KIO
ksslcertificate.cpp
Go to the documentation of this file.
642KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertificate::KSSLPurpose purpose)
647KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertificate::KSSLPurpose purpose, KSSLCertificate *ca)
705 if (!d->kossl->X509_LOOKUP_load_file(certLookup, _j.toLatin1().constData(), X509_FILETYPE_PEM)) {
770 if (ksslv != NoCARoot && ksslv != InvalidCA && ksslv != GetIssuerCertFailed && ksslv != DecodeIssuerPublicKeyFailed && ksslv != GetIssuerCertLocallyFailed ) {
1064 return i18n("Retrieval of the issuer certificate failed. This means the CA's (Certificate Authority) certificate can not be found.");
1066 return i18n("Retrieval of the CRL (Certificate Revocation List) failed. This means the CA's (Certificate Authority) CRL can not be found.");
1068 return i18n("The decryption of the certificate's signature failed. This means it could not even be calculated as opposed to just not matching the expected result.");
1070 return i18n("The decryption of the CRL's (Certificate Revocation List) signature failed. This means it could not even be calculated as opposed to just not matching the expected result.");
1072 return i18n("The decoding of the public key of the issuer failed. This means that the CA's (Certificate Authority) certificate can not be used to verify the certificate you wanted to use.");
1074 return i18n("The certificate's signature is invalid. This means that the certificate can not be verified.");
1076 return i18n("The CRL's (Certificate Revocation List) signature is invalid. This means that the CRL can not be verified.");
1090 return i18n("The time format of the CRL's (Certificate Revocation List) 'lastUpdate' field is invalid.");
1092 return i18n("The time format of the CRL's (Certificate Revocation List) 'nextUpdate' field is invalid.");
1096 return i18n("The certificate is self-signed and not in the list of trusted certificates. If you want to accept this certificate, import it into the list of trusted certificates.");
1097 case KSSLCertificate::SelfSignedChain: // this is obsolete and kept around for backwards compatibility, only
1099 return i18n("The certificate is self-signed. While the trust chain could be built up, the root CA's (Certificate Authority) certificate can not be found.");
1101 return i18n("The CA's (Certificate Authority) certificate can not be found. Most likely, your trust chain is broken.");
1103 return i18n("The certificate can not be verified as it is the only certificate in the trust chain and not self-signed. If you self-sign the certificate, make sure to import it into the list of trusted certificates.");
1106 case KSSLCertificate::Revoked: // this is obsolete and kept around for backwards compatibility, only
1112 return i18n("The length of the trust chain exceeded one of the CA's (Certificate Authority) 'pathlength' parameters, making all subsequent signatures invalid.");
1114 return i18n("The certificate has not been signed for the purpose you tried to use it for. This means the CA (Certificate Authority) does not allow this usage.");
1115 case KSSLCertificate::Untrusted: // this is obsolete and kept around for backwards compatibility, only
1117 return i18n("The root CA (Certificate Authority) is not trusted for the purpose you tried to use this certificate for.");
1118 case KSSLCertificate::Rejected: // this is obsolete and kept around for backwards compatibility, only // this is obsolete and kept around for backwards compatibility, onle
1120 return i18n("The root CA (Certificate Authority) has been marked to be rejected for the purpose you tried to use it for.");
1122 return i18n("The certificate's CA (Certificate Authority) does not match the CA name of the certificate.");
1124 return i18n("The CA (Certificate Authority) certificate's key ID does not match the key ID in the 'Issuer' section of the certificate you are trying to use.");
1126 return i18n("The CA (Certificate Authority) certificate's key ID and name do not match the key ID and name in the 'Issuer' section of the certificate you are trying to use.");
1128 return i18n("The certificate's CA (Certificate Authority) is not allowed to sign certificates.");
1135 return i18n("The signature test for this certificate failed. This could mean that the signature of this certificate or any in its trust path are invalid, could not be decoded or that the CRL (Certificate Revocation List) could not be verified. If you see this message, please let the author of the software you are using know that he or she should use the new, more specific error messages.");
1137 return i18n("This certificate, any in its trust path or its CA's (Certificate Authority) CRL (Certificate Revocation List) is not valid. Any of them could not be valid yet or not valid any more. If you see this message, please let the author of the software you are using know that he or she should use the new, more specific error messages.");
1143 return i18n("Certificate signing authority root files could not be found so the certificate is not verified.");
1302 names = (STACK_OF(GENERAL_NAME)*)d->kossl->X509_get_ext_d2i(d->m_cert, NID_subject_alt_name, 0, 0);
void setCertChain(const QStringList &chain)
Set the certificate chain as a list of base64 encoded X.509 certificates.
