• Skip to content
  • Skip to link menu
  • KDE API Reference
  • kdelibs-4.14.38 API Reference
  • KDE Home
  • Contact Us
 

KIO

  • kio
  • kssl
ksslpeerinfo.cpp
Go to the documentation of this file.
1/* This file is part of the KDE project
2 *
3 * Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Library General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Library General Public License for more details.
14 *
15 * You should have received a copy of the GNU Library General Public License
16 * along with this library; see the file COPYING.LIB. If not, write to
17 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 * Boston, MA 02110-1301, USA.
19 */
20
21#include "ksslpeerinfo.h"
22
23#include <config.h>
24#include <ksslconfig.h>
25
26#include <QtCore/QRegExp>
27#include <QtCore/QUrl>
28
29#include <kdebug.h>
30
31#include "ksslx509map.h"
32
33class KSSLPeerInfoPrivate {
34public:
35 KSSLPeerInfoPrivate() {}
36 ~KSSLPeerInfoPrivate() { }
37 QString peerHost;
38};
39
40
41
42KSSLPeerInfo::KSSLPeerInfo()
43 :d(new KSSLPeerInfoPrivate)
44{
45}
46
47KSSLPeerInfo::~KSSLPeerInfo() {
48 delete d;
49}
50
51KSSLCertificate& KSSLPeerInfo::getPeerCertificate() {
52 return m_cert;
53}
54
55void KSSLPeerInfo::setPeerHost(const QString &realHost) {
56 d->peerHost = realHost.trimmed();
57 while(d->peerHost.endsWith('.'))
58 d->peerHost.truncate(d->peerHost.length()-1);
59
60 d->peerHost = QString::fromLatin1(QUrl::toAce(d->peerHost));
61}
62
63bool KSSLPeerInfo::certMatchesAddress() {
64#ifdef KSSL_HAVE_SSL
65 KSSLX509Map certinfo(m_cert.getSubject());
66 QStringList cns = certinfo.getValue("CN").split(QRegExp("[ \n\r]"), QString::SkipEmptyParts);
67 cns += m_cert.subjAltNames();
68
69 for (QStringList::const_iterator cn = cns.constBegin(); cn != cns.constEnd(); ++cn) {
70 if (cnMatchesAddress((*cn).trimmed().toLower()))
71 return true;
72 }
73
74#endif
75
76 return false;
77}
78
79
80bool KSSLPeerInfo::cnMatchesAddress(QString cn) {
81#ifdef KSSL_HAVE_SSL
82 QRegExp rx;
83
84 kDebug(7029) << "Matching CN=[" << cn << "] to ["
85 << d->peerHost << "]" << endl;
86
87 // Check for invalid characters
88 if (QRegExp("[^a-zA-Z0-9\\.\\*\\-]").indexIn(cn) >= 0) {
89 kDebug(7029) << "CN contains invalid characters! Failing.";
90 return false;
91 }
92
93 // Domains can legally end with '.'s. We don't need them though.
94 while(cn.endsWith('.'))
95 cn.truncate(cn.length()-1);
96
97 // Do not let empty CN's get by!!
98 if (cn.isEmpty())
99 return false;
100
101 // Check for IPv4 address
102 rx.setPattern("[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}");
103 if (rx.exactMatch(d->peerHost))
104 return d->peerHost == cn;
105
106 // Check for IPv6 address here...
107 rx.setPattern("^\\[.*\\]$");
108 if (rx.exactMatch(d->peerHost))
109 return d->peerHost == cn;
110
111 if (cn.contains('*')) {
112 // First make sure that there are at least two valid parts
113 // after the wildcard (*).
114 QStringList parts = cn.split('.', QString::SkipEmptyParts);
115
116 while (parts.count() > 2)
117 parts.removeFirst();
118
119 if (parts.count() != 2) {
120 return false; // we don't allow *.root - that's bad
121 }
122
123 if (parts[0].contains('*') || parts[1].contains('*')) {
124 return false;
125 }
126
127 // RFC2818 says that *.example.com should match against
128 // foo.example.com but not bar.foo.example.com
129 // (ie. they must have the same number of parts)
130 if (QRegExp(cn, Qt::CaseInsensitive, QRegExp::Wildcard).exactMatch(d->peerHost) &&
131 cn.split('.', QString::SkipEmptyParts).count() ==
132 d->peerHost.split('.', QString::SkipEmptyParts).count())
133 return true;
134
135 // *.example.com must match example.com also. Sigh..
136 if (cn.startsWith(QLatin1String("*."))) {
137 QString chopped = cn.mid(2);
138 if (chopped == d->peerHost) {
139 return true;
140 }
141 }
142 return false;
143 }
144
145 // We must have an exact match in this case (insensitive though)
146 // (note we already did .toLower())
147 if (cn == d->peerHost)
148 return true;
149#endif
150 return false;
151}
152
153
154void KSSLPeerInfo::reset() {
155 d->peerHost.clear();
156}
157
158
159const QString& KSSLPeerInfo::peerHost() const {
160 return d->peerHost;
161}
162
KSSLCertificate
KDE X.509 Certificate.
Definition: ksslcertificate.h:75
KSSLCertificate::getSubject
QString getSubject() const
Get the subject of the certificate (X.509 map).
Definition: ksslcertificate.cpp:167
KSSLCertificate::subjAltNames
QStringList subjAltNames() const
The alternate subject name.
Definition: ksslcertificate.cpp:1298
KSSLPeerInfo::~KSSLPeerInfo
~KSSLPeerInfo()
Destroy this instance.
Definition: ksslpeerinfo.cpp:47
KSSLPeerInfo::KSSLPeerInfo
KSSLPeerInfo()
Definition: ksslpeerinfo.cpp:42
KSSLPeerInfo::cnMatchesAddress
bool cnMatchesAddress(QString cn)
Determine if the given "common name" matches the address set with setPeerHost().
Definition: ksslpeerinfo.cpp:80
KSSLPeerInfo::reset
void reset()
Clear out the host name.
Definition: ksslpeerinfo.cpp:154
KSSLPeerInfo::setPeerHost
void setPeerHost(const QString &host=QString())
Set the host that we are connected to.
Definition: ksslpeerinfo.cpp:55
KSSLPeerInfo::getPeerCertificate
KSSLCertificate & getPeerCertificate()
Get a reference to the peer's certificate.
Definition: ksslpeerinfo.cpp:51
KSSLPeerInfo::m_cert
KSSLCertificate m_cert
Definition: ksslpeerinfo.h:99
KSSLPeerInfo::peerHost
const QString & peerHost() const
Returns the host we are connected to.
Definition: ksslpeerinfo.cpp:159
KSSLPeerInfo::certMatchesAddress
bool certMatchesAddress()
Determine if the peer's certificate matches the address set with setPeerHost().
Definition: ksslpeerinfo.cpp:63
KSSLX509Map
X.509 Map Parsing Class.
Definition: ksslx509map.h:39
KSSLX509Map::getValue
QString getValue(const QString &key) const
Get the value of an entry in the map.
Definition: ksslx509map.cpp:40
kDebug
#define kDebug
kdebug.h
ksslpeerinfo.h
ksslx509map.h
This file is part of the KDE documentation.
Documentation copyright © 1996-2023 The KDE developers.
Generated on Mon Feb 20 2023 00:00:00 by doxygen 1.9.6 written by Dimitri van Heesch, © 1997-2006

