• Skip to content
  • Skip to link menu
KDE API Reference
  • KDE API Reference
  • kdelibs API Reference
  • KDE Home
  • Contact Us
 

KIO

  • sources
  • kde-4.14
  • kdelibs
  • kio
  • kssl
sslui.cpp
Go to the documentation of this file.
1 /* This file is part of the KDE project
2  *
3  * Copyright (C) 2009 Andreas Hartmetz <ahartmetz@gmail.com>
4  *
5  * This library is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU Library General Public
7  * License as published by the Free Software Foundation; either
8  * version 2 of the License, or (at your option) any later version.
9  *
10  * This library is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  * Library General Public License for more details.
14  *
15  * You should have received a copy of the GNU Library General Public License
16  * along with this library; see the file COPYING.LIB. If not, write to
17  * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18  * Boston, MA 02110-1301, USA.
19  */
20 
21 #include "sslui.h"
22 
23 #include <kdebug.h>
24 #include <klocalizedstring.h>
25 #include <kmessagebox.h>
26 #include <ksslcertificatemanager.h>
27 #include <ksslinfodialog.h>
28 #include <ktcpsocket_p.h>
29 
30 
31 bool KIO::SslUi::askIgnoreSslErrors(const KTcpSocket *socket, RulesStorage storedRules)
32 {
33  KSslErrorUiData uiData(socket);
34  return askIgnoreSslErrors(uiData, storedRules);
35 }
36 
37 
38 bool KIO::SslUi::askIgnoreSslErrors(const KSslErrorUiData &uiData, RulesStorage storedRules)
39 {
40  const KSslErrorUiData::Private *ud = KSslErrorUiData::Private::get(&uiData);
41  if (ud->sslErrors.isEmpty()) {
42  return true;
43  }
44 
45  QList<KSslError> fatalErrors = KSslCertificateManager::nonIgnorableErrors(ud->sslErrors);
46  if (!fatalErrors.isEmpty()) {
47  //TODO message "sorry, fatal error, you can't override it"
48  return false;
49  }
50  if (ud->certificateChain.isEmpty()) {
51  // SSL without certificates is quite useless and should never happen
52  KMessageBox::sorry(0, i18n("The remote host did not send any SSL certificates.\n"
53  "Aborting because the identity of the host cannot be established."));
54  return false;
55  }
56 
57  KSslCertificateManager *const cm = KSslCertificateManager::self();
58  KSslCertificateRule rule(ud->certificateChain.first(), ud->host);
59  if (storedRules & RecallRules) {
60  rule = cm->rule(ud->certificateChain.first(), ud->host);
61  // remove previously seen and acknowledged errors
62  QList<KSslError> remainingErrors = rule.filterErrors(ud->sslErrors);
63  if (remainingErrors.isEmpty()) {
64  kDebug(7029) << "Error list empty after removing errors to be ignored. Continuing.";
65  return true;
66  }
67  }
68 
69  //### We don't ask to permanently reject the certificate
70 
71  QString message = i18n("The server failed the authenticity check (%1).\n\n", ud->host);
72  foreach (const KSslError &err, ud->sslErrors) {
73  message.append(err.errorString());
74  message.append('\n');
75  }
76  message = message.trimmed();
77 
78  int msgResult;
79  do {
80  msgResult = KMessageBox::warningYesNoCancel(0, message, i18n("Server Authentication"),
81  KGuiItem(i18n("&Details"), "help-about"),
82  KGuiItem(i18n("Co&ntinue"), "arrow-right"));
83  if (msgResult == KMessageBox::Yes) {
84  //Details was chosen - show the certificate and error details
85 
86 
87  QList<QList<KSslError::Error> > meh; // parallel list to cert list :/
88 
89  foreach (const QSslCertificate &cert, ud->certificateChain) {
90  QList<KSslError::Error> errors;
91  foreach(const KSslError &error, ud->sslErrors) {
92  if (error.certificate() == cert) {
93  // we keep only the error code enum here
94  errors.append(error.error());
95  }
96  }
97  meh.append(errors);
98  }
99 
100 
101  KSslInfoDialog *dialog = new KSslInfoDialog();
102  dialog->setSslInfo(ud->certificateChain, ud->ip, ud->host, ud->sslProtocol,
103  ud->cipher, ud->usedBits, ud->bits, meh);
104  dialog->exec();
105  } else if (msgResult == KMessageBox::Cancel) {
106  return false;
107  }
108  //fall through on KMessageBox::No
109  } while (msgResult == KMessageBox::Yes);
110 
111 
112  if (storedRules & StoreRules) {
113  //Save the user's choice to ignore the SSL errors.
114 
115  msgResult = KMessageBox::warningYesNo(0,
116  i18n("Would you like to accept this "
117  "certificate forever without "
118  "being prompted?"),
119  i18n("Server Authentication"),
120  KGuiItem(i18n("&Forever"), "flag-green"),
121  KGuiItem(i18n("&Current Session only"), "chronometer"));
122  QDateTime ruleExpiry = QDateTime::currentDateTime();
123  if (msgResult == KMessageBox::Yes) {
124  //accept forever ("for a very long time")
125  ruleExpiry = ruleExpiry.addYears(1000);
126  } else {
127  //accept "for a short time", half an hour.
128  ruleExpiry = ruleExpiry.addSecs(30*60);
129  }
130 
131  //TODO special cases for wildcard domain name in the certificate!
132  //rule = KSslCertificateRule(d->socket.peerCertificateChain().first(), whatever);
