kio
ksslpkcs12.cc
Go to the documentation of this file.00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022 #ifdef HAVE_CONFIG_H
00023 #include <config.h>
00024 #endif
00025
00026 #include <kopenssl.h>
00027
00028 #include <qstring.h>
00029 #include <qfile.h>
00030 #include <ksslall.h>
00031 #include <kdebug.h>
00032 #include <ktempfile.h>
00033 #include <kmdcodec.h>
00034
00035 #include <assert.h>
00036
00037 #ifdef KSSL_HAVE_SSL
00038 #define sk_new kossl->sk_new
00039 #define sk_push kossl->sk_push
00040 #define sk_free kossl->sk_free
00041 #define sk_value kossl->sk_value
00042 #define sk_num kossl->sk_num
00043 #define sk_dup kossl->sk_dup
00044 #define sk_pop kossl->sk_pop
00045 #endif
00046
00047
00048 KSSLPKCS12::KSSLPKCS12() {
00049 _pkcs = NULL;
00050 _pkey = NULL;
00051 _cert = NULL;
00052 _caStack = NULL;
00053 kossl = KOSSL::self();
00054 }
00055
00056
00057
00058 KSSLPKCS12::~KSSLPKCS12() {
00059 #ifdef KSSL_HAVE_SSL
00060 if (_pkey) kossl->EVP_PKEY_free(_pkey);
00061 if (_caStack) {
00062 for (;;) {
00063 X509* x5 = sk_X509_pop(_caStack);
00064 if (!x5) break;
00065 kossl->X509_free(x5);
00066 }
00067 sk_X509_free(_caStack);
00068 }
00069 if (_pkcs) kossl->PKCS12_free(_pkcs);
00070 #endif
00071 if (_cert) delete _cert;
00072 }
00073
00074
00075 KSSLPKCS12* KSSLPKCS12::fromString(QString base64, QString password) {
00076 #ifdef KSSL_HAVE_SSL
00077 KTempFile ktf;
00078
00079 if (base64.isEmpty()) return NULL;
00080 QByteArray qba, qbb = QCString(base64.latin1()).copy();
00081 KCodecs::base64Decode(qbb, qba);
00082 ktf.file()->writeBlock(qba);
00083 ktf.close();
00084 KSSLPKCS12* rc = loadCertFile(ktf.name(), password);
00085 ktf.unlink();
00086 return rc;
00087 #endif
00088 return NULL;
00089 }
00090
00091
00092
00093 KSSLPKCS12* KSSLPKCS12::loadCertFile(QString filename, QString password) {
00094 #ifdef KSSL_HAVE_SSL
00095 QFile qf(filename);
00096 PKCS12 *newpkcs = NULL;
00097
00098 if (!qf.open(IO_ReadOnly))
00099 return NULL;
00100
00101 FILE *fp = fdopen(qf.handle(), "r");
00102 if (!fp) return NULL;
00103
00104 newpkcs = KOSSL::self()->d2i_PKCS12_fp(fp, &newpkcs);
00105
00106 fclose(fp);
00107 if (!newpkcs) {
00108 KOSSL::self()->ERR_clear_error();
00109 return NULL;
00110 }
00111
00112 KSSLPKCS12 *c = new KSSLPKCS12;
00113 c->setCert(newpkcs);
00114
00115
00116 if (!c->parse(password)) {
00117 delete c; c = NULL;
00118 }
00119
00120 return c;
00121 #endif
00122 return NULL;
00123 }
00124
00125
00126 void KSSLPKCS12::setCert(PKCS12 *c) {
00127 #ifdef KSSL_HAVE_SSL
00128 _pkcs = c;
00129 #endif
00130 }
00131
00132
00133 bool KSSLPKCS12::changePassword(QString pold, QString pnew) {
00134 #ifdef KSSL_HAVE_SSL
00135
00136 return (0 == kossl->PKCS12_newpass(_pkcs,
00137 pold.isNull() ? (char *)"" : (char *)pold.latin1(),
00138 pnew.isNull() ? (char *)"" : (char *)pnew.latin1()));
00139 #endif
00140 return false;
00141 }
00142
00143
00144 bool KSSLPKCS12::parse(QString pass) {
00145 #ifdef KSSL_HAVE_SSL
00146 X509 *x = NULL;
00147
00148 assert(_pkcs);
00149
00150 if (_cert) delete _cert;
00151 if (_pkey) kossl->EVP_PKEY_free(_pkey);
00152 if (_caStack) {
00153 for (;;) {
