• Skip to content
  • Skip to link menu
KDE 4.3 API Reference
  • KDE API Reference
  • kdelibs
  • Sitemap
  • Contact Us
 

KIO

sslui.cpp

Go to the documentation of this file.
00001 /* This file is part of the KDE project
00002  *
00003  * Copyright (C) 2009 Andreas Hartmetz <ahartmetz@gmail.com>
00004  *
00005  * This library is free software; you can redistribute it and/or
00006  * modify it under the terms of the GNU Library General Public
00007  * License as published by the Free Software Foundation; either
00008  * version 2 of the License, or (at your option) any later version.
00009  *
00010  * This library is distributed in the hope that it will be useful,
00011  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00012  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00013  * Library General Public License for more details.
00014  *
00015  * You should have received a copy of the GNU Library General Public License
00016  * along with this library; see the file COPYING.LIB.  If not, write to
00017  * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
00018  * Boston, MA 02110-1301, USA.
00019  */
00020 
00021 #include "sslui.h"
00022 
00023 #include <kdebug.h>
00024 #include <klocalizedstring.h>
00025 #include <kmessagebox.h>
00026 #include <ksslcertificatemanager.h>
00027 #include <ksslinfodialog.h>
00028 #include <ktcpsocket_p.h>
00029 
00030 
00031 bool KIO::SslUi::askIgnoreSslErrors(const KTcpSocket *socket, RulesStorage storedRules)
00032 {
00033     KSslErrorUiData uiData(socket);
00034     return askIgnoreSslErrors(uiData, storedRules);
00035 }
00036 
00037 
00038 bool KIO::SslUi::askIgnoreSslErrors(const KSslErrorUiData &uiData, RulesStorage storedRules)
00039 {
00040     const KSslErrorUiData::Private *ud = KSslErrorUiData::Private::get(&uiData);
00041     if (ud->sslErrors.isEmpty()) {
00042         return true;
00043     }
00044 
00045     QList<KSslError> fatalErrors = KSslCertificateManager::nonIgnorableErrors(ud->sslErrors);
00046     if (!fatalErrors.isEmpty()) {
00047         //TODO message "sorry, fatal error, you can't override it"
00048         return false;
00049     }
00050     if (ud->certificateChain.isEmpty()) {
00051         // SSL without certificates is quite useless and should never happen
00052         KMessageBox::sorry(0, i18n("The remote host did not send any SSL certificates.\n"
00053                                    "Aborting because the identity of the host cannot be established."));
00054         return false;
00055     }
00056 
00057     KSslCertificateManager *const cm = KSslCertificateManager::self();
00058     KSslCertificateRule rule(ud->certificateChain.first(), ud->host);
00059     if (storedRules & RecallRules) {
00060         rule = cm->rule(ud->certificateChain.first(), ud->host);
00061         // remove previously seen and acknowledged errors
00062         QList<KSslError> remainingErrors = rule.filterErrors(ud->sslErrors);
00063         if (remainingErrors.isEmpty()) {
00064             kDebug(7029) << "Error list empty after removing errors to be ignored. Continuing.";
00065             return true;
00066         }
00067     }
00068 
00069     //### We don't ask to permanently reject the certificate
00070 
00071     QString message = i18n("The server failed the authenticity check (%1).\n\n", ud->host);
00072     foreach (const KSslError &err, ud->sslErrors) {
00073         message.append(err.errorString());
00074         message.append('\n');
00075     }
00076     message = message.trimmed();
00077 
00078     int msgResult;
00079     do {
00080         msgResult = KMessageBox::warningYesNoCancel(0, message, i18n("Server Authentication"),
00081                                                     KGuiItem(i18n("&Details")),
00082                                                     KGuiItem(i18n("Co&ntinue")));
00083         if (msgResult == KMessageBox::Yes) {
00084             //Details was chosen - show the certificate and error details
00085 
00086 
00087             QList<QList<KSslError::Error> > meh;    // parallel list to cert list :/
00088 
00089             foreach (const QSslCertificate &cert, ud->certificateChain) {
00090                 QList<KSslError::Error> errors;
00091                 foreach(const KSslError &error, ud->sslErrors) {
00092                     if (error.certificate() == cert) {
00093                         // we keep only the error code enum here
00094                         errors.append(error.error());
00095                     }
00096                 }
00097                 meh.append(errors);
00098             }
00099 
00100 
00101             KSslInfoDialog *dialog = new KSslInfoDialog();
00102             dialog->setSslInfo(ud->certificateChain, ud->ip, ud->host, ud->sslProtocol,
00103                                ud->cipher, ud->usedBits, ud->bits, meh);
00104             dialog->exec();
00105         } else if (msgResult == KMessageBox::Cancel) {
00106             return false;
00107         }
00108         //fall through on KMessageBox::No
00109     } while (msgResult == KMessageBox::Yes);
00110 
00111 
00112     if (storedRules & StoreRules) {
00113         //Save the user's choice to ignore the SSL errors.
00114 
00115         msgResult = KMessageBox::warningYesNo(0,
00116                                 i18n("Would you like to accept this "
00117                                     "certificate forever without "
00118                                     "being prompted?"),
00119                                 i18n("Server Authentication"),
00120                                 KGuiItem(i18n("&Forever")),
00121                                 KGuiItem(i18n("&Current Session only")));
00122         QDateTime ruleExpiry = QDateTime::currentDateTime();
00123         if (msgResult == KMessageBox::Yes) {
00124             //accept forever ("for a very long time")
00125             ruleExpiry = ruleExpiry.addYears(1000);
00126         } else {
00127             //accept "for a short time", half an hour.
00128             ruleExpiry = ruleExpiry.addSecs(30*60);
00129         }
00130 
00131         //TODO special cases for wildcard domain name in the certificate!
00132         //rule = KSslCertificateRule(d->socket.peerCertificateChain().first(), whatever);
00133 
00134         rule.setExpiryDateTime(ruleExpiry);
00135         rule.setIgnoredErrors(ud->sslErrors);
00136         cm->setRule(rule);
00137     }
00138 
00139     return true;
00140 }
00141 

KIO

Skip menu "KIO"
  • Main Page
  • Namespace List
  • Class Hierarchy
  • Alphabetical List
  • Class List
  • File List
  • Namespace Members
  • Class Members
  • Related Pages

kdelibs

Skip menu "kdelibs"
  • DNSSD
  • Interfaces
  •   KHexEdit
  •   KMediaPlayer
  •   KSpeech
  •   KTextEditor
  • Kate
  • kconf_update
  • KDE3Support
  •   KUnitTest
  • KDECore
  • KDED
  • KDEsu
  • KDEUI
  • KDocTools
  • KFile
  • KHTML
  • KImgIO
  • KInit
  • kio
  • KIOSlave
  • KJS
  •   KJS-API
  •   WTF
  • kjsembed
  • KNewStuff
  • KParts
  • KPty
  • Kross
  • KUtils
  • Nepomuk
  • Plasma
  • Solid
  • Sonnet
  • ThreadWeaver
Generated for kdelibs by doxygen 1.6.1
This website is maintained by Adriaan de Groot and Allen Winter.
KDE® and the K Desktop Environment® logo are registered trademarks of KDE e.V. | Legal