSSLProxy::EVP_PKEY_get0_DSA(EVP_PKEY *pkey) { - if (K_EVP_PKEY_get0_DSA) return (K_EVP_PKEY_get0_DSA)(pkey); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - return pkey->pkey.dsa; -#endif - kdWarning() << "EVP_PKEY_get0_DSA not defined!" << endl; - return 0L; -} - - -void KOpenSSLProxy::X509_REQ_free(X509_REQ *x) { - if (K_X509_REQ_free) (K_X509_REQ_free)(x); - else kdWarning() << "X509_REQ_free not defined!" << endl; -} - - -X509_REQ* KOpenSSLProxy::X509_REQ_new() { - if (K_X509_REQ_new) return (K_X509_REQ_new)(); - kdWarning() << "X509_REQ_new not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) { - if (K_SSL_CTX_use_PrivateKey) return (K_SSL_CTX_use_PrivateKey)(ctx,pkey); - kdWarning() << "SSL_CTX_use_PrivateKey not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) { - if (K_SSL_CTX_use_certificate) return (K_SSL_CTX_use_certificate)(ctx,x); - kdWarning() << "SSL_CTX_use_certificate not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::SSL_get_error(SSL *ssl, int rc) { - if (K_SSL_get_error) return (K_SSL_get_error)(ssl,rc); - kdWarning() << "SSL_get_error not defined!" << endl; - return -1; -} - - -STACK_OF(X509) *KOpenSSLProxy::SSL_get_peer_cert_chain(SSL *s) { - if (K_SSL_get_peer_cert_chain) return (K_SSL_get_peer_cert_chain)(s); - kdWarning() << "SSL_get_peer_cert_chain not defined!" << endl; - return 0L; -} - - -void KOpenSSLProxy::OPENSSL_sk_free(STACK *s) { - if (K_sk_free) (K_sk_free)(s); - else kdWarning() << "OPENSSL_sk_free not defined!" << endl; -} - - -int KOpenSSLProxy::OPENSSL_sk_num(STACK *s) { - if (K_sk_num) return (K_sk_num)(s); - kdWarning() << "OPENSSL_sk_num not defined!" << endl; - return -1; -} - - -char *KOpenSSLProxy::OPENSSL_sk_pop(STACK *s) { - if (K_sk_pop) return (K_sk_pop)(s); - kdWarning() << "OPENSSL_sk_pop not defined!" << endl; - return 0L; -} - - -char *KOpenSSLProxy::OPENSSL_sk_value(STACK *s, int n) { - if (K_sk_value) return (K_sk_value)(s, n); - kdWarning() << "OPENSSL_sk_value not defined!" << endl; - return 0L; -} - - -void KOpenSSLProxy::X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *v, STACK_OF(X509)* x) { - if (K_X509_STORE_CTX_set0_untrusted) (K_X509_STORE_CTX_set0_untrusted)(v,x); - else kdWarning() << "X509_STORE_CTX_set0_untrusted not defined!" << endl; -} - -void KOpenSSLProxy::X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose) { - if (K_X509_STORE_CTX_set_purpose) (K_X509_STORE_CTX_set_purpose)(v,purpose); - else kdWarning() << "X509_STORE_CTX_set_purpose not defined!" << endl; -} - - -STACK* KOpenSSLProxy::OPENSSL_sk_dup(const STACK *s) { - if (K_sk_dup) return (K_sk_dup)(s); - kdWarning() << "OPENSSL_sk_dup not defined!" << endl; - return 0L; -} - - -STACK* KOpenSSLProxy::OPENSSL_sk_new(int (*cmp)()) { - if (K_sk_new) return (K_sk_new)(cmp); - kdWarning() << "OPENSSL_sk_new not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::OPENSSL_sk_push(STACK* s, char* d) { - if (K_sk_push) return (K_sk_push)(s,d); - kdWarning() << "OPENSSL_sk_push not defined!" << endl; - return -1; -} - - -char *KOpenSSLProxy::i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint) { - if (K_i2s_ASN1_INTEGER) return (K_i2s_ASN1_INTEGER)(meth, aint); - kdWarning() << "i2s_ANS1_INTEGER not defined!" << endl; - return 0L; -} - - -ASN1_INTEGER *KOpenSSLProxy::X509_get_serialNumber(X509 *x) { - if (K_X509_get_serialNumber) return (K_X509_get_serialNumber)(x); - kdWarning() << "X509_get_serialNumber not defined!" << endl; - return 0L; -} - - -EVP_PKEY *KOpenSSLProxy::X509_get_pubkey(X509 *x) { - if (K_X509_get_pubkey) return (K_X509_get_pubkey)(x); - kdWarning() << "X59_get_pubkey not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) { - if (K_i2d_PublicKey) return (K_i2d_PublicKey)(a,pp); - kdWarning() << "i2d_PublicKey not defined!" << endl; - return 0; -} - - -int KOpenSSLProxy::X509_check_private_key(X509 *x, EVP_PKEY *p) { - if (K_X509_check_private_key) return (K_X509_check_private_key)(x,p); - kdWarning() << "X509_check_private_key not defined!" << endl; - return -1; -} - - -char *KOpenSSLProxy::BN_bn2hex(const BIGNUM *a) { - if (K_BN_bn2hex) return (K_BN_bn2hex)(a); - kdWarning() << "BN_bn2hex not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::X509_digest(const X509 *x,const EVP_MD *t, unsigned char *md, unsigned int *len) { - if (K_X509_digest) return (K_X509_digest)(x, t, md, len); - kdWarning() << "X509_digest not defined!" << endl; - return -1; -} - - -EVP_MD *KOpenSSLProxy::EVP_md5() { - if (K_EVP_md5) return (K_EVP_md5)(); - kdWarning() << "EVP_md5 not defined!" << endl; - return 0L; -} - - -void KOpenSSLProxy::ASN1_INTEGER_free(ASN1_INTEGER *a) { - if (K_ASN1_INTEGER_free) (K_ASN1_INTEGER_free)(a); - else kdWarning() << "ANS1_INTEGER_free not defined!" << endl; -} - - -int KOpenSSLProxy::OBJ_obj2nid(ASN1_OBJECT *o) { - if (K_OBJ_obj2nid) return (K_OBJ_obj2nid)(o); - kdWarning() << "OBJ_obj2nid not defined!" << endl; - return -1; -} - - -const char * KOpenSSLProxy::OBJ_nid2ln(int n) { - if (K_OBJ_nid2ln) return (K_OBJ_nid2ln)(n); - kdWarning() << "OBJ_nid2ln not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::X509_get_ext_count(X509 *x) { - if (K_X509_get_ext_count) return (K_X509_get_ext_count)(x); - kdWarning() << "X509_get_ext_count not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::X509_get_ext_by_NID(X509 *x, int nid, int lastpos) { - if (K_X509_get_ext_by_NID) return (K_X509_get_ext_by_NID)(x,nid,lastpos); - kdWarning() << "X509_get_ext_by_NID not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos) { - if (K_X509_get_ext_by_OBJ) return (K_X509_get_ext_by_OBJ)(x,obj,lastpos); - kdWarning() << "X509_get_ext_by_OBJ not defined!" << endl; - return -1; -} - - -X509_EXTENSION *KOpenSSLProxy::X509_get_ext(X509 *x, int loc) { - if (K_X509_get_ext) return (K_X509_get_ext)(x,loc); - kdWarning() << "X509_get_ext not defined!" << endl; - return 0L; -} - - -X509_EXTENSION *KOpenSSLProxy::X509_delete_ext(X509 *x, int loc) { - if (K_X509_delete_ext) return (K_X509_delete_ext)(x,loc); - kdWarning() << "X509_delete_ext not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) { - if (K_X509_add_ext) return (K_X509_add_ext)(x,ex,loc); - kdWarning() << "X509_add_ext not defined!" << endl; - return -1; -} - - -void *KOpenSSLProxy::X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx) { - if (K_X509_get_ext_d2i) return (K_X509_get_ext_d2i)(x,nid,crit,idx); - kdWarning() << "X509_get_ext_d2i not defined!" << endl; - return 0L; -} - - -char *KOpenSSLProxy::i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5) { - if (K_i2s_ASN1_OCTET_STRING) return (K_i2s_ASN1_OCTET_STRING)(method,ia5); - kdWarning() << "i2s_ANS1_OCTET_STRING not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n) { - if (K_ASN1_BIT_STRING_get_bit) return (K_ASN1_BIT_STRING_get_bit)(a,n); - kdWarning() << "ANS1_BIT_STRING_get_bit not defined!" << endl; - return -1; -} - - -PKCS7 *KOpenSSLProxy::PKCS7_new(void) { - if (K_PKCS7_new) return (K_PKCS7_new)(); - kdWarning() << "PKCS7_new not defined!" << endl; - return 0L; -} - - -void KOpenSSLProxy::PKCS7_free(PKCS7 *a) { - if (K_PKCS7_free) (K_PKCS7_free)(a); - else kdWarning() << "PKCS7_free not defined!" << endl; -} - - -void KOpenSSLProxy::PKCS7_content_free(PKCS7 *a) { - if (K_PKCS7_content_free) (K_PKCS7_content_free)(a); - else kdWarning() << "PKCS7_content_free not defined!" << endl; -} - - -int KOpenSSLProxy::i2d_PKCS7(PKCS7 *a, unsigned char **pp) { - if (K_i2d_PKCS7) return (K_i2d_PKCS7)(a,pp); - kdWarning() << "i2d_PKCS7 not defined!" << endl; - return -1; -} - - -PKCS7 *KOpenSSLProxy::d2i_PKCS7(PKCS7 **a, unsigned char **pp,long length) { - if (K_d2i_PKCS7) return (K_d2i_PKCS7)(a,pp,length); - kdWarning() << "d2i_PKCS7 not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::i2d_PKCS7_fp(FILE *fp,PKCS7 *p7) { - if (K_i2d_PKCS7_fp) return (K_i2d_PKCS7_fp)(fp,p7); - kdWarning() << "i2d_PKCS7_fd not defined!" << endl; - return -1; -} - - -PKCS7 *KOpenSSLProxy::d2i_PKCS7_fp(FILE *fp,PKCS7 **p7) { - if (K_d2i_PKCS7_fp) return (K_d2i_PKCS7_fp)(fp,p7); - kdWarning() << "d2i_PKCS7_fp not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::i2d_PKCS7_bio(BIO *bp,PKCS7 *p7) { - if (K_i2d_PKCS7_bio) return (K_i2d_PKCS7_bio)(bp, p7); - kdWarning() << "i2d_PKCS7_bio not defined!" << endl; - return -1; -} - - -PKCS7 *KOpenSSLProxy::d2i_PKCS7_bio(BIO *bp,PKCS7 **p7) { - if (K_d2i_PKCS7_bio) return (K_d2i_PKCS7_bio)(bp, p7); - kdWarning() << "d2i_PKCS7_bio not defined!" << endl; - return 0L; -} - - -PKCS7 *KOpenSSLProxy::PKCS7_dup(PKCS7 *p7) { - if (K_PKCS7_dup) return (K_PKCS7_dup)(p7); - kdWarning() << "PKCS7_dup not defined!" << endl; - return 0L; -} - - -PKCS7 *KOpenSSLProxy::PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - BIO *data, int flags) { - if (K_PKCS7_sign) return (K_PKCS7_sign)(signcert,pkey,certs,data,flags); - kdWarning() << "PKCS7_sign not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::PKCS7_verify(PKCS7* p, STACK_OF(X509)* st, X509_STORE* s, BIO* in, BIO *out, int flags) { - if (K_PKCS7_verify) return (K_PKCS7_verify)(p,st,s,in,out,flags); - kdWarning() << "PKCS7_verify not defined!" << endl; - return 0; -} - - -STACK_OF(X509) *KOpenSSLProxy::PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) { - if (K_PKCS7_get0_signers) return (K_PKCS7_get0_signers)(p7,certs,flags); - kdWarning() << "PKCS7_get0_signers not defined!" << endl; - return 0L; -} - - -PKCS7 *KOpenSSLProxy::PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher, - int flags) { - if (K_PKCS7_encrypt) return (K_PKCS7_encrypt)(certs,in,cipher,flags); - kdWarning() << "PKCS7_encrypt not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) { - if (K_PKCS7_decrypt) return (K_PKCS7_decrypt)(p7,pkey,cert,data,flags); - kdWarning() << "PKCS7_decrypt not defined!" << endl; - return 0; -} - - -STACK_OF(X509_NAME) *KOpenSSLProxy::SSL_load_client_CA_file(const char *file) { - if (K_SSL_load_client_CA_file) return (K_SSL_load_client_CA_file)(file); - kdWarning() << "SSL_load_client_CA_file not defined!" << endl; - return 0L; -} - - -STACK_OF(X509_INFO) *KOpenSSLProxy::PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) { - if (K_PEM_X509_INFO_read) return (K_PEM_X509_INFO_read)(fp,sk,cb,u); - kdWarning() << "PEM_X509_INFO_read not defined!" << endl; - return 0L; -} - - -X509 *KOpenSSLProxy::X509_d2i_fp(FILE *out, X509** buf) { - if (K_ASN1_d2i_fp) return reinterpret_cast((K_ASN1_d2i_fp)(reinterpret_cast(K_X509_new), reinterpret_cast(K_d2i_X509), out, reinterpret_cast(buf))); - kdWarning() << "X509_d2i_fp not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::SSL_peek(SSL *ssl,void *buf,int num) { - if (K_SSL_peek) return (K_SSL_peek)(ssl,buf,num); - kdWarning() << "SSL_peek not defined!" << endl; - return -1; -} - - -const char *KOpenSSLProxy::RAND_file_name(char *buf, size_t num) { - if (K_RAND_file_name) return (K_RAND_file_name)(buf, num); - kdWarning() << "RAND_file_name not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::RAND_load_file(const char *filename, long max_bytes) { - if (K_RAND_load_file) return (K_RAND_load_file)(filename, max_bytes); - kdWarning() << "REND_load_file not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::RAND_write_file(const char *filename) { - if (K_RAND_write_file) return (K_RAND_write_file)(filename); - kdWarning() << "RAND_write_file not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::X509_PURPOSE_get_count() { - if (K_X509_PURPOSE_get_count) return (K_X509_PURPOSE_get_count)(); - kdWarning() << "X509_PURPOSE_get_count not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::X509_PURPOSE_get_id(X509_PURPOSE *p) { - if (K_X509_PURPOSE_get_id) return (K_X509_PURPOSE_get_id)(p); - kdWarning() << "X509_PURPOSE_get_id not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::X509_check_purpose(X509 *x, int id, int ca) { - if (K_X509_check_purpose) return (K_X509_check_purpose)(x, id, ca); - kdWarning() << "X509_check_purpose not defined!" << endl; - return -1; -} - - -X509_PURPOSE *KOpenSSLProxy::X509_PURPOSE_get0(int idx) { - if (K_X509_PURPOSE_get0) return (K_X509_PURPOSE_get0)(idx); - kdWarning() << "X509_PURPOSE_get0 not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key) { - if (K_EVP_PKEY_assign) return (K_EVP_PKEY_assign)(pkey, type, key); - kdWarning() << "EVP_PKEY_assign not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey) { - if (K_X509_REQ_set_pubkey) return (K_X509_REQ_set_pubkey)(x, pkey); - kdWarning() << "X509_REQ_set_pubkey not defined!" << endl; - return -1; -} - - -void KOpenSSLProxy::RSA_get0_key(const RSA *r, - const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) { - if (K_RSA_get0_key) { - (K_RSA_get0_key)(r, n, e, d); - return; - } -#if OPENSSL_VERSION_NUMBER < 0x10100000L - if (!r) return; - if (n) *n = r->n; - if (e) *e = r->e; - if (d) *d = r->d; - return; -#endif - kdWarning() << "REG_get0_key not defined!" << endl; -} - - -RSA* KOpenSSLProxy::RSA_generate_key(int bits, unsigned long e, void - (*callback)(int,int,void *), void *cb_arg) { - if (K_RSA_generate_key) return (K_RSA_generate_key)(bits, e, callback, cb_arg); - kdWarning() << "RSA_generate_key not defined!" << endl; - return 0L; -} - - -void KOpenSSLProxy::DSA_get0_pqg(const DSA *d, - const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) { - if (K_DSA_get0_pqg) { - (K_DSA_get0_pqg)(d, p, q, g); - return; - } -#if OPENSSL_VERSION_NUMBER < 0x10100000L - if (!d) return; - if (p) *p = d->p; - if (q) *q = d->q; - if (g) *g = d->g; - return; -#endif - kdWarning() << "DSA_get0_pqg not defined!" << endl; -} - - -void KOpenSSLProxy::DSA_get0_key(const DSA *d, - const BIGNUM **pub_key, const BIGNUM **priv_key) { - if (K_DSA_get0_key) { - (K_DSA_get0_key)(d, pub_key, priv_key); - return; - } -#if OPENSSL_VERSION_NUMBER < 0x10100000L - if (!d) return; - if (pub_key) *pub_key = d->pub_key; - if (priv_key) *priv_key = d->priv_key; - return; -#endif - kdWarning() << "DSA_get0_key not defined!" << endl; -} - - -STACK *KOpenSSLProxy::X509_get1_email(X509 *x) { - if (K_X509_get1_email) return (K_X509_get1_email)(x); - kdWarning() << "X509_get1_email not defined!" << endl; - return 0L; -} - -void KOpenSSLProxy::X509_email_free(STACK *sk) { - if (K_X509_email_free) (K_X509_email_free)(sk); - else kdWarning() << "X509_email_free not defined!" << endl; -} - -EVP_CIPHER *KOpenSSLProxy::EVP_des_ede3_cbc() { - if (K_EVP_des_ede3_cbc) return (K_EVP_des_ede3_cbc)(); - kdWarning() << "EVM_des_ede3_cbc not defined!" << endl; - return 0L; -} - -EVP_CIPHER *KOpenSSLProxy::EVP_des_cbc() { - if (K_EVP_des_cbc) return (K_EVP_des_cbc)(); - kdWarning() << "EVP_des_cbc not defined!" << endl; - return 0L; -} - -EVP_CIPHER *KOpenSSLProxy::EVP_rc2_cbc() { - if (K_EVP_rc2_cbc) return (K_EVP_rc2_cbc)(); - kdWarning() << "EVP_rc2_cbc not defined!" << endl; - return 0L; -} - -EVP_CIPHER *KOpenSSLProxy::EVP_rc2_64_cbc() { - if (K_EVP_rc2_64_cbc) return (K_EVP_rc2_64_cbc)(); - kdWarning() << "EVP_rc2_64_cbc not defined!" << endl; - return 0L; -} - -EVP_CIPHER *KOpenSSLProxy::EVP_rc2_40_cbc() { - if (K_EVP_rc2_40_cbc) return (K_EVP_rc2_40_cbc)(); - kdWarning() << "EVP_rc2_40_cbc not defined!" << endl; - return 0L; -} - -int KOpenSSLProxy::i2d_X509_REQ_fp(FILE *fp, X509_REQ *x) { - if (K_i2d_X509_REQ_fp) return (K_i2d_X509_REQ_fp)(fp,x); - kdWarning() << "i2d_X509_REQ_fp not defined!" << endl; - return -1; -} - - -void KOpenSSLProxy::ERR_clear_error() { - if (K_ERR_clear_error) (K_ERR_clear_error)(); - else kdWarning() << "ERR_clear_error not defined!" << endl; -} - - -unsigned long KOpenSSLProxy::ERR_get_error() { - if (K_ERR_get_error) return (K_ERR_get_error)(); - kdWarning() << "ERR_get_error not defined!" << endl; - return 0xffffffff; -} - - -void KOpenSSLProxy::ERR_print_errors_fp(FILE* fp) { - if (K_ERR_print_errors_fp) (K_ERR_print_errors_fp)(fp); - else kdWarning() << "ERR_print_errors_fp not defined!" << endl; -} - - -SSL_SESSION *KOpenSSLProxy::SSL_get1_session(SSL *ssl) { - if (K_SSL_get1_session) return (K_SSL_get1_session)(ssl); - kdWarning() << "SSL_get1_session not defined!" << endl; - return 0L; -} - - -void KOpenSSLProxy::SSL_SESSION_free(SSL_SESSION *session) { - if (K_SSL_SESSION_free) (K_SSL_SESSION_free)(session); - else kdWarning() << "SSL_SESSION_free not defined!" << endl; -} - - -int KOpenSSLProxy::SSL_set_session(SSL *ssl, SSL_SESSION *session) { - if (K_SSL_set_session) return (K_SSL_set_session)(ssl, session); - kdWarning() << "SSL_set_session not defined!" << endl; - return -1; -} - - -SSL_SESSION *KOpenSSLProxy::d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, long length) { - if (K_d2i_SSL_SESSION) return (K_d2i_SSL_SESSION)(a, pp, length); - kdWarning() << "d2i_SSL_SESSION not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) { - if (K_i2d_SSL_SESSION) return (K_i2d_SSL_SESSION)(in, pp); - kdWarning() << "i2d_SSL_SESSION not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *p) { - if (K_i2d_PrivateKey_fp) return (K_i2d_PrivateKey_fp)(fp, p); - kdWarning() << "i2d_PrivateKey not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *p, const EVP_CIPHER *c, char *k, int klen, pem_password_cb *cb, void *u) { - if (K_i2d_PKCS8PrivateKey_fp) return (K_i2d_PKCS8PrivateKey_fp)(fp, p, c, k, klen, cb, u); - kdWarning() << "i2d_PKCS8PrivateKey_fp not defined!" << endl; - return -1; -} - - -void KOpenSSLProxy::RSA_free(RSA *rsa) { - if (K_RSA_free) (K_RSA_free)(rsa); - else kdWarning() << "RSA_free not defined!" << endl; -} - - -EVP_CIPHER *KOpenSSLProxy::EVP_bf_cbc() { - if (K_EVP_bf_cbc) return (K_EVP_bf_cbc)(); - kdWarning() << "EVP_bf_cbc not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) { - if (K_X509_REQ_sign) return (K_X509_REQ_sign)(x, pkey, md); - kdWarning() << "X509_REQ_sign not defined!" << endl; - return -1; -} - - -int KOpenSSLProxy::X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, - int type, unsigned char *bytes, int len, int loc, int set) { - if (K_X509_NAME_add_entry_by_txt) return (K_X509_NAME_add_entry_by_txt)(name, field, type, bytes, len, loc, set); - kdWarning() << "X509_NAME_add_entry not defined!" << endl; - return -1; -} - - -X509_NAME *KOpenSSLProxy::X509_NAME_new() { - if (K_X509_NAME_new) return (K_X509_NAME_new)(); - kdWarning() << "X509_NAME_new not defined!" << endl; - return 0L; -} - - -int KOpenSSLProxy::X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name) { - if (K_X509_REQ_set_subject_name) return (K_X509_REQ_set_subject_name)(req, name); - kdWarning() << "X509_REQ_set_subject_name not defined!" << endl; - return -1; -} - - -unsigned char *KOpenSSLProxy::ASN1_STRING_data(ASN1_STRING *x) { - if (K_ASN1_STRING_data) return (K_ASN1_STRING_data)(x); - kdWarning() << "ASN1_STRING_data not defined!" << endl; - return 0L; -} - -int KOpenSSLProxy::ASN1_STRING_length(ASN1_STRING *x) { - if (K_ASN1_STRING_length) return (K_ASN1_STRING_length)(x); - kdWarning() << "ASN1_STRING_length not defined!" << endl; - return 0L; -} - -STACK_OF(SSL_CIPHER) *KOpenSSLProxy::SSL_get_ciphers(const SSL* ssl) { - if (K_SSL_get_ciphers) return (K_SSL_get_ciphers)(ssl); - kdWarning() << "SSL_get_ciphers not defined!" << endl; - return 0L; -} - -const ASN1_TIME* KOpenSSLProxy::X509_CRL_get0_lastUpdate(const X509_CRL *crl) { - if (K_X509_CRL_get0_lastUpdate) return (K_X509_CRL_get0_lastUpdate)(crl); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - return X509_CRL_get_lastUpdate(crl); -#endif - kdWarning() << "X509_CRL_get_lastUpdate not defined!" << endl; - return 0L; -} - -const ASN1_TIME* KOpenSSLProxy::X509_CRL_get0_nextUpdate(const X509_CRL *crl) { - if (K_X509_CRL_get0_nextUpdate) return (K_X509_CRL_get0_nextUpdate)(crl); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - return X509_CRL_get_nextUpdate(crl); -#endif - kdWarning() << "X509_CRL_get_nextUpdate not defined!" << endl; - return 0L; -} - -X509* KOpenSSLProxy::X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) { - if (K_X509_STORE_CTX_get_current_cert) return (K_X509_STORE_CTX_get_current_cert)(ctx); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - return ctx->current_cert; -#endif - kdWarning() << "X509_STORE_CTX_get_current_cert not defined!" << endl; - return 0L; -} - -int KOpenSSLProxy::X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) { - if (K_X509_STORE_CTX_get_error) return (K_X509_STORE_CTX_get_error)(ctx); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - return ctx->error; -#endif - kdWarning() << "X509k_STORE_CTX_get_error not defined!" << endl; - return -1; -} - -int KOpenSSLProxy::X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) { - if (K_X509_STORE_CTX_get_error_depth) return (K_X509_STORE_CTX_get_error_depth)(ctx); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - return ctx->error_depth; -#endif - kdWarning() << "X509_STORE_CTX_get_error_depth not defined!" << endl; - return -1; -} - -void KOpenSSLProxy::X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s) { - if (K_X509_STORE_CTX_set_error) { - (K_X509_STORE_CTX_set_error)(ctx, s); - return; - } -#if OPENSSL_VERSION_NUMBER < 0x10100000L - ctx->error = s; - return; -#endif - kdWarning() << "X509_STORE_CTX_set_error not defined!" << endl; -} - -void KOpenSSLProxy::X509_STORE_set_verify_cb(X509_STORE *ctx, - X509_STORE_CTX_verify_cb verify_cb) { - if (K_X509_STORE_set_verify_cb) { - (K_X509_STORE_set_verify_cb)(ctx, verify_cb); - return; - } -#if OPENSSL_VERSION_NUMBER < 0x10100000L - X509_STORE_set_verify_cb_func(ctx, verify_cb); - return; -#endif - kdWarning() << "X590_STORE_set_verify_cb not defined!" << endl; -} - -STACK_OF(X509_OBJECT)* KOpenSSLProxy::X509_STORE_get0_objects(X509_STORE *v) { - if (K_X509_STORE_get0_objects) return (K_X509_STORE_get0_objects)(v); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - return v->objs; -#endif - kdWarning() << "X509_STORE_get0_objects not defined!" << endl; - return 0L; -} - -X509_LOOKUP_TYPE KOpenSSLProxy::X509_OBJECT_get_type(const X509_OBJECT *a) { - if (K_X509_OBJECT_get_type) return (K_X509_OBJECT_get_type)(a); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - return a->type; -#endif - kdWarning() << "X509_OBJECT_get_type not defined!" << endl; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - return X509_LU_NONE; -#else - return 0; -#endif -} - -X509* KOpenSSLProxy::X509_OBJECT_get0_X509(const X509_OBJECT *a) { - if (K_X509_OBJECT_get0_X509) return (K_X509_OBJECT_get0_X509)(a); -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - return a->data.x509; -#endif - kdWarning() << "X509_OBJECT_get0_X509 not defined!" << endl; - return 0L; -} - - -ASN1_TIME* KOpenSSLProxy::X509_getm_notAfter(const X509 *x) { - if (K_X509_getm_notAfter) return (K_X509_getm_notAfter)(x); -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - return X509_get_notAfter(x); -#endif - kdWarning() << "X509_get_notAfter not defined!" << endl; - return 0L; -} - -ASN1_TIME* KOpenSSLProxy::X509_getm_notBefore(const X509 *x) { - if (K_X509_getm_notBefore) return (K_X509_getm_notBefore)(x); -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - return X509_get_notBefore(x); -#endif - kdWarning() << "X509_get_notBefore not defined!" << endl; - return 0L; -} - -/* cover KOpenSSLProxy API compatibility */ -STACK* KOpenSSLProxy::sk_dup(const STACK *s) { - return OPENSSL_sk_dup(s); -} - -void KOpenSSLProxy::sk_free(STACK *s) { - OPENSSL_sk_free(s); -} - -STACK* KOpenSSLProxy::sk_new(int (*cmp)()) { - return OPENSSL_sk_new(cmp); -} - -int KOpenSSLProxy::sk_num(STACK *s) { - return OPENSSL_sk_num(s); -} - -char* KOpenSSLProxy::sk_pop(STACK *s) { - return OPENSSL_sk_pop(s); -} - -int KOpenSSLProxy::sk_push(STACK *s, char *d) { - return OPENSSL_sk_push(s, d); -} - -char* KOpenSSLProxy::sk_value(STACK *s, int n) { - return OPENSSL_sk_value(s, n); -} - -void KOpenSSLProxy::X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x) { - X509_STORE_CTX_set0_untrusted(v, x); -} - -SSL_METHOD* KOpenSSLProxy::SSLv23_client_method() { - return TLS_client_method(); -} - -#endif diff --git a/tdeio/kssl/kopenssl.cpp b/tdeio/kssl/kopenssl.cpp new file mode 100644 index 000000000..a009bd7e9 --- /dev/null +++ b/tdeio/kssl/kopenssl.cpp @@ -0,0 +1,2123 @@ +/* This file is part of the KDE libraries + Copyright (C) 2001-2003 George Staikos + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License version 2 as published by the Free Software Foundation. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Library General Public License + along with this library; see the file COPYING.LIB. If not, write to + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifdef KSSL_HAVE_SSL +#include +#endif + +#include +#include +#include +#include + +#include +#include +#include "kopenssl.h" + +#define GET_CRYPTOLIB_SYMBOL(a) ((_cryptoLib->hasSymbol(a)) ? _cryptoLib->symbol(a) : NULL) +#define GET_SSLLIB_SYMBOL(a) ((_sslLib->hasSymbol(a)) ? _sslLib->symbol(a) : NULL) + +// taken from OpenSSL 1.1 header, used to call OPENSSL_init_crypto +#if !defined(OPENSSL_INIT_ADD_ALL_CIPHERS) +# define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L +# define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L +# define OPENSSL_INIT_LOAD_CONFIG 0x00000040L +#endif + +extern "C" { +#ifdef KSSL_HAVE_SSL +static int (*K_SSL_connect) (SSL *) = 0L; +static int (*K_SSL_accept) (SSL *) = 0L; +static int (*K_SSL_read) (SSL *, void *, int) = 0L; +static int (*K_SSL_write) (SSL *, const void *, int) = 0L; +static SSL *(*K_SSL_new) (SSL_CTX *) = 0L; +static void (*K_SSL_free) (SSL *) = 0L; +static int (*K_SSL_shutdown) (SSL *) = 0L; +static SSL_CTX *(*K_SSL_CTX_new)(SSL_METHOD *) = 0L; +static void (*K_SSL_CTX_free) (SSL_CTX *) = 0L; +static int (*K_SSL_set_fd) (SSL *, int) = 0L; +static int (*K_SSL_pending) (SSL *) = 0L; +static int (*K_SSL_peek) (SSL *, void *, int) = 0L; +static int (*K_SSL_CTX_set_cipher_list)(SSL_CTX *, const char *) = 0L; +static void (*K_SSL_CTX_set_verify)(SSL_CTX *, int, + int (*)(int, X509_STORE_CTX *)) = 0L; +static int (*K_SSL_use_certificate)(SSL *, X509 *) = 0L; +static SSL_CIPHER *(*K_SSL_get_current_cipher)(SSL *) = 0L; +static long (*K_SSL_set_options)(SSL *ssl, long options) = 0L; +static int (*K_SSL_session_reused)(SSL *ssl) = 0L; +static long (*K_SSL_ctrl) (SSL *,int, long, void *) = 0L; +static int (*K_RAND_egd) (const char *) = 0L; +static const char* (*K_RAND_file_name) (char *, size_t) = 0L; +static int (*K_RAND_load_file) (const char *, long) = 0L; +static int (*K_RAND_write_file) (const char *) = 0L; +static SSL_METHOD * (*K_TLSv1_client_method) () = 0L; +static SSL_METHOD * (*K_SSLv2_client_method) () = 0L; +static SSL_METHOD * (*K_SSLv3_client_method) () = 0L; +static SSL_METHOD * (*K_TLS_client_method) () = 0L; +static X509 * (*K_SSL_get_peer_certificate) (SSL *) = 0L; +static int (*K_SSL_CIPHER_get_bits) (SSL_CIPHER *,int *) = 0L; +static char * (*K_SSL_CIPHER_get_version) (SSL_CIPHER *) = 0L; +static const char * (*K_SSL_CIPHER_get_name) (SSL_CIPHER *) = 0L; +static char * (*K_SSL_CIPHER_description) (SSL_CIPHER *, char *, int) = 0L; +static X509 * (*K_d2i_X509) (X509 **,unsigned char **,long) = 0L; +static X509_CRL * (*K_d2i_X509_CRL) (X509_CRL **,unsigned char **,long) = 0L; +static int (*K_i2d_X509) (X509 *,unsigned char **) = 0L; +static int (*K_X509_cmp) (X509 *, X509 *) = 0L; +static int (*K_X509_subject_name_cmp) (const X509 *, const X509 *) = 0L; +static void (*K_X509_STORE_CTX_free) (X509_STORE_CTX *) = 0L; +static int (*K_X509_verify_cert) (X509_STORE_CTX *) = 0L; +static X509_STORE_CTX *(*K_X509_STORE_CTX_new) (void) = 0L; +static void (*K_X509_STORE_free) (X509_STORE *) = 0L; +static X509_STORE *(*K_X509_STORE_new) (void) = 0L; +static void (*K_X509_free) (X509 *) = 0L; +static void (*K_X509_CRL_free) (X509_CRL *) = 0L; +static char *(*K_X509_NAME_oneline) (X509_NAME *,char *,int) = 0L; +static X509_NAME *(*K_X509_get_subject_name) (X509 *) = 0L; +static X509_NAME *(*K_X509_get_issuer_name) (X509 *) = 0L; +static X509_LOOKUP *(*K_X509_STORE_add_lookup) (X509_STORE *, X509_LOOKUP_METHOD *) = 0L; +static X509_LOOKUP_METHOD *(*K_X509_LOOKUP_file)(void) = 0L; +static void (*K_X509_LOOKUP_free)(X509_LOOKUP *) = 0L; +static int (*K_X509_LOOKUP_ctrl)(X509_LOOKUP *, int, const char *, long, char **) = 0L; +static void (*K_X509_STORE_CTX_init)(X509_STORE_CTX *, X509_STORE *, X509 *, STACK_OF(X509) *) = 0L; +static void (*K_CRYPTO_free) (void *) = 0L; +static X509* (*K_X509_dup) (X509 *) = 0L; +static void (*K_X509_get0_signature)(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x) = 0L; +static BIO_METHOD *(*K_BIO_s_mem) (void) = 0L; +static BIO* (*K_BIO_new) (BIO_METHOD *) = 0L; +static BIO* (*K_BIO_new_fp) (FILE *, int) = 0L; +static BIO* (*K_BIO_new_mem_buf) (void *, int) = 0L; +static int (*K_BIO_free) (BIO *) = 0L; +static long (*K_BIO_ctrl) (BIO *,int,long,void *) = 0L; +static int (*K_BIO_write) (BIO *b, const void *data, int len) = 0L; +static void* (*K_BIO_get_data) (BIO *a) = 0L; +static int (*K_PEM_ASN1_write_bio) (int (*)(),const char *,BIO *,char *, + const EVP_CIPHER *,unsigned char *,int , + pem_password_cb *, void *) = 0L; +#if OPENSSL_VERSION_NUMBER >= 0x10000000L +static int (*K_ASN1_item_i2d_fp)(ASN1_ITEM *,FILE *,unsigned char *) = 0L; +static ASN1_ITEM *K_NETSCAPE_X509_it = 0L; +#else +static ASN1_METHOD* (*K_X509_asn1_meth) (void) = 0L; +static int (*K_ASN1_i2d_fp)(int (*)(),FILE *,unsigned char *) = 0L; +static int (*K_i2d_ASN1_HEADER)(ASN1_HEADER *, unsigned char **) = 0L; +#endif +static int (*K_X509_print_fp) (FILE *, X509*) = 0L; +static int (*K_i2d_PKCS12) (PKCS12*, unsigned char**) = 0L; +static int (*K_i2d_PKCS12_fp) (FILE *, PKCS12*) = 0L; +static int (*K_PKCS12_newpass) (PKCS12*, char*, char*) = 0L; +static PKCS12* (*K_d2i_PKCS12_fp) (FILE*, PKCS12**) = 0L; +static PKCS12* (*K_PKCS12_new) (void) = 0L; +static void (*K_PKCS12_free) (PKCS12 *) = 0L; +static int (*K_PKCS12_parse) (PKCS12*, const char *, EVP_PKEY**, + X509**, STACK_OF(X509)**) = 0L; +static void (*K_EVP_PKEY_free) (EVP_PKEY *) = 0L; +static EVP_PKEY* (*K_EVP_PKEY_new) () = 0L; +static int (*K_EVP_PKEY_base_id)(const EVP_PKEY *pkey) = 0L; +static RSA* (*K_EVP_PKEY_get0_RSA)(EVP_PKEY *pkey) = 0L; +static DSA* (*K_EVP_PKEY_get0_DSA)(EVP_PKEY *pkey) = 0L; +static void (*K_X509_REQ_free) (X509_REQ *) = 0L; +static X509_REQ* (*K_X509_REQ_new) () = 0L; +static int (*K_SSL_CTX_use_PrivateKey) (SSL_CTX*, EVP_PKEY*) = 0L; +static int (*K_SSL_CTX_use_certificate) (SSL_CTX*, X509*) = 0L; +static int (*K_SSL_get_error) (SSL*, int) = 0L; +static STACK_OF(X509)* (*K_SSL_get_peer_cert_chain) (SSL*) = 0L; +static void (*K_X509_STORE_CTX_set0_untrusted) (X509_STORE_CTX *, STACK_OF(X509)*) = 0L; +static void (*K_X509_STORE_CTX_set_purpose) (X509_STORE_CTX *, int) = 0L; +static void (*K_sk_free) (STACK*) = 0L; +static int (*K_sk_num) (STACK*) = 0L; +static char* (*K_sk_pop) (STACK*) = 0L; +static char* (*K_sk_value) (STACK*, int) = 0L; +static STACK* (*K_sk_new) (int (*)()) = 0L; +static int (*K_sk_push) (STACK*, char*) = 0L; +static STACK* (*K_sk_dup) (const STACK *) = 0L; +static char * (*K_i2s_ASN1_INTEGER) (X509V3_EXT_METHOD *, ASN1_INTEGER *) =0L; +static ASN1_INTEGER * (*K_X509_get_serialNumber) (X509 *) = 0L; +static EVP_PKEY *(*K_X509_get_pubkey)(X509 *) = 0L; +static int (*K_i2d_PublicKey)(EVP_PKEY *, unsigned char **) = 0L; +static int (*K_X509_check_private_key)(X509 *, EVP_PKEY *) = 0L; +static char * (*K_BN_bn2hex)(const BIGNUM *) = 0L; +static int (*K_X509_digest)(const X509 *,const EVP_MD *, unsigned char *, unsigned int *) = 0L; +static EVP_MD* (*K_EVP_md5)() = 0L; +static void (*K_ASN1_INTEGER_free)(ASN1_INTEGER *) = 0L; +static int (*K_OBJ_obj2nid)(ASN1_OBJECT *) = 0L; +static const char * (*K_OBJ_nid2ln)(int) = 0L; +static int (*K_X509_get_ext_count)(X509*) = 0L; +static int (*K_X509_get_ext_by_NID)(X509*, int, int) = 0L; +static int (*K_X509_get_ext_by_OBJ)(X509*,ASN1_OBJECT*,int) = 0L; +static X509_EXTENSION *(*K_X509_get_ext)(X509*, int loc) = 0L; +static X509_EXTENSION *(*K_X509_delete_ext)(X509*, int) = 0L; +static int (*K_X509_add_ext)(X509*, X509_EXTENSION*, int) = 0L; +static void *(*K_X509_get_ext_d2i)(X509*, int, int*, int*) = 0L; +static char *(*K_i2s_ASN1_OCTET_STRING)(X509V3_EXT_METHOD*, ASN1_OCTET_STRING*) = 0L; +static int (*K_ASN1_BIT_STRING_get_bit)(ASN1_BIT_STRING*, int) = 0L; +static PKCS7 *(*K_PKCS7_new)() = 0L; +static void (*K_PKCS7_free)(PKCS7*) = 0L; +static void (*K_PKCS7_content_free)(PKCS7*) = 0L; +static int (*K_i2d_PKCS7)(PKCS7*, unsigned char**) = 0L; +static PKCS7 *(*K_d2i_PKCS7)(PKCS7**, unsigned char**,long) = 0L; +static int (*K_i2d_PKCS7_fp)(FILE*,PKCS7*) = 0L; +static PKCS7* (*K_d2i_PKCS7_fp)(FILE*,PKCS7**) = 0L; +static int (*K_i2d_PKCS7_bio)(BIO *bp,PKCS7 *p7) = 0L; +static PKCS7 *(*K_d2i_PKCS7_bio)(BIO *bp,PKCS7 **p7) = 0L; +static PKCS7* (*K_PKCS7_dup)(PKCS7*) = 0L; +static STACK_OF(X509_NAME) *(*K_SSL_load_client_CA_file)(const char*) = 0L; +static STACK_OF(X509_INFO) *(*K_PEM_X509_INFO_read)(FILE*, STACK_OF(X509_INFO)*, pem_password_cb*, void*) = 0L; +static char *(*K_ASN1_d2i_fp)(char *(*)(),char *(*)(),FILE*,unsigned char**) = 0L; +static X509 *(*K_X509_new)() = 0L; +static int (*K_X509_PURPOSE_get_count)() = 0L; +static int (*K_X509_PURPOSE_get_id)(X509_PURPOSE *) = 0L; +static int (*K_X509_check_purpose)(X509*,int,int) = 0L; +static X509_PURPOSE* (*K_X509_PURPOSE_get0)(int) = 0L; +static int (*K_EVP_PKEY_assign)(EVP_PKEY*, int, char*) = 0L; +static int (*K_X509_REQ_set_pubkey)(X509_REQ*, EVP_PKEY*) = 0L; +static void (*K_RSA_get0_key)(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) = 0L; +static RSA *(*K_RSA_generate_key)(int, unsigned long, void (*)(int,int,void *), void *) = 0L; +static void (*K_DSA_get0_pqg)(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) = 0L; +static void (*K_DSA_get0_key)(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) = 0L; +static int (*K_i2d_X509_REQ_fp)(FILE*, X509_REQ*) = 0L; +static void (*K_ERR_clear_error)() = 0L; +static unsigned long (*K_ERR_get_error)() = 0L; +static void (*K_ERR_print_errors_fp)(FILE*) = 0L; +static PKCS7 *(*K_PKCS7_sign)(X509*, EVP_PKEY*, STACK_OF(X509)*, BIO*, int) = 0L; +static int (*K_PKCS7_verify)(PKCS7*,STACK_OF(X509)*,X509_STORE*,BIO*,BIO*,int) = 0L; +static STACK_OF(X509) *(*K_PKCS7_get0_signers)(PKCS7 *, STACK_OF(X509) *, int) = 0L; +static PKCS7 *(*K_PKCS7_encrypt)(STACK_OF(X509) *, BIO *, EVP_CIPHER *, int) = 0L; +static int (*K_PKCS7_decrypt)(PKCS7 *, EVP_PKEY *, X509 *, BIO *, int) = 0L; +static SSL_SESSION* (*K_SSL_get1_session)(SSL*) = 0L; +static void (*K_SSL_SESSION_free)(SSL_SESSION*) = 0L; +static int (*K_SSL_set_session)(SSL*,SSL_SESSION*) = 0L; +static SSL_SESSION* (*K_d2i_SSL_SESSION)(SSL_SESSION**,unsigned char**, long) = 0L; +static int (*K_i2d_SSL_SESSION)(SSL_SESSION*,unsigned char**) = 0L; +static STACK *(*K_X509_get1_email)(X509 *x) = 0L; +static void (*K_X509_email_free)(STACK *sk) = 0L; +static EVP_CIPHER *(*K_EVP_des_ede3_cbc)() = 0L; +static EVP_CIPHER *(*K_EVP_des_cbc)() = 0L; +static EVP_CIPHER *(*K_EVP_rc2_cbc)() = 0L; +static EVP_CIPHER *(*K_EVP_rc2_64_cbc)() = 0L; +static EVP_CIPHER *(*K_EVP_rc2_40_cbc)() = 0L; +static int (*K_i2d_PrivateKey_fp)(FILE*,EVP_PKEY*) = 0L; +static int (*K_i2d_PKCS8PrivateKey_fp)(FILE*, EVP_PKEY*, const EVP_CIPHER*, char*, int, pem_password_cb*, void*) = 0L; +static void (*K_RSA_free)(RSA*) = 0L; +static EVP_CIPHER *(*K_EVP_bf_cbc)() = 0L; +static int (*K_X509_REQ_sign)(X509_REQ*, EVP_PKEY*, const EVP_MD*) = 0L; +static int (*K_X509_NAME_add_entry_by_txt)(X509_NAME*, char*, int, unsigned char*, int, int, int) = 0L; +static X509_NAME *(*K_X509_NAME_new)() = 0L; +static int (*K_X509_REQ_set_subject_name)(X509_REQ*,X509_NAME*) = 0L; +static unsigned char *(*K_ASN1_STRING_data)(ASN1_STRING*) = 0L; +static int (*K_ASN1_STRING_length)(ASN1_STRING*) = 0L; +static STACK_OF(SSL_CIPHER) *(*K_SSL_get_ciphers)(const SSL *ssl) = 0L; +static const ASN1_TIME* (*K_X509_CRL_get0_lastUpdate)(const X509_CRL *crl) = 0L; +static const ASN1_TIME* (*K_X509_CRL_get0_nextUpdate)(const X509_CRL *crl) = 0L; +static X509* (*K_X509_STORE_CTX_get_current_cert)(X509_STORE_CTX *ctx) = 0L; +static int (*K_X509_STORE_CTX_get_error)(X509_STORE_CTX *ctx) = 0L; +static int (*K_X509_STORE_CTX_get_error_depth)(X509_STORE_CTX *ctx) = 0L; +static void (*K_X509_STORE_CTX_set_error)(X509_STORE_CTX *ctx, int s) = 0L; +static void (*K_X509_STORE_set_verify_cb)(X509_STORE *ctx, + X509_STORE_CTX_verify_cb verify_cb) = 0L; +static STACK_OF(X509_OBJECT)* (*K_X509_STORE_get0_objects)(X509_STORE *v) = 0L; +static X509_LOOKUP_TYPE (*K_X509_OBJECT_get_type)(const X509_OBJECT *a) = 0L; +static X509* (*K_X509_OBJECT_get0_X509)(const X509_OBJECT *a) = 0L; +static ASN1_TIME* (*K_X509_getm_notAfter)(const X509 *x) = 0L; +static ASN1_TIME* (*K_X509_getm_notBefore)(const X509 *x) = 0L; +#endif +} + + +bool KOpenSSLProxy::hasLibSSL() const { + return _sslLib != 0L; +} + + +bool KOpenSSLProxy::hasLibCrypto() const { + return _cryptoLib != 0L; +} + + +void KOpenSSLProxy::destroy() { + delete this; + _me = 0L; +} + +#ifdef __OpenBSD__ +#include +#include +#include + +static TQString findMostRecentLib(TQString dir, TQString name) +{ + // Grab all shared libraries in the directory + TQString filter = "lib"+name+".so.*"; + TQDir d(dir, filter); + if (!d.exists()) + return 0L; + TQStringList l = d.entryList(); + + // Find the best one + int bestmaj = -1; + int bestmin = -1; + TQString best = 0L; + // where do we start + uint s = filter.length()-1; + for (TQStringList::Iterator it = l.begin(); it != l.end(); ++it) { + TQString numberpart = (*it).mid(s); + uint endmaj = numberpart.find('.'); + if (endmaj == -1) + continue; + bool ok; + int maj = numberpart.left(endmaj).toInt(&ok); + if (!ok) + continue; + int min = numberpart.mid(endmaj+1).toInt(&ok); + if (!ok) + continue; + if (maj > bestmaj || (maj == bestmaj && min > bestmin)) { + bestmaj = maj; + bestmin = min; + best = (*it); + } + } + if (best.isNull()) + return 0L; + else + return dir+"/"+best; +} +#endif + + +KOpenSSLProxy::KOpenSSLProxy() { +KLibLoader *ll = KLibLoader::self(); +_ok = false; +TQStringList libpaths, libnamesc, libnamess; +TDEConfig *cfg; + + _cryptoLib = 0L; + _sslLib = 0L; + + cfg = new TDEConfig("cryptodefaults", false, false); + cfg->setGroup("OpenSSL"); + TQString upath = cfg->readPathEntry("Path"); + if (!upath.isEmpty()) + libpaths << upath; + + delete cfg; + +#ifdef __OpenBSD__ + { + TQString libname = findMostRecentLib("/usr/" SYSTEM_LIBDIR, "crypto"); + if (!libname.isNull()) + _cryptoLib = ll->globalLibrary(libname.latin1()); + } +#elif defined(__CYGWIN__) + libpaths << "/usr/bin/" + << "/usr/local/bin" + << "/usr/local/openssl/bin" + << "/opt/openssl/bin" + << "/opt/trinity/bin" + << ""; + + libnamess << "cygssl-0.9.7.dll" + << "cygssl.dll" + << "libssl.dll" + << ""; + + libnamesc << "cygcrypto.dll" + << "libcrypto.dll" + << ""; +#else + libpaths + #ifdef _AIX + << "/opt/freeware/lib/" + #endif + << "/usr/" SYSTEM_LIBDIR "/" + << "/usr/ssl/" SYSTEM_LIBDIR "/" + << "/usr/local/" SYSTEM_LIBDIR "/" + << "/usr/local/openssl/" SYSTEM_LIBDIR "/" + << "/usr/local/ssl/" SYSTEM_LIBDIR "/" + << "/opt/openssl/" SYSTEM_LIBDIR "/" + << "/" SYSTEM_LIBDIR "/" + << ""; + +// FIXME: #define here for the various OS types to optimize + libnamess + #ifdef hpux + << "libssl.sl" + #elif defined(_AIX) + << "libssl.a(libssl.so.0)" + #elif defined(__APPLE__) + << "libssl.dylib" + << "libssl.0.9.dylib" + #else + #ifdef SHLIB_VERSION_NUMBER + << "libssl.so." SHLIB_VERSION_NUMBER + #endif + << "libssl.so" + << "libssl.so.0" + #endif + ; + + libnamesc + #ifdef hpux + << "libcrypto.sl" + #elif defined(_AIX) + << "libcrypto.a(libcrypto.so.0)" + #elif defined(__APPLE__) + << "libcrypto.dylib" + << "libcrypto.0.9.dylib" + #else + #ifdef SHLIB_VERSION_NUMBER + << "libcrypto.so." SHLIB_VERSION_NUMBER + #endif + << "libcrypto.so" + << "libcrypto.so.0" + #endif + ; +#endif + + for (TQStringList::Iterator it = libpaths.begin(); + it != libpaths.end(); + ++it) { + for (TQStringList::Iterator shit = libnamesc.begin(); + shit != libnamesc.end(); + ++shit) { + TQString alib = *it; + if (!alib.isEmpty() && !alib.endsWith("/")) + alib += "/"; + alib += *shit; + TQString tmpStr(alib.latin1()); + tmpStr.replace(TQRegExp("\\(.