view ui/sslconnection_bare.h @ 1395:a2574a029322

Fix Base 64 signature size calculation. If the signature byte size is not equally dividable by three the base 64 encoding needs three additional bytes. The value is now fixed to avoid such errors in the future.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 26 Jan 2015 13:17:32 +0100
parents 82fab0c689bf
children
line wrap: on
line source
#ifndef UI_SSLCONNECTION_BARE_H
#define UI_SSLCONNECTION_BARE_H
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */

#include "sslconnection.h"

#include <polarssl/entropy.h>
#include <polarssl/net.h>
#include <polarssl/ssl.h>
#include <polarssl/ctr_drbg.h>
#include <polarssl/error.h>
#include <polarssl/certs.h>

#include <QDateTime>

/**
 * @file sslconnection_bare.h
 * @brief SSLConnection doing bare SSL over PolarSSL
 */
 /** @brief SSLConnection implementation doing bare SSL over PolarSSL
  *
  * This class needs no additional libraries and parses the server responses
  * directly using QT.
  */
class SSLConnectionBare : public SSLConnection
{
public:
    SSLConnectionBare(const QString& url,
            const QByteArray& certificate = QByteArray());

    ~SSLConnectionBare();

    int connect();

    QDateTime getLastModifiedHeader(const QString &resource);

    bool downloadFile(const QString &resource, const QString &filename,
                      size_t maxSize);

    void setCiphersuites(int ciphers[]);

private:
    x509_crt mX509PinnedCert;
    entropy_context mEntropy;
    ctr_drbg_context mCtr_drbg;
    ssl_context mSSL;
    ssl_session mSavedSession;

    /* @brief: Initialize polarssl structures
     *
     * This wraps polarssl initialization functions
     * that can return an error.
     * Sets the error state accordingly.
     *
     * @returns: 0 on success a polarssl error otherwise.
     */
    int init();

    /* @brief Reset the connection.
     *
     * Resets the https connection and does another handshake.
     *
     * @returns: 0 on success a polarssl error or -1 otherwise. */
    int reset();

    /* @brief validates that the certificate matches the pinned one.
     *
     * Checks the peer certificate of mSSL and validates that the
     * certificate matches mPinnedCertificate.
     *
     * @returns: 0 on success a polarssl error or -1 otherwise. */
    int validateCertificate();

    /* @brief disconnects the connection */
    void disconnect();

    /**
     * @brief parses the Headers of a repsonse.
     *
     * This removes the headers from the byte array passed as
     * parameter.
     *
     * @param[in,out] data: The response to parse.
     *
     * @returns: A map of the header fields. Or an empty map on error.
     */
    QMap<QString, QString> parseHeaders(QByteArray *data);

    /** @brief write */
    int write(const QByteArray& request);

    /**
     * @brief read at most len bytes and reset the connection
     *
     * @param [in] len Amount of bytes to read.
     *
     * @returns a byte array containing the data or
     * a NULL byte array on error*/
    QByteArray read(size_t len);

};

#endif // UI_SSLCONNECTION_BARE_H

http://wald.intevation.org/projects/trustbridge/