TDE core libraries
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

223 lines
6.3KB

  1. /* This file is part of the KDE project
  2. *
  3. * Copyright (C) 2001 George Staikos <staikos@kde.org>
  4. *
  5. * This library is free software; you can redistribute it and/or
  6. * modify it under the terms of the GNU Library General Public
  7. * License as published by the Free Software Foundation; either
  8. * version 2 of the License, or (at your option) any later version.
  9. *
  10. * This library is distributed in the hope that it will be useful,
  11. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  13. * Library General Public License for more details.
  14. *
  15. * You should have received a copy of the GNU Library General Public License
  16. * along with this library; see the file COPYING.LIB. If not, write to
  17. * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
  18. * Boston, MA 02110-1301, USA.
  19. */
  20. #include "ksslkeygen.h"
  21. #include "keygenwizard.h"
  22. #include "keygenwizard2.h"
  23. #include <tdeapplication.h>
  24. #include <kdebug.h>
  25. #include <tdelocale.h>
  26. #include <tdemessagebox.h>
  27. #include <kopenssl.h>
  28. #include <kprogress.h>
  29. #include <kstandarddirs.h>
  30. #include <tdetempfile.h>
  31. #include <tdewallet.h>
  32. #include <tqlineedit.h>
  33. #include <tqpushbutton.h>
  34. #include <assert.h>
  35. KSSLKeyGen::KSSLKeyGen(TQWidget *parent, const char *name, bool modal)
  36. :KWizard(parent,name,modal) {
  37. _idx = -1;
  38. #ifdef KSSL_HAVE_SSL
  39. page1 = new KGWizardPage1(this, "Wizard Page 1");
  40. addPage(page1, i18n("TDE Certificate Request"));
  41. page2 = new KGWizardPage2(this, "Wizard Page 2");
  42. addPage(page2, i18n("TDE Certificate Request - Password"));
  43. setHelpEnabled(page1, false);
  44. setHelpEnabled(page2, false);
  45. setFinishEnabled(page2, false);
  46. connect(page2->_password1, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(slotPassChanged()));
  47. connect(page2->_password2, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(slotPassChanged()));
  48. connect(finishButton(), TQT_SIGNAL(clicked()), TQT_SLOT(slotGenerate()));
  49. #else
  50. // tell him he doesn't have SSL
  51. #endif
  52. }
  53. KSSLKeyGen::~KSSLKeyGen() {
  54. }
  55. void KSSLKeyGen::slotPassChanged() {
  56. setFinishEnabled(page2, page2->_password1->text() == page2->_password2->text() && page2->_password1->text().length() >= 4);
  57. }
  58. void KSSLKeyGen::slotGenerate() {
  59. assert(_idx >= 0 && _idx <= 3); // for now
  60. // Generate the CSR
  61. int bits;
  62. switch (_idx) {
  63. case 0:
  64. bits = 2048;
  65. break;
  66. case 1:
  67. bits = 1024;
  68. break;
  69. case 2:
  70. bits = 768;
  71. break;
  72. case 3:
  73. bits = 512;
  74. break;
  75. default:
  76. KMessageBox::sorry(NULL, i18n("Unsupported key size."), i18n("TDE SSL Information"));
  77. return;
  78. }
  79. KProgressDialog *kpd = new KProgressDialog(this, "progress dialog", i18n("TDE"), i18n("Please wait while the encryption keys are generated..."));
  80. kpd->progressBar()->setProgress(0);
  81. kpd->show();
  82. // FIXME - progress dialog won't show this way
  83. int rc = generateCSR("This CSR" /*FIXME */, page2->_password1->text(), bits, 0x10001 /* This is the traditional exponent used */);
  84. kpd->progressBar()->setProgress(100);
  85. #ifndef Q_OS_WIN //TODO: reenable for WIN32
  86. if (rc == 0 && TDEWallet::Wallet::isEnabled()) {
  87. rc = KMessageBox::questionYesNo(this, i18n("Do you wish to store the passphrase in your wallet file?"), TQString::null, i18n("Store"), i18n("Do Not Store"));
