• Skip to content
  • Skip to link menu
KDE 4.3 API Reference
  • KDE API Reference
  • kdelibs
  • Sitemap
  • Contact Us
 

KIO

ksslpeerinfo.cpp

Go to the documentation of this file.
00001 /* This file is part of the KDE project
00002  *
00003  * Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
00004  *
00005  * This library is free software; you can redistribute it and/or
00006  * modify it under the terms of the GNU Library General Public
00007  * License as published by the Free Software Foundation; either
00008  * version 2 of the License, or (at your option) any later version.
00009  *
00010  * This library is distributed in the hope that it will be useful,
00011  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00012  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00013  * Library General Public License for more details.
00014  *
00015  * You should have received a copy of the GNU Library General Public License
00016  * along with this library; see the file COPYING.LIB.  If not, write to
00017  * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
00018  * Boston, MA 02110-1301, USA.
00019  */
00020 
00021 #include "ksslpeerinfo.h"
00022 
00023 #include <config.h>
00024 #include <ksslconfig.h>
00025 
00026 #include <QtCore/QRegExp>
00027 #include <QtCore/QUrl>
00028 
00029 #include <kdebug.h>
00030 
00031 #include "ksslx509map.h"
00032 
00033 class KSSLPeerInfoPrivate {
00034 public:
00035     KSSLPeerInfoPrivate() {}
00036     ~KSSLPeerInfoPrivate() { }
00037     QString peerHost;
00038 };
00039 
00040 
00041 
00042 KSSLPeerInfo::KSSLPeerInfo()
00043     :d(new KSSLPeerInfoPrivate)
00044 {
00045 }
00046 
00047 KSSLPeerInfo::~KSSLPeerInfo() {
00048     delete d;
00049 }
00050 
00051 KSSLCertificate& KSSLPeerInfo::getPeerCertificate() {
00052     return m_cert;
00053 }
00054 
00055 void KSSLPeerInfo::setPeerHost(const QString &realHost) {
00056     d->peerHost = realHost.trimmed();
00057     while(d->peerHost.endsWith('.'))
00058         d->peerHost.truncate(d->peerHost.length()-1);
00059 
00060     d->peerHost = QString::fromLatin1(QUrl::toAce(d->peerHost));
00061 }
00062 
00063 bool KSSLPeerInfo::certMatchesAddress() {
00064 #ifdef KSSL_HAVE_SSL
00065     KSSLX509Map certinfo(m_cert.getSubject());
00066     QStringList cns = certinfo.getValue("CN").split(QRegExp("[ \n\r]"), QString::SkipEmptyParts);
00067     cns += m_cert.subjAltNames();
00068 
00069     for (QStringList::const_iterator cn = cns.constBegin(); cn != cns.constEnd(); ++cn) {
00070         if (cnMatchesAddress((*cn).trimmed().toLower()))
00071             return true;
00072     }
00073 
00074 #endif
00075 
00076     return false;
00077 }
00078 
00079 
00080 bool KSSLPeerInfo::cnMatchesAddress(QString cn) {
00081 #ifdef KSSL_HAVE_SSL
00082     QRegExp rx;
00083 
00084     kDebug(7029) << "Matching CN=[" << cn << "] to ["
00085               << d->peerHost << "]" << endl;
00086 
00087     // Check for invalid characters
00088     if (QRegExp("[^a-zA-Z0-9\\.\\*\\-]").indexIn(cn) >= 0) {
00089         kDebug(7029) << "CN contains invalid characters!  Failing.";
00090         return false;
00091     }
00092 
00093     // Domains can legally end with '.'s.  We don't need them though.
00094     while(cn.endsWith('.'))
00095         cn.truncate(cn.length()-1);
00096 
00097     // Do not let empty CN's get by!!
00098     if (cn.isEmpty())
00099         return false;
00100 
00101     // Check for IPv4 address
00102     rx.setPattern("[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}");
00103     if (rx.exactMatch(d->peerHost))
00104         return d->peerHost == cn;
00105 
00106     // Check for IPv6 address here...
00107     rx.setPattern("^\\[.*\\]$");
00108     if (rx.exactMatch(d->peerHost))
00109         return d->peerHost == cn;
00110 
00111     if (cn.contains('*')) {
00112         // First make sure that there are at least two valid parts
00113         // after the wildcard (*).
00114         QStringList parts = cn.split('.', QString::SkipEmptyParts);
00115 
00116         while (parts.count() > 2)
00117             parts.removeFirst();
00118 
00119         if (parts.count() != 2) {
00120             return false;  // we don't allow *.root - that's bad
00121         }
00122 
00123         if (parts[0].contains('*') || parts[1].contains('*')) {
00124             return false;
00125         }
00126 
00127         // RFC2818 says that *.example.com should match against
00128         // foo.example.com but not bar.foo.example.com
00129         // (ie. they must have the same number of parts)
00130         if (QRegExp(cn, Qt::CaseInsensitive, QRegExp::Wildcard).exactMatch(d->peerHost) &&
00131             cn.split('.', QString::SkipEmptyParts).count() ==
00132             d->peerHost.split('.', QString::SkipEmptyParts).count())
00133             return true;
00134 
00135         // *.example.com must match example.com also.  Sigh..
00136         if (cn.startsWith("*.")) {
00137             QString chopped = cn.mid(2);
00138             if (chopped == d->peerHost) {
00139                 return true;
00140             }
00141         }
00142         return false;
00143     }
00144 
00145     // We must have an exact match in this case (insensitive though)
00146     // (note we already did .toLower())
00147     if (cn == d->peerHost)
00148         return true;
00149 #endif
00150     return false;
00151 }
00152 
00153 
00154 void KSSLPeerInfo::reset() {
00155     d->peerHost.clear();
00156 }
00157 
00158 
00159 const QString& KSSLPeerInfo::peerHost() const {
00160     return d->peerHost;
00161 }
00162 

KIO

Skip menu "KIO"
  • Main Page
  • Namespace List
  • Class Hierarchy
  • Alphabetical List
  • Class List
  • File List
  • Namespace Members
  • Class Members
  • Related Pages

kdelibs

Skip menu "kdelibs"
  • DNSSD
  • Interfaces
  •   KHexEdit
  •   KMediaPlayer
  •   KSpeech
  •   KTextEditor
  • Kate
  • kconf_update
  • KDE3Support
  •   KUnitTest
  • KDECore
  • KDED
  • KDEsu
  • KDEUI
  • KDocTools
  • KFile
  • KHTML
  • KImgIO
  • KInit
  • kio
  • KIOSlave
  • KJS
  •   KJS-API
  •   WTF
  • kjsembed
  • KNewStuff
  • KParts
  • KPty
  • Kross
  • KUtils
  • Nepomuk
  • Plasma
  • Solid
  • Sonnet
  • ThreadWeaver
Generated for kdelibs by doxygen 1.6.1
This website is maintained by Adriaan de Groot and Allen Winter.
KDE® and the K Desktop Environment® logo are registered trademarks of KDE e.V. | Legal