Browse Source

tdeio: fixed up certificate handling when certificate has expired. Also clean

up the code.

Signed-off-by: Emanoil Kotsev <deloptes@gmail.com>
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
pull/1/head
Emanoil Kotsev 2 years ago
parent
commit
f3fadb884d
1 changed files with 18 additions and 96 deletions
  1. 18
    96
      tdeio/misc/kssld/kssld.cpp

+ 18
- 96
tdeio/misc/kssld/kssld.cpp View File

@@ -77,7 +77,7 @@ static void updatePoliciesConfig(TDEConfig *cfg) {
77 77
 		kdDebug(7029) << "static void updatePoliciesConfig(TDEConfig *cfg) expires: " << expires.toString() << endl;
78 78
 
79 79
 		// remove it if it has expired
80
-		if (!permanent && expires < TQDateTime::currentDateTime()) {
80
+		if ( !permanent || expires <= TQDateTime::currentDateTime() ) {
81 81
 			cfg->deleteGroup(*i);
82 82
 			continue;
83 83
 		}
@@ -152,7 +152,7 @@ class KSSLCNode {
152 152
 		TQStringList hosts;
153 153
 		KSSLCNode() { cert = 0L;
154 154
 				policy = KSSLCertificateCache::Unknown; 
155
-				permanent = true;
155
+				permanent = false;
156 156
 			}
157 157
 		~KSSLCNode() { delete cert; }
158 158
 };
@@ -166,8 +166,6 @@ KSSLCNode *node;
166 166
 	cfg->writeEntry("policies version", 2);
167 167
 
168 168
 	for (node = certList.first(); node; node = certList.next()) {
169
-		if (node->permanent ||
170
-			node->expires > TQDateTime::currentDateTime()) {
171 169
 			// First convert to a binary format and then write the
172 170
 			// tdeconfig entry write the (CN, policy, cert) to
173 171
 			// KSimpleConfig
@@ -193,7 +191,6 @@ KSSLCNode *node;
193 191
 			cl.setAutoDelete(true);
194 192
 			cfg->writeEntry("Chain", qsl);
195 193
 		}
196
-	}  
197 194
 
198 195
 	cfg->sync();
199 196
 
@@ -233,16 +230,18 @@ TQStringList groups = cfg->groupList();
233 230
 	for (TQStringList::Iterator i = groups.begin();
234 231
 				i != groups.end();
235 232
 				++i) {
236
-		if ((*i).isEmpty() || *i == "General") {
233
+		if ((*i).isEmpty() || *i == "General")
237 234
 			continue;
238
-		}
239 235
 
240 236
 		cfg->setGroup(*i);
241 237
 
238
+		bool permanent = cfg->readBoolEntry("Permanent");
239
+		TQDateTime expires = cfg->readDateTimeEntry("Expires");
240
+		kdDebug(7029) << "static void cacheLoadDefaultPolicies() permanent: " << permanent << endl;
241
+		kdDebug(7029) << "static void cacheLoadDefaultPolicies() expires: " << expires.toString() << endl;
242
+		
242 243
 		// remove it if it has expired
243
-		if (!cfg->readBoolEntry("Permanent") &&
244
-			cfg->readDateTimeEntry("Expires") <
245
-				TQDateTime::currentDateTime()) {
244
+		if ( !permanent || expires <= TQDateTime::currentDateTime()) {
246 245
 			cfg->deleteGroup(*i);
247 246
 			continue;
248 247
 		}
@@ -260,8 +259,8 @@ TQStringList groups = cfg->groupList();
260 259
 		KSSLCNode *n = new KSSLCNode;
261 260
 		n->cert = newCert;
262 261
 		n->policy = (KSSLCertificateCache::KSSLCertificatePolicy) cfg->readNumEntry("Policy");
263
-		n->permanent = cfg->readBoolEntry("Permanent");
264
-		n->expires = cfg->readDateTimeEntry("Expires");
262
+		n->permanent = permanent;
263
+		n->expires = expires;
265 264
 		n->hosts = cfg->readListEntry("Hosts");
266 265
 		newCert->chain().setCertChain(cfg->readListEntry("Chain"));
267 266
 		certList.append(n); 
@@ -284,14 +283,15 @@ KSSLCNode *node;
284 283
 			else
285 284
 			   node->permanent = true;
286 285
 
