/** * crypto.cpp * * Copyright (c) 2000-2005 George Staikos <staikos@kde.org> * 2000 Carsten Pfeiffer <pfeiffer@kde.org> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published * by the Free Software Foundation; either version 2.1 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ // // Attention. The suck factor on this code is increasing. It's a bit of a // hack. </understatement> It might be time to rewrite it soon. // #include <sys/types.h> #include <sys/stat.h> #include <stdlib.h> #include <pwd.h> #include <unistd.h> #include <tqbuttongroup.h> #include <tqcheckbox.h> #include <tqfile.h> #include <tqfileinfo.h> #include <tqframe.h> #include <tqhbuttongroup.h> #include <tqhgroupbox.h> #include <tqlabel.h> #include <tqlayout.h> #include <tqpushbutton.h> #include <tqradiobutton.h> #include <tqregexp.h> #include <tqvbox.h> #include <tqvbuttongroup.h> #include <tqvgroupbox.h> #include <tqwhatsthis.h> #include <tdeaboutdata.h> #include <kcombobox.h> #include <tdeconfig.h> #include <kdatepicker.h> #include <kdebug.h> #include <kdialog.h> #include <tdefiledialog.h> #include <kgenericfactory.h> #include <tdeglobal.h> #include <klineedit.h> #include <tdelocale.h> #include <kmdcodec.h> #include <tdemessagebox.h> #include <kpassdlg.h> #include <kprocess.h> #include <kpushbutton.h> #include <kresolver.h> #include <kseparator.h> #include <kstandarddirs.h> #include <kurllabel.h> #include <kurlrequester.h> #include <config.h> #ifdef HAVE_SSL #define crypt _openssl_crypt #include <openssl/ssl.h> #include <openssl/x509.h> #include <openssl/x509v3.h> #include <openssl/pem.h> #include <openssl/rand.h> #include <openssl/err.h> #include <openssl/stack.h> #include <openssl/safestack.h> #undef crypt #endif #include <ksslall.h> #include <kopenssl.h> #include "crypto.h" #include "certexport.h" #include "kdatetimedlg.h" using namespace KNetwork; typedef KGenericFactory<KCryptoConfig, TQWidget> KryptoFactory; K_EXPORT_COMPONENT_FACTORY( kcm_crypto, KryptoFactory("kcmcrypto") ) CipherItem::CipherItem( TQListView *view, const TQString& cipher, int bits, int maxBits, KCryptoConfig *module ) : TQCheckListItem( view, TQString(), CheckBox ) { m_cipher = cipher; m_bits = bits; m_module = module; TQString tmp( i18n("%1 (%2 of %3 bits)") ); setText( 0, tmp.arg( cipher ).arg( bits ).arg( maxBits )); } void CipherItem::stateChange( bool ) { m_module->configChanged(); } TQString CipherItem::configName() const { TQString cipherName("cipher_%1"); return cipherName.arg( m_cipher ); } OtherCertItem::OtherCertItem( TQListView *view, const TQString& sub, const TQString& md5, bool perm, int policy, TQDateTime exp, KCryptoConfig *module ) : TQListViewItem( view, TQString() ), _sub(sub), _md5(md5), _exp(exp), _perm(perm), _policy(policy) { m_module = module; KSSLX509Map cert(sub); setText(0, cert.getValue("O")); setText(1, cert.getValue("CN").replace("\n", ", ")); if (_exp.date().year() > 3000 || _exp.date().year() < 1900) _exp.setDate(TQDate(3000,1,1)); } void OtherCertItem::stateChange( bool ) { m_module->configChanged(); } TQString OtherCertItem::configName() const { return _sub; } YourCertItem::YourCertItem( TQListView *view, TQString pkcs, TQString pass, TQString name, KCryptoConfig *module ) : TQListViewItem( view, TQString() ) { m_module = module; KSSLX509Map cert(name); TQString tmp = cert.getValue("CN").replace("\n", ", "); setText(0, tmp); setText(1, cert.getValue("Email")); _pkcs = pkcs; _name = name; _pass = pass; } void YourCertItem::stateChange( bool ) { m_module->configChanged(); } TQString YourCertItem::configName() const { return _name; } CAItem::CAItem( TQListView *view, TQString name, TQString cert, bool site, bool email, bool code, KCryptoConfig *module ) : TQListViewItem( view, TQString() ) { m_module = module; KSSLX509Map mcert(name); TQString tmp; setText(0, mcert.getValue("O")); tmp = mcert.getValue("OU"); tmp.replace("\n", ", "); setText(1, tmp); tmp = mcert.getValue("CN"); tmp.replace("\n", ", "); setText(2, tmp); _name = name; _cert = cert; _site = site; _email = email; _code = code; isNew = false; modified = false; } void CAItem::stateChange( bool ) { m_module->configChanged(); } TQString CAItem::configName() const { return _name; } ////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////// KCryptoConfig::KCryptoConfig(TQWidget *parent, const char *name, const TQStringList &) : TDECModule(KryptoFactory::instance(), parent, name) { TQGridLayout *grid; TQBoxLayout *top = new TQVBoxLayout(this); TQString whatstr; setQuickHelp( i18n("<h1>Crypto</h1> This module allows you to configure SSL for" " use with most TDE applications, as well as manage your personal" " certificates and the known certificate authorities.")); ___lehack = false; otherCertDelList.setAutoDelete(true); yourCertDelList.setAutoDelete(true); authDelList.setAutoDelete(true); caDelList.setAutoDelete(true); _signers = new KSSLSigners; TDEAboutData *about = new TDEAboutData(I18N_NOOP("kcmcrypto"), I18N_NOOP("TDE Crypto Control Module"), 0, 0, TDEAboutData::License_GPL, I18N_NOOP("(c) 2000 - 2001 George Staikos")); about->addAuthor("George Staikos", 0, "staikos@kde.org"); about->addAuthor("Carsten Pfeiffer", 0, "pfeiffer@kde.org"); setAboutData( about ); /////////////////////////////////////////////////////////////////////////// // Create the GUI here - there are currently a total of 6 tabs. // The first is SSL and cipher related // The second is OpenSSL settings // The third is user's SSL certificate related // The fourth is certificate authentication related // The fifth is other SSL certificate related // The sixth is CA related // The seventh is misc. settings related (unimplemented) // The eighth is peer [email] certificate related (unimplemented) /////////////////////////////////////////////////////////////////////////// tabs = new TQTabWidget(this); top->addWidget(tabs); /////////////////////////////////////////////////////////////////////////// // FIRST TAB /////////////////////////////////////////////////////////////////////////// tabSSL = new TQFrame(this); grid = new TQGridLayout(tabSSL, 7, 2, KDialog::marginHint(), KDialog::spacingHint() ); mUseTLS = new TQCheckBox(i18n("Enable &TLS support if supported by the server"), tabSSL); connect(mUseTLS, TQT_SIGNAL(clicked()), TQT_SLOT(configChanged())); grid->addWidget(mUseTLS, 0, 0); whatstr = i18n("TLS is the newest revision of the SSL protocol." " It integrates better with other protocols and has" " replaced SSL in protocols such as POP3 and SMTP."); TQWhatsThis::add(mUseTLS, whatstr); mUseSSLv2 = new TQCheckBox(i18n("Enable SSLv&2"), tabSSL); connect(mUseSSLv2, TQT_SIGNAL(clicked()), TQT_SLOT(configChanged())); grid->addWidget(mUseSSLv2, 1, 0); whatstr = i18n("SSL v2 is the second revision of the SSL protocol." " It is most common to enable v2 and v3."); TQWhatsThis::add(mUseSSLv2, whatstr); mUseSSLv3 = new TQCheckBox(i18n("Enable SSLv&3"), tabSSL); connect(mUseSSLv3, TQT_SIGNAL(clicked()), TQT_SLOT(configChanged())); grid->addWidget(mUseSSLv3, 1, 1); whatstr = i18n("SSL v3 is the third revision of the SSL protocol." " It is most common to enable v2 and v3."); TQWhatsThis::add(mUseSSLv3, whatstr); #ifdef HAVE_SSL SSLv2Box = new TQListView(tabSSL, "v2ciphers"); (void) SSLv2Box->addColumn(i18n("SSLv2 Ciphers to Use")); whatstr = i18n("Select the ciphers you wish to enable when using the" " SSL v2 protocol. The actual protocol used will be" " negotiated with the server at connection time."); TQWhatsThis::add(SSLv2Box, whatstr); SSLv2Box->setSelectionMode(TQListView::NoSelection); grid->addWidget( SSLv2Box, 2, 0 ); connect( mUseSSLv2, TQT_SIGNAL( toggled( bool ) ), SSLv2Box, TQT_SLOT( setEnabled( bool ))); #else TQLabel *nossllabel = new TQLabel(i18n("SSL ciphers cannot be configured" " because this module was not linked" " with OpenSSL."), tabSSL); grid->addMultiCellWidget(nossllabel, 2, 2, 0, 1); grid->addRowSpacing( 3, 100 ); // give minimum height to look better #endif // no need to parse kdeglobals. config = new TDEConfig("cryptodefaults", false, false); policies = new KSimpleConfig("ksslpolicies", false); pcerts = new KSimpleConfig("ksslcertificates", false); authcfg = new KSimpleConfig("ksslauthmap", false); #ifdef HAVE_SSL SSLv3Box = new TQListView(tabSSL, "v3ciphers"); (void) SSLv3Box->addColumn(i18n("SSLv3 Ciphers to Use")); whatstr = i18n("Select the ciphers you wish to enable when using the" " SSL v3 protocol. The actual protocol used will be" " negotiated with the server at connection time."); TQWhatsThis::add(SSLv3Box, whatstr); SSLv3Box->setSelectionMode(TQListView::NoSelection); grid->addWidget(SSLv3Box, 2, 1); connect( mUseSSLv3, TQT_SIGNAL( toggled( bool ) ), SSLv3Box, TQT_SLOT( setEnabled( bool ))); loadCiphers(); // // CipherWizards // TQHGroupBox *cwbg = new TQHGroupBox(i18n("Cipher Wizard"), tabSSL); TQComboBox *cwcb = new TQComboBox(cwbg); grid->addMultiCellWidget(cwbg, 3, 3, 0, 1); TQString whatStr = i18n("<qt>Use these preconfigurations to more easily configure the SSL encryption settings. You can choose among the following modes: <ul>"); cwcb->insertItem(TQString()); cwcb->insertItem(i18n("Most Compatible")); whatStr += i18n("<li><b>Most Compatible:</b> Select the settings found to be most compatible.