• Skip to content
  • Skip to link menu
  • KDE API Reference
  • kdelibs-4.14.38 API Reference
  • KDE Home
  • Contact Us
 

KIO

  • kio
  • kssl
ksslpkcs12.cpp
Go to the documentation of this file.
1/* This file is part of the KDE project
2 *
3 * Copyright (C) 2001 George Staikos <staikos@kde.org>
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Library General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Library General Public License for more details.
14 *
15 * You should have received a copy of the GNU Library General Public License
16 * along with this library; see the file COPYING.LIB. If not, write to
17 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 * Boston, MA 02110-1301, USA.
19 */
20
21
22#include <config.h>
23#include <ksslconfig.h>
24
25#include <kopenssl.h>
26
27#include <QtCore/QString>
28#include <QtCore/QFile>
29
30#include <ksslall.h>
31#include <kdebug.h>
32#include <ktemporaryfile.h>
33#include <kcodecs.h>
34
35#include <assert.h>
36
37#ifdef KSSL_HAVE_SSL
38#define sk_new kossl->sk_new
39#define sk_push kossl->sk_push
40#define sk_free kossl->sk_free
41#define sk_value kossl->sk_value
42#define sk_num kossl->sk_num
43#define sk_dup kossl->sk_dup
44#define sk_pop kossl->sk_pop
45#endif
46
47
48KSSLPKCS12::KSSLPKCS12() {
49 _pkcs = NULL;
50 _pkey = NULL;
51 _cert = NULL;
52 _caStack = NULL;
53 kossl = KOSSL::self();
54}
55
56
57
58KSSLPKCS12::~KSSLPKCS12() {
59#ifdef KSSL_HAVE_SSL
60 if (_pkey) kossl->EVP_PKEY_free(_pkey);
61 if (_caStack) {
62 for (;;) {
63 X509* x5 = sk_X509_pop(_caStack);
64 if (!x5) break;
65 kossl->X509_free(x5);
66 }
67 sk_X509_free(_caStack);
68 }
69 if (_pkcs) kossl->PKCS12_free(_pkcs);
70#endif
71 delete _cert;
72}
73
74
75KSSLPKCS12* KSSLPKCS12::fromString(const QString &base64, const QString &password) {
76#ifdef KSSL_HAVE_SSL
77 KTemporaryFile ktf;
78 ktf.open();
79
80 if (base64.isEmpty()) return NULL;
81 QByteArray qba = QByteArray::fromBase64(base64.toLatin1());
82 ktf.write(qba);
83 ktf.flush();
84 KSSLPKCS12* rc = loadCertFile(ktf.fileName(), password);
85 return rc;
86#endif
87return NULL;
88}
89
90
91
92KSSLPKCS12* KSSLPKCS12::loadCertFile(const QString &filename, const QString &password) {
93#ifdef KSSL_HAVE_SSL
94QFile qf(filename);
95PKCS12 *newpkcs = NULL;
96
97 if (!qf.open(QIODevice::ReadOnly))
98 return NULL;
99
100 FILE *fp = fdopen(qf.handle(), "r");
101 if (!fp) return NULL;
102
103 newpkcs = KOSSL::self()->d2i_PKCS12_fp(fp, &newpkcs);
104
105 fclose(fp);
106 if (!newpkcs) {
107 KOSSL::self()->ERR_clear_error();
108 return NULL;
109 }
110
111 KSSLPKCS12 *c = new KSSLPKCS12;
112 c->setCert(newpkcs);
113
114 // Now we parse it to see if we can decrypt it and interpret it
115 if (!c->parse(password)) {
116 delete c; c = NULL;
117 }
118
119 return c;
120#endif
121return NULL;
122}
123
124
125void KSSLPKCS12::setCert(PKCS12 *c) {
126#ifdef KSSL_HAVE_SSL
127 _pkcs = c;
128#endif
129}
130
131
132bool KSSLPKCS12::changePassword(const QString &pold, const QString &pnew) {
133#ifdef KSSL_HAVE_SSL
134 // OpenSSL makes me cast away the const here. argh
135 return (0 == kossl->PKCS12_newpass(_pkcs,
136 pold.isNull() ? (char *)"" : (char *)pold.toLatin1().constData(),
137 pnew.isNull() ? (char *)"" : (char *)pnew.toLatin1().constData()));
138#endif
139return false;
140}
141
142
143bool KSSLPKCS12::parse(const QString &pass) {
144#ifdef KSSL_HAVE_SSL
145X509 *x = NULL;
146
147 assert(_pkcs); // if you're calling this before pkcs gets set, it's a BUG!
148
149 delete _cert;
150 if (_pkey) kossl->EVP_PKEY_free(_pkey);
151 if (_caStack) {
152 for (;;) {
153 X509* x5 = sk_X509_pop(_caStack);
154 if (!x5) break;
155 kossl->X509_free(x5);
156 }
157 sk_X509_free(_caStack);
158 }
159 _pkey = NULL;
160 _caStack = NULL;
161 _cert = NULL;
162
163 int rc = kossl->PKCS12_parse(_pkcs, pass.toLatin1(), &_pkey, &x, &_caStack);
164
165 if (rc == 1) {
166 // kDebug(7029) << "PKCS12_parse success";
167 if (x) {
168 _cert = new KSSLCertificate;
169 _cert->setCert(x);
170 if (_caStack) {
171 _cert->setChain(_caStack);
172 }
173 return true;
174 }
175 } else {
176 _caStack = NULL;
177 _pkey = NULL;
178 kossl->ERR_clear_error();
179 }
180#endif
181return false;
182}
183
184
185EVP_PKEY *KSSLPKCS12::getPrivateKey() {
186 return _pkey;
187}
188
189
190KSSLCertificate *KSSLPKCS12::getCertificate() {
191 return _cert;
192}
193
194
195QString KSSLPKCS12::toString()
196{
197 QString base64;
198#ifdef KSSL_HAVE_SSL
199 unsigned char *p;
200 int len;
201
202 len = kossl->i2d_PKCS12(_pkcs, NULL);
203 if (len > 0) {
204 char *buf = new char[len];
205 p = (unsigned char *)buf;
206 kossl->i2d_PKCS12(_pkcs, &p);
207 base64 = QByteArray::fromRawData(buf, len).toBase64();
208 delete[] buf;
209 }
210#endif
211 return base64;
212}
213
214
215
216bool KSSLPKCS12::toFile(const QString &filename) {
217#ifdef KSSL_HAVE_SSL
218QFile out(filename);
219
220 if (!out.open(QIODevice::WriteOnly)) return false;
221
222 int fd = out.handle();
223 FILE *fp = fdopen(fd, "w");
