Mercurial > trustbridge

view ui/sslconnection.h @ 214:aab742690bee

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix check for selected items and wait for bytes written. According to the documentation closing the write channel should suffice. But in testing it did not sent over everything.
author Andre Heinecke <andre.heinecke@intevation.de>
date Wed, 26 Mar 2014 17:17:19 +0100
parents d28e2624c1d5
children 17e1c8f37d72
line wrap: on
line source
#ifndef SSLCONNECTION_H
#define SSLCONNECTION_H

/**
 * @file sslconnection.h
 * @brief Qt wrapper around polarssl ssl api
 */

#include <QDebug>
#include <QUrl>
#include <QString>
#include <QByteArray>

#include <polarssl/entropy.h>
#include <polarssl/net.h>
#include <polarssl/ssl.h>
#include <polarssl/ctr_drbg.h>
#include <polarssl/error.h>
#include <polarssl/certs.h>

class SSLConnection
{
public:
    enum ErrorCode {
        NoError,
        NoConnection,
        SSLHandshakeFailed,
        InvalidCertificate,
        InvalidPinnedCertificate,
        InvalidResponse,
        ConnectionLost,
        Timeout,
        ErrUnknown
    };

    /**
     * @brief Construct a pinned SSL Connection
     *
     * @param[in] url the Url to connect to
     * @param[in] certificate optional certificate to validate https connection
     */
    SSLConnection(const QString& url,
                  const QByteArray& certificate = QByteArray());

    ~SSLConnection();

    /** @brief write */
    int write(const QByteArray& request);

    /**
     * @brief read at most len bytes and reset the connection
     *
     * @param [in] len Amount of bytes to read.
     *
     * @returns a byte array containing the data or
     * a NULL byte array on error*/
    QByteArray read(size_t len);

    bool initialized() { return mInitialized; }
    bool connected() { return mConnected; }

    ErrorCode getLastError() { return mErrorState; }

    /** @brief: Establish the connection
     *
     * @returns 0 on success otherwise a polarssl error or -1 is returned
     */
    int connect();

private:
    QUrl mUrl;
    QByteArray mPinnedCert;
    x509_crt mX509PinnedCert;
    entropy_context mEntropy;
    ctr_drbg_context mCtr_drbg;
    ssl_context mSSL;
    ssl_session mSavedSession;
    bool mInitialized;
    bool mConnected; /* A connection was established */
    bool mNeedsReset; /* The connection needs to be reset before the next
                         write */
    int mServerFD;
    SSLConnection::ErrorCode mErrorState;
    /* @brief: Initialize polarssl structures
     *
     * This wraps polarssl initialization functions
     * that can return an error.
     * Sets the error state accordingly.
     *
     * @returns: 0 on success a polarssl error otherwise.
     */
    int init();

    /* @brief Reset the connection.
     *
     * Resets the https connection and does another handshake.
     *
     * @returns: 0 on success a polarssl error or -1 otherwise. */
    int reset();

    /* @brief validates that the certificate matches the pinned one.
     *
     * Checks the peer certificate of mSSL and validates that the
     * certificate matches mPinnedCertificate.
     *
     * @returns: 0 on success a polarssl error or -1 otherwise. */
    int validateCertificate();

    /* @brief disconnects the connection */
    void disconnect();
};

#endif
http://wald.intevation.org/projects/trustbridge/