133 
134  rule.setExpiryDateTime(ruleExpiry);
135  rule.setIgnoredErrors(ud->sslErrors);
136  cm->setRule(rule);
137  }
138 
139  return true;
140 }
141 
message
void message(KMessage::MessageType messageType, const QString &text, const QString &caption=QString())
i18n
QString i18n(const char *text)
QString::append
QString & append(QChar ch)
KSslErrorUiData::Private::bits
int bits
ksslinfodialog.h
KIO::SslUi::RulesStorage
RulesStorage
Definition: sslui.h:30
kdebug.h
QDateTime::addYears
QDateTime addYears(int nyears) const
KSslError::error
Error error() const
KIO::SslUi::RecallRules
apply stored certificate rules (typically ignored errors)
Definition: sslui.h:31
KMessageBox::warningYesNo
static int warningYesNo(QWidget *parent, const QString &text, const QString &caption=QString(), const KGuiItem &buttonYes=KStandardGuiItem::yes(), const KGuiItem &buttonNo=KStandardGuiItem::no(), const QString &dontAskAgainName=QString(), Options options=Options(Notify|Dangerous))
KSslErrorUiData::Private::ip
QString ip
KSslCertificateManager::self
static KSslCertificateManager * self()
KSslErrorUiData::Private::usedBits
int usedBits
QDialog::exec
int exec()
KSslCertificateManager::rule
KSslCertificateRule rule(const QSslCertificate &cert, const QString &hostName) const
KSslErrorUiData::Private::get
static const KSslErrorUiData::Private * get(const KSslErrorUiData *uiData)
kDebug
static QDebug kDebug(bool cond, int area=KDE_DEFAULT_DEBUG_AREA)
ksslcertificatemanager.h
KIO::SslUi::StoreRules
make new ignore rules from the user's choice and store them
Definition: sslui.h:32
KSslCertificateManager
KSslError::errorString
QString errorString() const
KMessageBox::Cancel
KSslError::certificate
QSslCertificate certificate() const
KTcpSocket
KMessageBox::warningYesNoCancel
static int warningYesNoCancel(QWidget *parent, const QString &text, const QString &caption=QString(), const KGuiItem &buttonYes=KStandardGuiItem::yes(), const KGuiItem &buttonNo=KStandardGuiItem::no(), const KGuiItem &buttonCancel=KStandardGuiItem::cancel(), const QString &dontAskAgainName=QString(), Options options=Notify)
KSslInfoDialog
KDE SSL Information Dialog.
Definition: ksslinfodialog.h:43
QList::append
void append(const T &value)
KIO::SslUi::askIgnoreSslErrors
bool askIgnoreSslErrors(const KTcpSocket *socket, RulesStorage storedRules=RecallAndStoreRules)
Definition: sslui.cpp:31
KGuiItem
QList::isEmpty
bool isEmpty() const
KMessageBox::sorry
static void sorry(QWidget *parent, const QString &text, const QString &caption=QString(), Options options=Notify)
QString::trimmed
QString trimmed() const
KSslErrorUiData::Private::sslProtocol
QString sslProtocol
QList::first
T & first()
KSslErrorUiData
QString
QList< KSslError >
sslui.h
KSslCertificateRule
KSslErrorUiData::Private::sslErrors
QList< KSslError > sslErrors
KSslErrorUiData::Private
QDateTime::currentDateTime
QDateTime currentDateTime()
klocalizedstring.h
KSslCertificateManager::setRule
void setRule(const KSslCertificateRule &rule)
ktcpsocket_p.h
KMessageBox::Yes
KSslError
KSslErrorUiData::Private::certificateChain
QList< QSslCertificate > certificateChain
QDateTime::addSecs
QDateTime addSecs(int s) const
kmessagebox.h
KSslInfoDialog::setSslInfo
void setSslInfo(const QList< QSslCertificate > &certificateChain, const QString &ip, const QString &host, const QString &sslProtocol, const QString &cipher, int usedBits, int bits, const QList< QList< KSslError::Error > > &validationErrors)
Set information to display about the SSL connection.
Definition: ksslinfodialog.cpp:148
KSslErrorUiData::Private::host
QString host
KSslCertificateManager::nonIgnorableErrors
static QList< KSslError > nonIgnorableErrors(const QList< KSslError > &)
KSslErrorUiData::Private::cipher
QString cipher
QDateTime
QSslCertificate
This file is part of the KDE documentation.
Documentation copyright © 1996-2020 The KDE developers.
Generated on Mon Jun 22 2020 13:24:54 by doxygen 1.8.7 written by Dimitri van Heesch, © 1997-2006

KDE's Doxygen guidelines are available online.

KIO

Skip menu "KIO"
  • Main Page
  • Namespace List
  • Namespace Members
  • Alphabetical List
  • Class List
  • Class Hierarchy
  • Class Members
  • File List
  • File Members
  • Related Pages

kdelibs API Reference

Skip menu "kdelibs API Reference"
  • DNSSD
  • Interfaces
  •   KHexEdit
  •   KMediaPlayer
  •   KSpeech
  •   KTextEditor
  • kconf_update
  • KDE3Support
  •   KUnitTest
  • KDECore
  • KDED
  • KDEsu
  • KDEUI
  • KDEWebKit
  • KDocTools
  • KFile
  • KHTML
  • KImgIO
  • KInit
  • kio
  • KIOSlave
  • KJS
  •   KJS-API
  •   WTF
  • kjsembed
  • KNewStuff
  • KParts
  • KPty
  • Kross
  • KUnitConversion
  • KUtils
  • Nepomuk
  • Plasma
  • Solid
  • Sonnet
  • ThreadWeaver

Search



Report problems with this website to our bug tracking system.
Contact the specific authors with questions and comments about the page contents.

KDE® and the K Desktop Environment® logo are registered trademarks of KDE e.V. | Legal