ksslcertificate.h

Go to the documentation of this file.

/* This file is part of the KDE project
 *
 * Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
 *               2008 Richard Hartmann <richih-kde@net.in.tum.de>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Library General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public License
 * along with this library; see the file COPYING.LIB.  If not, write to
 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 * Boston, MA 02110-1301, USA.
 */

#ifndef _KSSLCERTIFICATE_H
#define _KSSLCERTIFICATE_H


// UPDATE: I like the structure of this class less and less every time I look
//         at it.  I think it needs to change.
//
//
//  The biggest reason for making everything protected here is so that
//  the class can have all its methods available even if openssl is not
//  available.  Also, to create a new certificate you should use the
//  KSSLCertificateFactory, and to manage the user's database of certificates,
//  you should go through the KSSLCertificateHome.
//
//  There should be no reason to touch the X509 stuff directly.
//

class QByteArray;
class QString;
class QStringList;
class KSSL;
class KSSLCertificatePrivate;
class QDateTime;
class KSSLCertChain;
class KSSLX509V3;

#include <kio/kio_export.h>
#include <ksslconfig.h>

#include <QtCore/QList>

#ifdef KSSL_HAVE_SSL
typedef struct x509_st X509;
#else
#if !defined(QT_NO_OPENSSL)
#include <QtNetwork/QSslCertificate>
#else
class X509;
#endif
#endif

class KIO_EXPORT KSSLCertificate
{
    friend class KSSL;
    friend class KSSLCertificateHome;
    friend class KSSLCertificateFactory;
    friend class KSSLCertificateCache;
    friend class KSSLCertChain;
    friend class KSSLPeerInfo;
    friend class KSSLD;
    friend class KSMIMECryptoPrivate;


    public:
        ~KSSLCertificate();

        static KSSLCertificate *fromString(const QByteArray &cert);

        static KSSLCertificate *fromX509(X509 *x5);

        // TODO for KDE5
        // The enum values list below have to be kept for backwards comapability
        // They should be deleted when KDE5 comes around the corner. I am writing
        // this on 20080202 ;)
        // Rejected, Revoked, Untrusted, SelfSignedChain, SignatureFailed, Expired
        enum KSSLValidation {   Unknown, Ok, NoCARoot, InvalidPurpose,
                                PathLengthExceeded, InvalidCA, Expired,
                                SelfSigned, ErrorReadingRoot, NoSSL,
                                Revoked, Untrusted, SignatureFailed,
                                Rejected, PrivateKeyFailed, InvalidHost,
                                Irrelevant, SelfSignedChain,
                                GetIssuerCertFailed, DecodeIssuerPublicKeyFailed,
                                GetIssuerCertLocallyFailed,
                                CertificateNotYetValid, CertificateHasExpired,
                                CRLNotYetValid, CRLHasExpired,
                                CertificateFieldNotBeforeErroneous,
                                CertificateFieldNotAfterErroneous,
                                CRLFieldLastUpdateErroneous,
                                CRLFieldNextUpdateErroneous,
                                CertificateRevoked,
                                CertificateUntrusted, VerifyLeafSignatureFailed,
                                CertificateSignatureFailed, CRLSignatureFailed,
                                DecryptCertificateSignatureFailed,
                                DecryptCRLSignatureFailed, CertificateRejected,
                                SelfSignedInChain, ApplicationVerificationFailed,
                                AuthAndSubjectKeyIDAndNameMismatched,
                                AuthAndSubjectKeyIDMismatched, OutOfMemory,
                                GetCRLFailed, CertificateChainTooLong,
                                KeyMayNotSignCertificate,
                                IssuerSubjectMismatched
                                };

        enum KSSLPurpose {      None=0, SSLServer=1, SSLClient=2,
                                SMIMESign=3, SMIMEEncrypt=4, Any=5 };

        typedef QList<KSSLValidation> KSSLValidationList;

        QString toString();

        QString getSubject() const;

        QString getIssuer() const;

        QString getNotBefore() const;

        QString getNotAfter() const;

        QDateTime getQDTNotBefore() const;

        QDateTime getQDTNotAfter() const;

        QByteArray toDer();

        QByteArray toPem();

        QByteArray toNetscape();

        QString toText();

        QString getSerialNumber() const;

        QString getKeyType() const;

        QString getPublicKeyText() const;

        QString getMD5DigestText() const;

        QString getMD5Digest() const;

        QString getSignatureText() const;

        bool isValid();

        bool isValid(KSSLPurpose p);

        QStringList subjAltNames() const;

        KSSLValidation validate();

        KSSLValidation validate(KSSLPurpose p);

        KSSLValidationList validateVerbose(KSSLPurpose p);

        KSSLValidationList validateVerbose(KSSLPurpose p, KSSLCertificate *ca);

        KSSLValidation revalidate();

        KSSLValidation revalidate(KSSLPurpose p);

        KSSLCertChain& chain();

        static QString verifyText(KSSLValidation x);

        KSSLCertificate *replicate();

        KSSLCertificate(const KSSLCertificate& x); // copy constructor

        bool setCert(const QString& cert);

        KSSLX509V3& x509V3Extensions();

        bool isSigner();

        void getEmails(QStringList& to) const;

        QString getKDEKey() const;

        static QString getMD5DigestFromKDEKey(const QString& k);

    private:
        KIO_EXPORT friend int operator!=(KSSLCertificate& x, KSSLCertificate& y);
        KIO_EXPORT friend int operator==(KSSLCertificate& x, KSSLCertificate& y);

        KSSLCertificatePrivate *d;
        int purposeToOpenSSL(KSSLPurpose p) const;

    protected:
        KSSLCertificate();

        void setCert(X509 *c);
        void setChain(void *c);
        X509 *getCert();
        KSSLValidation processError(int ec);
};

KIO_EXPORT QDataStream& operator<<(QDataStream& s, const KSSLCertificate& r);
KIO_EXPORT QDataStream& operator>>(QDataStream& s, KSSLCertificate& r);

KIO_EXPORT int operator==(KSSLCertificate& x, KSSLCertificate& y);
KIO_EXPORT inline int operator!=(KSSLCertificate& x, KSSLCertificate& y)
{ return !(x == y); }

#endif