Mercurial > trustbridge

view ui/sslconnection_bare.h @ 1119:5349e2354c48

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
(issue54) Merge branch runafterinstall There is now an NSIS Plugin that executes the Software after installation using COM in the shell of the current user. With the way over the shell there is no inheritance / token management required. As it is impossible to drop all privileges of a token granted by UAC and still be able to reelevate the Token again with another RunAs call later this round trip over the Shell was necessary.
author Andre Heinecke <andre.heinecke@intevation.de>
date Tue, 16 Sep 2014 19:48:22 +0200
parents 2949f1842955
children 2a1aa9df8f11
line wrap: on
line source
#ifndef UI_SSLCONNECTION_BARE_H
#define UI_SSLCONNECTION_BARE_H
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */

#include "sslconnection.h"

#include <polarssl/entropy.h>
#include <polarssl/net.h>
#include <polarssl/ssl.h>
#include <polarssl/ctr_drbg.h>
#include <polarssl/error.h>
#include <polarssl/certs.h>

#include <QDateTime>

/**
 * @file sslconnection_bare.h
 * @brief SSLConnection doing bare SSL over PolarSSL
 * */

class SSLConnectionBare : public SSLConnection
{
public:
    SSLConnectionBare(const QString& url,
            const QByteArray& certificate = QByteArray());

    ~SSLConnectionBare();

    int connect();

    QDateTime getLastModifiedHeader(const QString &resource);

    bool downloadFile(const QString &resource, const QString &filename,
                      size_t maxSize);

    void setCiphersuites(int ciphers[]);

private:
    x509_crt mX509PinnedCert;
    entropy_context mEntropy;
    ctr_drbg_context mCtr_drbg;
    ssl_context mSSL;
    ssl_session mSavedSession;

    /* @brief: Initialize polarssl structures
     *
     * This wraps polarssl initialization functions
     * that can return an error.
     * Sets the error state accordingly.
     *
     * @returns: 0 on success a polarssl error otherwise.
     */
    int init();

    /* @brief Reset the connection.
     *
     * Resets the https connection and does another handshake.
     *
     * @returns: 0 on success a polarssl error or -1 otherwise. */
    int reset();

    /* @brief validates that the certificate matches the pinned one.
     *
     * Checks the peer certificate of mSSL and validates that the
     * certificate matches mPinnedCertificate.
     *
     * @returns: 0 on success a polarssl error or -1 otherwise. */
    int validateCertificate();

    /* @brief disconnects the connection */
    void disconnect();

    /**
     * @brief parses the Headers of a repsonse.
     *
     * This removes the headers from the byte array passed as
     * parameter.
     *
     * @param[inout] data: The response to parse.
     *
     * @returns: A map of the header fields. Or an empty map on error.
     */
    QMap<QString, QString> parseHeaders(QByteArray *data);

    /** @brief write */
    int write(const QByteArray& request);

    /**
     * @brief read at most len bytes and reset the connection
     *
     * @param [in] len Amount of bytes to read.
     *
     * @returns a byte array containing the data or
     * a NULL byte array on error*/
    QByteArray read(size_t len);

};

#endif // UI_SSLCONNECTION_BARE_H
http://wald.intevation.org/projects/trustbridge/