00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00032 #ifndef QCA_SECURELAYER_H
00033 #define QCA_SECURELAYER_H
00034
00035 #include <QObject>
00036 #include "qca_core.h"
00037 #include "qca_publickey.h"
00038 #include "qca_cert.h"
00039
00040 namespace QCA {
00041
00059 enum SecurityLevel
00060 {
00061 SL_None,
00062 SL_Integrity,
00063 SL_Export,
00064 SL_Baseline,
00065 SL_High,
00066 SL_Highest
00067 };
00068
00104 class QCA_EXPORT SecureLayer : public QObject
00105 {
00106 Q_OBJECT
00107 public:
00114 SecureLayer(QObject *parent = 0);
00115
00119 virtual bool isClosable() const;
00120
00125 virtual int bytesAvailable() const = 0;
00126
00131 virtual int bytesOutgoingAvailable() const = 0;
00132
00140 virtual void close();
00141
00149 virtual void write(const QByteArray &a) = 0;
00150
00157 virtual QByteArray read() = 0;
00158
00168 virtual void writeIncoming(const QByteArray &a) = 0;
00169
00179 virtual QByteArray readOutgoing(int *plainBytes = 0) = 0;
00180
00188 virtual QByteArray readUnprocessed();
00189
00195 virtual int convertBytesWritten(qint64 encryptedBytes) = 0;
00196
00197 Q_SIGNALS:
00204 void readyRead();
00205
00212 void readyReadOutgoing();
00213
00218 void closed();
00219
00224 void error();
00225
00226 private:
00227 Q_DISABLE_COPY(SecureLayer)
00228 };
00229
00238 class QCA_EXPORT TLSSession : public Algorithm
00239 {
00240 public:
00241 TLSSession();
00242
00248 TLSSession(const TLSSession &from);
00249
00250 ~TLSSession();
00251
00257 TLSSession & operator=(const TLSSession &from);
00258
00262 bool isNull() const;
00263 };
00264
00289 class QCA_EXPORT TLS : public SecureLayer, public Algorithm
00290 {
00291 Q_OBJECT
00292 public:
00296 enum Mode
00297 {
00298 Stream,
00299 Datagram
00300 };
00301
00305 enum Version
00306 {
00307 TLS_v1,
00308 SSL_v3,
00309 SSL_v2,
00310 DTLS_v1
00311 };
00312
00316 enum Error
00317 {
00318 ErrorSignerExpired,
00319 ErrorSignerInvalid,
00320 ErrorCertKeyMismatch,
00321 ErrorInit,
00322 ErrorHandshake,
00323 ErrorCrypt
00324 };
00325
00329 enum IdentityResult
00330 {
00331 Valid,
00332 HostMismatch,
00333 InvalidCertificate,
00334 NoCertificate
00335 };
00336
00348 explicit TLS(QObject *parent = 0, const QString &provider = QString());
00349
00361 explicit TLS(Mode mode, QObject *parent = 0, const QString &provider = QString());
00362
00366 ~TLS();
00367
00371 void reset();
00372
00387 QStringList supportedCipherSuites(const Version &version = TLS_v1) const;
00388
00402 void setCertificate(const CertificateChain &cert, const PrivateKey &key);
00403
00412 void setCertificate(const KeyBundle &kb);
00413
00417 CertificateCollection trustedCertificates() const;
00418
00430 void setTrustedCertificates(const CertificateCollection &trusted);
00431
00437 void setConstraints(SecurityLevel s);
00438
00447 void setConstraints(int minSSF, int maxSSF);
00448
00459 void setConstraints(const QStringList &cipherSuiteList);
00460
00483 QList<CertificateInfoOrdered> issuerList() const;
00484
00491 void setIssuerList(const QList<CertificateInfoOrdered> &issuers);
00492
00498 void setSession(const TLSSession &session);
00499
00505 bool canCompress() const;
00506
00513 bool canSetHostName() const;
00514
00522 bool compressionEnabled() const;
00523
00530 void setCompressionEnabled(bool b);
00531
00536 QString hostName() const;
00537
00557 void startClient(const QString &host = QString());
00558
00562 void startServer();
00563
00573 void continueAfterStep();
00574
00582 bool isHandshaken() const;
00583
00589 bool isCompressed() const;
00590
00594 Version version() const;
00595
00602 QString cipherSuite() const;
00603
00613 int cipherBits() const;
00614
00621 int cipherMaxBits() const;
00622
00627 TLSSession session() const;
00628
00634 Error errorCode() const;
00635
00653 IdentityResult peerIdentityResult() const;
00654
00663 Validity peerCertificateValidity() const;
00664
00669 CertificateChain localCertificateChain() const;
00670
00675 PrivateKey localPrivateKey() const;
00676
00681 CertificateChain peerCertificateChain() const;
00682
00683
00684 virtual bool isClosable() const;
00685 virtual int bytesAvailable() const;
00686 virtual int bytesOutgoingAvailable() const;
00687 virtual void close();
00688 virtual void write(const QByteArray &a);
00689 virtual QByteArray read();
00690 virtual void writeIncoming(const QByteArray &a);
00691 virtual QByteArray readOutgoing(int *plainBytes = 0);
00692 virtual QByteArray readUnprocessed();
