kio Library API Documentation

ksslpeerinfo.cc

00001 /* This file is part of the KDE project 00002 * 00003 * Copyright (C) 2000-2003 George Staikos <staikos@kde.org> 00004 * 00005 * This library is free software; you can redistribute it and/or 00006 * modify it under the terms of the GNU Library General Public 00007 * License as published by the Free Software Foundation; either 00008 * version 2 of the License, or (at your option) any later version. 00009 * 00010 * This library is distributed in the hope that it will be useful, 00011 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00012 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 00013 * Library General Public License for more details. 00014 * 00015 * You should have received a copy of the GNU Library General Public License 00016 * along with this library; see the file COPYING.LIB. If not, write to 00017 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, 00018 * Boston, MA 02111-1307, USA. 00019 */ 00020 00021 #ifdef HAVE_CONFIG_H 00022 #include <config.h> 00023 #endif 00024 00025 #include <qregexp.h> 00026 00027 #include "ksslpeerinfo.h" 00028 #include <kdebug.h> 00029 00030 #include <ksockaddr.h> 00031 #include <kextsock.h> 00032 #include <netsupp.h> 00033 #include "kidna.h" 00034 00035 #include "ksslx509map.h" 00036 00037 class KSSLPeerInfoPrivate { 00038 public: 00039 KSSLPeerInfoPrivate() {} 00040 ~KSSLPeerInfoPrivate() { } 00041 QString peerHost; 00042 }; 00043 00044 00045 00046 KSSLPeerInfo::KSSLPeerInfo() { 00047 d = new KSSLPeerInfoPrivate; 00048 } 00049 00050 KSSLPeerInfo::~KSSLPeerInfo() { 00051 delete d; 00052 } 00053 00054 KSSLCertificate& KSSLPeerInfo::getPeerCertificate() { 00055 return m_cert; 00056 } 00057 00058 void KSSLPeerInfo::setPeerHost(QString realHost) { 00059 d->peerHost = realHost.stripWhiteSpace(); 00060 while(d->peerHost.endsWith(".")) 00061 d->peerHost.truncate(d->peerHost.length()-1); 00062 00063 d->peerHost = KIDNA::toAscii(d->peerHost); 00064 } 00065 00066 bool KSSLPeerInfo::certMatchesAddress() { 00067 #ifdef KSSL_HAVE_SSL 00068 KSSLX509Map certinfo(m_cert.getSubject()); 00069 QStringList cns = QStringList::split(QRegExp("[ \n\r]"), certinfo.getValue("CN")); 00070 00071 for (QStringList::Iterator cn = cns.begin(); cn != cns.end(); ++cn) { 00072 if (cnMatchesAddress((*cn).stripWhiteSpace().lower())) 00073 return true; 00074 } 00075 00076 #endif 00077 00078 return false; 00079 } 00080 00081 00082 bool KSSLPeerInfo::cnMatchesAddress(QString cn) { 00083 #ifdef KSSL_HAVE_SSL 00084 QRegExp rx; 00085 00086 00087 kdDebug(7029) << "Matching CN=[" << cn << "] to [" 00088 << d->peerHost << "]" << endl; 00089 00090 // Check for invalid characters 00091 if (QRegExp("[^a-zA-Z0-9\\.\\*\\-]").search(cn) >= 0) { 00092 kdDebug(7029) << "CN contains invalid characters! Failing." << endl; 00093 return false; 00094 } 00095 00096 // Domains can legally end with '.'s. We don't need them though. 00097 while(cn.endsWith(".")) 00098 cn.truncate(cn.length()-1); 00099 00100 // Do not let empty CN's get by!! 00101 if (cn.isEmpty()) 00102 return false; 00103 00104 // Check for IPv4 address 00105 rx.setPattern("[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}"); 00106 if (rx.exactMatch(d->peerHost)) 00107 return d->peerHost == cn; 00108 00109 // Check for IPv6 address here... 00110 rx.setPattern("^\\[.*\\]$"); 00111 if (rx.exactMatch(d->peerHost)) 00112 return d->peerHost == cn; 00113 00114 if (cn.contains('*')) { 00115 // First make sure that there are at least two valid parts 00116 // after the wildcard (*). 00117 QStringList parts = QStringList::split('.', cn, false); 00118 00119 while(parts.count() > 2) 00120 parts.remove(parts.begin()); 00121 00122 if (parts.count() != 2) { 00123 return false; // we don't allow *.root - that's bad 00124 } 00125 00126 if (parts[0].contains('*') || parts[1].contains('*')) { 00127 return false; 00128 } 00129 00130 // RFC2818 says that *.example.com should match against 00131 // foo.example.com but not bar.foo.example.com 00132 // (ie. they must have the same number of parts) 00133 if (QRegExp(cn, false, true).exactMatch(d->peerHost) && 00134 QStringList::split('.', cn, false).count() == 00135 QStringList::split('.', d->peerHost, false).count()) 00136 return true; 00137 00138 return false; 00139 } 00140 00141 // We must have an exact match in this case (insensitive though) 00142 // (note we already did .lower()) 00143 if (cn == d->peerHost) 00144 return true; 00145 #endif 00146 return false; 00147 } 00148 00149 00150 void KSSLPeerInfo::reset() { 00151 d->peerHost = QString::null; 00152 } 00153 00154
KDE Logo
This file is part of the documentation for kio Library Version 3.2.3.
Documentation copyright © 1996-2004 the KDE developers.
Generated on Wed Mar 16 17:22:31 2005 by doxygen 1.3.7 written by Dimitri van Heesch, © 1997-2003