ksslcertificate.h
00001 /* This file is part of the KDE project 00002 * 00003 * Copyright (C) 2000-2003 George Staikos <staikos@kde.org> 00004 * 00005 * This library is free software; you can redistribute it and/or 00006 * modify it under the terms of the GNU Library General Public 00007 * License as published by the Free Software Foundation; either 00008 * version 2 of the License, or (at your option) any later version. 00009 * 00010 * This library is distributed in the hope that it will be useful, 00011 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00012 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 00013 * Library General Public License for more details. 00014 * 00015 * You should have received a copy of the GNU Library General Public License 00016 * along with this library; see the file COPYING.LIB. If not, write to 00017 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, 00018 * Boston, MA 02110-1301, USA. 00019 */ 00020 00021 #ifndef _KSSLCERTIFICATE_H 00022 #define _KSSLCERTIFICATE_H 00023 00024 00025 // UPDATE: I like the structure of this class less and less every time I look 00026 // at it. I think it needs to change. 00027 // 00028 // 00029 // The biggest reason for making everything protected here is so that 00030 // the class can have all it's methods available even if openssl is not 00031 // available. Also, to create a new certificate you should use the 00032 // KSSLCertificateFactory, and to manage the user's database of certificates, 00033 // you should go through the KSSLCertificateHome. 00034 // 00035 // There should be no reason to touch the X509 stuff directly. 00036 // 00037 00038 #include <qcstring.h> 00039 #include <qvaluelist.h> 00040 00041 class QString; 00042 class QStringList; 00043 class QCString; 00044 class KSSL; 00045 class KSSLCertificatePrivate; 00046 class QDateTime; 00047 class KSSLCertChain; 00048 class KSSLX509V3; 00049 00050 #include <kdelibs_export.h> 00051 00052 #ifdef Q_WS_WIN 00053 #include "ksslconfig_win.h" 00054 #else 00055 #include "ksslconfig.h" 00056 #endif 00057 00058 #ifdef KSSL_HAVE_SSL 00059 typedef struct x509_st X509; 00060 #else 00061 class X509; 00062 #endif 00063 00075 class KIO_EXPORT KSSLCertificate { 00076 friend class KSSL; 00077 friend class KSSLCertificateHome; 00078 friend class KSSLCertificateFactory; 00079 friend class KSSLCertificateCache; 00080 friend class KSSLCertChain; 00081 friend class KSSLPeerInfo; 00082 friend class KSSLPKCS12; 00083 friend class KSSLD; 00084 friend class KSMIMECryptoPrivate; 00085 00086 00087 public: 00091 ~KSSLCertificate(); 00092 00098 static KSSLCertificate *fromString(QCString cert); 00099 00107 static KSSLCertificate *fromX509(X509 *x5); 00108 00113 enum KSSLValidation { Unknown, Ok, NoCARoot, InvalidPurpose, 00114 PathLengthExceeded, InvalidCA, Expired, 00115 SelfSigned, ErrorReadingRoot, NoSSL, 00116 Revoked, Untrusted, SignatureFailed, 00117 Rejected, PrivateKeyFailed, InvalidHost, 00118 Irrelevant, SelfSignedChain 00119 }; 00120 00121 enum KSSLPurpose { None=0, SSLServer=1, SSLClient=2, 00122 SMIMESign=3, SMIMEEncrypt=4, Any=5 }; 00123 00124 typedef QValueList<KSSLValidation> KSSLValidationList; 00125 00130 QString toString(); 00131 00136 QString getSubject() const; 00137 00142 QString getIssuer() const; 00143 00148 QString getNotBefore() const; 00149 00154 QString getNotAfter() const; 00155 00160 QDateTime getQDTNotBefore() const; 00161 00166 QDateTime getQDTNotAfter() const; 00167 00172 QByteArray toDer(); 00173 00178 QByteArray toPem(); 00179 00184 QByteArray toNetscape(); 00185 00190 QString toText(); 00191 00196 QString getSerialNumber() const; 00197 00202 QString getKeyType() const; 00203 00208 QString getPublicKeyText() const; 00209 00215 QString getMD5DigestText() const; 00216 00221 QString getMD5Digest() const; 00222 00227 QString getSignatureText() const; 00228 00233 bool isValid(); 00234 00240 bool isValid(KSSLPurpose p); 00241 00246 QStringList subjAltNames() const; 00247 00252 KSSLValidation validate(); 00253 00259 KSSLValidation validate(KSSLPurpose p); 00260 00266 KSSLValidationList validateVerbose(KSSLPurpose p); 00267 00275 KSSLValidationList validateVerbose(KSSLPurpose p, KSSLCertificate *ca); 00276 00281 KSSLValidation revalidate(); 00282 00288 KSSLValidation revalidate(KSSLPurpose p); 00289 00294 KSSLCertChain& chain(); 00295 00301 static QString verifyText(KSSLValidation x); 00302 00307 KSSLCertificate *replicate(); 00308 00313 KSSLCertificate(const KSSLCertificate& x); // copy constructor 00314 00320 bool setCert(QString& cert); 00321 00327 KSSLX509V3& x509V3Extensions(); 00328 00333 bool isSigner(); 00334 00338 void getEmails(QStringList& to) const; 00339 00345 QString getKDEKey() const; 00346 00350 static QString getMD5DigestFromKDEKey(const QString& k); 00351 00352 private: 00353 KIO_EXPORT friend int operator!=(KSSLCertificate& x, KSSLCertificate& y); 00354 KIO_EXPORT friend int operator==(KSSLCertificate& x, KSSLCertificate& y); 00355 00356 KSSLCertificatePrivate *d; 00357 int purposeToOpenSSL(KSSLPurpose p) const; 00358 00359 protected: 00360 KSSLCertificate(); 00361 00362 void setCert(X509 *c); 00363 void setChain(void *c); 00364 X509 *getCert(); 00365 KSSLValidation processError(int ec); 00366 }; 00367 00368 KIO_EXPORT QDataStream& operator<<(QDataStream& s, const KSSLCertificate& r); 00369 KIO_EXPORT QDataStream& operator>>(QDataStream& s, KSSLCertificate& r); 00370 00371 KIO_EXPORT int operator==(KSSLCertificate& x, KSSLCertificate& y); 00372 KIO_EXPORT inline int operator!=(KSSLCertificate& x, KSSLCertificate& y) 00373 { return !(x == y); } 00374 00375 #endif 00376