TDE
/
tdelibs
Watch 7
Star 0
Fork 0
Code Issues 8 Pull Requests 2 Releases 10 Wiki Activity
Browse Source

tdeio: fixed up certificate handling when certificate has expired. Also clean 

up the code.

Signed-off-by: Emanoil Kotsev <deloptes@gmail.com>
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
pull/1/head
Emanoil Kotsev 2 years ago
parent
fddd4b7f8b
commit
f3fadb884d
1 changed files with 18 additions and 96 deletions
Split View Show Diff Stats
  1. 18
    96
      tdeio/misc/kssld/kssld.cpp

+ 18
- 96
tdeio/misc/kssld/kssld.cpp View File 

@@ -77,7 +77,7 @@ static void updatePoliciesConfig(TDEConfig *cfg) {
77 77 
 		kdDebug(7029) << "static void updatePoliciesConfig(TDEConfig *cfg) expires: " << expires.toString() << endl;
78 78
79 79 
 		// remove it if it has expired
80 
-		if (!permanent && expires < TQDateTime::currentDateTime()) {
80 
+		if ( !permanent || expires <= TQDateTime::currentDateTime() ) {
81 81 
 			cfg->deleteGroup(*i);
82 82 
 			continue;
83 83 
 		}
 
@@ -152,7 +152,7 @@ class KSSLCNode {
152 152 
 		TQStringList hosts;
153 153 
 		KSSLCNode() { cert = 0L;
154 154 
 				policy = KSSLCertificateCache::Unknown;
155 
-				permanent = true;
155 
+				permanent = false;
156 156 
 			}
157 157 
 		~KSSLCNode() { delete cert; }
158 158 
 };
 
@@ -166,8 +166,6 @@ KSSLCNode *node;
166 166 
 	cfg->writeEntry("policies version", 2);
167 167
168 168 
 	for (node = certList.first(); node; node = certList.next()) {
169 
-		if (node->permanent ||
170 
-			node->expires > TQDateTime::currentDateTime()) {
171 169 
 			// First convert to a binary format and then write the
172 170 
 			// tdeconfig entry write the (CN, policy, cert) to
173 171 
 			// KSimpleConfig
 
@@ -193,7 +191,6 @@ KSSLCNode *node;
193 191 
 			cl.setAutoDelete(true);
194 192 
 			cfg->writeEntry("Chain", qsl);
195 193 
 		}
196 
-	}
197 194
198 195 
 	cfg->sync();
199 196 
 
@@ -233,16 +230,18 @@ TQStringList groups = cfg->groupList();
233 230 
 	for (TQStringList::Iterator i = groups.begin();
234 231 
 				i != groups.end();
235 232 
 				++i) {
236 
-		if ((*i).isEmpty() || *i == "General") {
233 
+		if ((*i).isEmpty() || *i == "General")
237 234 
 			continue;
238 
-		}
239 235
240 236 
 		cfg->setGroup(*i);
241 237
238 
+		bool permanent = cfg->readBoolEntry("Permanent");
239 
+		TQDateTime expires = cfg->readDateTimeEntry("Expires");
240 
+		kdDebug(7029) << "static void cacheLoadDefaultPolicies() permanent: " << permanent << endl;
241 
+		kdDebug(7029) << "static void cacheLoadDefaultPolicies() expires: " << expires.toString() << endl;
242 
+
242 243 
 		// remove it if it has expired
243 
-		if (!cfg->readBoolEntry("Permanent") &&
244 
-			cfg->readDateTimeEntry("Expires") <
245 
-				TQDateTime::currentDateTime()) {
244 
+		if ( !permanent || expires <= TQDateTime::currentDateTime()) {
246 245 
 			cfg->deleteGroup(*i);
247 246 
 			continue;
248 247 
 		}
 