*\\)"), ""); + if (!access(tmpStr.latin1(), R_OK)) + _cryptoLib = ll->globalLibrary(alib.latin1()); + if (_cryptoLib) break; + } + if (_cryptoLib) break; + } + + if (_cryptoLib) { +#ifdef KSSL_HAVE_SSL + K_X509_free = (void (*) (X509 *)) GET_CRYPTOLIB_SYMBOL("X509_free"); + K_X509_CRL_free = (void (*) (X509_CRL *)) GET_CRYPTOLIB_SYMBOL("X509_CRL_free"); + K_RAND_egd = (int (*)(const char *)) GET_CRYPTOLIB_SYMBOL("RAND_egd"); + K_RAND_load_file = (int (*)(const char *, long)) GET_CRYPTOLIB_SYMBOL("RAND_load_file"); + K_RAND_file_name = (const char* (*)(char *, size_t)) GET_CRYPTOLIB_SYMBOL("RAND_file_name"); + K_RAND_write_file = (int (*)(const char *)) GET_CRYPTOLIB_SYMBOL("RAND_write_file"); + K_CRYPTO_free = (void (*) (void *)) GET_CRYPTOLIB_SYMBOL("CRYPTO_free"); + K_d2i_X509 = (X509 * (*)(X509 **,unsigned char **,long)) GET_CRYPTOLIB_SYMBOL("d2i_X509"); + K_d2i_X509_CRL = (X509_CRL * (*)(X509_CRL **,unsigned char **,long)) GET_CRYPTOLIB_SYMBOL("d2i_X509_CRL"); + K_i2d_X509 = (int (*)(X509 *,unsigned char **)) GET_CRYPTOLIB_SYMBOL("i2d_X509"); + K_X509_cmp = (int (*)(X509 *, X509 *)) GET_CRYPTOLIB_SYMBOL("X509_cmp"); + K_X509_subject_name_cmp = (int (*)(const X509 *, const X509 *)) GET_CRYPTOLIB_SYMBOL("X509_subject_name_cmp"); + K_X509_STORE_CTX_new = (X509_STORE_CTX * (*) (void)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_new"); + K_X509_STORE_CTX_free = (void (*) (X509_STORE_CTX *)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_free"); + K_X509_verify_cert = (int (*) (X509_STORE_CTX *)) GET_CRYPTOLIB_SYMBOL("X509_verify_cert"); + K_X509_STORE_new = (X509_STORE * (*) (void)) GET_CRYPTOLIB_SYMBOL("X509_STORE_new"); + K_X509_STORE_free = (void (*) (X509_STORE *)) GET_CRYPTOLIB_SYMBOL("X509_STORE_free"); + K_X509_NAME_oneline = (char * (*) (X509_NAME *,char *,int)) GET_CRYPTOLIB_SYMBOL("X509_NAME_oneline"); + K_X509_get_subject_name = (X509_NAME * (*) (X509 *)) GET_CRYPTOLIB_SYMBOL("X509_get_subject_name"); + K_X509_get_issuer_name = (X509_NAME * (*) (X509 *)) GET_CRYPTOLIB_SYMBOL("X509_get_issuer_name"); + K_X509_STORE_add_lookup = (X509_LOOKUP *(*) (X509_STORE *, X509_LOOKUP_METHOD *)) GET_CRYPTOLIB_SYMBOL("X509_STORE_add_lookup"); + K_X509_LOOKUP_file = (X509_LOOKUP_METHOD *(*)(void)) GET_CRYPTOLIB_SYMBOL("X509_LOOKUP_file"); + K_X509_LOOKUP_free = (void (*)(X509_LOOKUP *)) GET_CRYPTOLIB_SYMBOL("X509_LOOKUP_free"); + K_X509_LOOKUP_ctrl = (int (*)(X509_LOOKUP *, int, const char *, long, char **)) GET_CRYPTOLIB_SYMBOL("X509_LOOKUP_ctrl"); + K_X509_STORE_CTX_init = (void (*)(X509_STORE_CTX *, X509_STORE *, X509 *, STACK_OF(X509) *)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_init"); + K_X509_dup = (X509* (*)(X509*)) GET_CRYPTOLIB_SYMBOL("X509_dup"); + K_X509_get0_signature = (void (*)(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x)) GET_CRYPTOLIB_SYMBOL("X509_get0_signature"); + K_BIO_s_mem = (BIO_METHOD *(*) (void)) GET_CRYPTOLIB_SYMBOL("BIO_s_mem"); + K_BIO_new = (BIO* (*)(BIO_METHOD *)) GET_CRYPTOLIB_SYMBOL("BIO_new"); + K_BIO_new_fp = (BIO* (*)(FILE*, int)) GET_CRYPTOLIB_SYMBOL("BIO_new_fp"); + K_BIO_new_mem_buf = (BIO* (*)(void *, int)) GET_CRYPTOLIB_SYMBOL("BIO_new_mem_buf"); + K_BIO_free = (int (*)(BIO*)) GET_CRYPTOLIB_SYMBOL("BIO_free"); + K_BIO_ctrl = (long (*) (BIO *,int,long,void *)) GET_CRYPTOLIB_SYMBOL("BIO_ctrl"); + K_BIO_write = (int (*) (BIO *b, const void *data, int len)) GET_CRYPTOLIB_SYMBOL("BIO_write"); + K_BIO_get_data = (void* (*)(BIO *a)) GET_CRYPTOLIB_SYMBOL("BIO_get_data"); + K_PEM_ASN1_write_bio = (int (*)(int (*)(), const char *,BIO*, char*, const EVP_CIPHER *, unsigned char *, int, pem_password_cb *, void *)) GET_CRYPTOLIB_SYMBOL("PEM_ASN1_write_bio"); +#if OPENSSL_VERSION_NUMBER >= 0x10000000L + K_ASN1_item_i2d_fp = (int (*)(ASN1_ITEM *, FILE*, unsigned char *)) GET_CRYPTOLIB_SYMBOL("ASN1_item_i2d_fp"); + K_NETSCAPE_X509_it = (ASN1_ITEM *) GET_CRYPTOLIB_SYMBOL("NETSCAPE_X509_it"); +#else + K_X509_asn1_meth = (ASN1_METHOD* (*)(void)) GET_CRYPTOLIB_SYMBOL("X509_asn1_meth"); + K_ASN1_i2d_fp = (int (*)(int (*)(), FILE*, unsigned char *)) GET_CRYPTOLIB_SYMBOL("ASN1_i2d_fp"); + K_i2d_ASN1_HEADER = (int (*)(ASN1_HEADER *, unsigned char **)) GET_CRYPTOLIB_SYMBOL("i2d_ASN1_HEADER"); +#endif + K_X509_print_fp = (int (*)(FILE*, X509*)) GET_CRYPTOLIB_SYMBOL("X509_print_fp"); + K_i2d_PKCS12 = (int (*)(PKCS12*, unsigned char**)) GET_CRYPTOLIB_SYMBOL("i2d_PKCS12"); + K_i2d_PKCS12_fp = (int (*)(FILE *, PKCS12*)) GET_CRYPTOLIB_SYMBOL("i2d_PKCS12_fp"); + K_PKCS12_newpass = (int (*)(PKCS12*, char*, char*)) GET_CRYPTOLIB_SYMBOL("PKCS12_newpass"); + K_d2i_PKCS12_fp = (PKCS12* (*)(FILE*, PKCS12**)) GET_CRYPTOLIB_SYMBOL("d2i_PKCS12_fp"); + K_PKCS12_new = (PKCS12* (*)()) GET_CRYPTOLIB_SYMBOL("PKCS12_new"); + K_PKCS12_free = (void (*)(PKCS12 *)) GET_CRYPTOLIB_SYMBOL("PKCS12_free"); + K_PKCS12_parse = (int (*)(PKCS12*, const char *, EVP_PKEY**, + X509**, STACK_OF(X509)**)) GET_CRYPTOLIB_SYMBOL("PKCS12_parse"); + K_EVP_PKEY_free = (void (*) (EVP_PKEY *)) GET_CRYPTOLIB_SYMBOL("EVP_PKEY_free"); + K_EVP_PKEY_new = (EVP_PKEY* (*)()) GET_CRYPTOLIB_SYMBOL("EVP_PKEY_new"); + K_EVP_PKEY_base_id = (int (*)(const EVP_PKEY *pkey)) GET_CRYPTOLIB_SYMBOL("EVP_PKEY_base_id"); + K_EVP_PKEY_get0_RSA = (RSA* (*)(EVP_PKEY *pkey)) GET_CRYPTOLIB_SYMBOL("EVP_PKEY_get0_RSA"); + K_EVP_PKEY_get0_DSA = (DSA* (*)(EVP_PKEY *pkey)) GET_CRYPTOLIB_SYMBOL("EVP_PKEY_get0_DSA"); + K_X509_REQ_free = (void (*)(X509_REQ*)) GET_CRYPTOLIB_SYMBOL("X509_REQ_free"); + K_X509_REQ_new = (X509_REQ* (*)()) GET_CRYPTOLIB_SYMBOL("X509_REQ_new"); + K_X509_STORE_CTX_set0_untrusted = (void (*)(X509_STORE_CTX *, STACK_OF(X509)*)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_set0_untrusted"); + if (!K_X509_STORE_CTX_set0_untrusted) K_X509_STORE_CTX_set0_untrusted = (void (*)(X509_STORE_CTX *, STACK_OF(X509)*)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_set_chain"); + K_X509_STORE_CTX_set_purpose = (void (*)(X509_STORE_CTX *, int)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_set_purpose"); + K_sk_free = (void (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_free"); + if (!K_sk_free) K_sk_free = (void (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("sk_free"); + K_sk_num = (int (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_num"); + if (!K_sk_num) K_sk_num = (int (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("sk_num"); + K_sk_pop = (char* (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_pop"); + if (!K_sk_pop) K_sk_pop = (char* (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("sk_pop"); + K_sk_value = (char* (*) (STACK *, int)) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_value"); + if (!K_sk_value) K_sk_value = (char* (*) (STACK *, int)) GET_CRYPTOLIB_SYMBOL("sk_value"); + K_sk_new = (STACK* (*) (int (*)())) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_new"); + if (!K_sk_new) K_sk_new = (STACK* (*) (int (*)())) GET_CRYPTOLIB_SYMBOL("sk_new"); + K_sk_push = (int (*) (STACK*, char*)) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_push"); + if (!K_sk_push) K_sk_push = (int (*) (STACK*, char*)) GET_CRYPTOLIB_SYMBOL("sk_push"); + K_sk_dup = (STACK* (*) (const STACK *)) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_dup"); + if (!K_sk_dup) K_sk_dup = (STACK* (*) (const STACK *)) GET_CRYPTOLIB_SYMBOL("sk_dup"); + K_i2s_ASN1_INTEGER = (char *(*) (X509V3_EXT_METHOD *, ASN1_INTEGER *)) GET_CRYPTOLIB_SYMBOL("i2s_ASN1_INTEGER"); + K_X509_get_serialNumber = (ASN1_INTEGER * (*) (X509 *)) GET_CRYPTOLIB_SYMBOL("X509_get_serialNumber"); + K_X509_get_pubkey = (EVP_PKEY *(*)(X509 *)) GET_CRYPTOLIB_SYMBOL("X509_get_pubkey"); + K_i2d_PublicKey = (int (*)(EVP_PKEY *, unsigned char **)) GET_CRYPTOLIB_SYMBOL("i2d_PublicKey"); + K_X509_check_private_key = (int (*)(X509 *, EVP_PKEY *)) GET_CRYPTOLIB_SYMBOL("X509_check_private_key"); + K_BN_bn2hex = (char *(*)(const BIGNUM *)) GET_CRYPTOLIB_SYMBOL("BN_bn2hex"); + K_X509_digest = (int (*)(const X509 *,const EVP_MD *, unsigned char *, unsigned int *)) GET_CRYPTOLIB_SYMBOL("X509_digest"); + K_EVP_md5 = (EVP_MD *(*)()) GET_CRYPTOLIB_SYMBOL("EVP_md5"); + K_ASN1_INTEGER_free = (void (*)(ASN1_INTEGER *)) GET_CRYPTOLIB_SYMBOL("ASN1_INTEGER_free"); + K_OBJ_obj2nid = (int (*)(ASN1_OBJECT *)) GET_CRYPTOLIB_SYMBOL("OBJ_obj2nid"); + K_OBJ_nid2ln = (const char *(*)(int)) GET_CRYPTOLIB_SYMBOL("OBJ_nid2ln"); + K_X509_get_ext_count = (int (*)(X509*)) GET_CRYPTOLIB_SYMBOL("X509_get_ext_count"); + K_X509_get_ext_by_NID = (int (*)(X509*,int,int)) GET_CRYPTOLIB_SYMBOL("X509_get_ext_by_NID"); + K_X509_get_ext_by_OBJ = (int (*)(X509*,ASN1_OBJECT*,int)) GET_CRYPTOLIB_SYMBOL("X509_get_ext_by_OBJ"); + K_X509_get_ext = (X509_EXTENSION* (*)(X509*,int)) GET_CRYPTOLIB_SYMBOL("X509_get_ext"); + K_X509_delete_ext = (X509_EXTENSION* (*)(X509*,int)) GET_CRYPTOLIB_SYMBOL("X509_delete_ext"); + K_X509_add_ext = (int (*)(X509*,X509_EXTENSION*,int)) GET_CRYPTOLIB_SYMBOL("X509_add_ext"); + K_X509_get_ext_d2i = (void* (*)(X509*,int,int*,int*)) GET_CRYPTOLIB_SYMBOL("X509_get_ext_d2i"); + K_i2s_ASN1_OCTET_STRING = (char *(*)(X509V3_EXT_METHOD*,ASN1_OCTET_STRING*)) GET_CRYPTOLIB_SYMBOL("i2s_ASN1_OCTET_STRING"); + K_ASN1_BIT_STRING_get_bit = (int (*)(ASN1_BIT_STRING*,int)) GET_CRYPTOLIB_SYMBOL("ASN1_BIT_STRING_get_bit"); + K_PKCS7_new = (PKCS7 *(*)()) GET_CRYPTOLIB_SYMBOL("PKCS7_new"); + K_PKCS7_free = (void (*)(PKCS7*)) GET_CRYPTOLIB_SYMBOL("PKCS7_free"); + K_PKCS7_content_free = (void (*)(PKCS7*)) GET_CRYPTOLIB_SYMBOL("PKCS7_content_free"); + K_i2d_PKCS7 = (int (*)(PKCS7*, unsigned char**)) GET_CRYPTOLIB_SYMBOL("i2d_PKCS7"); + K_i2d_PKCS7_fp = (int (*)(FILE*,PKCS7*)) GET_CRYPTOLIB_SYMBOL("i2d_PKCS7_fp"); + K_i2d_PKCS7_bio = (int (*)(BIO *bp,PKCS7 *p7)) GET_CRYPTOLIB_SYMBOL("i2d_PKCS7_bio"); + K_d2i_PKCS7 = (PKCS7* (*)(PKCS7**,unsigned char**,long)) GET_CRYPTOLIB_SYMBOL("d2i_PKCS7"); + K_d2i_PKCS7_fp = (PKCS7 *(*)(FILE *,PKCS7**)) GET_CRYPTOLIB_SYMBOL("d2i_PKCS7_fp"); + K_d2i_PKCS7_bio = (PKCS7 *(*)(BIO *bp,PKCS7 **p7)) GET_CRYPTOLIB_SYMBOL("d2i_PKCS7_bio"); + K_PKCS7_dup = (PKCS7* (*)(PKCS7*)) GET_CRYPTOLIB_SYMBOL("PKCS7_dup"); + K_PKCS7_sign = (PKCS7 *(*)(X509*, EVP_PKEY*, STACK_OF(X509)*, BIO*, int)) GET_CRYPTOLIB_SYMBOL("PKCS7_sign"); + K_PKCS7_verify = (int (*)(PKCS7*,STACK_OF(X509)*,X509_STORE*,BIO*,BIO*,int)) GET_CRYPTOLIB_SYMBOL("PKCS7_verify"); + K_PKCS7_get0_signers = (STACK_OF(X509) *(*)(PKCS7 *, STACK_OF(X509) *, int)) GET_CRYPTOLIB_SYMBOL("PKCS7_get0_signers"); + K_PKCS7_encrypt = (PKCS7* (*)(STACK_OF(X509) *, BIO *, EVP_CIPHER *, int)) GET_CRYPTOLIB_SYMBOL("PKCS7_encrypt"); + K_PKCS7_decrypt = (int (*)(PKCS7 *, EVP_PKEY *, X509 *, BIO *, int)) GET_CRYPTOLIB_SYMBOL("PKCS7_decrypt"); + K_PEM_X509_INFO_read = (STACK_OF(X509_INFO) *(*)(FILE*, STACK_OF(X509_INFO)*, pem_password_cb*, void *)) GET_CRYPTOLIB_SYMBOL("PEM_X509_INFO_read"); + K_ASN1_d2i_fp = (char *(*)(char *(*)(),char *(*)(),FILE*,unsigned char**)) GET_CRYPTOLIB_SYMBOL("ASN1_d2i_fp"); + K_X509_new = (X509 *(*)()) GET_CRYPTOLIB_SYMBOL("X509_new"); + K_X509_PURPOSE_get_count = (int (*)()) GET_CRYPTOLIB_SYMBOL("X509_PURPOSE_get_count"); + K_X509_PURPOSE_get_id = (int (*)(X509_PURPOSE *)) GET_CRYPTOLIB_SYMBOL("X509_PURPOSE_get_id"); + K_X509_check_purpose = (int (*)(X509*,int,int)) GET_CRYPTOLIB_SYMBOL("X509_check_purpose"); + K_X509_PURPOSE_get0 = (X509_PURPOSE *(*)(int)) GET_CRYPTOLIB_SYMBOL("X509_PURPOSE_get0"); + K_EVP_PKEY_assign = (int (*)(EVP_PKEY*, int, char*)) GET_CRYPTOLIB_SYMBOL("EVP_PKEY_assign"); + K_X509_REQ_set_pubkey = (int (*)(X509_REQ*, EVP_PKEY*)) GET_CRYPTOLIB_SYMBOL("X509_REQ_set_pubkey"); + K_RSA_get0_key = (void (*)(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)) GET_CRYPTOLIB_SYMBOL("RSA_get0_key"); + K_RSA_generate_key = (RSA* (*)(int, unsigned long, void (*)(int,int,void *), void *)) GET_CRYPTOLIB_SYMBOL("RSA_generate_key"); + K_DSA_get0_pqg = (void (*)(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)) GET_CRYPTOLIB_SYMBOL("DSA_get0_pqg"); + K_DSA_get0_key = (void (*)(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key)) GET_CRYPTOLIB_SYMBOL("DSA_get0_key"); + K_i2d_X509_REQ_fp = (int (*)(FILE *, X509_REQ *)) GET_CRYPTOLIB_SYMBOL("i2d_X509_REQ_fp"); + K_ERR_clear_error = (void (*)()) GET_CRYPTOLIB_SYMBOL("ERR_clear_error"); + K_ERR_get_error = (unsigned long (*)()) GET_CRYPTOLIB_SYMBOL("ERR_get_error"); + K_ERR_print_errors_fp = (void (*)(FILE*)) GET_CRYPTOLIB_SYMBOL("ERR_print_errors_fp"); + K_X509_get1_email = (STACK *(*)(X509 *x)) GET_CRYPTOLIB_SYMBOL("X509_get1_email"); + K_X509_email_free = (void (*)(STACK *sk)) GET_CRYPTOLIB_SYMBOL("X509_email_free"); + K_EVP_des_ede3_cbc = (EVP_CIPHER *(*)()) GET_CRYPTOLIB_SYMBOL("EVP_des_ede3_cbc"); + K_EVP_des_cbc = (EVP_CIPHER *(*)()) GET_CRYPTOLIB_SYMBOL("EVP_des_cbc"); + K_EVP_rc2_cbc = (EVP_CIPHER *(*)()) GET_CRYPTOLIB_SYMBOL("EVP_rc2_cbc"); + K_EVP_rc2_64_cbc = (EVP_CIPHER *(*)()) GET_CRYPTOLIB_SYMBOL("EVP_rc2_64_cbc"); + K_EVP_rc2_40_cbc = (EVP_CIPHER *(*)()) GET_CRYPTOLIB_SYMBOL("EVP_rc2_40_cbc"); + K_i2d_PrivateKey_fp = (int (*)(FILE*,EVP_PKEY*)) GET_CRYPTOLIB_SYMBOL("i2d_PrivateKey_fp"); + K_i2d_PKCS8PrivateKey_fp = (int (*)(FILE*, EVP_PKEY*, const EVP_CIPHER*, char*, int, pem_password_cb*, void*)) GET_CRYPTOLIB_SYMBOL("i2d_PKCS8PrivateKey_fp"); + K_RSA_free = (void (*)(RSA*)) GET_CRYPTOLIB_SYMBOL("RSA_free"); + K_EVP_bf_cbc = (EVP_CIPHER *(*)()) GET_CRYPTOLIB_SYMBOL("EVP_bf_cbc"); + K_X509_REQ_sign = (int (*)(X509_REQ*, EVP_PKEY*, const EVP_MD*)) GET_CRYPTOLIB_SYMBOL("X509_REQ_sign"); + K_X509_NAME_add_entry_by_txt = (int (*)(X509_NAME*, char*, int, unsigned char*, int, int, int)) GET_CRYPTOLIB_SYMBOL("X509_NAME_add_entry_by_txt"); + K_X509_NAME_new = (X509_NAME *(*)()) GET_CRYPTOLIB_SYMBOL("X509_NAME_new"); + K_X509_REQ_set_subject_name = (int (*)(X509_REQ*,X509_NAME*)) GET_CRYPTOLIB_SYMBOL("X509_REQ_set_subject_name"); + K_ASN1_STRING_data = (unsigned char *(*)(ASN1_STRING*)) GET_CRYPTOLIB_SYMBOL("ASN1_STRING_data"); + K_ASN1_STRING_length = (int (*)(ASN1_STRING*)) GET_CRYPTOLIB_SYMBOL("ASN1_STRING_length"); + K_X509_CRL_get0_lastUpdate = (const ASN1_TIME* (*)(const X509_CRL *crl)) GET_CRYPTOLIB_SYMBOL("X509_CRL_get0_lastUpdate"); + K_X509_CRL_get0_nextUpdate = (const ASN1_TIME* (*)(const X509_CRL *crl)) GET_CRYPTOLIB_SYMBOL("X509_CRL_get0_nextUpdate"); + K_X509_STORE_CTX_get_current_cert = (X509* (*)(X509_STORE_CTX *ctx)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_get_current_cert"); + K_X509_STORE_CTX_get_error = (int (*)(X509_STORE_CTX *ctx)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_get_error"); + K_X509_STORE_CTX_get_error_depth = (int (*)(X509_STORE_CTX *ctx)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_get_error_depth"); + K_X509_STORE_CTX_set_error = (void (*)(X509_STORE_CTX *ctx, int s)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_set_error"); + K_X509_STORE_set_verify_cb = (void (*)(X509_STORE *ctx, + X509_STORE_CTX_verify_cb verify_cb)) GET_CRYPTOLIB_SYMBOL("X509_STORE_set_verify_cb"); + K_X509_STORE_get0_objects = (STACK_OF(X509_OBJECT)* (*)(X509_STORE *v)) GET_CRYPTOLIB_SYMBOL("X509_STORE_get0_objects"); + K_X509_OBJECT_get_type = (X509_LOOKUP_TYPE (*)(const X509_OBJECT *a)) GET_CRYPTOLIB_SYMBOL("X509_OBJECT_get_type"); + K_X509_OBJECT_get0_X509 = (X509* (*)(const X509_OBJECT *a)) GET_CRYPTOLIB_SYMBOL("X509_OBJECT_get0_X509"); + K_X509_getm_notAfter = (ASN1_TIME* (*)(const X509 *x)) GET_CRYPTOLIB_SYMBOL("X509_getm_notAfter"); + K_X509_getm_notBefore = (ASN1_TIME* (*)(const X509 *x)) GET_CRYPTOLIB_SYMBOL("X509_getm_notBefore"); +#endif + } + +#ifdef __OpenBSD__ + { + TQString libname = findMostRecentLib("/usr/lib", "ssl"); + if (!libname.isNull()) + _sslLib = ll->globalLibrary(libname.latin1()); + } +#else + for (TQStringList::Iterator it = libpaths.begin(); + it != libpaths.end(); + ++it) { + for (TQStringList::Iterator shit = libnamess.begin(); + shit != libnamess.end(); + ++shit) { + TQString alib = *it; + if (!alib.isEmpty() && !alib.endsWith("/")) + alib += "/"; + alib += *shit; + TQString tmpStr(alib.latin1()); + tmpStr.replace(TQRegExp("\\(.*\\)"), ""); + if (!access(tmpStr.latin1(), R_OK)) + _sslLib = ll->globalLibrary(alib.latin1()); + if (_sslLib) break; + } + if (_sslLib) break; + } +#endif + + if (_sslLib) { +#ifdef KSSL_HAVE_SSL + // stand back from your monitor and look at this. it's fun! :) + K_SSL_connect = (int (*)(SSL *)) GET_SSLLIB_SYMBOL("SSL_connect"); + K_SSL_accept = (int (*)(SSL *)) GET_SSLLIB_SYMBOL("SSL_accept"); + K_SSL_read = (int (*)(SSL *, void *, int)) GET_SSLLIB_SYMBOL("SSL_read"); + K_SSL_write = (int (*)(SSL *, const void *, int)) + GET_SSLLIB_SYMBOL("SSL_write"); + K_SSL_new = (SSL* (*)(SSL_CTX *)) GET_SSLLIB_SYMBOL("SSL_new"); + K_SSL_free = (void (*)(SSL *)) GET_SSLLIB_SYMBOL("SSL_free"); + K_SSL_shutdown = (int (*)(SSL *)) GET_SSLLIB_SYMBOL("SSL_shutdown"); + K_SSL_CTX_new = (SSL_CTX* (*)(SSL_METHOD*)) GET_SSLLIB_SYMBOL("SSL_CTX_new"); + K_SSL_CTX_free = (void (*)(SSL_CTX*)) GET_SSLLIB_SYMBOL("SSL_CTX_free"); + K_SSL_set_fd = (int (*)(SSL *, int)) GET_SSLLIB_SYMBOL("SSL_set_fd"); + K_SSL_pending = (int (*)(SSL *)) GET_SSLLIB_SYMBOL("SSL_pending"); + K_SSL_CTX_set_cipher_list = (int (*)(SSL_CTX *, const char *)) + GET_SSLLIB_SYMBOL("SSL_CTX_set_cipher_list"); + K_SSL_CTX_set_verify = (void (*)(SSL_CTX*, int, int (*)(int, X509_STORE_CTX*))) GET_SSLLIB_SYMBOL("SSL_CTX_set_verify"); + K_SSL_use_certificate = (int (*)(SSL*, X509*)) + GET_SSLLIB_SYMBOL("SSL_CTX_use_certificate"); + K_SSL_get_current_cipher = (SSL_CIPHER *(*)(SSL *)) + GET_SSLLIB_SYMBOL("SSL_get_current_cipher"); + K_SSL_set_options = (long (*)(SSL *ssl, long options)) GET_SSLLIB_SYMBOL("SSL_set_options"); + K_SSL_session_reused = (int (*)(SSL *ssl)) GET_SSLLIB_SYMBOL("SSL_session_reused"); + K_SSL_ctrl = (long (*)(SSL * ,int, long, void *)) + GET_SSLLIB_SYMBOL("SSL_ctrl"); + K_TLSv1_client_method = (SSL_METHOD *(*)()) GET_SSLLIB_SYMBOL("TLSv1_client_method"); + K_SSLv2_client_method = (SSL_METHOD *(*)()) GET_SSLLIB_SYMBOL("SSLv2_client_method"); + K_SSLv3_client_method = (SSL_METHOD *(*)()) GET_SSLLIB_SYMBOL("SSLv3_client_method"); + K_TLS_client_method = (SSL_METHOD *(*)()) GET_SSLLIB_SYMBOL("TLS_client_method"); + if (!K_TLS_client_method) K_TLS_client_method = (SSL_METHOD *(*)()) GET_SSLLIB_SYMBOL("SSLv23_client_method"); + K_SSL_get_peer_certificate = (X509 *(*)(SSL *)) GET_SSLLIB_SYMBOL("SSL_get_peer_certificate"); + K_SSL_CIPHER_get_bits = (int (*)(SSL_CIPHER *,int *)) GET_SSLLIB_SYMBOL("SSL_CIPHER_get_bits"); + K_SSL_CIPHER_get_version = (char * (*)(SSL_CIPHER *)) GET_SSLLIB_SYMBOL("SSL_CIPHER_get_version"); + K_SSL_CIPHER_get_name = (const char * (*)(SSL_CIPHER *)) GET_SSLLIB_SYMBOL("SSL_CIPHER_get_name"); + K_SSL_CIPHER_description = (char * (*)(SSL_CIPHER *, char *, int)) GET_SSLLIB_SYMBOL("SSL_CIPHER_description"); + K_SSL_CTX_use_PrivateKey = (int (*)(SSL_CTX*, EVP_PKEY*)) GET_SSLLIB_SYMBOL("SSL_CTX_use_PrivateKey"); + K_SSL_CTX_use_certificate = (int (*)(SSL_CTX*, X509*)) GET_SSLLIB_SYMBOL("SSL_CTX_use_certificate"); + K_SSL_get_error = (int (*)(SSL*, int)) GET_SSLLIB_SYMBOL("SSL_get_error"); + K_SSL_get_peer_cert_chain = (STACK_OF(X509)* (*)(SSL*)) GET_SSLLIB_SYMBOL("SSL_get_peer_cert_chain"); + K_SSL_load_client_CA_file = (STACK_OF(X509_NAME)* (*)(const char *)) GET_SSLLIB_SYMBOL("SSL_load_client_CA_file"); + K_SSL_peek = (int (*)(SSL*,void*,int)) GET_SSLLIB_SYMBOL("SSL_peek"); + K_SSL_get1_session = (SSL_SESSION* (*)(SSL*)) GET_SSLLIB_SYMBOL("SSL_get1_session"); + K_SSL_SESSION_free = (void (*)(SSL_SESSION*)) GET_SSLLIB_SYMBOL("SSL_SESSION_free"); + K_SSL_set_session = (int (*)(SSL*,SSL_SESSION*)) GET_SSLLIB_SYMBOL("SSL_set_session"); + K_d2i_SSL_SESSION = (SSL_SESSION* (*)(SSL_SESSION**,unsigned char**, long)) GET_SSLLIB_SYMBOL("d2i_SSL_SESSION"); + K_i2d_SSL_SESSION = (int (*)(SSL_SESSION*,unsigned char**)) GET_SSLLIB_SYMBOL("i2d_SSL_SESSION"); + K_SSL_get_ciphers = (STACK_OF(SSL_CIPHER) *(*)(const SSL*)) GET_SSLLIB_SYMBOL("SSL_get_ciphers"); +#endif + + + // Initialize the library (once only!) + void *x; + x = GET_SSLLIB_SYMBOL("OPENSSL_init_ssl"); + if (x) { + // OpenSSL >= 1.1 + if (_cryptoLib) { + ((int (*)(unsigned long long, void*))x)(0, NULL); + x = GET_CRYPTOLIB_SYMBOL("OPENSSL_init_crypto"); + if (x) ((int (*)(unsigned long long, void*))x)(OPENSSL_INIT_ADD_ALL_CIPHERS + | OPENSSL_INIT_ADD_ALL_DIGESTS + | OPENSSL_INIT_LOAD_CONFIG, + NULL); + } + } + else { + // OpenSSL < 1.1 + x = GET_SSLLIB_SYMBOL("SSL_library_init"); + if (_cryptoLib) { + if (x) ((int (*)())x)(); + x = GET_CRYPTOLIB_SYMBOL("OpenSSL_add_all_algorithms"); + if (!x) + x = GET_CRYPTOLIB_SYMBOL("OPENSSL_add_all_algorithms"); + if (x) { + ((void (*)())x)(); + } else { + x = GET_CRYPTOLIB_SYMBOL("OpenSSL_add_all_algorithms_conf"); + if (!x) + x = GET_CRYPTOLIB_SYMBOL("OPENSSL_add_all_algorithms_conf"); + if (x) { + ((void (*)())x)(); + } else { + x = GET_CRYPTOLIB_SYMBOL("OpenSSL_add_all_algorithms_noconf"); + if (!x) + x = GET_CRYPTOLIB_SYMBOL("OPENSSL_add_all_algorithms_noconf"); + if (x) + ((void (*)())x)(); + } + } + x = GET_CRYPTOLIB_SYMBOL("OpenSSL_add_all_ciphers"); + if (!x) + x = GET_CRYPTOLIB_SYMBOL("OPENSSL_add_all_ciphers"); + if (x) ((void (*)())x)(); + x = GET_CRYPTOLIB_SYMBOL("OpenSSL_add_all_digests"); + if (!x) + x = GET_CRYPTOLIB_SYMBOL("OPENSSL_add_all_digests"); + if (x) ((void (*)())x)(); + } + } + } + +} + + +KOpenSSLProxy* KOpenSSLProxy::_me = 0L; +static KStaticDeleter medProxy; + + + +KOpenSSLProxy::~KOpenSSLProxy() { + if (_sslLib) { + _sslLib->unload(); + } + if (_cryptoLib) { + _cryptoLib->unload(); + } + medProxy.setObject(0); +} + + +// FIXME: we should check "ok" and allow this to init the lib if !ok. + +KOpenSSLProxy *KOpenSSLProxy::self() { +#ifdef KSSL_HAVE_SSL + if (!_me) { + _me = medProxy.setObject(_me, new KOpenSSLProxy); + } +#endif + return _me; +} + + + + + + + +#ifdef KSSL_HAVE_SSL + + + +int KOpenSSLProxy::SSL_connect(SSL *ssl) { + if (K_SSL_connect) return (K_SSL_connect)(ssl); + kdWarning() << "SSL_connect not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::SSL_accept(SSL *ssl) { + if (K_SSL_accept) return (K_SSL_accept)(ssl); + kdWarning() << "SSL_accept not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::SSL_read(SSL *ssl, void *buf, int num) { + if (K_SSL_read) return (K_SSL_read)(ssl, buf, num); + kdWarning() << "SSL_read not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::SSL_write(SSL *ssl, const void *buf, int num) { + if (K_SSL_write) return (K_SSL_write)(ssl, buf, num); + kdWarning() << "SSL_write not defined!" << endl; + return -1; +} + + +SSL *KOpenSSLProxy::SSL_new(SSL_CTX *ctx) { + if (K_SSL_new) return (K_SSL_new)(ctx); + kdWarning() << "SSL_new not defined!" << endl; + return 0L; +} + + +void KOpenSSLProxy::SSL_free(SSL *ssl) { + if (K_SSL_free) (K_SSL_free)(ssl); + else kdWarning() << "SSL_free not defined!" << endl; +} + + +int KOpenSSLProxy::SSL_shutdown(SSL *ssl) { + if (K_SSL_shutdown) return (K_SSL_shutdown)(ssl); + kdWarning() << "SSL_shutdown not defined!" << endl; + return -1; +} + + +SSL_CTX *KOpenSSLProxy::SSL_CTX_new(SSL_METHOD *method) { + if (K_SSL_CTX_new) return (K_SSL_CTX_new)(method); + kdWarning() << "SSL_CTX_new not defined!" << endl; + return 0L; +} + + +void KOpenSSLProxy::SSL_CTX_free(SSL_CTX *ctx) { + if (K_SSL_CTX_free) (K_SSL_CTX_free)(ctx); + else kdWarning() << "SSL_CTX_free not defined!" << endl; +} + + +int KOpenSSLProxy::SSL_set_fd(SSL *ssl, int fd) { + if (K_SSL_set_fd) return (K_SSL_set_fd)(ssl, fd); + kdWarning() << "SSL_sed_fd not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::SSL_pending(SSL *ssl) { + if (K_SSL_pending) return (K_SSL_pending)(ssl); + kdWarning() << "SSL_pending not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) { + if (K_SSL_CTX_set_cipher_list) return (K_SSL_CTX_set_cipher_list)(ctx, str); + kdWarning() << "SSL_CTX_set_cipher_list not defined!" << endl; + return -1; +} + + +void KOpenSSLProxy::SSL_CTX_set_verify(SSL_CTX *ctx, int mode, + int (*verify_callback)(int, X509_STORE_CTX *)) { + if (K_SSL_CTX_set_verify) (K_SSL_CTX_set_verify)(ctx, mode, verify_callback); + else kdWarning() << "SSL_CTX_set_verify not defined!" << endl; +} + + +int KOpenSSLProxy::SSL_use_certificate(SSL *ssl, X509 *x) { + if (K_SSL_use_certificate) return (K_SSL_use_certificate)(ssl, x); + kdWarning() << "SSL_use_certificate not defined!" << endl; + return -1; +} + + +SSL_CIPHER *KOpenSSLProxy::SSL_get_current_cipher(SSL *ssl) { + if (K_SSL_get_current_cipher) return (K_SSL_get_current_cipher)(ssl); + kdWarning() << "SSL_get_current_cipher not defined!" << endl; + return 0L; +} + + +long KOpenSSLProxy::_SSL_set_options(SSL *ssl, long options) { + if (K_SSL_set_options) return (K_SSL_set_options)(ssl, options); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return this->SSL_set_options(ssl, options); +#endif + kdWarning() << "SSL_set_options not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::_SSL_session_reused(SSL *ssl) { + if (K_SSL_session_reused) return (K_SSL_session_reused)(ssl); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return this->SSL_session_reused(ssl); +#endif + kdWarning() << "SSL_session_reused not defined!" << endl; + return -1; +} + + +long KOpenSSLProxy::SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg) { + if (K_SSL_ctrl) return (K_SSL_ctrl)(ssl, cmd, larg, parg); + kdWarning() << "SSL_ctrl not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::RAND_egd(const char *path) { + if (K_RAND_egd) return (K_RAND_egd)(path); + kdWarning() << "RAND_egd not defined!" << endl; + return -1; +} + + +SSL_METHOD *KOpenSSLProxy::TLSv1_client_method() { + if (K_TLSv1_client_method) return (K_TLSv1_client_method)(); + kdWarning() << "TLSv1_client_method not defined!" << endl; + return 0L; +} + + +SSL_METHOD *KOpenSSLProxy::SSLv2_client_method() { + if (K_SSLv2_client_method) return (K_SSLv2_client_method)(); + kdWarning() << "SSLv2_client_method not defined!" << endl; + return 0L; +} + + +SSL_METHOD *KOpenSSLProxy::SSLv3_client_method() { + if (K_SSLv3_client_method) return (K_SSLv3_client_method)(); + kdWarning() << "SSLv3_client_method not defined!" << endl; + return 0L; +} + + +SSL_METHOD *KOpenSSLProxy::TLS_client_method() { + if (K_TLS_client_method) return (K_TLS_client_method)(); + kdWarning() << "TLS_client_method not defined!" << endl; + return 0L; +} + + +X509 *KOpenSSLProxy::SSL_get_peer_certificate(SSL *s) { + if (K_SSL_get_peer_certificate) return (K_SSL_get_peer_certificate)(s); + kdWarning() << "SSL_get_peer_certificate not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits) { + if (K_SSL_CIPHER_get_bits) return (K_SSL_CIPHER_get_bits)(c, alg_bits); + kdWarning() << "SSL_CIPHER_get_bits not defined!" << endl; + return -1; +} + + +char * KOpenSSLProxy::SSL_CIPHER_get_version(SSL_CIPHER *c) { + if (K_SSL_CIPHER_get_version) return (K_SSL_CIPHER_get_version)(c); + kdWarning() << "SSL_CIPHER_get_version not defined!" << endl; + return 0L; +} + + +const char * KOpenSSLProxy::SSL_CIPHER_get_name(SSL_CIPHER *c) { + if (K_SSL_CIPHER_get_name) return (K_SSL_CIPHER_get_name)(c); + kdWarning() << "SSL_CIPHER_get_name not defined!" << endl; + return 0L; +} + + +char * KOpenSSLProxy::SSL_CIPHER_description(SSL_CIPHER *c,char *buf,int size) { + if (K_SSL_CIPHER_description) return (K_SSL_CIPHER_description)(c,buf,size); + kdWarning() << "SSL_CIPHER_description not defined!" << endl; + return 0L; +} + + +X509 * KOpenSSLProxy::d2i_X509(X509 **a,unsigned char **pp,long length) { + if (K_d2i_X509) return (K_d2i_X509)(a,pp,length); + kdWarning() << "d2i_X509 not defined!" << endl; + return 0L; +} + + +X509_CRL * KOpenSSLProxy::d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length) { + if (K_d2i_X509_CRL) return (K_d2i_X509_CRL)(a,pp,length); + kdWarning() << "d2i_X509_CRL not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::i2d_X509(X509 *a,unsigned char **pp) { + if (K_i2d_X509) return (K_i2d_X509)(a,pp); + kdWarning() << "i2d_X509 not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::X509_cmp(X509 *a, X509 *b) { + if (K_X509_cmp) return (K_X509_cmp)(a,b); + kdWarning() << "X509_cmp not defined!" << endl; + return 0; +} + + +int KOpenSSLProxy::X509_subject_name_cmp(const X509 *a, const X509 *b) { + if (K_X509_subject_name_cmp) return (K_X509_subject_name_cmp)(a, b); + kdWarning() << "X509_subject_name_cmp not defined!" << endl; + return 0; +} + + +X509_STORE *KOpenSSLProxy::X509_STORE_new(void) { + if (K_X509_STORE_new) return (K_X509_STORE_new)(); + kdWarning() << "X509_STORE_new not defined!" << endl; + return 0L; +} + + +void KOpenSSLProxy::X509_STORE_free(X509_STORE *v) { + if (K_X509_STORE_free) (K_X509_STORE_free)(v); + else kdWarning() << "X509_STORE_free not defined!" << endl; +} + + +X509_STORE_CTX *KOpenSSLProxy::X509_STORE_CTX_new(void) { + if (K_X509_STORE_CTX_new) return (K_X509_STORE_CTX_new)(); + kdWarning() << "X509_STORE_CTX_new not defined!" << endl; + return 0L; +} + + +void KOpenSSLProxy::X509_STORE_CTX_free(X509_STORE_CTX *ctx) { + if (K_X509_STORE_CTX_free) (K_X509_STORE_CTX_free)(ctx); + else kdWarning() << "X509_STORE_CTX_free not defined!" << endl; +} + + +int KOpenSSLProxy::X509_verify_cert(X509_STORE_CTX *ctx) { + if (K_X509_verify_cert) return (K_X509_verify_cert)(ctx); + kdWarning() << "X509_verify_cert not defined!" << endl; + return -1; +} + + +void KOpenSSLProxy::X509_free(X509 *a) { + if (K_X509_free) (K_X509_free)(a); + else kdWarning() << "X509_free not defined!" << endl; +} + + +void KOpenSSLProxy::X509_CRL_free(X509_CRL *a) { + if (K_X509_CRL_free) (K_X509_CRL_free)(a); + else kdWarning() << "X509_CRL_free not defined!" << endl; +} + + +char *KOpenSSLProxy::X509_NAME_oneline(X509_NAME *a,char *buf,int size) { + if (K_X509_NAME_oneline) return (K_X509_NAME_oneline)(a,buf,size); + kdWarning() << "X509_NAME_online not defined!" << endl; + return 0L; +} + + +X509_NAME *KOpenSSLProxy::X509_get_subject_name(X509 *a) { + if (K_X509_get_subject_name) return (K_X509_get_subject_name)(a); + kdWarning() << "X509_get_subject not defined!" << endl; + return 0L; +} + + +X509_NAME *KOpenSSLProxy::X509_get_issuer_name(X509 *a) { + if (K_X509_get_issuer_name) return (K_X509_get_issuer_name)(a); + kdWarning() << "X509_get_issuer not defined!" << endl; + return 0L; +} + + +X509_LOOKUP *KOpenSSLProxy::X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) { + if (K_X509_STORE_add_lookup) return (K_X509_STORE_add_lookup)(v,m); + kdWarning() << "X509_STORE_add_lookup not defined!" << endl; + return 0L; +} + + +X509_LOOKUP_METHOD *KOpenSSLProxy::X509_LOOKUP_file(void) { + if (K_X509_LOOKUP_file) return (K_X509_LOOKUP_file)(); + kdWarning() << "X509_LOOKUP_file not defined!" << endl; + return 0L; +} + + +void KOpenSSLProxy::X509_LOOKUP_free(X509_LOOKUP *x) { + if (K_X509_LOOKUP_free) (K_X509_LOOKUP_free)(x); + else kdWarning() << "X509_LOOKUP_free not defined!" << endl; +} + + +int KOpenSSLProxy::X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret) { + if (K_X509_LOOKUP_ctrl) return (K_X509_LOOKUP_ctrl)(ctx,cmd,argc,argl,ret); + kdWarning() << "X509_LOOKUP_ctrl not defined!" << endl; + return -1; +} + + +void KOpenSSLProxy::X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain) { + if (K_X509_STORE_CTX_init) (K_X509_STORE_CTX_init)(ctx,store,x509,chain); + else kdWarning() << "X509_STORE_CTX_init not defined!" << endl; +} + + +void KOpenSSLProxy::CRYPTO_free(void *x) { + if (K_CRYPTO_free) (K_CRYPTO_free)(x); + else kdWarning() << "CRYPTO_free not defined!" << endl; +} + + +X509 *KOpenSSLProxy::X509_dup(X509 *x509) { + if (K_X509_dup) return (K_X509_dup)(x509); + kdWarning() << "X509_dup not defined!" << endl; + return 0L; +} + + +void KOpenSSLProxy::X509_get0_signature(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x) { + if (K_X509_get0_signature) { + (X509_get0_signature)(psig, palg, x); + return; + } +#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (!x) return; + if (psig) *psig = x->signature; + if (palg) *palg = x->sig_alg; + return; +#endif + kdWarning() << "X509_get0_signature not defined!" << endl; +} + + +BIO *KOpenSSLProxy::BIO_new(BIO_METHOD *type) { + if (K_BIO_new) return (K_BIO_new)(type); + kdWarning() << "BIO_new not defined!" << endl; + return 0L; +} + + +BIO_METHOD *KOpenSSLProxy::BIO_s_mem(void) { + if (K_BIO_s_mem) return (K_BIO_s_mem)(); + kdWarning() << "BIO_s_mem not defined!" << endl; + return 0L; +} + + +BIO *KOpenSSLProxy::BIO_new_fp(FILE *stream, int close_flag) { + if (K_BIO_new_fp) return (K_BIO_new_fp)(stream, close_flag); + kdWarning() << "BIO_new_fp not defined!" << endl; + return 0L; +} + + +BIO *KOpenSSLProxy::BIO_new_mem_buf(void *buf, int len) { + if (K_BIO_new_mem_buf) return (K_BIO_new_mem_buf)(buf,len); + kdWarning() << "BIO_new_mem_buf not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::BIO_free(BIO *a) { + if (K_BIO_free) return (K_BIO_free)(a); + kdWarning() << "BIO_free not defined!" << endl; + return -1; +} + + +long KOpenSSLProxy::BIO_ctrl(BIO *bp,int cmd,long larg,void *parg) { + if (K_BIO_ctrl) return (K_BIO_ctrl)(bp,cmd,larg,parg); + kdWarning() << "BIO_ctrl not defined!" << endl; + return 0; // failure return for BIO_ctrl is quite individual, maybe we should abort() instead +} + + +int KOpenSSLProxy::BIO_write(BIO *b, const void *data, int len) { + if (K_BIO_write) return (K_BIO_write)(b, data, len); + kdWarning() << "BIO_write not defined!" << endl; + return -1; +} + + +void *KOpenSSLProxy::BIO_get_data(BIO *a) { + if (K_BIO_get_data) return (K_BIO_get_data)(a); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return a->ptr; +#endif + kdWarning() << "BIO_get_data not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::PEM_write_bio_X509(BIO *bp, X509 *x) { + if (K_PEM_ASN1_write_bio) return (K_PEM_ASN1_write_bio) ((int (*)())K_i2d_X509, PEM_STRING_X509, bp, (char *)x, 0L, 0L, 0, 0L, 0L); + kdWarning() << "PEM_write_bio_X509 not defined!" << endl; + return -1; +} + +#if OPENSSL_VERSION_NUMBER >= 0x10000000L +int KOpenSSLProxy::ASN1_i2d_fp(FILE *out,unsigned char *x) { + if (K_ASN1_item_i2d_fp && K_NETSCAPE_X509_it) + return (K_ASN1_item_i2d_fp)(K_NETSCAPE_X509_it, out, x); + kdWarning() << "ANS1_i2d_fp not defined!" << endl; + return -1; +} +#else +ASN1_METHOD *KOpenSSLProxy::X509_asn1_meth(void) { + if (K_X509_asn1_meth) return (K_X509_asn1_meth)(); + kdWarning() << "X509_ans1_meth not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::ASN1_i2d_fp(FILE *out,unsigned char *x) { + if (K_ASN1_i2d_fp && K_i2d_ASN1_HEADER) + return (K_ASN1_i2d_fp)((int (*)())K_i2d_ASN1_HEADER, out, x); + kdWarning() << "ANS1_i2d_fp not defined!" << endl; + return -1; +} +#endif + +int KOpenSSLProxy::X509_print(FILE *fp, X509 *x) { + if (K_X509_print_fp) return (K_X509_print_fp)(fp, x); + kdWarning() << "X509_print not defined!" << endl; + return -1; +} + + +PKCS12 *KOpenSSLProxy::d2i_PKCS12_fp(FILE *fp, PKCS12 **p12) { + if (K_d2i_PKCS12_fp) return (K_d2i_PKCS12_fp)(fp, p12); + kdWarning() << "d2i_PKCS12_fp not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass) { + if (K_PKCS12_newpass) return (K_PKCS12_newpass)(p12, oldpass, newpass); + kdWarning() << "PKCS12_newpass not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::i2d_PKCS12(PKCS12 *p12, unsigned char **p) { + if (K_i2d_PKCS12) return (K_i2d_PKCS12)(p12, p); + kdWarning() << "i2d_PKCS12 not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::i2d_PKCS12_fp(FILE *fp, PKCS12 *p12) { + if (K_i2d_PKCS12_fp) return (K_i2d_PKCS12_fp)(fp, p12); + kdWarning() << "i2d_PKCS12_fp not defined!" << endl; + return -1; +} + + +PKCS12 *KOpenSSLProxy::PKCS12_new(void) { + if (K_PKCS12_new) return (K_PKCS12_new)(); + kdWarning() << "PKCS12_new not defined!" << endl; + return 0L; +} + + +void KOpenSSLProxy::PKCS12_free(PKCS12 *a) { + if (K_PKCS12_free) (K_PKCS12_free)(a); + else kdWarning() << "PKCS12_free not defined!" << endl; +} + + +int KOpenSSLProxy::PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, + X509 **cert, STACK_OF(X509) **ca) { + if (K_PKCS12_parse) return (K_PKCS12_parse) (p12, pass, pkey, cert, ca); + kdWarning() << "PKCS12_parse not defined!" << endl; + return -1; +} + + +void KOpenSSLProxy::EVP_PKEY_free(EVP_PKEY *x) { + if (K_EVP_PKEY_free) (K_EVP_PKEY_free)(x); + else kdWarning() << "EVP_PKEY_free not defined!" << endl; +} + + +EVP_PKEY* KOpenSSLProxy::EVP_PKEY_new() { + if (K_EVP_PKEY_new) return (K_EVP_PKEY_new)(); + kdWarning() << "EVP_PKEY_new not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::EVP_PKEY_base_id(const EVP_PKEY *pkey) { + if (K_EVP_PKEY_base_id) return (K_EVP_PKEY_base_id)(pkey); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return pkey->type; +#endif + kdWarning() << "EVP_PKEY_base_id not defined!" << endl; + return -1; +} + + +RSA* KOpenSSLProxy::EVP_PKEY_get0_RSA(EVP_PKEY *pkey) { + if (K_EVP_PKEY_get0_RSA) return (K_EVP_PKEY_get0_RSA)(pkey); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return pkey->pkey.rsa; +#endif + kdWarning() << "EVP_PKEY_get0_RSA not defined!" << endl; + return 0L; +} + + +DSA* KOpenSSLProxy::EVP_PKEY_get0_DSA(EVP_PKEY *pkey) { + if (K_EVP_PKEY_get0_DSA) return (K_EVP_PKEY_get0_DSA)(pkey); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return pkey->pkey.dsa; +#endif + kdWarning() << "EVP_PKEY_get0_DSA not defined!" << endl; + return 0L; +} + + +void KOpenSSLProxy::X509_REQ_free(X509_REQ *x) { + if (K_X509_REQ_free) (K_X509_REQ_free)(x); + else kdWarning() << "X509_REQ_free not defined!" << endl; +} + + +X509_REQ* KOpenSSLProxy::X509_REQ_new() { + if (K_X509_REQ_new) return (K_X509_REQ_new)(); + kdWarning() << "X509_REQ_new not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) { + if (K_SSL_CTX_use_PrivateKey) return (K_SSL_CTX_use_PrivateKey)(ctx,pkey); + kdWarning() << "SSL_CTX_use_PrivateKey not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) { + if (K_SSL_CTX_use_certificate) return (K_SSL_CTX_use_certificate)(ctx,x); + kdWarning() << "SSL_CTX_use_certificate not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::SSL_get_error(SSL *ssl, int rc) { + if (K_SSL_get_error) return (K_SSL_get_error)(ssl,rc); + kdWarning() << "SSL_get_error not defined!" << endl; + return -1; +} + + +STACK_OF(X509) *KOpenSSLProxy::SSL_get_peer_cert_chain(SSL *s) { + if (K_SSL_get_peer_cert_chain) return (K_SSL_get_peer_cert_chain)(s); + kdWarning() << "SSL_get_peer_cert_chain not defined!" << endl; + return 0L; +} + + +void KOpenSSLProxy::OPENSSL_sk_free(STACK *s) { + if (K_sk_free) (K_sk_free)(s); + else kdWarning() << "OPENSSL_sk_free not defined!" << endl; +} + + +int KOpenSSLProxy::OPENSSL_sk_num(STACK *s) { + if (K_sk_num) return (K_sk_num)(s); + kdWarning() << "OPENSSL_sk_num not defined!" << endl; + return -1; +} + + +char *KOpenSSLProxy::OPENSSL_sk_pop(STACK *s) { + if (K_sk_pop) return (K_sk_pop)(s); + kdWarning() << "OPENSSL_sk_pop not defined!" << endl; + return 0L; +} + + +char *KOpenSSLProxy::OPENSSL_sk_value(STACK *s, int n) { + if (K_sk_value) return (K_sk_value)(s, n); + kdWarning() << "OPENSSL_sk_value not defined!" << endl; + return 0L; +} + + +void KOpenSSLProxy::X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *v, STACK_OF(X509)* x) { + if (K_X509_STORE_CTX_set0_untrusted) (K_X509_STORE_CTX_set0_untrusted)(v,x); + else kdWarning() << "X509_STORE_CTX_set0_untrusted not defined!" << endl; +} + +void KOpenSSLProxy::X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose) { + if (K_X509_STORE_CTX_set_purpose) (K_X509_STORE_CTX_set_purpose)(v,purpose); + else kdWarning() << "X509_STORE_CTX_set_purpose not defined!" << endl; +} + + +STACK* KOpenSSLProxy::OPENSSL_sk_dup(const STACK *s) { + if (K_sk_dup) return (K_sk_dup)(s); + kdWarning() << "OPENSSL_sk_dup not defined!" << endl; + return 0L; +} + + +STACK* KOpenSSLProxy::OPENSSL_sk_new(int (*cmp)()) { + if (K_sk_new) return (K_sk_new)(cmp); + kdWarning() << "OPENSSL_sk_new not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::OPENSSL_sk_push(STACK* s, char* d) { + if (K_sk_push) return (K_sk_push)(s,d); + kdWarning() << "OPENSSL_sk_push not defined!" << endl; + return -1; +} + + +char *KOpenSSLProxy::i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint) { + if (K_i2s_ASN1_INTEGER) return (K_i2s_ASN1_INTEGER)(meth, aint); + kdWarning() << "i2s_ANS1_INTEGER not defined!" << endl; + return 0L; +} + + +ASN1_INTEGER *KOpenSSLProxy::X509_get_serialNumber(X509 *x) { + if (K_X509_get_serialNumber) return (K_X509_get_serialNumber)(x); + kdWarning() << "X509_get_serialNumber not defined!" << endl; + return 0L; +} + + +EVP_PKEY *KOpenSSLProxy::X509_get_pubkey(X509 *x) { + if (K_X509_get_pubkey) return (K_X509_get_pubkey)(x); + kdWarning() << "X59_get_pubkey not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) { + if (K_i2d_PublicKey) return (K_i2d_PublicKey)(a,pp); + kdWarning() << "i2d_PublicKey not defined!" << endl; + return 0; +} + + +int KOpenSSLProxy::X509_check_private_key(X509 *x, EVP_PKEY *p) { + if (K_X509_check_private_key) return (K_X509_check_private_key)(x,p); + kdWarning() << "X509_check_private_key not defined!" << endl; + return -1; +} + + +char *KOpenSSLProxy::BN_bn2hex(const BIGNUM *a) { + if (K_BN_bn2hex) return (K_BN_bn2hex)(a); + kdWarning() << "BN_bn2hex not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::X509_digest(const X509 *x,const EVP_MD *t, unsigned char *md, unsigned int *len) { + if (K_X509_digest) return (K_X509_digest)(x, t, md, len); + kdWarning() << "X509_digest not defined!" << endl; + return -1; +} + + +EVP_MD *KOpenSSLProxy::EVP_md5() { + if (K_EVP_md5) return (K_EVP_md5)(); + kdWarning() << "EVP_md5 not defined!" << endl; + return 0L; +} + + +void KOpenSSLProxy::ASN1_INTEGER_free(ASN1_INTEGER *a) { + if (K_ASN1_INTEGER_free) (K_ASN1_INTEGER_free)(a); + else kdWarning() << "ANS1_INTEGER_free not defined!" << endl; +} + + +int KOpenSSLProxy::OBJ_obj2nid(ASN1_OBJECT *o) { + if (K_OBJ_obj2nid) return (K_OBJ_obj2nid)(o); + kdWarning() << "OBJ_obj2nid not defined!" << endl; + return -1; +} + + +const char * KOpenSSLProxy::OBJ_nid2ln(int n) { + if (K_OBJ_nid2ln) return (K_OBJ_nid2ln)(n); + kdWarning() << "OBJ_nid2ln not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::X509_get_ext_count(X509 *x) { + if (K_X509_get_ext_count) return (K_X509_get_ext_count)(x); + kdWarning() << "X509_get_ext_count not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::X509_get_ext_by_NID(X509 *x, int nid, int lastpos) { + if (K_X509_get_ext_by_NID) return (K_X509_get_ext_by_NID)(x,nid,lastpos); + kdWarning() << "X509_get_ext_by_NID not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos) { + if (K_X509_get_ext_by_OBJ) return (K_X509_get_ext_by_OBJ)(x,obj,lastpos); + kdWarning() << "X509_get_ext_by_OBJ not defined!" << endl; + return -1; +} + + +X509_EXTENSION *KOpenSSLProxy::X509_get_ext(X509 *x, int loc) { + if (K_X509_get_ext) return (K_X509_get_ext)(x,loc); + kdWarning() << "X509_get_ext not defined!" << endl; + return 0L; +} + + +X509_EXTENSION *KOpenSSLProxy::X509_delete_ext(X509 *x, int loc) { + if (K_X509_delete_ext) return (K_X509_delete_ext)(x,loc); + kdWarning() << "X509_delete_ext not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) { + if (K_X509_add_ext) return (K_X509_add_ext)(x,ex,loc); + kdWarning() << "X509_add_ext not defined!" << endl; + return -1; +} + + +void *KOpenSSLProxy::X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx) { + if (K_X509_get_ext_d2i) return (K_X509_get_ext_d2i)(x,nid,crit,idx); + kdWarning() << "X509_get_ext_d2i not defined!" << endl; + return 0L; +} + + +char *KOpenSSLProxy::i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5) { + if (K_i2s_ASN1_OCTET_STRING) return (K_i2s_ASN1_OCTET_STRING)(method,ia5); + kdWarning() << "i2s_ANS1_OCTET_STRING not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n) { + if (K_ASN1_BIT_STRING_get_bit) return (K_ASN1_BIT_STRING_get_bit)(a,n); + kdWarning() << "ANS1_BIT_STRING_get_bit not defined!" << endl; + return -1; +} + + +PKCS7 *KOpenSSLProxy::PKCS7_new(void) { + if (K_PKCS7_new) return (K_PKCS7_new)(); + kdWarning() << "PKCS7_new not defined!" << endl; + return 0L; +} + + +void KOpenSSLProxy::PKCS7_free(PKCS7 *a) { + if (K_PKCS7_free) (K_PKCS7_free)(a); + else kdWarning() << "PKCS7_free not defined!" << endl; +} + + +void KOpenSSLProxy::PKCS7_content_free(PKCS7 *a) { + if (K_PKCS7_content_free) (K_PKCS7_content_free)(a); + else kdWarning() << "PKCS7_content_free not defined!" << endl; +} + + +int KOpenSSLProxy::i2d_PKCS7(PKCS7 *a, unsigned char **pp) { + if (K_i2d_PKCS7) return (K_i2d_PKCS7)(a,pp); + kdWarning() << "i2d_PKCS7 not defined!" << endl; + return -1; +} + + +PKCS7 *KOpenSSLProxy::d2i_PKCS7(PKCS7 **a, unsigned char **pp,long length) { + if (K_d2i_PKCS7) return (K_d2i_PKCS7)(a,pp,length); + kdWarning() << "d2i_PKCS7 not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::i2d_PKCS7_fp(FILE *fp,PKCS7 *p7) { + if (K_i2d_PKCS7_fp) return (K_i2d_PKCS7_fp)(fp,p7); + kdWarning() << "i2d_PKCS7_fd not defined!" << endl; + return -1; +} + + +PKCS7 *KOpenSSLProxy::d2i_PKCS7_fp(FILE *fp,PKCS7 **p7) { + if (K_d2i_PKCS7_fp) return (K_d2i_PKCS7_fp)(fp,p7); + kdWarning() << "d2i_PKCS7_fp not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::i2d_PKCS7_bio(BIO *bp,PKCS7 *p7) { + if (K_i2d_PKCS7_bio) return (K_i2d_PKCS7_bio)(bp, p7); + kdWarning() << "i2d_PKCS7_bio not defined!" << endl; + return -1; +} + + +PKCS7 *KOpenSSLProxy::d2i_PKCS7_bio(BIO *bp,PKCS7 **p7) { + if (K_d2i_PKCS7_bio) return (K_d2i_PKCS7_bio)(bp, p7); + kdWarning() << "d2i_PKCS7_bio not defined!" << endl; + return 0L; +} + + +PKCS7 *KOpenSSLProxy::PKCS7_dup(PKCS7 *p7) { + if (K_PKCS7_dup) return (K_PKCS7_dup)(p7); + kdWarning() << "PKCS7_dup not defined!" << endl; + return 0L; +} + + +PKCS7 *KOpenSSLProxy::PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags) { + if (K_PKCS7_sign) return (K_PKCS7_sign)(signcert,pkey,certs,data,flags); + kdWarning() << "PKCS7_sign not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::PKCS7_verify(PKCS7* p, STACK_OF(X509)* st, X509_STORE* s, BIO* in, BIO *out, int flags) { + if (K_PKCS7_verify) return (K_PKCS7_verify)(p,st,s,in,out,flags); + kdWarning() << "PKCS7_verify not defined!" << endl; + return 0; +} + + +STACK_OF(X509) *KOpenSSLProxy::PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) { + if (K_PKCS7_get0_signers) return (K_PKCS7_get0_signers)(p7,certs,flags); + kdWarning() << "PKCS7_get0_signers not defined!" << endl; + return 0L; +} + + +PKCS7 *KOpenSSLProxy::PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher, + int flags) { + if (K_PKCS7_encrypt) return (K_PKCS7_encrypt)(certs,in,cipher,flags); + kdWarning() << "PKCS7_encrypt not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) { + if (K_PKCS7_decrypt) return (K_PKCS7_decrypt)(p7,pkey,cert,data,flags); + kdWarning() << "PKCS7_decrypt not defined!" << endl; + return 0; +} + + +STACK_OF(X509_NAME) *KOpenSSLProxy::SSL_load_client_CA_file(const char *file) { + if (K_SSL_load_client_CA_file) return (K_SSL_load_client_CA_file)(file); + kdWarning() << "SSL_load_client_CA_file not defined!" << endl; + return 0L; +} + + +STACK_OF(X509_INFO) *KOpenSSLProxy::PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) { + if (K_PEM_X509_INFO_read) return (K_PEM_X509_INFO_read)(fp,sk,cb,u); + kdWarning() << "PEM_X509_INFO_read not defined!" << endl; + return 0L; +} + + +X509 *KOpenSSLProxy::X509_d2i_fp(FILE *out, X509** buf) { + if (K_ASN1_d2i_fp) return reinterpret_cast((K_ASN1_d2i_fp)(reinterpret_cast(K_X509_new), reinterpret_cast(K_d2i_X509), out, reinterpret_cast(buf))); + kdWarning() << "X509_d2i_fp not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::SSL_peek(SSL *ssl,void *buf,int num) { + if (K_SSL_peek) return (K_SSL_peek)(ssl,buf,num); + kdWarning() << "SSL_peek not defined!" << endl; + return -1; +} + + +const char *KOpenSSLProxy::RAND_file_name(char *buf, size_t num) { + if (K_RAND_file_name) return (K_RAND_file_name)(buf, num); + kdWarning() << "RAND_file_name not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::RAND_load_file(const char *filename, long max_bytes) { + if (K_RAND_load_file) return (K_RAND_load_file)(filename, max_bytes); + kdWarning() << "REND_load_file not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::RAND_write_file(const char *filename) { + if (K_RAND_write_file) return (K_RAND_write_file)(filename); + kdWarning() << "RAND_write_file not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::X509_PURPOSE_get_count() { + if (K_X509_PURPOSE_get_count) return (K_X509_PURPOSE_get_count)(); + kdWarning() << "X509_PURPOSE_get_count not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::X509_PURPOSE_get_id(X509_PURPOSE *p) { + if (K_X509_PURPOSE_get_id) return (K_X509_PURPOSE_get_id)(p); + kdWarning() << "X509_PURPOSE_get_id not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::X509_check_purpose(X509 *x, int id, int ca) { + if (K_X509_check_purpose) return (K_X509_check_purpose)(x, id, ca); + kdWarning() << "X509_check_purpose not defined!" << endl; + return -1; +} + + +X509_PURPOSE *KOpenSSLProxy::X509_PURPOSE_get0(int idx) { + if (K_X509_PURPOSE_get0) return (K_X509_PURPOSE_get0)(idx); + kdWarning() << "X509_PURPOSE_get0 not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key) { + if (K_EVP_PKEY_assign) return (K_EVP_PKEY_assign)(pkey, type, key); + kdWarning() << "EVP_PKEY_assign not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey) { + if (K_X509_REQ_set_pubkey) return (K_X509_REQ_set_pubkey)(x, pkey); + kdWarning() << "X509_REQ_set_pubkey not defined!" << endl; + return -1; +} + + +void KOpenSSLProxy::RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) { + if (K_RSA_get0_key) { + (K_RSA_get0_key)(r, n, e, d); + return; + } +#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (!r) return; + if (n) *n = r->n; + if (e) *e = r->e; + if (d) *d = r->d; + return; +#endif + kdWarning() << "REG_get0_key not defined!" << endl; +} + + +RSA* KOpenSSLProxy::RSA_generate_key(int bits, unsigned long e, void + (*callback)(int,int,void *), void *cb_arg) { + if (K_RSA_generate_key) return (K_RSA_generate_key)(bits, e, callback, cb_arg); + kdWarning() << "RSA_generate_key not defined!" << endl; + return 0L; +} + + +void KOpenSSLProxy::DSA_get0_pqg(const DSA *d, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) { + if (K_DSA_get0_pqg) { + (K_DSA_get0_pqg)(d, p, q, g); + return; + } +#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (!d) return; + if (p) *p = d->p; + if (q) *q = d->q; + if (g) *g = d->g; + return; +#endif + kdWarning() << "DSA_get0_pqg not defined!" << endl; +} + + +void KOpenSSLProxy::DSA_get0_key(const DSA *d, + const BIGNUM **pub_key, const BIGNUM **priv_key) { + if (K_DSA_get0_key) { + (K_DSA_get0_key)(d, pub_key, priv_key); + return; + } +#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (!d) return; + if (pub_key) *pub_key = d->pub_key; + if (priv_key) *priv_key = d->priv_key; + return; +#endif + kdWarning() << "DSA_get0_key not defined!" << endl; +} + + +STACK *KOpenSSLProxy::X509_get1_email(X509 *x) { + if (K_X509_get1_email) return (K_X509_get1_email)(x); + kdWarning() << "X509_get1_email not defined!" << endl; + return 0L; +} + +void KOpenSSLProxy::X509_email_free(STACK *sk) { + if (K_X509_email_free) (K_X509_email_free)(sk); + else kdWarning() << "X509_email_free not defined!" << endl; +} + +EVP_CIPHER *KOpenSSLProxy::EVP_des_ede3_cbc() { + if (K_EVP_des_ede3_cbc) return (K_EVP_des_ede3_cbc)(); + kdWarning() << "EVM_des_ede3_cbc not defined!" << endl; + return 0L; +} + +EVP_CIPHER *KOpenSSLProxy::EVP_des_cbc() { + if (K_EVP_des_cbc) return (K_EVP_des_cbc)(); + kdWarning() << "EVP_des_cbc not defined!" << endl; + return 0L; +} + +EVP_CIPHER *KOpenSSLProxy::EVP_rc2_cbc() { + if (K_EVP_rc2_cbc) return (K_EVP_rc2_cbc)(); + kdWarning() << "EVP_rc2_cbc not defined!" << endl; + return 0L; +} + +EVP_CIPHER *KOpenSSLProxy::EVP_rc2_64_cbc() { + if (K_EVP_rc2_64_cbc) return (K_EVP_rc2_64_cbc)(); + kdWarning() << "EVP_rc2_64_cbc not defined!" << endl; + return 0L; +} + +EVP_CIPHER *KOpenSSLProxy::EVP_rc2_40_cbc() { + if (K_EVP_rc2_40_cbc) return (K_EVP_rc2_40_cbc)(); + kdWarning() << "EVP_rc2_40_cbc not defined!" << endl; + return 0L; +} + +int KOpenSSLProxy::i2d_X509_REQ_fp(FILE *fp, X509_REQ *x) { + if (K_i2d_X509_REQ_fp) return (K_i2d_X509_REQ_fp)(fp,x); + kdWarning() << "i2d_X509_REQ_fp not defined!" << endl; + return -1; +} + + +void KOpenSSLProxy::ERR_clear_error() { + if (K_ERR_clear_error) (K_ERR_clear_error)(); + else kdWarning() << "ERR_clear_error not defined!" << endl; +} + + +unsigned long KOpenSSLProxy::ERR_get_error() { + if (K_ERR_get_error) return (K_ERR_get_error)(); + kdWarning() << "ERR_get_error not defined!" << endl; + return 0xffffffff; +} + + +void KOpenSSLProxy::ERR_print_errors_fp(FILE* fp) { + if (K_ERR_print_errors_fp) (K_ERR_print_errors_fp)(fp); + else kdWarning() << "ERR_print_errors_fp not defined!" << endl; +} + + +SSL_SESSION *KOpenSSLProxy::SSL_get1_session(SSL *ssl) { + if (K_SSL_get1_session) return (K_SSL_get1_session)(ssl); + kdWarning() << "SSL_get1_session not defined!" << endl; + return 0L; +} + + +void KOpenSSLProxy::SSL_SESSION_free(SSL_SESSION *session) { + if (K_SSL_SESSION_free) (K_SSL_SESSION_free)(session); + else kdWarning() << "SSL_SESSION_free not defined!" << endl; +} + + +int KOpenSSLProxy::SSL_set_session(SSL *ssl, SSL_SESSION *session) { + if (K_SSL_set_session) return (K_SSL_set_session)(ssl, session); + kdWarning() << "SSL_set_session not defined!" << endl; + return -1; +} + + +SSL_SESSION *KOpenSSLProxy::d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, long length) { + if (K_d2i_SSL_SESSION) return (K_d2i_SSL_SESSION)(a, pp, length); + kdWarning() << "d2i_SSL_SESSION not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) { + if (K_i2d_SSL_SESSION) return (K_i2d_SSL_SESSION)(in, pp); + kdWarning() << "i2d_SSL_SESSION not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *p) { + if (K_i2d_PrivateKey_fp) return (K_i2d_PrivateKey_fp)(fp, p); + kdWarning() << "i2d_PrivateKey not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *p, const EVP_CIPHER *c, char *k, int klen, pem_password_cb *cb, void *u) { + if (K_i2d_PKCS8PrivateKey_fp) return (K_i2d_PKCS8PrivateKey_fp)(fp, p, c, k, klen, cb, u); + kdWarning() << "i2d_PKCS8PrivateKey_fp not defined!" << endl; + return -1; +} + + +void KOpenSSLProxy::RSA_free(RSA *rsa) { + if (K_RSA_free) (K_RSA_free)(rsa); + else kdWarning() << "RSA_free not defined!" << endl; +} + + +EVP_CIPHER *KOpenSSLProxy::EVP_bf_cbc() { + if (K_EVP_bf_cbc) return (K_EVP_bf_cbc)(); + kdWarning() << "EVP_bf_cbc not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) { + if (K_X509_REQ_sign) return (K_X509_REQ_sign)(x, pkey, md); + kdWarning() << "X509_REQ_sign not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, + int type, unsigned char *bytes, int len, int loc, int set) { + if (K_X509_NAME_add_entry_by_txt) return (K_X509_NAME_add_entry_by_txt)(name, field, type, bytes, len, loc, set); + kdWarning() << "X509_NAME_add_entry not defined!" << endl; + return -1; +} + + +X509_NAME *KOpenSSLProxy::X509_NAME_new() { + if (K_X509_NAME_new) return (K_X509_NAME_new)(); + kdWarning() << "X509_NAME_new not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name) { + if (K_X509_REQ_set_subject_name) return (K_X509_REQ_set_subject_name)(req, name); + kdWarning() << "X509_REQ_set_subject_name not defined!" << endl; + return -1; +} + + +unsigned char *KOpenSSLProxy::ASN1_STRING_data(ASN1_STRING *x) { + if (K_ASN1_STRING_data) return (K_ASN1_STRING_data)(x); + kdWarning() << "ASN1_STRING_data not defined!" << endl; + return 0L; +} + +int KOpenSSLProxy::ASN1_STRING_length(ASN1_STRING *x) { + if (K_ASN1_STRING_length) return (K_ASN1_STRING_length)(x); + kdWarning() << "ASN1_STRING_length not defined!" << endl; + return 0L; +} + +STACK_OF(SSL_CIPHER) *KOpenSSLProxy::SSL_get_ciphers(const SSL* ssl) { + if (K_SSL_get_ciphers) return (K_SSL_get_ciphers)(ssl); + kdWarning() << "SSL_get_ciphers not defined!" << endl; + return 0L; +} + +const ASN1_TIME* KOpenSSLProxy::X509_CRL_get0_lastUpdate(const X509_CRL *crl) { + if (K_X509_CRL_get0_lastUpdate) return (K_X509_CRL_get0_lastUpdate)(crl); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return X509_CRL_get_lastUpdate(crl); +#endif + kdWarning() << "X509_CRL_get_lastUpdate not defined!" << endl; + return 0L; +} + +const ASN1_TIME* KOpenSSLProxy::X509_CRL_get0_nextUpdate(const X509_CRL *crl) { + if (K_X509_CRL_get0_nextUpdate) return (K_X509_CRL_get0_nextUpdate)(crl); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return X509_CRL_get_nextUpdate(crl); +#endif + kdWarning() << "X509_CRL_get_nextUpdate not defined!" << endl; + return 0L; +} + +X509* KOpenSSLProxy::X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) { + if (K_X509_STORE_CTX_get_current_cert) return (K_X509_STORE_CTX_get_current_cert)(ctx); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return ctx->current_cert; +#endif + kdWarning() << "X509_STORE_CTX_get_current_cert not defined!" << endl; + return 0L; +} + +int KOpenSSLProxy::X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) { + if (K_X509_STORE_CTX_get_error) return (K_X509_STORE_CTX_get_error)(ctx); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return ctx->error; +#endif + kdWarning() << "X509k_STORE_CTX_get_error not defined!" << endl; + return -1; +} + +int KOpenSSLProxy::X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) { + if (K_X509_STORE_CTX_get_error_depth) return (K_X509_STORE_CTX_get_error_depth)(ctx); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return ctx->error_depth; +#endif + kdWarning() << "X509_STORE_CTX_get_error_depth not defined!" << endl; + return -1; +} + +void KOpenSSLProxy::X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s) { + if (K_X509_STORE_CTX_set_error) { + (K_X509_STORE_CTX_set_error)(ctx, s); + return; + } +#if OPENSSL_VERSION_NUMBER < 0x10100000L + ctx->error = s; + return; +#endif + kdWarning() << "X509_STORE_CTX_set_error not defined!" << endl; +} + +void KOpenSSLProxy::X509_STORE_set_verify_cb(X509_STORE *ctx, + X509_STORE_CTX_verify_cb verify_cb) { + if (K_X509_STORE_set_verify_cb) { + (K_X509_STORE_set_verify_cb)(ctx, verify_cb); + return; + } +#if OPENSSL_VERSION_NUMBER < 0x10100000L + X509_STORE_set_verify_cb_func(ctx, verify_cb); + return; +#endif + kdWarning() << "X590_STORE_set_verify_cb not defined!" << endl; +} + +STACK_OF(X509_OBJECT)* KOpenSSLProxy::X509_STORE_get0_objects(X509_STORE *v) { + if (K_X509_STORE_get0_objects) return (K_X509_STORE_get0_objects)(v); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return v->objs; +#endif + kdWarning() << "X509_STORE_get0_objects not defined!" << endl; + return 0L; +} + +X509_LOOKUP_TYPE KOpenSSLProxy::X509_OBJECT_get_type(const X509_OBJECT *a) { + if (K_X509_OBJECT_get_type) return (K_X509_OBJECT_get_type)(a); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return a->type; +#endif + kdWarning() << "X509_OBJECT_get_type not defined!" << endl; +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + return X509_LU_NONE; +#else + return 0; +#endif +} + +X509* KOpenSSLProxy::X509_OBJECT_get0_X509(const X509_OBJECT *a) { + if (K_X509_OBJECT_get0_X509) return (K_X509_OBJECT_get0_X509)(a); +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + return a->data.x509; +#endif + kdWarning() << "X509_OBJECT_get0_X509 not defined!" << endl; + return 0L; +} + + +ASN1_TIME* KOpenSSLProxy::X509_getm_notAfter(const X509 *x) { + if (K_X509_getm_notAfter) return (K_X509_getm_notAfter)(x); +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + return X509_get_notAfter(x); +#endif + kdWarning() << "X509_get_notAfter not defined!" << endl; + return 0L; +} + +ASN1_TIME* KOpenSSLProxy::X509_getm_notBefore(const X509 *x) { + if (K_X509_getm_notBefore) return (K_X509_getm_notBefore)(x); +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + return X509_get_notBefore(x); +#endif + kdWarning() << "X509_get_notBefore not defined!" << endl; + return 0L; +} + +/* cover KOpenSSLProxy API compatibility */ +STACK* KOpenSSLProxy::sk_dup(const STACK *s) { + return OPENSSL_sk_dup(s); +} + +void KOpenSSLProxy::sk_free(STACK *s) { + OPENSSL_sk_free(s); +} + +STACK* KOpenSSLProxy::sk_new(int (*cmp)()) { + return OPENSSL_sk_new(cmp); +} + +int KOpenSSLProxy::sk_num(STACK *s) { + return OPENSSL_sk_num(s); +} + +char* KOpenSSLProxy::sk_pop(STACK *s) { + return OPENSSL_sk_pop(s); +} + +int KOpenSSLProxy::sk_push(STACK *s, char *d) { + return OPENSSL_sk_push(s, d); +} + +char* KOpenSSLProxy::sk_value(STACK *s, int n) { + return OPENSSL_sk_value(s, n); +} + +void KOpenSSLProxy::X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x) { + X509_STORE_CTX_set0_untrusted(v, x); +} + +SSL_METHOD* KOpenSSLProxy::SSLv23_client_method() { + return TLS_client_method(); +} + +#endif diff --git a/tdeio/kssl/ksmimecrypto.cc b/tdeio/kssl/ksmimecrypto.cc deleted file mode 100644 index 92318b9f0..000000000 --- a/tdeio/kssl/ksmimecrypto.cc +++ /dev/null @@ -1,417 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2003 Stefan Rompf - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - - -#include -#include -#include -#include - -#include "kopenssl.h" -#include "ksslcertificate.h" -#include "ksslpkcs12.h" -#include "ksmimecrypto.h" - -// this hack provided by Malte Starostik to avoid glibc/openssl bug -// on some systems -#ifdef KSSL_HAVE_SSL -#define crypt _openssl_crypt -#include -#undef crypt -#endif - - -#ifdef KSSL_HAVE_SSL -static const char eot = 0; - -class KSMIMECryptoPrivate { - KOpenSSLProxy *kossl; - -public: - KSMIMECryptoPrivate(KOpenSSLProxy *kossl); - - - STACK_OF(X509) *certsToX509(TQPtrList &certs); - - KSMIMECrypto::rc signMessage(BIO *clearText, - BIO *cipherText, - KSSLPKCS12 &privKey, TQPtrList &certs, - bool detached); - - KSMIMECrypto::rc encryptMessage(BIO *clearText, - BIO *cipherText, KSMIMECrypto::algo algorithm, - TQPtrList &recip); - - KSMIMECrypto::rc checkSignature(BIO *clearText, - BIO *signature, bool detached, - TQPtrList &recip); - - KSMIMECrypto::rc decryptMessage(BIO *cipherText, - BIO *clearText, - KSSLPKCS12 &privKey); - - void MemBIOToQByteArray(BIO *src, TQByteArray &dest); - - KSMIMECrypto::rc sslErrToRc(void); -}; - - -KSMIMECryptoPrivate::KSMIMECryptoPrivate(KOpenSSLProxy *kossl): kossl(kossl) { -} - - -STACK_OF(X509) *KSMIMECryptoPrivate::certsToX509(TQPtrList &certs) { - STACK_OF(X509) *x509 = reinterpret_cast(kossl->OPENSSL_sk_new(NULL)); - KSSLCertificate *cert = certs.first(); - while(cert) { - kossl->OPENSSL_sk_push(x509, cert->getCert()); - cert = certs.next(); - } - return x509; -} - - -KSMIMECrypto::rc KSMIMECryptoPrivate::signMessage(BIO *clearText, - BIO *cipherText, - KSSLPKCS12 &privKey, TQPtrList &certs, - bool detached) { - - STACK_OF(X509) *other = NULL; - KSMIMECrypto::rc rc; - int flags = detached?PKCS7_DETACHED:0; - - if (certs.count()) other = certsToX509(certs); - - PKCS7 *p7 = kossl->PKCS7_sign(privKey.getCertificate()->getCert(), privKey.getPrivateKey(), - other, clearText, flags); - - if (other) kossl->OPENSSL_sk_free(other); - - if (!p7) return sslErrToRc(); - - if (kossl->i2d_PKCS7_bio(cipherText, p7)) { - rc = KSMIMECrypto::KSC_R_OK; - } else { - rc = sslErrToRc(); - } - - kossl->PKCS7_free(p7); - - return rc; -} - -KSMIMECrypto::rc KSMIMECryptoPrivate::encryptMessage(BIO *clearText, - BIO *cipherText, KSMIMECrypto::algo algorithm, - TQPtrList &recip) { - EVP_CIPHER *cipher = NULL; - KSMIMECrypto::rc rc; - switch(algorithm) { - case KSMIMECrypto::KSC_C_DES3_CBC: - cipher = kossl->EVP_des_ede3_cbc(); - break; - case KSMIMECrypto::KSC_C_RC2_CBC_128: - cipher = kossl->EVP_rc2_cbc(); - break; - case KSMIMECrypto::KSC_C_RC2_CBC_64: - cipher = kossl->EVP_rc2_64_cbc(); - break; - case KSMIMECrypto::KSC_C_DES_CBC: - cipher = kossl->EVP_des_cbc(); - break; - case KSMIMECrypto::KSC_C_RC2_CBC_40: - cipher = kossl->EVP_rc2_40_cbc(); - break; - } - if (!cipher) return KSMIMECrypto::KSC_R_NOCIPHER; - - STACK_OF(X509) *certs = certsToX509(recip); - - PKCS7 *p7 = kossl->PKCS7_encrypt(certs, clearText, cipher, 0); - - kossl->OPENSSL_sk_free(certs); - - if (!p7) return sslErrToRc(); - - if (kossl->i2d_PKCS7_bio(cipherText, p7)) { - rc = KSMIMECrypto::KSC_R_OK; - } else { - rc = sslErrToRc(); - } - - kossl->PKCS7_free(p7); - - return rc; -} - - -KSMIMECrypto::rc KSMIMECryptoPrivate::checkSignature(BIO *clearText, - BIO *signature, bool detached, - TQPtrList &recip) { - - PKCS7 *p7 = kossl->d2i_PKCS7_bio(signature, NULL); - KSMIMECrypto::rc rc = KSMIMECrypto::KSC_R_OTHER; - - if (!p7) return sslErrToRc(); - - BIO *in; - BIO *out; - if (detached) { - in = clearText; - out = NULL; - } else { - in = NULL; - out = clearText; - } - - X509_STORE *dummystore = kossl->X509_STORE_new(); - if (kossl->PKCS7_verify(p7, NULL, dummystore, in, out, PKCS7_NOVERIFY)) { - STACK_OF(X509) *signers = kossl->PKCS7_get0_signers(p7, 0, PKCS7_NOVERIFY); - int num = kossl->OPENSSL_sk_num(signers); - - for(int n=0; n(kossl->OPENSSL_sk_value(signers, n))); - recip.append(signer); - } - - kossl->OPENSSL_sk_free(signers); - rc = KSMIMECrypto::KSC_R_OK; - } else { - rc = sslErrToRc(); - } - - kossl->X509_STORE_free(dummystore); - kossl->PKCS7_free(p7); - - return rc; -} - - -KSMIMECrypto::rc KSMIMECryptoPrivate::decryptMessage(BIO *cipherText, - BIO *clearText, - KSSLPKCS12 &privKey) { - - PKCS7 *p7 = kossl->d2i_PKCS7_bio(cipherText, NULL); - KSMIMECrypto::rc rc; - - if (!p7) return sslErrToRc(); - - if (kossl->PKCS7_decrypt(p7, privKey.getPrivateKey(), privKey.getCertificate()->getCert(), - clearText, 0)) { - rc = KSMIMECrypto::KSC_R_OK; - } else { - rc = sslErrToRc(); - } - - kossl->PKCS7_free(p7); - - return rc; -} - - -void KSMIMECryptoPrivate::MemBIOToQByteArray(BIO *src, TQByteArray &dest) { - char *buf; - long len = kossl->BIO_get_mem_data(src, &buf); - dest.assign(buf, len); - /* Now this goes quite a bit into openssl internals. - We assume that openssl uses malloc() (it does in - default config) and rip out the buffer. - */ - void *ptr = kossl->BIO_get_data(src); - reinterpret_cast(ptr)->data = NULL; -} - - -KSMIMECrypto::rc KSMIMECryptoPrivate::sslErrToRc(void) { - unsigned long cerr = kossl->ERR_get_error(); - - // To be completed and possibly fixed - - switch(ERR_GET_REASON(cerr)) { - case ERR_R_MALLOC_FAILURE: - return KSMIMECrypto::KSC_R_NOMEM; - } - - switch(ERR_GET_LIB(cerr)) { - case ERR_LIB_PKCS7: - switch(ERR_GET_REASON(cerr)) { - case PKCS7_R_WRONG_CONTENT_TYPE: - case PKCS7_R_NO_CONTENT: - case PKCS7_R_NO_SIGNATURES_ON_DATA: - return KSMIMECrypto::KSC_R_FORMAT; - break; - case PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE: - case PKCS7_R_DECRYPT_ERROR: // Hmm? - return KSMIMECrypto::KSC_R_WRONGKEY; - break; - case PKCS7_R_DIGEST_FAILURE: - return KSMIMECrypto::KSC_R_VERIFY; - default: - break; - } - break; - default: - break; - } - - kdDebug(7029) <<"KSMIMECrypto: uncaught error " <hasLibCrypto()) kossl = 0L; -#else - kossl = 0L; -#endif -} - - -KSMIMECrypto::~KSMIMECrypto() { -#ifdef KSSL_HAVE_SSL - delete priv; -#endif -} - - -KSMIMECrypto::rc KSMIMECrypto::signMessage(const TQCString &clearText, - TQByteArray &cipherText, - const KSSLPKCS12 &privKey, - const TQPtrList &certs, - bool detached) { -#ifdef KSSL_HAVE_SSL - if (!kossl) return KSC_R_NO_SSL; - BIO *in = kossl->BIO_new_mem_buf((char *)clearText.data(), clearText.size()); - BIO *out = kossl->BIO_new(kossl->BIO_s_mem()); - - rc rc = priv->signMessage(in, out, - const_cast(privKey), - const_cast &>(certs), - detached); - - if (!rc) priv->MemBIOToQByteArray(out, cipherText); - - kossl->BIO_free(out); - kossl->BIO_free(in); - - return rc; -#else - return KSC_R_NO_SSL; -#endif -} - - -KSMIMECrypto::rc KSMIMECrypto::checkDetachedSignature(const TQCString &clearText, - const TQByteArray &signature, - TQPtrList &foundCerts) { -#ifdef KSSL_HAVE_SSL - if (!kossl) return KSC_R_NO_SSL; - BIO *txt = kossl->BIO_new_mem_buf((char *)clearText.data(), clearText.length()); - BIO *sig = kossl->BIO_new_mem_buf((char *)signature.data(), signature.size()); - - rc rc = priv->checkSignature(txt, sig, true, foundCerts); - - kossl->BIO_free(sig); - kossl->BIO_free(txt); - - return rc; -#else - return KSC_R_NO_SSL; -#endif -} - - -KSMIMECrypto::rc KSMIMECrypto::checkOpaqueSignature(const TQByteArray &signedText, - TQCString &clearText, - TQPtrList &foundCerts) { -#ifdef KSSL_HAVE_SSL - if (!kossl) return KSC_R_NO_SSL; - - BIO *in = kossl->BIO_new_mem_buf((char *)signedText.data(), signedText.size()); - BIO *out = kossl->BIO_new(kossl->BIO_s_mem()); - - rc rc = priv->checkSignature(out, in, false, foundCerts); - - kossl->BIO_write(out, &eot, 1); - priv->MemBIOToQByteArray(out, clearText); - - kossl->BIO_free(out); - kossl->BIO_free(in); - - return rc; -#else - return KSC_R_NO_SSL; -#endif -} - - -KSMIMECrypto::rc KSMIMECrypto::encryptMessage(const TQCString &clearText, - TQByteArray &cipherText, - algo algorithm, - const TQPtrList &recip) { -#ifdef KSSL_HAVE_SSL - if (!kossl) return KSC_R_NO_SSL; - - BIO *in = kossl->BIO_new_mem_buf((char *)clearText.data(), clearText.size()); - BIO *out = kossl->BIO_new(kossl->BIO_s_mem()); - - rc rc = priv->encryptMessage(in,out,algorithm, - const_cast< TQPtrList &>(recip)); - - if (!rc) priv->MemBIOToQByteArray(out, cipherText); - - kossl->BIO_free(out); - kossl->BIO_free(in); - - return rc; -#else - return KSC_R_NO_SSL; -#endif -} - - -KSMIMECrypto::rc KSMIMECrypto::decryptMessage(const TQByteArray &cipherText, - TQCString &clearText, - const KSSLPKCS12 &privKey) { -#ifdef KSSL_HAVE_SSL - if (!kossl) return KSC_R_NO_SSL; - - BIO *in = kossl->BIO_new_mem_buf((char *)cipherText.data(), cipherText.size()); - BIO *out = kossl->BIO_new(kossl->BIO_s_mem()); - - rc rc = priv->decryptMessage(in,out, - const_cast(privKey)); - - kossl->BIO_write(out, &eot, 1); - priv->MemBIOToQByteArray(out, clearText); - - kossl->BIO_free(out); - kossl->BIO_free(in); - - return rc; -#else - return KSC_R_NO_SSL; -#endif -} - diff --git a/tdeio/kssl/ksmimecrypto.cpp b/tdeio/kssl/ksmimecrypto.cpp new file mode 100644 index 000000000..92318b9f0 --- /dev/null +++ b/tdeio/kssl/ksmimecrypto.cpp @@ -0,0 +1,417 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2003 Stefan Rompf + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + + +#include +#include +#include +#include + +#include "kopenssl.h" +#include "ksslcertificate.h" +#include "ksslpkcs12.h" +#include "ksmimecrypto.h" + +// this hack provided by Malte Starostik to avoid glibc/openssl bug +// on some systems +#ifdef KSSL_HAVE_SSL +#define crypt _openssl_crypt +#include +#undef crypt +#endif + + +#ifdef KSSL_HAVE_SSL +static const char eot = 0; + +class KSMIMECryptoPrivate { + KOpenSSLProxy *kossl; + +public: + KSMIMECryptoPrivate(KOpenSSLProxy *kossl); + + + STACK_OF(X509) *certsToX509(TQPtrList &certs); + + KSMIMECrypto::rc signMessage(BIO *clearText, + BIO *cipherText, + KSSLPKCS12 &privKey, TQPtrList &certs, + bool detached); + + KSMIMECrypto::rc encryptMessage(BIO *clearText, + BIO *cipherText, KSMIMECrypto::algo algorithm, + TQPtrList &recip); + + KSMIMECrypto::rc checkSignature(BIO *clearText, + BIO *signature, bool detached, + TQPtrList &recip); + + KSMIMECrypto::rc decryptMessage(BIO *cipherText, + BIO *clearText, + KSSLPKCS12 &privKey); + + void MemBIOToQByteArray(BIO *src, TQByteArray &dest); + + KSMIMECrypto::rc sslErrToRc(void); +}; + + +KSMIMECryptoPrivate::KSMIMECryptoPrivate(KOpenSSLProxy *kossl): kossl(kossl) { +} + + +STACK_OF(X509) *KSMIMECryptoPrivate::certsToX509(TQPtrList &certs) { + STACK_OF(X509) *x509 = reinterpret_cast(kossl->OPENSSL_sk_new(NULL)); + KSSLCertificate *cert = certs.first(); + while(cert) { + kossl->OPENSSL_sk_push(x509, cert->getCert()); + cert = certs.next(); + } + return x509; +} + + +KSMIMECrypto::rc KSMIMECryptoPrivate::signMessage(BIO *clearText, + BIO *cipherText, + KSSLPKCS12 &privKey, TQPtrList &certs, + bool detached) { + + STACK_OF(X509) *other = NULL; + KSMIMECrypto::rc rc; + int flags = detached?PKCS7_DETACHED:0; + + if (certs.count()) other = certsToX509(certs); + + PKCS7 *p7 = kossl->PKCS7_sign(privKey.getCertificate()->getCert(), privKey.getPrivateKey(), + other, clearText, flags); + + if (other) kossl->OPENSSL_sk_free(other); + + if (!p7) return sslErrToRc(); + + if (kossl->i2d_PKCS7_bio(cipherText, p7)) { + rc = KSMIMECrypto::KSC_R_OK; + } else { + rc = sslErrToRc(); + } + + kossl->PKCS7_free(p7); + + return rc; +} + +KSMIMECrypto::rc KSMIMECryptoPrivate::encryptMessage(BIO *clearText, + BIO *cipherText, KSMIMECrypto::algo algorithm, + TQPtrList &recip) { + EVP_CIPHER *cipher = NULL; + KSMIMECrypto::rc rc; + switch(algorithm) { + case KSMIMECrypto::KSC_C_DES3_CBC: + cipher = kossl->EVP_des_ede3_cbc(); + break; + case KSMIMECrypto::KSC_C_RC2_CBC_128: + cipher = kossl->EVP_rc2_cbc(); + break; + case KSMIMECrypto::KSC_C_RC2_CBC_64: + cipher = kossl->EVP_rc2_64_cbc(); + break; + case KSMIMECrypto::KSC_C_DES_CBC: + cipher = kossl->EVP_des_cbc(); + break; + case KSMIMECrypto::KSC_C_RC2_CBC_40: + cipher = kossl->EVP_rc2_40_cbc(); + break; + } + if (!cipher) return KSMIMECrypto::KSC_R_NOCIPHER; + + STACK_OF(X509) *certs = certsToX509(recip); + + PKCS7 *p7 = kossl->PKCS7_encrypt(certs, clearText, cipher, 0); + + kossl->OPENSSL_sk_free(certs); + + if (!p7) return sslErrToRc(); + + if (kossl->i2d_PKCS7_bio(cipherText, p7)) { + rc = KSMIMECrypto::KSC_R_OK; + } else { + rc = sslErrToRc(); + } + + kossl->PKCS7_free(p7); + + return rc; +} + + +KSMIMECrypto::rc KSMIMECryptoPrivate::checkSignature(BIO *clearText, + BIO *signature, bool detached, + TQPtrList &recip) { + + PKCS7 *p7 = kossl->d2i_PKCS7_bio(signature, NULL); + KSMIMECrypto::rc rc = KSMIMECrypto::KSC_R_OTHER; + + if (!p7) return sslErrToRc(); + + BIO *in; + BIO *out; + if (detached) { + in = clearText; + out = NULL; + } else { + in = NULL; + out = clearText; + } + + X509_STORE *dummystore = kossl->X509_STORE_new(); + if (kossl->PKCS7_verify(p7, NULL, dummystore, in, out, PKCS7_NOVERIFY)) { + STACK_OF(X509) *signers = kossl->PKCS7_get0_signers(p7, 0, PKCS7_NOVERIFY); + int num = kossl->OPENSSL_sk_num(signers); + + for(int n=0; n(kossl->OPENSSL_sk_value(signers, n))); + recip.append(signer); + } + + kossl->OPENSSL_sk_free(signers); + rc = KSMIMECrypto::KSC_R_OK; + } else { + rc = sslErrToRc(); + } + + kossl->X509_STORE_free(dummystore); + kossl->PKCS7_free(p7); + + return rc; +} + + +KSMIMECrypto::rc KSMIMECryptoPrivate::decryptMessage(BIO *cipherText, + BIO *clearText, + KSSLPKCS12 &privKey) { + + PKCS7 *p7 = kossl->d2i_PKCS7_bio(cipherText, NULL); + KSMIMECrypto::rc rc; + + if (!p7) return sslErrToRc(); + + if (kossl->PKCS7_decrypt(p7, privKey.getPrivateKey(), privKey.getCertificate()->getCert(), + clearText, 0)) { + rc = KSMIMECrypto::KSC_R_OK; + } else { + rc = sslErrToRc(); + } + + kossl->PKCS7_free(p7); + + return rc; +} + + +void KSMIMECryptoPrivate::MemBIOToQByteArray(BIO *src, TQByteArray &dest) { + char *buf; + long len = kossl->BIO_get_mem_data(src, &buf); + dest.assign(buf, len); + /* Now this goes quite a bit into openssl internals. + We assume that openssl uses malloc() (it does in + default config) and rip out the buffer. + */ + void *ptr = kossl->BIO_get_data(src); + reinterpret_cast(ptr)->data = NULL; +} + + +KSMIMECrypto::rc KSMIMECryptoPrivate::sslErrToRc(void) { + unsigned long cerr = kossl->ERR_get_error(); + + // To be completed and possibly fixed + + switch(ERR_GET_REASON(cerr)) { + case ERR_R_MALLOC_FAILURE: + return KSMIMECrypto::KSC_R_NOMEM; + } + + switch(ERR_GET_LIB(cerr)) { + case ERR_LIB_PKCS7: + switch(ERR_GET_REASON(cerr)) { + case PKCS7_R_WRONG_CONTENT_TYPE: + case PKCS7_R_NO_CONTENT: + case PKCS7_R_NO_SIGNATURES_ON_DATA: + return KSMIMECrypto::KSC_R_FORMAT; + break; + case PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE: + case PKCS7_R_DECRYPT_ERROR: // Hmm? + return KSMIMECrypto::KSC_R_WRONGKEY; + break; + case PKCS7_R_DIGEST_FAILURE: + return KSMIMECrypto::KSC_R_VERIFY; + default: + break; + } + break; + default: + break; + } + + kdDebug(7029) <<"KSMIMECrypto: uncaught error " <hasLibCrypto()) kossl = 0L; +#else + kossl = 0L; +#endif +} + + +KSMIMECrypto::~KSMIMECrypto() { +#ifdef KSSL_HAVE_SSL + delete priv; +#endif +} + + +KSMIMECrypto::rc KSMIMECrypto::signMessage(const TQCString &clearText, + TQByteArray &cipherText, + const KSSLPKCS12 &privKey, + const TQPtrList &certs, + bool detached) { +#ifdef KSSL_HAVE_SSL + if (!kossl) return KSC_R_NO_SSL; + BIO *in = kossl->BIO_new_mem_buf((char *)clearText.data(), clearText.size()); + BIO *out = kossl->BIO_new(kossl->BIO_s_mem()); + + rc rc = priv->signMessage(in, out, + const_cast(privKey), + const_cast &>(certs), + detached); + + if (!rc) priv->MemBIOToQByteArray(out, cipherText); + + kossl->BIO_free(out); + kossl->BIO_free(in); + + return rc; +#else + return KSC_R_NO_SSL; +#endif +} + + +KSMIMECrypto::rc KSMIMECrypto::checkDetachedSignature(const TQCString &clearText, + const TQByteArray &signature, + TQPtrList &foundCerts) { +#ifdef KSSL_HAVE_SSL + if (!kossl) return KSC_R_NO_SSL; + BIO *txt = kossl->BIO_new_mem_buf((char *)clearText.data(), clearText.length()); + BIO *sig = kossl->BIO_new_mem_buf((char *)signature.data(), signature.size()); + + rc rc = priv->checkSignature(txt, sig, true, foundCerts); + + kossl->BIO_free(sig); + kossl->BIO_free(txt); + + return rc; +#else + return KSC_R_NO_SSL; +#endif +} + + +KSMIMECrypto::rc KSMIMECrypto::checkOpaqueSignature(const TQByteArray &signedText, + TQCString &clearText, + TQPtrList &foundCerts) { +#ifdef KSSL_HAVE_SSL + if (!kossl) return KSC_R_NO_SSL; + + BIO *in = kossl->BIO_new_mem_buf((char *)signedText.data(), signedText.size()); + BIO *out = kossl->BIO_new(kossl->BIO_s_mem()); + + rc rc = priv->checkSignature(out, in, false, foundCerts); + + kossl->BIO_write(out, &eot, 1); + priv->MemBIOToQByteArray(out, clearText); + + kossl->BIO_free(out); + kossl->BIO_free(in); + + return rc; +#else + return KSC_R_NO_SSL; +#endif +} + + +KSMIMECrypto::rc KSMIMECrypto::encryptMessage(const TQCString &clearText, + TQByteArray &cipherText, + algo algorithm, + const TQPtrList &recip) { +#ifdef KSSL_HAVE_SSL + if (!kossl) return KSC_R_NO_SSL; + + BIO *in = kossl->BIO_new_mem_buf((char *)clearText.data(), clearText.size()); + BIO *out = kossl->BIO_new(kossl->BIO_s_mem()); + + rc rc = priv->encryptMessage(in,out,algorithm, + const_cast< TQPtrList &>(recip)); + + if (!rc) priv->MemBIOToQByteArray(out, cipherText); + + kossl->BIO_free(out); + kossl->BIO_free(in); + + return rc; +#else + return KSC_R_NO_SSL; +#endif +} + + +KSMIMECrypto::rc KSMIMECrypto::decryptMessage(const TQByteArray &cipherText, + TQCString &clearText, + const KSSLPKCS12 &privKey) { +#ifdef KSSL_HAVE_SSL + if (!kossl) return KSC_R_NO_SSL; + + BIO *in = kossl->BIO_new_mem_buf((char *)cipherText.data(), cipherText.size()); + BIO *out = kossl->BIO_new(kossl->BIO_s_mem()); + + rc rc = priv->decryptMessage(in,out, + const_cast(privKey)); + + kossl->BIO_write(out, &eot, 1); + priv->MemBIOToQByteArray(out, clearText); + + kossl->BIO_free(out); + kossl->BIO_free(in); + + return rc; +#else + return KSC_R_NO_SSL; +#endif +} + diff --git a/tdeio/kssl/kssl.cc b/tdeio/kssl/kssl.cc deleted file mode 100644 index 0f34a55da..000000000 --- a/tdeio/kssl/kssl.cc +++ /dev/null @@ -1,699 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2000-2003 George Staikos - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -// this hack provided by Malte Starostik to avoid glibc/openssl bug -// on some systems -#ifdef KSSL_HAVE_SSL -#include -#include -#include -#define crypt _openssl_crypt -#include -#include -#include -#include -#include -#undef crypt -#endif - -#include "kssl.h" - -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include - - -class KSSLPrivate { -public: - KSSLPrivate() { - lastInitTLS = false; - kossl = KOpenSSLProxy::self(); - session = 0L; - } - - ~KSSLPrivate() { - delete session; - session = 0L; - } - - bool lastInitTLS; - KSSLCertificate::KSSLValidation m_cert_vfy_res; - TQString proxyPeer; - -#ifdef KSSL_HAVE_SSL - SSL *m_ssl; - SSL_CTX *m_ctx; - SSL_METHOD *m_meth; -#endif - KSSLSession *session; - KOSSL *kossl; -}; - - -KSSL::KSSL(bool init) { - d = new KSSLPrivate; - m_bInit = false; - m_bAutoReconfig = true; - m_cfg = new KSSLSettings(); -#ifdef KSSL_HAVE_SSL - d->m_ssl = 0L; -#endif - - if (init) - initialize(); -} - - -KSSL::~KSSL() { - close(); - delete m_cfg; - delete d; -} - - -int KSSL::seedWithEGD() { -int rc = 0; -#ifdef KSSL_HAVE_SSL - if (m_cfg->useEGD() && !m_cfg->getEGDPath().isEmpty()) { - rc = d->kossl->RAND_egd(m_cfg->getEGDPath().latin1()); - if (rc < 0) - kdDebug(7029) << "KSSL: Error seeding PRNG with the EGD." << endl; - else kdDebug(7029) << "KSSL: PRNG was seeded with " << rc - << " bytes from the EGD." << endl; - } else if (m_cfg->useEFile() && !m_cfg->getEGDPath().isEmpty()) { - rc = d->kossl->RAND_load_file(m_cfg->getEGDPath().latin1(), -1); - if (rc < 0) - kdDebug(7029) << "KSSL: Error seeding PRNG with the entropy file." << endl; - else kdDebug(7029) << "KSSL: PRNG was seeded with " << rc - << " bytes from the entropy file." << endl; - } -#endif -return rc; -} - - -bool KSSL::TLSInit() { -#ifdef KSSL_HAVE_SSL -// kdDebug(7029) << "KSSL TLS initialize" << endl; - if (m_bInit) - return false; - - if (m_bAutoReconfig) - m_cfg->load(); - - if (!m_cfg->tlsv1()) - return false; - - seedWithEGD(); - d->m_meth = d->kossl->TLS_client_method(); - d->lastInitTLS = true; - - m_pi.reset(); - - d->m_ctx = d->kossl->SSL_CTX_new(d->m_meth); - if (d->m_ctx == 0L) { - return false; - } - - // set cipher list - TQString clist = m_cfg->getCipherList(); - //kdDebug(7029) << "Cipher list: " << clist << endl; - if (!clist.isEmpty()) - d->kossl->SSL_CTX_set_cipher_list(d->m_ctx, const_cast(clist.ascii())); - - m_bInit = true; -return true; -#else -return false; -#endif -} - - -bool KSSL::initialize() { -#ifdef KSSL_HAVE_SSL - kdDebug(7029) << "KSSL initialize" << endl; - if (m_bInit) - return false; - - if (m_bAutoReconfig) - m_cfg->load(); - - seedWithEGD(); - // FIXME: we should be able to force SSL off entirely. - d->lastInitTLS = false; - - m_pi.reset(); - - if (m_cfg->tlsv1() || (m_cfg->sslv3() && m_cfg->sslv2())) { - d->m_meth = d->kossl->TLS_client_method(); - } - else if (m_cfg->sslv3()) { - d->m_meth = d->kossl->SSLv3_client_method(); - } - else if (m_cfg->sslv2()) { - d->m_meth = d->kossl->SSLv2_client_method(); - } - -/* -if (m_cfg->sslv2() && m_cfg->sslv3()) kdDebug(7029) << "Double method" << endl; -else if (m_cfg->sslv2()) kdDebug(7029) << "SSL2 method" << endl; -else if (m_cfg->sslv3()) kdDebug(7029) << "SSL3 method" << endl; -*/ - - d->m_ctx = d->kossl->SSL_CTX_new(d->m_meth); - if (d->m_ctx == 0L) { - return false; - } - - // set cipher list - TQString clist = m_cfg->getCipherList(); - kdDebug(7029) << "Cipher list: " << clist << endl; - if (!clist.isEmpty()) - d->kossl->SSL_CTX_set_cipher_list(d->m_ctx, const_cast(clist.ascii())); - - m_bInit = true; -return true; -#else -return false; -#endif -} - - -bool KSSL::takeSession(KSSLSession *session) { -#ifdef KSSL_HAVE_SSL - if (!session) { - delete d->session; - d->session = 0L; - return true; - } - - // Take session reference - d->session = new KSSLSession; - d->session->_session = session->_session; - session->_session = 0L; - - return true; -#else - return false; -#endif -} - - -void KSSL::close() { -#ifdef KSSL_HAVE_SSL -//kdDebug(7029) << "KSSL close" << endl; - if (!m_bInit) - return; - - delete d->session; - d->session = 0L; - - if (d->m_ssl) { - d->kossl->SSL_shutdown(d->m_ssl); - d->kossl->SSL_free(d->m_ssl); - d->m_ssl = 0L; - } - - d->kossl->SSL_CTX_free(d->m_ctx); - if (m_cfg->useEFile() && !m_cfg->getEGDPath().isEmpty()) { - d->kossl->RAND_write_file(m_cfg->getEGDPath().latin1()); - } - - m_bInit = false; -#endif -} - - -bool KSSL::reInitialize() { - close(); -return initialize(); -} - -// get the callback file - it's hidden away in here -//#include "ksslcallback.c" - - -bool KSSL::setVerificationLogic() { -#if 0 -#ifdef KSSL_HAVE_SSL - // SSL_set_verify_result(d->m_ssl, X509_V_OK); - // SSL_CTX_set_verify(d->m_ctx, SSL_VERIFY_PEER, X509Callback); -#endif -#endif -return true; -} - - -int KSSL::accept(int sock) { -#ifdef KSSL_HAVE_SSL -// kdDebug(7029) << "KSSL accept" << endl; -int rc; - if (!m_bInit) - return -1; - d->m_ssl = d->kossl->SSL_new(d->m_ctx); - if (!d->m_ssl) - return -1; - - if (d->session) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L - if (static_cast(d->session->_session)->sess_cert == 0) - { - kdDebug(7029) << "Can't reuse session, no certificate." << endl; - delete d->session; - d->session = 0; - } - else -#endif - if (1 == d->kossl->SSL_set_session(d->m_ssl, - static_cast(d->session->_session))) { - kdDebug(7029) << "Session ID is being reused." << endl; - } else { - kdDebug(7029) << "Error attempting to reuse session." << endl; - delete d->session; - d->session = 0; - } - } - -/* - if (!setVerificationLogic()) { - d->kossl->SSL_shutdown(d->m_ssl); - d->kossl->SSL_free(d->m_ssl); - d->m_ssl = 0; - return -1; - } -*/ - - int off = SSL_OP_ALL; - if (!d->lastInitTLS && !m_cfg->tlsv1()) - off |= SSL_OP_NO_TLSv1; - if (!m_cfg->sslv3()) - off |= SSL_OP_NO_SSLv3; - if (!m_cfg->sslv2()) - off |= SSL_OP_NO_SSLv2; - - d->kossl->_SSL_set_options(d->m_ssl, off); - - rc = d->kossl->SSL_set_fd(d->m_ssl, sock); - if (rc == 0) { - d->kossl->SSL_shutdown(d->m_ssl); - d->kossl->SSL_free(d->m_ssl); - d->m_ssl = 0; - return rc; - } -#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME - d->kossl->SSL_set_tlsext_host_name(d->m_ssl, d->proxyPeer.ascii()); -#endif - - rc = d->kossl->SSL_accept(d->m_ssl); - if (rc == 1) { - setConnectionInfo(); - setPeerInfo(); - kdDebug(7029) << "KSSL connected OK" << endl; - } else { - kdDebug(7029) << "KSSL accept failed - rc = " << rc << endl; - kdDebug(7029) << " ERROR = " - << d->kossl->SSL_get_error(d->m_ssl, rc) << endl; - d->kossl->SSL_shutdown(d->m_ssl); - d->kossl->SSL_free(d->m_ssl); - d->m_ssl = 0; - return -1; - } - - if (!d->kossl->_SSL_session_reused(d->m_ssl)) { - if (d->session) { - kdDebug(7029) << "Session reuse failed. New session used instead." << endl; - delete d->session; - d->session = 0L; - } - } - - if (!d->session) { - SSL_SESSION *sess = d->kossl->SSL_get1_session(d->m_ssl); - if (sess) { - d->session = new KSSLSession; - d->session->_session = sess; - } - } - -return rc; -#else -return -1; -#endif -} - - -int KSSL::connect(int sock) { -#ifdef KSSL_HAVE_SSL -// kdDebug(7029) << "KSSL connect" << endl; -int rc; - if (!m_bInit) - return -1; - d->m_ssl = d->kossl->SSL_new(d->m_ctx); - if (!d->m_ssl) - return -1; - - if (d->session) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L - if (static_cast(d->session->_session)->sess_cert == 0) - { - kdDebug(7029) << "Can't reuse session, no certificate." << endl; - delete d->session; - d->session = 0; - } - else -#endif - if (1 == d->kossl->SSL_set_session(d->m_ssl, - static_cast(d->session->_session))) { - kdDebug(7029) << "Session ID is being reused." << endl; - } else { - kdDebug(7029) << "Error attempting to reuse session." << endl; - delete d->session; - d->session = 0; - } - } - -/* - if (!setVerificationLogic()) { - d->kossl->SSL_shutdown(d->m_ssl); - d->kossl->SSL_free(d->m_ssl); - d->m_ssl = 0; - return -1; - } -*/ - - int off = SSL_OP_ALL; - if (!d->lastInitTLS && !m_cfg->tlsv1()) - off |= SSL_OP_NO_TLSv1; - if (!m_cfg->sslv3()) - off |= SSL_OP_NO_SSLv3; - if (!m_cfg->sslv2()) - off |= SSL_OP_NO_SSLv2; - - d->kossl->_SSL_set_options(d->m_ssl, off); - - rc = d->kossl->SSL_set_fd(d->m_ssl, sock); - if (rc == 0) { - d->kossl->SSL_shutdown(d->m_ssl); - d->kossl->SSL_free(d->m_ssl); - d->m_ssl = 0; - return rc; - } -#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME - d->kossl->SSL_set_tlsext_host_name(d->m_ssl, d->proxyPeer.ascii()); -#endif - -connect_again: - rc = d->kossl->SSL_connect(d->m_ssl); - if (rc == 1) { - setConnectionInfo(); - setPeerInfo(); - kdDebug(7029) << "KSSL connected OK" << endl; - } else { - int err = d->kossl->SSL_get_error(d->m_ssl, rc); - if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { - // nonblocking - but we block anyways in connect() :) - goto connect_again; - } else { - kdDebug(7029) << "KSSL connect failed - rc = " - << rc << endl; - kdDebug(7029) << " ERROR = " - << err << endl; - d->kossl->ERR_print_errors_fp(stderr); - d->kossl->SSL_shutdown(d->m_ssl); - d->kossl->SSL_free(d->m_ssl); - d->m_ssl = 0; - return -1; - } - } - - if (!d->kossl->_SSL_session_reused(d->m_ssl)) { - if (d->session) { - kdDebug(7029) << "Session reuse failed. New session used instead." << endl; - delete d->session; - d->session = 0L; - } - } - - if (!d->session) { - SSL_SESSION *sess = d->kossl->SSL_get1_session(d->m_ssl); - if (sess) { - d->session = new KSSLSession; - d->session->_session = sess; - } - } - -return rc; -#else -return -1; -#endif -} - - -int KSSL::pending() { -#ifdef KSSL_HAVE_SSL - if (!m_bInit) - return -1; -return d->kossl->SSL_pending(d->m_ssl); -#else -return -1; -#endif -} - - -int KSSL::peek(void *buf, int len) { -#ifdef KSSL_HAVE_SSL - if (!m_bInit) - return -1; - // FIXME: enhance to work the way read() does below, handling errors -return d->kossl->SSL_peek(d->m_ssl, buf, len); -#else -return -1; -#endif -} - - -int KSSL::read(void *buf, int len) { -#ifdef KSSL_HAVE_SSL - int rc = 0; - int maxIters = 10; - - if (!m_bInit) - return -1; - -read_again: - rc = d->kossl->SSL_read(d->m_ssl, (char *)buf, len); - if (rc <= 0) { - int err = d->kossl->SSL_get_error(d->m_ssl, rc); - - if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { - kdDebug(7029) << "SSL read() returning 0: " << err << endl; - if (maxIters-- > 0) { - ::usleep(20000); // 20ms sleep - goto read_again; - } - return 0; - } - - kdDebug(7029) << "SSL READ ERROR: " << err << endl; - if (err != SSL_ERROR_NONE && - err != SSL_ERROR_ZERO_RETURN && err != SSL_ERROR_SYSCALL) { - rc = -1; // OpenSSL returns 0 on error too - d->kossl->ERR_print_errors_fp(stderr); - } - -// else if (err == SSL_ERROR_ZERO_RETURN) -// rc = 0; - } -return rc; -#else -return -1; -#endif -} - - -int KSSL::write(const void *buf, int len) { -#ifdef KSSL_HAVE_SSL - if (!m_bInit) - return -1; - -write_again: - int rc = d->kossl->SSL_write(d->m_ssl, (const char *)buf, len); - if (rc <= 0) { // OpenSSL returns 0 on error too - int err = d->kossl->SSL_get_error(d->m_ssl, rc); - - if (err == SSL_ERROR_WANT_WRITE) { - ::usleep(20000); // 20ms sleep - goto write_again; - } - - kdDebug(7029) << "SSL WRITE ERROR: " << err << endl; - if (err != SSL_ERROR_NONE && - err != SSL_ERROR_ZERO_RETURN && err != SSL_ERROR_SYSCALL) - rc = -1; - } - -return rc; -#else -return -1; -#endif -} - - -bool KSSL::reconfig() { - return reInitialize(); -} - - -void KSSL::setAutoReconfig(bool ar) { - m_bAutoReconfig = ar; -} - - -bool KSSL::setSettings(KSSLSettings *settings) { - delete m_cfg; - m_cfg = settings; - return reconfig(); -} - - -#ifdef KSSL_HAVE_SSL -bool KSSL::m_bSSLWorks = true; -#else -bool KSSL::m_bSSLWorks = false; -#endif - -bool KSSL::doesSSLWork() { - return m_bSSLWorks; -} - - -void KSSL::setConnectionInfo() { -#ifdef KSSL_HAVE_SSL -SSL_CIPHER *sc; -char buf[1024]; - - buf[0] = 0; // for safety. - sc = d->kossl->SSL_get_current_cipher(d->m_ssl); - if (!sc) { - kdDebug(7029) << "KSSL get current cipher failed - we're probably gonna crash!" << endl; - return; - } - - // set the number of bits, bits used - m_ci.m_iCipherUsedBits = d->kossl->SSL_CIPHER_get_bits(sc, &(m_ci.m_iCipherBits)); - // set the cipher version - m_ci.m_cipherVersion = d->kossl->SSL_CIPHER_get_version(sc); - // set the cipher name - m_ci.m_cipherName = d->kossl->SSL_CIPHER_get_name(sc); - // set the cipher description - m_ci.m_cipherDescription = d->kossl->SSL_CIPHER_description(sc, buf, 1023); - -#endif -} - - -void KSSL::setPeerInfo() { -#ifdef KSSL_HAVE_SSL - m_pi.setPeerHost(d->proxyPeer); - m_pi.m_cert.setCert(d->kossl->SSL_get_peer_certificate(d->m_ssl)); - STACK_OF(X509) *xs = d->kossl->SSL_get_peer_cert_chain(d->m_ssl); - if (xs) - xs = reinterpret_cast(d->kossl->OPENSSL_sk_dup(xs)); // Leak? - m_pi.m_cert.setChain((void *)xs); -#endif -} - - -KSSLConnectionInfo& KSSL::connectionInfo() { - return m_ci; -} - - -// KDE 4: Make it const TQString & -void KSSL::setPeerHost(TQString realHost) { - d->proxyPeer = realHost; -} - -// deprecated -void KSSL::setProxyUse(bool, TQString, int, TQString) { -} - - -KSSLPeerInfo& KSSL::peerInfo() { - return m_pi; -} - - -bool KSSL::setClientCertificate(KSSLPKCS12 *pkcs) { -#ifdef KSSL_HAVE_SSL - if (!pkcs || !pkcs->getCertificate()) - return false; - -int rc; -X509 *x = pkcs->getCertificate()->getCert(); -EVP_PKEY *k = pkcs->getPrivateKey(); - - if (!x || !k) return false; - - if (!pkcs->getCertificate()->x509V3Extensions().certTypeSSLClient()) - return false; - - rc = d->kossl->SSL_CTX_use_certificate(d->m_ctx, x); - if (rc <= 0) { - kdDebug(7029) << "KSSL - SSL_CTX_use_certificate failed. rc = " << rc << endl; - return false; - } - - rc = d->kossl->SSL_CTX_use_PrivateKey(d->m_ctx, k); - if (rc <= 0) { - kdDebug(7029) << "KSSL - SSL_CTX_use_PrivateKey failed. rc = " << rc << endl; - return false; - } - - return true; -#else - return false; -#endif -} - -const KSSLSession* KSSL::session() const { - return d->session; -} - -bool KSSL::reusingSession() const { -#ifdef KSSL_HAVE_SSL - return (d->m_ssl && d->kossl->_SSL_session_reused(d->m_ssl)); -#else - return false; -#endif -} - diff --git a/tdeio/kssl/kssl.cpp b/tdeio/kssl/kssl.cpp new file mode 100644 index 000000000..0f34a55da --- /dev/null +++ b/tdeio/kssl/kssl.cpp @@ -0,0 +1,699 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2000-2003 George Staikos + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +// this hack provided by Malte Starostik to avoid glibc/openssl bug +// on some systems +#ifdef KSSL_HAVE_SSL +#include +#include +#include +#define crypt _openssl_crypt +#include +#include +#include +#include +#include +#undef crypt +#endif + +#include "kssl.h" + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include + + +class KSSLPrivate { +public: + KSSLPrivate() { + lastInitTLS = false; + kossl = KOpenSSLProxy::self(); + session = 0L; + } + + ~KSSLPrivate() { + delete session; + session = 0L; + } + + bool lastInitTLS; + KSSLCertificate::KSSLValidation m_cert_vfy_res; + TQString proxyPeer; + +#ifdef KSSL_HAVE_SSL + SSL *m_ssl; + SSL_CTX *m_ctx; + SSL_METHOD *m_meth; +#endif + KSSLSession *session; + KOSSL *kossl; +}; + + +KSSL::KSSL(bool init) { + d = new KSSLPrivate; + m_bInit = false; + m_bAutoReconfig = true; + m_cfg = new KSSLSettings(); +#ifdef KSSL_HAVE_SSL + d->m_ssl = 0L; +#endif + + if (init) + initialize(); +} + + +KSSL::~KSSL() { + close(); + delete m_cfg; + delete d; +} + + +int KSSL::seedWithEGD() { +int rc = 0; +#ifdef KSSL_HAVE_SSL + if (m_cfg->useEGD() && !m_cfg->getEGDPath().isEmpty()) { + rc = d->kossl->RAND_egd(m_cfg->getEGDPath().latin1()); + if (rc < 0) + kdDebug(7029) << "KSSL: Error seeding PRNG with the EGD." << endl; + else kdDebug(7029) << "KSSL: PRNG was seeded with " << rc + << " bytes from the EGD." << endl; + } else if (m_cfg->useEFile() && !m_cfg->getEGDPath().isEmpty()) { + rc = d->kossl->RAND_load_file(m_cfg->getEGDPath().latin1(), -1); + if (rc < 0) + kdDebug(7029) << "KSSL: Error seeding PRNG with the entropy file." << endl; + else kdDebug(7029) << "KSSL: PRNG was seeded with " << rc + << " bytes from the entropy file." << endl; + } +#endif +return rc; +} + + +bool KSSL::TLSInit() { +#ifdef KSSL_HAVE_SSL +// kdDebug(7029) << "KSSL TLS initialize" << endl; + if (m_bInit) + return false; + + if (m_bAutoReconfig) + m_cfg->load(); + + if (!m_cfg->tlsv1()) + return false; + + seedWithEGD(); + d->m_meth = d->kossl->TLS_client_method(); + d->lastInitTLS = true; + + m_pi.reset(); + + d->m_ctx = d->kossl->SSL_CTX_new(d->m_meth); + if (d->m_ctx == 0L) { + return false; + } + + // set cipher list + TQString clist = m_cfg->getCipherList(); + //kdDebug(7029) << "Cipher list: " << clist << endl; + if (!clist.isEmpty()) + d->kossl->SSL_CTX_set_cipher_list(d->m_ctx, const_cast(clist.ascii())); + + m_bInit = true; +return true; +#else +return false; +#endif +} + + +bool KSSL::initialize() { +#ifdef KSSL_HAVE_SSL + kdDebug(7029) << "KSSL initialize" << endl; + if (m_bInit) + return false; + + if (m_bAutoReconfig) + m_cfg->load(); + + seedWithEGD(); + // FIXME: we should be able to force SSL off entirely. + d->lastInitTLS = false; + + m_pi.reset(); + + if (m_cfg->tlsv1() || (m_cfg->sslv3() && m_cfg->sslv2())) { + d->m_meth = d->kossl->TLS_client_method(); + } + else if (m_cfg->sslv3()) { + d->m_meth = d->kossl->SSLv3_client_method(); + } + else if (m_cfg->sslv2()) { + d->m_meth = d->kossl->SSLv2_client_method(); + } + +/* +if (m_cfg->sslv2() && m_cfg->sslv3()) kdDebug(7029) << "Double method" << endl; +else if (m_cfg->sslv2()) kdDebug(7029) << "SSL2 method" << endl; +else if (m_cfg->sslv3()) kdDebug(7029) << "SSL3 method" << endl; +*/ + + d->m_ctx = d->kossl->SSL_CTX_new(d->m_meth); + if (d->m_ctx == 0L) { + return false; + } + + // set cipher list + TQString clist = m_cfg->getCipherList(); + kdDebug(7029) << "Cipher list: " << clist << endl; + if (!clist.isEmpty()) + d->kossl->SSL_CTX_set_cipher_list(d->m_ctx, const_cast(clist.ascii())); + + m_bInit = true; +return true; +#else +return false; +#endif +} + + +bool KSSL::takeSession(KSSLSession *session) { +#ifdef KSSL_HAVE_SSL + if (!session) { + delete d->session; + d->session = 0L; + return true; + } + + // Take session reference + d->session = new KSSLSession; + d->session->_session = session->_session; + session->_session = 0L; + + return true; +#else + return false; +#endif +} + + +void KSSL::close() { +#ifdef KSSL_HAVE_SSL +//kdDebug(7029) << "KSSL close" << endl; + if (!m_bInit) + return; + + delete d->session; + d->session = 0L; + + if (d->m_ssl) { + d->kossl->SSL_shutdown(d->m_ssl); + d->kossl->SSL_free(d->m_ssl); + d->m_ssl = 0L; + } + + d->kossl->SSL_CTX_free(d->m_ctx); + if (m_cfg->useEFile() && !m_cfg->getEGDPath().isEmpty()) { + d->kossl->RAND_write_file(m_cfg->getEGDPath().latin1()); + } + + m_bInit = false; +#endif +} + + +bool KSSL::reInitialize() { + close(); +return initialize(); +} + +// get the callback file - it's hidden away in here +//#include "ksslcallback.c" + + +bool KSSL::setVerificationLogic() { +#if 0 +#ifdef KSSL_HAVE_SSL + // SSL_set_verify_result(d->m_ssl, X509_V_OK); + // SSL_CTX_set_verify(d->m_ctx, SSL_VERIFY_PEER, X509Callback); +#endif +#endif +return true; +} + + +int KSSL::accept(int sock) { +#ifdef KSSL_HAVE_SSL +// kdDebug(7029) << "KSSL accept" << endl; +int rc; + if (!m_bInit) + return -1; + d->m_ssl = d->kossl->SSL_new(d->m_ctx); + if (!d->m_ssl) + return -1; + + if (d->session) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (static_cast(d->session->_session)->sess_cert == 0) + { + kdDebug(7029) << "Can't reuse session, no certificate." << endl; + delete d->session; + d->session = 0; + } + else +#endif + if (1 == d->kossl->SSL_set_session(d->m_ssl, + static_cast(d->session->_session))) { + kdDebug(7029) << "Session ID is being reused." << endl; + } else { + kdDebug(7029) << "Error attempting to reuse session." << endl; + delete d->session; + d->session = 0; + } + } + +/* + if (!setVerificationLogic()) { + d->kossl->SSL_shutdown(d->m_ssl); + d->kossl->SSL_free(d->m_ssl); + d->m_ssl = 0; + return -1; + } +*/ + + int off = SSL_OP_ALL; + if (!d->lastInitTLS && !m_cfg->tlsv1()) + off |= SSL_OP_NO_TLSv1; + if (!m_cfg->sslv3()) + off |= SSL_OP_NO_SSLv3; + if (!m_cfg->sslv2()) + off |= SSL_OP_NO_SSLv2; + + d->kossl->_SSL_set_options(d->m_ssl, off); + + rc = d->kossl->SSL_set_fd(d->m_ssl, sock); + if (rc == 0) { + d->kossl->SSL_shutdown(d->m_ssl); + d->kossl->SSL_free(d->m_ssl); + d->m_ssl = 0; + return rc; + } +#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME + d->kossl->SSL_set_tlsext_host_name(d->m_ssl, d->proxyPeer.ascii()); +#endif + + rc = d->kossl->SSL_accept(d->m_ssl); + if (rc == 1) { + setConnectionInfo(); + setPeerInfo(); + kdDebug(7029) << "KSSL connected OK" << endl; + } else { + kdDebug(7029) << "KSSL accept failed - rc = " << rc << endl; + kdDebug(7029) << " ERROR = " + << d->kossl->SSL_get_error(d->m_ssl, rc) << endl; + d->kossl->SSL_shutdown(d->m_ssl); + d->kossl->SSL_free(d->m_ssl); + d->m_ssl = 0; + return -1; + } + + if (!d->kossl->_SSL_session_reused(d->m_ssl)) { + if (d->session) { + kdDebug(7029) << "Session reuse failed. New session used instead." << endl; + delete d->session; + d->session = 0L; + } + } + + if (!d->session) { + SSL_SESSION *sess = d->kossl->SSL_get1_session(d->m_ssl); + if (sess) { + d->session = new KSSLSession; + d->session->_session = sess; + } + } + +return rc; +#else +return -1; +#endif +} + + +int KSSL::connect(int sock) { +#ifdef KSSL_HAVE_SSL +// kdDebug(7029) << "KSSL connect" << endl; +int rc; + if (!m_bInit) + return -1; + d->m_ssl = d->kossl->SSL_new(d->m_ctx); + if (!d->m_ssl) + return -1; + + if (d->session) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (static_cast(d->session->_session)->sess_cert == 0) + { + kdDebug(7029) << "Can't reuse session, no certificate." << endl; + delete d->session; + d->session = 0; + } + else +#endif + if (1 == d->kossl->SSL_set_session(d->m_ssl, + static_cast(d->session->_session))) { + kdDebug(7029) << "Session ID is being reused." << endl; + } else { + kdDebug(7029) << "Error attempting to reuse session." << endl; + delete d->session; + d->session = 0; + } + } + +/* + if (!setVerificationLogic()) { + d->kossl->SSL_shutdown(d->m_ssl); + d->kossl->SSL_free(d->m_ssl); + d->m_ssl = 0; + return -1; + } +*/ + + int off = SSL_OP_ALL; + if (!d->lastInitTLS && !m_cfg->tlsv1()) + off |= SSL_OP_NO_TLSv1; + if (!m_cfg->sslv3()) + off |= SSL_OP_NO_SSLv3; + if (!m_cfg->sslv2()) + off |= SSL_OP_NO_SSLv2; + + d->kossl->_SSL_set_options(d->m_ssl, off); + + rc = d->kossl->SSL_set_fd(d->m_ssl, sock); + if (rc == 0) { + d->kossl->SSL_shutdown(d->m_ssl); + d->kossl->SSL_free(d->m_ssl); + d->m_ssl = 0; + return rc; + } +#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME + d->kossl->SSL_set_tlsext_host_name(d->m_ssl, d->proxyPeer.ascii()); +#endif + +connect_again: + rc = d->kossl->SSL_connect(d->m_ssl); + if (rc == 1) { + setConnectionInfo(); + setPeerInfo(); + kdDebug(7029) << "KSSL connected OK" << endl; + } else { + int err = d->kossl->SSL_get_error(d->m_ssl, rc); + if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { + // nonblocking - but we block anyways in connect() :) + goto connect_again; + } else { + kdDebug(7029) << "KSSL connect failed - rc = " + << rc << endl; + kdDebug(7029) << " ERROR = " + << err << endl; + d->kossl->ERR_print_errors_fp(stderr); + d->kossl->SSL_shutdown(d->m_ssl); + d->kossl->SSL_free(d->m_ssl); + d->m_ssl = 0; + return -1; + } + } + + if (!d->kossl->_SSL_session_reused(d->m_ssl)) { + if (d->session) { + kdDebug(7029) << "Session reuse failed. New session used instead." << endl; + delete d->session; + d->session = 0L; + } + } + + if (!d->session) { + SSL_SESSION *sess = d->kossl->SSL_get1_session(d->m_ssl); + if (sess) { + d->session = new KSSLSession; + d->session->_session = sess; + } + } + +return rc; +#else +return -1; +#endif +} + + +int KSSL::pending() { +#ifdef KSSL_HAVE_SSL + if (!m_bInit) + return -1; +return d->kossl->SSL_pending(d->m_ssl); +#else +return -1; +#endif +} + + +int KSSL::peek(void *buf, int len) { +#ifdef KSSL_HAVE_SSL + if (!m_bInit) + return -1; + // FIXME: enhance to work the way read() does below, handling errors +return d->kossl->SSL_peek(d->m_ssl, buf, len); +#else +return -1; +#endif +} + + +int KSSL::read(void *buf, int len) { +#ifdef KSSL_HAVE_SSL + int rc = 0; + int maxIters = 10; + + if (!m_bInit) + return -1; + +read_again: + rc = d->kossl->SSL_read(d->m_ssl, (char *)buf, len); + if (rc <= 0) { + int err = d->kossl->SSL_get_error(d->m_ssl, rc); + + if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { + kdDebug(7029) << "SSL read() returning 0: " << err << endl; + if (maxIters-- > 0) { + ::usleep(20000); // 20ms sleep + goto read_again; + } + return 0; + } + + kdDebug(7029) << "SSL READ ERROR: " << err << endl; + if (err != SSL_ERROR_NONE && + err != SSL_ERROR_ZERO_RETURN && err != SSL_ERROR_SYSCALL) { + rc = -1; // OpenSSL returns 0 on error too + d->kossl->ERR_print_errors_fp(stderr); + } + +// else if (err == SSL_ERROR_ZERO_RETURN) +// rc = 0; + } +return rc; +#else +return -1; +#endif +} + + +int KSSL::write(const void *buf, int len) { +#ifdef KSSL_HAVE_SSL + if (!m_bInit) + return -1; + +write_again: + int rc = d->kossl->SSL_write(d->m_ssl, (const char *)buf, len); + if (rc <= 0) { // OpenSSL returns 0 on error too + int err = d->kossl->SSL_get_error(d->m_ssl, rc); + + if (err == SSL_ERROR_WANT_WRITE) { + ::usleep(20000); // 20ms sleep + goto write_again; + } + + kdDebug(7029) << "SSL WRITE ERROR: " << err << endl; + if (err != SSL_ERROR_NONE && + err != SSL_ERROR_ZERO_RETURN && err != SSL_ERROR_SYSCALL) + rc = -1; + } + +return rc; +#else +return -1; +#endif +} + + +bool KSSL::reconfig() { + return reInitialize(); +} + + +void KSSL::setAutoReconfig(bool ar) { + m_bAutoReconfig = ar; +} + + +bool KSSL::setSettings(KSSLSettings *settings) { + delete m_cfg; + m_cfg = settings; + return reconfig(); +} + + +#ifdef KSSL_HAVE_SSL +bool KSSL::m_bSSLWorks = true; +#else +bool KSSL::m_bSSLWorks = false; +#endif + +bool KSSL::doesSSLWork() { + return m_bSSLWorks; +} + + +void KSSL::setConnectionInfo() { +#ifdef KSSL_HAVE_SSL +SSL_CIPHER *sc; +char buf[1024]; + + buf[0] = 0; // for safety. + sc = d->kossl->SSL_get_current_cipher(d->m_ssl); + if (!sc) { + kdDebug(7029) << "KSSL get current cipher failed - we're probably gonna crash!" << endl; + return; + } + + // set the number of bits, bits used + m_ci.m_iCipherUsedBits = d->kossl->SSL_CIPHER_get_bits(sc, &(m_ci.m_iCipherBits)); + // set the cipher version + m_ci.m_cipherVersion = d->kossl->SSL_CIPHER_get_version(sc); + // set the cipher name + m_ci.m_cipherName = d->kossl->SSL_CIPHER_get_name(sc); + // set the cipher description + m_ci.m_cipherDescription = d->kossl->SSL_CIPHER_description(sc, buf, 1023); + +#endif +} + + +void KSSL::setPeerInfo() { +#ifdef KSSL_HAVE_SSL + m_pi.setPeerHost(d->proxyPeer); + m_pi.m_cert.setCert(d->kossl->SSL_get_peer_certificate(d->m_ssl)); + STACK_OF(X509) *xs = d->kossl->SSL_get_peer_cert_chain(d->m_ssl); + if (xs) + xs = reinterpret_cast(d->kossl->OPENSSL_sk_dup(xs)); // Leak? + m_pi.m_cert.setChain((void *)xs); +#endif +} + + +KSSLConnectionInfo& KSSL::connectionInfo() { + return m_ci; +} + + +// KDE 4: Make it const TQString & +void KSSL::setPeerHost(TQString realHost) { + d->proxyPeer = realHost; +} + +// deprecated +void KSSL::setProxyUse(bool, TQString, int, TQString) { +} + + +KSSLPeerInfo& KSSL::peerInfo() { + return m_pi; +} + + +bool KSSL::setClientCertificate(KSSLPKCS12 *pkcs) { +#ifdef KSSL_HAVE_SSL + if (!pkcs || !pkcs->getCertificate()) + return false; + +int rc; +X509 *x = pkcs->getCertificate()->getCert(); +EVP_PKEY *k = pkcs->getPrivateKey(); + + if (!x || !k) return false; + + if (!pkcs->getCertificate()->x509V3Extensions().certTypeSSLClient()) + return false; + + rc = d->kossl->SSL_CTX_use_certificate(d->m_ctx, x); + if (rc <= 0) { + kdDebug(7029) << "KSSL - SSL_CTX_use_certificate failed. rc = " << rc << endl; + return false; + } + + rc = d->kossl->SSL_CTX_use_PrivateKey(d->m_ctx, k); + if (rc <= 0) { + kdDebug(7029) << "KSSL - SSL_CTX_use_PrivateKey failed. rc = " << rc << endl; + return false; + } + + return true; +#else + return false; +#endif +} + +const KSSLSession* KSSL::session() const { + return d->session; +} + +bool KSSL::reusingSession() const { +#ifdef KSSL_HAVE_SSL + return (d->m_ssl && d->kossl->_SSL_session_reused(d->m_ssl)); +#else + return false; +#endif +} + diff --git a/tdeio/kssl/ksslcertchain.cc b/tdeio/kssl/ksslcertchain.cc deleted file mode 100644 index 4f14e4be1..000000000 --- a/tdeio/kssl/ksslcertchain.cc +++ /dev/null @@ -1,194 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2001 George Staikos - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ -#ifdef HAVE_CONFIG_H -#include -#endif - -#include "kssldefs.h" -#include "ksslcertificate.h" -#include "ksslcertchain.h" - -// this hack provided by Malte Starostik to avoid glibc/openssl bug -// on some systems -#ifdef KSSL_HAVE_SSL -#define crypt _openssl_crypt -#include -#include -#include -#include -#include -#include -#include -#undef crypt -#endif - -#include -#include -#include - - -class KSSLCertChainPrivate { -public: - KSSLCertChainPrivate() { - kossl = KOSSL::self(); - } - - ~KSSLCertChainPrivate() { - } - - KOSSL *kossl; -}; - -KSSLCertChain::KSSLCertChain() { - d = new KSSLCertChainPrivate; - _chain = NULL; -} - - -KSSLCertChain::~KSSLCertChain() { -#ifdef KSSL_HAVE_SSL - if (_chain) { - STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; - - for (;;) { - X509* x5 = reinterpret_cast(d->kossl->OPENSSL_sk_pop(x)); - if (!x5) break; - d->kossl->X509_free(x5); - } - d->kossl->OPENSSL_sk_free(x); - } -#endif - delete d; -} - - -bool KSSLCertChain::isValid() { - return (_chain && depth() > 0); -} - - -KSSLCertChain *KSSLCertChain::replicate() { -KSSLCertChain *x = new KSSLCertChain; -TQPtrList ch = getChain(); - - x->setChain(ch); // this will do a deep copy for us - ch.setAutoDelete(true); -return x; -} - - -int KSSLCertChain::depth() { -#ifdef KSSL_HAVE_SSL - return d->kossl->OPENSSL_sk_num((STACK_OF(X509)*)_chain); -#endif -return 0; -} - - -TQPtrList KSSLCertChain::getChain() { -TQPtrList cl; -if (!_chain) return cl; -#ifdef KSSL_HAVE_SSL -STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; - - for (int i = 0; i < d->kossl->OPENSSL_sk_num(x); i++) { - X509* x5 = reinterpret_cast(d->kossl->OPENSSL_sk_value(x, i)); - if (!x5) continue; - KSSLCertificate *nc = new KSSLCertificate; - nc->setCert(d->kossl->X509_dup(x5)); - cl.append(nc); - } - -#endif -return cl; -} - - -void KSSLCertChain::setChain(TQPtrList& chain) { -#ifdef KSSL_HAVE_SSL -if (_chain) { - STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; - - for (;;) { - X509* x5 = reinterpret_cast(d->kossl->OPENSSL_sk_pop(x)); - if (!x5) break; - d->kossl->X509_free(x5); - } - d->kossl->OPENSSL_sk_free(x); - _chain = NULL; -} - - if (chain.count() == 0) return; - _chain = reinterpret_cast(d->kossl->OPENSSL_sk_new(NULL)); - for (KSSLCertificate *x = chain.first(); x != 0; x = chain.next()) { - d->kossl->OPENSSL_sk_push((STACK_OF(X509) *)_chain, d->kossl->X509_dup(x->getCert())); - } - -#endif -} - - -void KSSLCertChain::setChain(void *stack_of_x509) { -#ifdef KSSL_HAVE_SSL - if (_chain) { - STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; - - for (;;) { - X509* x5 = reinterpret_cast(d->kossl->OPENSSL_sk_pop(x)); - if (!x5) break; - d->kossl->X509_free(x5); - } - d->kossl->OPENSSL_sk_free(x); - _chain = NULL; - } - - if (!stack_of_x509) return; - - _chain = reinterpret_cast(d->kossl->OPENSSL_sk_new(NULL)); - STACK_OF(X509) *x = (STACK_OF(X509) *)stack_of_x509; - - for (int i = 0; i < d->kossl->OPENSSL_sk_num(x); i++) { - X509* x5 = reinterpret_cast(d->kossl->OPENSSL_sk_value(x, i)); - if (!x5) continue; - d->kossl->OPENSSL_sk_push((STACK_OF(X509)*)_chain,d->kossl->X509_dup(x5)); - } - -#else - _chain = NULL; -#endif -} - - -void KSSLCertChain::setChain(TQStringList chain) { - setCertChain(chain); -} - -void KSSLCertChain::setCertChain(const TQStringList& chain) { - TQPtrList cl; - cl.setAutoDelete(true); - for (TQStringList::ConstIterator s = chain.begin(); s != chain.end(); ++s) { - KSSLCertificate *c = KSSLCertificate::fromString((*s).local8Bit()); - if (c) { - cl.append(c); - } - } - setChain(cl); -} - diff --git a/tdeio/kssl/ksslcertchain.cpp b/tdeio/kssl/ksslcertchain.cpp new file mode 100644 index 000000000..4f14e4be1 --- /dev/null +++ b/tdeio/kssl/ksslcertchain.cpp @@ -0,0 +1,194 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2001 George Staikos + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ +#ifdef HAVE_CONFIG_H +#include +#endif + +#include "kssldefs.h" +#include "ksslcertificate.h" +#include "ksslcertchain.h" + +// this hack provided by Malte Starostik to avoid glibc/openssl bug +// on some systems +#ifdef KSSL_HAVE_SSL +#define crypt _openssl_crypt +#include +#include +#include +#include +#include +#include +#include +#undef crypt +#endif + +#include +#include +#include + + +class KSSLCertChainPrivate { +public: + KSSLCertChainPrivate() { + kossl = KOSSL::self(); + } + + ~KSSLCertChainPrivate() { + } + + KOSSL *kossl; +}; + +KSSLCertChain::KSSLCertChain() { + d = new KSSLCertChainPrivate; + _chain = NULL; +} + + +KSSLCertChain::~KSSLCertChain() { +#ifdef KSSL_HAVE_SSL + if (_chain) { + STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; + + for (;;) { + X509* x5 = reinterpret_cast(d->kossl->OPENSSL_sk_pop(x)); + if (!x5) break; + d->kossl->X509_free(x5); + } + d->kossl->OPENSSL_sk_free(x); + } +#endif + delete d; +} + + +bool KSSLCertChain::isValid() { + return (_chain && depth() > 0); +} + + +KSSLCertChain *KSSLCertChain::replicate() { +KSSLCertChain *x = new KSSLCertChain; +TQPtrList ch = getChain(); + + x->setChain(ch); // this will do a deep copy for us + ch.setAutoDelete(true); +return x; +} + + +int KSSLCertChain::depth() { +#ifdef KSSL_HAVE_SSL + return d->kossl->OPENSSL_sk_num((STACK_OF(X509)*)_chain); +#endif +return 0; +} + + +TQPtrList KSSLCertChain::getChain() { +TQPtrList cl; +if (!_chain) return cl; +#ifdef KSSL_HAVE_SSL +STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; + + for (int i = 0; i < d->kossl->OPENSSL_sk_num(x); i++) { + X509* x5 = reinterpret_cast(d->kossl->OPENSSL_sk_value(x, i)); + if (!x5) continue; + KSSLCertificate *nc = new KSSLCertificate; + nc->setCert(d->kossl->X509_dup(x5)); + cl.append(nc); + } + +#endif +return cl; +} + + +void KSSLCertChain::setChain(TQPtrList& chain) { +#ifdef KSSL_HAVE_SSL +if (_chain) { + STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; + + for (;;) { + X509* x5 = reinterpret_cast(d->kossl->OPENSSL_sk_pop(x)); + if (!x5) break; + d->kossl->X509_free(x5); + } + d->kossl->OPENSSL_sk_free(x); + _chain = NULL; +} + + if (chain.count() == 0) return; + _chain = reinterpret_cast(d->kossl->OPENSSL_sk_new(NULL)); + for (KSSLCertificate *x = chain.first(); x != 0; x = chain.next()) { + d->kossl->OPENSSL_sk_push((STACK_OF(X509) *)_chain, d->kossl->X509_dup(x->getCert())); + } + +#endif +} + + +void KSSLCertChain::setChain(void *stack_of_x509) { +#ifdef KSSL_HAVE_SSL + if (_chain) { + STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; + + for (;;) { + X509* x5 = reinterpret_cast(d->kossl->OPENSSL_sk_pop(x)); + if (!x5) break; + d->kossl->X509_free(x5); + } + d->kossl->OPENSSL_sk_free(x); + _chain = NULL; + } + + if (!stack_of_x509) return; + + _chain = reinterpret_cast(d->kossl->OPENSSL_sk_new(NULL)); + STACK_OF(X509) *x = (STACK_OF(X509) *)stack_of_x509; + + for (int i = 0; i < d->kossl->OPENSSL_sk_num(x); i++) { + X509* x5 = reinterpret_cast(d->kossl->OPENSSL_sk_value(x, i)); + if (!x5) continue; + d->kossl->OPENSSL_sk_push((STACK_OF(X509)*)_chain,d->kossl->X509_dup(x5)); + } + +#else + _chain = NULL; +#endif +} + + +void KSSLCertChain::setChain(TQStringList chain) { + setCertChain(chain); +} + +void KSSLCertChain::setCertChain(const TQStringList& chain) { + TQPtrList cl; + cl.setAutoDelete(true); + for (TQStringList::ConstIterator s = chain.begin(); s != chain.end(); ++s) { + KSSLCertificate *c = KSSLCertificate::fromString((*s).local8Bit()); + if (c) { + cl.append(c); + } + } + setChain(cl); +} + diff --git a/tdeio/kssl/ksslcertdlg.cc b/tdeio/kssl/ksslcertdlg.cc deleted file mode 100644 index 7431d4c0a..000000000 --- a/tdeio/kssl/ksslcertdlg.cc +++ /dev/null @@ -1,174 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2001-2003 George Staikos - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - -#include "ksslcertdlg.h" - -#include - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include - - -class KSSLCertDlg::KSSLCertDlgPrivate { -private: - friend class KSSLCertDlg; - TQLabel *p_message; - TQPushButton *p_pb_dontsend; - bool p_send_flag; -}; - -KSSLCertDlg::KSSLCertDlg(TQWidget *parent, const char *name, bool modal) - : KDialog(parent, name, modal), d(new KSSLCertDlgPrivate) { - - TQBoxLayout * grid = new TQVBoxLayout( this, KDialog::marginHint(), - KDialog::spacingHint() ); - - d->p_message = new TQLabel(TQString::null, this); - grid->addWidget(d->p_message); - setHost(_host); - - _certs = new TQListView(this); - _certs->addColumn(i18n("Certificate")); - _certs->setResizeMode(TQListView::LastColumn); - TQFontMetrics fm( TDEGlobalSettings::generalFont() ); - _certs->setMinimumHeight(4*fm.height()); - grid->addWidget(_certs); - - _save = new TQCheckBox(i18n("Save selection for this host."), this); - grid->addWidget(_save); - - grid->addWidget(new KSeparator(KSeparator::HLine, this)); - - TQBoxLayout * h = new TQHBoxLayout( grid ); - h->insertStretch(0); - - _ok = new KPushButton(i18n("Send certificate"), this); - h->addWidget(_ok); - connect(_ok, TQT_SIGNAL(clicked()), TQT_SLOT(slotSend())); - - d->p_pb_dontsend = new KPushButton(i18n("Do not send a certificate"), this); - h->addWidget(d->p_pb_dontsend); - connect(d->p_pb_dontsend, TQT_SIGNAL(clicked()), TQT_SLOT(slotDont())); - -#ifndef TQT_NO_WIDGET_TOPEXTRA - setCaption(i18n("TDE SSL Certificate Dialog")); -#endif -} - - -KSSLCertDlg::~KSSLCertDlg() { - delete d; -} - - -void KSSLCertDlg::setup(TQStringList certs, bool saveChecked, bool sendChecked) { - setupDialog(certs, saveChecked, sendChecked); -} - -void KSSLCertDlg::setupDialog(const TQStringList& certs, bool saveChecked, bool sendChecked) { - _save->setChecked(saveChecked); - d->p_send_flag = sendChecked; - - if (sendChecked) - _ok->setDefault(true); // "do send" is the "default action". - else - d->p_pb_dontsend->setDefault(true); // "do not send" is the "default action". - - for (TQStringList::ConstIterator i = certs.begin(); i != certs.end(); ++i) { - if ((*i).isEmpty()) - continue; - - new TQListViewItem(_certs, *i); - } - - _certs->setSelected(_certs->firstChild(), true); -} - - -bool KSSLCertDlg::saveChoice() { - return _save->isChecked(); -} - - -bool KSSLCertDlg::wantsToSend() { - return d->p_send_flag; -} - - -TQString KSSLCertDlg::getChoice() { - TQListViewItem *selected = _certs->selectedItem(); - if (selected && d->p_send_flag) - return selected->text(0); - else - return TQString::null; -} - - -void KSSLCertDlg::setHost(const TQString& host) { - _host = host; - d->p_message->setText(i18n("The server %1 requests a certificate.

" - "Select a certificate to use from the list below:") - .arg(_host)); -} - - -void KSSLCertDlg::slotSend() { - d->p_send_flag = true; - accept(); -} - - -void KSSLCertDlg::slotDont() { - d->p_send_flag = false; - reject(); -} - - -TQDataStream& operator<<(TQDataStream& s, const KSSLCertDlgRet& r) { - s << TQ_INT8(r.ok?1:0) << r.choice << TQ_INT8(r.save?1:0) << TQ_INT8(r.send?1:0); - return s; -} - - -TQDataStream& operator>>(TQDataStream& s, KSSLCertDlgRet& r) { -TQ_INT8 tmp; - s >> tmp; r.ok = (tmp == 1); - s >> r.choice; - s >> tmp; r.save = (tmp == 1); - s >> tmp; r.send = (tmp == 1); - return s; -} - - -#include "ksslcertdlg.moc" - diff --git a/tdeio/kssl/ksslcertdlg.cpp b/tdeio/kssl/ksslcertdlg.cpp new file mode 100644 index 000000000..7431d4c0a --- /dev/null +++ b/tdeio/kssl/ksslcertdlg.cpp @@ -0,0 +1,174 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2001-2003 George Staikos + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + +#include "ksslcertdlg.h" + +#include + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + + +class KSSLCertDlg::KSSLCertDlgPrivate { +private: + friend class KSSLCertDlg; + TQLabel *p_message; + TQPushButton *p_pb_dontsend; + bool p_send_flag; +}; + +KSSLCertDlg::KSSLCertDlg(TQWidget *parent, const char *name, bool modal) + : KDialog(parent, name, modal), d(new KSSLCertDlgPrivate) { + + TQBoxLayout * grid = new TQVBoxLayout( this, KDialog::marginHint(), + KDialog::spacingHint() ); + + d->p_message = new TQLabel(TQString::null, this); + grid->addWidget(d->p_message); + setHost(_host); + + _certs = new TQListView(this); + _certs->addColumn(i18n("Certificate")); + _certs->setResizeMode(TQListView::LastColumn); + TQFontMetrics fm( TDEGlobalSettings::generalFont() ); + _certs->setMinimumHeight(4*fm.height()); + grid->addWidget(_certs); + + _save = new TQCheckBox(i18n("Save selection for this host."), this); + grid->addWidget(_save); + + grid->addWidget(new KSeparator(KSeparator::HLine, this)); + + TQBoxLayout * h = new TQHBoxLayout( grid ); + h->insertStretch(0); + + _ok = new KPushButton(i18n("Send certificate"), this); + h->addWidget(_ok); + connect(_ok, TQT_SIGNAL(clicked()), TQT_SLOT(slotSend())); + + d->p_pb_dontsend = new KPushButton(i18n("Do not send a certificate"), this); + h->addWidget(d->p_pb_dontsend); + connect(d->p_pb_dontsend, TQT_SIGNAL(clicked()), TQT_SLOT(slotDont())); + +#ifndef TQT_NO_WIDGET_TOPEXTRA + setCaption(i18n("TDE SSL Certificate Dialog")); +#endif +} + + +KSSLCertDlg::~KSSLCertDlg() { + delete d; +} + + +void KSSLCertDlg::setup(TQStringList certs, bool saveChecked, bool sendChecked) { + setupDialog(certs, saveChecked, sendChecked); +} + +void KSSLCertDlg::setupDialog(const TQStringList& certs, bool saveChecked, bool sendChecked) { + _save->setChecked(saveChecked); + d->p_send_flag = sendChecked; + + if (sendChecked) + _ok->setDefault(true); // "do send" is the "default action". + else + d->p_pb_dontsend->setDefault(true); // "do not send" is the "default action". + + for (TQStringList::ConstIterator i = certs.begin(); i != certs.end(); ++i) { + if ((*i).isEmpty()) + continue; + + new TQListViewItem(_certs, *i); + } + + _certs->setSelected(_certs->firstChild(), true); +} + + +bool KSSLCertDlg::saveChoice() { + return _save->isChecked(); +} + + +bool KSSLCertDlg::wantsToSend() { + return d->p_send_flag; +} + + +TQString KSSLCertDlg::getChoice() { + TQListViewItem *selected = _certs->selectedItem(); + if (selected && d->p_send_flag) + return selected->text(0); + else + return TQString::null; +} + + +void KSSLCertDlg::setHost(const TQString& host) { + _host = host; + d->p_message->setText(i18n("The server %1 requests a certificate.

" + "Select a certificate to use from the list below:") + .arg(_host)); +} + + +void KSSLCertDlg::slotSend() { + d->p_send_flag = true; + accept(); +} + + +void KSSLCertDlg::slotDont() { + d->p_send_flag = false; + reject(); +} + + +TQDataStream& operator<<(TQDataStream& s, const KSSLCertDlgRet& r) { + s << TQ_INT8(r.ok?1:0) << r.choice << TQ_INT8(r.save?1:0) << TQ_INT8(r.send?1:0); + return s; +} + + +TQDataStream& operator>>(TQDataStream& s, KSSLCertDlgRet& r) { +TQ_INT8 tmp; + s >> tmp; r.ok = (tmp == 1); + s >> r.choice; + s >> tmp; r.save = (tmp == 1); + s >> tmp; r.send = (tmp == 1); + return s; +} + + +#include "ksslcertdlg.moc" + diff --git a/tdeio/kssl/ksslcertificate.cc b/tdeio/kssl/ksslcertificate.cc deleted file mode 100644 index edf877496..000000000 --- a/tdeio/kssl/ksslcertificate.cc +++ /dev/null @@ -1,1236 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2000-2003 George Staikos - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - - -#ifdef HAVE_CONFIG_H -#include -#endif - - - -#include -#include -#include -#include - -#include "kssldefs.h" -#include "ksslcertificate.h" -#include "ksslcertchain.h" -#include "ksslutils.h" - -#include -#include -#include -#include -#include - -#include - -#ifdef HAVE_SYS_STAT_H -#include -#endif - -// this hack provided by Malte Starostik to avoid glibc/openssl bug -// on some systems -#ifdef KSSL_HAVE_SSL -#define crypt _openssl_crypt -#include -#include -#include -#include -#include -#undef crypt -#endif - -#include -#include -#include -#include "ksslx509v3.h" - - - -static char hv[] = {'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'}; - - -class KSSLCertificatePrivate { -public: - KSSLCertificatePrivate() { - kossl = KOSSL::self(); - _lastPurpose = KSSLCertificate::None; - } - - ~KSSLCertificatePrivate() { - } - - KSSLCertificate::KSSLValidation m_stateCache; - bool m_stateCached; - #ifdef KSSL_HAVE_SSL - X509 *m_cert; - X509_CRL *m_cert_crl; - #endif - KOSSL *kossl; - KSSLCertChain _chain; - KSSLX509V3 _extensions; - KSSLCertificate::KSSLPurpose _lastPurpose; -}; - -KSSLCertificate::KSSLCertificate() { - d = new KSSLCertificatePrivate; - d->m_stateCached = false; - TDEGlobal::dirs()->addResourceType("kssl", TDEStandardDirs::kde_default("data") + "kssl"); - #ifdef KSSL_HAVE_SSL - d->m_cert = NULL; - d->m_cert_crl = NULL; - #endif -} - - -KSSLCertificate::KSSLCertificate(const KSSLCertificate& x) { - d = new KSSLCertificatePrivate; - d->m_stateCached = false; - TDEGlobal::dirs()->addResourceType("kssl", TDEStandardDirs::kde_default("data") + "kssl"); - #ifdef KSSL_HAVE_SSL - d->m_cert = NULL; - d->m_cert_crl = NULL; - setCert(KOSSL::self()->X509_dup(const_cast(x).getCert())); - KSSLCertChain *c = x.d->_chain.replicate(); - setChain(c->rawChain()); - delete c; - #endif -} - - - -KSSLCertificate::~KSSLCertificate() { -#ifdef KSSL_HAVE_SSL - if (d->m_cert) { - d->kossl->X509_free(d->m_cert); - } - if (d->m_cert_crl) { - d->kossl->X509_CRL_free(d->m_cert_crl); - } -#endif - delete d; -} - - -KSSLCertChain& KSSLCertificate::chain() { - return d->_chain; -} - - -KSSLCertificate *KSSLCertificate::fromX509(X509 *x5) { -KSSLCertificate *n = NULL; -#ifdef KSSL_HAVE_SSL - if (x5) { - n = new KSSLCertificate; - n->setCert(KOSSL::self()->X509_dup(x5)); - } -#endif -return n; -} - - -KSSLCertificate *KSSLCertificate::fromString(TQCString cert) { -KSSLCertificate *n = NULL; -#ifdef KSSL_HAVE_SSL - if (cert.length() == 0) - return NULL; - - TQByteArray qba, qbb = cert.copy(); - KCodecs::base64Decode(qbb, qba); - unsigned char *qbap = reinterpret_cast(qba.data()); - X509 *x5c = KOSSL::self()->d2i_X509(NULL, &qbap, qba.size()); - if (!x5c) { - return NULL; - } - - n = new KSSLCertificate; - n->setCert(x5c); -#endif -return n; -} - -KSSLCertificate *KSSLCertificate::crlFromString(TQCString cert) { -KSSLCertificate *n = NULL; -#ifdef KSSL_HAVE_SSL - if (cert.length() == 0) - return NULL; - - TQByteArray qba, qbb = cert.copy(); - KCodecs::base64Decode(qbb, qba); - unsigned char *qbap = reinterpret_cast(qba.data()); - X509_CRL *x5c = KOSSL::self()->d2i_X509_CRL(NULL, &qbap, qba.size()); - if (!x5c) { - return NULL; - } - - n = new KSSLCertificate; - n->setCRL(x5c); -#endif -return n; -} - - - -TQString KSSLCertificate::getSubject() const { -TQString rc = ""; - -#ifdef KSSL_HAVE_SSL - char *t = d->kossl->X509_NAME_oneline(d->kossl->X509_get_subject_name(d->m_cert), 0, 0); - if (!t) - return rc; - rc = t; - d->kossl->CRYPTO_free(t); -#endif -return rc; -} - - -TQString KSSLCertificate::getSerialNumber() const { -TQString rc = ""; - -#ifdef KSSL_HAVE_SSL - ASN1_INTEGER *aint = d->kossl->X509_get_serialNumber(d->m_cert); - if (aint) { - rc = ASN1_INTEGER_QString(aint); - // d->kossl->ASN1_INTEGER_free(aint); this makes the sig test fail - } -#endif -return rc; -} - - -TQString KSSLCertificate::getSignatureText() const { -TQString rc = ""; - -#ifdef KSSL_HAVE_SSL -char *s; -int n, i; - - const ASN1_BIT_STRING *signature = 0L; - const X509_ALGOR *sig_alg = 0L; - d->kossl->X509_get0_signature(&signature, &sig_alg, d->m_cert); - i = d->kossl->OBJ_obj2nid(sig_alg->algorithm); - rc = i18n("Signature Algorithm: "); - rc += (i == NID_undef)?i18n("Unknown"):TQString(d->kossl->OBJ_nid2ln(i)); - - rc += "\n"; - rc += i18n("Signature Contents:"); - n = signature->length; - s = (char *)signature->data; - for (i = 0; i < n; i++) { - if (i%20 != 0) rc += ":"; - else rc += "\n"; - rc.append(hv[(s[i]&0xf0)>>4]); - rc.append(hv[s[i]&0x0f]); - } - -#endif - -return rc; -} - - -void KSSLCertificate::getEmails(TQStringList &to) const { - to.clear(); -#ifdef KSSL_HAVE_SSL - if (!d->m_cert) - return; - - STACK *s = d->kossl->X509_get1_email(d->m_cert); - if (s) { - for(int n=0; n < d->kossl->OPENSSL_sk_num(s); n++) { - to.append(d->kossl->OPENSSL_sk_value(s,n)); - } - d->kossl->X509_email_free(s); - } -#endif -} - - -TQString KSSLCertificate::getKDEKey() const { - return getSubject() + " (" + getMD5DigestText() + ")"; -} - - -TQString KSSLCertificate::getMD5DigestFromKDEKey(const TQString &k) { - TQString rc; - int pos = k.findRev('('); - if (pos != -1) { - unsigned int len = k.length(); - if (k.at(len-1) == ')') { - rc = k.mid(pos+1, len-pos-2); - } - } - return rc; -} - - -TQString KSSLCertificate::getMD5DigestText() const { -TQString rc = ""; - -#ifdef KSSL_HAVE_SSL - unsigned int n; - unsigned char md[EVP_MAX_MD_SIZE]; - - if (!d->kossl->X509_digest(d->m_cert, d->kossl->EVP_md5(), md, &n)) { - return rc; - } - - for (unsigned int j = 0; j < n; j++) { - if (j > 0) - rc += ":"; - rc.append(hv[(md[j]&0xf0)>>4]); - rc.append(hv[md[j]&0x0f]); - } - -#endif - -return rc; -} - - - -TQString KSSLCertificate::getMD5Digest() const { -TQString rc = ""; - -#ifdef KSSL_HAVE_SSL - unsigned int n; - unsigned char md[EVP_MAX_MD_SIZE]; - - if (!d->kossl->X509_digest(d->m_cert, d->kossl->EVP_md5(), md, &n)) { - return rc; - } - - for (unsigned int j = 0; j < n; j++) { - rc.append(hv[(md[j]&0xf0)>>4]); - rc.append(hv[md[j]&0x0f]); - } - -#endif - -return rc; -} - - - -TQString KSSLCertificate::getKeyType() const { -TQString rc = ""; - -#ifdef KSSL_HAVE_SSL - EVP_PKEY *pkey = d->kossl->X509_get_pubkey(d->m_cert); - if (pkey) { - #ifndef NO_RSA - if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) - rc = "RSA"; - else - #endif - #ifndef NO_DSA - if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA) - rc = "DSA"; - else - #endif - rc = "Unknown"; - d->kossl->EVP_PKEY_free(pkey); - } -#endif - -return rc; -} - - - -TQString KSSLCertificate::getPublicKeyText() const { -TQString rc = ""; -char *x = NULL; - -#ifdef KSSL_HAVE_SSL - EVP_PKEY *pkey = d->kossl->X509_get_pubkey(d->m_cert); - if (pkey) { - rc = i18n("Unknown", "Unknown key algorithm"); - #ifndef NO_RSA - if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) { - rc = i18n("Key type: RSA (%1 bit)") + "\n"; - - RSA *pkey_rsa = d->kossl->EVP_PKEY_get0_RSA(pkey); - const BIGNUM *bn_n = 0L; - const BIGNUM *bn_e = 0L; - d->kossl->RSA_get0_key(pkey_rsa, &bn_n, &bn_e, NULL); - x = d->kossl->BN_bn2hex(bn_n); - rc += i18n("Modulus: "); - rc = rc.arg(strlen(x)*4); - for (unsigned int i = 0; i < strlen(x); i++) { - if (i%40 != 0 && i%2 == 0) - rc += ":"; - else if (i%40 == 0) - rc += "\n"; - rc += x[i]; - } - rc += "\n"; - d->kossl->CRYPTO_free(x); - - x = d->kossl->BN_bn2hex(bn_e); - rc += i18n("Exponent: 0x") + x + "\n"; - d->kossl->CRYPTO_free(x); - } - #endif - #ifndef NO_DSA - if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA) { - rc = i18n("Key type: DSA (%1 bit)") + "\n"; - - DSA *pkey_dsa = d->kossl->EVP_PKEY_get0_DSA(pkey); - const BIGNUM *bn_p = 0L; - const BIGNUM *bn_q = 0L; - const BIGNUM *bn_g = 0L; - const BIGNUM *bn_pub_key = 0L; - d->kossl->DSA_get0_pqg(pkey_dsa, &bn_p, &bn_q, &bn_g); - d->kossl->DSA_get0_key(pkey_dsa, &bn_pub_key, NULL); - - x = d->kossl->BN_bn2hex(bn_p); - rc += i18n("Prime: "); - // hack - this may not be always accurate - rc = rc.arg(strlen(x)*4) ; - for (unsigned int i = 0; i < strlen(x); i++) { - if (i%40 != 0 && i%2 == 0) - rc += ":"; - else if (i%40 == 0) - rc += "\n"; - rc += x[i]; - } - rc += "\n"; - d->kossl->CRYPTO_free(x); - - x = d->kossl->BN_bn2hex(bn_q); - rc += i18n("160 bit prime factor: "); - for (unsigned int i = 0; i < strlen(x); i++) { - if (i%40 != 0 && i%2 == 0) - rc += ":"; - else if (i%40 == 0) - rc += "\n"; - rc += x[i]; - } - rc += "\n"; - d->kossl->CRYPTO_free(x); - - x = d->kossl->BN_bn2hex(bn_g); - rc += TQString("g: "); - for (unsigned int i = 0; i < strlen(x); i++) { - if (i%40 != 0 && i%2 == 0) - rc += ":"; - else if (i%40 == 0) - rc += "\n"; - rc += x[i]; - } - rc += "\n"; - d->kossl->CRYPTO_free(x); - - x = d->kossl->BN_bn2hex(bn_pub_key); - rc += i18n("Public key: "); - for (unsigned int i = 0; i < strlen(x); i++) { - if (i%40 != 0 && i%2 == 0) - rc += ":"; - else if (i%40 == 0) - rc += "\n"; - rc += x[i]; - } - rc += "\n"; - d->kossl->CRYPTO_free(x); - } - #endif - d->kossl->EVP_PKEY_free(pkey); - } -#endif - -return rc; -} - - - -TQString KSSLCertificate::getIssuer() const { -TQString rc = ""; - -#ifdef KSSL_HAVE_SSL - char *t = d->kossl->X509_NAME_oneline(d->kossl->X509_get_issuer_name(d->m_cert), 0, 0); - - if (!t) - return rc; - - rc = t; - d->kossl->CRYPTO_free(t); -#endif - -return rc; -} - -void KSSLCertificate::setChain(void *c) { -#ifdef KSSL_HAVE_SSL - d->_chain.setChain(c); -#endif - d->m_stateCached = false; - d->m_stateCache = KSSLCertificate::Unknown; -} - -void KSSLCertificate::setCert(X509 *c) { -#ifdef KSSL_HAVE_SSL -d->m_cert = c; -if (c) { - d->_extensions.flags = 0; - d->kossl->X509_check_purpose(c, -1, 0); // setup the fields (!!) - -#if 0 - kdDebug(7029) << "---------------- Certificate ------------------" - << endl; - kdDebug(7029) << getSubject() << endl; -#endif - - for (int j = 0; j < d->kossl->X509_PURPOSE_get_count(); j++) { - X509_PURPOSE *ptmp = d->kossl->X509_PURPOSE_get0(j); - int id = d->kossl->X509_PURPOSE_get_id(ptmp); - for (int ca = 0; ca < 2; ca++) { - int idret = d->kossl->X509_check_purpose(c, id, ca); - if (idret == 1 || idret == 2) { // have it -// kdDebug() << "PURPOSE: " << id << (ca?" CA":"") << endl; - if (!ca) - d->_extensions.flags |= (1L <<(id-1)); - else d->_extensions.flags |= (1L <<(16+id-1)); - } else { - if (!ca) - d->_extensions.flags &= ~(1L <<(id-1)); - else d->_extensions.flags &= ~(1L <<(16+id-1)); - } - } - } - -#if 0 - kdDebug(7029) << "flags: " << TQString::number(c->ex_flags, 2) - << "\nkeyusage: " << TQString::number(c->ex_kusage, 2) - << "\nxkeyusage: " << TQString::number(c->ex_xkusage, 2) - << "\nnscert: " << TQString::number(c->ex_nscert, 2) - << endl; - if (c->ex_flags & EXFLAG_KUSAGE) - kdDebug(7029) << " --- Key Usage extensions found" << endl; - else kdDebug(7029) << " --- Key Usage extensions NOT found" << endl; - - if (c->ex_flags & EXFLAG_XKUSAGE) - kdDebug(7029) << " --- Extended key usage extensions found" << endl; - else kdDebug(7029) << " --- Extended key usage extensions NOT found" << endl; - - if (c->ex_flags & EXFLAG_NSCERT) - kdDebug(7029) << " --- NS extensions found" << endl; - else kdDebug(7029) << " --- NS extensions NOT found" << endl; - - if (d->_extensions.certTypeSSLCA()) - kdDebug(7029) << "NOTE: this is an SSL CA file." << endl; - else kdDebug(7029) << "NOTE: this is NOT an SSL CA file." << endl; - - if (d->_extensions.certTypeEmailCA()) - kdDebug(7029) << "NOTE: this is an EMAIL CA file." << endl; - else kdDebug(7029) << "NOTE: this is NOT an EMAIL CA file." << endl; - - if (d->_extensions.certTypeCodeCA()) - kdDebug(7029) << "NOTE: this is a CODE CA file." << endl; - else kdDebug(7029) << "NOTE: this is NOT a CODE CA file." << endl; - - if (d->_extensions.certTypeSSLClient()) - kdDebug(7029) << "NOTE: this is an SSL client." << endl; - else kdDebug(7029) << "NOTE: this is NOT an SSL client." << endl; - - if (d->_extensions.certTypeSSLServer()) - kdDebug(7029) << "NOTE: this is an SSL server." << endl; - else kdDebug(7029) << "NOTE: this is NOT an SSL server." << endl; - - if (d->_extensions.certTypeNSSSLServer()) - kdDebug(7029) << "NOTE: this is a NETSCAPE SSL server." << endl; - else kdDebug(7029) << "NOTE: this is NOT a NETSCAPE SSL server." << endl; - - if (d->_extensions.certTypeSMIME()) - kdDebug(7029) << "NOTE: this is an SMIME certificate." << endl; - else kdDebug(7029) << "NOTE: this is NOT an SMIME certificate." << endl; - - if (d->_extensions.certTypeSMIMEEncrypt()) - kdDebug(7029) << "NOTE: this is an SMIME encrypt cert." << endl; - else kdDebug(7029) << "NOTE: this is NOT an SMIME encrypt cert." << endl; - - if (d->_extensions.certTypeSMIMESign()) - kdDebug(7029) << "NOTE: this is an SMIME sign cert." << endl; - else kdDebug(7029) << "NOTE: this is NOT an SMIME sign cert." << endl; - - if (d->_extensions.certTypeCRLSign()) - kdDebug(7029) << "NOTE: this is a CRL signer." << endl; - else kdDebug(7029) << "NOTE: this is NOT a CRL signer." << endl; - - kdDebug(7029) << "-----------------------------------------------" - << endl; -#endif -} -#endif -d->m_stateCached = false; -d->m_stateCache = KSSLCertificate::Unknown; -} - -void KSSLCertificate::setCRL(X509_CRL *c) { -#ifdef KSSL_HAVE_SSL -d->m_cert_crl = c; -if (c) { - d->_extensions.flags = 0; -} -#endif -d->m_stateCached = false; -d->m_stateCache = KSSLCertificate::Unknown; -} - -X509 *KSSLCertificate::getCert() { -#ifdef KSSL_HAVE_SSL - return d->m_cert; -#endif -return 0; -} - -// pull in the callback. It's common across multiple files but we want -// it to be hidden. - -#include "ksslcallback.c" - - -bool KSSLCertificate::isValid(KSSLCertificate::KSSLPurpose p) { - return (validate(p) == KSSLCertificate::Ok); -} - - -bool KSSLCertificate::isValid() { - return isValid(KSSLCertificate::SSLServer); -} - - -int KSSLCertificate::purposeToOpenSSL(KSSLCertificate::KSSLPurpose p) const { -int rc = 0; -#ifdef KSSL_HAVE_SSL - if (p == KSSLCertificate::SSLServer) { - rc = X509_PURPOSE_SSL_SERVER; - } else if (p == KSSLCertificate::SSLClient) { - rc = X509_PURPOSE_SSL_CLIENT; - } else if (p == KSSLCertificate::SMIMEEncrypt) { - rc = X509_PURPOSE_SMIME_ENCRYPT; - } else if (p == KSSLCertificate::SMIMESign) { - rc = X509_PURPOSE_SMIME_SIGN; - } else if (p == KSSLCertificate::Any) { - rc = X509_PURPOSE_ANY; - } -#endif -return rc; -} - - -// For backward compatibility -KSSLCertificate::KSSLValidation KSSLCertificate::validate() { - return validate(KSSLCertificate::SSLServer); -} - -KSSLCertificate::KSSLValidation KSSLCertificate::validate(KSSLCertificate::KSSLPurpose purpose) -{ - KSSLValidationList result = validateVerbose(purpose); - if (result.isEmpty()) - return KSSLCertificate::Ok; - else - return result.first(); -} - -// -// See apps/verify.c in OpenSSL for the source of most of this logic. -// - -// CRL files? we don't do that yet -KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertificate::KSSLPurpose purpose) -{ - return validateVerbose(purpose, 0); -} - -KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertificate::KSSLPurpose purpose, KSSLCertificate *ca) -{ - KSSLValidationList errors; - if (ca || (d->_lastPurpose != purpose)) { - d->m_stateCached = false; - } - - if (!d->m_stateCached) - d->_lastPurpose = purpose; - -#ifdef KSSL_HAVE_SSL - X509_STORE *certStore; - X509_LOOKUP *certLookup; - X509_STORE_CTX *certStoreCTX; - - if (!d->m_cert) - { - errors << KSSLCertificate::Unknown; - return errors; - } - - if (d->m_stateCached) { - errors << d->m_stateCache; - return errors; - } - - TQStringList qsl = TDEGlobal::dirs()->resourceDirs("kssl"); - - if (qsl.isEmpty()) { - errors << KSSLCertificate::NoCARoot; - return errors; - } - - KSSLCertificate::KSSLValidation ksslv = Unknown; - - for (TQStringList::Iterator j = qsl.begin(); j != qsl.end(); ++j) { - struct stat sb; - TQString _j = (*j) + "ca-bundle.crt"; - if (-1 == stat(_j.ascii(), &sb)) { - continue; - } - - certStore = d->kossl->X509_STORE_new(); - if (!certStore) { - errors << KSSLCertificate::Unknown; - return errors; - } - - d->kossl->X509_STORE_set_verify_cb(certStore, X509Callback); - - certLookup = d->kossl->X509_STORE_add_lookup(certStore, d->kossl->X509_LOOKUP_file()); - if (!certLookup) { - ksslv = KSSLCertificate::Unknown; - d->kossl->X509_STORE_free(certStore); - continue; - } - - if (!d->kossl->X509_LOOKUP_load_file(certLookup, _j.ascii(), X509_FILETYPE_PEM)) { - // error accessing directory and loading pems - kdDebug(7029) << "KSSL couldn't read CA root: " - << _j << endl; - ksslv = KSSLCertificate::ErrorReadingRoot; - d->kossl->X509_STORE_free(certStore); - continue; - } - - // This is the checking code - certStoreCTX = d->kossl->X509_STORE_CTX_new(); - - // this is a bad error - could mean no free memory. - // This may be the wrong thing to do here - if (!certStoreCTX) { - kdDebug(7029) << "KSSL couldn't create an X509 store context." << endl; - d->kossl->X509_STORE_free(certStore); - continue; - } - - d->kossl->X509_STORE_CTX_init(certStoreCTX, certStore, d->m_cert, NULL); - if (d->_chain.isValid()) { - d->kossl->X509_STORE_CTX_set0_untrusted(certStoreCTX, (STACK_OF(X509)*)d->_chain.rawChain()); - } - - //kdDebug(7029) << "KSSL setting CRL.............." << endl; - // int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); - - d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX, purposeToOpenSSL(purpose)); - - KSSL_X509CallBack_ca = ca ? ca->d->m_cert : 0; - KSSL_X509CallBack_ca_found = false; - - d->kossl->X509_STORE_CTX_set_error(certStoreCTX, X509_V_OK); - d->kossl->X509_verify_cert(certStoreCTX); - int errcode = d->kossl->X509_STORE_CTX_get_error(certStoreCTX); - if (ca && !KSSL_X509CallBack_ca_found) { - ksslv = KSSLCertificate::Irrelevant; - } else { - ksslv = processError(errcode); - } - // For servers, we can try NS_SSL_SERVER too - if ( (ksslv != KSSLCertificate::Ok) && - (ksslv != KSSLCertificate::Irrelevant) && - purpose == KSSLCertificate::SSLServer) { - d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX, - X509_PURPOSE_NS_SSL_SERVER); - - d->kossl->X509_STORE_CTX_set_error(certStoreCTX, X509_V_OK); - d->kossl->X509_verify_cert(certStoreCTX); - errcode = d->kossl->X509_STORE_CTX_get_error(certStoreCTX); - ksslv = processError(errcode); - } - d->kossl->X509_STORE_CTX_free(certStoreCTX); - d->kossl->X509_STORE_free(certStore); - // end of checking code - // - - //kdDebug(7029) << "KSSL Validation procedure RC: " - // << rc << endl; - //kdDebug(7029) << "KSSL Validation procedure errcode: " - // << errcode << endl; - //kdDebug(7029) << "KSSL Validation procedure RESULTS: " - // << ksslv << endl; - - if (ksslv != NoCARoot && ksslv != InvalidCA) { - d->m_stateCached = true; - d->m_stateCache = ksslv; - } - break; - } - - if (ksslv != KSSLCertificate::Ok) - errors << ksslv; -#else - errors << KSSLCertificate::NoSSL; -#endif - return errors; -} - - - -KSSLCertificate::KSSLValidation KSSLCertificate::revalidate() { - return revalidate(KSSLCertificate::SSLServer); -} - - -KSSLCertificate::KSSLValidation KSSLCertificate::revalidate(KSSLCertificate::KSSLPurpose p) { - d->m_stateCached = false; - return validate(p); -} - - -KSSLCertificate::KSSLValidation KSSLCertificate::processError(int ec) { -KSSLCertificate::KSSLValidation rc; - -rc = KSSLCertificate::Unknown; -#ifdef KSSL_HAVE_SSL - switch (ec) { - case X509_V_OK: // OK - rc = KSSLCertificate::Ok; - break; - - - case X509_V_ERR_CERT_REJECTED: - rc = KSSLCertificate::Rejected; - break; - - - case X509_V_ERR_CERT_UNTRUSTED: - rc = KSSLCertificate::Untrusted; - break; - - - case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: - case X509_V_ERR_CERT_SIGNATURE_FAILURE: - case X509_V_ERR_CRL_SIGNATURE_FAILURE: - case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: - case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: - rc = KSSLCertificate::SignatureFailed; - break; - - case X509_V_ERR_INVALID_CA: - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: - rc = KSSLCertificate::InvalidCA; - break; - - - case X509_V_ERR_INVALID_PURPOSE: - rc = KSSLCertificate::InvalidPurpose; - break; - - - case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - rc = KSSLCertificate::SelfSigned; - break; - - case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: - rc = KSSLCertificate::SelfSignedChain; - break; - - case X509_V_ERR_CERT_REVOKED: - rc = KSSLCertificate::Revoked; - break; - - case X509_V_ERR_PATH_LENGTH_EXCEEDED: - rc = KSSLCertificate::PathLengthExceeded; - break; - - case X509_V_ERR_CERT_NOT_YET_VALID: - case X509_V_ERR_CERT_HAS_EXPIRED: - case X509_V_ERR_CRL_NOT_YET_VALID: - case X509_V_ERR_CRL_HAS_EXPIRED: - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: - case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: - rc = KSSLCertificate::Expired; - kdDebug(7029) << "KSSL apparently this is expired. Not after: " - << getNotAfter() << endl; - break; - - //case 1: - case X509_V_ERR_APPLICATION_VERIFICATION: - case X509_V_ERR_OUT_OF_MEM: - case X509_V_ERR_UNABLE_TO_GET_CRL: - case X509_V_ERR_CERT_CHAIN_TOO_LONG: - default: - rc = KSSLCertificate::Unknown; - break; -} - -d->m_stateCache = rc; -d->m_stateCached = true; -#endif -return rc; -} - - -TQString KSSLCertificate::getNotBefore() const { -#ifdef KSSL_HAVE_SSL -return ASN1_UTCTIME_QString(d->kossl->X509_getm_notBefore(d->m_cert)); -#else -return TQString::null; -#endif -} - - -TQString KSSLCertificate::getNotAfter() const { -#ifdef KSSL_HAVE_SSL -return ASN1_UTCTIME_QString(d->kossl->X509_getm_notAfter(d->m_cert)); -#else -return TQString::null; -#endif -} - - -TQDateTime KSSLCertificate::getQDTNotBefore() const { -#ifdef KSSL_HAVE_SSL -return ASN1_UTCTIME_QDateTime(d->kossl->X509_getm_notBefore(d->m_cert), NULL); -#else -return TQDateTime::currentDateTime(); -#endif -} - - -TQDateTime KSSLCertificate::getQDTNotAfter() const { -#ifdef KSSL_HAVE_SSL -return ASN1_UTCTIME_QDateTime(d->kossl->X509_getm_notAfter(d->m_cert), NULL); -#else -return TQDateTime::currentDateTime(); -#endif -} - - -TQDateTime KSSLCertificate::getQDTLastUpdate() const { -#ifdef KSSL_HAVE_SSL -return ASN1_UTCTIME_QDateTime((ASN1_UTCTIME*)d->kossl->X509_CRL_get0_lastUpdate(d->m_cert_crl), NULL); -#else -return TQDateTime::currentDateTime(); -#endif -} - - -TQDateTime KSSLCertificate::getQDTNextUpdate() const { -#ifdef KSSL_HAVE_SSL -return ASN1_UTCTIME_QDateTime((ASN1_UTCTIME*)d->kossl->X509_CRL_get0_nextUpdate(d->m_cert_crl), NULL); -#else -return TQDateTime::currentDateTime(); -#endif -} - - -int operator==(KSSLCertificate &x, KSSLCertificate &y) { -#ifndef KSSL_HAVE_SSL - return 1; -#else - if (!KOSSL::self()->X509_cmp(x.getCert(), y.getCert())) return 1; - return 0; -#endif -} - - -KSSLCertificate *KSSLCertificate::replicate() { -// The new certificate doesn't have the cached value. It's probably -// better this way. We can't anticipate every reason for doing this. -KSSLCertificate *newOne = new KSSLCertificate(); -#ifdef KSSL_HAVE_SSL - newOne->setCert(d->kossl->X509_dup(getCert())); - KSSLCertChain *c = d->_chain.replicate(); - newOne->setChain(c->rawChain()); - delete c; -#endif -return newOne; -} - - -TQString KSSLCertificate::toString() { -return KCodecs::base64Encode(toDer()); -} - - -TQString KSSLCertificate::verifyText(KSSLValidation x) { -switch (x) { -case KSSLCertificate::Ok: - return i18n("The certificate is valid."); -case KSSLCertificate::PathLengthExceeded: -case KSSLCertificate::ErrorReadingRoot: -case KSSLCertificate::NoCARoot: - return i18n("Certificate signing authority root files could not be found so the certificate is not verified."); -case KSSLCertificate::SelfSignedChain: -case KSSLCertificate::InvalidCA: - return i18n("Certificate signing authority is unknown or invalid."); -case KSSLCertificate::SelfSigned: - return i18n("Certificate is self-signed and thus may not be trustworthy."); -case KSSLCertificate::Expired: - return i18n("Certificate has expired."); -case KSSLCertificate::Revoked: - return i18n("Certificate has been revoked."); -case KSSLCertificate::NoSSL: - return i18n("SSL support was not found."); -case KSSLCertificate::Untrusted: - return i18n("Signature is untrusted."); -case KSSLCertificate::SignatureFailed: - return i18n("Signature test failed."); -case KSSLCertificate::Rejected: -case KSSLCertificate::InvalidPurpose: - return i18n("Rejected, possibly due to an invalid purpose."); -case