Definition: ksslcertchain.cpp:184
@ KeyMayNotSignCertificate
Definition: ksslcertificate.h:142
@ CertificateFieldNotAfterErroneous
Definition: ksslcertificate.h:130
@ CRLFieldLastUpdateErroneous
Definition: ksslcertificate.h:131
@ CRLFieldNextUpdateErroneous
Definition: ksslcertificate.h:132
@ CertificateFieldNotBeforeErroneous
Definition: ksslcertificate.h:129
@ DecryptCertificateSignatureFailed
Definition: ksslcertificate.h:136
@ GetIssuerCertLocallyFailed
Definition: ksslcertificate.h:126
@ DecodeIssuerPublicKeyFailed
Definition: ksslcertificate.h:125
@ CertificateSignatureFailed
Definition: ksslcertificate.h:135
@ AuthAndSubjectKeyIDMismatched
Definition: ksslcertificate.h:140
@ DecryptCRLSignatureFailed
Definition: ksslcertificate.h:137
@ AuthAndSubjectKeyIDAndNameMismatched
Definition: ksslcertificate.h:139
@ VerifyLeafSignatureFailed
Definition: ksslcertificate.h:134
@ ApplicationVerificationFailed
Definition: ksslcertificate.h:138
QString getIssuer() const
Get the issuer of the certificate (X.509 map).
Definition: ksslcertificate.cpp:455
QString getNotBefore() const
Get the date that the certificate becomes valid on.
Definition: ksslcertificate.cpp:990
QString getSerialNumber() const
Get the serial number of the certificate.
Definition: ksslcertificate.cpp:182
static QString verifyText(KSSLValidation x)
Obtain the localized message that corresponds to a validation result.
Definition: ksslcertificate.cpp:1058
KSSLValidationList validateVerbose(KSSLPurpose p)
Check if this is a valid certificate.
Definition: ksslcertificate.cpp:642
QString getSubject() const
Get the subject of the certificate (X.509 map).
Definition: ksslcertificate.cpp:167
QByteArray toDer()
Convert the certificate to DER (ASN.1) format.
Definition: ksslcertificate.cpp:1160
QDateTime getQDTNotAfter() const
Get the date that the certificate is valid until.
Definition: ksslcertificate.cpp:1017
QByteArray toNetscape()
Convert the certificate to Netscape format.
Definition: ksslcertificate.cpp:1222
static KSSLCertificate * fromX509(X509 *x5)
Create an X.509 certificate from the internal representation.
Definition: ksslcertificate.cpp:133
QString getNotAfter() const
Get the date that the certificate is valid until.
Definition: ksslcertificate.cpp:999
static KSSLCertificate * fromString(const QByteArray &cert)
Create an X.509 certificate from a base64 encoded string.
Definition: ksslcertificate.cpp:145
static QString getMD5DigestFromKDEKey(const QString &k)
Aegypten semantics force us to search by MD5Digest only.
Definition: ksslcertificate.cpp:255
QDateTime getQDTNotBefore() const
Get the date that the certificate becomes valid on.
Definition: ksslcertificate.cpp:1008
QByteArray toPem()
Convert the certificate to PEM (base64) format.
Definition: ksslcertificate.cpp:1182
QString getMD5DigestText() const
Get the MD5 digest of the certificate.
Definition: ksslcertificate.cpp:268
QString getMD5Digest() const
Get the MD5 digest of the certificate.
Definition: ksslcertificate.cpp:294
KSSLCertificate * replicate()
Explicitly make a copy of this certificate.
Definition: ksslcertificate.cpp:1038
QString getKDEKey() const
KDEKey is a concatenation "Subject (MD5)", mostly needed for SMIME.
Definition: ksslcertificate.cpp:250
QString toText()
Convert the certificate to OpenSSL plain text format.
Definition: ksslcertificate.cpp:1250
bool setCert(const QString &cert)
Re-set the certificate from a base64 string.
Definition: ksslcertificate.cpp:1273
bool addResourceType(const char *type, const char *basetype, const char *relativename, bool priority=true)
QStringList resourceDirs(const char *type) const
const char header[]
#define kDebug
QString i18n(const char *text)
QString i18nc(const char *ctxt, const char *text)
QDataStream & operator>>(QDataStream &s, KSSLCertificate &r)
Definition: ksslcertificate.cpp:1344
QDataStream & operator<<(QDataStream &s, const KSSLCertificate &r)
Definition: ksslcertificate.cpp:1329
int operator==(KSSLCertificate &x, KSSLCertificate &y)
Definition: ksslcertificate.cpp:1026
FILE * fopen(const QString &pathname, const char *mode)
KStandardDirs * dirs()
This file is part of the KDE documentation.
Documentation copyright © 1996-2023 The KDE developers.
Generated on Mon Feb 20 2023 00:00:00 by doxygen 1.9.6 written by Dimitri van Heesch, © 1997-2006
Documentation copyright © 1996-2023 The KDE developers.
Generated on Mon Feb 20 2023 00:00:00 by doxygen 1.9.6 written by Dimitri van Heesch, © 1997-2006
KDE's Doxygen guidelines are available online.