Mercurial > trustbridge
view ui/sslconnection.h @ 502:e551de11d8b6
Properly handle the case that the file does not exist.
TRUNCATE makes create file fail if the file does not exist
but we need TRUNCATE in the case that the file already exists
author | Andre Heinecke <aheinecke@intevation.de> |
---|---|
date | Mon, 28 Apr 2014 09:18:07 +0000 |
parents | 17e1c8f37d72 |
children | d1c951b3012d |
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik * Software engineering by Intevation GmbH * * This file is Free Software under the GNU GPL (v>=2) * and comes with ABSOLUTELY NO WARRANTY! * See LICENSE.txt for details. */ #ifndef SSLCONNECTION_H #define SSLCONNECTION_H /** * @file sslconnection.h * @brief Qt wrapper around polarssl ssl api */ #include <QDebug> #include <QUrl> #include <QString> #include <QByteArray> #include <polarssl/entropy.h> #include <polarssl/net.h> #include <polarssl/ssl.h> #include <polarssl/ctr_drbg.h> #include <polarssl/error.h> #include <polarssl/certs.h> class SSLConnection { public: enum ErrorCode { NoError, NoConnection, SSLHandshakeFailed, InvalidCertificate, InvalidPinnedCertificate, InvalidResponse, ConnectionLost, Timeout, ErrUnknown }; /** * @brief Construct a pinned SSL Connection * * @param[in] url the Url to connect to * @param[in] certificate optional certificate to validate https connection */ SSLConnection(const QString& url, const QByteArray& certificate = QByteArray()); ~SSLConnection(); /** @brief write */ int write(const QByteArray& request); /** * @brief read at most len bytes and reset the connection * * @param [in] len Amount of bytes to read. * * @returns a byte array containing the data or * a NULL byte array on error*/ QByteArray read(size_t len); bool initialized() { return mInitialized; } bool connected() { return mConnected; } ErrorCode getLastError() { return mErrorState; } /** @brief: Establish the connection * * @returns 0 on success otherwise a polarssl error or -1 is returned */ int connect(); private: QUrl mUrl; QByteArray mPinnedCert; x509_crt mX509PinnedCert; entropy_context mEntropy; ctr_drbg_context mCtr_drbg; ssl_context mSSL; ssl_session mSavedSession; bool mInitialized; bool mConnected; /* A connection was established */ bool mNeedsReset; /* The connection needs to be reset before the next write */ int mServerFD; SSLConnection::ErrorCode mErrorState; /* @brief: Initialize polarssl structures * * This wraps polarssl initialization functions * that can return an error. * Sets the error state accordingly. * * @returns: 0 on success a polarssl error otherwise. */ int init(); /* @brief Reset the connection. * * Resets the https connection and does another handshake. * * @returns: 0 on success a polarssl error or -1 otherwise. */ int reset(); /* @brief validates that the certificate matches the pinned one. * * Checks the peer certificate of mSSL and validates that the * certificate matches mPinnedCertificate. * * @returns: 0 on success a polarssl error or -1 otherwise. */ int validateCertificate(); /* @brief disconnects the connection */ void disconnect(); }; #endif