KSSLInfoDlg usage for java certs
Koos Vriezen
koos.vriezen at xs4all.nl
Sat Jun 5 14:54:46 BST 2004
Hi,
Attached a patch that makes the certificate dialog for java signed applets more
usefull. (eg see BR60180)
Now I have a table with certificates and a table with signers. When double
clicking on an entry, the KSSLInfoDlg pops up with more details. However
there seems to be no way to use this for a chain, is that correct? (it
would be quite nice if that was the case because I could remove the signer
table).
Also, verification of a signed certificate returns invalidCA. The KSSLInfoDlg
dialog suggest that there isn't the signer available, but if I can only pass
one cert, what does one expect?
Please help..
Koos
-------------- next part --------------
Index: kjavaappletserver.h
===================================================================
RCS file: /home/kde/kdelibs/khtml/java/kjavaappletserver.h,v
retrieving revision 1.32
diff -u -3 -p -r1.32 kjavaappletserver.h
--- kjavaappletserver.h 13 Mar 2004 21:37:25 -0000 1.32
+++ kjavaappletserver.h 5 Jun 2004 13:42:34 -0000
@@ -26,8 +26,10 @@
#include "kjavaprocess.h"
#include <qobject.h>
+#include <qptrlist.h>
#include <qmap.h>
-
+#include <qpoint.h>
+#include <qguardedptr.h>
/**
* @short Communicates with a KJAS server to display and control Java applets.
@@ -39,6 +41,9 @@
class KJavaAppletContext;
class KJavaAppletServerPrivate;
class JSStackFrame;
+class KSSLCertificate;
+class QDialog;
+class QTable;
class KJavaAppletServer : public QObject
{
@@ -164,13 +169,19 @@ public:
PermissionDialog( QWidget* );
~PermissionDialog();
- QCString exec( const QString & cert, const QString & perm );
+ QCString exec( QPtrList<KSSLCertificate> & certs, const QString & perm );
private slots:
void clicked();
+ void doubleClicked(int r, int, int, const QPoint&);
private:
QCString m_button;
+ QPtrList<KSSLCertificate> m_certs;
+ QPtrList<KSSLCertificate> m_signers;
+ QGuardedPtr<QDialog> dialog;
+ QTable * cert_table;
+ QTable * signer_table;
};
#endif // KJAVAAPPLETSERVER_H
Index: kjavaappletserver.cpp
===================================================================
RCS file: /home/kde/kdelibs/khtml/java/kjavaappletserver.cpp,v
retrieving revision 1.73
diff -u -3 -p -r1.73 kjavaappletserver.cpp
--- kjavaappletserver.cpp 13 Mar 2004 21:37:25 -0000 1.73
+++ kjavaappletserver.cpp 5 Jun 2004 13:42:34 -0000
@@ -36,6 +36,8 @@
#include <kio/kprotocolmanager.h>
#include <ksslcertificate.h>
#include <ksslcertchain.h>
+#include <ksslx509map.h>
+#include <ksslinfodlg.h>
#include <kssl.h>
#include <qtimer.h>
@@ -48,6 +50,7 @@
#include <qlabel.h>
#include <qdialog.h>
#include <qpushbutton.h>
+#include <qtable.h>
#include <qlayout.h>
#include <qregexp.h>
@@ -621,60 +624,15 @@ void KJavaAppletServer::slotJavaRequest(
certs.setAutoDelete( true );
for (int i = certsnr; i >= 0; i--) {
KSSLCertificate * cert = KSSLCertificate::fromString(args[i+2].ascii());
- if (cert) {
+ if (cert)
certs.prepend(cert);
- if (cert->isSigner())
- text += QString(i18n("Signed by (validation: "));
- else
- text += QString(i18n("Certificate (validation: "));
- switch (cert->validate()) {
- case KSSLCertificate::Ok:
- text += i18n("Ok"); break;