KSSLCertificate::PrivateKeyFailed: - return i18n("Private key test failed."); -case KSSLCertificate::InvalidHost: - return i18n("The certificate has not been issued for this host."); -case KSSLCertificate::Irrelevant: - return i18n("This certificate is not relevant."); -default: -break; -} - -return i18n("The certificate is invalid."); -} - - -TQByteArray KSSLCertificate::toDer() { -TQByteArray qba; -#ifdef KSSL_HAVE_SSL -unsigned int certlen = d->kossl->i2d_X509(getCert(), NULL); -unsigned char *cert = new unsigned char[certlen]; -unsigned char *p = cert; - // FIXME: return code! - d->kossl->i2d_X509(getCert(), &p); - - // encode it into a QString - qba.duplicate((const char*)cert, certlen); - delete[] cert; -#endif -return qba; -} - - - -TQByteArray KSSLCertificate::toPem() { -TQByteArray qba; -TQString thecert = toString(); -const char *header = "-----BEGIN CERTIFICATE-----\n"; -const char *footer = "-----END CERTIFICATE-----\n"; - - // We just do base64 on the ASN1 - // 64 character lines (unpadded) - unsigned int xx = thecert.length() - 1; - for (unsigned int i = 0; i < xx/64; i++) { - thecert.insert(64*(i+1)+i, '\n'); - } - - thecert.prepend(header); - - if (thecert[thecert.length()-1] != '\n') - thecert += "\n"; - - thecert.append(footer); - - qba.duplicate(thecert.local8Bit(), thecert.length()); -return qba; -} - - -#define NETSCAPE_CERT_HDR "certificate" -#ifdef KSSL_HAVE_SSL -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -typedef struct NETSCAPE_X509_st -{ - ASN1_OCTET_STRING *header; - X509 *cert; -} NETSCAPE_X509; -#endif -#endif - -// what a piece of crap this is -TQByteArray KSSLCertificate::toNetscape() { -TQByteArray qba; -#ifdef KSSL_HAVE_SSL -#if OPENSSL_VERSION_NUMBER >= 0x10000000L - NETSCAPE_X509 nx; - ASN1_OCTET_STRING hdr; -#else - ASN1_HEADER ah; - ASN1_OCTET_STRING os; -#endif - KTempFile ktf; - -#if OPENSSL_VERSION_NUMBER >= 0x10000000L - hdr.data = (unsigned char *)NETSCAPE_CERT_HDR; - hdr.length = strlen(NETSCAPE_CERT_HDR); - nx.header = &hdr; - nx.cert = getCert(); - - d->kossl->ASN1_i2d_fp(ktf.fstream(),(unsigned char *)&nx); -#else - os.data = (unsigned char *)NETSCAPE_CERT_HDR; - os.length = strlen(NETSCAPE_CERT_HDR); - ah.header = &os; - ah.data = (char *)getCert(); - ah.meth = d->kossl->X509_asn1_meth(); - - d->kossl->ASN1_i2d_fp(ktf.fstream(),(unsigned char *)&ah); -#endif - - ktf.close(); - - TQFile qf(ktf.name()); - qf.open(IO_ReadOnly); - char *buf = new char[qf.size()]; - qf.readBlock(buf, qf.size()); - qba.duplicate(buf, qf.size()); - qf.close(); - delete[] buf; - - ktf.unlink(); - -#endif -return qba; -} - - - -TQString KSSLCertificate::toText() { -TQString text; -#ifdef KSSL_HAVE_SSL -KTempFile ktf; - - d->kossl->X509_print(ktf.fstream(), getCert()); - ktf.close(); - - TQFile qf(ktf.name()); - qf.open(IO_ReadOnly); - char *buf = new char[qf.size()+1]; - qf.readBlock(buf, qf.size()); - buf[qf.size()] = 0; - text = buf; - delete[] buf; - qf.close(); - ktf.unlink(); -#endif -return text; -} - -// KDE 4: Make it const TQString & -bool KSSLCertificate::setCert(TQString& cert) { -#ifdef KSSL_HAVE_SSL -TQByteArray qba, qbb = cert.local8Bit().copy(); - KCodecs::base64Decode(qbb, qba); - unsigned char *qbap = reinterpret_cast(qba.data()); - X509 *x5c = KOSSL::self()->d2i_X509(NULL, &qbap, qba.size()); - if (x5c) { - setCert(x5c); - return true; - } -#endif -return false; -} - - -KSSLX509V3& KSSLCertificate::x509V3Extensions() { -return d->_extensions; -} - - -bool KSSLCertificate::isSigner() { -return d->_extensions.certTypeCA(); -} - - -TQStringList KSSLCertificate::subjAltNames() const { - TQStringList rc; -#ifdef KSSL_HAVE_SSL - STACK_OF(GENERAL_NAME) *names; - names = (STACK_OF(GENERAL_NAME)*)d->kossl->X509_get_ext_d2i(d->m_cert, NID_subject_alt_name, 0, 0); - - if (!names) { - return rc; - } - - int cnt = d->kossl->OPENSSL_sk_num(names); - - for (int i = 0; i < cnt; i++) { - const GENERAL_NAME *val = (const GENERAL_NAME *)d->kossl->OPENSSL_sk_value(names, i); - if (val->type != GEN_DNS) { - continue; - } - - TQString s = (const char *)d->kossl->ASN1_STRING_data(val->d.ia5); - if (!s.isEmpty() && - /* skip subjectAltNames with embedded NULs */ - s.length() == (unsigned int)d->kossl->ASN1_STRING_length(val->d.ia5)) { - rc += s; - } - } - d->kossl->OPENSSL_sk_free(names); -#endif - return rc; -} - - -TQDataStream& operator<<(TQDataStream& s, const KSSLCertificate& r) { -TQStringList qsl; -TQPtrList cl = const_cast(r).chain().getChain(); - - for (KSSLCertificate *c = cl.first(); c != 0; c = cl.next()) { - qsl << c->toString(); - } - - cl.setAutoDelete(true); - - s << const_cast(r).toString() << qsl; - -return s; -} - - -TQDataStream& operator>>(TQDataStream& s, KSSLCertificate& r) { -TQStringList qsl; -TQString cert; - -s >> cert >> qsl; - - if (r.setCert(cert) && !qsl.isEmpty()) - r.chain().setCertChain(qsl); - -return s; -} - - - diff --git a/tdeio/kssl/ksslcertificate.cpp b/tdeio/kssl/ksslcertificate.cpp new file mode 100644 index 000000000..edf877496 --- /dev/null +++ b/tdeio/kssl/ksslcertificate.cpp @@ -0,0 +1,1236 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2000-2003 George Staikos + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + + +#ifdef HAVE_CONFIG_H +#include +#endif + + + +#include +#include +#include +#include + +#include "kssldefs.h" +#include "ksslcertificate.h" +#include "ksslcertchain.h" +#include "ksslutils.h" + +#include +#include +#include +#include +#include + +#include + +#ifdef HAVE_SYS_STAT_H +#include +#endif + +// this hack provided by Malte Starostik to avoid glibc/openssl bug +// on some systems +#ifdef KSSL_HAVE_SSL +#define crypt _openssl_crypt +#include +#include +#include +#include +#include +#undef crypt +#endif + +#include +#include +#include +#include "ksslx509v3.h" + + + +static char hv[] = {'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'}; + + +class KSSLCertificatePrivate { +public: + KSSLCertificatePrivate() { + kossl = KOSSL::self(); + _lastPurpose = KSSLCertificate::None; + } + + ~KSSLCertificatePrivate() { + } + + KSSLCertificate::KSSLValidation m_stateCache; + bool m_stateCached; + #ifdef KSSL_HAVE_SSL + X509 *m_cert; + X509_CRL *m_cert_crl; + #endif + KOSSL *kossl; + KSSLCertChain _chain; + KSSLX509V3 _extensions; + KSSLCertificate::KSSLPurpose _lastPurpose; +}; + +KSSLCertificate::KSSLCertificate() { + d = new KSSLCertificatePrivate; + d->m_stateCached = false; + TDEGlobal::dirs()->addResourceType("kssl", TDEStandardDirs::kde_default("data") + "kssl"); + #ifdef KSSL_HAVE_SSL + d->m_cert = NULL; + d->m_cert_crl = NULL; + #endif +} + + +KSSLCertificate::KSSLCertificate(const KSSLCertificate& x) { + d = new KSSLCertificatePrivate; + d->m_stateCached = false; + TDEGlobal::dirs()->addResourceType("kssl", TDEStandardDirs::kde_default("data") + "kssl"); + #ifdef KSSL_HAVE_SSL + d->m_cert = NULL; + d->m_cert_crl = NULL; + setCert(KOSSL::self()->X509_dup(const_cast(x).getCert())); + KSSLCertChain *c = x.d->_chain.replicate(); + setChain(c->rawChain()); + delete c; + #endif +} + + + +KSSLCertificate::~KSSLCertificate() { +#ifdef KSSL_HAVE_SSL + if (d->m_cert) { + d->kossl->X509_free(d->m_cert); + } + if (d->m_cert_crl) { + d->kossl->X509_CRL_free(d->m_cert_crl); + } +#endif + delete d; +} + + +KSSLCertChain& KSSLCertificate::chain() { + return d->_chain; +} + + +KSSLCertificate *KSSLCertificate::fromX509(X509 *x5) { +KSSLCertificate *n = NULL; +#ifdef KSSL_HAVE_SSL + if (x5) { + n = new KSSLCertificate; + n->setCert(KOSSL::self()->X509_dup(x5)); + } +#endif +return n; +} + + +KSSLCertificate *KSSLCertificate::fromString(TQCString cert) { +KSSLCertificate *n = NULL; +#ifdef KSSL_HAVE_SSL + if (cert.length() == 0) + return NULL; + + TQByteArray qba, qbb = cert.copy(); + KCodecs::base64Decode(qbb, qba); + unsigned char *qbap = reinterpret_cast(qba.data()); + X509 *x5c = KOSSL::self()->d2i_X509(NULL, &qbap, qba.size()); + if (!x5c) { + return NULL; + } + + n = new KSSLCertificate; + n->setCert(x5c); +#endif +return n; +} + +KSSLCertificate *KSSLCertificate::crlFromString(TQCString cert) { +KSSLCertificate *n = NULL; +#ifdef KSSL_HAVE_SSL + if (cert.length() == 0) + return NULL; + + TQByteArray qba, qbb = cert.copy(); + KCodecs::base64Decode(qbb, qba); + unsigned char *qbap = reinterpret_cast(qba.data()); + X509_CRL *x5c = KOSSL::self()->d2i_X509_CRL(NULL, &qbap, qba.size()); + if (!x5c) { + return NULL; + } + + n = new KSSLCertificate; + n->setCRL(x5c); +#endif +return n; +} + + + +TQString KSSLCertificate::getSubject() const { +TQString rc = ""; + +#ifdef KSSL_HAVE_SSL + char *t = d->kossl->X509_NAME_oneline(d->kossl->X509_get_subject_name(d->m_cert), 0, 0); + if (!t) + return rc; + rc = t; + d->kossl->CRYPTO_free(t); +#endif +return rc; +} + + +TQString KSSLCertificate::getSerialNumber() const { +TQString rc = ""; + +#ifdef KSSL_HAVE_SSL + ASN1_INTEGER *aint = d->kossl->X509_get_serialNumber(d->m_cert); + if (aint) { + rc = ASN1_INTEGER_QString(aint); + // d->kossl->ASN1_INTEGER_free(aint); this makes the sig test fail + } +#endif +return rc; +} + + +TQString KSSLCertificate::getSignatureText() const { +TQString rc = ""; + +#ifdef KSSL_HAVE_SSL +char *s; +int n, i; + + const ASN1_BIT_STRING *signature = 0L; + const X509_ALGOR *sig_alg = 0L; + d->kossl->X509_get0_signature(&signature, &sig_alg, d->m_cert); + i = d->kossl->OBJ_obj2nid(sig_alg->algorithm); + rc = i18n("Signature Algorithm: "); + rc += (i == NID_undef)?i18n("Unknown"):TQString(d->kossl->OBJ_nid2ln(i)); + + rc += "\n"; + rc += i18n("Signature Contents:"); + n = signature->length; + s = (char *)signature->data; + for (i = 0; i < n; i++) { + if (i%20 != 0) rc += ":"; + else rc += "\n"; + rc.append(hv[(s[i]&0xf0)>>4]); + rc.append(hv[s[i]&0x0f]); + } + +#endif + +return rc; +} + + +void KSSLCertificate::getEmails(TQStringList &to) const { + to.clear(); +#ifdef KSSL_HAVE_SSL + if (!d->m_cert) + return; + + STACK *s = d->kossl->X509_get1_email(d->m_cert); + if (s) { + for(int n=0; n < d->kossl->OPENSSL_sk_num(s); n++) { + to.append(d->kossl->OPENSSL_sk_value(s,n)); + } + d->kossl->X509_email_free(s); + } +#endif +} + + +TQString KSSLCertificate::getKDEKey() const { + return getSubject() + " (" + getMD5DigestText() + ")"; +} + + +TQString KSSLCertificate::getMD5DigestFromKDEKey(const TQString &k) { + TQString rc; + int pos = k.findRev('('); + if (pos != -1) { + unsigned int len = k.length(); + if (k.at(len-1) == ')') { + rc = k.mid(pos+1, len-pos-2); + } + } + return rc; +} + + +TQString KSSLCertificate::getMD5DigestText() const { +TQString rc = ""; + +#ifdef KSSL_HAVE_SSL + unsigned int n; + unsigned char md[EVP_MAX_MD_SIZE]; + + if (!d->kossl->X509_digest(d->m_cert, d->kossl->EVP_md5(), md, &n)) { + return rc; + } + + for (unsigned int j = 0; j < n; j++) { + if (j > 0) + rc += ":"; + rc.append(hv[(md[j]&0xf0)>>4]); + rc.append(hv[md[j]&0x0f]); + } + +#endif + +return rc; +} + + + +TQString KSSLCertificate::getMD5Digest() const { +TQString rc = ""; + +#ifdef KSSL_HAVE_SSL + unsigned int n; + unsigned char md[EVP_MAX_MD_SIZE]; + + if (!d->kossl->X509_digest(d->m_cert, d->kossl->EVP_md5(), md, &n)) { + return rc; + } + + for (unsigned int j = 0; j < n; j++) { + rc.append(hv[(md[j]&0xf0)>>4]); + rc.append(hv[md[j]&0x0f]); + } + +#endif + +return rc; +} + + + +TQString KSSLCertificate::getKeyType() const { +TQString rc = ""; + +#ifdef KSSL_HAVE_SSL + EVP_PKEY *pkey = d->kossl->X509_get_pubkey(d->m_cert); + if (pkey) { + #ifndef NO_RSA + if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) + rc = "RSA"; + else + #endif + #ifndef NO_DSA + if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA) + rc = "DSA"; + else + #endif + rc = "Unknown"; + d->kossl->EVP_PKEY_free(pkey); + } +#endif + +return rc; +} + + + +TQString KSSLCertificate::getPublicKeyText() const { +TQString rc = ""; +char *x = NULL; + +#ifdef KSSL_HAVE_SSL + EVP_PKEY *pkey = d->kossl->X509_get_pubkey(d->m_cert); + if (pkey) { + rc = i18n("Unknown", "Unknown key algorithm"); + #ifndef NO_RSA + if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) { + rc = i18n("Key type: RSA (%1 bit)") + "\n"; + + RSA *pkey_rsa = d->kossl->EVP_PKEY_get0_RSA(pkey); + const BIGNUM *bn_n = 0L; + const BIGNUM *bn_e = 0L; + d->kossl->RSA_get0_key(pkey_rsa, &bn_n, &bn_e, NULL); + x = d->kossl->BN_bn2hex(bn_n); + rc += i18n("Modulus: "); + rc = rc.arg(strlen(x)*4); + for (unsigned int i = 0; i < strlen(x); i++) { + if (i%40 != 0 && i%2 == 0) + rc += ":"; + else if (i%40 == 0) + rc += "\n"; + rc += x[i]; + } + rc += "\n"; + d->kossl->CRYPTO_free(x); + + x = d->kossl->BN_bn2hex(bn_e); + rc += i18n("Exponent: 0x") + x + "\n"; + d->kossl->CRYPTO_free(x); + } + #endif + #ifndef NO_DSA + if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA) { + rc = i18n("Key type: DSA (%1 bit)") + "\n"; + + DSA *pkey_dsa = d->kossl->EVP_PKEY_get0_DSA(pkey); + const BIGNUM *bn_p = 0L; + const BIGNUM *bn_q = 0L; + const BIGNUM *bn_g = 0L; + const BIGNUM *bn_pub_key = 0L; + d->kossl->DSA_get0_pqg(pkey_dsa, &bn_p, &bn_q, &bn_g); + d->kossl->DSA_get0_key(pkey_dsa, &bn_pub_key, NULL); + + x = d->kossl->BN_bn2hex(bn_p); + rc += i18n("Prime: "); + // hack - this may not be always accurate + rc = rc.arg(strlen(x)*4) ; + for (unsigned int i = 0; i < strlen(x); i++) { + if (i%40 != 0 && i%2 == 0) + rc += ":"; + else if (i%40 == 0) + rc += "\n"; + rc += x[i]; + } + rc += "\n"; + d->kossl->CRYPTO_free(x); + + x = d->kossl->BN_bn2hex(bn_q); + rc += i18n("160 bit prime factor: "); + for (unsigned int i = 0; i < strlen(x); i++) { + if (i%40 != 0 && i%2 == 0) + rc += ":"; + else if (i%40 == 0) + rc += "\n"; + rc += x[i]; + } + rc += "\n"; + d->kossl->CRYPTO_free(x); + + x = d->kossl->BN_bn2hex(bn_g); + rc += TQString("g: "); + for (unsigned int i = 0; i < strlen(x); i++) { + if (i%40 != 0 && i%2 == 0) + rc += ":"; + else if (i%40 == 0) + rc += "\n"; + rc += x[i]; + } + rc += "\n"; + d->kossl->CRYPTO_free(x); + + x = d->kossl->BN_bn2hex(bn_pub_key); + rc += i18n("Public key: "); + for (unsigned int i = 0; i < strlen(x); i++) { + if (i%40 != 0 && i%2 == 0) + rc += ":"; + else if (i%40 == 0) + rc += "\n"; + rc += x[i]; + } + rc += "\n"; + d->kossl->CRYPTO_free(x); + } + #endif + d->kossl->EVP_PKEY_free(pkey); + } +#endif + +return rc; +} + + + +TQString KSSLCertificate::getIssuer() const { +TQString rc = ""; + +#ifdef KSSL_HAVE_SSL + char *t = d->kossl->X509_NAME_oneline(d->kossl->X509_get_issuer_name(d->m_cert), 0, 0); + + if (!t) + return rc; + + rc = t; + d->kossl->CRYPTO_free(t); +#endif + +return rc; +} + +void KSSLCertificate::setChain(void *c) { +#ifdef KSSL_HAVE_SSL + d->_chain.setChain(c); +#endif + d->m_stateCached = false; + d->m_stateCache = KSSLCertificate::Unknown; +} + +void KSSLCertificate::setCert(X509 *c) { +#ifdef KSSL_HAVE_SSL +d->m_cert = c; +if (c) { + d->_extensions.flags = 0; + d->kossl->X509_check_purpose(c, -1, 0); // setup the fields (!!) + +#if 0 + kdDebug(7029) << "---------------- Certificate ------------------" + << endl; + kdDebug(7029) << getSubject() << endl; +#endif + + for (int j = 0; j < d->kossl->X509_PURPOSE_get_count(); j++) { + X509_PURPOSE *ptmp = d->kossl->X509_PURPOSE_get0(j); + int id = d->kossl->X509_PURPOSE_get_id(ptmp); + for (int ca = 0; ca < 2; ca++) { + int idret = d->kossl->X509_check_purpose(c, id, ca); + if (idret == 1 || idret == 2) { // have it +// kdDebug() << "PURPOSE: " << id << (ca?" CA":"") << endl; + if (!ca) + d->_extensions.flags |= (1L <<(id-1)); + else d->_extensions.flags |= (1L <<(16+id-1)); + } else { + if (!ca) + d->_extensions.flags &= ~(1L <<(id-1)); + else d->_extensions.flags &= ~(1L <<(16+id-1)); + } + } + } + +#if 0 + kdDebug(7029) << "flags: " << TQString::number(c->ex_flags, 2) + << "\nkeyusage: " << TQString::number(c->ex_kusage, 2) + << "\nxkeyusage: " << TQString::number(c->ex_xkusage, 2) + << "\nnscert: " << TQString::number(c->ex_nscert, 2) + << endl; + if (c->ex_flags & EXFLAG_KUSAGE) + kdDebug(7029) << " --- Key Usage extensions found" << endl; + else kdDebug(7029) << " --- Key Usage extensions NOT found" << endl; + + if (c->ex_flags & EXFLAG_XKUSAGE) + kdDebug(7029) << " --- Extended key usage extensions found" << endl; + else kdDebug(7029) << " --- Extended key usage extensions NOT found" << endl; + + if (c->ex_flags & EXFLAG_NSCERT) + kdDebug(7029) << " --- NS extensions found" << endl; + else kdDebug(7029) << " --- NS extensions NOT found" << endl; + + if (d->_extensions.certTypeSSLCA()) + kdDebug(7029) << "NOTE: this is an SSL CA file." << endl; + else kdDebug(7029) << "NOTE: this is NOT an SSL CA file." << endl; + + if (d->_extensions.certTypeEmailCA()) + kdDebug(7029) << "NOTE: this is an EMAIL CA file." << endl; + else kdDebug(7029) << "NOTE: this is NOT an EMAIL CA file." << endl; + + if (d->_extensions.certTypeCodeCA()) + kdDebug(7029) << "NOTE: this is a CODE CA file." << endl; + else kdDebug(7029) << "NOTE: this is NOT a CODE CA file." << endl; + + if (d->_extensions.certTypeSSLClient()) + kdDebug(7029) << "NOTE: this is an SSL client." << endl; + else kdDebug(7029) << "NOTE: this is NOT an SSL client." << endl; + + if (d->_extensions.certTypeSSLServer()) + kdDebug(7029) << "NOTE: this is an SSL server." << endl; + else kdDebug(7029) << "NOTE: this is NOT an SSL server." << endl; + + if (d->_extensions.certTypeNSSSLServer()) + kdDebug(7029) << "NOTE: this is a NETSCAPE SSL server." << endl; + else kdDebug(7029) << "NOTE: this is NOT a NETSCAPE SSL server." << endl; + + if (d->_extensions.certTypeSMIME()) + kdDebug(7029) << "NOTE: this is an SMIME certificate." << endl; + else kdDebug(7029) << "NOTE: this is NOT an SMIME certificate." << endl; + + if (d->_extensions.certTypeSMIMEEncrypt()) + kdDebug(7029) << "NOTE: this is an SMIME encrypt cert." << endl; + else kdDebug(7029) << "NOTE: this is NOT an SMIME encrypt cert." << endl; + + if (d->_extensions.certTypeSMIMESign()) + kdDebug(7029) << "NOTE: this is an SMIME sign cert." << endl; + else kdDebug(7029) << "NOTE: this is NOT an SMIME sign cert." << endl; + + if (d->_extensions.certTypeCRLSign()) + kdDebug(7029) << "NOTE: this is a CRL signer." << endl; + else kdDebug(7029) << "NOTE: this is NOT a CRL signer." << endl; + + kdDebug(7029) << "-----------------------------------------------" + << endl; +#endif +} +#endif +d->m_stateCached = false; +d->m_stateCache = KSSLCertificate::Unknown; +} + +void KSSLCertificate::setCRL(X509_CRL *c) { +#ifdef KSSL_HAVE_SSL +d->m_cert_crl = c; +if (c) { + d->_extensions.flags = 0; +} +#endif +d->m_stateCached = false; +d->m_stateCache = KSSLCertificate::Unknown; +} + +X509 *KSSLCertificate::getCert() { +#ifdef KSSL_HAVE_SSL + return d->m_cert; +#endif +return 0; +} + +// pull in the callback. It's common across multiple files but we want +// it to be hidden. + +#include "ksslcallback.c" + + +bool KSSLCertificate::isValid(KSSLCertificate::KSSLPurpose p) { + return (validate(p) == KSSLCertificate::Ok); +} + + +bool KSSLCertificate::isValid() { + return isValid(KSSLCertificate::SSLServer); +} + + +int KSSLCertificate::purposeToOpenSSL(KSSLCertificate::KSSLPurpose p) const { +int rc = 0; +#ifdef KSSL_HAVE_SSL + if (p == KSSLCertificate::SSLServer) { + rc = X509_PURPOSE_SSL_SERVER; + } else if (p == KSSLCertificate::SSLClient) { + rc = X509_PURPOSE_SSL_CLIENT; + } else if (p == KSSLCertificate::SMIMEEncrypt) { + rc = X509_PURPOSE_SMIME_ENCRYPT; + } else if (p == KSSLCertificate::SMIMESign) { + rc = X509_PURPOSE_SMIME_SIGN; + } else if (p == KSSLCertificate::Any) { + rc = X509_PURPOSE_ANY; + } +#endif +return rc; +} + + +// For backward compatibility +KSSLCertificate::KSSLValidation KSSLCertificate::validate() { + return validate(KSSLCertificate::SSLServer); +} + +KSSLCertificate::KSSLValidation KSSLCertificate::validate(KSSLCertificate::KSSLPurpose purpose) +{ + KSSLValidationList result = validateVerbose(purpose); + if (result.isEmpty()) + return KSSLCertificate::Ok; + else + return result.first(); +} + +// +// See apps/verify.c in OpenSSL for the source of most of this logic. +// + +// CRL files? we don't do that yet +KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertificate::KSSLPurpose purpose) +{ + return validateVerbose(purpose, 0); +} + +KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertificate::KSSLPurpose purpose, KSSLCertificate *ca) +{ + KSSLValidationList errors; + if (ca || (d->_lastPurpose != purpose)) { + d->m_stateCached = false; + } + + if (!d->m_stateCached) + d->_lastPurpose = purpose; + +#ifdef KSSL_HAVE_SSL + X509_STORE *certStore; + X509_LOOKUP *certLookup; + X509_STORE_CTX *certStoreCTX; + + if (!d->m_cert) + { + errors << KSSLCertificate::Unknown; + return errors; + } + + if (d->m_stateCached) { + errors << d->m_stateCache; + return errors; + } + + TQStringList qsl = TDEGlobal::dirs()->resourceDirs("kssl"); + + if (qsl.isEmpty()) { + errors << KSSLCertificate::NoCARoot; + return errors; + } + + KSSLCertificate::KSSLValidation ksslv = Unknown; + + for (TQStringList::Iterator j = qsl.begin(); j != qsl.end(); ++j) { + struct stat sb; + TQString _j = (*j) + "ca-bundle.crt"; + if (-1 == stat(_j.ascii(), &sb)) { + continue; + } + + certStore = d->kossl->X509_STORE_new(); + if (!certStore) { + errors << KSSLCertificate::Unknown; + return errors; + } + + d->kossl->X509_STORE_set_verify_cb(certStore, X509Callback); + + certLookup = d->kossl->X509_STORE_add_lookup(certStore, d->kossl->X509_LOOKUP_file()); + if (!certLookup) { + ksslv = KSSLCertificate::Unknown; + d->kossl->X509_STORE_free(certStore); + continue; + } + + if (!d->kossl->X509_LOOKUP_load_file(certLookup, _j.ascii(), X509_FILETYPE_PEM)) { + // error accessing directory and loading pems + kdDebug(7029) << "KSSL couldn't read CA root: " + << _j << endl; + ksslv = KSSLCertificate::ErrorReadingRoot; + d->kossl->X509_STORE_free(certStore); + continue; + } + + // This is the checking code + certStoreCTX = d->kossl->X509_STORE_CTX_new(); + + // this is a bad error - could mean no free memory. + // This may be the wrong thing to do here + if (!certStoreCTX) { + kdDebug(7029) << "KSSL couldn't create an X509 store context." << endl; + d->kossl->X509_STORE_free(certStore); + continue; + } + + d->kossl->X509_STORE_CTX_init(certStoreCTX, certStore, d->m_cert, NULL); + if (d->_chain.isValid()) { + d->kossl->X509_STORE_CTX_set0_untrusted(certStoreCTX, (STACK_OF(X509)*)d->_chain.rawChain()); + } + + //kdDebug(7029) << "KSSL setting CRL.............." << endl; + // int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); + + d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX, purposeToOpenSSL(purpose)); + + KSSL_X509CallBack_ca = ca ? ca->d->m_cert : 0; + KSSL_X509CallBack_ca_found = false; + + d->kossl->X509_STORE_CTX_set_error(certStoreCTX, X509_V_OK); + d->kossl->X509_verify_cert(certStoreCTX); + int errcode = d->kossl->X509_STORE_CTX_get_error(certStoreCTX); + if (ca && !KSSL_X509CallBack_ca_found) { + ksslv = KSSLCertificate::Irrelevant; + } else { + ksslv = processError(errcode); + } + // For servers, we can try NS_SSL_SERVER too + if ( (ksslv != KSSLCertificate::Ok) && + (ksslv != KSSLCertificate::Irrelevant) && + purpose == KSSLCertificate::SSLServer) { + d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX, + X509_PURPOSE_NS_SSL_SERVER); + + d->kossl->X509_STORE_CTX_set_error(certStoreCTX, X509_V_OK); + d->kossl->X509_verify_cert(certStoreCTX); + errcode = d->kossl->X509_STORE_CTX_get_error(certStoreCTX); + ksslv = processError(errcode); + } + d->kossl->X509_STORE_CTX_free(certStoreCTX); + d->kossl->X509_STORE_free(certStore); + // end of checking code + // + + //kdDebug(7029) << "KSSL Validation procedure RC: " + // << rc << endl; + //kdDebug(7029) << "KSSL Validation procedure errcode: " + // << errcode << endl; + //kdDebug(7029) << "KSSL Validation procedure RESULTS: " + // << ksslv << endl; + + if (ksslv != NoCARoot && ksslv != InvalidCA) { + d->m_stateCached = true; + d->m_stateCache = ksslv; + } + break; + } + + if (ksslv != KSSLCertificate::Ok) + errors << ksslv; +#else + errors << KSSLCertificate::NoSSL; +#endif + return errors; +} + + + +KSSLCertificate::KSSLValidation KSSLCertificate::revalidate() { + return revalidate(KSSLCertificate::SSLServer); +} + + +KSSLCertificate::KSSLValidation KSSLCertificate::revalidate(KSSLCertificate::KSSLPurpose p) { + d->m_stateCached = false; + return validate(p); +} + + +KSSLCertificate::KSSLValidation KSSLCertificate::processError(int ec) { +KSSLCertificate::KSSLValidation rc; + +rc = KSSLCertificate::Unknown; +#ifdef KSSL_HAVE_SSL + switch (ec) { + case X509_V_OK: // OK + rc = KSSLCertificate::Ok; + break; + + + case X509_V_ERR_CERT_REJECTED: + rc = KSSLCertificate::Rejected; + break; + + + case X509_V_ERR_CERT_UNTRUSTED: + rc = KSSLCertificate::Untrusted; + break; + + + case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: + case X509_V_ERR_CERT_SIGNATURE_FAILURE: + case X509_V_ERR_CRL_SIGNATURE_FAILURE: + case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: + case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: + rc = KSSLCertificate::SignatureFailed; + break; + + case X509_V_ERR_INVALID_CA: + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: + case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: + rc = KSSLCertificate::InvalidCA; + break; + + + case X509_V_ERR_INVALID_PURPOSE: + rc = KSSLCertificate::InvalidPurpose; + break; + + + case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: + rc = KSSLCertificate::SelfSigned; + break; + + case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: + rc = KSSLCertificate::SelfSignedChain; + break; + + case X509_V_ERR_CERT_REVOKED: + rc = KSSLCertificate::Revoked; + break; + + case X509_V_ERR_PATH_LENGTH_EXCEEDED: + rc = KSSLCertificate::PathLengthExceeded; + break; + + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_CERT_HAS_EXPIRED: + case X509_V_ERR_CRL_NOT_YET_VALID: + case X509_V_ERR_CRL_HAS_EXPIRED: + case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: + case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: + case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: + case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: + rc = KSSLCertificate::Expired; + kdDebug(7029) << "KSSL apparently this is expired. Not after: " + << getNotAfter() << endl; + break; + + //case 1: + case X509_V_ERR_APPLICATION_VERIFICATION: + case X509_V_ERR_OUT_OF_MEM: + case X509_V_ERR_UNABLE_TO_GET_CRL: + case X509_V_ERR_CERT_CHAIN_TOO_LONG: + default: + rc = KSSLCertificate::Unknown; + break; +} + +d->m_stateCache = rc; +d->m_stateCached = true; +#endif +return rc; +} + + +TQString KSSLCertificate::getNotBefore() const { +#ifdef KSSL_HAVE_SSL +return ASN1_UTCTIME_QString(d->kossl->X509_getm_notBefore(d->m_cert)); +#else +return TQString::null; +#endif +} + + +TQString KSSLCertificate::getNotAfter() const { +#ifdef KSSL_HAVE_SSL +return ASN1_UTCTIME_QString(d->kossl->X509_getm_notAfter(d->m_cert)); +#else +return TQString::null; +#endif +} + + +TQDateTime KSSLCertificate::getQDTNotBefore() const { +#ifdef KSSL_HAVE_SSL +return ASN1_UTCTIME_QDateTime(d->kossl->X509_getm_notBefore(d->m_cert), NULL); +#else +return TQDateTime::currentDateTime(); +#endif +} + + +TQDateTime KSSLCertificate::getQDTNotAfter() const { +#ifdef KSSL_HAVE_SSL +return ASN1_UTCTIME_QDateTime(d->kossl->X509_getm_notAfter(d->m_cert), NULL); +#else +return TQDateTime::currentDateTime(); +#endif +} + + +TQDateTime KSSLCertificate::getQDTLastUpdate() const { +#ifdef KSSL_HAVE_SSL +return ASN1_UTCTIME_QDateTime((ASN1_UTCTIME*)d->kossl->X509_CRL_get0_lastUpdate(d->m_cert_crl), NULL); +#else +return TQDateTime::currentDateTime(); +#endif +} + + +TQDateTime KSSLCertificate::getQDTNextUpdate() const { +#ifdef KSSL_HAVE_SSL +return ASN1_UTCTIME_QDateTime((ASN1_UTCTIME*)d->kossl->X509_CRL_get0_nextUpdate(d->m_cert_crl), NULL); +#else +return TQDateTime::currentDateTime(); +#endif +} + + +int operator==(KSSLCertificate &x, KSSLCertificate &y) { +#ifndef KSSL_HAVE_SSL + return 1; +#else + if (!KOSSL::self()->X509_cmp(x.getCert(), y.getCert())) return 1; + return 0; +#endif +} + + +KSSLCertificate *KSSLCertificate::replicate() { +// The new certificate doesn't have the cached value. It's probably +// better this way. We can't anticipate every reason for doing this. +KSSLCertificate *newOne = new KSSLCertificate(); +#ifdef KSSL_HAVE_SSL + newOne->setCert(d->kossl->X509_dup(getCert())); + KSSLCertChain *c = d->_chain.replicate(); + newOne->setChain(c->rawChain()); + delete c; +#endif +return newOne; +} + + +TQString KSSLCertificate::toString() { +return KCodecs::base64Encode(toDer()); +} + + +TQString KSSLCertificate::verifyText(KSSLValidation x) { +switch (x) { +case KSSLCertificate::Ok: + return i18n("The certificate is valid."); +case KSSLCertificate::PathLengthExceeded: +case KSSLCertificate::ErrorReadingRoot: +case KSSLCertificate::NoCARoot: + return i18n("Certificate signing authority root files could not be found so the certificate is not verified."); +case KSSLCertificate::SelfSignedChain: +case KSSLCertificate::InvalidCA: + return i18n("Certificate signing authority is unknown or invalid."); +case KSSLCertificate::SelfSigned: + return i18n("Certificate is self-signed and thus may not be trustworthy."); +case KSSLCertificate::Expired: + return i18n("Certificate has expired."); +case KSSLCertificate::Revoked: + return i18n("Certificate has been revoked."); +case KSSLCertificate::NoSSL: + return i18n("SSL support was not found."); +case KSSLCertificate::Untrusted: + return i18n("Signature is untrusted."); +case KSSLCertificate::SignatureFailed: + return i18n("Signature test failed."); +case KSSLCertificate::Rejected: +case KSSLCertificate::InvalidPurpose: + return i18n("Rejected, possibly due to an invalid purpose."); +case KSSLCertificate::PrivateKeyFailed: + return i18n("Private key test failed."); +case KSSLCertificate::InvalidHost: + return i18n("The certificate has not been issued for this host."); +case KSSLCertificate::Irrelevant: + return i18n("This certificate is not relevant."); +default: +break; +} + +return i18n("The certificate is invalid."); +} + + +TQByteArray KSSLCertificate::toDer() { +TQByteArray qba; +#ifdef KSSL_HAVE_SSL +unsigned int certlen = d->kossl->i2d_X509(getCert(), NULL); +unsigned char *cert = new unsigned char[certlen]; +unsigned char *p = cert; + // FIXME: return code! + d->kossl->i2d_X509(getCert(), &p); + + // encode it into a QString + qba.duplicate((const char*)cert, certlen); + delete[] cert; +#endif +return qba; +} + + + +TQByteArray KSSLCertificate::toPem() { +TQByteArray qba; +TQString thecert = toString(); +const char *header = "-----BEGIN CERTIFICATE-----\n"; +const char *footer = "-----END CERTIFICATE-----\n"; + + // We just do base64 on the ASN1 + // 64 character lines (unpadded) + unsigned int xx = thecert.length() - 1; + for (unsigned int i = 0; i < xx/64; i++) { + thecert.insert(64*(i+1)+i, '\n'); + } + + thecert.prepend(header); + + if (thecert[thecert.length()-1] != '\n') + thecert += "\n"; + + thecert.append(footer); + + qba.duplicate(thecert.local8Bit(), thecert.length()); +return qba; +} + + +#define NETSCAPE_CERT_HDR "certificate" +#ifdef KSSL_HAVE_SSL +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) +typedef struct NETSCAPE_X509_st +{ + ASN1_OCTET_STRING *header; + X509 *cert; +} NETSCAPE_X509; +#endif +#endif + +// what a piece of crap this is +TQByteArray KSSLCertificate::toNetscape() { +TQByteArray qba; +#ifdef KSSL_HAVE_SSL +#if OPENSSL_VERSION_NUMBER >= 0x10000000L + NETSCAPE_X509 nx; + ASN1_OCTET_STRING hdr; +#else + ASN1_HEADER ah; + ASN1_OCTET_STRING os; +#endif + KTempFile ktf; + +#if OPENSSL_VERSION_NUMBER >= 0x10000000L + hdr.data = (unsigned char *)NETSCAPE_CERT_HDR; + hdr.length = strlen(NETSCAPE_CERT_HDR); + nx.header = &hdr; + nx.cert = getCert(); + + d->kossl->ASN1_i2d_fp(ktf.fstream(),(unsigned char *)&nx); +#else + os.data = (unsigned char *)NETSCAPE_CERT_HDR; + os.length = strlen(NETSCAPE_CERT_HDR); + ah.header = &os; + ah.data = (char *)getCert(); + ah.meth = d->kossl->X509_asn1_meth(); + + d->kossl->ASN1_i2d_fp(ktf.fstream(),(unsigned char *)&ah); +#endif + + ktf.close(); + + TQFile qf(ktf.name()); + qf.open(IO_ReadOnly); + char *buf = new char[qf.size()]; + qf.readBlock(buf, qf.size()); + qba.duplicate(buf, qf.size()); + qf.close(); + delete[] buf; + + ktf.unlink(); + +#endif +return qba; +} + + + +TQString KSSLCertificate::toText() { +TQString text; +#ifdef KSSL_HAVE_SSL +KTempFile ktf; + + d->kossl->X509_print(ktf.fstream(), getCert()); + ktf.close(); + + TQFile qf(ktf.name()); + qf.open(IO_ReadOnly); + char *buf = new char[qf.size()+1]; + qf.readBlock(buf, qf.size()); + buf[qf.size()] = 0; + text = buf; + delete[] buf; + qf.close(); + ktf.unlink(); +#endif +return text; +} + +// KDE 4: Make it const TQString & +bool KSSLCertificate::setCert(TQString& cert) { +#ifdef KSSL_HAVE_SSL +TQByteArray qba, qbb = cert.local8Bit().copy(); + KCodecs::base64Decode(qbb, qba); + unsigned char *qbap = reinterpret_cast(qba.data()); + X509 *x5c = KOSSL::self()->d2i_X509(NULL, &qbap, qba.size()); + if (x5c) { + setCert(x5c); + return true; + } +#endif +return false; +} + + +KSSLX509V3& KSSLCertificate::x509V3Extensions() { +return d->_extensions; +} + + +bool KSSLCertificate::isSigner() { +return d->_extensions.certTypeCA(); +} + + +TQStringList KSSLCertificate::subjAltNames() const { + TQStringList rc; +#ifdef KSSL_HAVE_SSL + STACK_OF(GENERAL_NAME) *names; + names = (STACK_OF(GENERAL_NAME)*)d->kossl->X509_get_ext_d2i(d->m_cert, NID_subject_alt_name, 0, 0); + + if (!names) { + return rc; + } + + int cnt = d->kossl->OPENSSL_sk_num(names); + + for (int i = 0; i < cnt; i++) { + const GENERAL_NAME *val = (const GENERAL_NAME *)d->kossl->OPENSSL_sk_value(names, i); + if (val->type != GEN_DNS) { + continue; + } + + TQString s = (const char *)d->kossl->ASN1_STRING_data(val->d.ia5); + if (!s.isEmpty() && + /* skip subjectAltNames with embedded NULs */ + s.length() == (unsigned int)d->kossl->ASN1_STRING_length(val->d.ia5)) { + rc += s; + } + } + d->kossl->OPENSSL_sk_free(names); +#endif + return rc; +} + + +TQDataStream& operator<<(TQDataStream& s, const KSSLCertificate& r) { +TQStringList qsl; +TQPtrList cl = const_cast(r).chain().getChain(); + + for (KSSLCertificate *c = cl.first(); c != 0; c = cl.next()) { + qsl << c->toString(); + } + + cl.setAutoDelete(true); + + s << const_cast(r).toString() << qsl; + +return s; +} + + +TQDataStream& operator>>(TQDataStream& s, KSSLCertificate& r) { +TQStringList qsl; +TQString cert; + +s >> cert >> qsl; + + if (r.setCert(cert) && !qsl.isEmpty()) + r.chain().setCertChain(qsl); + +return s; +} + + + diff --git a/tdeio/kssl/ksslcertificatecache.cc b/tdeio/kssl/ksslcertificatecache.cc deleted file mode 100644 index 2eecd66d6..000000000 --- a/tdeio/kssl/ksslcertificatecache.cc +++ /dev/null @@ -1,399 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2000, 2001 George Staikos - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - - -#include "ksslcertificatecache.h" -#include "ksslcertchain.h" -#include "ksslcertificate.h" - -#include -#include -#include -#include - - -class KSSLCertificateCache::KSSLCertificateCachePrivate { - public: - DCOPClient *dcc; - - KSSLCertificateCachePrivate() { dcc = new DCOPClient; dcc->attach(); } - ~KSSLCertificateCachePrivate() { delete dcc;} - -}; - - - -KSSLCertificateCache::KSSLCertificateCache() { - d = new KSSLCertificateCachePrivate; -} - - -KSSLCertificateCache::~KSSLCertificateCache() { - delete d; -} - - -void KSSLCertificateCache::saveToDisk() { - kdDebug() << "Deprecated function KSSLCertificateCache::saveToDisk() called" << endl; -} - - -void KSSLCertificateCache::clearList() { - kdDebug() << "Deprecated function KSSLCertificateCache::clearList() called" << endl; -} - - -void KSSLCertificateCache::loadDefaultPolicies() { - kdDebug() << "Deprecated function KSSLCertificateCache::loadDefaultPolicies() called" << endl; -} - - -void KSSLCertificateCache::reload() { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - d->dcc->call("kded", "kssld", - "cacheReload()", - data, rettype, retval); -} - - -void KSSLCertificateCache::addCertificate(KSSLCertificate& cert, - KSSLCertificatePolicy policy, bool permanent) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << cert; - arg << policy; - arg << permanent; - d->dcc->call("kded", "kssld", - "cacheAddCertificate(KSSLCertificate,KSSLCertificateCache::KSSLCertificatePolicy,bool)", - data, rettype, retval); -} - - -// KDE 4: Make it const TQString & -KSSLCertificateCache::KSSLCertificatePolicy KSSLCertificateCache::getPolicyByCN(TQString& cn) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << cn; - bool rc = d->dcc->call("kded", "kssld", - "cacheGetPolicyByCN(TQString)", - data, rettype, retval); - - if (rc && rettype == "KSSLCertificateCache::KSSLCertificatePolicy") { - TQDataStream retStream(retval, IO_ReadOnly); - KSSLCertificateCache::KSSLCertificatePolicy drc; - retStream >> drc; - return drc; - } -return KSSLCertificateCache::Ambiguous; -} - - -KSSLCertificateCache::KSSLCertificatePolicy KSSLCertificateCache::getPolicyByCertificate(KSSLCertificate& cert) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << cert; - bool rc = d->dcc->call("kded", "kssld", - "cacheGetPolicyByCertificate(KSSLCertificate)", - data, rettype, retval); - - if (rc && rettype == "KSSLCertificateCache::KSSLCertificatePolicy") { - TQDataStream retStream(retval, IO_ReadOnly); - KSSLCertificateCache::KSSLCertificatePolicy drc; - retStream >> drc; - return drc; - } -return KSSLCertificateCache::Ambiguous; -} - - -// KDE 4: Make it const TQString & -bool KSSLCertificateCache::seenCN(TQString& cn) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << cn; - bool rc = d->dcc->call("kded", "kssld", - "cacheSeenCN(TQString)", - data, rettype, retval); - - if (rc && rettype == "bool") { - TQDataStream retStream(retval, IO_ReadOnly); - bool drc; - retStream >> drc; - return drc; - } - -return false; -} - - -bool KSSLCertificateCache::seenCertificate(KSSLCertificate& cert) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << cert; - bool rc = d->dcc->call("kded", "kssld", - "cacheSeenCertificate(KSSLCertificate)", - data, rettype, retval); - - if (rc && rettype == "bool") { - TQDataStream retStream(retval, IO_ReadOnly); - bool drc; - retStream >> drc; - return drc; - } - -return false; -} - - -bool KSSLCertificateCache::isPermanent(KSSLCertificate& cert) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << cert; - bool rc = d->dcc->call("kded", "kssld", - "cacheIsPermanent(KSSLCertificate)", - data, rettype, retval); - - if (rc && rettype == "bool") { - TQDataStream retStream(retval, IO_ReadOnly); - bool drc; - retStream >> drc; - return drc; - } - -return false; -} - - -// KDE 4: Make it const TQString & -bool KSSLCertificateCache::removeByCN(TQString& cn) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << cn; - bool rc = d->dcc->call("kded", "kssld", - "cacheRemoveByCN(TQString)", - data, rettype, retval); - - if (rc && rettype == "bool") { - TQDataStream retStream(retval, IO_ReadOnly); - bool drc; - retStream >> drc; - return drc; - } - -return false; -} - - -bool KSSLCertificateCache::removeByCertificate(KSSLCertificate& cert) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << cert; - bool rc = d->dcc->call("kded", "kssld", - "cacheRemoveByCertificate(KSSLCertificate)", - data, rettype, retval); - - if (rc && rettype == "bool") { - TQDataStream retStream(retval, IO_ReadOnly); - bool drc; - retStream >> drc; - return drc; - } - -return false; -} - - -// KDE 4: Make it const TQString & -bool KSSLCertificateCache::modifyByCN(TQString& cn, - KSSLCertificateCache::KSSLCertificatePolicy policy, - bool permanent, - TQDateTime& expires) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << cn << policy << permanent << expires; - bool rc = d->dcc->call("kded", "kssld", - "cacheModifyByCN(TQString,KSSLCertificateCache::KSSLCertificatePolicy,bool,TQDateTime)", - data, rettype, retval); - - if (rc && rettype == "bool") { - TQDataStream retStream(retval, IO_ReadOnly); - bool drc; - retStream >> drc; - return drc; - } - -return false; -} - - -bool KSSLCertificateCache::modifyByCertificate(KSSLCertificate& cert, - KSSLCertificateCache::KSSLCertificatePolicy policy, - bool permanent, - TQDateTime& expires) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << cert << policy << permanent << expires; - bool rc = d->dcc->call("kded", "kssld", - "cacheModifyByCertificate(KSSLCertificate,KSSLCertificateCache::KSSLCertificatePolicy,bool,TQDateTime)", - data, rettype, retval); - - if (rc && rettype == "bool") { - TQDataStream retStream(retval, IO_ReadOnly); - bool drc; - retStream >> drc; - return drc; - } - -return false; -} - - -TQStringList KSSLCertificateCache::getHostList(KSSLCertificate& cert) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << cert; - bool rc = d->dcc->call("kded", "kssld", - "cacheGetHostList(KSSLCertificate)", - data, rettype, retval); - - if (rc && rettype == TQSTRINGLIST_OBJECT_NAME_STRING) { - TQDataStream retStream(retval, IO_ReadOnly); - TQStringList drc; - retStream >> drc; - return drc; - } -return TQStringList(); -} - - -// KDE 4: Make it const TQString & -bool KSSLCertificateCache::addHost(KSSLCertificate& cert, TQString& host) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << cert << host; - bool rc = d->dcc->call("kded", "kssld", - "cacheAddHost(KSSLCertificate,TQString)", - data, rettype, retval); - - if (rc && rettype == "bool") { - TQDataStream retStream(retval, IO_ReadOnly); - bool drc; - retStream >> drc; - return drc; - } - -return false; -} - - -// KDE 4: Make it const TQString & -bool KSSLCertificateCache::removeHost(KSSLCertificate& cert, TQString& host) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << cert << host; - bool rc = d->dcc->call("kded", "kssld", - "cacheRemoveHost(KSSLCertificate,TQString)", - data, rettype, retval); - - if (rc && rettype == "bool") { - TQDataStream retStream(retval, IO_ReadOnly); - bool drc; - retStream >> drc; - return drc; - } - -return false; -} - - -TQStringList KSSLCertificateCache::getKDEKeyByEmail(const TQString &email) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << email; - bool rc = d->dcc->call("kded", "kssld", - "getKDEKeyByEmail(TQString)", - data, rettype, retval); - - if (rc && rettype == TQSTRINGLIST_OBJECT_NAME_STRING) { - TQDataStream retStream(retval, IO_ReadOnly); - TQStringList drc; - retStream >> drc; - return drc; - } - - return TQStringList(); -} - - -KSSLCertificate *KSSLCertificateCache::getCertByMD5Digest(const TQString &key) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << key; - bool rc = d->dcc->call("kded", "kssld", - "getCertByMD5Digest(TQString)", - data, rettype, retval); - - if (rc && rettype == "KSSLCertificate") { - TQDataStream retStream(retval, IO_ReadOnly); - KSSLCertificate *drc = new KSSLCertificate; - retStream >> *drc; - if (drc->getCert()) - return drc; - delete drc; // should not happen too often if used in conjunction with getKDEKeyByEmail - } - - return 0L; -} - - -TQDataStream& operator<<(TQDataStream& s, const KSSLCertificateCache::KSSLCertificatePolicy& p) { - s << (TQ_UINT32)p; -return s; -} - - -TQDataStream& operator>>(TQDataStream& s, KSSLCertificateCache::KSSLCertificatePolicy& p) { - TQ_UINT32 pd; - s >> pd; - p = (KSSLCertificateCache::KSSLCertificatePolicy) pd; - return s; -} - - - - - diff --git a/tdeio/kssl/ksslcertificatecache.cpp b/tdeio/kssl/ksslcertificatecache.cpp new file mode 100644 index 000000000..2eecd66d6 --- /dev/null +++ b/tdeio/kssl/ksslcertificatecache.cpp @@ -0,0 +1,399 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2000, 2001 George Staikos + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + + +#include "ksslcertificatecache.h" +#include "ksslcertchain.h" +#include "ksslcertificate.h" + +#include +#include +#include +#include + + +class KSSLCertificateCache::KSSLCertificateCachePrivate { + public: + DCOPClient *dcc; + + KSSLCertificateCachePrivate() { dcc = new DCOPClient; dcc->attach(); } + ~KSSLCertificateCachePrivate() { delete dcc;} + +}; + + + +KSSLCertificateCache::KSSLCertificateCache() { + d = new KSSLCertificateCachePrivate; +} + + +KSSLCertificateCache::~KSSLCertificateCache() { + delete d; +} + + +void KSSLCertificateCache::saveToDisk() { + kdDebug() << "Deprecated function KSSLCertificateCache::saveToDisk() called" << endl; +} + + +void KSSLCertificateCache::clearList() { + kdDebug() << "Deprecated function KSSLCertificateCache::clearList() called" << endl; +} + + +void KSSLCertificateCache::loadDefaultPolicies() { + kdDebug() << "Deprecated function KSSLCertificateCache::loadDefaultPolicies() called" << endl; +} + + +void KSSLCertificateCache::reload() { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + d->dcc->call("kded", "kssld", + "cacheReload()", + data, rettype, retval); +} + + +void KSSLCertificateCache::addCertificate(KSSLCertificate& cert, + KSSLCertificatePolicy policy, bool permanent) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << cert; + arg << policy; + arg << permanent; + d->dcc->call("kded", "kssld", + "cacheAddCertificate(KSSLCertificate,KSSLCertificateCache::KSSLCertificatePolicy,bool)", + data, rettype, retval); +} + + +// KDE 4: Make it const TQString & +KSSLCertificateCache::KSSLCertificatePolicy KSSLCertificateCache::getPolicyByCN(TQString& cn) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << cn; + bool rc = d->dcc->call("kded", "kssld", + "cacheGetPolicyByCN(TQString)", + data, rettype, retval); + + if (rc && rettype == "KSSLCertificateCache::KSSLCertificatePolicy") { + TQDataStream retStream(retval, IO_ReadOnly); + KSSLCertificateCache::KSSLCertificatePolicy drc; + retStream >> drc; + return drc; + } +return KSSLCertificateCache::Ambiguous; +} + + +KSSLCertificateCache::KSSLCertificatePolicy KSSLCertificateCache::getPolicyByCertificate(KSSLCertificate& cert) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << cert; + bool rc = d->dcc->call("kded", "kssld", + "cacheGetPolicyByCertificate(KSSLCertificate)", + data, rettype, retval); + + if (rc && rettype == "KSSLCertificateCache::KSSLCertificatePolicy") { + TQDataStream retStream(retval, IO_ReadOnly); + KSSLCertificateCache::KSSLCertificatePolicy drc; + retStream >> drc; + return drc; + } +return KSSLCertificateCache::Ambiguous; +} + + +// KDE 4: Make it const TQString & +bool KSSLCertificateCache::seenCN(TQString& cn) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << cn; + bool rc = d->dcc->call("kded", "kssld", + "cacheSeenCN(TQString)", + data, rettype, retval); + + if (rc && rettype == "bool") { + TQDataStream retStream(retval, IO_ReadOnly); + bool drc; + retStream >> drc; + return drc; + } + +return false; +} + + +bool KSSLCertificateCache::seenCertificate(KSSLCertificate& cert) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << cert; + bool rc = d->dcc->call("kded", "kssld", + "cacheSeenCertificate(KSSLCertificate)", + data, rettype, retval); + + if (rc && rettype == "bool") { + TQDataStream retStream(retval, IO_ReadOnly); + bool drc; + retStream >> drc; + return drc; + } + +return false; +} + + +bool KSSLCertificateCache::isPermanent(KSSLCertificate& cert) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << cert; + bool rc = d->dcc->call("kded", "kssld", + "cacheIsPermanent(KSSLCertificate)", + data, rettype, retval); + + if (rc && rettype == "bool") { + TQDataStream retStream(retval, IO_ReadOnly); + bool drc; + retStream >> drc; + return drc; + } + +return false; +} + + +// KDE 4: Make it const TQString & +bool KSSLCertificateCache::removeByCN(TQString& cn) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << cn; + bool rc = d->dcc->call("kded", "kssld", + "cacheRemoveByCN(TQString)", + data, rettype, retval); + + if (rc && rettype == "bool") { + TQDataStream retStream(retval, IO_ReadOnly); + bool drc; + retStream >> drc; + return drc; + } + +return false; +} + + +bool KSSLCertificateCache::removeByCertificate(KSSLCertificate& cert) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << cert; + bool rc = d->dcc->call("kded", "kssld", + "cacheRemoveByCertificate(KSSLCertificate)", + data, rettype, retval); + + if (rc && rettype == "bool") { + TQDataStream retStream(retval, IO_ReadOnly); + bool drc; + retStream >> drc; + return drc; + } + +return false; +} + + +// KDE 4: Make it const TQString & +bool KSSLCertificateCache::modifyByCN(TQString& cn, + KSSLCertificateCache::KSSLCertificatePolicy policy, + bool permanent, + TQDateTime& expires) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << cn << policy << permanent << expires; + bool rc = d->dcc->call("kded", "kssld", + "cacheModifyByCN(TQString,KSSLCertificateCache::KSSLCertificatePolicy,bool,TQDateTime)", + data, rettype, retval); + + if (rc && rettype == "bool") { + TQDataStream retStream(retval, IO_ReadOnly); + bool drc; + retStream >> drc; + return drc; + } + +return false; +} + + +bool KSSLCertificateCache::modifyByCertificate(KSSLCertificate& cert, + KSSLCertificateCache::KSSLCertificatePolicy policy, + bool permanent, + TQDateTime& expires) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << cert << policy << permanent << expires; + bool rc = d->dcc->call("kded", "kssld", + "cacheModifyByCertificate(KSSLCertificate,KSSLCertificateCache::KSSLCertificatePolicy,bool,TQDateTime)", + data, rettype, retval); + + if (rc && rettype == "bool") { + TQDataStream retStream(retval, IO_ReadOnly); + bool drc; + retStream >> drc; + return drc; + } + +return false; +} + + +TQStringList KSSLCertificateCache::getHostList(KSSLCertificate& cert) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << cert; + bool rc = d->dcc->call("kded", "kssld", + "cacheGetHostList(KSSLCertificate)", + data, rettype, retval); + + if (rc && rettype == TQSTRINGLIST_OBJECT_NAME_STRING) { + TQDataStream retStream(retval, IO_ReadOnly); + TQStringList drc; + retStream >> drc; + return drc; + } +return TQStringList(); +} + + +// KDE 4: Make it const TQString & +bool KSSLCertificateCache::addHost(KSSLCertificate& cert, TQString& host) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << cert << host; + bool rc = d->dcc->call("kded", "kssld", + "cacheAddHost(KSSLCertificate,TQString)", + data, rettype, retval); + + if (rc && rettype == "bool") { + TQDataStream retStream(retval, IO_ReadOnly); + bool drc; + retStream >> drc; + return drc; + } + +return false; +} + + +// KDE 4: Make it const TQString & +bool KSSLCertificateCache::removeHost(KSSLCertificate& cert, TQString& host) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << cert << host; + bool rc = d->dcc->call("kded", "kssld", + "cacheRemoveHost(KSSLCertificate,TQString)", + data, rettype, retval); + + if (rc && rettype == "bool") { + TQDataStream retStream(retval, IO_ReadOnly); + bool drc; + retStream >> drc; + return drc; + } + +return false; +} + + +TQStringList KSSLCertificateCache::getKDEKeyByEmail(const TQString &email) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << email; + bool rc = d->dcc->call("kded", "kssld", + "getKDEKeyByEmail(TQString)", + data, rettype, retval); + + if (rc && rettype == TQSTRINGLIST_OBJECT_NAME_STRING) { + TQDataStream retStream(retval, IO_ReadOnly); + TQStringList drc; + retStream >> drc; + return drc; + } + + return TQStringList(); +} + + +KSSLCertificate *KSSLCertificateCache::getCertByMD5Digest(const TQString &key) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << key; + bool rc = d->dcc->call("kded", "kssld", + "getCertByMD5Digest(TQString)", + data, rettype, retval); + + if (rc && rettype == "KSSLCertificate") { + TQDataStream retStream(retval, IO_ReadOnly); + KSSLCertificate *drc = new KSSLCertificate; + retStream >> *drc; + if (drc->getCert()) + return drc; + delete drc; // should not happen too often if used in conjunction with getKDEKeyByEmail + } + + return 0L; +} + + +TQDataStream& operator<<(TQDataStream& s, const KSSLCertificateCache::KSSLCertificatePolicy& p) { + s << (TQ_UINT32)p; +return s; +} + + +TQDataStream& operator>>(TQDataStream& s, KSSLCertificateCache::KSSLCertificatePolicy& p) { + TQ_UINT32 pd; + s >> pd; + p = (KSSLCertificateCache::KSSLCertificatePolicy) pd; + return s; +} + + + + + diff --git a/tdeio/kssl/ksslcertificatefactory.cc b/tdeio/kssl/ksslcertificatefactory.cc deleted file mode 100644 index 66e272ced..000000000 --- a/tdeio/kssl/ksslcertificatefactory.cc +++ /dev/null @@ -1,122 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2000 George Staikos - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - -#include -#include -#include - -//#include - -KSSLCertificate* -KSSLCertificateFactory::generateSelfSigned(KSSLKeyType /*keytype*/) { -#if 0 - //#ifdef KSSL_HAVE_SSL - X509_NAME *x509name = X509_NAME_new(); - X509 *x509; - ASN1_UTCTIME *beforeafter; - KSSLCertificate *newcert; - int rc; - - // FIXME: generate the private key - if (keytype == KEYTYPE_UNKNOWN || (key=EVP_PKEY_new()) == NULL) { - X509_NAME_free(x509name); - return NULL; - } - - switch(keytype) { - case KEYTYPE_RSA: - if (!EVP_PKEY_assign_RSA(key, RSA_generate_key(newkey,0x10001, - req_cb,bio_err))) { - - } - break; - case KEYTYPE_DSA: - if (!DSA_generate_key(dsa_params)) goto end; - if (!EVP_PKEY_assign_DSA(pkey,dsa_params)) goto end; - dsa_params=NULL; - if (pkey->type == EVP_PKEY_DSA) - digest=EVP_dss1(); - break; - } - - // FIXME: dn doesn't exist - // FIXME: allow the notAfter value to be parameterized - // FIXME: allow a password to lock the key with - - // Fill in the certificate - X509_NAME_add_entry_by_NID(x509name, OBJ_txt2nid("CN"), 0x1001, - (unsigned char *) dn, -1, -1, 0); - - x509 = X509_new(); - rc = X509_set_issuer_name(x509, x509name); - if (rc != 0) { - X509_free(x509); - X509_NAME_free(x509name); - return NULL; - } - rc = X509_set_subject_name(x509, x509name); - if (rc != 0) { - X509_free(x509); - X509_NAME_free(x509name); - return NULL; - } - ASN1_INTEGER_set(X509_get_serialNumber(*x509), 0); - - X509_NAME_free(x509name); - - // Make it a 1 year certificate - beforeafter = ASN1_UTCTIME_new(); - if (!X509_gmtime_adj(beforeafter, -60*60*24)) { // yesterday - X509_free(x509); - return NULL; - } - if (!X509_set_notBefore(x509, beforeafter)) { - X509_free(x509); - return NULL; - } - if (!X509_gmtime_adj(beforeafter, 60*60*24*364)) { // a year from yesterday - X509_free(x509); - return NULL; - } - if (!X509_set_notAfter(x509, beforeafter)) { - X509_free(x509); - return NULL; - } - ASN1_UTCTIME_free(beforeafter); - - if (!X509_set_pubkey(x509, key)) { - X509_free(x509); - return NULL; - } - - rc = X509_sign(x509, key, EVP_sha1()); - if (rc != 0) { - X509_free(x509); - return NULL; - } - - newCert = new KSSLCertificate; - newCert->setCert(x509); - return newCert; -#else - return NULL; -#endif -} - diff --git a/tdeio/kssl/ksslcertificatefactory.cpp b/tdeio/kssl/ksslcertificatefactory.cpp new file mode 100644 index 000000000..66e272ced --- /dev/null +++ b/tdeio/kssl/ksslcertificatefactory.cpp @@ -0,0 +1,122 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2000 George Staikos + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + +#include +#include +#include + +//#include + +KSSLCertificate* +KSSLCertificateFactory::generateSelfSigned(KSSLKeyType /*keytype*/) { +#if 0 + //#ifdef KSSL_HAVE_SSL + X509_NAME *x509name = X509_NAME_new(); + X509 *x509; + ASN1_UTCTIME *beforeafter; + KSSLCertificate *newcert; + int rc; + + // FIXME: generate the private key + if (keytype == KEYTYPE_UNKNOWN || (key=EVP_PKEY_new()) == NULL) { + X509_NAME_free(x509name); + return NULL; + } + + switch(keytype) { + case KEYTYPE_RSA: + if (!EVP_PKEY_assign_RSA(key, RSA_generate_key(newkey,0x10001, + req_cb,bio_err))) { + + } + break; + case KEYTYPE_DSA: + if (!DSA_generate_key(dsa_params)) goto end; + if (!EVP_PKEY_assign_DSA(pkey,dsa_params)) goto end; + dsa_params=NULL; + if (pkey->type == EVP_PKEY_DSA) + digest=EVP_dss1(); + break; + } + + // FIXME: dn doesn't exist + // FIXME: allow the notAfter value to be parameterized + // FIXME: allow a password to lock the key with + + // Fill in the certificate + X509_NAME_add_entry_by_NID(x509name, OBJ_txt2nid("CN"), 0x1001, + (unsigned char *) dn, -1, -1, 0); + + x509 = X509_new(); + rc = X509_set_issuer_name(x509, x509name); + if (rc != 0) { + X509_free(x509); + X509_NAME_free(x509name); + return NULL; + } + rc = X509_set_subject_name(x509, x509name); + if (rc != 0) { + X509_free(x509); + X509_NAME_free(x509name); + return NULL; + } + ASN1_INTEGER_set(X509_get_serialNumber(*x509), 0); + + X509_NAME_free(x509name); + + // Make it a 1 year certificate + beforeafter = ASN1_UTCTIME_new(); + if (!X509_gmtime_adj(beforeafter, -60*60*24)) { // yesterday + X509_free(x509); + return NULL; + } + if (!X509_set_notBefore(x509, beforeafter)) { + X509_free(x509); + return NULL; + } + if (!X509_gmtime_adj(beforeafter, 60*60*24*364)) { // a year from yesterday + X509_free(x509); + return NULL; + } + if (!X509_set_notAfter(x509, beforeafter)) { + X509_free(x509); + return NULL; + } + ASN1_UTCTIME_free(beforeafter); + + if (!X509_set_pubkey(x509, key)) { + X509_free(x509); + return NULL; + } + + rc = X509_sign(x509, key, EVP_sha1()); + if (rc != 0) { + X509_free(x509); + return NULL; + } + + newCert = new KSSLCertificate; + newCert->setCert(x509); + return newCert; +#else + return NULL; +#endif +} + diff --git a/tdeio/kssl/ksslcertificatehome.cc b/tdeio/kssl/ksslcertificatehome.cc deleted file mode 100644 index 39470c5ab..000000000 --- a/tdeio/kssl/ksslcertificatehome.cc +++ /dev/null @@ -1,246 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2000-2005 George Staikos - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - -#include -#include -#include - -#include -#include - -using namespace KNetwork; - -TQStringList KSSLCertificateHome::getCertificateList() { -KSimpleConfig cfg("ksslcertificates", false); -TQStringList list = cfg.groupList(); -TQString defaultstr(""); -TQString blankstr(""); - -list.remove(defaultstr); -list.remove(blankstr); - -return list; -} - - -// KDE 4: make it const TQString & -void KSSLCertificateHome::setDefaultCertificate(TQString name, TQString host, bool send, bool prompt) { -KSimpleConfig cfg("ksslauthmap", false); - -#ifdef Q_WS_WIN //temporary - cfg.setGroup(host); -#else - cfg.setGroup(KResolver::domainToAscii(host)); -#endif - cfg.writeEntry("certificate", name); - cfg.writeEntry("send", send); - cfg.writeEntry("prompt", prompt); - cfg.sync(); -} - - -// KDE 4: make it const TQString & -void KSSLCertificateHome::setDefaultCertificate(KSSLPKCS12 *cert, TQString host, bool send, bool prompt) { - if (cert) - KSSLCertificateHome::setDefaultCertificate(cert->name(), host, send, prompt); -} - - -// KDE 4: make it const TQString & -bool KSSLCertificateHome::addCertificate(TQString filename, TQString password, bool storePass) { -KSSLPKCS12 *pkcs = KSSLPKCS12::loadCertFile(filename, password); - - if (!pkcs) return false; - - KSSLCertificateHome::addCertificate(pkcs, storePass?password:TQString("")); - delete pkcs; - -return true; -} - - -// KDE 4: make it const TQString & -bool KSSLCertificateHome::addCertificate(KSSLPKCS12 *cert, TQString passToStore) { - if (!cert) return false; - -KSimpleConfig cfg("ksslcertificates", false); - - cfg.setGroup(cert->name()); - cfg.writeEntry("PKCS12Base64", cert->toString()); - cfg.writeEntry("Password", passToStore); - cfg.sync(); -return true; -} - -bool KSSLCertificateHome::deleteCertificate(const TQString &filename, const TQString &password) { -KSSLPKCS12 *pkcs = KSSLPKCS12::loadCertFile(filename, password); - - if (!pkcs) return false; - - bool ok = deleteCertificate(pkcs); - delete pkcs; - -return ok; -} - -bool KSSLCertificateHome::deleteCertificate(KSSLPKCS12 *cert) { - if (!cert) return false; - - return deleteCertificateByName(cert->name()); -} - -bool KSSLCertificateHome::deleteCertificateByName(const TQString &name) { - if (name.isEmpty()) return false; - -KSimpleConfig cfg("ksslcertificates", false); - - bool ok = cfg.deleteGroup(name); - cfg.sync(); - -return ok; -} - -// KDE 4: make it const TQString & -KSSLPKCS12* KSSLCertificateHome::getCertificateByName(TQString name, TQString password) { -KSimpleConfig cfg("ksslcertificates", false); - if (!cfg.hasGroup(name)) return NULL; - - cfg.setGroup(name); - - return KSSLPKCS12::fromString(cfg.readEntry("PKCS12Base64", ""), password); -} - - -// KDE 4: make it const TQString & -KSSLPKCS12* KSSLCertificateHome::getCertificateByName(TQString name) { -KSimpleConfig cfg("ksslcertificates", false); - if (!cfg.hasGroup(name)) return NULL; - - cfg.setGroup(name); - - return KSSLPKCS12::fromString(cfg.readEntry("PKCS12Base64", ""), cfg.readEntry("Password", "")); -} - - -// KDE 4: make it const TQString & -bool KSSLCertificateHome::hasCertificateByName(TQString name) { -KSimpleConfig cfg("ksslcertificates", false); - if (!cfg.hasGroup(name)) return false; - return true; -} - -// KDE 4: make it const TQString & -KSSLPKCS12* KSSLCertificateHome::getCertificateByHost(TQString host, TQString password, KSSLAuthAction *aa) { - return KSSLCertificateHome::getCertificateByName(KSSLCertificateHome::getDefaultCertificateName(host, aa), password); -} - - -// KDE 4: make it const TQString & -TQString KSSLCertificateHome::getDefaultCertificateName(TQString host, KSSLAuthAction *aa) { -KSimpleConfig cfg("ksslauthmap", false); - -#ifdef Q_WS_WIN //temporary - if (!cfg.hasGroup(host)) { -#else - if (!cfg.hasGroup(KResolver::domainToAscii(host))) { -#endif - if (aa) *aa = AuthNone; - return TQString::null; - } else { -#ifdef Q_WS_WIN //temporary - cfg.setGroup(host); -#else - cfg.setGroup(KResolver::domainToAscii(host)); -#endif - if (aa) { - bool tmp = cfg.readBoolEntry("send", false); - *aa = AuthSend; - if (!tmp) { - tmp = cfg.readBoolEntry("prompt", false); - *aa = AuthPrompt; - if (!tmp) { - *aa = AuthDont; - } - } - } - return cfg.readEntry("certificate", ""); - } -} - - -TQString KSSLCertificateHome::getDefaultCertificateName(KSSLAuthAction *aa) { -TDEConfig cfg("cryptodefaults", false); - - cfg.setGroup("Auth"); - if (aa) { - TQString am = cfg.readEntry("AuthMethod", ""); - if (am == "send") - *aa = AuthSend; - else if (am == "prompt") - *aa = AuthPrompt; - else - *aa = AuthDont; - } - -return cfg.readEntry("DefaultCert", ""); -} - - -// KDE 4: make it const TQString & -KSSLPKCS12* KSSLCertificateHome::getDefaultCertificate(TQString password, KSSLAuthAction *aa) { -TQString name = KSSLCertificateHome::getDefaultCertificateName(aa); -KSimpleConfig cfg("ksslcertificates", false); - - if (name.isEmpty()) return NULL; - - cfg.setGroup(name); - return KSSLPKCS12::fromString(cfg.readEntry("PKCS12Base64", ""), password); -} - - - -KSSLPKCS12* KSSLCertificateHome::getDefaultCertificate(KSSLAuthAction *aa) { -TQString name = KSSLCertificateHome::getDefaultCertificateName(aa); -KSimpleConfig cfg("ksslcertificates", false); - - if (name.isEmpty()) return NULL; - - cfg.setGroup(name); - return KSSLPKCS12::fromString(cfg.readEntry("PKCS12Base64", ""), - cfg.readEntry("Password", "")); -} - - -// KDE 4: make it const TQString & -void KSSLCertificateHome::setDefaultCertificate(TQString name, bool send, bool prompt) { -KSimpleConfig cfg("ksslauthmap", false); - - cfg.setGroup(""); - cfg.writeEntry("defaultCertificate", name); - cfg.writeEntry("send", send); - cfg.writeEntry("prompt", prompt); -} - - -void KSSLCertificateHome::setDefaultCertificate(KSSLPKCS12 *cert, bool send, bool prompt) { - if (cert) - KSSLCertificateHome::setDefaultCertificate(cert->name(), send, prompt); -} - diff --git a/tdeio/kssl/ksslcertificatehome.cpp b/tdeio/kssl/ksslcertificatehome.cpp new file mode 100644 index 000000000..39470c5ab --- /dev/null +++ b/tdeio/kssl/ksslcertificatehome.cpp @@ -0,0 +1,246 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2000-2005 George Staikos + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + +#include +#include +#include + +#include +#include + +using namespace KNetwork; + +TQStringList KSSLCertificateHome::getCertificateList() { +KSimpleConfig cfg("ksslcertificates", false); +TQStringList list = cfg.groupList(); +TQString defaultstr(""); +TQString blankstr(""); + +list.remove(defaultstr); +list.remove(blankstr); + +return list; +} + + +// KDE 4: make it const TQString & +void KSSLCertificateHome::setDefaultCertificate(TQString name, TQString host, bool send, bool prompt) { +KSimpleConfig cfg("ksslauthmap", false); + +#ifdef Q_WS_WIN //temporary + cfg.setGroup(host); +#else + cfg.setGroup(KResolver::domainToAscii(host)); +#endif + cfg.writeEntry("certificate", name); + cfg.writeEntry("send", send); + cfg.writeEntry("prompt", prompt); + cfg.sync(); +} + + +// KDE 4: make it const TQString & +void KSSLCertificateHome::setDefaultCertificate(KSSLPKCS12 *cert, TQString host, bool send, bool prompt) { + if (cert) + KSSLCertificateHome::setDefaultCertificate(cert->name(), host, send, prompt); +} + + +// KDE 4: make it const TQString & +bool KSSLCertificateHome::addCertificate(TQString filename, TQString password, bool storePass) { +KSSLPKCS12 *pkcs = KSSLPKCS12::loadCertFile(filename, password); + + if (!pkcs) return false; + + KSSLCertificateHome::addCertificate(pkcs, storePass?password:TQString("")); + delete pkcs; + +return true; +} + + +// KDE 4: make it const TQString & +bool KSSLCertificateHome::addCertificate(KSSLPKCS12 *cert, TQString passToStore) { + if (!cert) return false; + +KSimpleConfig cfg("ksslcertificates", false); + + cfg.setGroup(cert->name()); + cfg.writeEntry("PKCS12Base64", cert->toString()); + cfg.writeEntry("Password", passToStore); + cfg.sync(); +return true; +} + +bool KSSLCertificateHome::deleteCertificate(const TQString &filename, const TQString &password) { +KSSLPKCS12 *pkcs = KSSLPKCS12::loadCertFile(filename, password); + + if (!pkcs) return false; + + bool ok = deleteCertificate(pkcs); + delete pkcs; + +return ok; +} + +bool KSSLCertificateHome::deleteCertificate(KSSLPKCS12 *cert) { + if (!cert) return false; + + return deleteCertificateByName(cert->name()); +} + +bool KSSLCertificateHome::deleteCertificateByName(const TQString &name) { + if (name.isEmpty()) return false; + +KSimpleConfig cfg("ksslcertificates", false); + + bool ok = cfg.deleteGroup(name); + cfg.sync(); + +return ok; +} + +// KDE 4: make it const TQString & +KSSLPKCS12* KSSLCertificateHome::getCertificateByName(TQString name, TQString password) { +KSimpleConfig cfg("ksslcertificates", false); + if (!cfg.hasGroup(name)) return NULL; + + cfg.setGroup(name); + + return KSSLPKCS12::fromString(cfg.readEntry("PKCS12Base64", ""), password); +} + + +// KDE 4: make it const TQString & +KSSLPKCS12* KSSLCertificateHome::getCertificateByName(TQString name) { +KSimpleConfig cfg("ksslcertificates", false); + if (!cfg.hasGroup(name)) return NULL; + + cfg.setGroup(name); + + return KSSLPKCS12::fromString(cfg.readEntry("PKCS12Base64", ""), cfg.readEntry("Password", "")); +} + + +// KDE 4: make it const TQString & +bool KSSLCertificateHome::hasCertificateByName(TQString name) { +KSimpleConfig cfg("ksslcertificates", false); + if (!cfg.hasGroup(name)) return false; + return true; +} + +// KDE 4: make it const TQString & +KSSLPKCS12* KSSLCertificateHome::getCertificateByHost(TQString host, TQString password, KSSLAuthAction *aa) { + return KSSLCertificateHome::getCertificateByName(KSSLCertificateHome::getDefaultCertificateName(host, aa), password); +} + + +// KDE 4: make it const TQString & +TQString KSSLCertificateHome::getDefaultCertificateName(TQString host, KSSLAuthAction *aa) { +KSimpleConfig cfg("ksslauthmap", false); + +#ifdef Q_WS_WIN //temporary + if (!cfg.hasGroup(host)) { +#else + if (!cfg.hasGroup(KResolver::domainToAscii(host))) { +#endif + if (aa) *aa = AuthNone; + return TQString::null; + } else { +#ifdef Q_WS_WIN //temporary + cfg.setGroup(host); +#else + cfg.setGroup(KResolver::domainToAscii(host)); +#endif + if (aa) { + bool tmp = cfg.readBoolEntry("send", false); + *aa = AuthSend; + if (!tmp) { + tmp = cfg.readBoolEntry("prompt", false); + *aa = AuthPrompt; + if (!tmp) { + *aa = AuthDont; + } + } + } + return cfg.readEntry("certificate", ""); + } +} + + +TQString KSSLCertificateHome::getDefaultCertificateName(KSSLAuthAction *aa) { +TDEConfig cfg("cryptodefaults", false); + + cfg.setGroup("Auth"); + if (aa) { + TQString am = cfg.readEntry("AuthMethod", ""); + if (am == "send") + *aa = AuthSend; + else if (am == "prompt") + *aa = AuthPrompt; + else + *aa = AuthDont; + } + +return cfg.readEntry("DefaultCert", ""); +} + + +// KDE 4: make it const TQString & +KSSLPKCS12* KSSLCertificateHome::getDefaultCertificate(TQString password, KSSLAuthAction *aa) { +TQString name = KSSLCertificateHome::getDefaultCertificateName(aa); +KSimpleConfig cfg("ksslcertificates", false); + + if (name.isEmpty()) return NULL; + + cfg.setGroup(name); + return KSSLPKCS12::fromString(cfg.readEntry("PKCS12Base64", ""), password); +} + + + +KSSLPKCS12* KSSLCertificateHome::getDefaultCertificate(KSSLAuthAction *aa) { +TQString name = KSSLCertificateHome::getDefaultCertificateName(aa); +KSimpleConfig cfg("ksslcertificates", false); + + if (name.isEmpty()) return NULL; + + cfg.setGroup(name); + return KSSLPKCS12::fromString(cfg.readEntry("PKCS12Base64", ""), + cfg.readEntry("Password", "")); +} + + +// KDE 4: make it const TQString & +void KSSLCertificateHome::setDefaultCertificate(TQString name, bool send, bool prompt) { +KSimpleConfig cfg("ksslauthmap", false); + + cfg.setGroup(""); + cfg.writeEntry("defaultCertificate", name); + cfg.writeEntry("send", send); + cfg.writeEntry("prompt", prompt); +} + + +void KSSLCertificateHome::setDefaultCertificate(KSSLPKCS12 *cert, bool send, bool prompt) { + if (cert) + KSSLCertificateHome::setDefaultCertificate(cert->name(), send, prompt); +} + diff --git a/tdeio/kssl/ksslconnectioninfo.cc b/tdeio/kssl/ksslconnectioninfo.cc deleted file mode 100644 index ccc7fc780..000000000 --- a/tdeio/kssl/ksslconnectioninfo.cc +++ /dev/null @@ -1,66 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2000 George Staikos - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - -#include "ksslconnectioninfo.h" - - -KSSLConnectionInfo::KSSLConnectionInfo() { - clean(); -} - - -KSSLConnectionInfo::~KSSLConnectionInfo() { - -} - - -void KSSLConnectionInfo::clean() { - m_iCipherUsedBits = 0; - m_iCipherBits = 0; - m_cipherName = ""; -} - - -const TQString& KSSLConnectionInfo::getCipherVersion() const { - return m_cipherVersion; -} - - -const TQString& KSSLConnectionInfo::getCipherDescription() const { - return m_cipherDescription; -} - - -const TQString& KSSLConnectionInfo::getCipher() const { - return m_cipherName; -} - - -int KSSLConnectionInfo::getCipherUsedBits() const { - return m_iCipherUsedBits; -} - - -int KSSLConnectionInfo::getCipherBits() const { - return m_iCipherBits; -} - - - diff --git a/tdeio/kssl/ksslconnectioninfo.cpp b/tdeio/kssl/ksslconnectioninfo.cpp new file mode 100644 index 000000000..ccc7fc780 --- /dev/null +++ b/tdeio/kssl/ksslconnectioninfo.cpp @@ -0,0 +1,66 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2000 George Staikos + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + +#include "ksslconnectioninfo.h" + + +KSSLConnectionInfo::KSSLConnectionInfo() { + clean(); +} + + +KSSLConnectionInfo::~KSSLConnectionInfo() { + +} + + +void KSSLConnectionInfo::clean() { + m_iCipherUsedBits = 0; + m_iCipherBits = 0; + m_cipherName = ""; +} + + +const TQString& KSSLConnectionInfo::getCipherVersion() const { + return m_cipherVersion; +} + + +const TQString& KSSLConnectionInfo::getCipherDescription() const { + return m_cipherDescription; +} + + +const TQString& KSSLConnectionInfo::getCipher() const { + return m_cipherName; +} + + +int KSSLConnectionInfo::getCipherUsedBits() const { + return m_iCipherUsedBits; +} + + +int KSSLConnectionInfo::getCipherBits() const { + return m_iCipherBits; +} + + + diff --git a/tdeio/kssl/ksslcsessioncache.cc b/tdeio/kssl/ksslcsessioncache.cc deleted file mode 100644 index d39638717..000000000 --- a/tdeio/kssl/ksslcsessioncache.cc +++ /dev/null @@ -1,120 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2003 Stefan Rompf - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - -#include -#include -#include - -#include -#include -#include - -#ifdef Q_WS_WIN -#include "ksslconfig_win.h" -#else -#include "ksslconfig.h" -#endif - -#include "ksslcsessioncache.h" - -/* - * Operation: - * - * Sessions will be stored per running application, not KDE - * wide, to avoid security problems with hostile programs - * that negotiate sessions with weak cryptographic keys and store - * them for everybody to use - I really don't want that. - * - * Retrieval is organised similiar to George's thoughts in the KSSLD - * certificate cache: The cache is organised as a list, with the - * recently fetched (or stored) session first. - * - * The cache has an artificial limit of 32 sessions (should really - * be enough), and relies on the peer server for timeouts - * - */ -#define MAX_ENTRIES 32 - -#ifdef KSSL_HAVE_SSL - -typedef QPair KSSLCSession; -typedef TQPtrList KSSLCSessions; - -static KSSLCSessions *sessions = 0L; -static KStaticDeleter med; - - -static TQString URLtoKey(const KURL &kurl) { - return kurl.host() + ":" + kurl.protocol() + ":" + TQString::number(kurl.port()); -} - - -static void setup() { - KSSLCSessions *ses = new KSSLCSessions; - ses->setAutoDelete(true); - med.setObject(sessions, ses); -} - -#endif - -TQString KSSLCSessionCache::getSessionForURL(const KURL &kurl) { -#ifdef KSSL_HAVE_SSL - if (!sessions) return TQString::null; - TQString key = URLtoKey(kurl); - - for(KSSLCSession *it = sessions->first(); it; it=sessions->next()) { - if (it->first == key) { - sessions->take(); - sessions->prepend(it); - return it->second; - } - } - - // Negative caching disabled: cache pollution -#if 0 - kdDebug(7029) <<"Negative caching " <count() >= MAX_ENTRIES) sessions->removeLast(); - sessions->prepend(new KSSLCSession(key, TQString::null)); -#endif - -#endif - return TQString::null; -} - - -void KSSLCSessionCache::putSessionForURL(const KURL &kurl, const TQString &session) { -#ifdef KSSL_HAVE_SSL - if (!sessions) setup(); - TQString key = URLtoKey(kurl); - KSSLCSession *it; - - for(it = sessions->first(); it && it->first != key; it=sessions->next()); - - if (it) { - sessions->take(); - it->second = session; - } else { - it = new KSSLCSession(key, session); - if (sessions->count() >= MAX_ENTRIES) sessions->removeLast(); - } - - sessions->prepend(it); -#endif -} diff --git a/tdeio/kssl/ksslcsessioncache.cpp b/tdeio/kssl/ksslcsessioncache.cpp new file mode 100644 index 000000000..d39638717 --- /dev/null +++ b/tdeio/kssl/ksslcsessioncache.cpp @@ -0,0 +1,120 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2003 Stefan Rompf + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + +#include +#include +#include + +#include +#include +#include + +#ifdef Q_WS_WIN +#include "ksslconfig_win.h" +#else +#include "ksslconfig.h" +#endif + +#include "ksslcsessioncache.h" + +/* + * Operation: + * + * Sessions will be stored per running application, not KDE + * wide, to avoid security problems with hostile programs + * that negotiate sessions with weak cryptographic keys and store + * them for everybody to use - I really don't want that. + * + * Retrieval is organised similiar to George's thoughts in the KSSLD + * certificate cache: The cache is organised as a list, with the + * recently fetched (or stored) session first. + * + * The cache has an artificial limit of 32 sessions (should really + * be enough), and relies on the peer server for timeouts + * + */ +#define MAX_ENTRIES 32 + +#ifdef KSSL_HAVE_SSL + +typedef QPair KSSLCSession; +typedef TQPtrList KSSLCSessions; + +static KSSLCSessions *sessions = 0L; +static KStaticDeleter med; + + +static TQString URLtoKey(const KURL &kurl) { + return kurl.host() + ":" + kurl.protocol() + ":" + TQString::number(kurl.port()); +} + + +static void setup() { + KSSLCSessions *ses = new KSSLCSessions; + ses->setAutoDelete(true); + med.setObject(sessions, ses); +} + +#endif + +TQString KSSLCSessionCache::getSessionForURL(const KURL &kurl) { +#ifdef KSSL_HAVE_SSL + if (!sessions) return TQString::null; + TQString key = URLtoKey(kurl); + + for(KSSLCSession *it = sessions->first(); it; it=sessions->next()) { + if (it->first == key) { + sessions->take(); + sessions->prepend(it); + return it->second; + } + } + + // Negative caching disabled: cache pollution +#if 0 + kdDebug(7029) <<"Negative caching " <count() >= MAX_ENTRIES) sessions->removeLast(); + sessions->prepend(new KSSLCSession(key, TQString::null)); +#endif + +#endif + return TQString::null; +} + + +void KSSLCSessionCache::putSessionForURL(const KURL &kurl, const TQString &session) { +#ifdef KSSL_HAVE_SSL + if (!sessions) setup(); + TQString key = URLtoKey(kurl); + KSSLCSession *it; + + for(it = sessions->first(); it && it->first != key; it=sessions->next()); + + if (it) { + sessions->take(); + it->second = session; + } else { + it = new KSSLCSession(key, session); + if (sessions->count() >= MAX_ENTRIES) sessions->removeLast(); + } + + sessions->prepend(it); +#endif +} diff --git a/tdeio/kssl/ksslinfodlg.cc b/tdeio/kssl/ksslinfodlg.cc deleted file mode 100644 index 37e13854e..000000000 --- a/tdeio/kssl/ksslinfodlg.cc +++ /dev/null @@ -1,475 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2000,2001 George Staikos - * Copyright (C) 2000 Malte Starostik - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - -#include "ksslinfodlg.h" - -#include - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -//#include -//#include -#include -#include "ksslcertificate.h" -#include "ksslcertchain.h" -#include "ksslsigners.h" - - -class KSSLInfoDlg::KSSLInfoDlgPrivate { - private: - friend class KSSLInfoDlg; - bool m_secCon; - TQGridLayout *m_layout; - KComboBox *_chain; - KSSLCertificate *_cert; - KSSLCertificate::KSSLValidationList _cert_ksvl; - - bool inQuestion; - - TQLabel *_serialNum; - TQLabel *_csl; - TQLabel *_validFrom; - TQLabel *_validUntil; - TQLabel *_digest; - - TQLabel *pixmap; - TQLabel *info; - - KSSLCertBox *_subject, *_issuer; -}; - - - -KSSLInfoDlg::KSSLInfoDlg(bool secureConnection, TQWidget *parent, const char *name, bool modal) - : KDialog(parent, name, modal, (WFlags)TQt::WDestructiveClose), d(new KSSLInfoDlgPrivate) { - TQVBoxLayout *topLayout = new TQVBoxLayout(this, KDialog::marginHint(), KDialog::spacingHint()); - d->m_secCon = secureConnection; - d->m_layout = new TQGridLayout(topLayout, 3, 3, KDialog::spacingHint()); - d->m_layout->setColStretch(1, 1); - d->m_layout->setColStretch(2, 1); - - d->pixmap = new TQLabel(this); - d->m_layout->addWidget(d->pixmap, 0, 0); - - d->info = new TQLabel(this); - d->m_layout->addWidget(d->info, 0, 1); - - if (KSSL::doesSSLWork()) { - if (d->m_secCon) { - d->pixmap->setPixmap(BarIcon("encrypted")); - d->info->setText(i18n("Current connection is secured with SSL.")); - } else { - d->pixmap->setPixmap(BarIcon("decrypted")); - d->info->setText(i18n("Current connection is not secured with SSL.")); - } - } else { - d->pixmap->setPixmap(BarIcon("decrypted")); - d->info->setText(i18n("SSL support is not available in this build of TDE.")); - } - d->m_layout->addRowSpacing( 0, 50 ); // give minimum height to look better - - TQHBoxLayout *buttonLayout = new TQHBoxLayout(topLayout, KDialog::spacingHint()); - buttonLayout->addStretch( 1 ); - - KPushButton *button; - - if (KSSL::doesSSLWork()) { - button = new KPushButton(KGuiItem(i18n("C&ryptography Configuration..."),"configure"), this); - connect(button, TQT_SIGNAL(clicked()), TQT_SLOT(launchConfig())); - buttonLayout->addWidget( button ); - } - - button = new KPushButton(KStdGuiItem::close(), this); - connect(button, TQT_SIGNAL(clicked()), TQT_SLOT(close())); - buttonLayout->addWidget( button ); - - button->setFocus(); - - setCaption(i18n("TDE SSL Information")); - d->inQuestion = false; - } - - -KSSLInfoDlg::~KSSLInfoDlg() { - delete d; -} - -void KSSLInfoDlg::launchConfig() { - TDEProcess p; - p << "tdecmshell" << "crypto"; - p.start(TDEProcess::DontCare); -} - - -void KSSLInfoDlg::setSecurityInQuestion(bool isIt) { - d->inQuestion = isIt; - if (KSSL::doesSSLWork()) { - if (isIt) { - d->pixmap->setPixmap(BarIcon("halfencrypted")); - if (d->m_secCon) { - d->info->setText(i18n("The main part of this document is secured with SSL, but some parts are not.")); - } - else { - d->info->setText(i18n("Some of this document is secured with SSL, but the main part is not.")); - } - } - else { - if (d->m_secCon) { - d->pixmap->setPixmap(BarIcon("encrypted")); - d->info->setText(i18n("Current connection is secured with SSL.")); - } - else { - d->pixmap->setPixmap(BarIcon("decrypted")); - d->info->setText(i18n("Current connection is not secured with SSL.")); - } - } - } -} - - -void KSSLInfoDlg::setup( KSSL & ssl, const TQString & ip, const TQString & url ) -{ - setup( - &ssl.peerInfo().getPeerCertificate(), - ip, - url, - ssl.connectionInfo().getCipher(), - ssl.connectionInfo().getCipherDescription(), - ssl.connectionInfo().getCipherVersion(), - ssl.connectionInfo().getCipherUsedBits(), - ssl.connectionInfo().getCipherBits(), - ssl.peerInfo().getPeerCertificate().validate() - ); -} - -void KSSLInfoDlg::setup(KSSLCertificate *cert, - const TQString& ip, const TQString& url, - const TQString& cipher, const TQString& cipherdesc, - const TQString& sslversion, int usedbits, int bits, - KSSLCertificate::KSSLValidation /*certState*/) { - // Needed to put the GUI stuff here to get the layouting right - - d->_cert = cert; - - TQGridLayout *layout = new TQGridLayout(4, 2, KDialog::spacingHint()); - - layout->addWidget(new TQLabel(i18n("Chain:"), this), 0, 0); - d->_chain = new KComboBox(this); - layout->addMultiCellWidget(d->_chain, 1, 1, 0, 1); - connect(d->_chain, TQT_SIGNAL(activated(int)), this, TQT_SLOT(slotChain(int))); - - d->_chain->clear(); - - if (cert->chain().isValid() && cert->chain().depth() > 1) { - d->_chain->setEnabled(true); - d->_chain->insertItem(i18n("0 - Site Certificate")); - int cnt = 0; - TQPtrList cl = cert->chain().getChain(); - cl.setAutoDelete(true); - for (KSSLCertificate *c = cl.first(); c != 0; c = cl.next()) { - KSSLX509Map map(c->getSubject()); - TQString id; - id = map.getValue("CN"); - if (id.length() == 0) - id = map.getValue("O"); - if (id.length() == 0) - id = map.getValue("OU"); - d->_chain->insertItem(TQString::number(++cnt)+" - "+id); - } - d->_chain->setCurrentItem(0); - } else d->_chain->setEnabled(false); - - layout->addWidget(new TQLabel(i18n("Peer certificate:"), this), 2, 0); - layout->addWidget(d->_subject = static_cast(buildCertInfo(cert->getSubject())), 3, 0); - layout->addWidget(new TQLabel(i18n("Issuer:"), this), 2, 1); - layout->addWidget(d->_issuer = static_cast(buildCertInfo(cert->getIssuer())), 3, 1); - d->m_layout->addMultiCell(layout, 1, 1, 0, 2); - - layout = new TQGridLayout(11, 2, KDialog::spacingHint()); - layout->setColStretch(1, 1); - TQLabel *ipl = new TQLabel(i18n("IP address:"), this); - layout->addWidget(ipl, 0, 0); - if (ip.isEmpty()) { - ipl->hide(); - } - layout->addWidget(ipl = new TQLabel(ip, this), 0, 1); - if (ip.isEmpty()) { - ipl->hide(); - } - layout->addWidget(new TQLabel(i18n("URL:"), this), 1, 0); - KSqueezedTextLabel *urlLabel = new KSqueezedTextLabel(url, this); - layout->addWidget(urlLabel, 1, 1); - layout->addWidget(new TQLabel(i18n("Certificate state:"), this), 2, 0); - - layout->addWidget(d->_csl = new TQLabel("", this), 2, 1); - - update(); - - layout->addWidget(new TQLabel(i18n("Valid from:"), this), 3, 0); - layout->addWidget(d->_validFrom = new TQLabel("", this), 3, 1); - layout->addWidget(new TQLabel(i18n("Valid until:"), this), 4, 0); - layout->addWidget(d->_validUntil = new TQLabel("", this), 4, 1); - - layout->addWidget(new TQLabel(i18n("Serial number:"), this), 5, 0); - layout->addWidget(d->_serialNum = new TQLabel("", this), 5, 1); - layout->addWidget(new TQLabel(i18n("MD5 digest:"), this), 6, 0); - layout->addWidget(d->_digest = new TQLabel("", this), 6, 1); - - layout->addWidget(new TQLabel(i18n("Cipher in use:"), this), 7, 0); - layout->addWidget(new TQLabel(cipher, this), 7, 1); - layout->addWidget(new TQLabel(i18n("Details:"), this), 8, 0); - layout->addWidget(new TQLabel(cipherdesc.simplifyWhiteSpace(), this), 8, 1); - layout->addWidget(new TQLabel(i18n("SSL version:"), this), 9, 0); - layout->addWidget(new TQLabel(sslversion, this), 9, 1); - layout->addWidget(new TQLabel(i18n("Cipher strength:"), this), 10, 0); - layout->addWidget(new TQLabel(i18n("%1 bits used of a %2 bit cipher").arg(usedbits).arg(bits), this), 10, 1); - d->m_layout->addMultiCell(layout, 2, 2, 0, 2); - - ipl->setTextFormat(TQt::PlainText); - urlLabel->setTextFormat(TQt::PlainText); - d->_serialNum->setTextFormat(TQt::PlainText); - d->_csl->setTextFormat(TQt::PlainText); - d->_validFrom->setTextFormat(TQt::PlainText); - d->_validUntil->setTextFormat(TQt::PlainText); - d->_digest->setTextFormat(TQt::PlainText); - - displayCert(cert); -} - -void KSSLInfoDlg::setCertState(const TQString &errorNrs) -{ - d->_cert_ksvl.clear(); - TQStringList errors = TQStringList::split(':', errorNrs); - for(TQStringList::ConstIterator it = errors.begin(); - it != errors.end(); ++it) - { - d->_cert_ksvl << (KSSLCertificate::KSSLValidation) (*it).toInt(); - } -} - -void KSSLInfoDlg::displayCert(KSSLCertificate *x) { - TQPalette cspl; - - d->_serialNum->setText(x->getSerialNumber()); - - cspl = d->_validFrom->palette(); - if (x->getQDTNotBefore() > TQDateTime::currentDateTime(Qt::UTC)) - cspl.setColor(TQColorGroup::Foreground, TQColor(196,33,21)); - else cspl.setColor(TQColorGroup::Foreground, TQColor(42,153,59)); - d->_validFrom->setPalette(cspl); - d->_validFrom->setText(x->getNotBefore()); - - cspl = d->_validUntil->palette(); - if (x->getQDTNotAfter() < TQDateTime::currentDateTime(Qt::UTC)) - cspl.setColor(TQColorGroup::Foreground, TQColor(196,33,21)); - else cspl.setColor(TQColorGroup::Foreground, TQColor(42,153,59)); - d->_validUntil->setPalette(cspl); - d->_validUntil->setText(x->getNotAfter()); - - cspl = palette(); - - KSSLCertificate::KSSLValidation ksv; - KSSLCertificate::KSSLValidationList ksvl; - if ((x == d->_cert) && !d->_cert_ksvl.isEmpty()) { - ksvl = d->_cert_ksvl; - ksv = ksvl.first(); - } else { - if (x == d->_cert) - ksvl = d->_cert->validateVerbose(KSSLCertificate::SSLServer); - else - ksvl = d->_cert->validateVerbose(KSSLCertificate::SSLServer, x); - - if (ksvl.isEmpty()) - ksvl << KSSLCertificate::Ok; - - ksv = ksvl.first(); - - if (ksv == KSSLCertificate::SelfSigned) { - if (x->getQDTNotAfter() > TQDateTime::currentDateTime(Qt::UTC) && - x->getQDTNotBefore() < TQDateTime::currentDateTime(Qt::UTC)) { - if (KSSLSigners().useForSSL(*x)) - ksv = KSSLCertificate::Ok; - } else { - ksv = KSSLCertificate::Expired; - } - } - } - - if (ksv == KSSLCertificate::Ok) { - cspl.setColor(TQColorGroup::Foreground, TQColor(42,153,59)); - } else if (ksv != KSSLCertificate::Irrelevant) { - cspl.setColor(TQColorGroup::Foreground, TQColor(196,33,21)); - } - d->_csl->setPalette(cspl); - - TQString errorStr; - for(KSSLCertificate::KSSLValidationList::ConstIterator it = ksvl.begin(); - it != ksvl.end(); ++it) { - if (!errorStr.isEmpty()) - errorStr.append('\n'); - errorStr += KSSLCertificate::verifyText(*it); - } - - d->_csl->setText(errorStr); - d->_csl->setMinimumSize(d->_csl->sizeHint()); - - d->_subject->setValues(x->getSubject()); - d->_issuer->setValues(x->getIssuer()); - - d->_digest->setText(x->getMD5DigestText()); -} - - -void KSSLInfoDlg::slotChain(int x) { - if (x == 0) { - displayCert(d->_cert); - } else { - TQPtrList cl = d->_cert->chain().getChain(); - cl.setAutoDelete(true); - for (int i = 0; i < x-1; i++) - cl.remove((unsigned int)0); - KSSLCertificate thisCert = *(cl.at(0)); - cl.remove((unsigned int)0); - thisCert.chain().setChain(cl); - displayCert(&thisCert); - } -} - - -KSSLCertBox *KSSLInfoDlg::certInfoWidget(TQWidget *parent, const TQString &certName, TQWidget *mailCatcher) { - KSSLCertBox *result = new KSSLCertBox(parent); - if (!certName.isEmpty()) { - result->setValues(certName, mailCatcher); - } - return result; -} - - -KSSLCertBox::KSSLCertBox(TQWidget *parent, const char *name, WFlags f) -: TQScrollView(parent, name, f) -{ - _frame = 0L; - setBackgroundMode(TQWidget::PaletteButton); - setValues(TQString::null, 0L); -} - - -void KSSLCertBox::setValues(TQString certName, TQWidget *mailCatcher) { - if (_frame) { - removeChild(_frame); - delete _frame; - } - - if (certName.isEmpty()) { - _frame = new TQFrame(this); - addChild(_frame); - viewport()->setBackgroundMode(_frame->backgroundMode()); - _frame->show(); - updateScrollBars(); - show(); - return; - } - - KSSLX509Map cert(certName); - TQString tmp; - viewport()->setBackgroundMode(TQWidget::PaletteButton); - _frame = new TQFrame(this); - TQGridLayout *grid = new TQGridLayout(_frame, 1, 2, KDialog::marginHint(), KDialog::spacingHint()); - grid->setAutoAdd(true); - TQLabel *label = 0L; - if (!(tmp = cert.getValue("O")).isEmpty()) { - label = new TQLabel(i18n("Organization:"), _frame); - label->setAlignment(Qt::AlignLeft | Qt::AlignTop); - (new TQLabel(tmp, _frame))->setTextFormat(TQt::PlainText); - } - if (!(tmp = cert.getValue("OU")).isEmpty()) { - label = new TQLabel(i18n("Organizational unit:"), _frame); - label->setAlignment(Qt::AlignLeft | Qt::AlignTop); - (new TQLabel(tmp, _frame))->setTextFormat(TQt::PlainText); - } - if (!(tmp = cert.getValue("L")).isEmpty()) { - label = new TQLabel(i18n("Locality:"), _frame); - label->setAlignment(Qt::AlignLeft | Qt::AlignTop); - (new TQLabel(tmp, _frame))->setTextFormat(TQt::PlainText); - } - if (!(tmp = cert.getValue("ST")).isEmpty()) { - label = new TQLabel(i18n("Federal State","State:"), _frame); - label->setAlignment(Qt::AlignLeft | Qt::AlignTop); - (new TQLabel(tmp, _frame))->setTextFormat(TQt::PlainText); - } - if (!(tmp = cert.getValue("C")).isEmpty()) { - label = new TQLabel(i18n("Country:"), _frame); - label->setAlignment(Qt::AlignLeft | Qt::AlignTop); - (new TQLabel(tmp, _frame))->setTextFormat(TQt::PlainText); - } - if (!(tmp = cert.getValue("CN")).isEmpty()) { - label = new TQLabel(i18n("Common name:"), _frame); - label->setAlignment(Qt::AlignLeft | Qt::AlignTop); - (new TQLabel(tmp, _frame))->setTextFormat(TQt::PlainText); - } - if (!