00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
#ifdef HAVE_CONFIG_H
00023
#include <config.h>
00024
#endif
00025
00026
#include <kopenssl.h>
00027
00028
#include <qstring.h>
00029
#include <qfile.h>
00030
#include <ksslall.h>
00031
#include <kdebug.h>
00032
#include <ktempfile.h>
00033
#include <kmdcodec.h>
00034
00035
#include <assert.h>
00036
00037
#ifdef KSSL_HAVE_SSL
00038
#define sk_new kossl->sk_new
00039
#define sk_push kossl->sk_push
00040
#define sk_free kossl->sk_free
00041
#define sk_value kossl->sk_value
00042
#define sk_num kossl->sk_num
00043
#define sk_dup kossl->sk_dup
00044
#define sk_pop kossl->sk_pop
00045
#endif
00046
00047
00048 KSSLPKCS12::KSSLPKCS12() {
00049 _pkcs = NULL;
00050 _pkey = NULL;
00051 _cert = NULL;
00052 _caStack = NULL;
00053 kossl = KOSSL::self();
00054 }
00055
00056
00057
00058 KSSLPKCS12::~KSSLPKCS12() {
00059
#ifdef KSSL_HAVE_SSL
00060
if (_pkey) kossl->EVP_PKEY_free(_pkey);
00061
if (_caStack) {
00062
for (;;) {
00063 X509* x5 = sk_X509_pop(_caStack);
00064
if (!x5)
break;
00065 kossl->X509_free(x5);
00066 }
00067 sk_X509_free(_caStack);
00068 }
00069
if (_pkcs) kossl->PKCS12_free(_pkcs);
00070
#endif
00071
if (_cert)
delete _cert;
00072 }
00073
00074
00075 KSSLPKCS12*
KSSLPKCS12::fromString(
QString base64,
QString password) {
00076
#ifdef KSSL_HAVE_SSL
00077
KTempFile ktf;
00078
00079
if (base64.
isEmpty())
return NULL;
00080
QByteArray qba, qbb =
QCString(base64.
latin1()).copy();
00081 KCodecs::base64Decode(qbb, qba);
00082 ktf.
file()->writeBlock(qba);
00083 ktf.
close();
00084
KSSLPKCS12* rc =
loadCertFile(ktf.
name(), password);
00085 ktf.
unlink();
00086
return rc;
00087
#endif
00088
return NULL;
00089 }
00090
00091
00092
00093 KSSLPKCS12*
KSSLPKCS12::loadCertFile(
QString filename,
QString password) {
00094
#ifdef KSSL_HAVE_SSL
00095
QFile qf(filename);
00096 PKCS12 *newpkcs = NULL;
00097
00098
if (!qf.
open(IO_ReadOnly))
00099
return NULL;
00100
00101 FILE *fp = fdopen(qf.
handle(),
"r");
00102
if (!fp)
return NULL;
00103
00104 newpkcs = KOSSL::self()->d2i_PKCS12_fp(fp, &newpkcs);
00105
00106 fclose(fp);
00107
if (!newpkcs) {
00108 KOSSL::self()->ERR_clear_error();
00109
return NULL;
00110 }
00111
00112
KSSLPKCS12 *c =
new KSSLPKCS12;
00113 c->
setCert(newpkcs);
00114
00115
00116
if (!c->
parse(password)) {
00117
delete c; c = NULL;
00118 }
00119
00120
return c;
00121
#endif
00122
return NULL;
00123 }
00124
00125
00126 void KSSLPKCS12::setCert(PKCS12 *c) {
00127
#ifdef KSSL_HAVE_SSL
00128
_pkcs = c;
00129
#endif
00130
}
00131
00132
00133 bool KSSLPKCS12::changePassword(
QString pold,
QString pnew) {
00134
#ifdef KSSL_HAVE_SSL
00135
00136
return (0 == kossl->PKCS12_newpass(_pkcs,
00137 (
char *)pold.
latin1(),
00138 (
char *)pnew.
latin1()));
00139
#endif
00140
return false;
00141 }
00142
00143
00144
bool KSSLPKCS12::parse(
QString pass) {
00145
#ifdef KSSL_HAVE_SSL
00146
X509 *x = NULL;
00147
00148 assert(_pkcs);
00149
00150
if (_cert)
delete _cert;
00151
if (_pkey) kossl->EVP_PKEY_free(_pkey);
00152
if (_caStack) {
00153
for (;;) {
00154 X509* x5 = sk_X509_pop(_caStack);
00155
if (!x5)
break;
00156 kossl->X509_free(x5);
00157 }
00158 sk_X509_free(_caStack);
00159 }
00160 _pkey = NULL;
00161 _caStack = NULL;
00162 _cert = NULL;
00163
00164
int rc = kossl->PKCS12_parse(_pkcs, pass.
