00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00031 #ifndef QCA_SECURELAYER_H
00032 #define QCA_SECURELAYER_H
00033
00034 #include <QObject>
00035 #include "qca_core.h"
00036 #include "qca_publickey.h"
00037 #include "qca_cert.h"
00038
00039 namespace QCA {
00040
00058 enum SecurityLevel
00059 {
00060 SL_None,
00061 SL_Integrity,
00062 SL_Export,
00063 SL_Baseline,
00064 SL_High,
00065 SL_Highest
00066 };
00067
00101 class QCA_EXPORT SecureLayer : public QObject
00102 {
00103 Q_OBJECT
00104 public:
00111 SecureLayer(QObject *parent = 0);
00112
00116 virtual bool isClosable() const;
00117
00122 virtual int bytesAvailable() const = 0;
00123
00128 virtual int bytesOutgoingAvailable() const = 0;
00129
00137 virtual void close();
00138
00144 virtual void write(const QByteArray &a) = 0;
00145
00152 virtual QByteArray read() = 0;
00153
00161 virtual void writeIncoming(const QByteArray &a) = 0;
00162
00170 virtual QByteArray readOutgoing(int *plainBytes = 0) = 0;
00171
00179 virtual QByteArray readUnprocessed();
00180
00184 virtual int convertBytesWritten(qint64 encryptedBytes) = 0;
00185
00186 Q_SIGNALS:
00193 void readyRead();
00194
00201 void readyReadOutgoing();
00202
00207 void closed();
00208
00213 void error();
00214
00215 private:
00216 Q_DISABLE_COPY(SecureLayer)
00217 };
00218
00222 class QCA_EXPORT TLSSession : public Algorithm
00223 {
00224 public:
00225 TLSSession();
00226 TLSSession(const TLSSession &from);
00227 ~TLSSession();
00228 TLSSession & operator=(const TLSSession &from);
00229
00230 bool isNull() const;
00231 };
00232
00253 class QCA_EXPORT TLS : public SecureLayer, public Algorithm
00254 {
00255 Q_OBJECT
00256 public:
00260 enum Mode
00261 {
00262 Stream,
00263 Datagram
00264 };
00265
00269 enum Version
00270 {
00271 TLS_v1,
00272 SSL_v3,
00273 SSL_v2,
00274 DTLS_v1
00275 };
00276
00280 enum Error
00281 {
00282 ErrorSignerExpired,
00283 ErrorSignerInvalid,
00284 ErrorCertKeyMismatch,
00285 ErrorInit,
00286 ErrorHandshake,
00287 ErrorCrypt
00288 };
00289
00293 enum IdentityResult
00294 {
00295 Valid,
00296 HostMismatch,
00297 InvalidCertificate,
00298 NoCertificate
00299 };
00300
00312 explicit TLS(QObject *parent = 0, const QString &provider = QString());
00313
00322 explicit TLS(Mode mode, QObject *parent = 0, const QString &provider = QString());
00323
00327 ~TLS();
00328
00332 void reset();
00333
00348 QStringList supportedCipherSuites(const Version &version = TLS_v1) const;
00349
00363 void setCertificate(const CertificateChain &cert, const PrivateKey &key);
00364
00370 void setCertificate(const KeyBundle &kb);
00371
00375 CertificateCollection trustedCertificates() const;
00376
00388 void setTrustedCertificates(const CertificateCollection &trusted);
00389
00395 void setConstraints(SecurityLevel s);
00396
00405 void setConstraints(int minSSF, int maxSSF);
00406
00417 void setConstraints(const QStringList &cipherSuiteList);
00418
00441 QList<CertificateInfoOrdered> issuerList() const;
00442
00447 void setIssuerList(const QList<CertificateInfoOrdered> &issuers);
00448
00452 void setSession(const TLSSession &session);
00453
00459 bool canCompress() const;
00460
00467 bool canSetHostName() const;
00468
00476 bool compressionEnabled() const;
00477
00484 void setCompressionEnabled(bool b);
00485
00490 QString hostName() const;
00491
00511 void startClient(const QString &host = QString());
00512
00516 void startServer();
00517
00527 void continueAfterStep();
00528
00536 bool isHandshaken() const;
00537
00543 bool isCompressed() const;
00544
00548 Version version() const;
00549
00556 QString cipherSuite() const;
00557
00567 int cipherBits() const;
00568
00575 int cipherMaxBits() const;
00576
00581 TLSSession session() const;
00582
00588 Error errorCode() const;
00589
00607 IdentityResult peerIdentityResult() const;
00608
00617 Validity peerCertificateValidity() const;
00618
00623 CertificateChain localCertificateChain() const;
00624
00629 PrivateKey localPrivateKey() const;
00630
00635 CertificateChain peerCertificateChain() const;
00636
00637
00638 virtual bool isClosable() const;
00639 virtual int bytesAvailable() const;
00640 virtual int bytesOutgoingAvailable() const;
00641 virtual void close();
00642 virtual void write(const QByteArray &a);
00643 virtual QByteArray read();
00644 virtual void writeIncoming(const QByteArray &a);
00645 virtual QByteArray readOutgoing(int *plainBytes = 0);
00646 virtual QByteArray readUnprocessed();
