1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
/* This file is part of the KDE project
*
* Copyright (C) 2003 Stefan Rompf <[email protected]>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include <tqpair.h>
#include <tqstring.h>
#include <tqptrlist.h>
#include <kdebug.h>
#include <kstaticdeleter.h>
#include <kurl.h>
#ifdef Q_WS_WIN
#include "ksslconfig_win.h"
#else
#include "ksslconfig.h"
#endif
#include "ksslcsessioncache.h"
/*
* Operation:
*
* Sessions will be stored per running application, not KDE
* wide, to avoid security problems with hostile programs
* that negotiate sessions with weak cryptographic keys and store
* them for everybody to use - I really don't want that.
*
* Retrieval is organised similiar to George's thoughts in the KSSLD
* certificate cache: The cache is organised as a list, with the
* recently fetched (or stored) session first.
*
* The cache has an artificial limit of 32 sessions (should really
* be enough), and relies on the peer server for timeouts
*
*/
#define MAX_ENTRIES 32
#ifdef KSSL_HAVE_SSL
typedef QPair<TQString,TQString> KSSLCSession;
typedef TQPtrList<KSSLCSession> KSSLCSessions;
static KSSLCSessions *sessions = 0L;
static KStaticDeleter<KSSLCSessions> med;
static TQString URLtoKey(const KURL &kurl) {
return kurl.host() + ":" + kurl.protocol() + ":" + TQString::number(kurl.port());
}
static void setup() {
KSSLCSessions *ses = new KSSLCSessions;
ses->setAutoDelete(true);
med.setObject(sessions, ses);
}
#endif
TQString KSSLCSessionCache::getSessionForURL(const KURL &kurl) {
#ifdef KSSL_HAVE_SSL
if (!sessions) return TQString::null;
TQString key = URLtoKey(kurl);
for(KSSLCSession *it = sessions->first(); it; it=sessions->next()) {
if (it->first == key) {
sessions->take();
sessions->prepend(it);
return it->second;
}
}
// Negative caching disabled: cache pollution
#if 0
kdDebug(7029) <<"Negative caching " <<key <<endl;
if (sessions->count() >= MAX_ENTRIES) sessions->removeLast();
sessions->prepend(new KSSLCSession(key, TQString::null));
#endif
#endif
return TQString::null;
}
void KSSLCSessionCache::putSessionForURL(const KURL &kurl, const TQString &session) {
#ifdef KSSL_HAVE_SSL
if (!sessions) setup();
TQString key = URLtoKey(kurl);
KSSLCSession *it;
for(it = sessions->first(); it && it->first != key; it=sessions->next());
if (it) {
sessions->take();
it->second = session;
} else {
it = new KSSLCSession(key, session);
if (sessions->count() >= MAX_ENTRIES) sessions->removeLast();
}
sessions->prepend(it);
#endif
}
|