latin1(), &_pkey, &x, &_caStack);
00165
00166
if (rc == 1) {
00167
00168
if (x) {
00169 _cert =
new KSSLCertificate;
00170 _cert->
setCert(x);
00171
if (_caStack) {
00172 _cert->
setChain(_caStack);
00173 }
00174
return true;
00175 }
00176 }
else {
00177 _caStack = NULL;
00178 _pkey = NULL;
00179 kossl->ERR_clear_error();
00180 }
00181
#endif
00182
return false;
00183 }
00184
00185
00186 EVP_PKEY *
KSSLPKCS12::getPrivateKey() {
00187
return _pkey;
00188 }
00189
00190
00191 KSSLCertificate *
KSSLPKCS12::getCertificate() {
00192
return _cert;
00193 }
00194
00195
00196 QString KSSLPKCS12::toString() {
00197
QString base64;
00198
#ifdef KSSL_HAVE_SSL
00199
unsigned char *p;
00200
int len;
00201
00202 len = kossl->i2d_PKCS12(_pkcs, NULL);
00203
char *buf =
new char[len];
00204 p = (
unsigned char *)buf;
00205 kossl->i2d_PKCS12(_pkcs, &p);
00206
QByteArray qba;
00207 qba.setRawData(buf, len);
00208 base64 = KCodecs::base64Encode(qba);
00209 qba.resetRawData(buf, len);
00210
delete[] buf;
00211
#endif
00212
return base64;
00213 }
00214
00215
00216
00217 bool KSSLPKCS12::toFile(
QString filename) {
00218
#ifdef KSSL_HAVE_SSL
00219
QFile out(filename);
00220
00221
if (!out.
open(IO_WriteOnly))
return false;
00222
00223
int fd = out.
handle();
00224 FILE *fp = fdopen(fd,
"w");
00225
00226
if (!fp) {
00227 unlink(filename.
latin1());
00228
return false;
00229 }
00230
00231 kossl->i2d_PKCS12_fp(fp, _pkcs);
00232
00233 fclose(fp);
00234
return true;
00235
#endif
00236
return false;
00237 }
00238
00239
00240 KSSLCertificate::KSSLValidation
KSSLPKCS12::validate() {
00241
return validate(KSSLCertificate::SSLServer);
00242 }
00243
00244
00245 KSSLCertificate::KSSLValidation
KSSLPKCS12::validate(KSSLCertificate::KSSLPurpose p) {
00246
#ifdef KSSL_HAVE_SSL
00247
KSSLCertificate::KSSLValidation xx = _cert->
validate(p);
00248
if (1 != kossl->X509_check_private_key(_cert->
getCert(), _pkey)) {
00249 xx = KSSLCertificate::PrivateKeyFailed;
00250 }
00251
00252
return xx;
00253
#else
00254
return KSSLCertificate::NoSSL;
00255
#endif
00256
}
00257
00258
00259 KSSLCertificate::KSSLValidation
KSSLPKCS12::revalidate() {
00260
return revalidate(KSSLCertificate::SSLServer);
00261 }
00262
00263
00264 KSSLCertificate::KSSLValidation
KSSLPKCS12::revalidate(KSSLCertificate::KSSLPurpose p) {
00265
return _cert->
revalidate(p);
00266 }
00267
00268
00269 bool KSSLPKCS12::isValid() {
00270
return isValid(KSSLCertificate::SSLServer);
00271 }
00272
00273
00274 bool KSSLPKCS12::isValid(KSSLCertificate::KSSLPurpose p) {
00275
return (
validate(p) == KSSLCertificate::Ok);
00276 }
00277
00278
00279 QString KSSLPKCS12::name() {
00280
return _cert->
getSubject();
00281 }
00282
00283
00284
#ifdef KSSL_HAVE_SSL
00285
#undef sk_new
00286
#undef sk_push
00287
#undef sk_free
00288
#undef sk_value
00289
#undef sk_num
00290
#undef sk_pop
00291
#undef sk_dup
00292
#endif
00293