00647 virtual int convertBytesWritten(qint64 encryptedBytes);
00648
00655 int packetsAvailable() const;
00656
00663 int packetsOutgoingAvailable() const;
00664
00670 int packetMTU() const;
00671
00679 void setPacketMTU(int size) const;
00680
00681 Q_SIGNALS:
00693 void hostNameReceived();
00694
00706 void certificateRequested();
00707
00719 void handshaken();
00720
00721 protected:
00722 void connectNotify(const char *signal);
00723 void disconnectNotify(const char *signal);
00724
00725 private:
00726 Q_DISABLE_COPY(TLS)
00727
00728 class Private;
00729 friend class Private;
00730 Private *d;
00731 };
00732
00757 class QCA_EXPORT SASL : public SecureLayer, public Algorithm
00758 {
00759 Q_OBJECT
00760 public:
00764 enum Error
00765 {
00766 ErrorInit,
00767 ErrorHandshake,
00768 ErrorCrypt
00769 };
00770
00774 enum AuthCondition
00775 {
00776 AuthFail,
00777 NoMechanism,
00778 BadProtocol,
00779 BadServer,
00780 BadAuth,
00781 NoAuthzid,
00782 TooWeak,
00783 NeedEncrypt,
00784 Expired,
00785 Disabled,
00786 NoUser,
00787 RemoteUnavailable
00788 };
00789
00793 enum AuthFlags
00794 {
00795 AuthFlagsNone = 0x00,
00796 AllowPlain = 0x01,
00797 AllowAnonymous = 0x02,
00798 RequireForwardSecrecy = 0x04,
00799 RequirePassCredentials = 0x08,
00800 RequireMutualAuth = 0x10,
00801 RequireAuthzidSupport = 0x20
00802 };
00803
00807 enum ClientSendMode
00808 {
00809 AllowClientSendFirst,
00810 DisableClientSendFirst
00811 };
00812
00816 enum ServerSendMode
00817 {
00818 AllowServerSendLast,
00819 DisableServerSendLast
00820 };
00821
00830 class QCA_EXPORT Params
00831 {
00832 public:
00833 Params();
00834
00846 Params(bool user, bool authzid, bool pass, bool realm);
00847
00853 Params(const Params &from);
00854 ~Params();
00855
00861 Params & operator=(const Params &from);
00862
00866 bool needUsername() const;
00867
00871 bool canSendAuthzid() const;
00872
00876 bool needPassword() const;
00877
00881 bool canSendRealm() const;
00882
00883 private:
00884 class Private;
00885 Private *d;
00886 };
00887
00896 SASL(QObject *parent = 0, const QString &provider = QString());
00897 ~SASL();
00898
00902 void reset();
00903
00916 void setConstraints(AuthFlags f, SecurityLevel s = SL_None);
00917
00933 void setConstraints(AuthFlags f, int minSSF, int maxSSF);
00934
00941 void setLocalAddress(const QString &addr, quint16 port);
00942
00949 void setRemoteAddress(const QString &addr, quint16 port);
00950
00956 void setExternalAuthId(const QString &authid);
00957
00964 void setExternalSSF(int strength);
00965
00977 void startClient(const QString &service, const QString &host, const QStringList &mechlist, ClientSendMode mode = AllowClientSendFirst);
00978
00990 void startServer(const QString &service, const QString &host, const QString &realm, ServerSendMode mode = DisableServerSendLast);
00991
00999 void putServerFirstStep(const QString &mech);
01000
01008 void putServerFirstStep(const QString &mech, const QByteArray &clientInit);
01009
01017 void putStep(const QByteArray &stepData);
01018
01022 QString mechanism() const;
01023
01027 QStringList mechanismList() const;
01028
01032 QStringList realmList() const;
01033
01037 int ssf() const;
01038
01042 Error errorCode() const;
01043
01047 AuthCondition authCondition() const;
01048
01054 void setUsername(const QString &user);
01055
01061 void setAuthzid(const QString &auth);
01062
01068 void setPassword(const SecureArray &pass);
01069
01075 void setRealm(const QString &realm);
01076
01080 void continueAfterParams();
01081
01085 void continueAfterAuthCheck();
01086
01087
01088 virtual int bytesAvailable() const;
01089 virtual int bytesOutgoingAvailable() const;
01090 virtual void write(const QByteArray &a);
01091 virtual QByteArray read();
01092 virtual void writeIncoming(const QByteArray &a);
01093 virtual QByteArray readOutgoing(int *plainBytes = 0);
01094 virtual int convertBytesWritten(qint64 encryptedBytes);
01095
01096 Q_SIGNALS:
01101 void clientStarted(bool clientInit, const QByteArray &clientInitData);
01102
01107 void serverStarted();
01108
01116 void nextStep(const QByteArray &stepData);
01117
01125 void needParams(const QCA::SASL::Params ¶ms);
01126
01133 void authCheck(const QString &user, const QString &authzid);
01134
01138 void authenticated();
01139
01140 private:
01141 Q_DISABLE_COPY(SASL)
01142
01143 class Private;
01144 friend class Private;
01145 Private *d;
01146 };
01147
01148 }
01149
01150 #endif