kio Library API Documentation

ksslpeerinfo.cc

00001 /* This file is part of the KDE project
00002  *
00003  * Copyright (C) 2000 George Staikos <staikos@kde.org>
00004  *
00005  * This library is free software; you can redistribute it and/or
00006  * modify it under the terms of the GNU Library General Public
00007  * License as published by the Free Software Foundation; either
00008  * version 2 of the License, or (at your option) any later version.
00009  *
00010  * This library is distributed in the hope that it will be useful,
00011  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00012  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00013  * Library General Public License for more details.
00014  *
00015  * You should have received a copy of the GNU Library General Public License
00016  * along with this library; see the file COPYING.LIB.  If not, write to
00017  * the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
00018  * Boston, MA 02111-1307, USA.
00019  */
00020 
00021 #ifdef HAVE_CONFIG_H
00022 #include <config.h>
00023 #endif
00024 
00025 #include <qregexp.h>
00026 
00027 #include "ksslpeerinfo.h"
00028 #include <kdebug.h>
00029 
00030 #include <ksockaddr.h>
00031 #include <kextsock.h>
00032 #include <netsupp.h>
00033 
00034 #include "ksslx509map.h"
00035 
00036 class KSSLPeerInfoPrivate {
00037 public:
00038   KSSLPeerInfoPrivate() {}
00039   ~KSSLPeerInfoPrivate() { }
00040   QString peerHost;
00041 };
00042 
00043 
00044 
00045 KSSLPeerInfo::KSSLPeerInfo() {
00046   d = new KSSLPeerInfoPrivate;
00047 }
00048 
00049 KSSLPeerInfo::~KSSLPeerInfo() {
00050   delete d;
00051 }
00052 
00053 KSSLCertificate& KSSLPeerInfo::getPeerCertificate() {
00054   return m_cert;
00055 }
00056 
00057 void KSSLPeerInfo::setPeerHost(QString realHost) {
00058         d->peerHost = realHost.stripWhiteSpace();
00059         while(d->peerHost.endsWith("."))
00060                 d->peerHost.truncate(d->peerHost.length()-1);
00061 
00062         d->peerHost = d->peerHost.lower();
00063 }
00064 
00065 bool KSSLPeerInfo::certMatchesAddress() {
00066 #ifdef KSSL_HAVE_SSL
00067 KSSLX509Map certinfo(m_cert.getSubject());
00068 QStringList cns = QStringList::split(QRegExp("[ \n\r]"), certinfo.getValue("CN"));
00069 
00070         for (QStringList::Iterator cn = cns.begin(); cn != cns.end(); ++cn) {
00071                 if (cnMatchesAddress((*cn).stripWhiteSpace().lower()))
00072                         return true;
00073         }
00074 
00075 #endif
00076 
00077 return false;
00078 }
00079 
00080 
00081 bool KSSLPeerInfo::cnMatchesAddress(QString cn) {
00082 #ifdef KSSL_HAVE_SSL
00083 QRegExp rx;
00084 
00085 
00086         kdDebug(7029) << "Matching CN=[" << cn << "] to ["
00087                       << d->peerHost << "]" << endl;
00088 
00089         // Check for invalid characters
00090         if (QRegExp("[^a-zA-Z0-9\\.\\*\\-]").search(cn) >= 0) {
00091                 kdDebug(7029) << "CN contains invalid characters!  Failing." << endl;
00092                 return false;
00093         }
00094 
00095         // Domains can legally end with '.'s.  We don't need them though.
00096         while(cn.endsWith("."))
00097                 cn.truncate(cn.length()-1);
00098 
00099         // Do not let empty CN's get by!!
00100         if (cn.isEmpty())
00101                 return false;
00102 
00103         // Check for IPv4 address
00104         rx.setPattern("[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}");
00105         if (rx.exactMatch(d->peerHost))
00106                 return d->peerHost == cn;
00107 
00108         // Check for IPv6 address here...
00109         rx.setPattern("^\\[.*\\]$");
00110         if (rx.exactMatch(d->peerHost))
00111                 return d->peerHost == cn;
00112 
00113         if (cn.contains('*')) {
00114                 // First make sure that there are at least two valid parts
00115                 // after the wildcard (*).
00116                 QStringList parts = QStringList::split('.', cn, false);
00117     
00118                 while(parts.count() > 2)
00119                         parts.remove(parts.begin());
00120 
00121                 if (parts.count() != 2) {
00122                         return false;  // we don't allow *.root - that's bad
00123                 }
00124 
00125                 if (parts[0].contains('*') || parts[1].contains('*')) {
00126                         return false;
00127                 }
00128 
00129                 // RFC2818 says that *.example.com should match against
00130                 // foo.example.com but not bar.foo.example.com
00131                 // (ie. they must have the same number of parts)
00132                 if (QRegExp(cn, false, true).exactMatch(d->peerHost) &&
00133                     QStringList::split('.', cn, false).count() == 
00134                     QStringList::split('.', d->peerHost, false).count())
00135                         return true;
00136 
00137                 return false;
00138         }
00139 
00140         // We must have an exact match in this case (insensitive though)
00141         // (note we already did .lower())
00142         if (cn == d->peerHost)
00143                 return true;
00144 #endif
00145 return false;
00146 }
00147 
00148 
00149 void KSSLPeerInfo::reset() {
00150    d->peerHost = QString::null;
00151 }
00152 
00153 
KDE Logo
This file is part of the documentation for kdelibs Version 3.1.5.
Documentation copyright © 1996-2002 the KDE developers.
Generated on Wed Jan 28 13:14:26 2004 by doxygen 1.3.4 written by Dimitri van Heesch, © 1997-2001