annotate ui/sslconnection.h @ 654:129e611eaf50

Merge branch trustbridge-refactor
author Andre Heinecke <andre.heinecke@intevation.de>
date Wed, 25 Jun 2014 15:16:24 +0200
parents 17e1c8f37d72
children d1c951b3012d
rev   line source
404
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 46
diff changeset
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 46
diff changeset
2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 46
diff changeset
3 *
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 46
diff changeset
4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 46
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 46
diff changeset
6 * See LICENSE.txt for details.
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 46
diff changeset
7 */
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
8 #ifndef SSLCONNECTION_H
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
9 #define SSLCONNECTION_H
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
10
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
11 /**
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
12 * @file sslconnection.h
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
13 * @brief Qt wrapper around polarssl ssl api
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
14 */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
15
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
16 #include <QDebug>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
17 #include <QUrl>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
18 #include <QString>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
19 #include <QByteArray>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
20
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
21 #include <polarssl/entropy.h>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
22 #include <polarssl/net.h>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
23 #include <polarssl/ssl.h>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
24 #include <polarssl/ctr_drbg.h>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
25 #include <polarssl/error.h>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
26 #include <polarssl/certs.h>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
27
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
28 class SSLConnection
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
29 {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
30 public:
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
31 enum ErrorCode {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
32 NoError,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
33 NoConnection,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
34 SSLHandshakeFailed,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
35 InvalidCertificate,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
36 InvalidPinnedCertificate,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
37 InvalidResponse,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
38 ConnectionLost,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
39 Timeout,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
40 ErrUnknown
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
41 };
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
42
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
43 /**
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
44 * @brief Construct a pinned SSL Connection
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
45 *
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
46 * @param[in] url the Url to connect to
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
47 * @param[in] certificate optional certificate to validate https connection
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
48 */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
49 SSLConnection(const QString& url,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
50 const QByteArray& certificate = QByteArray());
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
51
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
52 ~SSLConnection();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
53
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
54 /** @brief write */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
55 int write(const QByteArray& request);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
56
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
57 /**
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
58 * @brief read at most len bytes and reset the connection
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
59 *
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
60 * @param [in] len Amount of bytes to read.
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
61 *
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
62 * @returns a byte array containing the data or
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
63 * a NULL byte array on error*/
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
64 QByteArray read(size_t len);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
65
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
66 bool initialized() { return mInitialized; }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
67 bool connected() { return mConnected; }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
68
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
69 ErrorCode getLastError() { return mErrorState; }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
70
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
71 /** @brief: Establish the connection
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
72 *
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
73 * @returns 0 on success otherwise a polarssl error or -1 is returned
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
74 */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
75 int connect();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
76
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
77 private:
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
78 QUrl mUrl;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
79 QByteArray mPinnedCert;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
80 x509_crt mX509PinnedCert;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
81 entropy_context mEntropy;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
82 ctr_drbg_context mCtr_drbg;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
83 ssl_context mSSL;
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
84 ssl_session mSavedSession;
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
85 bool mInitialized;
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
86 bool mConnected; /* A connection was established */
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
87 bool mNeedsReset; /* The connection needs to be reset before the next
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
88 write */
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
89 int mServerFD;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
90 SSLConnection::ErrorCode mErrorState;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
91 /* @brief: Initialize polarssl structures
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
92 *
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
93 * This wraps polarssl initialization functions
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
94 * that can return an error.
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
95 * Sets the error state accordingly.
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
96 *
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
97 * @returns: 0 on success a polarssl error otherwise.
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
98 */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
99 int init();
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
100
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
101 /* @brief Reset the connection.
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
102 *
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
103 * Resets the https connection and does another handshake.
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
104 *
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
105 * @returns: 0 on success a polarssl error or -1 otherwise. */
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
106 int reset();
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
107
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
108 /* @brief validates that the certificate matches the pinned one.
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
109 *
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
110 * Checks the peer certificate of mSSL and validates that the
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
111 * certificate matches mPinnedCertificate.
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
112 *
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
113 * @returns: 0 on success a polarssl error or -1 otherwise. */
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
114 int validateCertificate();
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
115
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
116 /* @brief disconnects the connection */
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
117 void disconnect();
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
118 };
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
119
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
120 #endif

http://wald.intevation.org/projects/trustbridge/