</li>"); cwcb->insertItem(i18n("US Ciphers Only")); whatStr += i18n("<li><b>US Ciphers Only:</b> Select only the US strong (>= 128 bit) encryption ciphers.</li>"); cwcb->insertItem(i18n("Export Ciphers Only")); whatStr += i18n("<li><b>Export Ciphers Only:</b> Select only the weak ciphers (<= 56 bit).</li>"); cwcb->insertItem(i18n("Enable All")); whatStr += i18n("<li><b>Enable All:</b> Select all SSL ciphers and methods.</li></ul>"); TQWhatsThis::add(cwcb, whatStr); connect(cwcb, TQT_SIGNAL(activated(int)), TQT_SLOT(slotSelectCipher(int))); #endif mWarnOnEnter = new TQCheckBox(i18n("Warn on &entering SSL mode"), tabSSL); connect(mWarnOnEnter, TQT_SIGNAL(clicked()), TQT_SLOT(configChanged())); grid->addWidget(mWarnOnEnter, 5, 0); whatstr = i18n("If selected, you will be notified when entering an SSL" " enabled site"); TQWhatsThis::add(mWarnOnEnter, whatstr); mWarnOnLeave = new TQCheckBox(i18n("Warn on &leaving SSL mode"), tabSSL); connect(mWarnOnLeave, TQT_SIGNAL(clicked()), TQT_SLOT(configChanged())); grid->addWidget(mWarnOnLeave, 5, 1); whatstr = i18n("If selected, you will be notified when leaving an SSL" " based site."); TQWhatsThis::add(mWarnOnLeave, whatstr); mWarnOnUnencrypted = new TQCheckBox(i18n("Warn on sending &unencrypted data"), tabSSL); connect(mWarnOnUnencrypted, TQT_SIGNAL(clicked()), TQT_SLOT(configChanged())); grid->addWidget(mWarnOnUnencrypted, 6, 0); whatstr = i18n("If selected, you will be notified before sending" " unencrypted data via a web browser."); TQWhatsThis::add(mWarnOnUnencrypted, whatstr); #if 0 // NOT IMPLEMENTED IN KDE 3.0 mWarnOnMixed = new TQCheckBox(i18n("Warn on &mixed SSL/non-SSL pages"), tabSSL); connect(mWarnOnMixed, TQT_SIGNAL(clicked()), TQT_SLOT(configChanged())); grid->addWidget(mWarnOnMixed, 6, 1); whatstr = i18n("If selected, you will be notified if you view a page" " that has both encrypted and non-encrypted parts."); TQWhatsThis::add(mWarnOnMixed, whatstr); #endif /////////////////////////////////////////////////////////////////////////// // SECOND TAB /////////////////////////////////////////////////////////////////////////// #ifdef HAVE_SSL tabOSSL = new TQFrame(this); TQBoxLayout *vbox = new TQVBoxLayout(tabOSSL, KDialog::marginHint(), KDialog::spacingHint()); oInfo = new TQVGroupBox(i18n("Path to OpenSSL Shared Libraries"), tabOSSL); vbox->addWidget(oInfo); oPath = new KURLRequester(oInfo); oPath->setMode(KFile::Directory); oTest = new TQPushButton(i18n("&Test"), oInfo); connect(oTest, TQT_SIGNAL(clicked()), TQT_SLOT(slotTestOSSL())); connect(oPath, TQT_SIGNAL(textChanged(const TQString&)), TQT_SLOT(configChanged())); // // Settings for the EGD // TQFrame *eFrame = new TQFrame(tabOSSL); TQVBoxLayout *egrid = new TQVBoxLayout(eFrame); mUseEGD = new TQCheckBox(i18n("Use EGD"), eFrame); connect(mUseEGD, TQT_SIGNAL(clicked()), TQT_SLOT(slotUseEGD())); mUseEFile = new TQCheckBox(i18n("Use entropy file"), eFrame); connect(mUseEFile, TQT_SIGNAL(clicked()), TQT_SLOT(slotUseEFile())); vbox->addWidget(eFrame); egrid->addWidget(mUseEGD); egrid->addWidget(mUseEFile); TQFrame *egdframe = new TQFrame(tabOSSL); TQGridLayout *grid2 = new TQGridLayout(egdframe, 2, 2, KDialog::marginHint(), KDialog::spacingHint()); mEGDLabel = new TQLabel(i18n("Path to EGD:"), egdframe); grid2->addWidget(mEGDLabel, 0, 0); mEGDPath = new KURLRequester(egdframe); grid2->addWidget(mEGDPath, 0, 1); connect(mEGDPath, TQT_SIGNAL(textChanged(const TQString&)), TQT_SLOT(configChanged())); vbox->addWidget(egdframe); whatstr = i18n("If selected, OpenSSL will be asked to use the entropy gathering" " daemon (EGD) for initializing the pseudo-random number generator."); TQWhatsThis::add(mUseEGD, whatstr); whatstr = i18n("If selected, OpenSSL will be asked to use the given file" " as entropy for initializing the pseudo-random number generator."); TQWhatsThis::add(mUseEFile, whatstr); whatstr = i18n("Enter the path to the socket created by the entropy gathering" " daemon (or the entropy file) here."); TQWhatsThis::add(mEGDPath, whatstr); whatstr = i18n("Click here to browse for the EGD socket file."); TQWhatsThis::add(mEGDPath, whatstr); vbox->addStretch(); #endif /////////////////////////////////////////////////////////////////////////// // THIRD TAB /////////////////////////////////////////////////////////////////////////// tabYourSSLCert = new TQFrame(this); #ifdef HAVE_SSL grid = new TQGridLayout(tabYourSSLCert, 16, 6, KDialog::marginHint(), KDialog::spacingHint() ); yourSSLBox = new TQListView(tabYourSSLCert); yourSSLBox->setAllColumnsShowFocus(true); whatstr = i18n("This list box shows which certificates of yours TDE" " knows about. You can easily manage them from here."); TQWhatsThis::add(yourSSLBox, whatstr); grid->addMultiCellWidget(yourSSLBox, 0, 5, 0, 4); yourSSLBox->addColumn(i18n("Common Name")); yourSSLBox->addColumn(i18n("Email Address")); connect(yourSSLBox, TQT_SIGNAL(selectionChanged()), TQT_SLOT(slotYourCertSelect())); yourSSLImport = new TQPushButton(i18n("I&mport..."), tabYourSSLCert); connect(yourSSLImport, TQT_SIGNAL(clicked()), TQT_SLOT(slotYourImport())); grid->addWidget(yourSSLImport, 0, 5); yourSSLExport = new TQPushButton(i18n("&Export..."), tabYourSSLCert); yourSSLExport->setEnabled(false); connect(yourSSLExport, TQT_SIGNAL(clicked()), TQT_SLOT(slotYourExport())); grid->addWidget(yourSSLExport, 1, 5); yourSSLRemove = new TQPushButton(i18n("Remo&ve"), tabYourSSLCert); yourSSLRemove->setEnabled(false); connect(yourSSLRemove, TQT_SIGNAL(clicked()), TQT_SLOT(slotYourRemove())); grid->addWidget(yourSSLRemove, 2, 5); yourSSLUnlock = new TQPushButton(i18n("&Unlock"), tabYourSSLCert); yourSSLUnlock->setEnabled(false); connect(yourSSLUnlock, TQT_SIGNAL(clicked()), TQT_SLOT(slotYourUnlock())); grid->addWidget(yourSSLUnlock, 3, 5); yourSSLVerify = new TQPushButton(i18n("Verif&y"), tabYourSSLCert); yourSSLVerify->setEnabled(false); connect(yourSSLVerify, TQT_SIGNAL(clicked()), TQT_SLOT(slotYourVerify())); grid->addWidget(yourSSLVerify, 4, 5); yourSSLPass = new TQPushButton(i18n("Chan&ge Password..."), tabYourSSLCert); yourSSLPass->setEnabled(false); connect(yourSSLPass, TQT_SIGNAL(clicked()), TQT_SLOT(slotYourPass())); grid->addWidget(yourSSLPass, 5, 5); grid->addMultiCellWidget(new KSeparator(KSeparator::HLine, tabYourSSLCert), 6, 6, 0, 5); ySubject = KSSLInfoDlg::certInfoWidget(tabYourSSLCert, TQString(TQString())); yIssuer = KSSLInfoDlg::certInfoWidget(tabYourSSLCert, TQString(TQString())); grid->addMultiCellWidget(ySubject, 7, 11, 0, 2); grid->addMultiCellWidget(yIssuer, 7, 11, 3, 5); whatstr = i18n("This is the information known about the owner of the certificate."); TQWhatsThis::add(ySubject, whatstr); whatstr = i18n("This is the information known about the issuer of the certificate."); TQWhatsThis::add(yIssuer, whatstr); grid->addWidget(new TQLabel(i18n("Valid from:"), tabYourSSLCert), 12, 0); grid->addWidget(new TQLabel(i18n("Valid until:"), tabYourSSLCert), 13, 0); yValidFrom = new TQLabel(tabYourSSLCert); grid->addWidget(yValidFrom, 12, 1); yValidUntil = new TQLabel(tabYourSSLCert); grid->addWidget(yValidUntil, 13, 1); whatstr = i18n("The certificate is valid starting at this date."); TQWhatsThis::add(yValidFrom, whatstr); whatstr = i18n("The certificate is valid until this date."); TQWhatsThis::add(yValidUntil, whatstr); grid->addWidget(new TQLabel(i18n("MD5 digest:"), tabYourSSLCert), 14, 0); yHash = new TQLabel(tabYourSSLCert); grid->addWidget(yHash, 14, 1); whatstr = i18n("A hash of the certificate used to identify it quickly."); TQWhatsThis::add(yHash, whatstr); #if 0 TQHButtonGroup *ocbg = new TQHButtonGroup(i18n("On SSL Connection..."), tabYourSSLCert); yourSSLUseDefault = new TQRadioButton(i18n("&Use default certificate"), ocbg); yourSSLList = new TQRadioButton(i18n("&List upon connection"), ocbg); yourSSLDont = new TQRadioButton(i18n("&Do not use certificates"), ocbg); grid->addMultiCellWidget(ocbg, 14, 14, 0, 5); #endif #else nossllabel = new TQLabel(i18n("SSL certificates cannot be managed" " because this module was not linked" " with OpenSSL."), tabYourSSLCert); grid->addMultiCellWidget(nossllabel, 3, 3, 0, 5); #endif /////////////////////////////////////////////////////////////////////////// // FOURTH TAB /////////////////////////////////////////////////////////////////////////// tabAuth = new TQFrame(this); #ifdef HAVE_SSL grid = new TQGridLayout(tabAuth, 20, 6, KDialog::marginHint(), KDialog::spacingHint()); grid->addMultiCellWidget(new TQLabel(i18n("Default Authentication Certificate"), tabAuth), 0, 0, 0, 2); defCertBG = new TQVButtonGroup(i18n("Default Action"), tabAuth); defSend = new TQRadioButton(i18n("&Send"), defCertBG); defPrompt = new TQRadioButton(i18n("&Prompt"), defCertBG); defDont = new TQRadioButton(i18n("Do ¬ send"), defCertBG); grid->addMultiCellWidget(defCertBG, 1, 3, 0, 2); grid->addMultiCellWidget(new TQLabel(i18n("Default certificate:"), tabAuth), 1, 1, 3, 5); defCertBox = new KComboBox(false, tabAuth); grid->addMultiCellWidget(defCertBox, 2, 2, 3, 5); grid->addMultiCellWidget(new KSeparator(KSeparator::HLine, tabAuth), 4, 4, 0, 5); grid->addMultiCellWidget(new TQLabel(i18n("Host authentication:"), tabAuth), 5, 5, 0, 1); hostAuthList = new TQListView(tabAuth); hostAuthList->setAllColumnsShowFocus(true); grid->addMultiCellWidget(hostAuthList, 6, 13, 0, 