KDE's Doxygen guidelines are available online.

KIO

Skip menu "KIO"
  • Main Page
  • Namespace List
  • Namespace Members
  • Alphabetical List
  • Class List
  • Class Hierarchy
  • Class Members
  • File List
  • File Members
  • Related Pages

kdelibs-4.14.38 API Reference

Skip menu "kdelibs-4.14.38 API Reference"
  • DNSSD
  • Interfaces
  •   KHexEdit
  •   KMediaPlayer
  •   KSpeech
  •   KTextEditor
  • kconf_update
  • KDE3Support
  •   KUnitTest
  • KDECore
  • KDED
  • KDEsu
  • KDEUI
  • KDEWebKit
  • KDocTools
  • KFile
  • KHTML
  • KImgIO
  • KInit
  • kio
  • KIOSlave
  • KJS
  •   KJS-API
  •   WTF
  • kjsembed
  • KNewStuff
  • KParts
  • KPty
  • Kross
  • KUnitConversion
  • KUtils
  • Nepomuk
  • Plasma
  • Solid
  • Sonnet
  • ThreadWeaver
Report problems with this website to our bug tracking system.
Contact the specific authors with questions and comments about the page contents.

KDE® and the K Desktop Environment® logo are registered trademarks of KDE e.V. | Legal