@@ -260,8 +259,8 @@ TQStringList groups = cfg->groupList();
260 259 
 		KSSLCNode *n = new KSSLCNode;
261 260 
 		n->cert = newCert;
262 261 
 		n->policy = (KSSLCertificateCache::KSSLCertificatePolicy) cfg->readNumEntry("Policy");
263 
-		n->permanent = cfg->readBoolEntry("Permanent");
264 
-		n->expires = cfg->readDateTimeEntry("Expires");
262 
+		n->permanent = permanent;
263 
+		n->expires = expires;
265 264 
 		n->hosts = cfg->readListEntry("Hosts");
266 265 
 		newCert->chain().setCertChain(cfg->readListEntry("Chain"));
267 266 
 		certList.append(n); 
@@ -284,14 +283,15 @@ KSSLCNode *node;
284 283 
 			else
285 284 
 			   node->permanent = true;
286 285
286 
+			if ( !node->expires.isValid() ) {
287 287 
 			if ( !node->permanent ) {
288 288 
 				node->expires = TQDateTime::currentDateTime();
289 289 
 				// FIXME: make this configurable
290 
-				node->expires = TQT_TQDATETIME_OBJECT(node->expires.addSecs(3600));
290 
+					node->expires = TQT_TQDATETIME_OBJECT(node->expires.addSecs(5));
291 291 
 			} else {
292 
-				if ( !node->expires.isValid() )
293 292 
 					node->expires = node->cert->getQDTNotAfter(); // set to certs expiry date
294 293 
 			}
294 
+			}
295 295
296 296 
 			kdDebug(7029) << "KSSLD::cacheAddCertificate(...) node permanent: " << node->permanent << endl;
297 297 
 			kdDebug(7029) << "KSSLD::cacheAddCertificate(...) node expires: " << node->expires.toString() << endl;
 
@@ -310,7 +310,7 @@ KSSLCNode *node;
310 310
311 311 
 	if (!permanent) {
312 312 
 		n->expires = TQDateTime::currentDateTime();
313 
-		n->expires = TQT_TQDATETIME_OBJECT(n->expires.addSecs(3600));
313 
+		n->expires = TQT_TQDATETIME_OBJECT(n->expires.addSecs(5));
314 314 
 	} else {
315 315 
 		if ( !n->expires.isValid() )
316 316 
 			n->expires = n->cert->getQDTNotAfter(); // set to certs expiry date
 
@@ -328,23 +328,12 @@ KSSLCNode *node;
328 328
329 329 
 	for (node = certList.first(); node; node = certList.next()) {
330 330 
 		if (KSSLX509Map(node->cert->getSubject()).getValue("CN") == cn) {
331 
-			if (!node->permanent &&
332 
-				node->expires < TQDateTime::currentDateTime()) {
333 
-				certList.remove(node);
334 
-				cfg->deleteGroup(node->cert->getMD5Digest());
335 
-				delete node;
336 
-				continue;
337 
-			}
338 
-
339 331 
 			certList.remove(node);
340 332 
 			certList.prepend(node);
341 
-			cacheSaveToDisk();
342 333 
 			return node->policy;
343 334 
 		}
344 335 
 	}
345 336
346 
-	cacheSaveToDisk();
347 
-
348 337 
 return KSSLCertificateCache::Unknown;
349 338 
 }
350 339 
 
@@ -354,15 +343,6 @@ KSSLCNode *node;
354 343
355 344 
 	for (node = certList.first(); node; node = certList.next()) {
356 345 
 		if (cert == *(node->cert)) {
357 
-			if (!node->permanent &&
358 
-				node->expires < TQDateTime::currentDateTime()) {
359 
-				certList.remove(node);
360 
-				cfg->deleteGroup(node->cert->getMD5Digest());
361 
-				delete node;
362 
-				cacheSaveToDisk();
363 
-				return KSSLCertificateCache::Unknown;
364 
-			}
365 
-
366 346 
 			certList.remove(node);
367 347 
 			certList.prepend(node);
368 348 
 			return node->policy;
 
@@ -378,15 +358,6 @@ KSSLCNode *node;
378 358
379 359 
 	for (node = certList.first(); node; node = certList.next()) {
380 360 
 		if (KSSLX509Map(node->cert->getSubject()).getValue("CN") == cn) {
381 
-			if (!node->permanent &&
382 
-				node->expires < TQDateTime::currentDateTime()) {
383 
-				certList.remove(node);
384 
-				cfg->deleteGroup(node->cert->getMD5Digest());
385 
-				delete node;
386 
-				cacheSaveToDisk();
387 
-				continue;
388 
-			}
389 
-
390 361 
 			certList.remove(node);
391 362 
 			certList.prepend(node);
392 363 
 			return true;
 