5); hostAuthList->addColumn(i18n("Host")); hostAuthList->addColumn(i18n("Certificate")); hostAuthList->addColumn(i18n("Policy")); grid->addWidget(new TQLabel(i18n("Host:"), tabAuth), 14, 0); grid->addWidget(new TQLabel(i18n("Certificate:"), tabAuth), 15, 0); authHost = new TQLineEdit(tabAuth); grid->addMultiCellWidget(authHost, 14, 14, 1, 4); hostCertBox = new KComboBox(false, tabAuth); grid->addMultiCellWidget(hostCertBox, 15, 15, 1, 4); hostCertBG = new TQHButtonGroup(i18n("Action"), tabAuth); hostSend = new TQRadioButton(i18n("Send"), hostCertBG); hostPrompt = new TQRadioButton(i18n("Prompt"), hostCertBG); hostDont = new TQRadioButton(i18n("Do not send"), hostCertBG); grid->addMultiCellWidget(hostCertBG, 16, 16, 0, 5); authAdd = new TQPushButton(i18n("Ne&w"), tabAuth); authRemove = new TQPushButton(i18n("Remo&ve"), tabAuth); grid->addWidget(authAdd, 17, 4); grid->addWidget(authRemove, 17, 5); authHost->setEnabled(false); hostCertBox->setEnabled(false); hostCertBG->setEnabled(false); authRemove->setEnabled(false); connect(defCertBox, TQT_SIGNAL(activated(int)), this, TQT_SLOT(configChanged())); connect(defCertBG, TQT_SIGNAL(clicked(int)), this, TQT_SLOT(configChanged())); connect(hostAuthList, TQT_SIGNAL(selectionChanged()), this, TQT_SLOT(slotAuthItemChanged())); connect(authAdd, TQT_SIGNAL(clicked()), this, TQT_SLOT(slotNewHostAuth())); connect(authRemove, TQT_SIGNAL(clicked()), this, TQT_SLOT(slotRemoveHostAuth())); connect(authHost, TQT_SIGNAL(textChanged(const TQString &)), this, TQT_SLOT(slotAuthText(const TQString &))); connect(hostCertBG, TQT_SIGNAL(clicked(int)), this, TQT_SLOT(slotAuthButtons())); connect(hostCertBox, TQT_SIGNAL(activated(int)), this, TQT_SLOT(slotAuthCombo())); #else nossllabel = new TQLabel(i18n("SSL certificates cannot be managed" " because this module was not linked" " with OpenSSL."), tabAuth); grid->addMultiCellWidget(nossllabel, 3, 3, 0, 5); #endif /////////////////////////////////////////////////////////////////////////// // FIFTH TAB /////////////////////////////////////////////////////////////////////////// tabOtherSSLCert = new TQFrame(this); #ifdef HAVE_SSL oGrid = grid = new TQGridLayout(tabOtherSSLCert, 21, 6, KDialog::marginHint(), KDialog::spacingHint()); otherSSLBox = new TQListView(tabOtherSSLCert); otherSSLBox->setAllColumnsShowFocus(true); connect(otherSSLBox, TQT_SIGNAL(selectionChanged()), TQT_SLOT(slotOtherCertSelect())); whatstr = i18n("This list box shows which site and person certificates TDE" " knows about. You can easily manage them from here."); TQWhatsThis::add(otherSSLBox, whatstr); otherSSLBox->addColumn(i18n("Organization")); otherSSLBox->addColumn(i18n("Common Name")); grid->addMultiCellWidget(otherSSLBox, 0, 7, 0, 4); otherSSLExport = new TQPushButton(i18n("&Export..."), tabOtherSSLCert); connect(otherSSLExport, TQT_SIGNAL(clicked()), TQT_SLOT(slotExportCert())); grid->addWidget(otherSSLExport, 0, 5); whatstr = i18n("This button allows you to export the selected certificate" " to a file of various formats."); TQWhatsThis::add(otherSSLExport, whatstr); otherSSLRemove = new TQPushButton(i18n("&Remove"), tabOtherSSLCert); connect(otherSSLRemove, TQT_SIGNAL(clicked()), TQT_SLOT(slotRemoveCert())); grid->addWidget(otherSSLRemove, 1, 5); whatstr = i18n("This button removes the selected certificate" " from the certificate cache."); TQWhatsThis::add(otherSSLRemove, whatstr); otherSSLVerify = new TQPushButton(i18n("&Verify"), tabOtherSSLCert); connect(otherSSLVerify, TQT_SIGNAL(clicked()), TQT_SLOT(slotVerifyCert())); grid->addWidget(otherSSLVerify, 2, 5); whatstr = i18n("This button tests the selected certificate" " for validity."); TQWhatsThis::add(otherSSLVerify, whatstr); otherSSLExport->setEnabled(false); otherSSLVerify->setEnabled(false); otherSSLRemove->setEnabled(false); grid->addMultiCellWidget(new KSeparator(KSeparator::HLine, tabOtherSSLCert), 8, 8, 0, 5); oSubject = KSSLInfoDlg::certInfoWidget(tabOtherSSLCert, TQString(TQString())); oIssuer = KSSLInfoDlg::certInfoWidget(tabOtherSSLCert, TQString(TQString())); grid->addMultiCellWidget(oSubject, 9, 13, 0, 2); grid->addMultiCellWidget(oIssuer, 9, 13, 3, 5); whatstr = i18n("This is the information known about the owner of the certificate."); TQWhatsThis::add(oSubject, whatstr); whatstr = i18n("This is the information known about the issuer of the certificate."); TQWhatsThis::add(oIssuer, whatstr); fromLabel = new TQLabel(i18n("Valid from:"), tabOtherSSLCert); untilLabel = new TQLabel(i18n("Valid until:"), tabOtherSSLCert); grid->addWidget(fromLabel, 14, 0); grid->addWidget(untilLabel, 15, 0); fromLabel->setEnabled(false); untilLabel->setEnabled(false); validFrom = new TQLabel(tabOtherSSLCert); grid->addWidget(validFrom, 14, 1); validUntil = new TQLabel(tabOtherSSLCert); grid->addWidget(validUntil, 15, 1); whatstr = i18n("The certificate is valid starting at this date."); TQWhatsThis::add(validFrom, whatstr); whatstr = i18n("The certificate is valid until this date."); TQWhatsThis::add(validUntil, whatstr); cacheGroup = new TQVButtonGroup(i18n("Cache"), tabOtherSSLCert); cachePerm = new TQRadioButton(i18n("Permanentl&y"), cacheGroup); cacheUntil = new TQRadioButton(i18n("&Until"), cacheGroup); untilDate = new KURLLabel(TQString(), TQString(), cacheGroup); cacheGroup->setEnabled(false); grid->addMultiCellWidget(cacheGroup, 16, 19, 0, 2); cachePerm->setEnabled(false); cacheUntil->setEnabled(false); untilDate->setEnabled(false); connect(cachePerm, TQT_SIGNAL(clicked()), TQT_SLOT(slotPermanent())); connect(cacheUntil, TQT_SIGNAL(clicked()), TQT_SLOT(slotUntil())); connect(untilDate, TQT_SIGNAL(leftClickedURL()), TQT_SLOT(slotDatePick())); whatstr = i18n("Select here to make the cache entry permanent."); TQWhatsThis::add(cachePerm, whatstr); whatstr = i18n("Select here to make the cache entry temporary."); TQWhatsThis::add(cacheUntil, whatstr); whatstr = i18n("The date and time until the certificate cache entry should expire."); TQWhatsThis::add(untilDate, whatstr); policyGroup = new TQVButtonGroup(i18n("Policy"), tabOtherSSLCert); policyAccept = new TQRadioButton(i18n("Accep&t"), policyGroup); policyReject = new TQRadioButton(i18n("Re&ject"), policyGroup); policyPrompt = new TQRadioButton(i18n("&Prompt"), policyGroup); policyGroup->setEnabled(false); grid->addMultiCellWidget(policyGroup, 16, 19, 3, 5); connect(policyGroup, TQT_SIGNAL(clicked(int)), TQT_SLOT(slotPolicyChanged(int))); whatstr = i18n("Select this to always accept this certificate."); TQWhatsThis::add(policyAccept, whatstr); whatstr = i18n("Select this to always reject this certificate."); TQWhatsThis::add(policyReject, whatstr); whatstr = i18n("Select this if you wish to be prompted for action when receiving this certificate."); TQWhatsThis::add(policyPrompt, whatstr); grid->addWidget(new TQLabel(i18n("MD5 digest:"), tabOtherSSLCert), 20, 0); pHash = new TQLabel(tabOtherSSLCert); grid->addWidget(pHash, 20, 1); whatstr = i18n("A hash of the certificate used to identify it quickly."); TQWhatsThis::add(pHash, whatstr); #else nossllabel = new TQLabel(i18n("SSL certificates cannot be managed" " because this module was not linked" " with OpenSSL."), tabOtherSSLCert); grid->addMultiCellWidget(nossllabel, 1, 1, 0, 1); #endif /////////////////////////////////////////////////////////////////////////// // SIXTH TAB /////////////////////////////////////////////////////////////////////////// tabSSLCA = new TQFrame(this); #ifdef HAVE_SSL grid = new TQGridLayout(tabSSLCA, 11, 8, KDialog::marginHint(), KDialog::spacingHint()); caList = new TQListView(tabSSLCA); caList->setAllColumnsShowFocus(true); whatstr = i18n("This list box shows which certificate authorities TDE" " knows about. You can easily manage them from here."); TQWhatsThis::add(caList, whatstr); grid->addMultiCellWidget(caList, 0, 3, 0, 6); caList->addColumn(i18n("Organization")); caList->addColumn(i18n("Organizational Unit")); caList->addColumn(i18n("Common Name")); connect(caList, TQT_SIGNAL(selectionChanged()), TQT_SLOT(slotCAItemChanged())); caSSLImport = new TQPushButton(i18n("I&mport..."), tabSSLCA); connect(caSSLImport, TQT_SIGNAL(clicked()), TQT_SLOT(slotCAImport())); grid->addWidget(caSSLImport, 0, 7); caSSLRemove = new TQPushButton(i18n("&Remove"), tabSSLCA); connect(caSSLRemove, TQT_SIGNAL(clicked()), TQT_SLOT(slotCARemove())); grid->addWidget(caSSLRemove, 1, 7); caSSLRemove->setEnabled(false); caSSLRestore = new TQPushButton(i18n("Res&tore"), tabSSLCA); connect(caSSLRestore, TQT_SIGNAL(clicked()), TQT_SLOT(slotCARestore())); grid->addWidget(caSSLRestore, 2, 7); caSubject = KSSLInfoDlg::certInfoWidget(tabSSLCA, TQString(TQString())); caIssuer = KSSLInfoDlg::certInfoWidget(tabSSLCA, TQString(TQString())); grid->addMultiCellWidget(caSubject, 4, 6, 0, 3); grid->addMultiCellWidget(caIssuer, 4, 6, 4, 7); // Accept for Web Site Signing, Email Signing, Code Signing caSite = new TQCheckBox(i18n("Accept for site signing"), tabSSLCA); caEmail = new TQCheckBox(i18n("Accept for email signing"), tabSSLCA); caCode = new TQCheckBox(i18n("Accept for code signing"), tabSSLCA); grid->addMultiCellWidget(caSite, 7, 7, 0, 3); connect(caSite, TQT_SIGNAL(clicked()), TQT_SLOT(slotCAChecked())); grid->addMultiCellWidget(caEmail, 8, 8, 0, 3); connect(caEmail, TQT_SIGNAL(clicked()), TQT_SLOT(slotCAChecked())); grid->addMultiCellWidget(caCode, 9, 9, 