• Skip to content
  • Skip to link menu
  • KDE API Reference
  • kdelibs-4.14.38 API Reference
  • KDE Home
  • Contact Us
 

KIO

  • kio
  • kssl
sslui.cpp
Go to the documentation of this file.
1/* This file is part of the KDE project
2 *
3 * Copyright (C) 2009 Andreas Hartmetz <ahartmetz@gmail.com>
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Library General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Library General Public License for more details.
14 *
15 * You should have received a copy of the GNU Library General Public License
16 * along with this library; see the file COPYING.LIB. If not, write to
17 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 * Boston, MA 02110-1301, USA.
19 */
20
21#include "sslui.h"
22
23#include <kdebug.h>
24#include <klocalizedstring.h>
25#include <kmessagebox.h>
26#include <ksslcertificatemanager.h>
27#include <ksslinfodialog.h>
28#include <ktcpsocket_p.h>
29
30
31bool KIO::SslUi::askIgnoreSslErrors(const KTcpSocket *socket, RulesStorage storedRules)
32{
33 KSslErrorUiData uiData(socket);
34 return askIgnoreSslErrors(uiData, storedRules);
35}
36
37
38bool KIO::SslUi::askIgnoreSslErrors(const KSslErrorUiData &uiData, RulesStorage storedRules)
39{
40 const KSslErrorUiData::Private *ud = KSslErrorUiData::Private::get(&uiData);
41 if (ud->sslErrors.isEmpty()) {
42 return true;
43 }
44
45 QList<KSslError> fatalErrors = KSslCertificateManager::nonIgnorableErrors(ud->sslErrors);
46 if (!fatalErrors.isEmpty()) {
47 //TODO message "sorry, fatal error, you can't override it"
48 return false;
49 }
50 if (ud->certificateChain.isEmpty()) {
51 // SSL without certificates is quite useless and should never happen
52 KMessageBox::sorry(0, i18n("The remote host did not send any SSL certificates.\n"
53 "Aborting because the identity of the host cannot be established."));
54 return false;
55 }
56
57 KSslCertificateManager *const cm = KSslCertificateManager::self();
58 KSslCertificateRule rule(ud->certificateChain.first(), ud->host);
59 if (storedRules & RecallRules) {
60 rule = cm->rule(ud->certificateChain.first(), ud->host);
61 // remove previously seen and acknowledged errors
62 QList<KSslError> remainingErrors = rule.filterErrors(ud->sslErrors);
63 if (remainingErrors.isEmpty()) {
64 kDebug(7029) << "Error list empty after removing errors to be ignored. Continuing.";
65 return true;
66 }
67 }
68
69 //### We don't ask to permanently reject the certificate
70
71 QString message = i18n("The server failed the authenticity check (%1).\n\n", ud->host);
72 foreach (const KSslError &err, ud->sslErrors) {
73 message.append(err.errorString());
74 message.append('\n');
75 }
76 message = message.trimmed();
77
78 int msgResult;
79 do {
80 msgResult = KMessageBox::warningYesNoCancel(0, message, i18n("Server Authentication"),
81 KGuiItem(i18n("&Details"), "help-about"),
82 KGuiItem(i18n("Co&ntinue"), "arrow-right"));
83 if (msgResult == KMessageBox::Yes) {
84 //Details was chosen - show the certificate and error details
85
86
87 QList<QList<KSslError::Error> > meh; // parallel list to cert list :/
88
89 foreach (const QSslCertificate &cert, ud->certificateChain) {
90 QList<KSslError::Error> errors;
91 foreach(const KSslError &error, ud->sslErrors) {
92 if (error.certificate() == cert) {
93 // we keep only the error code enum here
94 errors.append(error.error());
95 }
96 }
97 meh.append(errors);
98 }
99
100
101 KSslInfoDialog *dialog = new KSslInfoDialog();
102 dialog->setSslInfo(ud->certificateChain, ud->ip, ud->host, ud->sslProtocol,
103 ud->cipher, ud->usedBits, ud->bits, meh);
104 dialog->exec();
105 } else if (msgResult == KMessageBox::Cancel) {
106 return false;
107 }
108 //fall through on KMessageBox::No
109 } while (msgResult == KMessageBox::Yes);
110
111
112 if (storedRules & StoreRules) {
113 //Save the user's choice to ignore the SSL errors.
114
115 msgResult = KMessageBox::warningYesNo(0,
116 i18n("Would you like to accept this "
117 "certificate forever without "
118 "being prompted?"),
119 i18n("Server Authentication"),
120 KGuiItem(i18n("&Forever"), "flag-green"),
121 KGuiItem(i18n("&Current Session only"), "chronometer"));
122 QDateTime ruleExpiry = QDateTime::currentDateTime();
123 if (msgResult == KMessageBox::Yes) {
124 //accept forever ("for a very long time")
125 ruleExpiry = ruleExpiry.addYears(1000);
126 } else {
127 //accept "for a short time", half an hour.
128 ruleExpiry = ruleExpiry.addSecs(30*60);
129 }
130
131 //TODO special cases for wildcard domain name in the certificate!
132 //rule = KSslCertificateRule(d->socket.peerCertificateChain().first(), whatever);
133
134 rule.setExpiryDateTime(ruleExpiry);
135 rule.setIgnoredErrors(ud->sslErrors);
136 cm->setRule(rule);
137 }
138
139 return true;
140}
141
KGuiItem
KMessageBox::warningYesNoCancel
static int warningYesNoCancel(QWidget *parent, const QString &text, const QString &caption=QString(), const KGuiItem &buttonYes=KStandardGuiItem::yes(), const KGuiItem &buttonNo=KStandardGuiItem::no(), const KGuiItem &buttonCancel=KStandardGuiItem::cancel(), const QString &dontAskAgainName=QString(), Options options=Notify)
KMessageBox::Yes
Yes
KMessageBox::Cancel
Cancel
KMessageBox::sorry
static void sorry(QWidget *parent, const QString &text, const QString &caption=QString(), Options options=Notify)
KMessageBox::warningYesNo
static int warningYesNo(QWidget *parent, const QString &text, const QString &caption=QString(), const KGuiItem &buttonYes=KStandardGuiItem::yes(), const KGuiItem &buttonNo=KStandardGuiItem::no(), const QString &dontAskAgainName=QString(), Options options=Options(Notify|Dangerous))
KSslCertificateManager
KSslCertificateManager::nonIgnorableErrors
static QList< KSslError > nonIgnorableErrors(const QList< KSslError > &)
KSslCertificateManager::self
static KSslCertificateManager * self()
KSslCertificateManager::rule
KSslCertificateRule rule(const QSslCertificate &cert, const QString &hostName) const
KSslCertificateManager::setRule
void setRule(const KSslCertificateRule &rule)
KSslCertificateRule
KSslCertificateRule::setExpiryDateTime
void setExpiryDateTime(const QDateTime &dateTime)
KSslCertificateRule::setIgnoredErrors
void setIgnoredErrors(const QList< KSslError > &errors)
KSslCertificateRule::filterErrors
QList< KSslError > filterErrors(const QList< KSslError > &errors) const
KSslErrorUiData::Private
KSslErrorUiData::Private::sslErrors
QList< KSslError > sslErrors
KSslErrorUiData::Private::ip
QString ip
KSslErrorUiData::Private::certificateChain
QList< QSslCertificate > certificateChain
KSslErrorUiData::Private::host
QString host
KSslErrorUiData::Private::usedBits
int usedBits
KSslErrorUiData::Private::cipher
QString cipher
KSslErrorUiData::Private::bits
int bits
KSslErrorUiData::Private::sslProtocol
QString sslProtocol
KSslErrorUiData::Private::get
static const KSslErrorUiData::Private * get(const KSslErrorUiData *uiData)
KSslErrorUiData
KSslError
KSslError::error
Error error() const
KSslError::certificate
QSslCertificate certificate() const
KSslError::errorString
QString errorString() const
KSslInfoDialog
KDE SSL Information Dialog.
Definition: ksslinfodialog.h:43
KSslInfoDialog::setSslInfo
void setSslInfo(const QList< QSslCertificate > &certificateChain, const QString &ip, const QString &host, const QString &sslProtocol, const QString &cipher, int usedBits, int bits, const QList< QList< KSslError::Error > > &validationErrors)
Set information to display about the SSL connection.
Definition: ksslinfodialog.cpp:148
KTcpSocket
QList
kDebug
#define kDebug
kdebug.h
klocalizedstring.h
i18n
QString i18n(const char *text)
kmessagebox.h
ksslcertificatemanager.h
ksslinfodialog.h
ktcpsocket_p.h
KIO::SslUi::RulesStorage
RulesStorage
Definition: sslui.h:30
KIO::SslUi::RecallRules
@ RecallRules
apply stored certificate rules (typically ignored errors)
Definition: sslui.h:31
KIO::SslUi::StoreRules
@ StoreRules
make new ignore rules from the user's choice and store them
Definition: sslui.h:32
KIO::SslUi::askIgnoreSslErrors
bool askIgnoreSslErrors(const KTcpSocket *socket, RulesStorage storedRules=RecallAndStoreRules)
Definition: sslui.cpp:31
message
void message(KMessage::MessageType messageType, const QString &text, const QString &caption=QString())
sslui.h
This file is part of the KDE documentation.
Documentation copyright © 1996-2023 The KDE developers.
Generated on Mon Feb 20 2023 00:00:00 by doxygen 1.9.6 written by Dimitri van Heesch, © 1997-2006

