00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00031 #ifndef QCA_SECURELAYER_H
00032 #define QCA_SECURELAYER_H
00033
00034 #include <QObject>
00035 #include "qca_core.h"
00036 #include "qca_publickey.h"
00037 #include "qca_cert.h"
00038
00039 namespace QCA {
00040
00058 enum SecurityLevel
00059 {
00060 SL_None,
00061 SL_Integrity,
00062 SL_Export,
00063 SL_Baseline,
00064 SL_High,
00065 SL_Highest
00066 };
00067
00101 class QCA_EXPORT SecureLayer : public QObject
00102 {
00103 Q_OBJECT
00104 public:
00111 SecureLayer(QObject *parent = 0);
00112
00116 virtual bool isClosable() const;
00117
00122 virtual int bytesAvailable() const = 0;
00123
00128 virtual int bytesOutgoingAvailable() const = 0;
00129
00137 virtual void close();
00138
00144 virtual void write(const QByteArray &a) = 0;
00145
00152 virtual QByteArray read() = 0;
00153
00161 virtual void writeIncoming(const QByteArray &a) = 0;
00162
00170 virtual QByteArray readOutgoing(int *plainBytes = 0) = 0;
00171
00179 virtual QByteArray readUnprocessed();
00180
00184 virtual int convertBytesWritten(qint64 encryptedBytes) = 0;
00185
00186 Q_SIGNALS:
00193 void readyRead();
00194
00201 void readyReadOutgoing();
00202
00207 void closed();
00208
00213 void error();
00214
00215 private:
00216 Q_DISABLE_COPY(SecureLayer)
00217 };
00218
00222 class QCA_EXPORT TLSSession : public Algorithm
00223 {
00224 public:
00225 TLSSession();
00226 TLSSession(const TLSSession &from);
00227 ~TLSSession();
00228 TLSSession & operator=(const TLSSession &from);
00229
00230 bool isNull() const;
00231 };
00232
00253 class QCA_EXPORT TLS : public SecureLayer, public Algorithm
00254 {
00255 Q_OBJECT
00256 public:
00260 enum Mode
00261 {
00262 Stream,
00263 Datagram
00264 };
00265
00269 enum Version
00270 {
00271 TLS_v1,
00272 SSL_v3,
00273 SSL_v2,
00274 DTLS_v1
00275 };
00276
00280 enum Error
00281 {
00282 ErrorSignerExpired,
00283 ErrorSignerInvalid,
00284 ErrorCertKeyMismatch,
00285 ErrorInit,
00286 ErrorHandshake,
00287 ErrorCrypt
00288 };
00289
00293 enum IdentityResult
00294 {
00295 Valid,
00296 HostMismatch,
00297 InvalidCertificate,
00298 NoCertificate
00299 };
00300
00312 explicit TLS(QObject *parent = 0, const QString &provider = QString());
00313
00322 explicit TLS(Mode mode, QObject *parent = 0, const QString &provider = QString());
00323
00327 ~TLS();
00328
00332 void reset();
00333
00348 QStringList supportedCipherSuites(const Version &version = TLS_v1) const;
00349
00363 void setCertificate(const CertificateChain &cert, const PrivateKey &key);
00364
00370 void setCertificate(const KeyBundle &kb);
00371
00375 CertificateCollection trustedCertificates() const;
00376
00388 void setTrustedCertificates(const CertificateCollection &trusted);
00389
00395 void setConstraints(SecurityLevel s);
00396
00405 void setConstraints(int minSSF, int maxSSF);
00406
00417 void setConstraints(const QStringList &cipherSuiteList);
00418
00441 QList<CertificateInfoOrdered> issuerList() const;
00442
00447 void setIssuerList(const QList<CertificateInfoOrdered> &issuers);
00448
00452 void setSession(const TLSSession &session);
00453
00459 bool canCompress() const;
00460
00467 bool canSetHostName() const;
00468
00476 bool compressionEnabled() const;
00477
00484 void setCompressionEnabled(bool b);
00485
00490 QString hostName() const;
00491
00511 void startClient(const QString &host = QString());
00512
00516 void startServer();
00517
00527 void continueAfterStep();
00528
00536 bool isHandshaken() const;
00537
00543 bool isCompressed() const;
00544
00548 Version version() const;
00549
00556 QString cipherSuite() const;
00557
00567 int cipherBits() const;
00568
00575 int cipherMaxBits() const;
00576
00581 TLSSession session() const;
00582
00588 Error errorCode() const;
00589
00607 IdentityResult peerIdentityResult() const;
00608
00617 Validity peerCertificateValidity() const;
00618
00623 CertificateChain localCertificateChain() const;
00624
00629 PrivateKey localPrivateKey() const;
00630
00635 CertificateChain peerCertificateChain() const;
00636
00637
00638 virtual bool isClosable() const;
00639 virtual int bytesAvailable() const;
00640 virtual int bytesOutgoingAvailable() const;
00641 virtual void close();
00642 virtual void write(const QByteArray &a);
00643 virtual QByteArray read();
00644 virtual void writeIncoming(const QByteArray &a);
00645 virtual QByteArray readOutgoing(int *plainBytes = 0);
00646 virtual QByteArray readUnprocessed();