0, 3); connect(caCode, TQT_SIGNAL(clicked()), TQT_SLOT(slotCAChecked())); caSite->setEnabled(false); caEmail->setEnabled(false); caCode->setEnabled(false); grid->addWidget(new TQLabel(i18n("MD5 digest:"), tabSSLCA), 10, 0); cHash = new TQLabel(tabSSLCA); grid->addWidget(cHash, 10, 1); whatstr = i18n("A hash of the certificate used to identify it quickly."); TQWhatsThis::add(cHash, whatstr); #else nossllabel = new TQLabel(i18n("SSL certificates cannot be managed" " because this module was not linked" " with OpenSSL."), tabSSLCA); grid->addMultiCellWidget(nossllabel, 1, 1, 0, 1); #endif #if 0 /////////////////////////////////////////////////////////////////////////// // SEVENTH TAB /////////////////////////////////////////////////////////////////////////// tabSSLCOpts = new TQFrame(this); #ifdef HAVE_SSL grid = new TQGridLayout(tabSSLCOpts, 9, 4, KDialog::marginHint(), KDialog::spacingHint()); mWarnSelfSigned = new TQCheckBox(i18n("Warn on &self-signed certificates or unknown CA's"), tabSSLCOpts); connect(mWarnSelfSigned, TQT_SIGNAL(clicked()), TQT_SLOT(configChanged())); mWarnExpired = new TQCheckBox(i18n("Warn on &expired certificates"), tabSSLCOpts); connect(mWarnExpired, TQT_SIGNAL(clicked()), TQT_SLOT(configChanged())); mWarnRevoked = new TQCheckBox(i18n("Warn on re&voked certificates"), tabSSLCOpts); connect(mWarnRevoked, TQT_SIGNAL(clicked()), TQT_SLOT(configChanged())); grid->addMultiCellWidget(mWarnSelfSigned, 0, 0, 0, 3); grid->addMultiCellWidget(mWarnExpired, 1, 1, 0, 3); grid->addMultiCellWidget(mWarnRevoked, 2, 2, 0, 3); macCert = new TQLineEdit(tabSSLCOpts); grid->addMultiCellWidget(macCert, 4, 4, 0, 2); macBox = new TQListBox(tabSSLCOpts); whatstr = i18n("This list box shows which sites you have decided to accept" " a certificate from even though the certificate might fail" " the validation procedure."); TQWhatsThis::add(macBox, whatstr); caSSLBox->setSelectionMode(TQListBox::Single); caSSLBox->setColumnMode(TQListBox::FixedNumber); grid->addMultiCellWidget(macBox, 5, 8, 0, 2); macAdd = new TQPushButton(i18n("&Add"), tabSSLCOpts); //connect(macAdd, TQT_SIGNAL(), TQT_SLOT()); grid->addWidget(macAdd, 4, 3); macRemove = new TQPushButton(i18n("&Remove"), tabSSLCOpts); //connect(macRemove, TQT_SIGNAL(), TQT_SLOT()); grid->addWidget(macRemove, 5, 3); macClear = new KPushButton(KGuiItem::clear(), tabSSLCOpts); //connect(macAdd, TQT_SIGNAL(), TQT_SLOT()); grid->addWidget(macClear, 6, 3); #else nossllabel = new TQLabel(i18n("These options are not configurable" " because this module was not linked" " with OpenSSL."), tabSSLCOpts); grid->addMultiCellWidget(nossllabel, 1, 1, 0, 1); #endif #endif /////////////////////////////////////////////////////////////////////////// // Add the tabs and startup /////////////////////////////////////////////////////////////////////////// tabs->addTab(tabSSL, i18n("SSL")); #ifdef HAVE_SSL tabs->addTab(tabOSSL, i18n("OpenSSL")); #endif tabs->addTab(tabYourSSLCert, i18n("Your Certificates")); tabs->addTab(tabAuth, i18n("Authentication")); tabs->addTab(tabOtherSSLCert, i18n("Peer SSL Certificates")); tabs->addTab(tabSSLCA, i18n("SSL Signers")); #if 0 tabs->addTab(tabSSLCOpts, i18n("Validation Options")); #endif tabs->resize(tabs->sizeHint()); load(); } KCryptoConfig::~KCryptoConfig() { delete config; delete policies; delete pcerts; delete authcfg; delete _signers; } void KCryptoConfig::configChanged() { emit changed(true); } void KCryptoConfig::load() { load( false ); } void KCryptoConfig::load( bool useDefaults ) { config->setReadDefaults( useDefaults ); #ifdef HAVE_SSL otherCertDelList.clear(); yourCertDelList.clear(); authDelList.clear(); caDelList.clear(); config->setGroup("TLS"); mUseTLS->setChecked(config->readBoolEntry("Enabled", true)); config->setGroup("SSLv2"); mUseSSLv2->setChecked(config->readBoolEntry("Enabled", true)); #if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2) mUseSSLv2->setChecked(false); mUseSSLv2->setEnabled(false); #endif config->setGroup("SSLv3"); mUseSSLv3->setChecked(config->readBoolEntry("Enabled", true)); #if defined(OPENSSL_NO_SSL3) mUseSSLv3->setChecked(false); mUseSSLv3->setEnabled(false); #endif config->setGroup("Warnings"); mWarnOnEnter->setChecked(config->readBoolEntry("OnEnter", false)); mWarnOnLeave->setChecked(config->readBoolEntry("OnLeave", true)); mWarnOnUnencrypted->setChecked(config->readBoolEntry("OnUnencrypted", true)); #if 0 // NOT IMPLEMENTED IN KDE 2.0 mWarnOnMixed->setChecked(config->readBoolEntry("OnMixed", true)); config->setGroup("Validation"); mWarnSelfSigned->setChecked(config->readBoolEntry("WarnSelfSigned", true)); mWarnExpired->setChecked(config->readBoolEntry("WarnExpired", true)); mWarnRevoked->setChecked(config->readBoolEntry("WarnRevoked", true)); #endif config->setGroup("EGD"); slotUseEGD(); // set the defaults if (config->readBoolEntry("UseEGD", false)) { mUseEGD->setChecked(true); slotUseEGD(); } else if (config->readBoolEntry("UseEFile", false)) { mUseEFile->setChecked(true); slotUseEFile(); } mEGDPath->setURL(config->readPathEntry("EGDPath")); #ifdef HAVE_SSL config->setGroup("OpenSSL"); oPath->setURL(config->readPathEntry("Path")); #endif config->setGroup("SSLv2"); CipherItem *item = static_cast<CipherItem *>(SSLv2Box->firstChild()); while ( item ) { item->setOn(config->readBoolEntry(item->configName(), item->bits() >= 56)); item = static_cast<CipherItem *>(item->nextSibling()); } config->setGroup("SSLv3"); item = static_cast<CipherItem *>(SSLv3Box->firstChild()); while ( item ) { item->setOn(config->readBoolEntry(item->configName(), item->bits() >= 56)); item = static_cast<CipherItem *>(item->nextSibling()); } #if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2) SSLv2Box->setEnabled( false ); #else SSLv2Box->setEnabled( mUseSSLv2->isChecked() ); #endif #if defined(OPENSSL_NO_SSL3) SSLv3Box->setEnabled( false ); #else SSLv3Box->setEnabled( mUseSSLv3->isChecked() ); #endif TQStringList groups = policies->groupList(); otherSSLBox->clear(); for (TQStringList::Iterator i = groups.begin(); i != groups.end(); ++i) { if ((*i).isEmpty() || *i == "<default>" || *i == "General") continue; policies->setGroup(*i); KSSLCertificate *cert = KSSLCertificate::fromString(policies->readEntry("Certificate", TQString()).local8Bit()); if (cert) { new OtherCertItem(otherSSLBox, cert->getSubject(), *i, policies->readBoolEntry("Permanent", true), policies->readNumEntry("Policy", 3), policies->readDateTimeEntry("Expires"), this ); delete cert; } } groups = pcerts->groupList(); yourSSLBox->clear(); for (TQStringList::Iterator i = groups.begin(); i != groups.end(); ++i) { if ((*i).isEmpty() || *i == "<default>") continue; pcerts->setGroup(*i); YourCertItem *j = new YourCertItem(yourSSLBox, pcerts->readEntry("PKCS12Base64"), pcerts->readEntry("Password"), *i, this ); j->setPassCache(TQString()); } setAuthCertLists(); config->setGroup("Auth"); TQString whichAuth = config->readEntry("AuthMethod", "none"); if (whichAuth == "send") defCertBG->setButton(defCertBG->id(defSend)); else if (whichAuth == "prompt") defCertBG->setButton(defCertBG->id(defPrompt)); else defCertBG->setButton(defCertBG->id(defDont)); TQString whichCert = config->readEntry("DefaultCert"); defCertBox->setCurrentItem(0); for (int i = 0; i < defCertBox->count(); i++) { if (defCertBox->text(i) == whichCert) { defCertBox->setCurrentItem(i); break; } } hostAuthList->clear(); groups = authcfg->groupList(); for (TQStringList::Iterator i = groups.begin(); i != groups.end(); ++i) { if ((*i).isEmpty() || *i == "<default>") continue; authcfg->setGroup(*i); KSSLCertificateHome::KSSLAuthAction aa = KSSLCertificateHome::AuthDont; if (authcfg->readBoolEntry("send", false) == true) aa = KSSLCertificateHome::AuthSend; else if (authcfg->readBoolEntry("prompt", false) == true) aa = KSSLCertificateHome::AuthPrompt; HostAuthItem *j = new HostAuthItem(hostAuthList, KResolver::domainToAscii(*i), authcfg->readEntry("certificate"), this ); j->setAction(aa); j->setOriginalName(*i); } groups = _signers->list(); TDEConfig sigcfg("ksslcalist", true, false); caList->clear(); for (TQStringList::Iterator i = groups.begin(); i != groups.end(); ++i) { if ((*i).isEmpty() || *i == "<default>") continue; if (!sigcfg.hasGroup(*i)) continue; sigcfg.setGroup(*i); if (!sigcfg.hasKey("x509")) continue; new CAItem(caList, (*i), sigcfg.readEntry("x509"), sigcfg.readBoolEntry("site", false), sigcfg.readBoolEntry("email", false), sigcfg.readBoolEntry("code", false), this ); } slotCAItemChanged(); slotOtherCertSelect(); slotYourCertSelect(); #endif emit changed( useDefaults ); } void KCryptoConfig::save() { #ifdef HAVE_SSL if (!mUseTLS->isChecked() && !mUseSSLv2->isChecked() && !mUseSSLv3->isChecked()) KMessageBox::information(this, i18n("If you do not select at least one" " SSL algorithm, either SSL will not" " work or the application may be" " forced to choose a suitable default."), i18n("SSL")); config->setGroup("TLS"); config->writeEntry("Enabled", mUseTLS->isChecked()); config->setGroup("SSLv2"); #if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2) config->writeEntry("Enabled", false); #else config->writeEntry("Enabled", mUseSSLv2->isChecked()); #endif config->setGroup("SSLv3"); #if defined(OPENSSL_NO_SSL3) config->writeEntry("Enabled", false); #else config->writeEntry("Enabled", mUseSSLv3->isChecked()); #endif