ksslcertificate.h Source File

KIO

 /* This file is part of the KDE project
  *
  * Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
  *               2008 Richard Hartmann <richih-kde@net.in.tum.de>
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Library General Public
  * License as published by the Free Software Foundation; either
  * version 2 of the License, or (at your option) any later version.
  *
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  * Library General Public License for more details.
  *
  * You should have received a copy of the GNU Library General Public License
  * along with this library; see the file COPYING.LIB.  If not, write to
  * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
  * Boston, MA 02110-1301, USA.
  */
 
 #ifndef _KSSLCERTIFICATE_H
 #define _KSSLCERTIFICATE_H
 
 
 // UPDATE: I like the structure of this class less and less every time I look
 //         at it.  I think it needs to change.
 //
 //
 //  The biggest reason for making everything protected here is so that
 //  the class can have all its methods available even if openssl is not
 //  available.  Also, to create a new certificate you should use the
 //  KSSLCertificateFactory, and to manage the user's database of certificates,
 //  you should go through the KSSLCertificateHome.
 //
 //  There should be no reason to touch the X509 stuff directly.
 //
 
 class QByteArray;
 class QString;
 class QStringList;
 class KSSL;
 class KSSLCertificatePrivate;
 class QDateTime;
 class KSSLCertChain;
 class KSSLX509V3;
 
 #include <kio/kio_export.h>
 #include <ksslconfig.h>
 
 #include <QtCore/QList>
 
 #ifdef KSSL_HAVE_SSL
 typedef struct x509_st X509;
 #else
 #if !defined(QT_NO_OPENSSL)
 #include <QtNetwork/QSslCertificate>
 #else
 class X509;
 #endif
 #endif
 
 class KIO_EXPORT KSSLCertificate
 {
     friend class KSSL;
     friend class KSSLCertificateHome;
     friend class KSSLCertificateFactory;
     friend class KSSLCertificateCache;
     friend class KSSLCertChain;
     friend class KSSLPeerInfo;
     friend class KSSLD;
     friend class KSMIMECryptoPrivate;
 
 
     public:
         ~KSSLCertificate();
 
         static KSSLCertificate *fromString(const QByteArray &cert);
 
         static KSSLCertificate *fromX509(X509 *x5);
 
         // TODO for KDE5
         // The enum values list below have to be kept for backwards comapability
         // They should be deleted when KDE5 comes around the corner. I am writing
         // this on 20080202 ;)
         // Rejected, Revoked, Untrusted, SelfSignedChain, SignatureFailed, Expired
         enum KSSLValidation {   Unknown, Ok, NoCARoot, InvalidPurpose,
                                 PathLengthExceeded, InvalidCA, Expired,
                                 SelfSigned, ErrorReadingRoot, NoSSL,
                                 Revoked, Untrusted, SignatureFailed,
                                 Rejected, PrivateKeyFailed, InvalidHost,
                                 Irrelevant, SelfSignedChain,
                                 GetIssuerCertFailed, DecodeIssuerPublicKeyFailed,
                                 GetIssuerCertLocallyFailed,
                                 CertificateNotYetValid, CertificateHasExpired,
                                 CRLNotYetValid, CRLHasExpired,
                                 CertificateFieldNotBeforeErroneous,
                                 CertificateFieldNotAfterErroneous,
                                 CRLFieldLastUpdateErroneous,
                                 CRLFieldNextUpdateErroneous,
                                 CertificateRevoked,
                                 CertificateUntrusted, VerifyLeafSignatureFailed,
                                 CertificateSignatureFailed, CRLSignatureFailed,
                                 DecryptCertificateSignatureFailed,
                                 DecryptCRLSignatureFailed, CertificateRejected,
                                 SelfSignedInChain, ApplicationVerificationFailed,
                                 AuthAndSubjectKeyIDAndNameMismatched,
                                 AuthAndSubjectKeyIDMismatched, OutOfMemory,
                                 GetCRLFailed, CertificateChainTooLong,
                                 KeyMayNotSignCertificate,
                                 IssuerSubjectMismatched
                                 };
 
         enum KSSLPurpose {      None=0, SSLServer=1, SSLClient=2,
                                 SMIMESign=3, SMIMEEncrypt=4, Any=5 };
 
         typedef QList<KSSLValidation> KSSLValidationList;
 
         QString toString();
 
         QString getSubject() const;
 
         QString getIssuer() const;
 
         QString getNotBefore() const;
 
         QString getNotAfter() const;
 
         QDateTime getQDTNotBefore() const;
 
         QDateTime getQDTNotAfter() const;
 
         QByteArray toDer();
 
         QByteArray toPem();
 
         QByteArray toNetscape();
 
         QString toText();
 
         QString getSerialNumber() const;
 
         QString getKeyType() const;
 
         QString getPublicKeyText() const;
 
         QString getMD5DigestText() const;
 
         QString getMD5Digest() const;
 
         QString getSignatureText() const;
 
         bool isValid();
 
         bool isValid(KSSLPurpose p);
 
         QStringList subjAltNames() const;
 
         KSSLValidation validate();
 
         KSSLValidation validate(KSSLPurpose p);
 
         KSSLValidationList validateVerbose(KSSLPurpose p);
 
         KSSLValidationList validateVerbose(KSSLPurpose p, KSSLCertificate *ca);
 
         KSSLValidation revalidate();
 
         KSSLValidation revalidate(KSSLPurpose p);
 
         KSSLCertChain& chain();
 
         static QString verifyText(KSSLValidation x);
 
         KSSLCertificate *replicate();
 
         KSSLCertificate(const KSSLCertificate& x); // copy constructor
 
         bool setCert(const QString& cert);
 
         KSSLX509V3& x509V3Extensions();
 
         bool isSigner();
 
         void getEmails(QStringList& to) const;
 
         QString getKDEKey() const;
 
         static QString getMD5DigestFromKDEKey(const QString& k);
 
     private:
         KIO_EXPORT friend int operator!=(KSSLCertificate& x, KSSLCertificate& y);
         KIO_EXPORT friend int operator==(KSSLCertificate& x, KSSLCertificate& y);
 
         KSSLCertificatePrivate *d;
         int purposeToOpenSSL(KSSLPurpose p) const;
 
     protected:
         KSSLCertificate();
 
         void setCert(X509 *c);
         void setChain(void *c);
         X509 *getCert();
         KSSLValidation processError(int ec);
 };
 
 KIO_EXPORT QDataStream& operator<<(QDataStream& s, const KSSLCertificate& r);
 KIO_EXPORT QDataStream& operator>>(QDataStream& s, KSSLCertificate& r);
 
 KIO_EXPORT int operator==(KSSLCertificate& x, KSSLCertificate& y);
 KIO_EXPORT inline int operator!=(KSSLCertificate& x, KSSLCertificate& y)
 { return !(x == y); }
 
 #endif
 
KDE's Doxygen guidelines are available online.
KIO

KIO

kdelibs API Reference

Search
