ksslcertificate.h

/* This file is part of the KDE project
 *
 * Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Library General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public License
 * along with this library; see the file COPYING.LIB.  If not, write to
 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 * Boston, MA 02110-1301, USA.
 */
 
#ifndef _KSSLCERTIFICATE_H
#define _KSSLCERTIFICATE_H
 
 
// UPDATE: I like the structure of this class less and less every time I look
//         at it.  I think it needs to change.
//
//
//  The biggest reason for making everything protected here is so that
//  the class can have all it's methods available even if openssl is not
//  available.  Also, to create a new certificate you should use the
//  KSSLCertificateFactory, and to manage the user's database of certificates,
//  you should go through the KSSLCertificateHome.
//
//  There should be no reason to touch the X509 stuff directly.
//
 
#include <tqcstring.h>
#include <tqvaluelist.h>
 
class TQString;
class TQStringList;
class TQCString;
class KSSL;
class KSSLCertificatePrivate;
class TQDateTime;
class KSSLCertChain;
class KSSLX509V3;
 
#include <tdelibs_export.h>
 
#ifdef TQ_WS_WIN
#include "ksslconfig_win.h"
#else
#include "ksslconfig.h"
#endif
 
#ifdef KSSL_HAVE_SSL
typedef struct x509_st X509;
typedef struct X509_crl_st X509_CRL;
#else
class X509;
class X509_CRL;
#endif
 
class TDEIO_EXPORT KSSLCertificate {
friend class KSSL;
friend class KSSLCertificateHome;
friend class KSSLCertificateFactory;
friend class KSSLCertificateCache;
friend class KSSLCertChain;
friend class KSSLPeerInfo;
friend class KSSLPKCS12;
friend class KSSLD;
friend class KSMIMECryptoPrivate;
 
 
public:
    ~KSSLCertificate();
 
    static KSSLCertificate *fromString(TQCString cert);
 
    static KSSLCertificate *crlFromString(TQCString cert);
 
    static KSSLCertificate *fromX509(X509 *x5);
 
    enum KSSLValidation {   Unknown, Ok, NoCARoot, InvalidPurpose,
                PathLengthExceeded, InvalidCA, Expired,
                SelfSigned, ErrorReadingRoot, NoSSL,
                Revoked, Untrusted, SignatureFailed,
                Rejected, PrivateKeyFailed, InvalidHost,
                Irrelevant, SelfSignedChain
                };
 
    enum KSSLPurpose {      None=0, SSLServer=1, SSLClient=2,
                SMIMESign=3, SMIMEEncrypt=4, Any=5 };
 
        typedef TQValueList<KSSLValidation> KSSLValidationList;
 
    TQString toString();
 
    TQString getSubject() const;
 
    TQString getIssuer() const;
 
    TQString getNotBefore() const;
 
    TQString getNotAfter() const;
 
    TQDateTime getQDTNotBefore() const;
 
    TQDateTime getQDTNotAfter() const;
 
    TQDateTime getQDTLastUpdate() const;
 
    TQDateTime getQDTNextUpdate() const;
 
    TQByteArray toDer();
 
    TQByteArray toPem();
 
    TQByteArray toNetscape();
 
    TQString toText();
 
    TQString getSerialNumber() const;
 
    TQString getKeyType() const;
 
    TQString getPublicKeyText() const;
 
    TQString getMD5DigestText() const;
 
    TQString getMD5Digest() const;
 
    TQString getSignatureText() const;
 
    bool isValid();
 
    bool isValid(KSSLPurpose p);
 
    TQStringList subjAltNames() const;
 
    KSSLValidation validate();
 
    KSSLValidation validate(KSSLPurpose p);
 
    KSSLValidationList validateVerbose(KSSLPurpose p);
 
    KSSLValidationList validateVerbose(KSSLPurpose p, KSSLCertificate *ca);
 
    KSSLValidation revalidate();
 
    KSSLValidation revalidate(KSSLPurpose p);
 
    KSSLCertChain& chain();
 
    static TQString verifyText(KSSLValidation x);
 
    KSSLCertificate *replicate();
 
    KSSLCertificate(const KSSLCertificate& x); // copy constructor
 
    bool setCert(TQString& cert);
 
    KSSLX509V3& x509V3Extensions();
 
    bool isSigner();
 
    void getEmails(TQStringList& to) const;
 
    TQString getKDEKey() const;
 
    static TQString getMD5DigestFromKDEKey(const TQString& k);
 
private:
    TDEIO_EXPORT friend int operator!=(KSSLCertificate& x, KSSLCertificate& y);
    TDEIO_EXPORT friend int operator==(KSSLCertificate& x, KSSLCertificate& y);
 
    KSSLCertificatePrivate *d;
    int purposeToOpenSSL(KSSLPurpose p) const;
 
protected:
    KSSLCertificate();
 
    void setCert(X509 *c);
    void setCRL(X509_CRL *c);
    void setChain(void *c);
    X509 *getCert();
    KSSLValidation processError(int ec);
};
 
TDEIO_EXPORT TQDataStream& operator<<(TQDataStream& s, const KSSLCertificate& r);
TDEIO_EXPORT TQDataStream& operator>>(TQDataStream& s, KSSLCertificate& r);
 
TDEIO_EXPORT int operator==(KSSLCertificate& x, KSSLCertificate& y);
TDEIO_EXPORT inline int operator!=(KSSLCertificate& x, KSSLCertificate& y)
{ return !(x == y); }
 
#endif