00647 virtual int convertBytesWritten(qint64 encryptedBytes);
00648
00655 int packetsAvailable() const;
00656
00663 int packetsOutgoingAvailable() const;
00664
00670 int packetMTU() const;
00671
00679 void setPacketMTU(int size) const;
00680
00681 Q_SIGNALS:
00693 void hostNameReceived();
00694
00706 void certificateRequested();
00707
00718 void peerCertificateAvailable();
00719
00731 void handshaken();
00732
00733 protected:
00734 void connectNotify(const char *signal);
00735 void disconnectNotify(const char *signal);
00736
00737 private:
00738 Q_DISABLE_COPY(TLS)
00739
00740 class Private;
00741 friend class Private;
00742 Private *d;
00743 };
00744
00769 class QCA_EXPORT SASL : public SecureLayer, public Algorithm
00770 {
00771 Q_OBJECT
00772 public:
00776 enum Error
00777 {
00778 ErrorInit,
00779 ErrorHandshake,
00780 ErrorCrypt
00781 };
00782
00786 enum AuthCondition
00787 {
00788 AuthFail,
00789 NoMechanism,
00790 BadProtocol,
00791 BadServer,
00792 BadAuth,
00793 NoAuthzid,
00794 TooWeak,
00795 NeedEncrypt,
00796 Expired,
00797 Disabled,
00798 NoUser,
00799 RemoteUnavailable
00800 };
00801
00805 enum AuthFlags
00806 {
00807 AuthFlagsNone = 0x00,
00808 AllowPlain = 0x01,
00809 AllowAnonymous = 0x02,
00810 RequireForwardSecrecy = 0x04,
00811 RequirePassCredentials = 0x08,
00812 RequireMutualAuth = 0x10,
00813 RequireAuthzidSupport = 0x20
00814 };
00815
00819 enum ClientSendMode
00820 {
00821 AllowClientSendFirst,
00822 DisableClientSendFirst
00823 };
00824
00828 enum ServerSendMode
00829 {
00830 AllowServerSendLast,
00831 DisableServerSendLast
00832 };
00833
00842 class QCA_EXPORT Params
00843 {
00844 public:
00845 Params();
00846
00858 Params(bool user, bool authzid, bool pass, bool realm);
00859
00865 Params(const Params &from);
00866 ~Params();
00867
00873 Params & operator=(const Params &from);
00874
00878 bool needUsername() const;
00879
00883 bool canSendAuthzid() const;
00884
00888 bool needPassword() const;
00889
00893 bool canSendRealm() const;
00894
00895 private:
00896 class Private;
00897 Private *d;
00898 };
00899
00908 SASL(QObject *parent = 0, const QString &provider = QString());
00909 ~SASL();
00910
00914 void reset();
00915
00928 void setConstraints(AuthFlags f, SecurityLevel s = SL_None);
00929
00945 void setConstraints(AuthFlags f, int minSSF, int maxSSF);
00946
00953 void setLocalAddress(const QString &addr, quint16 port);
00954
00961 void setRemoteAddress(const QString &addr, quint16 port);
00962
00968 void setExternalAuthId(const QString &authid);
00969
00976 void setExternalSSF(int strength);
00977
00989 void startClient(const QString &service, const QString &host, const QStringList &mechlist, ClientSendMode mode = AllowClientSendFirst);
00990
01002 void startServer(const QString &service, const QString &host, const QString &realm, ServerSendMode mode = DisableServerSendLast);
01003
01011 void putServerFirstStep(const QString &mech);
01012
01020 void putServerFirstStep(const QString &mech, const QByteArray &clientInit);
01021
01029 void putStep(const QByteArray &stepData);
01030
01034 QString mechanism() const;
01035
01039 QStringList mechanismList() const;
01040
01044 QStringList realmList() const;
01045
01049 int ssf() const;
01050
01054 Error errorCode() const;
01055
01059 AuthCondition authCondition() const;
01060
01066 void setUsername(const QString &user);
01067
01073 void setAuthzid(const QString &auth);
01074
01080 void setPassword(const SecureArray &pass);
01081
01087 void setRealm(const QString &realm);
01088
01092 void continueAfterParams();
01093
01097 void continueAfterAuthCheck();
01098
01099
01100 virtual int bytesAvailable() const;
01101 virtual int bytesOutgoingAvailable() const;
01102 virtual void write(const QByteArray &a);
01103 virtual QByteArray read();
01104 virtual void writeIncoming(const QByteArray &a);
01105 virtual QByteArray readOutgoing(int *plainBytes = 0);
01106 virtual int convertBytesWritten(qint64 encryptedBytes);
01107
01108 Q_SIGNALS:
01113 void clientStarted(bool clientInit, const QByteArray &clientInitData);
01114
01119 void serverStarted();
01120
01128 void nextStep(const QByteArray &stepData);
01129
01137 void needParams(const QCA::SASL::Params ¶ms);
01138
01145 void authCheck(const QString &user, const QString &authzid);
01146
01150 void authenticated();
01151
01152 private:
01153 Q_DISABLE_COPY(SASL)
01154
01155 class Private;
01156 friend class Private;
01157 Private *d;
01158 };
01159
01160 }
01161
01162 #endif