(tmp = cert.getValue("Email")).isEmpty()) { - label = new TQLabel(i18n("Email:"), _frame); - label->setAlignment(Qt::AlignLeft | Qt::AlignTop); - if (mailCatcher) { - KURLLabel *mail = new KURLLabel(tmp, tmp, _frame); - connect(mail, TQT_SIGNAL(leftClickedURL(const TQString &)), mailCatcher, TQT_SLOT(mailClicked(const TQString &))); - } else { - label = new TQLabel(tmp, _frame); - label->setTextFormat(TQt::PlainText); - } - } - if (label && viewport()) { - viewport()->setBackgroundMode(label->backgroundMode()); - } - addChild(_frame); - updateScrollBars(); - _frame->show(); - show(); -} - - -TQScrollView *KSSLInfoDlg::buildCertInfo(const TQString &certName) { - return KSSLInfoDlg::certInfoWidget(this, certName, this); -} - -void KSSLInfoDlg::urlClicked(const TQString &url) { - kapp->invokeBrowser(url); -} - -void KSSLInfoDlg::mailClicked(const TQString &url) { - kapp->invokeMailer(url, TQString::null); -} - -#include "ksslinfodlg.moc" diff --git a/tdeio/kssl/ksslinfodlg.cpp b/tdeio/kssl/ksslinfodlg.cpp new file mode 100644 index 000000000..37e13854e --- /dev/null +++ b/tdeio/kssl/ksslinfodlg.cpp @@ -0,0 +1,475 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2000,2001 George Staikos + * Copyright (C) 2000 Malte Starostik + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + +#include "ksslinfodlg.h" + +#include + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +//#include +//#include +#include +#include "ksslcertificate.h" +#include "ksslcertchain.h" +#include "ksslsigners.h" + + +class KSSLInfoDlg::KSSLInfoDlgPrivate { + private: + friend class KSSLInfoDlg; + bool m_secCon; + TQGridLayout *m_layout; + KComboBox *_chain; + KSSLCertificate *_cert; + KSSLCertificate::KSSLValidationList _cert_ksvl; + + bool inQuestion; + + TQLabel *_serialNum; + TQLabel *_csl; + TQLabel *_validFrom; + TQLabel *_validUntil; + TQLabel *_digest; + + TQLabel *pixmap; + TQLabel *info; + + KSSLCertBox *_subject, *_issuer; +}; + + + +KSSLInfoDlg::KSSLInfoDlg(bool secureConnection, TQWidget *parent, const char *name, bool modal) + : KDialog(parent, name, modal, (WFlags)TQt::WDestructiveClose), d(new KSSLInfoDlgPrivate) { + TQVBoxLayout *topLayout = new TQVBoxLayout(this, KDialog::marginHint(), KDialog::spacingHint()); + d->m_secCon = secureConnection; + d->m_layout = new TQGridLayout(topLayout, 3, 3, KDialog::spacingHint()); + d->m_layout->setColStretch(1, 1); + d->m_layout->setColStretch(2, 1); + + d->pixmap = new TQLabel(this); + d->m_layout->addWidget(d->pixmap, 0, 0); + + d->info = new TQLabel(this); + d->m_layout->addWidget(d->info, 0, 1); + + if (KSSL::doesSSLWork()) { + if (d->m_secCon) { + d->pixmap->setPixmap(BarIcon("encrypted")); + d->info->setText(i18n("Current connection is secured with SSL.")); + } else { + d->pixmap->setPixmap(BarIcon("decrypted")); + d->info->setText(i18n("Current connection is not secured with SSL.")); + } + } else { + d->pixmap->setPixmap(BarIcon("decrypted")); + d->info->setText(i18n("SSL support is not available in this build of TDE.")); + } + d->m_layout->addRowSpacing( 0, 50 ); // give minimum height to look better + + TQHBoxLayout *buttonLayout = new TQHBoxLayout(topLayout, KDialog::spacingHint()); + buttonLayout->addStretch( 1 ); + + KPushButton *button; + + if (KSSL::doesSSLWork()) { + button = new KPushButton(KGuiItem(i18n("C&ryptography Configuration..."),"configure"), this); + connect(button, TQT_SIGNAL(clicked()), TQT_SLOT(launchConfig())); + buttonLayout->addWidget( button ); + } + + button = new KPushButton(KStdGuiItem::close(), this); + connect(button, TQT_SIGNAL(clicked()), TQT_SLOT(close())); + buttonLayout->addWidget( button ); + + button->setFocus(); + + setCaption(i18n("TDE SSL Information")); + d->inQuestion = false; + } + + +KSSLInfoDlg::~KSSLInfoDlg() { + delete d; +} + +void KSSLInfoDlg::launchConfig() { + TDEProcess p; + p << "tdecmshell" << "crypto"; + p.start(TDEProcess::DontCare); +} + + +void KSSLInfoDlg::setSecurityInQuestion(bool isIt) { + d->inQuestion = isIt; + if (KSSL::doesSSLWork()) { + if (isIt) { + d->pixmap->setPixmap(BarIcon("halfencrypted")); + if (d->m_secCon) { + d->info->setText(i18n("The main part of this document is secured with SSL, but some parts are not.")); + } + else { + d->info->setText(i18n("Some of this document is secured with SSL, but the main part is not.")); + } + } + else { + if (d->m_secCon) { + d->pixmap->setPixmap(BarIcon("encrypted")); + d->info->setText(i18n("Current connection is secured with SSL.")); + } + else { + d->pixmap->setPixmap(BarIcon("decrypted")); + d->info->setText(i18n("Current connection is not secured with SSL.")); + } + } + } +} + + +void KSSLInfoDlg::setup( KSSL & ssl, const TQString & ip, const TQString & url ) +{ + setup( + &ssl.peerInfo().getPeerCertificate(), + ip, + url, + ssl.connectionInfo().getCipher(), + ssl.connectionInfo().getCipherDescription(), + ssl.connectionInfo().getCipherVersion(), + ssl.connectionInfo().getCipherUsedBits(), + ssl.connectionInfo().getCipherBits(), + ssl.peerInfo().getPeerCertificate().validate() + ); +} + +void KSSLInfoDlg::setup(KSSLCertificate *cert, + const TQString& ip, const TQString& url, + const TQString& cipher, const TQString& cipherdesc, + const TQString& sslversion, int usedbits, int bits, + KSSLCertificate::KSSLValidation /*certState*/) { + // Needed to put the GUI stuff here to get the layouting right + + d->_cert = cert; + + TQGridLayout *layout = new TQGridLayout(4, 2, KDialog::spacingHint()); + + layout->addWidget(new TQLabel(i18n("Chain:"), this), 0, 0); + d->_chain = new KComboBox(this); + layout->addMultiCellWidget(d->_chain, 1, 1, 0, 1); + connect(d->_chain, TQT_SIGNAL(activated(int)), this, TQT_SLOT(slotChain(int))); + + d->_chain->clear(); + + if (cert->chain().isValid() && cert->chain().depth() > 1) { + d->_chain->setEnabled(true); + d->_chain->insertItem(i18n("0 - Site Certificate")); + int cnt = 0; + TQPtrList cl = cert->chain().getChain(); + cl.setAutoDelete(true); + for (KSSLCertificate *c = cl.first(); c != 0; c = cl.next()) { + KSSLX509Map map(c->getSubject()); + TQString id; + id = map.getValue("CN"); + if (id.length() == 0) + id = map.getValue("O"); + if (id.length() == 0) + id = map.getValue("OU"); + d->_chain->insertItem(TQString::number(++cnt)+" - "+id); + } + d->_chain->setCurrentItem(0); + } else d->_chain->setEnabled(false); + + layout->addWidget(new TQLabel(i18n("Peer certificate:"), this), 2, 0); + layout->addWidget(d->_subject = static_cast(buildCertInfo(cert->getSubject())), 3, 0); + layout->addWidget(new TQLabel(i18n("Issuer:"), this), 2, 1); + layout->addWidget(d->_issuer = static_cast(buildCertInfo(cert->getIssuer())), 3, 1); + d->m_layout->addMultiCell(layout, 1, 1, 0, 2); + + layout = new TQGridLayout(11, 2, KDialog::spacingHint()); + layout->setColStretch(1, 1); + TQLabel *ipl = new TQLabel(i18n("IP address:"), this); + layout->addWidget(ipl, 0, 0); + if (ip.isEmpty()) { + ipl->hide(); + } + layout->addWidget(ipl = new TQLabel(ip, this), 0, 1); + if (ip.isEmpty()) { + ipl->hide(); + } + layout->addWidget(new TQLabel(i18n("URL:"), this), 1, 0); + KSqueezedTextLabel *urlLabel = new KSqueezedTextLabel(url, this); + layout->addWidget(urlLabel, 1, 1); + layout->addWidget(new TQLabel(i18n("Certificate state:"), this), 2, 0); + + layout->addWidget(d->_csl = new TQLabel("", this), 2, 1); + + update(); + + layout->addWidget(new TQLabel(i18n("Valid from:"), this), 3, 0); + layout->addWidget(d->_validFrom = new TQLabel("", this), 3, 1); + layout->addWidget(new TQLabel(i18n("Valid until:"), this), 4, 0); + layout->addWidget(d->_validUntil = new TQLabel("", this), 4, 1); + + layout->addWidget(new TQLabel(i18n("Serial number:"), this), 5, 0); + layout->addWidget(d->_serialNum = new TQLabel("", this), 5, 1); + layout->addWidget(new TQLabel(i18n("MD5 digest:"), this), 6, 0); + layout->addWidget(d->_digest = new TQLabel("", this), 6, 1); + + layout->addWidget(new TQLabel(i18n("Cipher in use:"), this), 7, 0); + layout->addWidget(new TQLabel(cipher, this), 7, 1); + layout->addWidget(new TQLabel(i18n("Details:"), this), 8, 0); + layout->addWidget(new TQLabel(cipherdesc.simplifyWhiteSpace(), this), 8, 1); + layout->addWidget(new TQLabel(i18n("SSL version:"), this), 9, 0); + layout->addWidget(new TQLabel(sslversion, this), 9, 1); + layout->addWidget(new TQLabel(i18n("Cipher strength:"), this), 10, 0); + layout->addWidget(new TQLabel(i18n("%1 bits used of a %2 bit cipher").arg(usedbits).arg(bits), this), 10, 1); + d->m_layout->addMultiCell(layout, 2, 2, 0, 2); + + ipl->setTextFormat(TQt::PlainText); + urlLabel->setTextFormat(TQt::PlainText); + d->_serialNum->setTextFormat(TQt::PlainText); + d->_csl->setTextFormat(TQt::PlainText); + d->_validFrom->setTextFormat(TQt::PlainText); + d->_validUntil->setTextFormat(TQt::PlainText); + d->_digest->setTextFormat(TQt::PlainText); + + displayCert(cert); +} + +void KSSLInfoDlg::setCertState(const TQString &errorNrs) +{ + d->_cert_ksvl.clear(); + TQStringList errors = TQStringList::split(':', errorNrs); + for(TQStringList::ConstIterator it = errors.begin(); + it != errors.end(); ++it) + { + d->_cert_ksvl << (KSSLCertificate::KSSLValidation) (*it).toInt(); + } +} + +void KSSLInfoDlg::displayCert(KSSLCertificate *x) { + TQPalette cspl; + + d->_serialNum->setText(x->getSerialNumber()); + + cspl = d->_validFrom->palette(); + if (x->getQDTNotBefore() > TQDateTime::currentDateTime(Qt::UTC)) + cspl.setColor(TQColorGroup::Foreground, TQColor(196,33,21)); + else cspl.setColor(TQColorGroup::Foreground, TQColor(42,153,59)); + d->_validFrom->setPalette(cspl); + d->_validFrom->setText(x->getNotBefore()); + + cspl = d->_validUntil->palette(); + if (x->getQDTNotAfter() < TQDateTime::currentDateTime(Qt::UTC)) + cspl.setColor(TQColorGroup::Foreground, TQColor(196,33,21)); + else cspl.setColor(TQColorGroup::Foreground, TQColor(42,153,59)); + d->_validUntil->setPalette(cspl); + d->_validUntil->setText(x->getNotAfter()); + + cspl = palette(); + + KSSLCertificate::KSSLValidation ksv; + KSSLCertificate::KSSLValidationList ksvl; + if ((x == d->_cert) && !d->_cert_ksvl.isEmpty()) { + ksvl = d->_cert_ksvl; + ksv = ksvl.first(); + } else { + if (x == d->_cert) + ksvl = d->_cert->validateVerbose(KSSLCertificate::SSLServer); + else + ksvl = d->_cert->validateVerbose(KSSLCertificate::SSLServer, x); + + if (ksvl.isEmpty()) + ksvl << KSSLCertificate::Ok; + + ksv = ksvl.first(); + + if (ksv == KSSLCertificate::SelfSigned) { + if (x->getQDTNotAfter() > TQDateTime::currentDateTime(Qt::UTC) && + x->getQDTNotBefore() < TQDateTime::currentDateTime(Qt::UTC)) { + if (KSSLSigners().useForSSL(*x)) + ksv = KSSLCertificate::Ok; + } else { + ksv = KSSLCertificate::Expired; + } + } + } + + if (ksv == KSSLCertificate::Ok) { + cspl.setColor(TQColorGroup::Foreground, TQColor(42,153,59)); + } else if (ksv != KSSLCertificate::Irrelevant) { + cspl.setColor(TQColorGroup::Foreground, TQColor(196,33,21)); + } + d->_csl->setPalette(cspl); + + TQString errorStr; + for(KSSLCertificate::KSSLValidationList::ConstIterator it = ksvl.begin(); + it != ksvl.end(); ++it) { + if (!errorStr.isEmpty()) + errorStr.append('\n'); + errorStr += KSSLCertificate::verifyText(*it); + } + + d->_csl->setText(errorStr); + d->_csl->setMinimumSize(d->_csl->sizeHint()); + + d->_subject->setValues(x->getSubject()); + d->_issuer->setValues(x->getIssuer()); + + d->_digest->setText(x->getMD5DigestText()); +} + + +void KSSLInfoDlg::slotChain(int x) { + if (x == 0) { + displayCert(d->_cert); + } else { + TQPtrList cl = d->_cert->chain().getChain(); + cl.setAutoDelete(true); + for (int i = 0; i < x-1; i++) + cl.remove((unsigned int)0); + KSSLCertificate thisCert = *(cl.at(0)); + cl.remove((unsigned int)0); + thisCert.chain().setChain(cl); + displayCert(&thisCert); + } +} + + +KSSLCertBox *KSSLInfoDlg::certInfoWidget(TQWidget *parent, const TQString &certName, TQWidget *mailCatcher) { + KSSLCertBox *result = new KSSLCertBox(parent); + if (!certName.isEmpty()) { + result->setValues(certName, mailCatcher); + } + return result; +} + + +KSSLCertBox::KSSLCertBox(TQWidget *parent, const char *name, WFlags f) +: TQScrollView(parent, name, f) +{ + _frame = 0L; + setBackgroundMode(TQWidget::PaletteButton); + setValues(TQString::null, 0L); +} + + +void KSSLCertBox::setValues(TQString certName, TQWidget *mailCatcher) { + if (_frame) { + removeChild(_frame); + delete _frame; + } + + if (certName.isEmpty()) { + _frame = new TQFrame(this); + addChild(_frame); + viewport()->setBackgroundMode(_frame->backgroundMode()); + _frame->show(); + updateScrollBars(); + show(); + return; + } + + KSSLX509Map cert(certName); + TQString tmp; + viewport()->setBackgroundMode(TQWidget::PaletteButton); + _frame = new TQFrame(this); + TQGridLayout *grid = new TQGridLayout(_frame, 1, 2, KDialog::marginHint(), KDialog::spacingHint()); + grid->setAutoAdd(true); + TQLabel *label = 0L; + if (!(tmp = cert.getValue("O")).isEmpty()) { + label = new TQLabel(i18n("Organization:"), _frame); + label->setAlignment(Qt::AlignLeft | Qt::AlignTop); + (new TQLabel(tmp, _frame))->setTextFormat(TQt::PlainText); + } + if (!(tmp = cert.getValue("OU")).isEmpty()) { + label = new TQLabel(i18n("Organizational unit:"), _frame); + label->setAlignment(Qt::AlignLeft | Qt::AlignTop); + (new TQLabel(tmp, _frame))->setTextFormat(TQt::PlainText); + } + if (!(tmp = cert.getValue("L")).isEmpty()) { + label = new TQLabel(i18n("Locality:"), _frame); + label->setAlignment(Qt::AlignLeft | Qt::AlignTop); + (new TQLabel(tmp, _frame))->setTextFormat(TQt::PlainText); + } + if (!(tmp = cert.getValue("ST")).isEmpty()) { + label = new TQLabel(i18n("Federal State","State:"), _frame); + label->setAlignment(Qt::AlignLeft | Qt::AlignTop); + (new TQLabel(tmp, _frame))->setTextFormat(TQt::PlainText); + } + if (!(tmp = cert.getValue("C")).isEmpty()) { + label = new TQLabel(i18n("Country:"), _frame); + label->setAlignment(Qt::AlignLeft | Qt::AlignTop); + (new TQLabel(tmp, _frame))->setTextFormat(TQt::PlainText); + } + if (!(tmp = cert.getValue("CN")).isEmpty()) { + label = new TQLabel(i18n("Common name:"), _frame); + label->setAlignment(Qt::AlignLeft | Qt::AlignTop); + (new TQLabel(tmp, _frame))->setTextFormat(TQt::PlainText); + } + if (!(tmp = cert.getValue("Email")).isEmpty()) { + label = new TQLabel(i18n("Email:"), _frame); + label->setAlignment(Qt::AlignLeft | Qt::AlignTop); + if (mailCatcher) { + KURLLabel *mail = new KURLLabel(tmp, tmp, _frame); + connect(mail, TQT_SIGNAL(leftClickedURL(const TQString &)), mailCatcher, TQT_SLOT(mailClicked(const TQString &))); + } else { + label = new TQLabel(tmp, _frame); + label->setTextFormat(TQt::PlainText); + } + } + if (label && viewport()) { + viewport()->setBackgroundMode(label->backgroundMode()); + } + addChild(_frame); + updateScrollBars(); + _frame->show(); + show(); +} + + +TQScrollView *KSSLInfoDlg::buildCertInfo(const TQString &certName) { + return KSSLInfoDlg::certInfoWidget(this, certName, this); +} + +void KSSLInfoDlg::urlClicked(const TQString &url) { + kapp->invokeBrowser(url); +} + +void KSSLInfoDlg::mailClicked(const TQString &url) { + kapp->invokeMailer(url, TQString::null); +} + +#include "ksslinfodlg.moc" diff --git a/tdeio/kssl/ksslkeygen.cc b/tdeio/kssl/ksslkeygen.cc deleted file mode 100644 index 86fe4717d..000000000 --- a/tdeio/kssl/ksslkeygen.cc +++ /dev/null @@ -1,222 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2001 George Staikos - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - - -#include "ksslkeygen.h" -#include "keygenwizard.h" -#include "keygenwizard2.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#include - - -KSSLKeyGen::KSSLKeyGen(TQWidget *parent, const char *name, bool modal) -:KWizard(parent,name,modal) { - _idx = -1; - -#ifdef KSSL_HAVE_SSL - page1 = new KGWizardPage1(this, "Wizard Page 1"); - addPage(page1, i18n("TDE Certificate Request")); - page2 = new KGWizardPage2(this, "Wizard Page 2"); - addPage(page2, i18n("TDE Certificate Request - Password")); - setHelpEnabled(page1, false); - setHelpEnabled(page2, false); - setFinishEnabled(page2, false); - connect(page2->_password1, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(slotPassChanged())); - connect(page2->_password2, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(slotPassChanged())); - connect(finishButton(), TQT_SIGNAL(clicked()), TQT_SLOT(slotGenerate())); -#else - // tell him he doesn't have SSL -#endif -} - - -KSSLKeyGen::~KSSLKeyGen() { - -} - - -void KSSLKeyGen::slotPassChanged() { - setFinishEnabled(page2, page2->_password1->text() == page2->_password2->text() && page2->_password1->text().length() >= 4); -} - - -void KSSLKeyGen::slotGenerate() { - assert(_idx >= 0 && _idx <= 3); // for now - - - // Generate the CSR - int bits; - switch (_idx) { - case 0: - bits = 2048; - break; - case 1: - bits = 1024; - break; - case 2: - bits = 768; - break; - case 3: - bits = 512; - break; - default: - KMessageBox::sorry(NULL, i18n("Unsupported key size."), i18n("TDE SSL Information")); - return; - } - - KProgressDialog *kpd = new KProgressDialog(this, "progress dialog", i18n("TDE"), i18n("Please wait while the encryption keys are generated...")); - kpd->progressBar()->setProgress(0); - kpd->show(); - // FIXME - progress dialog won't show this way - - int rc = generateCSR("This CSR" /*FIXME */, page2->_password1->text(), bits, 0x10001 /* This is the traditional exponent used */); - kpd->progressBar()->setProgress(100); - -#ifndef Q_OS_WIN //TODO: reenable for WIN32 - if (rc == 0 && TDEWallet::Wallet::isEnabled()) { - rc = KMessageBox::questionYesNo(this, i18n("Do you wish to store the passphrase in your wallet file?"), TQString::null, i18n("Store"), i18n("Do Not Store")); - if (rc == KMessageBox::Yes) { - TDEWallet::Wallet *w = TDEWallet::Wallet::openWallet(TDEWallet::Wallet::LocalWallet(), winId()); - if (w) { - // FIXME: store passphrase in wallet - delete w; - } - } - } -#endif - - kpd->deleteLater(); -} - - -int KSSLKeyGen::generateCSR(const TQString& name, const TQString& pass, int bits, int e) { -#ifdef KSSL_HAVE_SSL - KOSSL *kossl = KOSSL::self(); - - X509_REQ *req = kossl->X509_REQ_new(); - if (!req) { - return -2; - } - - EVP_PKEY *pkey = kossl->EVP_PKEY_new(); - if (!pkey) { - kossl->X509_REQ_free(req); - return -4; - } - - RSA *rsakey = kossl->RSA_generate_key(bits, e, NULL, NULL); - if (!rsakey) { - kossl->X509_REQ_free(req); - kossl->EVP_PKEY_free(pkey); - return -3; - } - - kossl->EVP_PKEY_assign(pkey, EVP_PKEY_RSA, (char *)rsakey); - - kossl->X509_REQ_set_pubkey(req, pkey); - - // Set the subject - X509_NAME *n = kossl->X509_NAME_new(); - - kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_countryName, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0); - kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_organizationName, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0); - kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_organizationalUnitName, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0); - kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_localityName, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0); - kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_stateOrProvinceName, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0); - kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_commonName, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0); - kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_pkcs9_emailAddress, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0); - - kossl->X509_REQ_set_subject_name(req, n); - - - kossl->X509_REQ_sign(req, pkey, kossl->EVP_md5()); - - // We write it to the database and then the caller can obtain it - // back from there. Yes it's inefficient, but it doesn't happen - // often and this way things are uniform. - - TDEGlobal::dirs()->addResourceType("kssl", TDEStandardDirs::kde_default("data") + "kssl"); - - TQString path = TDEGlobal::dirs()->saveLocation("kssl"); - KTempFile csrFile(path + "csr_", ".der"); - - if (!csrFile.fstream()) { - kossl->X509_REQ_free(req); - kossl->EVP_PKEY_free(pkey); - return -5; - } - - KTempFile p8File(path + "pkey_", ".p8"); - - if (!p8File.fstream()) { - kossl->X509_REQ_free(req); - kossl->EVP_PKEY_free(pkey); - return -5; - } - - kossl->i2d_X509_REQ_fp(csrFile.fstream(), req); - - kossl->i2d_PKCS8PrivateKey_fp(p8File.fstream(), pkey, - kossl->EVP_bf_cbc(), pass.local8Bit().data(), - pass.length(), 0L, 0L); - - // FIXME Write tdeconfig entry to store the filenames under the md5 hash - - kossl->X509_REQ_free(req); - kossl->EVP_PKEY_free(pkey); - - return 0; -#else - return -1; -#endif -} - - -TQStringList KSSLKeyGen::supportedKeySizes() { - TQStringList x; - -#ifdef KSSL_HAVE_SSL - x << i18n("2048 (High Grade)") - << i18n("1024 (Medium Grade)") - << i18n("768 (Low Grade)") - << i18n("512 (Low Grade)"); -#else - x << i18n("No SSL support."); -#endif - - return x; -} - - -#include "ksslkeygen.moc" - diff --git a/tdeio/kssl/ksslkeygen.cpp b/tdeio/kssl/ksslkeygen.cpp new file mode 100644 index 000000000..86fe4717d --- /dev/null +++ b/tdeio/kssl/ksslkeygen.cpp @@ -0,0 +1,222 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2001 George Staikos + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + + +#include "ksslkeygen.h" +#include "keygenwizard.h" +#include "keygenwizard2.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include + + +KSSLKeyGen::KSSLKeyGen(TQWidget *parent, const char *name, bool modal) +:KWizard(parent,name,modal) { + _idx = -1; + +#ifdef KSSL_HAVE_SSL + page1 = new KGWizardPage1(this, "Wizard Page 1"); + addPage(page1, i18n("TDE Certificate Request")); + page2 = new KGWizardPage2(this, "Wizard Page 2"); + addPage(page2, i18n("TDE Certificate Request - Password")); + setHelpEnabled(page1, false); + setHelpEnabled(page2, false); + setFinishEnabled(page2, false); + connect(page2->_password1, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(slotPassChanged())); + connect(page2->_password2, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(slotPassChanged())); + connect(finishButton(), TQT_SIGNAL(clicked()), TQT_SLOT(slotGenerate())); +#else + // tell him he doesn't have SSL +#endif +} + + +KSSLKeyGen::~KSSLKeyGen() { + +} + + +void KSSLKeyGen::slotPassChanged() { + setFinishEnabled(page2, page2->_password1->text() == page2->_password2->text() && page2->_password1->text().length() >= 4); +} + + +void KSSLKeyGen::slotGenerate() { + assert(_idx >= 0 && _idx <= 3); // for now + + + // Generate the CSR + int bits; + switch (_idx) { + case 0: + bits = 2048; + break; + case 1: + bits = 1024; + break; + case 2: + bits = 768; + break; + case 3: + bits = 512; + break; + default: + KMessageBox::sorry(NULL, i18n("Unsupported key size."), i18n("TDE SSL Information")); + return; + } + + KProgressDialog *kpd = new KProgressDialog(this, "progress dialog", i18n("TDE"), i18n("Please wait while the encryption keys are generated...")); + kpd->progressBar()->setProgress(0); + kpd->show(); + // FIXME - progress dialog won't show this way + + int rc = generateCSR("This CSR" /*FIXME */, page2->_password1->text(), bits, 0x10001 /* This is the traditional exponent used */); + kpd->progressBar()->setProgress(100); + +#ifndef Q_OS_WIN //TODO: reenable for WIN32 + if (rc == 0 && TDEWallet::Wallet::isEnabled()) { + rc = KMessageBox::questionYesNo(this, i18n("Do you wish to store the passphrase in your wallet file?"), TQString::null, i18n("Store"), i18n("Do Not Store")); + if (rc == KMessageBox::Yes) { + TDEWallet::Wallet *w = TDEWallet::Wallet::openWallet(TDEWallet::Wallet::LocalWallet(), winId()); + if (w) { + // FIXME: store passphrase in wallet + delete w; + } + } + } +#endif + + kpd->deleteLater(); +} + + +int KSSLKeyGen::generateCSR(const TQString& name, const TQString& pass, int bits, int e) { +#ifdef KSSL_HAVE_SSL + KOSSL *kossl = KOSSL::self(); + + X509_REQ *req = kossl->X509_REQ_new(); + if (!req) { + return -2; + } + + EVP_PKEY *pkey = kossl->EVP_PKEY_new(); + if (!pkey) { + kossl->X509_REQ_free(req); + return -4; + } + + RSA *rsakey = kossl->RSA_generate_key(bits, e, NULL, NULL); + if (!rsakey) { + kossl->X509_REQ_free(req); + kossl->EVP_PKEY_free(pkey); + return -3; + } + + kossl->EVP_PKEY_assign(pkey, EVP_PKEY_RSA, (char *)rsakey); + + kossl->X509_REQ_set_pubkey(req, pkey); + + // Set the subject + X509_NAME *n = kossl->X509_NAME_new(); + + kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_countryName, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0); + kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_organizationName, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0); + kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_organizationalUnitName, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0); + kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_localityName, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0); + kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_stateOrProvinceName, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0); + kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_commonName, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0); + kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_pkcs9_emailAddress, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0); + + kossl->X509_REQ_set_subject_name(req, n); + + + kossl->X509_REQ_sign(req, pkey, kossl->EVP_md5()); + + // We write it to the database and then the caller can obtain it + // back from there. Yes it's inefficient, but it doesn't happen + // often and this way things are uniform. + + TDEGlobal::dirs()->addResourceType("kssl", TDEStandardDirs::kde_default("data") + "kssl"); + + TQString path = TDEGlobal::dirs()->saveLocation("kssl"); + KTempFile csrFile(path + "csr_", ".der"); + + if (!csrFile.fstream()) { + kossl->X509_REQ_free(req); + kossl->EVP_PKEY_free(pkey); + return -5; + } + + KTempFile p8File(path + "pkey_", ".p8"); + + if (!p8File.fstream()) { + kossl->X509_REQ_free(req); + kossl->EVP_PKEY_free(pkey); + return -5; + } + + kossl->i2d_X509_REQ_fp(csrFile.fstream(), req); + + kossl->i2d_PKCS8PrivateKey_fp(p8File.fstream(), pkey, + kossl->EVP_bf_cbc(), pass.local8Bit().data(), + pass.length(), 0L, 0L); + + // FIXME Write tdeconfig entry to store the filenames under the md5 hash + + kossl->X509_REQ_free(req); + kossl->EVP_PKEY_free(pkey); + + return 0; +#else + return -1; +#endif +} + + +TQStringList KSSLKeyGen::supportedKeySizes() { + TQStringList x; + +#ifdef KSSL_HAVE_SSL + x << i18n("2048 (High Grade)") + << i18n("1024 (Medium Grade)") + << i18n("768 (Low Grade)") + << i18n("512 (Low Grade)"); +#else + x << i18n("No SSL support."); +#endif + + return x; +} + + +#include "ksslkeygen.moc" + diff --git a/tdeio/kssl/ksslpeerinfo.cc b/tdeio/kssl/ksslpeerinfo.cc deleted file mode 100644 index d1c2d00fc..000000000 --- a/tdeio/kssl/ksslpeerinfo.cc +++ /dev/null @@ -1,171 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2000-2003 George Staikos - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include - -#include "ksslpeerinfo.h" -#include - -#include -#include -#include -#ifndef Q_WS_WIN //TODO kresolver not ported -#include "kresolver.h" -#endif - -#include "ksslx509map.h" - -class KSSLPeerInfoPrivate { -public: - KSSLPeerInfoPrivate() {} - ~KSSLPeerInfoPrivate() { } - TQString peerHost; -}; - - - -KSSLPeerInfo::KSSLPeerInfo() { - d = new KSSLPeerInfoPrivate; -} - -KSSLPeerInfo::~KSSLPeerInfo() { - delete d; -} - -KSSLCertificate& KSSLPeerInfo::getPeerCertificate() { - return m_cert; -} - -void KSSLPeerInfo::setPeerHost(TQString realHost) { - d->peerHost = realHost.stripWhiteSpace(); - while(d->peerHost.endsWith(".")) - d->peerHost.truncate(d->peerHost.length()-1); - -#ifdef Q_WS_WIN //TODO kresolver not ported - d->peerHost = d->peerHost.lower(); -#else - d->peerHost = TQString::fromLatin1(KNetwork::KResolver::domainToAscii(d->peerHost)); -#endif -} - -bool KSSLPeerInfo::certMatchesAddress() { -#ifdef KSSL_HAVE_SSL - KSSLX509Map certinfo(m_cert.getSubject()); - TQStringList cns = TQStringList::split(TQRegExp("[ \n\r]"), certinfo.getValue("CN")); - cns += m_cert.subjAltNames(); - - for (TQStringList::Iterator cn = cns.begin(); cn != cns.end(); ++cn) { - if (cnMatchesAddress((*cn).stripWhiteSpace().lower())) - return true; - } - -#endif - - return false; -} - - -bool KSSLPeerInfo::cnMatchesAddress(TQString cn) { -#ifdef KSSL_HAVE_SSL - TQRegExp rx; - - kdDebug(7029) << "Matching CN=[" << cn << "] to [" - << d->peerHost << "]" << endl; - - // Check for invalid characters - if (TQRegExp("[^a-zA-Z0-9\\.\\*\\-]").search(cn) >= 0) { - kdDebug(7029) << "CN contains invalid characters! Failing." << endl; - return false; - } - - // Domains can legally end with '.'s. We don't need them though. - while(cn.endsWith(".")) - cn.truncate(cn.length()-1); - - // Do not let empty CN's get by!! - if (cn.isEmpty()) - return false; - - // Check for IPv4 address - rx.setPattern("[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}"); - if (rx.exactMatch(d->peerHost)) - return d->peerHost == cn; - - // Check for IPv6 address here... - rx.setPattern("^\\[.*\\]$"); - if (rx.exactMatch(d->peerHost)) - return d->peerHost == cn; - - if (cn.contains('*')) { - // First make sure that there are at least two valid parts - // after the wildcard (*). - TQStringList parts = TQStringList::split('.', cn, false); - - while (parts.count() > 2) - parts.remove(parts.begin()); - - if (parts.count() != 2) { - return false; // we don't allow *.root - that's bad - } - - if (parts[0].contains('*') || parts[1].contains('*')) { - return false; - } - - // RFC2818 says that *.example.com should match against - // foo.example.com but not bar.foo.example.com - // (ie. they must have the same number of parts) - if (TQRegExp(cn, false, true).exactMatch(d->peerHost) && - TQStringList::split('.', cn, false).count() == - TQStringList::split('.', d->peerHost, false).count()) - return true; - - // *.example.com must match example.com also. Sigh.. - if (cn.startsWith("*.")) { - TQString chopped = cn.mid(2); - if (chopped == d->peerHost) { - return true; - } - } - return false; - } - - // We must have an exact match in this case (insensitive though) - // (note we already did .lower()) - if (cn == d->peerHost) - return true; -#endif - return false; -} - - -void KSSLPeerInfo::reset() { - d->peerHost = TQString::null; -} - - -const TQString& KSSLPeerInfo::peerHost() const { - return d->peerHost; -} - diff --git a/tdeio/kssl/ksslpeerinfo.cpp b/tdeio/kssl/ksslpeerinfo.cpp new file mode 100644 index 000000000..d1c2d00fc --- /dev/null +++ b/tdeio/kssl/ksslpeerinfo.cpp @@ -0,0 +1,171 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2000-2003 George Staikos + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include + +#include "ksslpeerinfo.h" +#include + +#include +#include +#include +#ifndef Q_WS_WIN //TODO kresolver not ported +#include "kresolver.h" +#endif + +#include "ksslx509map.h" + +class KSSLPeerInfoPrivate { +public: + KSSLPeerInfoPrivate() {} + ~KSSLPeerInfoPrivate() { } + TQString peerHost; +}; + + + +KSSLPeerInfo::KSSLPeerInfo() { + d = new KSSLPeerInfoPrivate; +} + +KSSLPeerInfo::~KSSLPeerInfo() { + delete d; +} + +KSSLCertificate& KSSLPeerInfo::getPeerCertificate() { + return m_cert; +} + +void KSSLPeerInfo::setPeerHost(TQString realHost) { + d->peerHost = realHost.stripWhiteSpace(); + while(d->peerHost.endsWith(".")) + d->peerHost.truncate(d->peerHost.length()-1); + +#ifdef Q_WS_WIN //TODO kresolver not ported + d->peerHost = d->peerHost.lower(); +#else + d->peerHost = TQString::fromLatin1(KNetwork::KResolver::domainToAscii(d->peerHost)); +#endif +} + +bool KSSLPeerInfo::certMatchesAddress() { +#ifdef KSSL_HAVE_SSL + KSSLX509Map certinfo(m_cert.getSubject()); + TQStringList cns = TQStringList::split(TQRegExp("[ \n\r]"), certinfo.getValue("CN")); + cns += m_cert.subjAltNames(); + + for (TQStringList::Iterator cn = cns.begin(); cn != cns.end(); ++cn) { + if (cnMatchesAddress((*cn).stripWhiteSpace().lower())) + return true; + } + +#endif + + return false; +} + + +bool KSSLPeerInfo::cnMatchesAddress(TQString cn) { +#ifdef KSSL_HAVE_SSL + TQRegExp rx; + + kdDebug(7029) << "Matching CN=[" << cn << "] to [" + << d->peerHost << "]" << endl; + + // Check for invalid characters + if (TQRegExp("[^a-zA-Z0-9\\.\\*\\-]").search(cn) >= 0) { + kdDebug(7029) << "CN contains invalid characters! Failing." << endl; + return false; + } + + // Domains can legally end with '.'s. We don't need them though. + while(cn.endsWith(".")) + cn.truncate(cn.length()-1); + + // Do not let empty CN's get by!! + if (cn.isEmpty()) + return false; + + // Check for IPv4 address + rx.setPattern("[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}"); + if (rx.exactMatch(d->peerHost)) + return d->peerHost == cn; + + // Check for IPv6 address here... + rx.setPattern("^\\[.*\\]$"); + if (rx.exactMatch(d->peerHost)) + return d->peerHost == cn; + + if (cn.contains('*')) { + // First make sure that there are at least two valid parts + // after the wildcard (*). + TQStringList parts = TQStringList::split('.', cn, false); + + while (parts.count() > 2) + parts.remove(parts.begin()); + + if (parts.count() != 2) { + return false; // we don't allow *.root - that's bad + } + + if (parts[0].contains('*') || parts[1].contains('*')) { + return false; + } + + // RFC2818 says that *.example.com should match against + // foo.example.com but not bar.foo.example.com + // (ie. they must have the same number of parts) + if (TQRegExp(cn, false, true).exactMatch(d->peerHost) && + TQStringList::split('.', cn, false).count() == + TQStringList::split('.', d->peerHost, false).count()) + return true; + + // *.example.com must match example.com also. Sigh.. + if (cn.startsWith("*.")) { + TQString chopped = cn.mid(2); + if (chopped == d->peerHost) { + return true; + } + } + return false; + } + + // We must have an exact match in this case (insensitive though) + // (note we already did .lower()) + if (cn == d->peerHost) + return true; +#endif + return false; +} + + +void KSSLPeerInfo::reset() { + d->peerHost = TQString::null; +} + + +const TQString& KSSLPeerInfo::peerHost() const { + return d->peerHost; +} + diff --git a/tdeio/kssl/ksslpemcallback.cc b/tdeio/kssl/ksslpemcallback.cc deleted file mode 100644 index 584020c0f..000000000 --- a/tdeio/kssl/ksslpemcallback.cc +++ /dev/null @@ -1,58 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2001 George Staikos - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include -#include "ksslpemcallback.h" - -int KSSLPemCallback(char *buf, int size, int rwflag, void *userdata) { -#ifdef KSSL_HAVE_SSL - TQString pass2; - Q_UNUSED(userdata); - Q_UNUSED(rwflag); - - if (!buf) return -1; - int rc = KPasswordDialog::getPassword(pass2, i18n("Certificate password")); - if (rc != KPasswordDialog::Accepted) return -1; - - TQCString pass = pass2.utf8(); // utf8 length may differ from TQString length - const uint passlen = pass.length(); - if (passlen > (unsigned int)size-1) - pass.truncate((unsigned int)size-1); - - tqstrncpy(buf, pass, size-1); - buf[size-1] = 0; - pass.fill(' '); - pass2.fill(' '); - return (int)passlen; -#else - Q_UNUSED(buf); - Q_UNUSED(size); - Q_UNUSED(rwflag); - Q_UNUSED(userdata); - return -1; -#endif -} - - diff --git a/tdeio/kssl/ksslpemcallback.cpp b/tdeio/kssl/ksslpemcallback.cpp new file mode 100644 index 000000000..584020c0f --- /dev/null +++ b/tdeio/kssl/ksslpemcallback.cpp @@ -0,0 +1,58 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2001 George Staikos + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include "ksslpemcallback.h" + +int KSSLPemCallback(char *buf, int size, int rwflag, void *userdata) { +#ifdef KSSL_HAVE_SSL + TQString pass2; + Q_UNUSED(userdata); + Q_UNUSED(rwflag); + + if (!buf) return -1; + int rc = KPasswordDialog::getPassword(pass2, i18n("Certificate password")); + if (rc != KPasswordDialog::Accepted) return -1; + + TQCString pass = pass2.utf8(); // utf8 length may differ from TQString length + const uint passlen = pass.length(); + if (passlen > (unsigned int)size-1) + pass.truncate((unsigned int)size-1); + + tqstrncpy(buf, pass, size-1); + buf[size-1] = 0; + pass.fill(' '); + pass2.fill(' '); + return (int)passlen; +#else + Q_UNUSED(buf); + Q_UNUSED(size); + Q_UNUSED(rwflag); + Q_UNUSED(userdata); + return -1; +#endif +} + + diff --git a/tdeio/kssl/ksslpkcs12.cc b/tdeio/kssl/ksslpkcs12.cc deleted file mode 100644 index 08bc54a0b..000000000 --- a/tdeio/kssl/ksslpkcs12.cc +++ /dev/null @@ -1,274 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2001 George Staikos - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include - -#include -#include -#include -#include -#include -#include - -#include - - -KSSLPKCS12::KSSLPKCS12() { - _pkcs = NULL; - _pkey = NULL; - _cert = NULL; - _caStack = NULL; - kossl = KOSSL::self(); -} - - - -KSSLPKCS12::~KSSLPKCS12() { -#ifdef KSSL_HAVE_SSL - if (_pkey) kossl->EVP_PKEY_free(_pkey); - if (_caStack) { - for (;;) { - X509* x5 = reinterpret_cast(kossl->OPENSSL_sk_pop(_caStack)); - if (!x5) break; - kossl->X509_free(x5); - } - kossl->OPENSSL_sk_free(_caStack); - } - if (_pkcs) kossl->PKCS12_free(_pkcs); -#endif - if (_cert) delete _cert; -} - - -KSSLPKCS12* KSSLPKCS12::fromString(TQString base64, TQString password) { -#ifdef KSSL_HAVE_SSL -KTempFile ktf; - - if (base64.isEmpty()) return NULL; - TQByteArray qba, qbb = TQCString(base64.latin1()).copy(); - KCodecs::base64Decode(qbb, qba); - ktf.file()->writeBlock(qba); - ktf.close(); - KSSLPKCS12* rc = loadCertFile(ktf.name(), password); - ktf.unlink(); - return rc; -#endif -return NULL; -} - - - -KSSLPKCS12* KSSLPKCS12::loadCertFile(TQString filename, TQString password) { -#ifdef KSSL_HAVE_SSL -TQFile qf(filename); -PKCS12 *newpkcs = NULL; - - if (!qf.open(IO_ReadOnly)) - return NULL; - - FILE *fp = fdopen(qf.handle(), "r"); - if (!fp) return NULL; - - newpkcs = KOSSL::self()->d2i_PKCS12_fp(fp, &newpkcs); - - fclose(fp); - if (!newpkcs) { - KOSSL::self()->ERR_clear_error(); - return NULL; - } - - KSSLPKCS12 *c = new KSSLPKCS12; - c->setCert(newpkcs); - - // Now we parse it to see if we can decrypt it and interpret it - if (!c->parse(password)) { - delete c; c = NULL; - } - - return c; -#endif -return NULL; -} - - -void KSSLPKCS12::setCert(PKCS12 *c) { -#ifdef KSSL_HAVE_SSL - _pkcs = c; -#endif -} - - -bool KSSLPKCS12::changePassword(TQString pold, TQString pnew) { -#ifdef KSSL_HAVE_SSL - // OpenSSL makes me cast away the const here. argh - return (0 == kossl->PKCS12_newpass(_pkcs, - pold.isNull() ? (char *)"" : (char *)pold.latin1(), - pnew.isNull() ? (char *)"" : (char *)pnew.latin1())); -#endif -return false; -} - - -bool KSSLPKCS12::parse(TQString pass) { -#ifdef KSSL_HAVE_SSL -X509 *x = NULL; - - assert(_pkcs); // if you're calling this before pkcs gets set, it's a BUG! - - if (_cert) delete _cert; - if (_pkey) kossl->EVP_PKEY_free(_pkey); - if (_caStack) { - for (;;) { - X509* x5 = reinterpret_cast(kossl->OPENSSL_sk_pop(_caStack)); - if (!x5) break; - kossl->X509_free(x5); - } - kossl->OPENSSL_sk_free(_caStack); - } - _pkey = NULL; - _caStack = NULL; - _cert = NULL; - - int rc = kossl->PKCS12_parse(_pkcs, pass.latin1(), &_pkey, &x, &_caStack); - - if (rc == 1) { - // kdDebug(7029) << "PKCS12_parse success" << endl; - if (x) { - _cert = new KSSLCertificate; - _cert->setCert(x); - if (_caStack) { - _cert->setChain(_caStack); - } - return true; - } - } else { - _caStack = NULL; - _pkey = NULL; - kossl->ERR_clear_error(); - } -#endif -return false; -} - - -EVP_PKEY *KSSLPKCS12::getPrivateKey() { - return _pkey; -} - - -KSSLCertificate *KSSLPKCS12::getCertificate() { - return _cert; -} - - -TQString KSSLPKCS12::toString() { -TQString base64; -#ifdef KSSL_HAVE_SSL -unsigned char *p; -int len; - - len = kossl->i2d_PKCS12(_pkcs, NULL); - if (len >= 0) { - char *buf = new char[len]; - p = (unsigned char *)buf; - kossl->i2d_PKCS12(_pkcs, &p); - TQByteArray qba; - qba.setRawData(buf, len); - base64 = KCodecs::base64Encode(qba); - qba.resetRawData(buf, len); - delete[] buf; - } -#endif -return base64; -} - - - -bool KSSLPKCS12::toFile(TQString filename) { -#ifdef KSSL_HAVE_SSL -TQFile out(filename); - - if (!out.open(IO_WriteOnly)) return false; - - int fd = out.handle(); - FILE *fp = fdopen(fd, "w"); - - if (!fp) { - unlink(filename.latin1()); - return false; - } - - kossl->i2d_PKCS12_fp(fp, _pkcs); - - fclose(fp); - return true; -#endif -return false; -} - - -KSSLCertificate::KSSLValidation KSSLPKCS12::validate() { - return validate(KSSLCertificate::SSLServer); -} - - -KSSLCertificate::KSSLValidation KSSLPKCS12::validate(KSSLCertificate::KSSLPurpose p) { -#ifdef KSSL_HAVE_SSL -KSSLCertificate::KSSLValidation xx = _cert->validate(p); - if (1 != kossl->X509_check_private_key(_cert->getCert(), _pkey)) { - xx = KSSLCertificate::PrivateKeyFailed; - } - -return xx; -#else -return KSSLCertificate::NoSSL; -#endif -} - - -KSSLCertificate::KSSLValidation KSSLPKCS12::revalidate() { - return revalidate(KSSLCertificate::SSLServer); -} - - -KSSLCertificate::KSSLValidation KSSLPKCS12::revalidate(KSSLCertificate::KSSLPurpose p) { - return _cert->revalidate(p); -} - - -bool KSSLPKCS12::isValid() { -return isValid(KSSLCertificate::SSLServer); -} - - -bool KSSLPKCS12::isValid(KSSLCertificate::KSSLPurpose p) { -return (validate(p) == KSSLCertificate::Ok); -} - - -TQString KSSLPKCS12::name() { - return _cert->getSubject(); -} - diff --git a/tdeio/kssl/ksslpkcs12.cpp b/tdeio/kssl/ksslpkcs12.cpp new file mode 100644 index 000000000..08bc54a0b --- /dev/null +++ b/tdeio/kssl/ksslpkcs12.cpp @@ -0,0 +1,274 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2001 George Staikos + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include + +#include +#include +#include +#include +#include +#include + +#include + + +KSSLPKCS12::KSSLPKCS12() { + _pkcs = NULL; + _pkey = NULL; + _cert = NULL; + _caStack = NULL; + kossl = KOSSL::self(); +} + + + +KSSLPKCS12::~KSSLPKCS12() { +#ifdef KSSL_HAVE_SSL + if (_pkey) kossl->EVP_PKEY_free(_pkey); + if (_caStack) { + for (;;) { + X509* x5 = reinterpret_cast(kossl->OPENSSL_sk_pop(_caStack)); + if (!x5) break; + kossl->X509_free(x5); + } + kossl->OPENSSL_sk_free(_caStack); + } + if (_pkcs) kossl->PKCS12_free(_pkcs); +#endif + if (_cert) delete _cert; +} + + +KSSLPKCS12* KSSLPKCS12::fromString(TQString base64, TQString password) { +#ifdef KSSL_HAVE_SSL +KTempFile ktf; + + if (base64.isEmpty()) return NULL; + TQByteArray qba, qbb = TQCString(base64.latin1()).copy(); + KCodecs::base64Decode(qbb, qba); + ktf.file()->writeBlock(qba); + ktf.close(); + KSSLPKCS12* rc = loadCertFile(ktf.name(), password); + ktf.unlink(); + return rc; +#endif +return NULL; +} + + + +KSSLPKCS12* KSSLPKCS12::loadCertFile(TQString filename, TQString password) { +#ifdef KSSL_HAVE_SSL +TQFile qf(filename); +PKCS12 *newpkcs = NULL; + + if (!qf.open(IO_ReadOnly)) + return NULL; + + FILE *fp = fdopen(qf.handle(), "r"); + if (!fp) return NULL; + + newpkcs = KOSSL::self()->d2i_PKCS12_fp(fp, &newpkcs); + + fclose(fp); + if (!newpkcs) { + KOSSL::self()->ERR_clear_error(); + return NULL; + } + + KSSLPKCS12 *c = new KSSLPKCS12; + c->setCert(newpkcs); + + // Now we parse it to see if we can decrypt it and interpret it + if (!c->parse(password)) { + delete c; c = NULL; + } + + return c; +#endif +return NULL; +} + + +void KSSLPKCS12::setCert(PKCS12 *c) { +#ifdef KSSL_HAVE_SSL + _pkcs = c; +#endif +} + + +bool KSSLPKCS12::changePassword(TQString pold, TQString pnew) { +#ifdef KSSL_HAVE_SSL + // OpenSSL makes me cast away the const here. argh + return (0 == kossl->PKCS12_newpass(_pkcs, + pold.isNull() ? (char *)"" : (char *)pold.latin1(), + pnew.isNull() ? (char *)"" : (char *)pnew.latin1())); +#endif +return false; +} + + +bool KSSLPKCS12::parse(TQString pass) { +#ifdef KSSL_HAVE_SSL +X509 *x = NULL; + + assert(_pkcs); // if you're calling this before pkcs gets set, it's a BUG! + + if (_cert) delete _cert; + if (_pkey) kossl->EVP_PKEY_free(_pkey); + if (_caStack) { + for (;;) { + X509* x5 = reinterpret_cast(kossl->OPENSSL_sk_pop(_caStack)); + if (!x5) break; + kossl->X509_free(x5); + } + kossl->OPENSSL_sk_free(_caStack); + } + _pkey = NULL; + _caStack = NULL; + _cert = NULL; + + int rc = kossl->PKCS12_parse(_pkcs, pass.latin1(), &_pkey, &x, &_caStack); + + if (rc == 1) { + // kdDebug(7029) << "PKCS12_parse success" << endl; + if (x) { + _cert = new KSSLCertificate; + _cert->setCert(x); + if (_caStack) { + _cert->setChain(_caStack); + } + return true; + } + } else { + _caStack = NULL; + _pkey = NULL; + kossl->ERR_clear_error(); + } +#endif +return false; +} + + +EVP_PKEY *KSSLPKCS12::getPrivateKey() { + return _pkey; +} + + +KSSLCertificate *KSSLPKCS12::getCertificate() { + return _cert; +} + + +TQString KSSLPKCS12::toString() { +TQString base64; +#ifdef KSSL_HAVE_SSL +unsigned char *p; +int len; + + len = kossl->i2d_PKCS12(_pkcs, NULL); + if (len >= 0) { + char *buf = new char[len]; + p = (unsigned char *)buf; + kossl->i2d_PKCS12(_pkcs, &p); + TQByteArray qba; + qba.setRawData(buf, len); + base64 = KCodecs::base64Encode(qba); + qba.resetRawData(buf, len); + delete[] buf; + } +#endif +return base64; +} + + + +bool KSSLPKCS12::toFile(TQString filename) { +#ifdef KSSL_HAVE_SSL +TQFile out(filename); + + if (!out.open(IO_WriteOnly)) return false; + + int fd = out.handle(); + FILE *fp = fdopen(fd, "w"); + + if (!fp) { + unlink(filename.latin1()); + return false; + } + + kossl->i2d_PKCS12_fp(fp, _pkcs); + + fclose(fp); + return true; +#endif +return false; +} + + +KSSLCertificate::KSSLValidation KSSLPKCS12::validate() { + return validate(KSSLCertificate::SSLServer); +} + + +KSSLCertificate::KSSLValidation KSSLPKCS12::validate(KSSLCertificate::KSSLPurpose p) { +#ifdef KSSL_HAVE_SSL +KSSLCertificate::KSSLValidation xx = _cert->validate(p); + if (1 != kossl->X509_check_private_key(_cert->getCert(), _pkey)) { + xx = KSSLCertificate::PrivateKeyFailed; + } + +return xx; +#else +return KSSLCertificate::NoSSL; +#endif +} + + +KSSLCertificate::KSSLValidation KSSLPKCS12::revalidate() { + return revalidate(KSSLCertificate::SSLServer); +} + + +KSSLCertificate::KSSLValidation KSSLPKCS12::revalidate(KSSLCertificate::KSSLPurpose p) { + return _cert->revalidate(p); +} + + +bool KSSLPKCS12::isValid() { +return isValid(KSSLCertificate::SSLServer); +} + + +bool KSSLPKCS12::isValid(KSSLCertificate::KSSLPurpose p) { +return (validate(p) == KSSLCertificate::Ok); +} + + +TQString KSSLPKCS12::name() { + return _cert->getSubject(); +} + diff --git a/tdeio/kssl/ksslpkcs7.cc b/tdeio/kssl/ksslpkcs7.cc deleted file mode 100644 index bced75e80..000000000 --- a/tdeio/kssl/ksslpkcs7.cc +++ /dev/null @@ -1,189 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2001 George Staikos - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include - -#include -#include -#include -#include -#include -#include - -#include - - -KSSLPKCS7::KSSLPKCS7() { - _pkcs = NULL; - _cert = NULL; - kossl = KOSSL::self(); -} - - - -KSSLPKCS7::~KSSLPKCS7() { -#ifdef KSSL_HAVE_SSL - if (_pkcs) kossl->PKCS7_free(_pkcs); -#endif - if (_cert) delete _cert; -} - - -KSSLPKCS7* KSSLPKCS7::fromString(TQString base64) { -#ifdef KSSL_HAVE_SSL -KTempFile ktf; - - if (base64.isEmpty()) return NULL; - TQByteArray qba, qbb = TQCString(base64.latin1()).copy(); - KCodecs::base64Decode(qbb, qba); - ktf.file()->writeBlock(qba); - ktf.close(); - KSSLPKCS7* rc = loadCertFile(ktf.name()); - ktf.unlink(); - return rc; -#endif -return NULL; -} - - - -KSSLPKCS7* KSSLPKCS7::loadCertFile(TQString filename) { -#ifdef KSSL_HAVE_SSL -TQFile qf(filename); -PKCS7 *newpkcs = NULL; - - if (!qf.open(IO_ReadOnly)) - return NULL; - - FILE *fp = fdopen(qf.handle(), "r"); - if (!fp) return NULL; - - newpkcs = KOSSL::self()->d2i_PKCS7_fp(fp, &newpkcs); - - if (!newpkcs) return NULL; - - KSSLPKCS7 *c = new KSSLPKCS7; - c->setCert(newpkcs); - - return c; -#endif -return NULL; -} - - -void KSSLPKCS7::setCert(PKCS7 *c) { -#ifdef KSSL_HAVE_SSL - _pkcs = c; - //STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); - //X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); - // set _chain and _cert here. -#endif -} - - -KSSLCertificate *KSSLPKCS7::getCertificate() { - return _cert; -} - - -KSSLCertChain *KSSLPKCS7::getChain() { - return _chain; -} - - -TQString KSSLPKCS7::toString() { -TQString base64; -#ifdef KSSL_HAVE_SSL -unsigned char *p; -int len; - - len = kossl->i2d_PKCS7(_pkcs, NULL); - if (len >= 0) { - char *buf = new char[len]; - p = (unsigned char *)buf; - kossl->i2d_PKCS7(_pkcs, &p); - TQByteArray qba; - qba.setRawData(buf, len); - base64 = KCodecs::base64Encode(qba); - qba.resetRawData(buf, len); - delete[] buf; - } -#endif -return base64; -} - - - -bool KSSLPKCS7::toFile(TQString filename) { -#ifdef KSSL_HAVE_SSL -TQFile out(filename); - - if (!out.open(IO_WriteOnly)) return false; - - int fd = out.handle(); - FILE *fp = fdopen(fd, "w"); - - if (!fp) { - unlink(filename.latin1()); - return false; - } - - kossl->i2d_PKCS7_fp(fp, _pkcs); - - fclose(fp); - return true; -#endif -return false; -} - - -KSSLCertificate::KSSLValidation KSSLPKCS7::validate() { -#ifdef KSSL_HAVE_SSL -KSSLCertificate::KSSLValidation xx = _cert->validate(); -return xx; -#else -return KSSLCertificate::NoSSL; -#endif -} - - -KSSLCertificate::KSSLValidation KSSLPKCS7::revalidate() { - if (_cert) - return _cert->revalidate(); - return KSSLCertificate::Unknown; -} - - -bool KSSLPKCS7::isValid() { -return (validate() == KSSLCertificate::Ok); -} - - -TQString KSSLPKCS7::name() { - if (_cert) - return _cert->getSubject(); - return TQString(); -} - diff --git a/tdeio/kssl/ksslpkcs7.cpp b/tdeio/kssl/ksslpkcs7.cpp new file mode 100644 index 000000000..bced75e80 --- /dev/null +++ b/tdeio/kssl/ksslpkcs7.cpp @@ -0,0 +1,189 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2001 George Staikos + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include + +#include +#include +#include +#include +#include +#include + +#include + + +KSSLPKCS7::KSSLPKCS7() { + _pkcs = NULL; + _cert = NULL; + kossl = KOSSL::self(); +} + + + +KSSLPKCS7::~KSSLPKCS7() { +#ifdef KSSL_HAVE_SSL + if (_pkcs) kossl->PKCS7_free(_pkcs); +#endif + if (_cert) delete _cert; +} + + +KSSLPKCS7* KSSLPKCS7::fromString(TQString base64) { +#ifdef KSSL_HAVE_SSL +KTempFile ktf; + + if (base64.isEmpty()) return NULL; + TQByteArray qba, qbb = TQCString(base64.latin1()).copy(); + KCodecs::base64Decode(qbb, qba); + ktf.file()->writeBlock(qba); + ktf.close(); + KSSLPKCS7* rc = loadCertFile(ktf.name()); + ktf.unlink(); + return rc; +#endif +return NULL; +} + + + +KSSLPKCS7* KSSLPKCS7::loadCertFile(TQString