view ui/sslconnection_bare.h @ 1388:6ca035ea02ca

Added tag 0.9.8 for changeset c64b6c56ce96
author Andre Heinecke <andre.heinecke@intevation.de>
date Thu, 15 Jan 2015 16:48:54 +0100
parents 82fab0c689bf
children
line wrap: on
line source
#ifndef UI_SSLCONNECTION_BARE_H
#define UI_SSLCONNECTION_BARE_H
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */

#include "sslconnection.h"

#include <polarssl/entropy.h>
#include <polarssl/net.h>
#include <polarssl/ssl.h>
#include <polarssl/ctr_drbg.h>
#include <polarssl/error.h>
#include <polarssl/certs.h>

#include <QDateTime>

/**
 * @file sslconnection_bare.h
 * @brief SSLConnection doing bare SSL over PolarSSL
 */
 /** @brief SSLConnection implementation doing bare SSL over PolarSSL
  *
  * This class needs no additional libraries and parses the server responses
  * directly using QT.
  */
class SSLConnectionBare : public SSLConnection
{
public:
    SSLConnectionBare(const QString& url,
            const QByteArray& certificate = QByteArray());

    ~SSLConnectionBare();

    int connect();

    QDateTime getLastModifiedHeader(const QString &resource);

    bool downloadFile(const QString &resource, const QString &filename,
                      size_t maxSize);

    void setCiphersuites(int ciphers[]);

private:
    x509_crt mX509PinnedCert;
    entropy_context mEntropy;
    ctr_drbg_context mCtr_drbg;
    ssl_context mSSL;
    ssl_session mSavedSession;

    /* @brief: Initialize polarssl structures
     *
     * This wraps polarssl initialization functions
     * that can return an error.
     * Sets the error state accordingly.
     *
     * @returns: 0 on success a polarssl error otherwise.
     */
    int init();

    /* @brief Reset the connection.
     *
     * Resets the https connection and does another handshake.
     *
     * @returns: 0 on success a polarssl error or -1 otherwise. */
    int reset();

    /* @brief validates that the certificate matches the pinned one.
     *
     * Checks the peer certificate of mSSL and validates that the
     * certificate matches mPinnedCertificate.
     *
     * @returns: 0 on success a polarssl error or -1 otherwise. */
    int validateCertificate();

    /* @brief disconnects the connection */
    void disconnect();

    /**
     * @brief parses the Headers of a repsonse.
     *
     * This removes the headers from the byte array passed as
     * parameter.
     *
     * @param[in,out] data: The response to parse.
     *
     * @returns: A map of the header fields. Or an empty map on error.
     */
    QMap<QString, QString> parseHeaders(QByteArray *data);

    /** @brief write */
    int write(const QByteArray& request);

    /**
     * @brief read at most len bytes and reset the connection
     *
     * @param [in] len Amount of bytes to read.
     *
     * @returns a byte array containing the data or
     * a NULL byte array on error*/
    QByteArray read(size_t len);

};

#endif // UI_SSLCONNECTION_BARE_H

http://wald.intevation.org/projects/trustbridge/