TDE core libraries
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

195 lines
4.7KB

  1. /* This file is part of the KDE project
  2. *
  3. * Copyright (C) 2001 George Staikos <staikos@kde.org>
  4. *
  5. * This library is free software; you can redistribute it and/or
  6. * modify it under the terms of the GNU Library General Public
  7. * License as published by the Free Software Foundation; either
  8. * version 2 of the License, or (at your option) any later version.
  9. *
  10. * This library is distributed in the hope that it will be useful,
  11. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  13. * Library General Public License for more details.
  14. *
  15. * You should have received a copy of the GNU Library General Public License
  16. * along with this library; see the file COPYING.LIB. If not, write to
  17. * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
  18. * Boston, MA 02110-1301, USA.
  19. */
  20. #ifdef HAVE_CONFIG_H
  21. #include <config.h>
  22. #endif
  23. #include "kssldefs.h"
  24. #include "ksslcertificate.h"
  25. #include "ksslcertchain.h"
  26. // this hack provided by Malte Starostik to avoid glibc/openssl bug
  27. // on some systems
  28. #ifdef KSSL_HAVE_SSL
  29. #define crypt _openssl_crypt
  30. #include <openssl/ssl.h>
  31. #include <openssl/x509.h>
  32. #include <openssl/x509v3.h>
  33. #include <openssl/x509_vfy.h>
  34. #include <openssl/pem.h>
  35. #include <openssl/stack.h>
  36. #include <openssl/safestack.h>
  37. #undef crypt
  38. #endif
  39. #include <kopenssl.h>
  40. #include <kdebug.h>
  41. #include <tqstringlist.h>
  42. class KSSLCertChainPrivate {
  43. public:
  44. KSSLCertChainPrivate() {
  45. kossl = KOSSL::self();
  46. }
  47. ~KSSLCertChainPrivate() {
  48. }
  49. KOSSL *kossl;
  50. };
  51. KSSLCertChain::KSSLCertChain() {
  52. d = new KSSLCertChainPrivate;
  53. _chain = NULL;
  54. }
  55. KSSLCertChain::~KSSLCertChain() {
  56. #ifdef KSSL_HAVE_SSL
  57. if (_chain) {
  58. STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
  59. for (;;) {
  60. X509* x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_pop(x));
  61. if (!x5) break;
  62. d->kossl->X509_free(x5);
  63. }
  64. d->kossl->OPENSSL_sk_free(x);
  65. }
  66. #endif
  67. delete d;
  68. }
  69. bool KSSLCertChain::isValid() {
  70. return (_chain && depth() > 0);
  71. }
  72. KSSLCertChain *KSSLCertChain::replicate() {
  73. KSSLCertChain *x = new KSSLCertChain;
  74. TQPtrList<KSSLCertificate> ch = getChain();
  75. x->setChain(ch); // this will do a deep copy for us
  76. ch.setAutoDelete(true);
  77. return x;
  78. }
  79. int KSSLCertChain::depth() {
  80. #ifdef KSSL_HAVE_SSL
  81. return d->kossl->OPENSSL_sk_num((STACK_OF(X509)*)_chain);
  82. #endif
  83. return 0;
  84. }
  85. TQPtrList<KSSLCertificate> KSSLCertChain::getChain() {
  86. TQPtrList<KSSLCertificate> cl;
  87. if (!_chain) return cl;
  88. #ifdef KSSL_HAVE_SSL
  89. STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
  90. for (int i = 0; i < d->kossl->OPENSSL_sk_num(x); i++) {
  91. X509* x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_value(x, i));
  92. if (!x5) continue;
  93. KSSLCertificate *nc = new KSSLCertificate;
  94. nc->setCert(d->kossl->X509_dup(x5));
  95. cl.append(nc);
  96. }
  97. #endif
  98. return cl;
  99. }
  100. void KSSLCertChain::setChain(TQPtrList<KSSLCertificate>& chain) {
  101. #ifdef KSSL_HAVE_SSL
  102. if (_chain) {
  103. STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
  104. for (;;) {
  105. X509* x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_pop(x));
  106. if (!x5) break;
  107. d->kossl->X509_free(x5);
  108. }
  109. d->kossl->OPENSSL_sk_free(x);
  110. _chain = NULL;
  111. }
  112. if (chain.count() == 0) return;
  113. _chain = reinterpret_cast<STACK_OF(X509)*>(d->kossl->OPENSSL_sk_new(NULL));
  114. for (KSSLCertificate *x = chain.first(); x != 0; x = chain.next()) {
  115. d->kossl->OPENSSL_sk_push((STACK_OF(X509) *)_chain, d->kossl->X509_dup(x->getCert()));
  116. }
  117. #endif
  118. }
  119. void KSSLCertChain::setChain(void *stack_of_x509) {
  120. #ifdef KSSL_HAVE_SSL
  121. if (_chain) {
  122. STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
  123. for (;;) {
  124. X509* x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_pop(x));
  125. if (!x5) break;
  126. d->kossl->X509_free(x5);
  127. }
  128. d->kossl->OPENSSL_sk_free(x);
  129. _chain = NULL;
  130. }
  131. if (!stack_of_x509) return;
  132. _chain = reinterpret_cast<STACK_OF(X509)*>(d->kossl->OPENSSL_sk_new(NULL));
  133. STACK_OF(X509) *x = (STACK_OF(X509) *)stack_of_x509;
  134. for (int i = 0; i < d->kossl->OPENSSL_sk_num(x); i++) {
  135. X509* x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_value(x, i));
  136. if (!x5) continue;
  137. d->kossl->OPENSSL_sk_push((STACK_OF(X509)*)_chain,d->kossl->X509_dup(x5));
  138. }
  139. #else
  140. _chain = NULL;
  141. #endif
  142. }
  143. void KSSLCertChain::setChain(TQStringList chain) {
  144. setCertChain(chain);
  145. }
  146. void KSSLCertChain::setCertChain(const TQStringList& chain) {
  147. TQPtrList<KSSLCertificate> cl;
  148. cl.setAutoDelete(true);
  149. for (TQStringList::ConstIterator s = chain.begin(); s != chain.end(); ++s) {
  150. KSSLCertificate *c = KSSLCertificate::fromString((*s).local8Bit());
  151. if (c) {
  152. cl.append(c);
  153. }
  154. }
  155. setChain(cl);
  156. }