filename) { +#ifdef KSSL_HAVE_SSL +TQFile qf(filename); +PKCS7 *newpkcs = NULL; + + if (!qf.open(IO_ReadOnly)) + return NULL; + + FILE *fp = fdopen(qf.handle(), "r"); + if (!fp) return NULL; + + newpkcs = KOSSL::self()->d2i_PKCS7_fp(fp, &newpkcs); + + if (!newpkcs) return NULL; + + KSSLPKCS7 *c = new KSSLPKCS7; + c->setCert(newpkcs); + + return c; +#endif +return NULL; +} + + +void KSSLPKCS7::setCert(PKCS7 *c) { +#ifdef KSSL_HAVE_SSL + _pkcs = c; + //STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); + //X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); + // set _chain and _cert here. +#endif +} + + +KSSLCertificate *KSSLPKCS7::getCertificate() { + return _cert; +} + + +KSSLCertChain *KSSLPKCS7::getChain() { + return _chain; +} + + +TQString KSSLPKCS7::toString() { +TQString base64; +#ifdef KSSL_HAVE_SSL +unsigned char *p; +int len; + + len = kossl->i2d_PKCS7(_pkcs, NULL); + if (len >= 0) { + char *buf = new char[len]; + p = (unsigned char *)buf; + kossl->i2d_PKCS7(_pkcs, &p); + TQByteArray qba; + qba.setRawData(buf, len); + base64 = KCodecs::base64Encode(qba); + qba.resetRawData(buf, len); + delete[] buf; + } +#endif +return base64; +} + + + +bool KSSLPKCS7::toFile(TQString filename) { +#ifdef KSSL_HAVE_SSL +TQFile out(filename); + + if (!out.open(IO_WriteOnly)) return false; + + int fd = out.handle(); + FILE *fp = fdopen(fd, "w"); + + if (!fp) { + unlink(filename.latin1()); + return false; + } + + kossl->i2d_PKCS7_fp(fp, _pkcs); + + fclose(fp); + return true; +#endif +return false; +} + + +KSSLCertificate::KSSLValidation KSSLPKCS7::validate() { +#ifdef KSSL_HAVE_SSL +KSSLCertificate::KSSLValidation xx = _cert->validate(); +return xx; +#else +return KSSLCertificate::NoSSL; +#endif +} + + +KSSLCertificate::KSSLValidation KSSLPKCS7::revalidate() { + if (_cert) + return _cert->revalidate(); + return KSSLCertificate::Unknown; +} + + +bool KSSLPKCS7::isValid() { +return (validate() == KSSLCertificate::Ok); +} + + +TQString KSSLPKCS7::name() { + if (_cert) + return _cert->getSubject(); + return TQString(); +} + diff --git a/tdeio/kssl/ksslsession.cc b/tdeio/kssl/ksslsession.cc deleted file mode 100644 index 3c80233f1..000000000 --- a/tdeio/kssl/ksslsession.cc +++ /dev/null @@ -1,82 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2003 George Staikos - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - -#include "ksslsession.h" - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include - -KSSLSession::KSSLSession() : _session(0L) { -} - - -KSSLSession::~KSSLSession() { -#ifdef KSSL_HAVE_SSL - if (_session) { - KOpenSSLProxy::self()->SSL_SESSION_free(static_cast(_session)); - _session = 0L; - } -#endif -} - - -TQString KSSLSession::toString() const { -TQString rc; -#ifdef KSSL_HAVE_SSL -TQByteArray qba; -SSL_SESSION *session = static_cast(_session); -unsigned int slen = KOpenSSLProxy::self()->i2d_SSL_SESSION(session, 0L); -unsigned char *csess = new unsigned char[slen]; -unsigned char *p = csess; - - if (!KOpenSSLProxy::self()->i2d_SSL_SESSION(session, &p)) { - delete[] csess; - return TQString::null; - } - - // encode it into a QString - qba.duplicate((const char*)csess, slen); - delete[] csess; - rc = KCodecs::base64Encode(qba); -#endif -return rc; -} - - -KSSLSession *KSSLSession::fromString(const TQString& s) { -KSSLSession *session = 0L; -#ifdef KSSL_HAVE_SSL -TQByteArray qba, qbb = s.local8Bit().copy(); - KCodecs::base64Decode(qbb, qba); - unsigned char *qbap = reinterpret_cast(qba.data()); - SSL_SESSION *ss = KOSSL::self()->d2i_SSL_SESSION(0L, &qbap, qba.size()); - if (ss) { - session = new KSSLSession; - session->_session = ss; - } -#endif -return session; -} - - diff --git a/tdeio/kssl/ksslsession.cpp b/tdeio/kssl/ksslsession.cpp new file mode 100644 index 000000000..3c80233f1 --- /dev/null +++ b/tdeio/kssl/ksslsession.cpp @@ -0,0 +1,82 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2003 George Staikos + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + +#include "ksslsession.h" + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +KSSLSession::KSSLSession() : _session(0L) { +} + + +KSSLSession::~KSSLSession() { +#ifdef KSSL_HAVE_SSL + if (_session) { + KOpenSSLProxy::self()->SSL_SESSION_free(static_cast(_session)); + _session = 0L; + } +#endif +} + + +TQString KSSLSession::toString() const { +TQString rc; +#ifdef KSSL_HAVE_SSL +TQByteArray qba; +SSL_SESSION *session = static_cast(_session); +unsigned int slen = KOpenSSLProxy::self()->i2d_SSL_SESSION(session, 0L); +unsigned char *csess = new unsigned char[slen]; +unsigned char *p = csess; + + if (!KOpenSSLProxy::self()->i2d_SSL_SESSION(session, &p)) { + delete[] csess; + return TQString::null; + } + + // encode it into a QString + qba.duplicate((const char*)csess, slen); + delete[] csess; + rc = KCodecs::base64Encode(qba); +#endif +return rc; +} + + +KSSLSession *KSSLSession::fromString(const TQString& s) { +KSSLSession *session = 0L; +#ifdef KSSL_HAVE_SSL +TQByteArray qba, qbb = s.local8Bit().copy(); + KCodecs::base64Decode(qbb, qba); + unsigned char *qbap = reinterpret_cast(qba.data()); + SSL_SESSION *ss = KOSSL::self()->d2i_SSL_SESSION(0L, &qbap, qba.size()); + if (ss) { + session = new KSSLSession; + session->_session = ss; + } +#endif +return session; +} + + diff --git a/tdeio/kssl/ksslsettings.cc b/tdeio/kssl/ksslsettings.cc deleted file mode 100644 index 090eaef4f..000000000 --- a/tdeio/kssl/ksslsettings.cc +++ /dev/null @@ -1,345 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2000 George Staikos - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include - -#include -#include -#include - -#include -#include - -#include "ksslsettings.h" -#include -#include -#include - -// this hack provided by Malte Starostik to avoid glibc/openssl bug -// on some systems -#ifdef KSSL_HAVE_SSL -#define crypt _openssl_crypt -#include -#undef crypt -#endif -#include - - -class CipherNode { -public: - CipherNode(const char *_name, int _keylen) : - name(_name), keylen(_keylen) {} - TQString name; - int keylen; - inline int operator==(CipherNode &x) - { return ((x.keylen == keylen) && (x.name == name)); } - inline int operator< (CipherNode &x) { return keylen < x.keylen; } - inline int operator<=(CipherNode &x) { return keylen <= x.keylen; } - inline int operator> (CipherNode &x) { return keylen > x.keylen; } - inline int operator>=(CipherNode &x) { return keylen >= x.keylen; } -}; - - -class KSSLSettingsPrivate { -public: - KSSLSettingsPrivate() { - kossl = NULL; // try to delay this as long as possible - } - ~KSSLSettingsPrivate() { - - } - - KOSSL *kossl; - bool m_bUseEGD; - bool m_bUseEFile; - TQString m_EGDPath; - bool m_bSendX509; - bool m_bPromptX509; -}; - -// -// FIXME -// Implementation note: for now, we only read cipher settings from disk, -// and do not store them in memory. This should change. -// - -KSSLSettings::KSSLSettings(bool readConfig) { - d = new KSSLSettingsPrivate; - m_cfg = new TDEConfig("cryptodefaults", false, false); - - if (!TDEGlobal::dirs()->addResourceType("kssl", TDEStandardDirs::kde_default("data") + "kssl")) { - //kdDebug(7029) << "Error adding (kssl, share/apps/kssl)" << endl; - } - - if (readConfig) load(); -} - - -// we don't save settings incase it was a temporary object -KSSLSettings::~KSSLSettings() { - delete m_cfg; - delete d; -} - - -bool KSSLSettings::sslv2() const { - return m_bUseSSLv2; -} - - -bool KSSLSettings::sslv3() const { - return m_bUseSSLv3; -} - - -bool KSSLSettings::tlsv1() const { - return m_bUseTLSv1; -} - - -// FIXME: we should make a default list available if this fails -// since OpenSSL seems to just choose any old thing if it's given an -// empty list. This behavior is not confirmed though. -TQString KSSLSettings::getCipherList() { - TQString clist; -#ifdef KSSL_HAVE_SSL - TQString tcipher; - bool firstcipher = true; - SSL_METHOD *meth = 0L; - TQPtrList cipherList; - - cipherList.setAutoDelete(true); - - if (!d->kossl) - d->kossl = KOSSL::self(); - - if (m_bUseSSLv3 && m_bUseSSLv2) - meth = d->kossl->TLS_client_method(); - else if(m_bUseSSLv3) - meth = d->kossl->SSLv3_client_method(); - else if (m_bUseSSLv2) - meth = d->kossl->SSLv2_client_method(); - - SSL_CTX *ctx = d->kossl->SSL_CTX_new(meth); - SSL* ssl = d->kossl->SSL_new(ctx); - STACK_OF(SSL_CIPHER)* sk = d->kossl->SSL_get_ciphers(ssl); - int cnt = d->kossl->OPENSSL_sk_num(sk); - for (int i=0; i< cnt; i++) { - SSL_CIPHER *sc = reinterpret_cast(d->kossl->OPENSSL_sk_value(sk,i)); - if (!sc) - break; - - if(!strcmp("SSLv2", d->kossl->SSL_CIPHER_get_version(sc))) - m_cfg->setGroup("SSLv2"); - else - m_cfg->setGroup("SSLv3"); - - tcipher.sprintf("cipher_%s", d->kossl->SSL_CIPHER_get_name(sc)); - int bits = d->kossl->SSL_CIPHER_get_bits(sc, NULL); - if (m_cfg->readBoolEntry(tcipher, bits >= 56)) { - CipherNode *xx = new CipherNode(d->kossl->SSL_CIPHER_get_name(sc),bits); - if (!cipherList.contains(xx)) - cipherList.prepend(xx); - else - delete xx; - } - } - d->kossl->SSL_free(ssl); - d->kossl->SSL_CTX_free(ctx); - - // Remove any ADH ciphers as per RFC2246 - // Also remove NULL ciphers and 168bit ciphers - for (unsigned int i = 0; i < cipherList.count(); i++) { - CipherNode *j = 0L; - while ((j = cipherList.at(i)) != 0L) { - if (j->name.contains("ADH-") || j->name.contains("NULL-") || j->name.contains("DES-CBC3-SHA") || j->name.contains("FZA")) { - cipherList.remove(j); - } else { - break; - } - } - } - - // now assemble the list cipher1:cipher2:cipher3:...:ciphern - while (!cipherList.isEmpty()) { - if (firstcipher) - firstcipher = false; - else clist.append(":"); - clist.append(cipherList.getLast()->name); - cipherList.removeLast(); - } // while - - kdDebug(7029) << "Cipher list is: " << clist << endl; - -#endif - return clist; -} - -// FIXME - sync these up so that we can use them with the control module!! -void KSSLSettings::load() { - m_cfg->reparseConfiguration(); - - m_cfg->setGroup("TLS"); - m_bUseTLSv1 = m_cfg->readBoolEntry("Enabled", true); - -#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2) - m_bUseSSLv2 = false; -#else - m_cfg->setGroup("SSLv2"); - m_bUseSSLv2 = m_cfg->readBoolEntry("Enabled", false); -#endif - -#if defined(OPENSSL_NO_SSL3) - m_bUseSSLv3 = false; -#else - m_cfg->setGroup("SSLv3"); - m_bUseSSLv3 = m_cfg->readBoolEntry("Enabled", true); -#endif - - m_cfg->setGroup("Warnings"); - m_bWarnOnEnter = m_cfg->readBoolEntry("OnEnter", false); - m_bWarnOnLeave = m_cfg->readBoolEntry("OnLeave", true); - m_bWarnOnUnencrypted = m_cfg->readBoolEntry("OnUnencrypted", true); - m_bWarnOnMixed = m_cfg->readBoolEntry("OnMixed", true); - - m_cfg->setGroup("Validation"); - m_bWarnSelfSigned = m_cfg->readBoolEntry("WarnSelfSigned", true); - m_bWarnExpired = m_cfg->readBoolEntry("WarnExpired", true); - m_bWarnRevoked = m_cfg->readBoolEntry("WarnRevoked", true); - - m_cfg->setGroup("EGD"); - d->m_bUseEGD = m_cfg->readBoolEntry("UseEGD", false); - d->m_bUseEFile = m_cfg->readBoolEntry("UseEFile", false); - d->m_EGDPath = m_cfg->readPathEntry("EGDPath"); - - m_cfg->setGroup("Auth"); - d->m_bSendX509 = ("send" == m_cfg->readEntry("AuthMethod", "")); - d->m_bPromptX509 = ("prompt" == m_cfg->readEntry("AuthMethod", "")); - - #ifdef KSSL_HAVE_SSL - - - - #endif -} - - -void KSSLSettings::defaults() { - m_bUseTLSv1 = true; - m_bUseSSLv2 = false; - m_bUseSSLv3 = true; - m_bWarnOnEnter = false; - m_bWarnOnLeave = true; - m_bWarnOnUnencrypted = true; - m_bWarnOnMixed = true; - m_bWarnSelfSigned = true; - m_bWarnExpired = true; - m_bWarnRevoked = true; - d->m_bUseEGD = false; - d->m_bUseEFile = false; - d->m_EGDPath = ""; -} - - -void KSSLSettings::save() { - m_cfg->setGroup("TLS"); - m_cfg->writeEntry("Enabled", m_bUseTLSv1); - - m_cfg->setGroup("SSLv2"); - m_cfg->writeEntry("Enabled", m_bUseSSLv2); - - m_cfg->setGroup("SSLv3"); - m_cfg->writeEntry("Enabled", m_bUseSSLv3); - - m_cfg->setGroup("Warnings"); - m_cfg->writeEntry("OnEnter", m_bWarnOnEnter); - m_cfg->writeEntry("OnLeave", m_bWarnOnLeave); - m_cfg->writeEntry("OnUnencrypted", m_bWarnOnUnencrypted); - m_cfg->writeEntry("OnMixed", m_bWarnOnMixed); - - m_cfg->setGroup("Validation"); - m_cfg->writeEntry("WarnSelfSigned", m_bWarnSelfSigned); - m_cfg->writeEntry("WarnExpired", m_bWarnExpired); - m_cfg->writeEntry("WarnRevoked", m_bWarnRevoked); - - m_cfg->setGroup("EGD"); - m_cfg->writeEntry("UseEGD", d->m_bUseEGD); - m_cfg->writeEntry("UseEFile", d->m_bUseEFile); - m_cfg->writePathEntry("EGDPath", d->m_EGDPath); - - m_cfg->sync(); - // FIXME - ciphers -#if 0 -#ifdef KSSL_HAVE_SSL - m_cfg->setGroup("SSLv2"); - for (unsigned int i = 0; i < v2ciphers.count(); i++) { - TQString ciphername; - ciphername.sprintf("cipher_%s", v2ciphers[i].ascii()); - if (v2selectedciphers.contains(v2ciphers[i])) { - m_cfg->writeEntry(ciphername, true); - } else m_cfg->writeEntry(ciphername, false); - } - - m_cfg->setGroup("SSLv3"); - for (unsigned int i = 0; i < v3ciphers.count(); i++) { - TQString ciphername; - ciphername.sprintf("cipher_%s", v3ciphers[i].ascii()); - if (v3selectedciphers.contains(v3ciphers[i])) { - m_cfg->writeEntry(ciphername, true); - } else m_cfg->writeEntry(ciphername, false); - } -#endif - - m_cfg->sync(); - - // insure proper permissions -- contains sensitive data - TQString cfgName(TDEGlobal::dirs()->findResource("config", "cryptodefaults")); - if (!cfgName.isEmpty()) - ::chmod(TQFile::encodeName(cfgName), 0600); -#endif -} - - -bool KSSLSettings::warnOnEnter() const { return m_bWarnOnEnter; } -void KSSLSettings::setWarnOnEnter(bool x) { m_bWarnOnEnter = x; } -bool KSSLSettings::warnOnUnencrypted() const { return m_bWarnOnUnencrypted; } -void KSSLSettings::setWarnOnUnencrypted(bool x) { m_bWarnOnUnencrypted = x; } -bool KSSLSettings::warnOnLeave() const { return m_bWarnOnLeave; } -void KSSLSettings::setWarnOnLeave(bool x) { m_bWarnOnLeave = x; } -bool KSSLSettings::warnOnMixed() const { return m_bWarnOnMixed; } -bool KSSLSettings::warnOnSelfSigned() const { return m_bWarnSelfSigned; } -bool KSSLSettings::warnOnRevoked() const { return m_bWarnRevoked; } -bool KSSLSettings::warnOnExpired() const { return m_bWarnExpired; } -bool KSSLSettings::useEGD() const { return d->m_bUseEGD; } -bool KSSLSettings::useEFile() const { return d->m_bUseEFile; } -bool KSSLSettings::autoSendX509() const { return d->m_bSendX509; } -bool KSSLSettings::promptSendX509() const { return d->m_bPromptX509; } - -void KSSLSettings::setTLSv1(bool enabled) { m_bUseTLSv1 = enabled; } -void KSSLSettings::setSSLv2(bool enabled) { m_bUseSSLv2 = enabled; } -void KSSLSettings::setSSLv3(bool enabled) { m_bUseSSLv3 = enabled; } - -TQString& KSSLSettings::getEGDPath() { return d->m_EGDPath; } - diff --git a/tdeio/kssl/ksslsettings.cpp b/tdeio/kssl/ksslsettings.cpp new file mode 100644 index 000000000..090eaef4f --- /dev/null +++ b/tdeio/kssl/ksslsettings.cpp @@ -0,0 +1,345 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2000 George Staikos + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#include +#include +#include + +#include +#include + +#include "ksslsettings.h" +#include +#include +#include + +// this hack provided by Malte Starostik to avoid glibc/openssl bug +// on some systems +#ifdef KSSL_HAVE_SSL +#define crypt _openssl_crypt +#include +#undef crypt +#endif +#include + + +class CipherNode { +public: + CipherNode(const char *_name, int _keylen) : + name(_name), keylen(_keylen) {} + TQString name; + int keylen; + inline int operator==(CipherNode &x) + { return ((x.keylen == keylen) && (x.name == name)); } + inline int operator< (CipherNode &x) { return keylen < x.keylen; } + inline int operator<=(CipherNode &x) { return keylen <= x.keylen; } + inline int operator> (CipherNode &x) { return keylen > x.keylen; } + inline int operator>=(CipherNode &x) { return keylen >= x.keylen; } +}; + + +class KSSLSettingsPrivate { +public: + KSSLSettingsPrivate() { + kossl = NULL; // try to delay this as long as possible + } + ~KSSLSettingsPrivate() { + + } + + KOSSL *kossl; + bool m_bUseEGD; + bool m_bUseEFile; + TQString m_EGDPath; + bool m_bSendX509; + bool m_bPromptX509; +}; + +// +// FIXME +// Implementation note: for now, we only read cipher settings from disk, +// and do not store them in memory. This should change. +// + +KSSLSettings::KSSLSettings(bool readConfig) { + d = new KSSLSettingsPrivate; + m_cfg = new TDEConfig("cryptodefaults", false, false); + + if (!TDEGlobal::dirs()->addResourceType("kssl", TDEStandardDirs::kde_default("data") + "kssl")) { + //kdDebug(7029) << "Error adding (kssl, share/apps/kssl)" << endl; + } + + if (readConfig) load(); +} + + +// we don't save settings incase it was a temporary object +KSSLSettings::~KSSLSettings() { + delete m_cfg; + delete d; +} + + +bool KSSLSettings::sslv2() const { + return m_bUseSSLv2; +} + + +bool KSSLSettings::sslv3() const { + return m_bUseSSLv3; +} + + +bool KSSLSettings::tlsv1() const { + return m_bUseTLSv1; +} + + +// FIXME: we should make a default list available if this fails +// since OpenSSL seems to just choose any old thing if it's given an +// empty list. This behavior is not confirmed though. +TQString KSSLSettings::getCipherList() { + TQString clist; +#ifdef KSSL_HAVE_SSL + TQString tcipher; + bool firstcipher = true; + SSL_METHOD *meth = 0L; + TQPtrList cipherList; + + cipherList.setAutoDelete(true); + + if (!d->kossl) + d->kossl = KOSSL::self(); + + if (m_bUseSSLv3 && m_bUseSSLv2) + meth = d->kossl->TLS_client_method(); + else if(m_bUseSSLv3) + meth = d->kossl->SSLv3_client_method(); + else if (m_bUseSSLv2) + meth = d->kossl->SSLv2_client_method(); + + SSL_CTX *ctx = d->kossl->SSL_CTX_new(meth); + SSL* ssl = d->kossl->SSL_new(ctx); + STACK_OF(SSL_CIPHER)* sk = d->kossl->SSL_get_ciphers(ssl); + int cnt = d->kossl->OPENSSL_sk_num(sk); + for (int i=0; i< cnt; i++) { + SSL_CIPHER *sc = reinterpret_cast(d->kossl->OPENSSL_sk_value(sk,i)); + if (!sc) + break; + + if(!strcmp("SSLv2", d->kossl->SSL_CIPHER_get_version(sc))) + m_cfg->setGroup("SSLv2"); + else + m_cfg->setGroup("SSLv3"); + + tcipher.sprintf("cipher_%s", d->kossl->SSL_CIPHER_get_name(sc)); + int bits = d->kossl->SSL_CIPHER_get_bits(sc, NULL); + if (m_cfg->readBoolEntry(tcipher, bits >= 56)) { + CipherNode *xx = new CipherNode(d->kossl->SSL_CIPHER_get_name(sc),bits); + if (!cipherList.contains(xx)) + cipherList.prepend(xx); + else + delete xx; + } + } + d->kossl->SSL_free(ssl); + d->kossl->SSL_CTX_free(ctx); + + // Remove any ADH ciphers as per RFC2246 + // Also remove NULL ciphers and 168bit ciphers + for (unsigned int i = 0; i < cipherList.count(); i++) { + CipherNode *j = 0L; + while ((j = cipherList.at(i)) != 0L) { + if (j->name.contains("ADH-") || j->name.contains("NULL-") || j->name.contains("DES-CBC3-SHA") || j->name.contains("FZA")) { + cipherList.remove(j); + } else { + break; + } + } + } + + // now assemble the list cipher1:cipher2:cipher3:...:ciphern + while (!cipherList.isEmpty()) { + if (firstcipher) + firstcipher = false; + else clist.append(":"); + clist.append(cipherList.getLast()->name); + cipherList.removeLast(); + } // while + + kdDebug(7029) << "Cipher list is: " << clist << endl; + +#endif + return clist; +} + +// FIXME - sync these up so that we can use them with the control module!! +void KSSLSettings::load() { + m_cfg->reparseConfiguration(); + + m_cfg->setGroup("TLS"); + m_bUseTLSv1 = m_cfg->readBoolEntry("Enabled", true); + +#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2) + m_bUseSSLv2 = false; +#else + m_cfg->setGroup("SSLv2"); + m_bUseSSLv2 = m_cfg->readBoolEntry("Enabled", false); +#endif + +#if defined(OPENSSL_NO_SSL3) + m_bUseSSLv3 = false; +#else + m_cfg->setGroup("SSLv3"); + m_bUseSSLv3 = m_cfg->readBoolEntry("Enabled", true); +#endif + + m_cfg->setGroup("Warnings"); + m_bWarnOnEnter = m_cfg->readBoolEntry("OnEnter", false); + m_bWarnOnLeave = m_cfg->readBoolEntry("OnLeave", true); + m_bWarnOnUnencrypted = m_cfg->readBoolEntry("OnUnencrypted", true); + m_bWarnOnMixed = m_cfg->readBoolEntry("OnMixed", true); + + m_cfg->setGroup("Validation"); + m_bWarnSelfSigned = m_cfg->readBoolEntry("WarnSelfSigned", true); + m_bWarnExpired = m_cfg->readBoolEntry("WarnExpired", true); + m_bWarnRevoked = m_cfg->readBoolEntry("WarnRevoked", true); + + m_cfg->setGroup("EGD"); + d->m_bUseEGD = m_cfg->readBoolEntry("UseEGD", false); + d->m_bUseEFile = m_cfg->readBoolEntry("UseEFile", false); + d->m_EGDPath = m_cfg->readPathEntry("EGDPath"); + + m_cfg->setGroup("Auth"); + d->m_bSendX509 = ("send" == m_cfg->readEntry("AuthMethod", "")); + d->m_bPromptX509 = ("prompt" == m_cfg->readEntry("AuthMethod", "")); + + #ifdef KSSL_HAVE_SSL + + + + #endif +} + + +void KSSLSettings::defaults() { + m_bUseTLSv1 = true; + m_bUseSSLv2 = false; + m_bUseSSLv3 = true; + m_bWarnOnEnter = false; + m_bWarnOnLeave = true; + m_bWarnOnUnencrypted = true; + m_bWarnOnMixed = true; + m_bWarnSelfSigned = true; + m_bWarnExpired = true; + m_bWarnRevoked = true; + d->m_bUseEGD = false; + d->m_bUseEFile = false; + d->m_EGDPath = ""; +} + + +void KSSLSettings::save() { + m_cfg->setGroup("TLS"); + m_cfg->writeEntry("Enabled", m_bUseTLSv1); + + m_cfg->setGroup("SSLv2"); + m_cfg->writeEntry("Enabled", m_bUseSSLv2); + + m_cfg->setGroup("SSLv3"); + m_cfg->writeEntry("Enabled", m_bUseSSLv3); + + m_cfg->setGroup("Warnings"); + m_cfg->writeEntry("OnEnter", m_bWarnOnEnter); + m_cfg->writeEntry("OnLeave", m_bWarnOnLeave); + m_cfg->writeEntry("OnUnencrypted", m_bWarnOnUnencrypted); + m_cfg->writeEntry("OnMixed", m_bWarnOnMixed); + + m_cfg->setGroup("Validation"); + m_cfg->writeEntry("WarnSelfSigned", m_bWarnSelfSigned); + m_cfg->writeEntry("WarnExpired", m_bWarnExpired); + m_cfg->writeEntry("WarnRevoked", m_bWarnRevoked); + + m_cfg->setGroup("EGD"); + m_cfg->writeEntry("UseEGD", d->m_bUseEGD); + m_cfg->writeEntry("UseEFile", d->m_bUseEFile); + m_cfg->writePathEntry("EGDPath", d->m_EGDPath); + + m_cfg->sync(); + // FIXME - ciphers +#if 0 +#ifdef KSSL_HAVE_SSL + m_cfg->setGroup("SSLv2"); + for (unsigned int i = 0; i < v2ciphers.count(); i++) { + TQString ciphername; + ciphername.sprintf("cipher_%s", v2ciphers[i].ascii()); + if (v2selectedciphers.contains(v2ciphers[i])) { + m_cfg->writeEntry(ciphername, true); + } else m_cfg->writeEntry(ciphername, false); + } + + m_cfg->setGroup("SSLv3"); + for (unsigned int i = 0; i < v3ciphers.count(); i++) { + TQString ciphername; + ciphername.sprintf("cipher_%s", v3ciphers[i].ascii()); + if (v3selectedciphers.contains(v3ciphers[i])) { + m_cfg->writeEntry(ciphername, true); + } else m_cfg->writeEntry(ciphername, false); + } +#endif + + m_cfg->sync(); + + // insure proper permissions -- contains sensitive data + TQString cfgName(TDEGlobal::dirs()->findResource("config", "cryptodefaults")); + if (!cfgName.isEmpty()) + ::chmod(TQFile::encodeName(cfgName), 0600); +#endif +} + + +bool KSSLSettings::warnOnEnter() const { return m_bWarnOnEnter; } +void KSSLSettings::setWarnOnEnter(bool x) { m_bWarnOnEnter = x; } +bool KSSLSettings::warnOnUnencrypted() const { return m_bWarnOnUnencrypted; } +void KSSLSettings::setWarnOnUnencrypted(bool x) { m_bWarnOnUnencrypted = x; } +bool KSSLSettings::warnOnLeave() const { return m_bWarnOnLeave; } +void KSSLSettings::setWarnOnLeave(bool x) { m_bWarnOnLeave = x; } +bool KSSLSettings::warnOnMixed() const { return m_bWarnOnMixed; } +bool KSSLSettings::warnOnSelfSigned() const { return m_bWarnSelfSigned; } +bool KSSLSettings::warnOnRevoked() const { return m_bWarnRevoked; } +bool KSSLSettings::warnOnExpired() const { return m_bWarnExpired; } +bool KSSLSettings::useEGD() const { return d->m_bUseEGD; } +bool KSSLSettings::useEFile() const { return d->m_bUseEFile; } +bool KSSLSettings::autoSendX509() const { return d->m_bSendX509; } +bool KSSLSettings::promptSendX509() const { return d->m_bPromptX509; } + +void KSSLSettings::setTLSv1(bool enabled) { m_bUseTLSv1 = enabled; } +void KSSLSettings::setSSLv2(bool enabled) { m_bUseSSLv2 = enabled; } +void KSSLSettings::setSSLv3(bool enabled) { m_bUseSSLv3 = enabled; } + +TQString& KSSLSettings::getEGDPath() { return d->m_EGDPath; } + diff --git a/tdeio/kssl/ksslsigners.cc b/tdeio/kssl/ksslsigners.cc deleted file mode 100644 index 028ddf555..000000000 --- a/tdeio/kssl/ksslsigners.cc +++ /dev/null @@ -1,251 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2001 George Staikos - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - - -#include -#include -#include "ksslcertificate.h" -#include "ksslsigners.h" -#include -#include -#include -#include - - -KSSLSigners::KSSLSigners() { - dcc = new DCOPClient; - dcc->attach(); -} - - -KSSLSigners::~KSSLSigners() { - delete dcc; -} - -bool KSSLSigners::addCA(KSSLCertificate& cert, - bool ssl, - bool email, - bool code) { - return addCA(cert.toString(), ssl, email, code); -} - - -bool KSSLSigners::addCA(TQString cert, - bool ssl, - bool email, - bool code) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << cert; - arg << ssl << email << code; - bool rc = dcc->call("kded", "kssld", - "caAdd(TQString,bool,bool,bool)", - data, rettype, retval); - - if (rc && rettype == "bool") { - TQDataStream retStream(retval, IO_ReadOnly); - bool drc; - retStream >> drc; - return drc; - } - -return false; -} - - -bool KSSLSigners::regenerate() { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - bool rc = dcc->call("kded", "kssld", - "caRegenerate()", - data, rettype, retval); - - if (rc && rettype == "bool") { - TQDataStream retStream(retval, IO_ReadOnly); - bool drc; - retStream >> drc; - return drc; - } - -return false; -} - - -bool KSSLSigners::useForSSL(KSSLCertificate& cert) { - return useForSSL(cert.getSubject()); -} - - -bool KSSLSigners::useForSSL(TQString subject) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << subject; - bool rc = dcc->call("kded", "kssld", - "caUseForSSL(TQString)", - data, rettype, retval); - - if (rc && rettype == "bool") { - TQDataStream retStream(retval, IO_ReadOnly); - bool drc; - retStream >> drc; - return drc; - } - -return false; -} - - -bool KSSLSigners::useForEmail(KSSLCertificate& cert) { - return useForEmail(cert.getSubject()); -} - - -bool KSSLSigners::useForEmail(TQString subject) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << subject; - bool rc = dcc->call("kded", "kssld", - "caUseForEmail(TQString)", - data, rettype, retval); - - if (rc && rettype == "bool") { - TQDataStream retStream(retval, IO_ReadOnly); - bool drc; - retStream >> drc; - return drc; - } - -return false; -} - - -bool KSSLSigners::useForCode(KSSLCertificate& cert) { - return useForCode(cert.getSubject()); -} - - -bool KSSLSigners::useForCode(TQString subject) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << subject; - bool rc = dcc->call("kded", "kssld", - "caUseForCode(TQString)", - data, rettype, retval); - - if (rc && rettype == "bool") { - TQDataStream retStream(retval, IO_ReadOnly); - bool drc; - retStream >> drc; - return drc; - } - -return false; -} - - -bool KSSLSigners::remove(KSSLCertificate& cert) { - return remove(cert.getSubject()); -} - - -bool KSSLSigners::remove(TQString subject) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << subject; - bool rc = dcc->call("kded", "kssld", - "caRemove(TQString)", - data, rettype, retval); - - if (rc && rettype == "bool") { - TQDataStream retStream(retval, IO_ReadOnly); - bool drc; - retStream >> drc; - return drc; - } - -return false; -} - - -TQStringList KSSLSigners::list() { - TQStringList drc; - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - bool rc = dcc->call("kded", "kssld", - "caList()", - data, rettype, retval); - - if (rc && rettype == TQSTRINGLIST_OBJECT_NAME_STRING) { - TQDataStream retStream(retval, IO_ReadOnly); - retStream >> drc; - } - -return drc; -} - - -TQString KSSLSigners::getCert(TQString subject) { - TQString drc; - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << subject; - bool rc = dcc->call("kded", "kssld", - "caGetCert(TQString)", - data, rettype, retval); - - if (rc && rettype == TQSTRING_OBJECT_NAME_STRING) { - TQDataStream retStream(retval, IO_ReadOnly); - retStream >> drc; - } - -return drc; -} - - -bool KSSLSigners::setUse(TQString subject, bool ssl, bool email, bool code) { - TQByteArray data, retval; - TQCString rettype; - TQDataStream arg(data, IO_WriteOnly); - arg << subject << ssl << email << code; - bool rc = dcc->call("kded", "kssld", - "caSetUse(TQString,bool,bool,bool)", - data, rettype, retval); - - if (rc && rettype == "bool") { - TQDataStream retStream(retval, IO_ReadOnly); - bool drc; - retStream >> drc; - return drc; - } - -return false; -} - - - - diff --git a/tdeio/kssl/ksslsigners.cpp b/tdeio/kssl/ksslsigners.cpp new file mode 100644 index 000000000..028ddf555 --- /dev/null +++ b/tdeio/kssl/ksslsigners.cpp @@ -0,0 +1,251 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2001 George Staikos + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + + +#include +#include +#include "ksslcertificate.h" +#include "ksslsigners.h" +#include +#include +#include +#include + + +KSSLSigners::KSSLSigners() { + dcc = new DCOPClient; + dcc->attach(); +} + + +KSSLSigners::~KSSLSigners() { + delete dcc; +} + +bool KSSLSigners::addCA(KSSLCertificate& cert, + bool ssl, + bool email, + bool code) { + return addCA(cert.toString(), ssl, email, code); +} + + +bool KSSLSigners::addCA(TQString cert, + bool ssl, + bool email, + bool code) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << cert; + arg << ssl << email << code; + bool rc = dcc->call("kded", "kssld", + "caAdd(TQString,bool,bool,bool)", + data, rettype, retval); + + if (rc && rettype == "bool") { + TQDataStream retStream(retval, IO_ReadOnly); + bool drc; + retStream >> drc; + return drc; + } + +return false; +} + + +bool KSSLSigners::regenerate() { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + bool rc = dcc->call("kded", "kssld", + "caRegenerate()", + data, rettype, retval); + + if (rc && rettype == "bool") { + TQDataStream retStream(retval, IO_ReadOnly); + bool drc; + retStream >> drc; + return drc; + } + +return false; +} + + +bool KSSLSigners::useForSSL(KSSLCertificate& cert) { + return useForSSL(cert.getSubject()); +} + + +bool KSSLSigners::useForSSL(TQString subject) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << subject; + bool rc = dcc->call("kded", "kssld", + "caUseForSSL(TQString)", + data, rettype, retval); + + if (rc && rettype == "bool") { + TQDataStream retStream(retval, IO_ReadOnly); + bool drc; + retStream >> drc; + return drc; + } + +return false; +} + + +bool KSSLSigners::useForEmail(KSSLCertificate& cert) { + return useForEmail(cert.getSubject()); +} + + +bool KSSLSigners::useForEmail(TQString subject) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << subject; + bool rc = dcc->call("kded", "kssld", + "caUseForEmail(TQString)", + data, rettype, retval); + + if (rc && rettype == "bool") { + TQDataStream retStream(retval, IO_ReadOnly); + bool drc; + retStream >> drc; + return drc; + } + +return false; +} + + +bool KSSLSigners::useForCode(KSSLCertificate& cert) { + return useForCode(cert.getSubject()); +} + + +bool KSSLSigners::useForCode(TQString subject) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << subject; + bool rc = dcc->call("kded", "kssld", + "caUseForCode(TQString)", + data, rettype, retval); + + if (rc && rettype == "bool") { + TQDataStream retStream(retval, IO_ReadOnly); + bool drc; + retStream >> drc; + return drc; + } + +return false; +} + + +bool KSSLSigners::remove(KSSLCertificate& cert) { + return remove(cert.getSubject()); +} + + +bool KSSLSigners::remove(TQString subject) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << subject; + bool rc = dcc->call("kded", "kssld", + "caRemove(TQString)", + data, rettype, retval); + + if (rc && rettype == "bool") { + TQDataStream retStream(retval, IO_ReadOnly); + bool drc; + retStream >> drc; + return drc; + } + +return false; +} + + +TQStringList KSSLSigners::list() { + TQStringList drc; + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + bool rc = dcc->call("kded", "kssld", + "caList()", + data, rettype, retval); + + if (rc && rettype == TQSTRINGLIST_OBJECT_NAME_STRING) { + TQDataStream retStream(retval, IO_ReadOnly); + retStream >> drc; + } + +return drc; +} + + +TQString KSSLSigners::getCert(TQString subject) { + TQString drc; + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << subject; + bool rc = dcc->call("kded", "kssld", + "caGetCert(TQString)", + data, rettype, retval); + + if (rc && rettype == TQSTRING_OBJECT_NAME_STRING) { + TQDataStream retStream(retval, IO_ReadOnly); + retStream >> drc; + } + +return drc; +} + + +bool KSSLSigners::setUse(TQString subject, bool ssl, bool email, bool code) { + TQByteArray data, retval; + TQCString rettype; + TQDataStream arg(data, IO_WriteOnly); + arg << subject << ssl << email << code; + bool rc = dcc->call("kded", "kssld", + "caSetUse(TQString,bool,bool,bool)", + data, rettype, retval); + + if (rc && rettype == "bool") { + TQDataStream retStream(retval, IO_ReadOnly); + bool drc; + retStream >> drc; + return drc; + } + +return false; +} + + + + diff --git a/tdeio/kssl/ksslutils.cc b/tdeio/kssl/ksslutils.cc deleted file mode 100644 index 2e6e3a303..000000000 --- a/tdeio/kssl/ksslutils.cc +++ /dev/null @@ -1,103 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2000,2001 George Staikos - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - - -#include "ksslutils.h" - -#include -#include -#include -#include - -#include "kopenssl.h" - -#ifdef KSSL_HAVE_SSL -// This code is mostly taken from OpenSSL v0.9.5a -// by Eric Young -TQDateTime ASN1_UTCTIME_QDateTime(ASN1_UTCTIME *tm, int *isGmt) { -TQDateTime qdt; -char *v; -int gmt=0; -int gentime=0; -int yoffset=0; -int yearbase=1900; -int i; -int y=0,M=0,d=0,h=0,m=0,s=0; -TQDate qdate; -TQTime qtime; - - i = tm->length; - v = (char *)tm->data; - if ((i == 15) || (i == 21)) { - gentime=1; - yoffset=2; - yearbase=0; - } - if (i < 10) goto auq_err; - if (v[i-1] == 'Z') gmt=1; - for (i=0; i<10+yoffset; i++) - if ((v[i] > '9') || (v[i] < '0')) goto auq_err; - y = (v[0+yoffset]-'0')*10+(v[1+yoffset]-'0'); - if (gentime) - y += (v[0]-'0')*1000+(v[1]-'0')*100; - if (y < 50) y+=100; - M = (v[2+yoffset]-'0')*10+(v[3+yoffset]-'0'); - if ((M > 12) || (M < 1)) goto auq_err; - d = (v[4+yoffset]-'0')*10+(v[5+yoffset]-'0'); - h = (v[6+yoffset]-'0')*10+(v[7+yoffset]-'0'); - m = (v[8+yoffset]-'0')*10+(v[9+yoffset]-'0'); - if ( (v[10+yoffset] >= '0') && (v[10+yoffset] <= '9') && - (v[11+yoffset] >= '0') && (v[11+yoffset] <= '9')) - s = (v[10+yoffset]-'0')*10+(v[11+yoffset]-'0'); - - // localize the date and display it. - qdate.setYMD(y+yearbase, M, d); - qtime.setHMS(h,m,s); - qdt.setDate(qdate); qdt.setTime(qtime); - auq_err: - if (isGmt) *isGmt = gmt; -return qdt; -} - - -TQString ASN1_UTCTIME_QString(ASN1_UTCTIME *tm) { - TQString qstr; - int gmt; - TQDateTime qdt = ASN1_UTCTIME_QDateTime(tm, &gmt); - - qstr = TDEGlobal::locale()->formatDateTime(qdt, false, true); - if (gmt) { - qstr += " "; - qstr += i18n("GMT"); - } - return qstr; -} - - -TQString ASN1_INTEGER_QString(ASN1_INTEGER *aint) { - char *rep = KOSSL::self()->i2s_ASN1_INTEGER(NULL, aint); - TQString yy = rep; - KOSSL::self()->CRYPTO_free(rep); - return yy; -} - - -#endif - diff --git a/tdeio/kssl/ksslutils.cpp b/tdeio/kssl/ksslutils.cpp new file mode 100644 index 000000000..2e6e3a303 --- /dev/null +++ b/tdeio/kssl/ksslutils.cpp @@ -0,0 +1,103 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2000,2001 George Staikos + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + + +#include "ksslutils.h" + +#include +#include +#include +#include + +#include "kopenssl.h" + +#ifdef KSSL_HAVE_SSL +// This code is mostly taken from OpenSSL v0.9.5a +// by Eric Young +TQDateTime ASN1_UTCTIME_QDateTime(ASN1_UTCTIME *tm, int *isGmt) { +TQDateTime qdt; +char *v; +int gmt=0; +int gentime=0; +int yoffset=0; +int yearbase=1900; +int i; +int y=0,M=0,d=0,h=0,m=0,s=0; +TQDate qdate; +TQTime qtime; + + i = tm->length; + v = (char *)tm->data; + if ((i == 15) || (i == 21)) { + gentime=1; + yoffset=2; + yearbase=0; + } + if (i < 10) goto auq_err; + if (v[i-1] == 'Z') gmt=1; + for (i=0; i<10+yoffset; i++) + if ((v[i] > '9') || (v[i] < '0')) goto auq_err; + y = (v[0+yoffset]-'0')*10+(v[1+yoffset]-'0'); + if (gentime) + y += (v[0]-'0')*1000+(v[1]-'0')*100; + if (y < 50) y+=100; + M = (v[2+yoffset]-'0')*10+(v[3+yoffset]-'0'); + if ((M > 12) || (M < 1)) goto auq_err; + d = (v[4+yoffset]-'0')*10+(v[5+yoffset]-'0'); + h = (v[6+yoffset]-'0')*10+(v[7+yoffset]-'0'); + m = (v[8+yoffset]-'0')*10+(v[9+yoffset]-'0'); + if ( (v[10+yoffset] >= '0') && (v[10+yoffset] <= '9') && + (v[11+yoffset] >= '0') && (v[11+yoffset] <= '9')) + s = (v[10+yoffset]-'0')*10+(v[11+yoffset]-'0'); + + // localize the date and display it. + qdate.setYMD(y+yearbase, M, d); + qtime.setHMS(h,m,s); + qdt.setDate(qdate); qdt.setTime(qtime); + auq_err: + if (isGmt) *isGmt = gmt; +return qdt; +} + + +TQString ASN1_UTCTIME_QString(ASN1_UTCTIME *tm) { + TQString qstr; + int gmt; + TQDateTime qdt = ASN1_UTCTIME_QDateTime(tm, &gmt); + + qstr = TDEGlobal::locale()->formatDateTime(qdt, false, true); + if (gmt) { + qstr += " "; + qstr += i18n("GMT"); + } + return qstr; +} + + +TQString ASN1_INTEGER_QString(ASN1_INTEGER *aint) { + char *rep = KOSSL::self()->i2s_ASN1_INTEGER(NULL, aint); + TQString yy = rep; + KOSSL::self()->CRYPTO_free(rep); + return yy; +} + + +#endif + diff --git a/tdeio/kssl/ksslx509map.cc b/tdeio/kssl/ksslx509map.cc deleted file mode 100644 index 7896fdfcf..000000000 --- a/tdeio/kssl/ksslx509map.cc +++ /dev/null @@ -1,103 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2000 George Staikos - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - -#include "ksslx509map.h" -#include -#include - -KSSLX509Map::KSSLX509Map(const TQString& name) { - parse(name); -} - - -KSSLX509Map::~KSSLX509Map() { - -} - - -void KSSLX509Map::setValue(const TQString& key, const TQString& value) { - m_pairs.replace(key, value); -} - - -TQString KSSLX509Map::getValue(const TQString& key) const { - if (!m_pairs.contains(key)) { - return TQString::null; - } - - return m_pairs[key]; -} - -static TQStringList tokenizeBy(const TQString& str, const TQRegExp& tok, bool keepEmpties = false) { -TQStringList tokens; -unsigned int head, tail; -const char *chstr = str.ascii(); -unsigned int length = str.length(); - - if (length < 1) { - return tokens; - } - - if (length == 1) { - tokens.append(str); - return tokens; - } - - for(head = 0, tail = 0; tail < length-1; head = tail+1) { - TQString thisline; - - tail = str.find(tok, head); - - if (tail > length) // last token - none at end - tail = length; - - if (tail-head > 0 || keepEmpties) { // it has to be at least 1 long! - thisline = &(chstr[head]); - thisline.truncate(tail-head); - tokens.append(thisline); - } - } - return tokens; -} - - -void KSSLX509Map::parse(const TQString& name) { -TQStringList vl = tokenizeBy(name, TQRegExp("/[A-Za-z]+="), false); - - m_pairs.clear(); - - for (TQStringList::Iterator j = vl.begin(); j != vl.end(); ++j) { - TQStringList apair = tokenizeBy(*j, TQRegExp("="), false); - if (m_pairs.contains(apair[0])) { - TQString oldValue = m_pairs[apair[0]]; - oldValue += "\n"; - oldValue += apair[1]; - m_pairs.replace(apair[0], oldValue); - } else { - m_pairs.insert(apair[0], apair[1]); - } - } -} - - -void KSSLX509Map::reset(const TQString& name) { - parse(name); -} - diff --git a/tdeio/kssl/ksslx509map.cpp b/tdeio/kssl/ksslx509map.cpp new file mode 100644 index 000000000..7896fdfcf --- /dev/null +++ b/tdeio/kssl/ksslx509map.cpp @@ -0,0 +1,103 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2000 George Staikos + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + +#include "ksslx509map.h" +#include +#include + +KSSLX509Map::KSSLX509Map(const TQString& name) { + parse(name); +} + + +KSSLX509Map::~KSSLX509Map() { + +} + + +void KSSLX509Map::setValue(const TQString& key, const TQString& value) { + m_pairs.replace(key, value); +} + + +TQString KSSLX509Map::getValue(const TQString& key) const { + if (!m_pairs.contains(key)) { + return TQString::null; + } + + return m_pairs[key]; +} + +static TQStringList tokenizeBy(const TQString& str, const TQRegExp& tok, bool keepEmpties = false) { +TQStringList tokens; +unsigned int head, tail; +const char *chstr = str.ascii(); +unsigned int length = str.length(); + + if (length < 1) { + return tokens; + } + + if (length == 1) { + tokens.append(str); + return tokens; + } + + for(head = 0, tail = 0; tail < length-1; head = tail+1) { + TQString thisline; + + tail = str.find(tok, head); + + if (tail > length) // last token - none at end + tail = length; + + if (tail-head > 0 || keepEmpties) { // it has to be at least 1 long! + thisline = &(chstr[head]); + thisline.truncate(tail-head); + tokens.append(thisline); + } + } + return tokens; +} + + +void KSSLX509Map::parse(const TQString& name) { +TQStringList vl = tokenizeBy(name, TQRegExp("/[A-Za-z]+="), false); + + m_pairs.clear(); + + for (TQStringList::Iterator j = vl.begin(); j != vl.end(); ++j) { + TQStringList apair = tokenizeBy(*j, TQRegExp("="), false); + if (m_pairs.contains(apair[0])) { + TQString oldValue = m_pairs[apair[0]]; + oldValue += "\n"; + oldValue += apair[1]; + m_pairs.replace(apair[0], oldValue); + } else { + m_pairs.insert(apair[0], apair[1]); + } + } +} + + +void KSSLX509Map::reset(const TQString& name) { + parse(name); +} + diff --git a/tdeio/kssl/ksslx509v3.cc b/tdeio/kssl/ksslx509v3.cc deleted file mode 100644 index a3310b9db..000000000 --- a/tdeio/kssl/ksslx509v3.cc +++ /dev/null @@ -1,143 +0,0 @@ -/* This file is part of the KDE project - * - * Copyright (C) 2001 George Staikos - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public License - * along with this library; see the file COPYING.LIB. If not, write to - * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - * Boston, MA 02110-1301, USA. - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include "ksslx509v3.h" -#include -#include - - -KSSLX509V3::KSSLX509V3() { - flags = 0; -} - - -KSSLX509V3::~KSSLX509V3() { -} - - -/* When reading this, please remember that - * !A || B is logically equivalent to A => B - */ - -bool KSSLX509V3::certTypeCA() { -#ifdef KSSL_HAVE_SSL - // First try CA without X509_PURPOSE_ANY CA, then just try SSLCA - return (flags & (65471L << 16)) ? true : certTypeSSLCA(); -#endif - return false; -} - - -bool KSSLX509V3::certTypeSSLCA() { -#ifdef KSSL_HAVE_SSL - return (flags & ((1 << (16+X509_PURPOSE_NS_SSL_SERVER-1))| - (1 << (16+X509_PURPOSE_SSL_SERVER-1))| - (1 << (16+X509_PURPOSE_SSL_CLIENT-1)))) ? true : - (false || ((1 << (16+X509_PURPOSE_ANY-1)) && - (certTypeSSLServer() || - certTypeSSLClient() || - certTypeNSSSLServer()))); -#endif - return false; -} - - -bool KSSLX509V3::certTypeEmailCA() { -#ifdef KSSL_HAVE_SSL - return (flags & ((1 << (16+X509_PURPOSE_SMIME_ENCRYPT-1))| - (1 << (16+X509_PURPOSE_SMIME_SIGN-1)))) ? true : - (false || ((1 << (16+X509_PURPOSE_ANY-1)) && - certTypeSMIME())); -#endif - return false; -} - - -bool KSSLX509V3::certTypeCodeCA() { -#ifdef KSSL_HAVE_SSL - return (flags & (1 << (16+X509_PURPOSE_ANY-1))) ? true : false; -#endif - return false; -} - - -bool KSSLX509V3::certTypeSSLClient() { -#ifdef KSSL_HAVE_SSL - return (flags & (1 << (X509_PURPOSE_SSL_CLIENT-1))) ? true : false; -#endif - return false; -} - - -bool KSSLX509V3::certTypeSSLServer() { -#ifdef KSSL_HAVE_SSL - return (flags & (1 << (X509_PURPOSE_SSL_SERVER-1))) ? true : false; -#endif - return false; -} - - -bool KSSLX509V3::certTypeNSSSLServer() { -#ifdef KSSL_HAVE_SSL - return (flags & (1 << (X509_PURPOSE_NS_SSL_SERVER-1))) ? true : false; -#endif - return false; -} - - -bool KSSLX509V3::certTypeSMIME() { -#ifdef KSSL_HAVE_SSL - return certTypeSMIMEEncrypt()||certTypeSMIMESign(); -#endif - return false; -} - - -bool KSSLX509V3::certTypeSMIMEEncrypt() { -#ifdef KSSL_HAVE_SSL - return (flags & (1 << (X509_PURPOSE_SMIME_ENCRYPT-1))) ? true : false; -#endif - return false; -} - - -bool KSSLX509V3::certTypeSMIMESign() { -#ifdef KSSL_HAVE_SSL - return (flags & (1 << (X509_PURPOSE_SMIME_SIGN-1))) ? true : false; -#endif - return false; -} - - -bool KSSLX509V3::certTypeCRLSign() { -#ifdef KSSL_HAVE_SSL - return (flags & (1 << (X509_PURPOSE_CRL_SIGN-1))) ? true : false; -#endif - return false; -} - - - - - diff --git a/tdeio/kssl/ksslx509v3.cpp b/tdeio/kssl/ksslx509v3.cpp new file mode 100644 index 000000000..a3310b9db --- /dev/null +++ b/tdeio/kssl/ksslx509v3.cpp @@ -0,0 +1,143 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2001 George Staikos + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include "ksslx509v3.h" +#include +#include + + +KSSLX509V3::KSSLX509V3() { + flags = 0; +} + + +KSSLX509V3::~KSSLX509V3() { +} + + +/* When reading this, please remember that + * !A || B is logically equivalent to A => B + */ + +bool KSSLX509V3::certTypeCA() { +#ifdef KSSL_HAVE_SSL + // First try CA without X509_PURPOSE_ANY CA, then just try SSLCA + return (flags & (65471L << 16)) ? true : certTypeSSLCA(); +#endif + return false; +} + + +bool KSSLX509V3::certTypeSSLCA() { +#ifdef KSSL_HAVE_SSL + return (flags & ((1 << (16+X509_PURPOSE_NS_SSL_SERVER-1))| + (1 << (16+X509_PURPOSE_SSL_SERVER-1))| + (1 << (16+X509_PURPOSE_SSL_CLIENT-1)))) ? true : + (false || ((1 << (16+X509_PURPOSE_ANY-1)) && + (certTypeSSLServer() || + certTypeSSLClient() || + certTypeNSSSLServer()))); +#endif + return false; +} + + +bool KSSLX509V3::certTypeEmailCA() { +#ifdef KSSL_HAVE_SSL + return (flags & ((1 << (16+X509_PURPOSE_SMIME_ENCRYPT-1))| + (1 << (16+X509_PURPOSE_SMIME_SIGN-1)))) ? true : + (false || ((1 << (16+X509_PURPOSE_ANY-1)) && + certTypeSMIME())); +#endif + return false; +} + + +bool KSSLX509V3::certTypeCodeCA() { +#ifdef KSSL_HAVE_SSL + return (flags & (1 << (16+X509_PURPOSE_ANY-1))) ? true : false; +#endif + return false; +} + + +bool KSSLX509V3::certTypeSSLClient() { +#ifdef KSSL_HAVE_SSL + return (flags & (1 << (X509_PURPOSE_SSL_CLIENT-1))) ? true : false; +#endif + return false; +} + + +bool KSSLX509V3::certTypeSSLServer() { +#ifdef KSSL_HAVE_SSL + return (flags & (1 << (X509_PURPOSE_SSL_SERVER-1))) ? true : false; +#endif + return false; +} + + +bool KSSLX509V3::certTypeNSSSLServer() { +#ifdef KSSL_HAVE_SSL + return (flags & (1 << (X509_PURPOSE_NS_SSL_SERVER-1))) ? true : false; +#endif + return false; +} + + +bool KSSLX509V3::certTypeSMIME() { +#ifdef KSSL_HAVE_SSL + return certTypeSMIMEEncrypt()||certTypeSMIMESign(); +#endif + return false; +} + + +bool KSSLX509V3::certTypeSMIMEEncrypt() { +#ifdef KSSL_HAVE_SSL + return (flags & (1 << (X509_PURPOSE_SMIME_ENCRYPT-1))) ? true : false; +#endif + return false; +} + + +bool KSSLX509V3::certTypeSMIMESign() { +#ifdef KSSL_HAVE_SSL + return (flags & (1 << (X509_PURPOSE_SMIME_SIGN-1))) ? true : false; +#endif + return false; +} + + +bool KSSLX509V3::certTypeCRLSign() { +#ifdef KSSL_HAVE_SSL + return (flags & (1 << (X509_PURPOSE_CRL_SIGN-1))) ? true : false; +#endif + return false; +} + + + + + -- cgit v1.2.1