summaryrefslogtreecommitdiffstats
path: root/tdeio/kssl/ksslcertificatecache.h
blob: 924cb0f54e8940ec68ea52a107a5bc132ffd3e25 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
/* This file is part of the KDE project
 *
 * Copyright (C) 2000, 2001 George Staikos <staikos@kde.org>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Library General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public License
 * along with this library; see the file COPYING.LIB.  If not, write to
 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 * Boston, MA 02110-1301, USA.
 */

#ifndef _INCLUDE_KSSLCCACHE_H
#define _INCLUDE_KSSLCCACHE_H

class KSSLCertificate;
#include <tqstring.h>
#include <tqstringlist.h>
#include <tqdatetime.h>

#include <tdelibs_export.h>

class TDEIO_EXPORT KSSLCertificateCache {
public:

enum KSSLCertificatePolicy { Unknown, Reject, Accept, Prompt, Ambiguous };
// Unknown: no policy has been set for this record
// Reject: user has requested to not accept data from this site
// Accept: user has requested to always accept data from this site
// Prompt: user wishes to be prompted before accepting this certificate
//         You may need to set a [non-]permanent policy on this record after
//         the user is prompted.
// Ambiguous: The state cannot be uniquely determined.  Hopefully this
//            doesn't happen.

  KSSLCertificateCache();
  ~KSSLCertificateCache();

  void addCertificate(KSSLCertificate& cert, KSSLCertificatePolicy policy, 
                                                     bool permanent = true);

  // WARNING!  This is not a "secure" method.  You need to actually
  //           do a getPolicyByCertificate to be cryptographically sure
  //           that this is an accepted certificate/site pair.
  //           (note that the site (CN) is encoded in the certificate
  //            so you should only accept certificates whose CN matches
  //            the exact FQDN of the site presenting it)
  //           If you're just doing an OpenSSL connection, I believe it
  //           tests this for you, but don't take my word for it.
  KSSLCertificatePolicy getPolicyByCN(TQString& cn);

  KSSLCertificatePolicy getPolicyByCertificate(KSSLCertificate& cert);

  bool seenCN(TQString& cn);
  bool seenCertificate(KSSLCertificate& cert);

  bool removeByCN(TQString& cn);
  bool removeByCertificate(KSSLCertificate& cert);

  bool isPermanent(KSSLCertificate& cert);

  bool modifyByCN(TQString& cn,
                  KSSLCertificateCache::KSSLCertificatePolicy policy,
                  bool permanent,
                  TQDateTime& expires);

  bool modifyByCertificate(KSSLCertificate& cert,
                           KSSLCertificateCache::KSSLCertificatePolicy policy,
                           bool permanent,
                           TQDateTime& expires);

  TQStringList getHostList(KSSLCertificate& cert);
  bool addHost(KSSLCertificate& cert, TQString& host);
  bool removeHost(KSSLCertificate& cert, TQString& host);

  // SMIME
  TQStringList getKDEKeyByEmail(const TQString &email);
  KSSLCertificate *getCertByMD5Digest(const TQString &key);

  void reload();

  // You shouldn't need to call this but in some weird circumstances
  // it might be necessary.
  void saveToDisk();

private:
  class KSSLCertificateCachePrivate;
  KSSLCertificateCachePrivate *d;

  void loadDefaultPolicies();
  void clearList();

};


TDEIO_EXPORT TQDataStream& operator<<(TQDataStream& s, const KSSLCertificateCache::KSSLCertificatePolicy& p);
TDEIO_EXPORT TQDataStream& operator>>(TQDataStream& s, KSSLCertificateCache::KSSLCertificatePolicy& p);

#endif