view ui/sslconnection.h @ 429:f07bc5de2a87

Adminstration: "Add certificate" can now load multiple certificate files.
author Raimund Renkert <rrenkert@intevation.de>
date Thu, 17 Apr 2014 13:22:55 +0200
parents 17e1c8f37d72
children d1c951b3012d
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */
#ifndef SSLCONNECTION_H
#define SSLCONNECTION_H

/**
 * @file sslconnection.h
 * @brief Qt wrapper around polarssl ssl api
 */

#include <QDebug>
#include <QUrl>
#include <QString>
#include <QByteArray>

#include <polarssl/entropy.h>
#include <polarssl/net.h>
#include <polarssl/ssl.h>
#include <polarssl/ctr_drbg.h>
#include <polarssl/error.h>
#include <polarssl/certs.h>

class SSLConnection
{
public:
    enum ErrorCode {
        NoError,
        NoConnection,
        SSLHandshakeFailed,
        InvalidCertificate,
        InvalidPinnedCertificate,
        InvalidResponse,
        ConnectionLost,
        Timeout,
        ErrUnknown
    };

    /**
     * @brief Construct a pinned SSL Connection
     *
     * @param[in] url the Url to connect to
     * @param[in] certificate optional certificate to validate https connection
     */
    SSLConnection(const QString& url,
                  const QByteArray& certificate = QByteArray());

    ~SSLConnection();

    /** @brief write */
    int write(const QByteArray& request);

    /**
     * @brief read at most len bytes and reset the connection
     *
     * @param [in] len Amount of bytes to read.
     *
     * @returns a byte array containing the data or
     * a NULL byte array on error*/
    QByteArray read(size_t len);

    bool initialized() { return mInitialized; }
    bool connected() { return mConnected; }

    ErrorCode getLastError() { return mErrorState; }

    /** @brief: Establish the connection
     *
     * @returns 0 on success otherwise a polarssl error or -1 is returned
     */
    int connect();

private:
    QUrl mUrl;
    QByteArray mPinnedCert;
    x509_crt mX509PinnedCert;
    entropy_context mEntropy;
    ctr_drbg_context mCtr_drbg;
    ssl_context mSSL;
    ssl_session mSavedSession;
    bool mInitialized;
    bool mConnected; /* A connection was established */
    bool mNeedsReset; /* The connection needs to be reset before the next
                         write */
    int mServerFD;
    SSLConnection::ErrorCode mErrorState;
    /* @brief: Initialize polarssl structures
     *
     * This wraps polarssl initialization functions
     * that can return an error.
     * Sets the error state accordingly.
     *
     * @returns: 0 on success a polarssl error otherwise.
     */
    int init();

    /* @brief Reset the connection.
     *
     * Resets the https connection and does another handshake.
     *
     * @returns: 0 on success a polarssl error or -1 otherwise. */
    int reset();

    /* @brief validates that the certificate matches the pinned one.
     *
     * Checks the peer certificate of mSSL and validates that the
     * certificate matches mPinnedCertificate.
     *
     * @returns: 0 on success a polarssl error or -1 otherwise. */
    int validateCertificate();

    /* @brief disconnects the connection */
    void disconnect();
};

#endif

http://wald.intevation.org/projects/trustbridge/