00154 X509* x5 = sk_X509_pop(_caStack);
00155 if (!x5) break;
00156 kossl->X509_free(x5);
00157 }
00158 sk_X509_free(_caStack);
00159 }
00160 _pkey = NULL;
00161 _caStack = NULL;
00162 _cert = NULL;
00163
00164 int rc = kossl->PKCS12_parse(_pkcs, pass.latin1(), &_pkey, &x, &_caStack);
00165
00166 if (rc == 1) {
00167
00168 if (x) {
00169 _cert = new KSSLCertificate;
00170 _cert->setCert(x);
00171 if (_caStack) {
00172 _cert->setChain(_caStack);
00173 }
00174 return true;
00175 }
00176 } else {
00177 _caStack = NULL;
00178 _pkey = NULL;
00179 kossl->ERR_clear_error();
00180 }
00181 #endif
00182 return false;
00183 }
00184
00185
00186 EVP_PKEY *KSSLPKCS12::getPrivateKey() {
00187 return _pkey;
00188 }
00189
00190
00191 KSSLCertificate *KSSLPKCS12::getCertificate() {
00192 return _cert;
00193 }
00194
00195
00196 QString KSSLPKCS12::toString() {
00197 QString base64;
00198 #ifdef KSSL_HAVE_SSL
00199 unsigned char *p;
00200 int len;
00201
00202 len = kossl->i2d_PKCS12(_pkcs, NULL);
00203 if (len >= 0) {
00204 char *buf = new char[len];
00205 p = (unsigned char *)buf;
00206 kossl->i2d_PKCS12(_pkcs, &p);
00207 QByteArray qba;
00208 qba.setRawData(buf, len);
00209 base64 = KCodecs::base64Encode(qba);
00210 qba.resetRawData(buf, len);
00211 delete[] buf;
00212 }
00213 #endif
00214 return base64;
00215 }
00216
00217
00218
00219 bool KSSLPKCS12::toFile(QString filename) {
00220 #ifdef KSSL_HAVE_SSL
00221 QFile out(filename);
00222
00223 if (!out.open(IO_WriteOnly)) return false;
00224
00225 int fd = out.handle();
00226 FILE *fp = fdopen(fd, "w");
00227
00228 if (!fp) {
00229 unlink(filename.latin1());
00230 return false;
00231 }
00232
00233 kossl->i2d_PKCS12_fp(fp, _pkcs);
00234
00235 fclose(fp);
00236 return true;
00237 #endif
00238 return false;
00239 }
00240
00241
00242 KSSLCertificate::KSSLValidation KSSLPKCS12::validate() {
00243 return validate(KSSLCertificate::SSLServer);
00244 }
00245
00246
00247 KSSLCertificate::KSSLValidation KSSLPKCS12::validate(KSSLCertificate::KSSLPurpose p) {
00248 #ifdef KSSL_HAVE_SSL
00249 KSSLCertificate::KSSLValidation xx = _cert->validate(p);
00250 if (1 != kossl->X509_check_private_key(_cert->getCert(), _pkey)) {
00251 xx = KSSLCertificate::PrivateKeyFailed;
00252 }
00253
00254 return xx;
00255 #else
00256 return KSSLCertificate::NoSSL;
00257 #endif
00258 }
00259
00260
00261 KSSLCertificate::KSSLValidation KSSLPKCS12::revalidate() {
00262 return revalidate(KSSLCertificate::SSLServer);
00263 }
00264
00265
00266 KSSLCertificate::KSSLValidation KSSLPKCS12::revalidate(KSSLCertificate::KSSLPurpose p) {
00267 return _cert->revalidate(p);
00268 }
00269
00270
00271 bool KSSLPKCS12::isValid() {
00272 return isValid(KSSLCertificate::SSLServer);
00273 }
00274
00275
00276 bool KSSLPKCS12::isValid(KSSLCertificate::KSSLPurpose p) {
00277 return (validate(p) == KSSLCertificate::Ok);
00278 }
00279
00280
00281 QString KSSLPKCS12::name() {
00282 return _cert->getSubject();
00283 }
00284
00285
00286 #ifdef KSSL_HAVE_SSL
00287 #undef sk_new
00288 #undef sk_push
00289 #undef sk_free
00290 #undef sk_value
00291 #undef sk_num
00292 #undef sk_pop
00293 #undef sk_dup
00294 #endif
00295