config->setGroup("Warnings"); config->writeEntry("OnEnter", mWarnOnEnter->isChecked()); config->writeEntry("OnLeave", mWarnOnLeave->isChecked()); config->writeEntry("OnUnencrypted", mWarnOnUnencrypted->isChecked()); config->setGroup("EGD"); config->writeEntry("UseEGD", mUseEGD->isChecked()); config->writeEntry("UseEFile", mUseEFile->isChecked()); config->writePathEntry("EGDPath", mEGDPath->url()); #if 0 // NOT IMPLEMENTED IN KDE 2.0 config->writeEntry("OnMixed", mWarnOnMixed->isChecked()); config->setGroup("Validation"); config->writeEntry("WarnSelfSigned", mWarnSelfSigned->isChecked()); config->writeEntry("WarnExpired", mWarnExpired->isChecked()); config->writeEntry("WarnRevoked", mWarnRevoked->isChecked()); #endif #ifdef HAVE_SSL config->setGroup("OpenSSL"); config->writePathEntry("Path", oPath->url()); #endif int ciphercount = 0; config->setGroup("SSLv2"); CipherItem *item = static_cast<CipherItem *>(SSLv2Box->firstChild()); while ( item ) { if (item->isOn()) { config->writeEntry(item->configName(), true); ciphercount++; } else config->writeEntry(item->configName(), false); item = static_cast<CipherItem *>(item->nextSibling()); } if (mUseSSLv2->isChecked() && ciphercount == 0) KMessageBox::information(this, i18n("If you do not select at least one" " cipher, SSLv2 will not work."), i18n("SSLv2 Ciphers")); ciphercount = 0; config->setGroup("SSLv3"); item = static_cast<CipherItem *>(SSLv3Box->firstChild()); while ( item ) { if (item->isOn()) { config->writeEntry(item->configName(), true); ciphercount++; } else config->writeEntry(item->configName(), false); item = static_cast<CipherItem *>(item->nextSibling()); } KSSLCertificateCache _cc; if (mUseSSLv3->isChecked() && ciphercount == 0) KMessageBox::information(this, i18n("If you do not select at least one" " cipher, SSLv3 will not work."), i18n("SSLv3 Ciphers")); // SSL Policies code for (OtherCertItem *x = otherCertDelList.first(); x != 0; x = otherCertDelList.next()) { KSSLX509Map cert(x->configName()); TQString thisCN = cert.getValue("CN"); _cc.removeByCN(thisCN); otherCertDelList.remove(x); } // Go through the non-deleted ones and save them for (OtherCertItem *x = static_cast<OtherCertItem *>(otherSSLBox->firstChild()); x; x = static_cast<OtherCertItem *>(x->nextSibling())) { KSSLX509Map cert(x->configName()); TQString thisCN = cert.getValue("CN"); TQDateTime expires = x->getExpires(); _cc.modifyByCN(thisCN, (KSSLCertificateCache::KSSLCertificatePolicy)x->getPolicy(), x->isPermanent(), expires); } // SSL Personal certificates code for (YourCertItem *x = yourCertDelList.first(); x != 0; x = yourCertDelList.next()) { pcerts->deleteGroup(x->configName()); yourCertDelList.remove(x); } // Go through the non-deleted ones and save them for (YourCertItem *x = static_cast<YourCertItem *>(yourSSLBox->firstChild()); x; x = static_cast<YourCertItem *>(x->nextSibling())) { pcerts->setGroup(x->configName()); pcerts->writeEntry("PKCS12Base64", x->getPKCS()); pcerts->writeEntry("Password", x->getPass()); } bool doGen = false; // CA certificates code for (CAItem *x = caDelList.first(); x != 0; x = caDelList.next()) { _signers->remove(x->configName()); caDelList.remove(x); doGen = true; } // Go through the non-deleted ones and save them for (CAItem *x = static_cast<CAItem *>(caList->firstChild()); x; x = static_cast<CAItem *>(x->nextSibling())) { if (!x->modified && !x->isNew) continue; if (x->isNew) { x->isNew = false; _signers->addCA(x->getCert(), x->getSite(), x->getEmail(), x->getCode()); } else { _signers->setUse(x->configName(), x->getSite(), x->getEmail(), x->getCode()); } x->modified = false; doGen = true; } if (doGen) genCAList(); config->setGroup("Auth"); TQString whichAuth = config->readEntry("AuthMethod", "none"); if (defCertBG->selected() == defSend) config->writeEntry("AuthMethod", "send"); else if (defCertBG->selected() == defPrompt) config->writeEntry("AuthMethod", "prompt"); else config->writeEntry("AuthMethod", "none"); if (defCertBox->currentItem() == 0) config->writeEntry("DefaultCert", TQString()); else config->writeEntry("DefaultCert", defCertBox->currentText()); for (HostAuthItem *x = authDelList.first(); x != 0; x = authDelList.next()) { authcfg->deleteGroup(x->configName()); authDelList.remove(x); } for (HostAuthItem *x = static_cast<HostAuthItem *>(hostAuthList->firstChild()); x; x = static_cast<HostAuthItem *>(x->nextSibling())) { if (!x->originalName().isNull()) authcfg->deleteGroup(x->originalName()); } for (HostAuthItem *x = static_cast<HostAuthItem *>(hostAuthList->firstChild()); x; x = static_cast<HostAuthItem *>(x->nextSibling())) { authcfg->setGroup(KResolver::domainToAscii(x->configName())); authcfg->writeEntry("certificate", x->getCertName()); authcfg->writeEntry("prompt", (x->getAction() == KSSLCertificateHome::AuthPrompt)); authcfg->writeEntry("send", (x->getAction() == KSSLCertificateHome::AuthSend)); } #endif config->sync(); policies->sync(); pcerts->sync(); authcfg->sync(); // insure proper permissions -- contains sensitive data TQString cfgName(TDEGlobal::dirs()->findResource("config", "cryptodefaults")); if (!cfgName.isEmpty()) ::chmod(TQFile::encodeName(cfgName), 0600); emit changed(false); } TQString KCryptoConfig::handbookSection() const { int index = tabs->currentPageIndex(); if (index == 0) return "ssl_tab"; else if (index == 1) return "openssl"; else if (index == 2) return "your-certificates"; else if (index == 3) return "authentication"; else if (index == 4) return "peer-ssl-certificates"; else if (index == 5) return "ssl-signers"; else return TQString::null; } void KCryptoConfig::defaults() { load( true ); } void KCryptoConfig::genCAList() { _signers->regenerate(); } void KCryptoConfig::slotSelectCipher(int id) { switch(id) { case 1: cwCompatible(); break; case 2: cwUS(); break; case 3: cwExp(); break; case 4: cwAll(); } } void KCryptoConfig::cwCompatible() { #ifdef HAVE_SSL CipherItem *item; for ( item = static_cast<CipherItem *>(SSLv2Box->firstChild()); item; item = static_cast<CipherItem *>(item->nextSibling()) ) { item->setOn( item->bits() >= 56 && item->bits() <= 128 ); } for ( item = static_cast<CipherItem *>(SSLv3Box->firstChild()); item; item = static_cast<CipherItem *>(item->nextSibling()) ) { item->setOn( item->bits() >= 56 && item->bits() <= 128 ); } mUseTLS->setChecked(true); #if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2) mUseSSLv2->setChecked(false); #else mUseSSLv2->setChecked(true); #endif #if defined(OPENSSL_NO_SSL3) mUseSSLv3->setChecked(false); #else mUseSSLv3->setChecked(true); #endif configChanged(); #endif } void KCryptoConfig::cwUS() { #ifdef HAVE_SSL CipherItem *item; for ( item = static_cast<CipherItem *>(SSLv2Box->firstChild()); item; item = static_cast<CipherItem *>(item->nextSibling()) ) { item->setOn( item->bits() >= 128 ); } for ( item = static_cast<CipherItem *>(SSLv3Box->firstChild()); item; item = static_cast<CipherItem *>(item->nextSibling()) ) { item->setOn( item->bits() >= 128 ); } configChanged(); #endif } void KCryptoConfig::cwExp() { #ifdef HAVE_SSL CipherItem *item; for ( item = static_cast<CipherItem *>(SSLv2Box->firstChild()); item; item = static_cast<CipherItem *>(item->nextSibling()) ) { item->setOn( item->bits() <= 56 && item->bits() > 0); } for ( item = static_cast<CipherItem *>(SSLv3Box->firstChild()); item; item = static_cast<CipherItem *>(item->nextSibling()) ) { item->setOn( item->bits() <= 56 && item->bits() > 0); } configChanged(); #endif } void KCryptoConfig::cwAll() { #ifdef HAVE_SSL CipherItem *item; for ( item = static_cast<CipherItem *>(SSLv2Box->firstChild()); item; item = static_cast<CipherItem *>(item->nextSibling()) ) { item->setOn( true ); } for ( item = static_cast<CipherItem *>(SSLv3Box->firstChild()); item; item = static_cast<CipherItem *>(item->nextSibling()) ) { item->setOn( true ); } mUseTLS->setChecked(true); #if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2) mUseSSLv2->setChecked(false); #else mUseSSLv2->setChecked(true); #endif #if defined(OPENSSL_NO_SSL3) mUseSSLv3->setChecked(false); #else mUseSSLv3->setChecked(true); #endif configChanged(); #endif } void KCryptoConfig::slotExportCert() { OtherCertItem *x = static_cast<OtherCertItem *>(otherSSLBox->selectedItem()); if (x) { policies->setGroup(x->getMD5()); KSSLCertificate *cert = KSSLCertificate::fromString(policies->readEntry("Certificate", TQString()).local8Bit()); if (cert) { KCertExport kce; kce.setCertificate(cert); kce.exec(); delete cert; } else KMessageBox::sorry(this, i18n("Could not open the certificate."), i18n("SSL")); } } void KCryptoConfig::slotRemoveCert() { TQListViewItem *act = otherSSLBox->selectedItem(); OtherCertItem *x = static_cast<OtherCertItem *>(act); if (x) { TQListViewItem *next = act->itemBelow(); if (!next) next = act->itemAbove(); otherSSLBox->takeItem(x); otherCertDelList.append(x); configChanged(); if (next) otherSSLBox->setSelected(next, true); } } void KCryptoConfig::slotVerifyCert() { OtherCertItem *x = static_cast<OtherCertItem *>(otherSSLBox->selectedItem()); if (!x) return; policies->setGroup(x->getMD5()); KSSLCertificate *cert = KSSLCertificate::fromString(policies->readEntry("Certificate", TQString()).local8Bit()); if (!cert) { KMessageBox::error(this, i18n("Error obtaining the