- case KSSLCertificate::NoCARoot:
- text += i18n("NoCARoot"); break;
- case KSSLCertificate::InvalidPurpose:
- text += i18n("InvalidPurpose"); break;
- case KSSLCertificate::PathLengthExceeded:
- text += i18n("PathLengthExceeded"); break;
- case KSSLCertificate::InvalidCA:
- text += i18n("InvalidCA"); break;
- case KSSLCertificate::Expired:
- text += i18n("Expired"); break;
- case KSSLCertificate::SelfSigned:
- text += i18n("SelfSigned"); break;
- case KSSLCertificate::ErrorReadingRoot:
- text += i18n("ErrorReadingRoot"); break;
- case KSSLCertificate::Revoked:
- text += i18n("Revoked"); break;
- case KSSLCertificate::Untrusted:
- text += i18n("Untrusted"); break;
- case KSSLCertificate::SignatureFailed:
- text += i18n("SignatureFailed"); break;
- case KSSLCertificate::Rejected:
- text += i18n("Rejected"); break;
- case KSSLCertificate::PrivateKeyFailed:
- text += i18n("PrivateKeyFailed"); break;
- case KSSLCertificate::InvalidHost:
- text += i18n("InvalidHost"); break;
- case KSSLCertificate::Unknown:
- default:
- text += i18n("Unknown"); break;
- }
- text += QString(")\n");
- QString subject = cert->getSubject() + QChar('\n');
- QRegExp reg(QString("/[A-Z]+="));
- int pos = 0;
- while ((pos = subject.find(reg, pos)) > -1)
- subject.replace(pos, 1, QString("\n "));
- text += subject.mid(1);
- }
}
kdDebug(6100) << "Security confirm " << args[0] << certs.count() << endl;
if ( certs.count() ) {
KSSLCertChain chain;
chain.setChain( certs );
if ( chain.isValid() )
- answer = PermissionDialog( qApp->activeWindow() ).exec( text, args[0] );
+ answer = PermissionDialog( qApp->activeWindow() ).exec( certs, args[0] );
}
}
sl.push_front( QString(answer) );
@@ -769,9 +727,87 @@ PermissionDialog::PermissionDialog( QWid
: QObject(parent), m_button("no")
{}
-QCString PermissionDialog::exec( const QString & cert, const QString & perm ) {
- QGuardedPtr<QDialog> dialog = new QDialog( static_cast<QWidget*>(parent()), "PermissionDialog");
+void PermissionDialog::doubleClicked(int r, int, int, const QPoint&) {
+ QPtrList<KSSLCertificate> & certs = sender() == signer_table ? m_signers : m_certs;
+ if (r < (int) certs.count()) {
+ QGuardedPtr<KSSLInfoDlg> kssldlg = new KSSLInfoDlg( dialog );
+ kssldlg->setup( certs.at(r), QString::null, QString::null, QString::null, QString::null, QString::null, -1, -1, KSSLCertificate::KSSLValidation());
+ kssldlg->exec();
+ delete kssldlg;
+ }
+}
+QCString PermissionDialog::exec( QPtrList<KSSLCertificate> & certs, const QString & perm ) {
+ dialog = new QDialog( static_cast<QWidget*>(parent()), "PermissionDialog");
+ cert_table = new QTable( 0, 3, dialog );
+ signer_table = new QTable( 0, 3, dialog );
+ for (QTable *t = cert_table; t; t = (t == cert_table ? signer_table : 0L)) {
+ t->verticalHeader()->hide();
+ t->setLeftMargin(0);
+ t->setSelectionMode( QTable::SingleRow );
+ QHeader *header = t->horizontalHeader();
+ header->setLabel( 0, i18n("Organisation") );
+ header->setLabel( 1, i18n("Common Name") );
+ header->setLabel( 2, i18n("Validation") );
+ connect( t, SIGNAL(doubleClicked(int, int, int, const QPoint&)),
+ this, SLOT(doubleClicked(int, int, int, const QPoint&)) );
+ }
+ QString text;
