Mercurial > trustbridge
annotate ui/sslconnection_bare.h @ 1070:f110a3f6e387
(issue114) Fine tune ACL propagation
using mkdir_p the ACL of the parent directories would
propagate to all subdirectories and objects in the directory.
Now we only use ACL propagation in the last directory to make
sure that files we might create in that directory inherit the
correct (resitricted) ACL
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Wed, 10 Sep 2014 16:41:36 +0200 |
| parents | 2949f1842955 |
| children | 2a1aa9df8f11 |
| rev | line source |
|---|---|
|
908
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1 #ifndef UI_SSLCONNECTION_BARE_H |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
2 #define UI_SSLCONNECTION_BARE_H |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
3 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
4 * Software engineering by Intevation GmbH |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
5 * |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
6 * This file is Free Software under the GNU GPL (v>=2) |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
7 * and comes with ABSOLUTELY NO WARRANTY! |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
8 * See LICENSE.txt for details. |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
9 */ |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
10 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
11 #include "sslconnection.h" |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
12 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
13 #include <polarssl/entropy.h> |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
14 #include <polarssl/net.h> |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
15 #include <polarssl/ssl.h> |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
16 #include <polarssl/ctr_drbg.h> |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
17 #include <polarssl/error.h> |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
18 #include <polarssl/certs.h> |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
19 |
|
910
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
20 #include <QDateTime> |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
21 |
|
908
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
22 /** |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
23 * @file sslconnection_bare.h |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
24 * @brief SSLConnection doing bare SSL over PolarSSL |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
25 * */ |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
26 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
27 class SSLConnectionBare : public SSLConnection |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
28 { |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
29 public: |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
30 SSLConnectionBare(const QString& url, |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
31 const QByteArray& certificate = QByteArray()); |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
32 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
33 ~SSLConnectionBare(); |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
34 |
|
910
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
35 int connect(); |
|
908
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
36 |
|
910
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
37 QDateTime getLastModifiedHeader(const QString &resource); |
|
908
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
38 |
|
910
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
39 bool downloadFile(const QString &resource, const QString &filename, |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
40 size_t maxSize); |
|
908
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
41 |
|
990
2949f1842955
(issue90) Add possibility to force cipher suites in bare connection and test for this
Andre Heinecke <andre.heinecke@intevation.de>
parents:
910
diff
changeset
|
42 void setCiphersuites(int ciphers[]); |
|
2949f1842955
(issue90) Add possibility to force cipher suites in bare connection and test for this
Andre Heinecke <andre.heinecke@intevation.de>
parents:
910
diff
changeset
|
43 |
|
908
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
44 private: |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
45 x509_crt mX509PinnedCert; |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
46 entropy_context mEntropy; |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
47 ctr_drbg_context mCtr_drbg; |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
48 ssl_context mSSL; |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
49 ssl_session mSavedSession; |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
50 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
51 /* @brief: Initialize polarssl structures |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
52 * |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
53 * This wraps polarssl initialization functions |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
54 * that can return an error. |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
55 * Sets the error state accordingly. |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
56 * |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
57 * @returns: 0 on success a polarssl error otherwise. |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
58 */ |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
59 int init(); |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
60 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
61 /* @brief Reset the connection. |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
62 * |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
63 * Resets the https connection and does another handshake. |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
64 * |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
65 * @returns: 0 on success a polarssl error or -1 otherwise. */ |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
66 int reset(); |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
67 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
68 /* @brief validates that the certificate matches the pinned one. |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
69 * |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
70 * Checks the peer certificate of mSSL and validates that the |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
71 * certificate matches mPinnedCertificate. |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
72 * |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
73 * @returns: 0 on success a polarssl error or -1 otherwise. */ |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
74 int validateCertificate(); |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
75 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
76 /* @brief disconnects the connection */ |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
77 void disconnect(); |
|
910
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
78 |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
79 /** |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
80 * @brief parses the Headers of a repsonse. |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
81 * |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
82 * This removes the headers from the byte array passed as |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
83 * parameter. |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
84 * |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
85 * @param[inout] data: The response to parse. |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
86 * |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
87 * @returns: A map of the header fields. Or an empty map on error. |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
88 */ |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
89 QMap<QString, QString> parseHeaders(QByteArray *data); |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
90 |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
91 /** @brief write */ |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
92 int write(const QByteArray& request); |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
93 |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
94 /** |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
95 * @brief read at most len bytes and reset the connection |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
96 * |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
97 * @param [in] len Amount of bytes to read. |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
98 * |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
99 * @returns a byte array containing the data or |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
100 * a NULL byte array on error*/ |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
101 QByteArray read(size_t len); |
|
eaed02defe6a
More SSLConnection refactoring. Fixes curl downloader.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
908
diff
changeset
|
102 |
|
908
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
103 }; |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
104 |
|
d1c951b3012d
Curl based implementation of sslconnection
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
105 #endif // UI_SSLCONNECTION_BARE_H |