certificate."), i18n("SSL")); return; } cert->chain().setCertChain(policies->readListEntry("Chain")); KSSLCertificate::KSSLValidation v = cert->revalidate(KSSLCertificate::SSLServer); /* * Don't enable this until we keep this info in the cache if (v != KSSLCerticiate::Ok) v = cert->revalidate(KSSLCertificate::SMIMESign); if (v != KSSLCerticiate::Ok) v = cert->revalidate(KSSLCertificate::SMIMEEncrypt); */ if (v == KSSLCertificate::Ok) { KMessageBox::information(this, i18n("This certificate passed the verification tests successfully."), i18n("SSL")); } else { KMessageBox::detailedError(this, i18n("This certificate has failed the tests and should be considered invalid."), KSSLCertificate::verifyText(v), i18n("SSL")); } delete cert; } void KCryptoConfig::slotUntil() { OtherCertItem *x = static_cast<OtherCertItem *>(otherSSLBox->selectedItem()); cachePerm->setChecked(false); untilDate->setEnabled(true); if (!x) return; x->setPermanent(false); configChanged(); } void KCryptoConfig::slotPermanent() { OtherCertItem *x = static_cast<OtherCertItem *>(otherSSLBox->selectedItem()); cacheUntil->setChecked(false); untilDate->setEnabled(false); if (!x) return; x->setPermanent(true); configChanged(); } void KCryptoConfig::slotPolicyChanged(int id) { OtherCertItem *x = static_cast<OtherCertItem *>(otherSSLBox->selectedItem()); if (!x) return; if (id == policyGroup->id(policyAccept)) { x->setPolicy(KSSLCertificateCache::Accept); } else if (id == policyGroup->id(policyReject)) { x->setPolicy(KSSLCertificateCache::Reject); } else if (id == policyGroup->id(policyPrompt)) { x->setPolicy(KSSLCertificateCache::Prompt); } configChanged(); } void KCryptoConfig::slotDatePick() { KDateTimeDlg kdtd; OtherCertItem *x = static_cast<OtherCertItem *>(otherSSLBox->selectedItem()); if (!x || !untilDate->isEnabled()) return; TQDateTime qdt = x->getExpires(); kdtd.setDateTime(qdt); int rc = kdtd.exec(); if (rc == KDialog::Accepted) { x->setExpires(kdtd.getDateTime()); untilDate->setText(TDEGlobal::locale()->formatDateTime(x->getExpires())); configChanged(); } } void KCryptoConfig::slotOtherCertSelect() { OtherCertItem *x = static_cast<OtherCertItem *>(otherSSLBox->selectedItem()); TQString iss = TQString(); if (x) { otherSSLExport->setEnabled(true); otherSSLVerify->setEnabled(true); otherSSLRemove->setEnabled(true); fromLabel->setEnabled(true); untilLabel->setEnabled(true); policyGroup->setEnabled(true); cacheGroup->setEnabled(true); cachePerm->setEnabled(true); cacheUntil->setEnabled(true); policies->setGroup(x->getMD5()); KSSLCertificate *cert = KSSLCertificate::fromString(policies->readEntry("Certificate", TQString()).local8Bit()); if (cert) { TQPalette cspl; iss = cert->getIssuer(); cspl = validFrom->palette(); if (TQDateTime::currentDateTime(Qt::UTC) < cert->getQDTNotBefore()) { cspl.setColor(TQColorGroup::Foreground, TQColor(196,33,21)); } else { cspl.setColor(TQColorGroup::Foreground, TQColor(42,153,59)); } validFrom->setPalette(cspl); cspl = validUntil->palette(); if (TQDateTime::currentDateTime(Qt::UTC) > cert->getQDTNotAfter()) { cspl.setColor(TQColorGroup::Foreground, TQColor(196,33,21)); } else { cspl.setColor(TQColorGroup::Foreground, TQColor(42,153,59)); } validUntil->setPalette(cspl); validFrom->setText(cert->getNotBefore()); validUntil->setText(cert->getNotAfter()); untilDate->setText(x ? TDEGlobal::locale()->formatDateTime(x->getExpires()) : TDEGlobal::locale()->formatDateTime(TQDateTime::currentDateTime(Qt::UTC))); untilDate->setEnabled(x && !x->isPermanent()); pHash->setText(cert->getMD5DigestText()); delete cert; } else { validFrom->setText(TQString()); validUntil->setText(TQString()); pHash->clear(); } switch(x->getPolicy()) { case KSSLCertificateCache::Accept: policyGroup->setButton(policyGroup->id(policyAccept)); break; case KSSLCertificateCache::Reject: policyGroup->setButton(policyGroup->id(policyReject)); break; case KSSLCertificateCache::Prompt: policyGroup->setButton(policyGroup->id(policyPrompt)); break; } cachePerm->setChecked(x->isPermanent()); cacheUntil->setChecked(!x->isPermanent()); } else { otherSSLExport->setEnabled(false); otherSSLVerify->setEnabled(false); otherSSLRemove->setEnabled(false); fromLabel->setEnabled(false); untilLabel->setEnabled(false); policyGroup->setEnabled(false); cacheGroup->setEnabled(false); cachePerm->setChecked(false); cacheUntil->setChecked(false); policyAccept->setChecked(false); policyReject->setChecked(false); policyPrompt->setChecked(false); cachePerm->setEnabled(false); cacheUntil->setEnabled(false); validFrom->setText(TQString()); validUntil->setText(TQString()); untilDate->setText(TQString()); untilDate->setEnabled(false); pHash->clear(); } oSubject->setValues(x ? x->getSub() : TQString(TQString())); oIssuer->setValues(iss); } void KCryptoConfig::slotYourImport() { TQString certFile = KFileDialog::getOpenFileName(TQString(), "application/x-pkcs12"); if (certFile.isEmpty()) return; #ifdef HAVE_SSL KSSLPKCS12 *cert = NULL; TQCString pass; TryImportPassAgain: int rc = KPasswordDialog::getPassword(pass, i18n("Certificate password")); if (rc != KPasswordDialog::Accepted) return; cert = KSSLPKCS12::loadCertFile(certFile, TQString(pass)); if (!cert) { rc = KMessageBox::warningYesNo(this, i18n("The certificate file could not be loaded. Try a different password?"), i18n("SSL"),i18n("Try"),i18n("Do Not Try")); if (rc == KMessageBox::Yes) goto TryImportPassAgain; return; } // At this point, we know that we can read the certificate in. // The procedure will be to convert it to Base64 in it's raw form // and add it to the ListView - eventually going into the SimpleConfig. // FIXME: prompt if the user wants the password stored along with the // certificate TQString name = cert->getCertificate()->getSubject(); for (YourCertItem *i = static_cast<YourCertItem *>(yourSSLBox->firstChild()); i; i = static_cast<YourCertItem *>(i->nextSibling())) { if (i->configName() == name) { rc = KMessageBox::warningContinueCancel(this, i18n("A certificate with that name already exists. Are you sure that you wish to replace it?"), i18n("SSL"), i18n("Replace")); if (rc == KMessageBox::Cancel) { delete cert; return; } yourSSLBox->takeItem(i); yourCertDelList.append(i); } } new YourCertItem(yourSSLBox, cert->toString(), TQString(), // the password - don't store it yet! name, this ); setAuthCertLists(); configChanged(); delete cert; #endif offerImportToKMail( certFile ); } void KCryptoConfig::slotYourExport() { YourCertItem *x = static_cast<YourCertItem *>(yourSSLBox->selectedItem()); if (!x) return; KSSLPKCS12 *pkcs = KSSLPKCS12::fromString(x->getPKCS(), x->getPass()); if (!pkcs) pkcs = KSSLPKCS12::fromString(x->getPKCS(), x->getPassCache()); if (!pkcs) { TQString pprompt = i18n("Enter the certificate password:"); TQCString oldpass; do { int i = KPasswordDialog::getPassword(oldpass, pprompt); if (i != KPasswordDialog::Accepted) return; pkcs = KSSLPKCS12::fromString(x->getPKCS(), oldpass); pprompt = i18n("Decoding failed. Please try again:"); } while (!pkcs); x->setPassCache(oldpass); slotYourUnlock(); } // For now, we will only export to PKCS#12 TQString certFile = KFileDialog::getSaveFileName(TQString(), "application/x-pkcs12"); if (certFile.isEmpty()) return; if (!pkcs->toFile(certFile)) KMessageBox::sorry(this, i18n("Export failed."), i18n("SSL")); } void KCryptoConfig::slotYourVerify() { YourCertItem *x = static_cast<YourCertItem *>(yourSSLBox->selectedItem()); TQString iss; if (!x) return; KSSLPKCS12 *pkcs = KSSLPKCS12::fromString(x->getPKCS(), x->getPass()); if (!pkcs) pkcs = KSSLPKCS12::fromString(x->getPKCS(), x->getPassCache()); if (!pkcs) { TQString pprompt = i18n("Enter the certificate password:"); TQCString oldpass; do { int i = KPasswordDialog::getPassword(oldpass, pprompt); if (i != KPasswordDialog::Accepted) return; pkcs = KSSLPKCS12::fromString(x->getPKCS(), oldpass); pprompt = i18n("Decoding failed. Please try again:"); } while (!pkcs); x->setPassCache(oldpass); slotYourUnlock(); } KSSLCertificate::KSSLValidation v = pkcs->revalidate(KSSLCertificate::SSLClient); if (v != KSSLCertificate::Ok) v = pkcs->revalidate(KSSLCertificate::SMIMEEncrypt); if (v != KSSLCertificate::Ok) v = pkcs->revalidate(KSSLCertificate::SMIMESign); if (v == KSSLCertificate::Ok) { KMessageBox::information(this, i18n("This certificate passed the verification tests successfully."), i18n("SSL")); } else { KMessageBox::detailedError(this, i18n("This certificate has failed the tests and should be considered invalid."), KSSLCertificate::verifyText(v), i18n("SSL")); } delete pkcs; } void KCryptoConfig::slotYourRemove() { YourCertItem *x = static_cast<YourCertItem *>(yourSSLBox->selectedItem()); if (x) { yourSSLBox->takeItem(x); yourCertDelList.append(x); setAuthCertLists(); configChanged(); } } void KCryptoConfig::slotYourUnlock() { YourCertItem *x = static_cast<YourCertItem *>(yourSSLBox->selectedItem()); TQString iss; if (!x || !yourSSLUnlock->isEnabled()) return; KSSLPKCS12 *pkcs = KSSLPKCS12::fromString(x->getPKCS(), x->getPass()); if (!pkcs) pkcs = KSSLPKCS12::fromString(x->getPKCS(), x->getPassCache()); if (!pkcs) { TQString pprompt = i18n("Enter the certificate password:"); TQCString oldpass; do { int i = KPasswordDialog::getPassword(oldpass, pprompt); if (i != KPasswordDialog::Accepted) return; pkcs = KSSLPKCS12::fromString(x->getPKCS(), oldpass); pprompt = i18n("Decoding failed. Please try again:"); } while (!pkcs); x->setPassCache(oldpass); } // update the info iss = pkcs->getCertificate()->getIssuer(); ySubject->setValues(x ? x->getName() : TQString(TQString())); yIssuer->setValues(iss); TQPalette cspl; KSSLCertificate *cert = pkcs->getCertificate(); cspl = yValidFrom->palette(); if (TQDateTime::currentDateTime(Qt::UTC) < cert->getQDTNotBefore()) { cspl.setColor(TQColorGroup::Foreground, TQColor(196,33,21)); } else { cspl.setColor(TQColorGroup::Foreground, TQColor(42,153,59)); } yValidFrom->setPalette(cspl); cspl = yValidUntil->palette(); if (TQDateTime::currentDateTime(Qt::UTC) > cert->getQDTNotAfter()) { cspl.setColor(TQColorGroup::Foreground, TQColor(196,33,21)); } else { cspl.setColor(TQColorGroup::Foreground, TQColor(42,153,59)); } yValidUntil->setPalette(cspl); yValidFrom->setText(cert->getNotBefore()); yValidUntil->setText(cert->getNotAfter()); yHash->setText(cert->getMD5DigestText()); yourSSLUnlock->setEnabled(false); delete pkcs; } void KCryptoConfig::slotYourCertSelect() { YourCertItem *x = static_cast<YourCertItem *>(yourSSLBox->selectedItem()); TQString iss; yourSSLExport->setEnabled(x != NULL); yourSSLPass->setEnabled(x != NULL); yourSSLUnlock->setEnabled(false); yourSSLVerify->setEnabled(x != NULL); yourSSLRemove->setEnabled(x != NULL); if (x) { KSSLPKCS12 *pkcs = KSSLPKCS12::fromString(x->getPKCS(), x->getPass()); if (pkcs) { TQPalette cspl; KSSLCertificate *cert = pkcs->getCertificate(); iss = cert->getIssuer(); cspl = yValidFrom->palette(); if (TQDateTime::currentDateTime(Qt::UTC) < cert->getQDTNotBefore()) { cspl.setColor(TQColorGroup::Foreground, TQColor(196,33,21)); } else { cspl.setColor(TQColorGroup::Foreground, TQColor(42,153,59)); } yValidFrom->setPalette(cspl); cspl = yValidUntil->palette(); if (TQDateTime::currentDateTime(Qt::UTC) > cert->getQDTNotAfter()) { cspl.setColor(TQColorGroup::Foreground, TQColor(196,33,21)); } else { cspl.setColor(TQColorGroup::Foreground, TQColor(42,153,59)); } yValidUntil->setPalette(cspl); yValidFrom->setText(cert->getNotBefore()); yValidUntil->setText(cert->getNotAfter()); yHash->setText(cert->getMD5DigestText()); delete pkcs; } else { yourSSLUnlock->setEnabled(x != NULL); yHash->clear(); } } else { yHash->clear(); } ySubject->setValues(x ? x->getName() : TQString(TQString())); yIssuer->setValues(iss); } void KCryptoConfig::slotYourPass() { YourCertItem *x = static_cast<YourCertItem *>(yourSSLBox->selectedItem()); TQCString oldpass = ""; if (!x) return; KSSLPKCS12 *pkcs = KSSLPKCS12::fromString(x->getPKCS(), x->getPass()); if (!pkcs) pkcs = KSSLPKCS12::fromString(x->getPKCS(), x->getPassCache()); if (!pkcs) { TQString pprompt = i18n("Enter the OLD password for the certificate:"); do { int i = KPasswordDialog::getPassword(oldpass, pprompt); if (i != KPasswordDialog::Accepted) break; pkcs = KSSLPKCS12::fromString(x->getPKCS(), oldpass); pprompt = i18n("Decoding failed. Please try again:"); } while (!pkcs); } if (pkcs) { x->setPassCache(oldpass); slotYourUnlock(); KPasswordDialog *kpd = new KPasswordDialog(KPasswordDialog::NewPassword, false, 0, this); kpd->setPrompt(i18n("Enter the new certificate password")); kpd->setAllowEmptyPasswords(true); int i = kpd->exec(); if (i == KPasswordDialog::Accepted) { TQCString pass = kpd->password(); pkcs->changePassword(TQString(oldpass), TQString(pass)); x->setPKCS(pkcs->toString()); x->setPassCache(pass); configChanged(); } delete kpd; delete pkcs; } } void KCryptoConfig::slotCAImport() { TQString certFile = KFileDialog::getOpenFileName(TQString(), "application/x-x509-ca-cert"); if (certFile.isEmpty()) return; #ifdef HAVE_SSL // First try to load using the OpenSSL method X509_STORE *certStore = KOSSL::self()->X509_STORE_new(); X509_LOOKUP *certLookup = KOSSL::self()->X509_STORE_add_lookup(certStore, KOSSL::self()->X509_LOOKUP_file()); if (certLookup && KOSSL::self()->X509_LOOKUP_load_file(certLookup, certFile.local8Bit(), X509_FILETYPE_PEM)) { STACK_OF(X509_OBJECT) *certStore_objs = KOSSL::self()->X509_STORE_get0_objects(certStore); for (int i = 0; i < KOSSL::self()->OPENSSL_sk_num(certStore_objs); i++) { X509_OBJECT* x5o = reinterpret_cast<X509_OBJECT*>(KOSSL::self()->OPENSSL_sk_value(certStore_objs, i)); if (!x5o) continue; if (KOSSL::self()->X509_OBJECT_get_type(x5o) != X509_LU_X509) continue; X509 *x5 = KOSSL::self()->X509_OBJECT_get0_X509(x5o); if (!x5) continue; // Easier to use in this form KSSLCertificate *x = KSSLCertificate::fromX509(x5); // Only import CA's if (!x || !x->x509V3Extensions().certTypeCA()) { if (x) { TQString emsg = x->getSubject() + ":\n" + i18n("This is not a signer certificate."); KMessageBox::error(this, emsg, i18n("SSL")); delete x; } continue; } TQString name = x->getSubject(); // search for dups for (CAItem *m = static_cast<CAItem *>(caList->firstChild()); m; m = static_cast<CAItem *>(m->nextSibling())) { if (m->configName() == name) { KSSLCertificate *y = KSSLCertificate::fromString(m->getCert().local8Bit()); if (!y) continue; if (*x == *y) { TQString emsg = name + ":\n" + i18n("You already have this signer certificate installed."); KMessageBox::error(this, emsg, i18n("SSL")); delete x; delete y; x = NULL; break; } delete y; } } if (!x) continue; // Ok, add it to the list (new CAItem(caList, name, x->toString(), true, true, true, this) )->isNew = true; delete x; } // Can the PEM code be wiped out now? } else { // try to load it manually as a single X.509 DER encoded // ASSUMPTION: we only read one certificate in this code TQFile qf(certFile); TQString name; TQString certtext; KSSLCertificate *x; qf.open(IO_ReadOnly); qf.readLine(certtext, qf.size()); if (certStore) { KOSSL::self()->OPENSSL_sk_free(certStore); certStore = NULL; } if (certtext.contains("-----BEGIN CERTIFICATE-----")) { qf.reset(); certtext = TQString(); while (!qf.atEnd()) { TQString xx; qf.readLine(xx, qf.size()); certtext += xx; } certtext = certtext.replace("-----BEGIN CERTIFICATE-----", TQString()); certtext = certtext.replace("-----END CERTIFICATE-----", TQString()); certtext = certtext.stripWhiteSpace(); certtext = certtext.replace("\n", TQString()); } else { // Must [could?] be DER qf.close(); qf.open(IO_ReadOnly); char *cr; cr = new char[qf.size()+1]; qf.readBlock(cr, qf.size()); TQByteArray qba; qba.duplicate(cr, qf.size()); certtext = KCodecs::base64Encode(qba); delete [] cr; } qf.close(); x = KSSLCertificate::fromString(certtext.latin1()); if (!x) { KMessageBox::sorry(this, i18n("The certificate file could not be loaded."), i18n("SSL")); return; } if (!x->x509V3Extensions().certTypeCA()) { KMessageBox::sorry(this, i18n("This is not a signer certificate."), i18n("SSL")); return; } name = x->getSubject(); for (CAItem *i = static_cast<CAItem *>(caList->firstChild()); i; i = static_cast<CAItem *>(i->nextSibling())) { if (i->configName() == name) { KSSLCertificate *y = KSSLCertificate::fromString(i->getCert().local8Bit()); if (!y) continue; if (*x == *y) { KMessageBox::error(this, i18n("You already have this signer certificate installed."), i18n("SSL")); delete x; delete y; return; } delete y; } } (new CAItem(caList, name, x->toString(), true, true, true, this))->isNew = true; delete x; } if (certStore) KOSSL::self()->OPENSSL_sk_free(certStore); configChanged(); #endif offerImportToKMail( certFile ); } void KCryptoConfig::offerImportToKMail( const TQString& certFile ) { if ( KMessageBox::questionYesNo( this, i18n( "Do you want to make this certificate available to KMail as well?" ), TQString(), i18n("Make Available"), i18n("Do Not Make Available") ) == KMessageBox::Yes ) { TDEProcess proc; proc << "kleopatra"; proc << "--import-certificate"; proc << certFile; if ( !proc.start( TDEProcess::DontCare ) ) KMessageBox::error( this, i18n( "Could not execute Kleopatra. You might have to install or update the tdepim package." ) ); } } void KCryptoConfig::slotCARemove() { CAItem *x = static_cast<CAItem *>(caList->selectedItem()); if (x) { caList->takeItem(x); caDelList.append(x); configChanged(); slotCAItemChanged(); } } void KCryptoConfig::slotCARestore() { int rc = KMessageBox::warningContinueCancel(this, i18n("This will revert your certificate signers database to the TDE default.\nThis operation cannot be undone.