+ for (KSSLCertificate *cert = certs.first(); cert; cert = certs.next()) {
+ QTable * table;
+ if (cert->isSigner()) {
+ m_signers.append(cert);
+ table = signer_table;
+ } else {
+ m_certs.append(cert);
+ table = cert_table;
+ }
+ table->insertRows( table->numRows() );
+ KSSLX509Map certmap( cert->getSubject() );
+ table->setText( table->numRows()-1, 0, certmap.getValue("O") );
+ table->setText( table->numRows()-1, 0, certmap.getValue("CN") );
+ QString validation;
+ switch (cert->validate()) {
+ case KSSLCertificate::Ok:
+ validation = i18n("Ok"); break;
+ case KSSLCertificate::NoCARoot:
+ validation = i18n("NoCARoot"); break;
+ case KSSLCertificate::InvalidPurpose:
+ validation = i18n("InvalidPurpose"); break;
+ case KSSLCertificate::PathLengthExceeded:
+ validation = i18n("PathLengthExceeded"); break;
+ case KSSLCertificate::InvalidCA:
+ validation = i18n("InvalidCA"); break;
+ case KSSLCertificate::Expired:
+ validation = i18n("Expired"); break;
+ case KSSLCertificate::SelfSigned:
+ validation = i18n("SelfSigned"); break;
+ case KSSLCertificate::ErrorReadingRoot:
+ validation = i18n("ErrorReadingRoot"); break;
+ case KSSLCertificate::Revoked:
+ validation = i18n("Revoked"); break;
+ case KSSLCertificate::Untrusted:
+ validation = i18n("Untrusted"); break;
+ case KSSLCertificate::SignatureFailed:
+ validation = i18n("SignatureFailed"); break;
+ case KSSLCertificate::Rejected:
+ validation = i18n("Rejected"); break;
+ case KSSLCertificate::PrivateKeyFailed:
+ validation = i18n("PrivateKeyFailed"); break;
+ case KSSLCertificate::InvalidHost:
+ validation = i18n("InvalidHost"); break;
+ case KSSLCertificate::Unknown:
+ default:
+ validation = i18n("Unknown"); break;
+ }
+ table->setText( table->numRows()-1, 2, validation);
+ }
+ for (QTable *t = cert_table; t; t = (t == cert_table ? signer_table : 0L)) {
+ for (int c = 0; c < 3; c++)
+ t->adjustColumn(c);
+ if (t->numRows() > 0)
+ t->setMinimumSize(t->minimumSize().width(), 3*t->rowHeight(0));
+ }
dialog->setSizePolicy( QSizePolicy( (QSizePolicy::SizeType)1, (QSizePolicy::SizeType)1, 0, 0, dialog->sizePolicy().hasHeightForWidth() ) );
dialog->setModal( true );
dialog->setCaption( i18n("Security Alert") );
@@ -779,9 +815,13 @@ QCString PermissionDialog::exec( const Q
QVBoxLayout * dialogLayout = new QVBoxLayout( dialog, 11, 6, "dialogLayout");
dialogLayout->addWidget( new QLabel( i18n("Do you grant Java applet with certificate(s):"), dialog ) );
- dialogLayout->addWidget( new QLabel( cert, dialog, "message" ) );
- dialogLayout->addWidget( new QLabel( i18n("the following permission"), dialog, "message" ) );
- dialogLayout->addWidget( new QLabel( perm, dialog, "message" ) );
+ dialogLayout->addWidget( cert_table );
+ if (signer_table->numRows() > 0) {
+ dialogLayout->addWidget( new QLabel( i18n("signer(s):"), dialog ) );
+ dialogLayout->addWidget( signer_table );
+ }
+ dialogLayout->addWidget( new QLabel( i18n("the following permission"), dialog ) );
+ dialogLayout->addWidget( new QLabel( perm, dialog ) );
QSpacerItem * spacer2 = new QSpacerItem( 20, 40, QSizePolicy::Minimum, QSizePolicy::Expanding );
dialogLayout->addItem( spacer2 );
More information about the kfm-devel
mailing list