Mercurial > trustbridge
annotate ui/sslconnection_bare.h @ 908:d1c951b3012d
Curl based implementation of sslconnection
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Wed, 13 Aug 2014 19:35:08 +0200 |
| parents | |
| children | eaed02defe6a |
| rev | line source |
|---|---|
|
908
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1 #ifndef UI_SSLCONNECTION_BARE_H |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
2 #define UI_SSLCONNECTION_BARE_H |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
3 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
4 * Software engineering by Intevation GmbH |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
5 * |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
6 * This file is Free Software under the GNU GPL (v>=2) |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
7 * and comes with ABSOLUTELY NO WARRANTY! |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
8 * See LICENSE.txt for details. |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
9 */ |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
10 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
11 #include "sslconnection.h" |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
12 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
13 #include <polarssl/entropy.h> |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
14 #include <polarssl/net.h> |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
15 #include <polarssl/ssl.h> |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
16 #include <polarssl/ctr_drbg.h> |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
17 #include <polarssl/error.h> |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
18 #include <polarssl/certs.h> |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
19 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
20 /** |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
21 * @file sslconnection_bare.h |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
22 * @brief SSLConnection doing bare SSL over PolarSSL |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
23 * */ |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
24 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
25 class SSLConnectionBare : public SSLConnection |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
26 { |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
27 public: |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
28 SSLConnectionBare(const QString& url, |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
29 const QByteArray& certificate = QByteArray()); |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
30 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
31 ~SSLConnectionBare(); |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
32 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
33 /** @brief write */ |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
34 int write(const QByteArray& request); |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
35 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
36 /** |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
37 * @brief read at most len bytes and reset the connection |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
38 * |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
39 * @param [in] len Amount of bytes to read. |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
40 * |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
41 * @returns a byte array containing the data or |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
42 * a NULL byte array on error*/ |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
43 QByteArray read(size_t len); |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
44 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
45 /** @brief: Establish the connection |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
46 * |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
47 * @returns 0 on success otherwise an error or -1 is returned |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
48 */ |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
49 int connect(); |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
50 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
51 private: |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
52 x509_crt mX509PinnedCert; |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
53 entropy_context mEntropy; |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
54 ctr_drbg_context mCtr_drbg; |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
55 ssl_context mSSL; |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
56 ssl_session mSavedSession; |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
57 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
58 /* @brief: Initialize polarssl structures |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
59 * |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
60 * This wraps polarssl initialization functions |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
61 * that can return an error. |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
62 * Sets the error state accordingly. |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
63 * |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
64 * @returns: 0 on success a polarssl error otherwise. |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
65 */ |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
66 int init(); |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
67 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
68 /* @brief Reset the connection. |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
69 * |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
70 * Resets the https connection and does another handshake. |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
71 * |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
72 * @returns: 0 on success a polarssl error or -1 otherwise. */ |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
73 int reset(); |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
74 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
75 /* @brief validates that the certificate matches the pinned one. |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
76 * |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
77 * Checks the peer certificate of mSSL and validates that the |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
78 * certificate matches mPinnedCertificate. |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
79 * |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
80 * @returns: 0 on success a polarssl error or -1 otherwise. */ |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
81 int validateCertificate(); |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
82 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
83 /* @brief disconnects the connection */ |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
84 void disconnect(); |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
85 }; |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
86 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
87 #endif // UI_SSLCONNECTION_BARE_H |