224
225 if (!fp) {
226 unlink(filename.toLatin1());
227 return false;
228 }
229
230 kossl->i2d_PKCS12_fp(fp, _pkcs);
231
232 fclose(fp);
233 return true;
234#endif
235return false;
236}
237
238
239KSSLCertificate::KSSLValidation KSSLPKCS12::validate() {
240 return validate(KSSLCertificate::SSLServer);
241}
242
243
244KSSLCertificate::KSSLValidation KSSLPKCS12::validate(KSSLCertificate::KSSLPurpose p) {
245#ifdef KSSL_HAVE_SSL
246KSSLCertificate::KSSLValidation xx = _cert->validate(p);
247 if (1 != kossl->X509_check_private_key(_cert->getCert(), _pkey)) {
248 xx = KSSLCertificate::PrivateKeyFailed;
249 }
250
251return xx;
252#else
253return KSSLCertificate::NoSSL;
254#endif
255}
256
257
258KSSLCertificate::KSSLValidation KSSLPKCS12::revalidate() {
259 return revalidate(KSSLCertificate::SSLServer);
260}
261
262
263KSSLCertificate::KSSLValidation KSSLPKCS12::revalidate(KSSLCertificate::KSSLPurpose p) {
264 return _cert->revalidate(p);
265}
266
267
268bool KSSLPKCS12::isValid() {
269return isValid(KSSLCertificate::SSLServer);
270}
271
272
273bool KSSLPKCS12::isValid(KSSLCertificate::KSSLPurpose p) {
274return (validate(p) == KSSLCertificate::Ok);
275}
276
277
278QString KSSLPKCS12::name() const {
279 return _cert->getSubject();
280}
281
282
283#ifdef KSSL_HAVE_SSL
284#undef sk_new
285#undef sk_push
286#undef sk_free
287#undef sk_value
288#undef sk_num
289#undef sk_pop
290#undef sk_dup
291#endif
292
KSSLCertificate
KDE X.509 Certificate.
Definition: ksslcertificate.h:75
KSSLCertificate::getCert
X509 * getCert()
Definition: ksslcertificate.cpp:580
KSSLCertificate::KSSLValidation
KSSLValidation
Result of the validate() call.
Definition: ksslcertificate.h:119
KSSLCertificate::NoSSL
@ NoSSL
Definition: ksslcertificate.h:121
KSSLCertificate::Ok
@ Ok
Definition: ksslcertificate.h:119
KSSLCertificate::PrivateKeyFailed
@ PrivateKeyFailed
Definition: ksslcertificate.h:123
KSSLCertificate::revalidate
KSSLValidation revalidate()
Check if this is a valid certificate.
Definition: ksslcertificate.cpp:788
KSSLCertificate::setChain
void setChain(void *c)
Definition: ksslcertificate.cpp:472
KSSLCertificate::getSubject
QString getSubject() const
Get the subject of the certificate (X.509 map).
Definition: ksslcertificate.cpp:167
KSSLCertificate::validate
KSSLValidation validate()
Check if this is a valid certificate.
Definition: ksslcertificate.cpp:623
KSSLCertificate::KSSLPurpose
KSSLPurpose
Definition: ksslcertificate.h:146
KSSLCertificate::SSLServer
@ SSLServer
Definition: ksslcertificate.h:146
KSSLCertificate::setCert
bool setCert(const QString &cert)
Re-set the certificate from a base64 string.
Definition: ksslcertificate.cpp:1273
KSSLPKCS12
KDE PKCS#12 Certificate.
Definition: ksslpkcs12.h:63
KSSLPKCS12::revalidate
KSSLCertificate::KSSLValidation revalidate()
Check the X.509 and private key to make sure they're valid.
Definition: ksslpkcs12.cpp:258
KSSLPKCS12::parse
bool parse(const QString &pass)
Definition: ksslpkcs12.cpp:143
KSSLPKCS12::name
QString name() const
The name of this certificate.
Definition: ksslpkcs12.cpp:278
KSSLPKCS12::getPrivateKey
EVP_PKEY * getPrivateKey()
Get the private key.
Definition: ksslpkcs12.cpp:185
KSSLPKCS12::~KSSLPKCS12
virtual ~KSSLPKCS12()
Destroy this PKCS#12 certificate.
Definition: ksslpkcs12.cpp:58
KSSLPKCS12::changePassword
bool changePassword(const QString &pold, const QString &pnew)
Change the password of the PKCS#12 in memory.
Definition: ksslpkcs12.cpp:132
KSSLPKCS12::validate
KSSLCertificate::KSSLValidation validate()
Check the X.509 and private key to make sure they're valid.
Definition: ksslpkcs12.cpp:239
KSSLPKCS12::getCertificate
KSSLCertificate * getCertificate()
Get the X.509 certificate.
Definition: ksslpkcs12.cpp:190
KSSLPKCS12::fromString
static KSSLPKCS12 * fromString(const QString &base64, const QString &password=QLatin1String(""))
Create a KSSLPKCS12 object from a Base64 in a QString.
Definition: ksslpkcs12.cpp:75
KSSLPKCS12::KSSLPKCS12
KSSLPKCS12()
Definition: ksslpkcs12.cpp:48
KSSLPKCS12::toString
QString toString()
Convert to a Base64 string.
Definition: ksslpkcs12.cpp:195
KSSLPKCS12::toFile
bool toFile(const QString &filename)
Write the PKCS#12 to a file in raw mode.
Definition: ksslpkcs12.cpp:216
KSSLPKCS12::setCert
void setCert(PKCS12 *c)
Raw set the PKCS12 object.
Definition: ksslpkcs12.cpp:125
KSSLPKCS12::loadCertFile
static KSSLPKCS12 * loadCertFile(const QString &filename, const QString &password=QLatin1String(""))
Create a KSSLPKCS12 object by reading a PKCS#12 file.
Definition: ksslpkcs12.cpp:92
KSSLPKCS12::isValid
bool isValid()
Check if the X.509 and private key are valid.
Definition: ksslpkcs12.cpp:268
KTemporaryFile
fp
static const char fp[]
Definition: des.cpp:68
kcodecs.h
kdebug.h
kopenssl.h
ksslall.h
ktemporaryfile.h
This file is part of the KDE documentation.
Documentation copyright © 1996-2023 The KDE developers.
Generated on Mon Feb 20 2023 00:00:00 by doxygen 1.9.6 written by Dimitri van Heesch, © 1997-2006