286
+			if ( !node->expires.isValid() ) {
287 287
 			if ( !node->permanent ) {
288 288
 				node->expires = TQDateTime::currentDateTime();
289 289
 				// FIXME: make this configurable
290
-				node->expires = TQT_TQDATETIME_OBJECT(node->expires.addSecs(3600));
290
+					node->expires = TQT_TQDATETIME_OBJECT(node->expires.addSecs(5));
291 291
 			} else {
292
-				if ( !node->expires.isValid() )
293 292
 					node->expires = node->cert->getQDTNotAfter(); // set to certs expiry date
294 293
 			}
294
+			}
295 295
 
296 296
 			kdDebug(7029) << "KSSLD::cacheAddCertificate(...) node permanent: " << node->permanent << endl;
297 297
 			kdDebug(7029) << "KSSLD::cacheAddCertificate(...) node expires: " << node->expires.toString() << endl;
@@ -310,7 +310,7 @@ KSSLCNode *node;
310 310
 
311 311
 	if (!permanent) {
312 312
 		n->expires = TQDateTime::currentDateTime();
313
-		n->expires = TQT_TQDATETIME_OBJECT(n->expires.addSecs(3600));
313
+		n->expires = TQT_TQDATETIME_OBJECT(n->expires.addSecs(5));
314 314
 	} else {
315 315
 		if ( !n->expires.isValid() )
316 316
 			n->expires = n->cert->getQDTNotAfter(); // set to certs expiry date
@@ -328,23 +328,12 @@ KSSLCNode *node;
328 328
 
329 329
 	for (node = certList.first(); node; node = certList.next()) {
330 330
 		if (KSSLX509Map(node->cert->getSubject()).getValue("CN") == cn) {
331
-			if (!node->permanent &&
332
-				node->expires < TQDateTime::currentDateTime()) {
333
-				certList.remove(node);
334
-				cfg->deleteGroup(node->cert->getMD5Digest());
335
-				delete node;
336
-				continue;
337
-			}
338
-
339 331
 			certList.remove(node);
340 332
 			certList.prepend(node);
341
-			cacheSaveToDisk();
342 333
 			return node->policy;
343 334
 		}
344 335
 	}
345 336
 
346
-	cacheSaveToDisk();
347
-
348 337
 return KSSLCertificateCache::Unknown;
349 338
 }
350 339
 
@@ -354,15 +343,6 @@ KSSLCNode *node;
354 343
 
355 344
 	for (node = certList.first(); node; node = certList.next()) {
356 345
 		if (cert == *(node->cert)) {  
357
-			if (!node->permanent &&
358
-				node->expires < TQDateTime::currentDateTime()) {
359
-				certList.remove(node);
360
-				cfg->deleteGroup(node->cert->getMD5Digest());
361
-				delete node;
362
-				cacheSaveToDisk();
363
-				return KSSLCertificateCache::Unknown;
364
-			}
365
-
366 346
 			certList.remove(node);
367 347
 			certList.prepend(node);
368 348
 			return node->policy;
@@ -378,15 +358,6 @@ KSSLCNode *node;
378 358
 
379 359
 	for (node = certList.first(); node; node = certList.next()) {
380 360
 		if (KSSLX509Map(node->cert->getSubject()).getValue("CN") == cn) {
381
-			if (!node->permanent &&
382
-				node->expires < TQDateTime::currentDateTime()) {
383
-				certList.remove(node);
384
-				cfg->deleteGroup(node->cert->getMD5Digest());
385
-				delete node;
386
-				cacheSaveToDisk();
387
-				continue;
388
-			}
389
-
390 361
 			certList.remove(node);
391 362
 			certList.prepend(node);
392 363
 			return true;
@@ -402,15 +373,6 @@ KSSLCNode *node;
402 373
 
