view ui/sslconnection_bare.h @ 1070:f110a3f6e387

(issue114) Fine tune ACL propagation using mkdir_p the ACL of the parent directories would propagate to all subdirectories and objects in the directory. Now we only use ACL propagation in the last directory to make sure that files we might create in that directory inherit the correct (resitricted) ACL
author Andre Heinecke <andre.heinecke@intevation.de>
date Wed, 10 Sep 2014 16:41:36 +0200
parents 2949f1842955
children 2a1aa9df8f11
line wrap: on
line source
#ifndef UI_SSLCONNECTION_BARE_H
#define UI_SSLCONNECTION_BARE_H
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */

#include "sslconnection.h"

#include <polarssl/entropy.h>
#include <polarssl/net.h>
#include <polarssl/ssl.h>
#include <polarssl/ctr_drbg.h>
#include <polarssl/error.h>
#include <polarssl/certs.h>

#include <QDateTime>

/**
 * @file sslconnection_bare.h
 * @brief SSLConnection doing bare SSL over PolarSSL
 * */

class SSLConnectionBare : public SSLConnection
{
public:
    SSLConnectionBare(const QString& url,
            const QByteArray& certificate = QByteArray());

    ~SSLConnectionBare();

    int connect();

    QDateTime getLastModifiedHeader(const QString &resource);

    bool downloadFile(const QString &resource, const QString &filename,
                      size_t maxSize);

    void setCiphersuites(int ciphers[]);

private:
    x509_crt mX509PinnedCert;
    entropy_context mEntropy;
    ctr_drbg_context mCtr_drbg;
    ssl_context mSSL;
    ssl_session mSavedSession;

    /* @brief: Initialize polarssl structures
     *
     * This wraps polarssl initialization functions
     * that can return an error.
     * Sets the error state accordingly.
     *
     * @returns: 0 on success a polarssl error otherwise.
     */
    int init();

    /* @brief Reset the connection.
     *
     * Resets the https connection and does another handshake.
     *
     * @returns: 0 on success a polarssl error or -1 otherwise. */
    int reset();

    /* @brief validates that the certificate matches the pinned one.
     *
     * Checks the peer certificate of mSSL and validates that the
     * certificate matches mPinnedCertificate.
     *
     * @returns: 0 on success a polarssl error or -1 otherwise. */
    int validateCertificate();

    /* @brief disconnects the connection */
    void disconnect();

    /**
     * @brief parses the Headers of a repsonse.
     *
     * This removes the headers from the byte array passed as
     * parameter.
     *
     * @param[inout] data: The response to parse.
     *
     * @returns: A map of the header fields. Or an empty map on error.
     */
    QMap<QString, QString> parseHeaders(QByteArray *data);

    /** @brief write */
    int write(const QByteArray& request);

    /**
     * @brief read at most len bytes and reset the connection
     *
     * @param [in] len Amount of bytes to read.
     *
     * @returns a byte array containing the data or
     * a NULL byte array on error*/
    QByteArray read(size_t len);

};

#endif // UI_SSLCONNECTION_BARE_H

http://wald.intevation.org/projects/trustbridge/