00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00031 #ifndef QCA_SECURELAYER_H
00032 #define QCA_SECURELAYER_H
00033
00034 #include <QObject>
00035 #include "qca_core.h"
00036 #include "qca_publickey.h"
00037 #include "qca_cert.h"
00038
00039 namespace QCA {
00040
00058 enum SecurityLevel
00059 {
00060 SL_None,
00061 SL_Integrity,
00062 SL_Export,
00063 SL_Baseline,
00064 SL_High,
00065 SL_Highest
00066 };
00067
00103 class QCA_EXPORT SecureLayer : public QObject
00104 {
00105 Q_OBJECT
00106 public:
00113 SecureLayer(QObject *parent = 0);
00114
00118 virtual bool isClosable() const;
00119
00124 virtual int bytesAvailable() const = 0;
00125
00130 virtual int bytesOutgoingAvailable() const = 0;
00131
00139 virtual void close();
00140
00148 virtual void write(const QByteArray &a) = 0;
00149
00156 virtual QByteArray read() = 0;
00157
00167 virtual void writeIncoming(const QByteArray &a) = 0;
00168
00178 virtual QByteArray readOutgoing(int *plainBytes = 0) = 0;
00179
00187 virtual QByteArray readUnprocessed();
00188
00194 virtual int convertBytesWritten(qint64 encryptedBytes) = 0;
00195
00196 Q_SIGNALS:
00203 void readyRead();
00204
00211 void readyReadOutgoing();
00212
00217 void closed();
00218
00223 void error();
00224
00225 private:
00226 Q_DISABLE_COPY(SecureLayer)
00227 };
00228
00237 class QCA_EXPORT TLSSession : public Algorithm
00238 {
00239 public:
00240 TLSSession();
00241
00247 TLSSession(const TLSSession &from);
00248
00249 ~TLSSession();
00250
00256 TLSSession & operator=(const TLSSession &from);
00257
00261 bool isNull() const;
00262 };
00263
00286 class QCA_EXPORT TLS : public SecureLayer, public Algorithm
00287 {
00288 Q_OBJECT
00289 public:
00293 enum Mode
00294 {
00295 Stream,
00296 Datagram
00297 };
00298
00302 enum Version
00303 {
00304 TLS_v1,
00305 SSL_v3,
00306 SSL_v2,
00307 DTLS_v1
00308 };
00309
00313 enum Error
00314 {
00315 ErrorSignerExpired,
00316 ErrorSignerInvalid,
00317 ErrorCertKeyMismatch,
00318 ErrorInit,
00319 ErrorHandshake,
00320 ErrorCrypt
00321 };
00322
00326 enum IdentityResult
00327 {
00328 Valid,
00329 HostMismatch,
00330 InvalidCertificate,
00331 NoCertificate
00332 };
00333
00345 explicit TLS(QObject *parent = 0, const QString &provider = QString());
00346
00358 explicit TLS(Mode mode, QObject *parent = 0, const QString &provider = QString());
00359
00363 ~TLS();
00364
00368 void reset();
00369
00384 QStringList supportedCipherSuites(const Version &version = TLS_v1) const;
00385
00399 void setCertificate(const CertificateChain &cert, const PrivateKey &key);
00400
00409 void setCertificate(const KeyBundle &kb);
00410
00414 CertificateCollection trustedCertificates() const;
00415
00427 void setTrustedCertificates(const CertificateCollection &trusted);
00428
00434 void setConstraints(SecurityLevel s);
00435
00444 void setConstraints(int minSSF, int maxSSF);
00445
00456 void setConstraints(const QStringList &cipherSuiteList);
00457
00480 QList<CertificateInfoOrdered> issuerList() const;
00481
00488 void setIssuerList(const QList<CertificateInfoOrdered> &issuers);
00489
00495 void setSession(const TLSSession &session);
00496
00502 bool canCompress() const;
00503
00510 bool canSetHostName() const;
00511
00519 bool compressionEnabled() const;
00520
00527 void setCompressionEnabled(bool b);
00528
00533 QString hostName() const;
00534
00554 void startClient(const QString &host = QString());
00555
00559 void startServer();
00560
00570 void continueAfterStep();
00571
00579 bool isHandshaken() const;
00580
00586 bool isCompressed() const;
00587
00591 Version version() const;
00592
00599 QString cipherSuite() const;
00600
00610 int cipherBits() const;
00611
00618 int cipherMaxBits() const;
00619
00624 TLSSession session() const;
00625
00631 Error errorCode() const;
00632
00650 IdentityResult peerIdentityResult() const;
00651
00660 Validity peerCertificateValidity() const;