@@ -402,15 +373,6 @@ KSSLCNode *node;
402 373
403 374 
 	for (node = certList.first(); node; node = certList.next()) {
404 375 
 		if (cert == *(node->cert)) {
405 
-			if (!node->permanent &&
406 
-				node->expires < TQDateTime::currentDateTime()) {
407 
-				certList.remove(node);
408 
-				cfg->deleteGroup(node->cert->getMD5Digest());
409 
-				delete node;
410 
-				cacheSaveToDisk();
411 
-				return false;
412 
-			}
413 
-
414 376 
 			certList.remove(node);
415 377 
 			certList.prepend(node);
416 378 
 			return true;
 
@@ -426,15 +388,6 @@ KSSLCNode *node;
426 388
427 389 
 	for (node = certList.first(); node; node = certList.next()) {
428 390 
 		if (cert == *(node->cert)) {
429 
-			if (!node->permanent && node->expires <
430 
-					TQDateTime::currentDateTime()) {
431 
-				certList.remove(node);
432 
-				cfg->deleteGroup(node->cert->getMD5Digest());
433 
-				delete node;
434 
-				cacheSaveToDisk();
435 
-				return false;
436 
-			}
437 
-
438 391 
 			certList.remove(node);
439 392 
 			certList.prepend(node);
440 393 
 			return node->permanent;
 
@@ -460,7 +413,6 @@ bool gotOne = false;
460 413 
 	}
461 414
462 415 
 	cacheSaveToDisk();
463 
-
464 416 
 return gotOne;
465 417 
 }
466 418 
 
@@ -480,7 +432,6 @@ bool gotOne = false;
480 432 
 	}
481 433
482 434 
 	cacheSaveToDisk();
483 
-
484 435 
 return gotOne;
485 436 
 }
486 437 
 
@@ -504,7 +455,8 @@ return false;
504 455
505 456
506 457 
 bool KSSLD::cacheModifyByCN(TQString cn,
507 
-                            KSSLCertificateCache::KSSLCertificatePolicy policy,                             bool permanent,
458 
+                            KSSLCertificateCache::KSSLCertificatePolicy policy,
459 
+                            bool permanent,
508 460 
                             TQDateTime expires) {
509 461 
 KSSLCNode *node;
510 462 
 
@@ -551,16 +503,6 @@ KSSLCNode *node;
551 503
552 504 
 	for (node = certList.first(); node; node = certList.next()) {
553 505 
 		if (cert == *(node->cert)) {
554 
-			if (!node->permanent && node->expires <
555 
-				       TQDateTime::currentDateTime()) {
556 
-				certList.remove(node);
557 
-				cfg->deleteGroup(node->cert->getMD5Digest());
558 
-				searchRemoveCert(node->cert);
559 
-				delete node;
560 
-				cacheSaveToDisk();
561 
-				return TQStringList();
562 
-			}
563 
-
564 506 
 			certList.remove(node);
565 507 
 			certList.prepend(node);
566 508 
 			return node->hosts;
 
@@ -579,19 +521,8 @@ KSSLCNode *node;
579 521
580 522 
 	for (node = certList.first(); node; node = certList.next()) {
581 523 
 		if (cert == *(node->cert)) {
582 
-			if (!node->permanent && node->expires <
583 
-				       	TQDateTime::currentDateTime()) {
584 
-				certList.remove(node);
585 
-				cfg->deleteGroup(node->cert->getMD5Digest());
586 
-				searchRemoveCert(node->cert);
587 
-				delete node;
588 
-				cacheSaveToDisk();
589 
-				return false;
590 
-			}
591 
-
592 
-			if (!node->hosts.contains(host)) {
524 
+			if (!node->hosts.contains(host))
593 525 
 				node->hosts << host;
594 
-			}
595 526
596 527 
 			certList.remove(node);
597 528 
 			certList.prepend(node);
 
@@ -609,15 +540,6 @@ KSSLCNode *node;
609 540
610 541 
 	for (node = certList.first(); node; node = certList.next()) {
611 542 
 		if (cert == *(node->cert)) {
612 
-			if (!node->permanent && node->expires <
613 
-				       	TQDateTime::currentDateTime()) {
614 
-				certList.remove(node);
615 
-				cfg->deleteGroup(node->cert->getMD5Digest());
616 
-				searchRemoveCert(node->cert);
617 
-				delete node;
618 
-				cacheSaveToDisk();
619 
-				return false;
620 
-			}
621 543 
 			node->hosts.remove(host);
622 544 
 			certList.remove(node);
623 545 
 			certList.prepend(node);

Write Preview
Loading…
Cancel
Save