403 374
 	for (node = certList.first(); node; node = certList.next()) {
404 375
 		if (cert == *(node->cert)) {
405
-			if (!node->permanent &&
406
-				node->expires < TQDateTime::currentDateTime()) {
407
-				certList.remove(node);
408
-				cfg->deleteGroup(node->cert->getMD5Digest());
409
-				delete node;
410
-				cacheSaveToDisk();
411
-				return false;
412
-			}
413
-
414 376
 			certList.remove(node);
415 377
 			certList.prepend(node);
416 378
 			return true;
@@ -426,15 +388,6 @@ KSSLCNode *node;
426 388
 
427 389
 	for (node = certList.first(); node; node = certList.next()) {
428 390
 		if (cert == *(node->cert)) {
429
-			if (!node->permanent && node->expires <
430
-					TQDateTime::currentDateTime()) {
431
-				certList.remove(node);
432
-				cfg->deleteGroup(node->cert->getMD5Digest());
433
-				delete node;
434
-				cacheSaveToDisk();
435
-				return false;
436
-			}
437
-
438 391
 			certList.remove(node);
439 392
 			certList.prepend(node);
440 393
 			return node->permanent;
@@ -460,7 +413,6 @@ bool gotOne = false;
460 413
 	}
461 414
 
462 415
 	cacheSaveToDisk();
463
-
464 416
 return gotOne;
465 417
 }
466 418
 
@@ -480,7 +432,6 @@ bool gotOne = false;
480 432
 	}
481 433
 
482 434
 	cacheSaveToDisk();
483
-
484 435
 return gotOne;
485 436
 }
486 437
 
@@ -504,7 +455,8 @@ return false;
504 455
 
505 456
 
506 457
 bool KSSLD::cacheModifyByCN(TQString cn,
507
-                            KSSLCertificateCache::KSSLCertificatePolicy policy,                             bool permanent,
458
+                            KSSLCertificateCache::KSSLCertificatePolicy policy,
459
+                            bool permanent,
508 460
                             TQDateTime expires) {
509 461
 KSSLCNode *node;
510 462
 
@@ -551,16 +503,6 @@ KSSLCNode *node;
551 503
 
552 504
 	for (node = certList.first(); node; node = certList.next()) {
553 505
 		if (cert == *(node->cert)) {
554
-			if (!node->permanent && node->expires <
555
-				       TQDateTime::currentDateTime()) {
556
-				certList.remove(node);
557
-				cfg->deleteGroup(node->cert->getMD5Digest());
558
-				searchRemoveCert(node->cert);
559
-				delete node;
560
-				cacheSaveToDisk();
561
-				return TQStringList();
562
-			}
563
-
564 506
 			certList.remove(node);
565 507
 			certList.prepend(node);
566 508
 			return node->hosts;
@@ -579,19 +521,8 @@ KSSLCNode *node;
579 521
 
580 522
 	for (node = certList.first(); node; node = certList.next()) {
581 523
 		if (cert == *(node->cert)) {
582
-			if (!node->permanent && node->expires <
583
-				       	TQDateTime::currentDateTime()) {
584
-				certList.remove(node);
585
-				cfg->deleteGroup(node->cert->getMD5Digest());
586
-				searchRemoveCert(node->cert);
587
-				delete node;
588
-				cacheSaveToDisk();
589
-				return false;
590
-			}
591
-
592
-			if (!node->hosts.contains(host)) {
524
+			if (!node->hosts.contains(host))
593 525
 				node->hosts << host;
594
-			}
595 526
 
596 527
 			certList.remove(node);
597 528
 			certList.prepend(node);
@@ -609,15 +540,6 @@ KSSLCNode *node;
609 540
 
610 541
 	for (node = certList.first(); node; node = certList.next()) {
611 542
 		if (cert == *(node->cert)) {
612
-			if (!node->permanent && node->expires <
613
-				       	TQDateTime::currentDateTime()) {
614
-				certList.remove(node);
615
-				cfg->deleteGroup(node->cert->getMD5Digest());
616
-				searchRemoveCert(node->cert);
617
-				delete node;
618
-				cacheSaveToDisk();
619
-				return false;
620
-			}
621 543
 			node->hosts.remove(host);
622 544
 			certList.remove(node);
623 545
 			certList.prepend(node);

Loading…
Cancel
Save