summaryrefslogtreecommitdiffstats
path: root/tdeio/kssl/ksslcertificate.h
diff options
context:
space:
mode:
Diffstat (limited to 'tdeio/kssl/ksslcertificate.h')
-rw-r--r--tdeio/kssl/ksslcertificate.h376
1 files changed, 376 insertions, 0 deletions
diff --git a/tdeio/kssl/ksslcertificate.h b/tdeio/kssl/ksslcertificate.h
new file mode 100644
index 000000000..0c5f87323
--- /dev/null
+++ b/tdeio/kssl/ksslcertificate.h
@@ -0,0 +1,376 @@
+/* This file is part of the KDE project
+ *
+ * Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ */
+
+#ifndef _KSSLCERTIFICATE_H
+#define _KSSLCERTIFICATE_H
+
+
+// UPDATE: I like the structure of this class less and less every time I look
+// at it. I think it needs to change.
+//
+//
+// The biggest reason for making everything protected here is so that
+// the class can have all it's methods available even if openssl is not
+// available. Also, to create a new certificate you should use the
+// KSSLCertificateFactory, and to manage the user's database of certificates,
+// you should go through the KSSLCertificateHome.
+//
+// There should be no reason to touch the X509 stuff directly.
+//
+
+#include <tqcstring.h>
+#include <tqvaluelist.h>
+
+class TQString;
+class TQStringList;
+class TQCString;
+class KSSL;
+class KSSLCertificatePrivate;
+class TQDateTime;
+class KSSLCertChain;
+class KSSLX509V3;
+
+#include <tdelibs_export.h>
+
+#ifdef Q_WS_WIN
+#include "ksslconfig_win.h"
+#else
+#include "ksslconfig.h"
+#endif
+
+#ifdef KSSL_HAVE_SSL
+typedef struct x509_st X509;
+#else
+class X509;
+#endif
+
+/**
+ * KDE X.509 Certificate
+ *
+ * This class represents an X.509 (SSL) certificate.
+ * Note: this object is VERY HEAVY TO COPY. Please try to use reference
+ * or pointer whenever possible
+ *
+ * @author George Staikos <staikos@kde.org>
+ * @see KSSL
+ * @short KDE X.509 Certificate
+ */
+class TDEIO_EXPORT KSSLCertificate {
+friend class KSSL;
+friend class KSSLCertificateHome;
+friend class KSSLCertificateFactory;
+friend class KSSLCertificateCache;
+friend class KSSLCertChain;
+friend class KSSLPeerInfo;
+friend class KSSLPKCS12;
+friend class KSSLD;
+friend class KSMIMECryptoPrivate;
+
+
+public:
+ /**
+ * Destroy this X.509 certificate.
+ */
+ ~KSSLCertificate();
+
+ /**
+ * Create an X.509 certificate from a base64 encoded string.
+ * @param cert the certificate in base64 form
+ * @return the X.509 certificate, or NULL
+ */
+ static KSSLCertificate *fromString(TQCString cert);
+
+ /**
+ * Create an X.509 certificate from the internal representation.
+ * This one duplicates the X509 object for itself.
+ * @param x5 the OpenSSL representation of the certificate
+ * @return the X.509 certificate, or NULL
+ * @internal
+ */
+ static KSSLCertificate *fromX509(X509 *x5);
+
+ /**
+ * A CA certificate can be validated as Irrelevant when it was
+ * not used to sign any other relevant certificate.
+ */
+ enum KSSLValidation { Unknown, Ok, NoCARoot, InvalidPurpose,
+ PathLengthExceeded, InvalidCA, Expired,
+ SelfSigned, ErrorReadingRoot, NoSSL,
+ Revoked, Untrusted, SignatureFailed,
+ Rejected, PrivateKeyFailed, InvalidHost,
+ Irrelevant, SelfSignedChain
+ };
+
+ enum KSSLPurpose { None=0, SSLServer=1, SSLClient=2,
+ SMIMESign=3, SMIMEEncrypt=4, Any=5 };
+
+ typedef TQValueList<KSSLValidation> KSSLValidationList;
+
+ /**
+ * Convert this certificate to a string.
+ * @return the certificate in base64 format
+ */
+ TQString toString();
+
+ /**
+ * Get the subject of the certificate (X.509 map).
+ * @return the subject
+ */
+ TQString getSubject() const;
+
+ /**
+ * Get the issuer of the certificate (X.509 map).
+ * @return the issuer
+ */
+ TQString getIssuer() const;
+
+ /**
+ * Get the date that the certificate becomes valid on.
+ * @return the date as a string, localised
+ */
+ TQString getNotBefore() const;
+
+ /**
+ * Get the date that the certificate is valid until.
+ * @return the date as a string, localised
+ */
+ TQString getNotAfter() const;
+
+ /**
+ * Get the date that the certificate becomes valid on.
+ * @return the date
+ */
+ TQDateTime getQDTNotBefore() const;
+
+ /**
+ * Get the date that the certificate is valid until.
+ * @return the date
+ */
+ TQDateTime getQDTNotAfter() const;
+
+ /**
+ * Convert the certificate to DER (ASN.1) format.
+ * @return the binary data of the DER encoding
+ */
+ TQByteArray toDer();
+
+ /**
+ * Convert the certificate to PEM (base64) format.
+ * @return the binary data of the PEM encoding
+ */
+ TQByteArray toPem();
+
+ /**
+ * Convert the certificate to Netscape format.
+ * @return the binary data of the Netscape encoding
+ */
+ TQByteArray toNetscape();
+
+ /**
+ * Convert the certificate to OpenSSL plain text format.
