Mercurial > trustbridge

view ui/sslconnection_bare.h @ 975:b3695a3399de

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
(issue86) Install into default directories on Linux If the mozilla process is now started as root it will try to write into the default directories for NSS Shared and mozilla / thunderbird profiles. Cinst will now start the mozilla process once as root.
author Andre Heinecke <andre.heinecke@intevation.de>
date Fri, 29 Aug 2014 12:59:44 +0200
parents eaed02defe6a
children 2949f1842955
line wrap: on
line source
#ifndef UI_SSLCONNECTION_BARE_H
#define UI_SSLCONNECTION_BARE_H
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */

#include "sslconnection.h"

#include <polarssl/entropy.h>
#include <polarssl/net.h>
#include <polarssl/ssl.h>
#include <polarssl/ctr_drbg.h>
#include <polarssl/error.h>
#include <polarssl/certs.h>

#include <QDateTime>

/**
 * @file sslconnection_bare.h
 * @brief SSLConnection doing bare SSL over PolarSSL
 * */

class SSLConnectionBare : public SSLConnection
{
public:
    SSLConnectionBare(const QString& url,
            const QByteArray& certificate = QByteArray());

    ~SSLConnectionBare();

    int connect();

    QDateTime getLastModifiedHeader(const QString &resource);

    bool downloadFile(const QString &resource, const QString &filename,
                      size_t maxSize);

private:
    x509_crt mX509PinnedCert;
    entropy_context mEntropy;
    ctr_drbg_context mCtr_drbg;
    ssl_context mSSL;
    ssl_session mSavedSession;

    /* @brief: Initialize polarssl structures
     *
     * This wraps polarssl initialization functions
     * that can return an error.
     * Sets the error state accordingly.
     *
     * @returns: 0 on success a polarssl error otherwise.
     */
    int init();

    /* @brief Reset the connection.
     *
     * Resets the https connection and does another handshake.
     *
     * @returns: 0 on success a polarssl error or -1 otherwise. */
    int reset();

    /* @brief validates that the certificate matches the pinned one.
     *
     * Checks the peer certificate of mSSL and validates that the
     * certificate matches mPinnedCertificate.
     *
     * @returns: 0 on success a polarssl error or -1 otherwise. */
    int validateCertificate();

    /* @brief disconnects the connection */
    void disconnect();

    /**
     * @brief parses the Headers of a repsonse.
     *
     * This removes the headers from the byte array passed as
     * parameter.
     *
     * @param[inout] data: The response to parse.
     *
     * @returns: A map of the header fields. Or an empty map on error.
     */
    QMap<QString, QString> parseHeaders(QByteArray *data);

    /** @brief write */
    int write(const QByteArray& request);

    /**
     * @brief read at most len bytes and reset the connection
     *
     * @param [in] len Amount of bytes to read.
     *
     * @returns a byte array containing the data or
     * a NULL byte array on error*/
    QByteArray read(size_t len);

};

#endif // UI_SSLCONNECTION_BARE_H
http://wald.intevation.org/projects/trustbridge/