annotate ui/sslconnection.h @ 633:6c090638b2b4

Use static buffer for module file name. According to the msdn examle the return value of getmodulefilename should be used to indicate success and not the size. And according to comments on that function on Windows 8.1 it does not return the needed size. So better be more robust and just use max_path as a limit.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 23 Jun 2014 15:29:48 +0200
parents 17e1c8f37d72
children d1c951b3012d
rev   line source
404
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 46
diff changeset
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 46
diff changeset
2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 46
diff changeset
3 *
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 46
diff changeset
4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 46
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 46
diff changeset
6 * See LICENSE.txt for details.
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 46
diff changeset
7 */
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
8 #ifndef SSLCONNECTION_H
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
9 #define SSLCONNECTION_H
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
10
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
11 /**
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
12 * @file sslconnection.h
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
13 * @brief Qt wrapper around polarssl ssl api
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
14 */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
15
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
16 #include <QDebug>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
17 #include <QUrl>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
18 #include <QString>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
19 #include <QByteArray>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
20
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
21 #include <polarssl/entropy.h>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
22 #include <polarssl/net.h>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
23 #include <polarssl/ssl.h>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
24 #include <polarssl/ctr_drbg.h>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
25 #include <polarssl/error.h>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
26 #include <polarssl/certs.h>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
27
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
28 class SSLConnection
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
29 {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
30 public:
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
31 enum ErrorCode {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
32 NoError,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
33 NoConnection,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
34 SSLHandshakeFailed,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
35 InvalidCertificate,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
36 InvalidPinnedCertificate,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
37 InvalidResponse,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
38 ConnectionLost,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
39 Timeout,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
40 ErrUnknown
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
41 };
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
42
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
43 /**
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
44 * @brief Construct a pinned SSL Connection
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
45 *
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
46 * @param[in] url the Url to connect to
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
47 * @param[in] certificate optional certificate to validate https connection
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
48 */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
49 SSLConnection(const QString& url,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
50 const QByteArray& certificate = QByteArray());
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
51
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
52 ~SSLConnection();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
53
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
54 /** @brief write */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
55 int write(const QByteArray& request);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
56
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
57 /**
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
58 * @brief read at most len bytes and reset the connection
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
59 *
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
60 * @param [in] len Amount of bytes to read.
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
61 *
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
62 * @returns a byte array containing the data or
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
63 * a NULL byte array on error*/
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
64 QByteArray read(size_t len);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
65
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
66 bool initialized() { return mInitialized; }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
67 bool connected() { return mConnected; }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
68
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
69 ErrorCode getLastError() { return mErrorState; }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
70
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
71 /** @brief: Establish the connection
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
72 *
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
73 * @returns 0 on success otherwise a polarssl error or -1 is returned
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
74 */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
75 int connect();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
76
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
77 private:
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
78 QUrl mUrl;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
79 QByteArray mPinnedCert;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
80 x509_crt mX509PinnedCert;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
81 entropy_context mEntropy;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
82 ctr_drbg_context mCtr_drbg;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
83 ssl_context mSSL;
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
84 ssl_session mSavedSession;
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
85 bool mInitialized;
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
86 bool mConnected; /* A connection was established */
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
87 bool mNeedsReset; /* The connection needs to be reset before the next
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
88 write */
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
89 int mServerFD;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
90 SSLConnection::ErrorCode mErrorState;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
91 /* @brief: Initialize polarssl structures
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
92 *
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
93 * This wraps polarssl initialization functions
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
94 * that can return an error.
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
95 * Sets the error state accordingly.
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
96 *
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
97 * @returns: 0 on success a polarssl error otherwise.
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
98 */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
99 int init();
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
100
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
101 /* @brief Reset the connection.
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
102 *
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
103 * Resets the https connection and does another handshake.
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
104 *
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
105 * @returns: 0 on success a polarssl error or -1 otherwise. */
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
106 int reset();
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
107
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
108 /* @brief validates that the certificate matches the pinned one.
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
109 *
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
110 * Checks the peer certificate of mSSL and validates that the
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
111 * certificate matches mPinnedCertificate.
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
112 *
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
113 * @returns: 0 on success a polarssl error or -1 otherwise. */
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
114 int validateCertificate();
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
115
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
116 /* @brief disconnects the connection */
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
117 void disconnect();
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
118 };
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
119
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
120 #endif

http://wald.intevation.org/projects/trustbridge/