|
|
|
/* This file is part of the KDE project
|
|
|
|
*
|
|
|
|
* Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Library General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Library General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Library General Public License
|
|
|
|
* along with this library; see the file COPYING.LIB. If not, write to
|
|
|
|
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
|
|
|
* Boston, MA 02110-1301, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef _KSSL_H
|
|
|
|
#define _KSSL_H
|
|
|
|
|
|
|
|
#include <ksslsettings.h>
|
|
|
|
#include <ksslpeerinfo.h>
|
|
|
|
#include <ksslconnectioninfo.h>
|
|
|
|
|
|
|
|
class KSSLPrivate;
|
|
|
|
class KSSLCertificate;
|
|
|
|
class KSSLPKCS12;
|
|
|
|
class KSSLSession;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* KDE SSL Wrapper Class
|
|
|
|
*
|
|
|
|
* This class implements KDE's SSL support by wrapping OpenSSL.
|
|
|
|
*
|
|
|
|
* @author George Staikos <staikos@kde.org>
|
|
|
|
* @see KExtendedSocket, TCPSlaveBase
|
|
|
|
* @short KDE SSL Class
|
|
|
|
*/
|
|
|
|
class TDEIO_EXPORT KSSL {
|
|
|
|
public:
|
|
|
|
/**
|
|
|
|
* Construct a KSSL object
|
|
|
|
*
|
|
|
|
* @param init Set this to false if you do not want this class to
|
|
|
|
* immediately initialize OpenSSL.
|
|
|
|
*/
|
|
|
|
KSSL(bool init = true);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Destroy this KSSL object
|
|
|
|
*
|
|
|
|
* Does not close any socket.
|
|
|
|
*/
|
|
|
|
~KSSL();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Determine if SSL is available and works.
|
|
|
|
*
|
|
|
|
* @return true is SSL is available and usable
|
|
|
|
*/
|
|
|
|
static bool doesSSLWork();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Initialize OpenSSL.
|
|
|
|
*
|
|
|
|
* @return true on success
|
|
|
|
*
|
|
|
|
* This will do nothing if it is already initialized.
|
|
|
|
* @see reInitialize
|
|
|
|
*/
|
|
|
|
bool initialize();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This is used for applicationss which do STARTTLS or something
|
|
|
|
* similar. It creates a TLS method regardless of the user's settings.
|
|
|
|
*
|
|
|
|
* @return true if TLS is successfully initialized
|
|
|
|
*/
|
|
|
|
bool TLSInit();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Set an SSL session to use. This takes the session from the original
|
|
|
|
* KSSL object, so it is in fact a session move operation.
|
|
|
|
*
|
|
|
|
* @param session A valid session to reuse. If 0L, it will clear the
|
|
|
|
* session ID in memory.
|
|
|
|
*
|
|
|
|
* @return true on success
|
|
|
|
*/
|
|
|
|
bool takeSession(KSSLSession *session);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Close the SSL session.
|
|
|
|
*/
|
|
|
|
void close();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Reinitialize OpenSSL.
|
|
|
|
*
|
|
|
|
* @return true on success
|
|
|
|
*
|
|
|
|
* This is not generally needed unless you are reusing the KSSL object
|
|
|
|
* for a new session.
|
|
|
|
* @see initialize
|
|
|
|
*/
|
|
|
|
bool reInitialize();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Trigger a reread of KSSL configuration and reInitialize() KSSL.
|
|
|
|
*
|
|
|
|
* @return true on successful reinitalizations
|
|
|
|
*
|
|
|
|
* If you setAutoReconfig() to false, then this will simply
|
|
|
|
* reInitialize() and not read in the new configuration.
|
|
|
|
* @see setAutoReconfig
|
|
|
|
*/
|
|
|
|
bool reconfig();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Enable or disable automatic reconfiguration on initialize().
|
|
|
|
*
|
|
|
|
* @param ar Set to false in order to disable auto-reloading of the
|
|
|
|
* KSSL configuration during initialize().
|
|
|
|
*
|
|
|
|
* By default, KSSL will read its configuration on initialize(). You
|
|
|
|
* might want to disable this for performance reasons.
|
|
|
|
*/
|
|
|
|
void setAutoReconfig(bool ar);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This will reseed the pseudo-random number generator with the EGD
|
|
|
|
* (entropy gathering daemon) if the EGD is configured and enabled.
|
|
|
|
* You don't need to call this yourself normally.
|
|
|
|
*
|
|
|
|
* @return 0 on success
|
|
|
|
*/
|
|
|
|
int seedWithEGD();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Set a new KSSLSettings instance as the settings. This deletes the
|
|
|
|
* current instance of KSSLSettings.
|
|
|
|
*
|
|
|
|
* @param settings A new, valid settings object.
|
|
|
|
*
|
|
|
|
* @return true on success
|
|
|
|
*/
|
|
|
|
bool setSettings(KSSLSettings *settings);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* One is built by the constructor, so this will only return a NULL
|
|
|
|
* pointer if you set one with setSettings().
|
|
|
|
*
|
|
|
|
* @return the current settings instance
|
|
|
|
*/
|
|
|
|
KSSLSettings * settings() { return m_cfg; }
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Use this to set the certificate to send to the server.
