1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
/* This file is part of the KDE project
*
* Copyright (C) 2000, 2001 George Staikos <staikos@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#ifndef _INCLUDE_KSSLCCACHE_H
#define _INCLUDE_KSSLCCACHE_H
class KSSLCertificate;
#include <qstring.h>
#include <qstringlist.h>
#include <qdatetime.h>
#include <kdelibs_export.h>
class KIO_EXPORT KSSLCertificateCache {
public:
enum KSSLCertificatePolicy { Unknown, Reject, Accept, Prompt, Ambiguous };
// Unknown: no policy has been set for this record
// Reject: user has requested to not accept data from this site
// Accept: user has requested to always accept data from this site
// Prompt: user wishes to be prompted before accepting this certificate
// You may need to set a [non-]permanent policy on this record after
// the user is prompted.
// Ambiguous: The state cannot be uniquely determined. Hopefully this
// doesn't happen.
KSSLCertificateCache();
~KSSLCertificateCache();
void addCertificate(KSSLCertificate& cert, KSSLCertificatePolicy policy,
bool permanent = true);
// WARNING! This is not a "secure" method. You need to actually
// do a getPolicyByCertificate to be cryptographically sure
// that this is an accepted certificate/site pair.
// (note that the site (CN) is encoded in the certificate
// so you should only accept certificates whose CN matches
// the exact FQDN of the site presenting it)
// If you're just doing an OpenSSL connection, I believe it
// tests this for you, but don't take my word for it.
KSSLCertificatePolicy getPolicyByCN(QString& cn);
KSSLCertificatePolicy getPolicyByCertificate(KSSLCertificate& cert);
bool seenCN(QString& cn);
bool seenCertificate(KSSLCertificate& cert);
bool removeByCN(QString& cn);
bool removeByCertificate(KSSLCertificate& cert);
bool isPermanent(KSSLCertificate& cert);
bool modifyByCN(QString& cn,
KSSLCertificateCache::KSSLCertificatePolicy policy,
bool permanent,
QDateTime& expires);
bool modifyByCertificate(KSSLCertificate& cert,
KSSLCertificateCache::KSSLCertificatePolicy policy,
bool permanent,
QDateTime& expires);
QStringList getHostList(KSSLCertificate& cert);
bool addHost(KSSLCertificate& cert, QString& host);
bool removeHost(KSSLCertificate& cert, QString& host);
// SMIME
QStringList getKDEKeyByEmail(const QString &email);
KSSLCertificate *getCertByMD5Digest(const QString &key);
void reload();
// You shouldn't need to call this but in some weird circumstances
// it might be necessary.
void saveToDisk();
private:
class KSSLCertificateCachePrivate;
KSSLCertificateCachePrivate *d;
void loadDefaultPolicies();
void clearList();
};
KIO_EXPORT QDataStream& operator<<(QDataStream& s, const KSSLCertificateCache::KSSLCertificatePolicy& p);
KIO_EXPORT QDataStream& operator>>(QDataStream& s, KSSLCertificateCache::KSSLCertificatePolicy& p);
#endif
|