KDE's Doxygen guidelines are available online.

KIO

Skip menu "KIO"
  • Main Page
  • Namespace List
  • Namespace Members
  • Alphabetical List
  • Class List
  • Class Hierarchy
  • Class Members
  • File List
  • File Members
  • Related Pages

kdelibs-4.14.38 API Reference

Skip menu "kdelibs-4.14.38 API Reference"
  • DNSSD
  • Interfaces
  •   KHexEdit
  •   KMediaPlayer
  •   KSpeech
  •   KTextEditor
  • kconf_update
  • KDE3Support
  •   KUnitTest
  • KDECore
  • KDED
  • KDEsu
  • KDEUI
  • KDEWebKit
  • KDocTools
  • KFile
  • KHTML
  • KImgIO
  • KInit
  • kio
  • KIOSlave
  • KJS
  •   KJS-API
  •   WTF
  • kjsembed
  • KNewStuff
  • KParts
  • KPty
  • Kross
  • KUnitConversion
  • KUtils
  • Nepomuk
  • Plasma
  • Solid
  • Sonnet
  • ThreadWeaver
Report problems with this website to our bug tracking system.
Contact the specific authors with questions and comments about the page contents.

KDE® and the K Desktop Environment® logo are registered trademarks of KDE e.V. | Legal