|
|
|
|
* Do NOT delete the KSSLPKCS12 object until you are done with the
|
|
|
|
* session. It is not defined when KSSL will be done with this.
|
|
|
|
*
|
|
|
|
* @param pkcs the valid PKCS#12 object to send.
|
|
|
|
*
|
|
|
|
* @return true if the certificate was properly set to the session.
|
|
|
|
*/
|
|
|
|
bool setClientCertificate(KSSLPKCS12 *pkcs);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Set the status of the connection with respect to proxies.
|
|
|
|
*
|
|
|
|
* @param active is not used
|
|
|
|
* @param realIP is the IP address of the host you're connecting to
|
|
|
|
* @param realPort is the port of the host you're connecting to
|
|
|
|
* @param proxy is the IP or hostname of the proxy server
|
|
|
|
* @deprecated
|
|
|
|
*/
|
|
|
|
void setProxyUse(bool active, TQString realIP = TQString::null, int realPort = 0, TQString proxy = TQString::null) TDE_DEPRECATED;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Set the peer hostname to be used for certificate verification.
|
|
|
|
*
|
|
|
|
* @param realHost the remote hostname as the user believes to be
|
|
|
|
* connecting to
|
|
|
|
*/
|
|
|
|
void setPeerHost(TQString realHost = TQString::null);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Connect the SSL session to the remote host using the provided
|
|
|
|
* socket descriptor.
|
|
|
|
*
|
|
|
|
* @param sock the socket descriptor to connect with. This must be
|
|
|
|
* an already connected socket.
|
|
|
|
* @return 1 on success, 0 on error setting the file descriptor,
|
|
|
|
* -1 on other error.
|
|
|
|
*/
|
|
|
|
int connect(int sock);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Connect the SSL session to the remote host using the provided
|
|
|
|
* socket descriptor. This is for use with an SSL server application.
|
|
|
|
*
|
|
|
|
* @param sock the socket descriptor to connect with. This must be
|
|
|
|
* an already connected socket.
|
|
|
|
* @return 1 on success, 0 on error setting the file descriptor,
|
|
|
|
* -1 on other error.
|
|
|
|
*/
|
|
|
|
int accept(int sock);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Read data from the remote host via SSL.
|
|
|
|
*
|
|
|
|
* @param buf the buffer to read the data into.
|
|
|
|
* @param len the maximum length of data to read.
|
|
|
|
* @return the number of bytes read, 0 on an exception, or -1 on error.
|
|
|
|
*/
|
|
|
|
int read(void *buf, int len);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Peek at available data from the remote host via SSL.
|
|
|
|
*
|
|
|
|
* @param buf the buffer to read the data into.
|
|
|
|
* @param len the maximum length of data to read.
|
|
|
|
* @return the number of bytes read, 0 on an exception, or -1 on error.
|
|
|
|
*/
|
|
|
|
int peek(void *buf, int len);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Write data to the remote host via SSL.
|
|
|
|
*
|
|
|
|
* @param buf the buffer to read the data from.
|
|
|
|
* @param len the length of data to send from the buffer.
|
|
|
|
* @return the number of bytes written, 0 on an exception,
|
|
|
|
* or -1 on error.
|
|
|
|
*/
|
|
|
|
int write(const void *buf, int len);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Determine if data is waiting to be read.
|
|
|
|
*
|
|
|
|
* @return -1 on error, 0 if no data is waiting, > 0 if data is waiting.
|
|
|
|
*/
|
|
|
|
int pending();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Obtain a reference to the connection information.
|
|
|
|
*
|
|
|
|
* @return a reference to the connection information,
|
|
|
|
* valid after connected
|
|
|
|
* @see KSSLConnectionInfo
|
|
|
|
*/
|
|
|
|
KSSLConnectionInfo& connectionInfo();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Obtain a reference to the information about the peer.
|
|
|
|
*
|
|
|
|
* @return a reference to the peer information,
|
|
|
|
* valid after connected
|
|
|
|
* @see KSSLPeerInfo
|
|
|
|
*/
|
|
|
|
KSSLPeerInfo& peerInfo();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Obtain a pointer to the session information.
|
|
|
|
*
|
|
|
|
* @return a pointer to the session information.
|
|
|
|
* This is valid after connected, while connected.
|
|
|
|
* It is deleted by the KSSL object which returns it.
|
|
|
|
* May return 0L if no valid session exists.
|
|
|
|
* @see KSSLSession
|
|
|
|
*/
|
|
|
|
const KSSLSession* session() const;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Determine if we are currently reusing an SSL session ID.
|
|
|
|
*
|
|
|
|
* @return true if we are reusing a session ID.
|
|
|
|
*/
|
|
|
|
bool reusingSession() const;
|
|
|
|
|
|
|
|
private:
|
|
|
|
static bool m_bSSLWorks;
|
|
|
|
bool m_bInit;
|
|
|
|
bool m_bAutoReconfig;
|
|
|
|
KSSLSettings *m_cfg;
|
|
|
|
KSSLConnectionInfo m_ci;
|
|
|
|
KSSLPeerInfo m_pi;
|
|
|
|
|
|
|
|
KSSLPrivate *d;
|
|
|
|
|
|
|
|
void setConnectionInfo();
|
|
|
|
void setPeerInfo();
|
|
|
|
bool setVerificationLogic();
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|