Mercurial > trustbridge
diff ui/sslconnection_bare.h @ 908:d1c951b3012d
Curl based implementation of sslconnection
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Wed, 13 Aug 2014 19:35:08 +0200 |
| parents | |
| children | eaed02defe6a |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/ui/sslconnection_bare.h Wed Aug 13 19:35:08 2014 +0200 @@ -0,0 +1,87 @@ +#ifndef UI_SSLCONNECTION_BARE_H +#define UI_SSLCONNECTION_BARE_H +/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik + * Software engineering by Intevation GmbH + * + * This file is Free Software under the GNU GPL (v>=2) + * and comes with ABSOLUTELY NO WARRANTY! + * See LICENSE.txt for details. + */ + +#include "sslconnection.h" + +#include <polarssl/entropy.h> +#include <polarssl/net.h> +#include <polarssl/ssl.h> +#include <polarssl/ctr_drbg.h> +#include <polarssl/error.h> +#include <polarssl/certs.h> + +/** + * @file sslconnection_bare.h + * @brief SSLConnection doing bare SSL over PolarSSL + * */ + +class SSLConnectionBare : public SSLConnection +{ +public: + SSLConnectionBare(const QString& url, + const QByteArray& certificate = QByteArray()); + + ~SSLConnectionBare(); + + /** @brief write */ + int write(const QByteArray& request); + + /** + * @brief read at most len bytes and reset the connection + * + * @param [in] len Amount of bytes to read. + * + * @returns a byte array containing the data or + * a NULL byte array on error*/ + QByteArray read(size_t len); + + /** @brief: Establish the connection + * + * @returns 0 on success otherwise an error or -1 is returned + */ + int connect(); + +private: + x509_crt mX509PinnedCert; + entropy_context mEntropy; + ctr_drbg_context mCtr_drbg; + ssl_context mSSL; + ssl_session mSavedSession; + + /* @brief: Initialize polarssl structures + * + * This wraps polarssl initialization functions + * that can return an error. + * Sets the error state accordingly. + * + * @returns: 0 on success a polarssl error otherwise. + */ + int init(); + + /* @brief Reset the connection. + * + * Resets the https connection and does another handshake. + * + * @returns: 0 on success a polarssl error or -1 otherwise. */ + int reset(); + + /* @brief validates that the certificate matches the pinned one. + * + * Checks the peer certificate of mSSL and validates that the + * certificate matches mPinnedCertificate. + * + * @returns: 0 on success a polarssl error or -1 otherwise. */ + int validateCertificate(); + + /* @brief disconnects the connection */ + void disconnect(); +}; + +#endif // UI_SSLCONNECTION_BARE_H