  88. if (rc == KMessageBox::Yes) {
  89. TDEWallet::Wallet *w = TDEWallet::Wallet::openWallet(TDEWallet::Wallet::LocalWallet(), winId());
  90. if (w) {
  91. // FIXME: store passphrase in wallet
  92. delete w;
  93. }
  94. }
  95. }
  96. #endif
  97. kpd->deleteLater();
  98. }
  99. int KSSLKeyGen::generateCSR(const TQString& name, const TQString& pass, int bits, int e) {
  100. #ifdef KSSL_HAVE_SSL
  101. KOSSL *kossl = KOSSL::self();
  102. X509_REQ *req = kossl->X509_REQ_new();
  103. if (!req) {
  104. return -2;
  105. }
  106. EVP_PKEY *pkey = kossl->EVP_PKEY_new();
  107. if (!pkey) {
  108. kossl->X509_REQ_free(req);
  109. return -4;
  110. }
  111. RSA *rsakey = kossl->RSA_generate_key(bits, e, NULL, NULL);
  112. if (!rsakey) {
  113. kossl->X509_REQ_free(req);
  114. kossl->EVP_PKEY_free(pkey);
  115. return -3;
  116. }
  117. kossl->EVP_PKEY_assign(pkey, EVP_PKEY_RSA, (char *)rsakey);
  118. kossl->X509_REQ_set_pubkey(req, pkey);
  119. // Set the subject
  120. X509_NAME *n = kossl->X509_NAME_new();
  121. kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_countryName, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0);
  122. kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_organizationName, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0);
  123. kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_organizationalUnitName, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0);
  124. kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_localityName, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0);
  125. kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_stateOrProvinceName, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0);
  126. kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_commonName, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0);
  127. kossl->X509_NAME_add_entry_by_txt(n, (char*)LN_pkcs9_emailAddress, MBSTRING_UTF8, (unsigned char*)name.local8Bit().data(), -1, -1, 0);
  128. kossl->X509_REQ_set_subject_name(req, n);
  129. kossl->X509_REQ_sign(req, pkey, kossl->EVP_md5());
  130. // We write it to the database and then the caller can obtain it
  131. // back from there. Yes it's inefficient, but it doesn't happen
  132. // often and this way things are uniform.
  133. TDEGlobal::dirs()->addResourceType("kssl", TDEStandardDirs::kde_default("data") + "kssl");
  134. TQString path = TDEGlobal::dirs()->saveLocation("kssl");
  135. KTempFile csrFile(path + "csr_", ".der");
  136. if (!csrFile.fstream()) {
  137. kossl->X509_REQ_free(req);
  138. kossl->EVP_PKEY_free(pkey);
  139. return -5;
  140. }
  141. KTempFile p8File(path + "pkey_", ".p8");
  142. if (!p8File.fstream()) {
  143. kossl->X509_REQ_free(req);
  144. kossl->EVP_PKEY_free(pkey);
  145. return -5;
  146. }
  147. kossl->i2d_X509_REQ_fp(csrFile.fstream(), req);
  148. kossl->i2d_PKCS8PrivateKey_fp(p8File.fstream(), pkey,
  149. kossl->EVP_bf_cbc(), pass.local8Bit().data(),
  150. pass.length(), 0L, 0L);
  151. // FIXME Write tdeconfig entry to store the filenames under the md5 hash
  152. kossl->X509_REQ_free(req);
  153. kossl->EVP_PKEY_free(pkey);
  154. return 0;
  155. #else
  156. return -1;
  157. #endif
  158. }
  159. TQStringList KSSLKeyGen::supportedKeySizes() {
  160. TQStringList x;
  161. #ifdef KSSL_HAVE_SSL
  162. x << i18n("2048 (High Grade)")
  163. << i18n("1024 (Medium Grade)")
  164. << i18n("768 (Low Grade)")
  165. << i18n("512 (Low Grade)");
  166. #else
  167. x << i18n("No SSL support.");
  168. #endif
  169. return x;
  170. }
  171. #include "ksslkeygen.moc"