00693 virtual int convertBytesWritten(qint64 encryptedBytes);
00694
00701 int packetsAvailable() const;
00702
00709 int packetsOutgoingAvailable() const;
00710
00716 int packetMTU() const;
00717
00725 void setPacketMTU(int size) const;
00726
00727 Q_SIGNALS:
00739 void hostNameReceived();
00740
00752 void certificateRequested();
00753
00764 void peerCertificateAvailable();
00765
00777 void handshaken();
00778
00779 protected:
00786 void connectNotify(const char *signal);
00787
00794 void disconnectNotify(const char *signal);
00795
00796 private:
00797 Q_DISABLE_COPY(TLS)
00798
00799 class Private;
00800 friend class Private;
00801 Private *d;
00802 };
00803
00831 class QCA_EXPORT SASL : public SecureLayer, public Algorithm
00832 {
00833 Q_OBJECT
00834 public:
00838 enum Error
00839 {
00840 ErrorInit,
00841 ErrorHandshake,
00842 ErrorCrypt
00843 };
00844
00848 enum AuthCondition
00849 {
00850 AuthFail,
00851 NoMechanism,
00852 BadProtocol,
00853 BadServer,
00854 BadAuth,
00855 NoAuthzid,
00856 TooWeak,
00857 NeedEncrypt,
00858 Expired,
00859 Disabled,
00860 NoUser,
00861 RemoteUnavailable
00862 };
00863
00867 enum AuthFlags
00868 {
00869 AuthFlagsNone = 0x00,
00870 AllowPlain = 0x01,
00871 AllowAnonymous = 0x02,
00872 RequireForwardSecrecy = 0x04,
00873 RequirePassCredentials = 0x08,
00874 RequireMutualAuth = 0x10,
00875 RequireAuthzidSupport = 0x20
00876 };
00877
00881 enum ClientSendMode
00882 {
00883 AllowClientSendFirst,
00884 DisableClientSendFirst
00885 };
00886
00890 enum ServerSendMode
00891 {
00892 AllowServerSendLast,
00893 DisableServerSendLast
00894 };
00895
00906 class QCA_EXPORT Params
00907 {
00908 public:
00909 Params();
00910
00922 Params(bool user, bool authzid, bool pass, bool realm);
00923
00929 Params(const Params &from);
00930 ~Params();
00931
00937 Params & operator=(const Params &from);
00938
00942 bool needUsername() const;
00943
00947 bool canSendAuthzid() const;
00948
00952 bool needPassword() const;
00953
00957 bool canSendRealm() const;
00958
00959 private:
00960 class Private;
00961 Private *d;
00962 };
00963
00972 explicit SASL(QObject *parent = 0, const QString &provider = QString());
00973
00974 ~SASL();
00975
00979 void reset();
00980
00993 void setConstraints(AuthFlags f, SecurityLevel s = SL_None);
00994
01010 void setConstraints(AuthFlags f, int minSSF, int maxSSF);
01011
01018 void setLocalAddress(const QString &addr, quint16 port);
01019
01026 void setRemoteAddress(const QString &addr, quint16 port);
01027
01033 void setExternalAuthId(const QString &authid);
01034
01041 void setExternalSSF(int strength);
01042
01054 void startClient(const QString &service, const QString &host, const QStringList &mechlist, ClientSendMode mode = AllowClientSendFirst);
01055
01067 void startServer(const QString &service, const QString &host, const QString &realm, ServerSendMode mode = DisableServerSendLast);
01068
01078 void putServerFirstStep(const QString &mech);
01079
01090 void putServerFirstStep(const QString &mech, const QByteArray &clientInit);
01091
01101 void putStep(const QByteArray &stepData);
01102
01106 QString mechanism() const;
01107
01111 QStringList mechanismList() const;
01112
01116 QStringList realmList() const;
01117
01121 int ssf() const;
01122
01126 Error errorCode() const;
01127
01131 AuthCondition authCondition() const;
01132
01138 void setUsername(const QString &user);
01139
01145 void setAuthzid(const QString &auth);
01146
01152 void setPassword(const SecureArray &pass);
01153
01159 void setRealm(const QString &realm);
01160
01164 void continueAfterParams();
01165
01169 void continueAfterAuthCheck();
01170
01171
01172 virtual int bytesAvailable() const;
01173 virtual int bytesOutgoingAvailable() const;
01174 virtual void write(const QByteArray &a);
01175 virtual QByteArray read();
01176 virtual void writeIncoming(const QByteArray &a);
01177 virtual QByteArray readOutgoing(int *plainBytes = 0);
01178 virtual int convertBytesWritten(qint64 encryptedBytes);
01179
01180 Q_SIGNALS:
01193 void clientStarted(bool clientInit, const QByteArray &clientInitData);
01194
01199 void serverStarted();
01200
01208 void nextStep(const QByteArray &stepData);
01209
01220 void needParams(const QCA::SASL::Params ¶ms);
01221
01231 void authCheck(const QString &user, const QString &authzid);
01232
01236 void authenticated();
01237
01238 private:
01239 Q_DISABLE_COPY(SASL)
01240
01241 class Private;
01242 friend class Private;
01243 Private *d;
01244 };
01245
01246 }
01247
01248 #endif