\nAre you sure you wish to continue?"), i18n("SSL"),i18n("Revert")); if (rc == KMessageBox::Cancel) { return; } // For now, we just rm the existing file and rebuild TQString path = TDEGlobal::dirs()->saveLocation("config"); path += "/ksslcalist"; TQFile::remove(path); // Remove all our old work and rebuild the GUI/List caDelList.clear(); caList->clear(); TQStringList groups = _signers->list(); TDEConfig sigcfg("ksslcalist", true, false); for (TQStringList::Iterator i = groups.begin(); i != groups.end(); ++i) { if ((*i).isEmpty() || *i == "<default>") continue; if (!sigcfg.hasGroup(*i)) continue; sigcfg.setGroup(*i); if (!sigcfg.hasKey("x509")) continue; new CAItem(caList, (*i), sigcfg.readEntry("x509", TQString()), sigcfg.readBoolEntry("site", false), sigcfg.readBoolEntry("email", false), sigcfg.readBoolEntry("code", false), this ); } genCAList(); slotCAItemChanged(); } void KCryptoConfig::slotCAItemChanged() { CAItem *x = static_cast<CAItem *>(caList->selectedItem()); if (x) { caSSLRemove->setEnabled(true); caSubject->setValues(x ? x->getName() : TQString(TQString())); KSSLCertificate *cert = KSSLCertificate::fromString(x->getCert().local8Bit()); if (!cert) { caIssuer->setValues(TQString(TQString())); caSite->setEnabled(false); caEmail->setEnabled(false); caCode->setEnabled(false); caSite->setChecked(false); caEmail->setChecked(false); caCode->setChecked(false); cHash->clear(); } else { caSite->setEnabled(cert->x509V3Extensions().certTypeSSLCA()); caEmail->setEnabled(cert->x509V3Extensions().certTypeEmailCA()); caCode->setEnabled(cert->x509V3Extensions().certTypeCodeCA()); caSite->setChecked(x->getSite()); caEmail->setChecked(x->getEmail()); caCode->setChecked(x->getCode()); caIssuer->setValues(cert->getIssuer()); cHash->setText(cert->getMD5DigestText()); delete cert; } } else { caSSLRemove->setEnabled(false); caSite->setEnabled(false); caEmail->setEnabled(false); caCode->setEnabled(false); caSubject->setValues(TQString(TQString())); caIssuer->setValues(TQString(TQString())); cHash->clear(); } } void KCryptoConfig::slotCAChecked() { CAItem *x = static_cast<CAItem *>(caList->selectedItem()); if (x) { x->setSite(caSite->isChecked()); x->setEmail(caEmail->isChecked()); x->setCode(caCode->isChecked()); x->modified = true; configChanged(); } } void KCryptoConfig::slotNewHostAuth() { HostAuthItem *j = new HostAuthItem(hostAuthList, TQString(), TQString(), this ); j->setAction(KSSLCertificateHome::AuthSend); hostAuthList->setSelected(j, true); authHost->setEnabled(true); hostCertBox->setEnabled(true); hostCertBG->setEnabled(true); authRemove->setEnabled(true); hostCertBG->setButton(0); authHost->setFocus(); } void KCryptoConfig::slotRemoveHostAuth() { TQListViewItem *act = hostAuthList->selectedItem(); HostAuthItem *x = static_cast<HostAuthItem *>(act); if (x) { TQListViewItem *next = act->itemBelow(); if (!next) next = act->itemAbove(); hostAuthList->takeItem(x); authDelList.append(x); configChanged(); if (next) hostAuthList->setSelected(next, true); } } void KCryptoConfig::slotAuthItemChanged() { HostAuthItem *x = static_cast<HostAuthItem *>(hostAuthList->selectedItem()); if (x) { // Make sure the fields are enabled authHost->setEnabled(true); hostCertBox->setEnabled(true); hostCertBG->setEnabled(true); authRemove->setEnabled(true); // Populate the fields switch(x->getAction()) { case KSSLCertificateHome::AuthSend: hostCertBG->setButton(hostCertBG->id(hostSend)); break; case KSSLCertificateHome::AuthPrompt: hostCertBG->setButton(hostCertBG->id(hostPrompt)); break; case KSSLCertificateHome::AuthDont: hostCertBG->setButton(hostCertBG->id(hostDont)); break; default: hostSend->setChecked(false); hostPrompt->setChecked(false); hostDont->setChecked(false); break; } ___lehack = true; authHost->setText(x->configName()); ___lehack = false; hostCertBox->setCurrentItem(0); TQString theCert = x->getCertName(); for (int i = 0; i < hostCertBox->count(); i++) { if (hostCertBox->text(i) == theCert) { hostCertBox->setCurrentItem(i); break; } } } else { authHost->clear(); authHost->setEnabled(false); hostCertBox->setEnabled(false); hostCertBG->setEnabled(false); authRemove->setEnabled(false); } } void KCryptoConfig::slotAuthText(const TQString &t) { if (___lehack) return; HostAuthItem *x = static_cast<HostAuthItem *>(hostAuthList->selectedItem()); if (x) { x->setHost(t); configChanged(); } } void KCryptoConfig::slotAuthButtons() { HostAuthItem *x = static_cast<HostAuthItem *>(hostAuthList->selectedItem()); if (x) { KSSLCertificateHome::KSSLAuthAction aa = KSSLCertificateHome::AuthDont; int sel = hostCertBG->id(hostCertBG->selected()); if (sel == hostCertBG->id(hostSend)) aa = KSSLCertificateHome::AuthSend; else if (sel == hostCertBG->id(hostPrompt)) aa = KSSLCertificateHome::AuthPrompt; else aa = KSSLCertificateHome::AuthDont; x->setAction(aa); configChanged(); } } void KCryptoConfig::slotAuthCombo() { HostAuthItem *x = static_cast<HostAuthItem *>(hostAuthList->selectedItem()); if (x) { if (hostCertBox->currentItem() == 0) x->setCertName(TQString()); else x->setCertName(hostCertBox->currentText()); configChanged(); } } void KCryptoConfig::slotTestOSSL() { KOSSL::self()->destroy(); if (!KOSSL::self()->hasLibSSL()) { KMessageBox::detailedSorry(this, i18n("Failed to load OpenSSL."), i18n("libssl was not found or successfully loaded."), i18n("OpenSSL")); return; } if (!KOSSL::self()->hasLibCrypto()) { KMessageBox::detailedSorry(this, i18n("Failed to load OpenSSL."), i18n("libcrypto was not found or successfully loaded."), i18n("OpenSSL")); return; } KMessageBox::information(this, i18n("OpenSSL was successfully loaded."), i18n("OpenSSL")); } void KCryptoConfig::slotUseEGD() { if (mUseEGD->isChecked()) { mUseEFile->setChecked(false); } mEGDLabel->setText(i18n("Path to EGD:")); mEGDPath->setEnabled(mUseEGD->isChecked()); mEGDLabel->setEnabled(mUseEGD->isChecked()); configChanged(); } void KCryptoConfig::slotUseEFile() { if (mUseEFile->isChecked()) { mUseEGD->setChecked(false); } mEGDLabel->setText(i18n("Path to entropy file:")); mEGDPath->setEnabled(mUseEFile->isChecked()); mEGDLabel->setEnabled(mUseEFile->isChecked()); configChanged(); } // Lets make this a separate module. it's a whole lot of work and can really be // encompassed in a separate module quite nicely. void KCryptoConfig::slotGeneratePersonal() { #if 0 TQStringList qslCertTypes; qslCertTypes << i18n("Personal SSL") << i18n("Server SSL") << i18n("S/MIME") << i18n("PGP") << i18n("GPG") << i18n("SSL Personal Request") << i18n("SSL Server Request") << i18n("Netscape SSL") << i18n("Server certificate authority", "Server CA") << i18n("Personal certificate authority", "Personal CA") << i18n("Secure MIME certificate authority", "S/MIME CA"); #endif } #ifdef HAVE_SSL // This gets all the available ciphers from OpenSSL bool KCryptoConfig::loadCiphers() { unsigned int i, cnt; SSL_CTX *ctx; SSL *ssl; SSL_METHOD *meth; STACK_OF(SSL_CIPHER)* sk; SSLv2Box->clear(); SSLv3Box->clear(); CipherItem *item; #if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_NO_SSL2) meth = KOSSL::self()->SSLv2_client_method(); ctx = KOSSL::self()->SSL_CTX_new(meth); if (ctx == NULL) return false; ssl = KOSSL::self()->SSL_new(ctx); if (!ssl) return false; sk = KOSSL::self()->SSL_get_ciphers(ssl); cnt = KOSSL::self()->OPENSSL_sk_num(sk); for (i = 0; i < cnt; i++) { int j, k; SSL_CIPHER *sc = reinterpret_cast<SSL_CIPHER*>(KOSSL::self()->OPENSSL_sk_value(sk, i)); if (!sc) break; // Leak of sc*? TQString scn(KOSSL::self()->SSL_CIPHER_get_name(sc)); if (scn.contains("ADH-") || scn.contains("NULL-") || scn.contains("DES-CBC3-SHA") || scn.contains("FZA-")) { continue; } k = KOSSL::self()->SSL_CIPHER_get_bits(sc, &j); item = new CipherItem( SSLv2Box, scn, k, j, this ); } if (ctx) KOSSL::self()->SSL_CTX_free(ctx); if (ssl) KOSSL::self()->SSL_free(ssl); #endif # ifndef OPENSSL_NO_SSL3_METHOD // We repeat for SSLv3 meth = KOSSL::self()->SSLv3_client_method(); ctx = KOSSL::self()->SSL_CTX_new(meth); if (ctx == NULL) return false; ssl = KOSSL::self()->SSL_new(ctx); if (!ssl) return false; sk = KOSSL::self()->SSL_get_ciphers(ssl); cnt = KOSSL::self()->OPENSSL_sk_num(sk); for (i = 0; i < cnt; i++) { int j, k; SSL_CIPHER *sc = reinterpret_cast<SSL_CIPHER*>(KOSSL::self()->OPENSSL_sk_value(sk, i)); if (!sc) break; // Leak of sc*? TQString scn(KOSSL::self()->SSL_CIPHER_get_name(sc)); if (scn.contains("ADH-") || scn.contains("NULL-") || scn.contains("DES-CBC3-SHA") || scn.contains("FZA-")) { continue; } k = KOSSL::self()->SSL_CIPHER_get_bits(sc, &j); item = new CipherItem( SSLv3Box, scn, k, j, this ); } if (ctx) KOSSL::self()->SSL_CTX_free(ctx); if (ssl) KOSSL::self()->SSL_free(ssl); #endif return true; } #endif void KCryptoConfig::setAuthCertLists() { TQString oldDef, oldHost; bool noneDef, noneHost; // get the old setting oldDef = defCertBox->currentText(); oldHost = hostCertBox->currentText(); noneDef = (0 == defCertBox->currentItem()); noneHost = (0 == hostCertBox->currentItem()); // repopulate defCertBox->clear(); hostCertBox->clear(); TQStringList defCertStrList; // = KSSLCertificateHome::getCertificateList(); defCertStrList.append(i18n("None")); for (YourCertItem *x = static_cast<YourCertItem *>(yourSSLBox->firstChild()); x; x = static_cast<YourCertItem *>(x->nextSibling())) { defCertStrList.append(x->configName()); } defCertBox->insertStringList(defCertStrList); hostCertBox->insertStringList(defCertStrList); // try to restore it defCertBox->setCurrentItem(0); if (!noneDef) { for (int i = 0; i < defCertBox->count(); i++) { if (defCertBox->text(i) == oldDef) { defCertBox->setCurrentItem(i); break; } } } if (!noneDef && defCertBox->currentItem() == 0) configChanged(); hostCertBox->setCurrentItem(0); if (!noneHost) { for (int i = 0; i < hostCertBox->count(); i++) { if (hostCertBox->text(i) == oldHost) { hostCertBox->setCurrentItem(i); break; } } } if (!noneHost && hostCertBox->currentItem() == 0) configChanged(); // Update the host entries too for (HostAuthItem *x = static_cast<HostAuthItem *>(hostAuthList->firstChild()); x; x = static_cast<HostAuthItem *>(x->nextSibling())) { TQString newValue = TQString(); for (int i = 1; i < hostCertBox->count(); i++) { if (hostCertBox->text(i) == x->getCertName()) { newValue = x->getCertName(); break; } } if (newValue != x->getCertName()) configChanged(); x->setCertName(newValue); } } #include "crypto.moc"