KDE's Doxygen guidelines are available online.

KIO

Skip menu "KIO"
  • Main Page
  • Namespace List
  • Namespace Members
  • Alphabetical List
  • Class List
  • Class Hierarchy
  • Class Members
  • File List
  • File Members
  • Related Pages

kdelibs-4.14.38 API Reference

Skip menu "kdelibs-4.14.38 API Reference"
  • DNSSD
  • Interfaces
  •   KHexEdit
  •   KMediaPlayer
  •   KSpeech
  •   KTextEditor
  • kconf_update
  • KDE3Support
  •   KUnitTest
  • KDECore
  • KDED
  • KDEsu
  • KDEUI
  • KDEWebKit
  • KDocTools
  • KFile
  • KHTML
  • KImgIO
  • KInit
  • kio
  • KIOSlave
  • KJS
  •   KJS-API
  •   WTF
  • kjsembed
  • KNewStuff
  • KParts
  • KPty
  • Kross
  • KUnitConversion
  • KUtils
  • Nepomuk
  • Plasma
  • Solid
  • Sonnet
  • ThreadWeaver
Report problems with this website to our bug tracking system.
Contact the specific authors with questions and comments about the page contents.

KDE® and the K Desktop Environment® logo are registered trademarks of KDE e.V. | Legal