+ * @return the OpenSSL text encoding
+ */
+ TQString toText();
+
+ /**
+ * Get the serial number of the certificate.
+ * @return the serial number as a string
+ */
+ TQString getSerialNumber() const;
+
+ /**
+ * Get the key type (RSA, DSA, etc).
+ * @return the key type as a string
+ */
+ TQString getKeyType() const;
+
+ /**
+ * Get the public key.
+ * @return the public key as a hexidecimal string
+ */
+ TQString getPublicKeyText() const;
+
+ /**
+ * Get the MD5 digest of the certificate.
+ * Result is padded with : to separate bytes - it's a text version!
+ * @return the MD5 digest in a hexidecimal string
+ */
+ TQString getMD5DigestText() const;
+
+ /**
+ * Get the MD5 digest of the certificate.
+ * @return the MD5 digest in a hexidecimal string
+ */
+ TQString getMD5Digest() const;
+
+ /**
+ * Get the signature.
+ * @return the signature in text format
+ */
+ TQString getSignatureText() const;
+
+ /**
+ * Check if this is a valid certificate. Will use cached data.
+ * @return true if it is valid
+ */
+ bool isValid();
+
+ /**
+ * Check if this is a valid certificate. Will use cached data.
+ * @param p the purpose to validate for
+ * @return true if it is valid
+ */
+ bool isValid(KSSLPurpose p);
+
+ /**
+ * The alternate subject name.
+ * @return string list with subjectAltName
+ */
+ TQStringList subjAltNames() const;
+
+ /**
+ * Check if this is a valid certificate. Will use cached data.
+ * @return the result of the validation
+ */
+ KSSLValidation validate();
+
+ /**
+ * Check if this is a valid certificate. Will use cached data.
+ * @param p the purpose to validate for
+ * @return the result of the validation
+ */
+ KSSLValidation validate(KSSLPurpose p);
+
+ /**
+ * Check if this is a valid certificate. Will use cached data.
+ * @param p the purpose to validate for
+ * @return all problems encountered during validation
+ */
+ KSSLValidationList validateVerbose(KSSLPurpose p);
+
+ /**
+ * Check if the certificate ca is a proper CA for this
+ * certificate.
+ * @param p the purpose to validate for
+ * @param ca the certificate to check
+ * @return all problems encountered during validation
+ */
+ KSSLValidationList validateVerbose(KSSLPurpose p, KSSLCertificate *ca);
+
+ /**
+ * Check if this is a valid certificate. Will NOT use cached data.
+ * @return the result of the validation
+ */
+ KSSLValidation revalidate();
+
+ /**
+ * Check if this is a valid certificate. Will NOT use cached data.
+ * @param p the purpose to validate for
+ * @return the result of the validation
+ */
+ KSSLValidation revalidate(KSSLPurpose p);
+
+ /**
+ * Get a reference to the certificate chain.
+ * @return reference to the chain
+ */
+ KSSLCertChain& chain();
+
+ /**
+ * Obtain the localized message that corresponds to a validation result.
+ * @param x the code to look up
+ * @return the message text corresponding to the validation code
+ */
+ static TQString verifyText(KSSLValidation x);
+
+ /**
+ * Explicitly make a copy of this certificate.
+ * @return a copy of the certificate
+ */
+ KSSLCertificate *replicate();
+
+ /**
+ * Copy constructor. Beware, this is very expensive.
+ * @param x the object to copy from
+ */
+ KSSLCertificate(const KSSLCertificate& x); // copy constructor
+
+ /**
+ * Re-set the certificate from a base64 string.
+ * @param cert the certificate to set to
+ * @return true on success
+ */
+ bool setCert(TQString& cert);
+
+ /**
+ * Access the X.509v3 parameters.
+ * @return reference to the extension object
+ * @see KSSLX509V3
+ */
+ KSSLX509V3& x509V3Extensions();
+
+ /**
+ * Check if this is a signer certificate.
+ * @return true if this is a signer certificate
+ */
+ bool isSigner();
+
+ /**
+ * FIXME: document
+ */
+ void getEmails(TQStringList& to) const;
+
+ /**
+ * KDEKey is a concatenation "Subject (MD5)", mostly needed for SMIME.
+ * The result of getKDEKey might change and should not be used for
+ * persistant storage.
+ */
+ TQString getKDEKey() const;
+
+ /**
+ * Aegypten semantics force us to search by MD5Digest only.
+ */
+ static TQString getMD5DigestFromKDEKey(const TQString& k);
+
+private:
+ TDEIO_EXPORT friend int operator!=(KSSLCertificate& x, KSSLCertificate& y);
+ TDEIO_EXPORT friend int operator==(KSSLCertificate& x, KSSLCertificate& y);
+
+ KSSLCertificatePrivate *d;
+ int purposeToOpenSSL(KSSLPurpose p) const;
+
+protected:
+ KSSLCertificate();
+
+ void setCert(X509 *c);
+ void setChain(void *c);
+ X509 *getCert();
+ KSSLValidation processError(int ec);
+};
+
+TDEIO_EXPORT TQDataStream& operator<<(TQDataStream& s, const KSSLCertificate& r);
+TDEIO_EXPORT TQDataStream& operator>>(TQDataStream& s, KSSLCertificate& r);
+
+TDEIO_EXPORT int operator==(KSSLCertificate& x, KSSLCertificate& y);
+TDEIO_EXPORT inline int operator!=(KSSLCertificate& x, KSSLCertificate& y)
+{ return !(x == y); }
+
+#endif
+