00661
00666 CertificateChain localCertificateChain() const;
00667
00672 PrivateKey localPrivateKey() const;
00673
00678 CertificateChain peerCertificateChain() const;
00679
00680
00681 virtual bool isClosable() const;
00682 virtual int bytesAvailable() const;
00683 virtual int bytesOutgoingAvailable() const;
00684 virtual void close();
00685 virtual void write(const QByteArray &a);
00686 virtual QByteArray read();
00687 virtual void writeIncoming(const QByteArray &a);
00688 virtual QByteArray readOutgoing(int *plainBytes = 0);
00689 virtual QByteArray readUnprocessed();
00690 virtual int convertBytesWritten(qint64 encryptedBytes);
00691
00698 int packetsAvailable() const;
00699
00706 int packetsOutgoingAvailable() const;
00707
00713 int packetMTU() const;
00714
00722 void setPacketMTU(int size) const;
00723
00724 Q_SIGNALS:
00736 void hostNameReceived();
00737
00749 void certificateRequested();
00750
00761 void peerCertificateAvailable();
00762
00774 void handshaken();
00775
00776 protected:
00783 void connectNotify(const char *signal);
00784
00791 void disconnectNotify(const char *signal);
00792
00793 private:
00794 Q_DISABLE_COPY(TLS)
00795
00796 class Private;
00797 friend class Private;
00798 Private *d;
00799 };
00800
00828 class QCA_EXPORT SASL : public SecureLayer, public Algorithm
00829 {
00830 Q_OBJECT
00831 public:
00835 enum Error
00836 {
00837 ErrorInit,
00838 ErrorHandshake,
00839 ErrorCrypt
00840 };
00841
00845 enum AuthCondition
00846 {
00847 AuthFail,
00848 NoMechanism,
00849 BadProtocol,
00850 BadServer,
00851 BadAuth,
00852 NoAuthzid,
00853 TooWeak,
00854 NeedEncrypt,
00855 Expired,
00856 Disabled,
00857 NoUser,
00858 RemoteUnavailable
00859 };
00860
00864 enum AuthFlags
00865 {
00866 AuthFlagsNone = 0x00,
00867 AllowPlain = 0x01,
00868 AllowAnonymous = 0x02,
00869 RequireForwardSecrecy = 0x04,
00870 RequirePassCredentials = 0x08,
00871 RequireMutualAuth = 0x10,
00872 RequireAuthzidSupport = 0x20
00873 };
00874
00878 enum ClientSendMode
00879 {
00880 AllowClientSendFirst,
00881 DisableClientSendFirst
00882 };
00883
00887 enum ServerSendMode
00888 {
00889 AllowServerSendLast,
00890 DisableServerSendLast
00891 };
00892
00903 class QCA_EXPORT Params
00904 {
00905 public:
00906 Params();
00907
00919 Params(bool user, bool authzid, bool pass, bool realm);
00920
00926 Params(const Params &from);
00927 ~Params();
00928
00934 Params & operator=(const Params &from);
00935
00939 bool needUsername() const;
00940
00944 bool canSendAuthzid() const;
00945
00949 bool needPassword() const;
00950
00954 bool canSendRealm() const;
00955
00956 private:
00957 class Private;
00958 Private *d;
00959 };
00960
00969 explicit SASL(QObject *parent = 0, const QString &provider = QString());
00970
00971 ~SASL();
00972
00976 void reset();
00977
00990 void setConstraints(AuthFlags f, SecurityLevel s = SL_None);
00991
01007 void setConstraints(AuthFlags f, int minSSF, int maxSSF);
01008
01015 void setLocalAddress(const QString &addr, quint16 port);
01016
01023 void setRemoteAddress(const QString &addr, quint16 port);
01024
01030 void setExternalAuthId(const QString &authid);
01031
01038 void setExternalSSF(int strength);
01039
01051 void startClient(const QString &service, const QString &host, const QStringList &mechlist, ClientSendMode mode = AllowClientSendFirst);
01052
01064 void startServer(const QString &service, const QString &host, const QString &realm, ServerSendMode mode = DisableServerSendLast);
01065
01075 void putServerFirstStep(const QString &mech);
01076
01087 void putServerFirstStep(const QString &mech, const QByteArray &clientInit);
01088
01098 void putStep(const QByteArray &stepData);
01099
01103 QString mechanism() const;
01104
01108 QStringList mechanismList() const;
01109
01113 QStringList realmList() const;
01114
01118 int ssf() const;
01119
01123 Error errorCode() const;
01124
01128 AuthCondition authCondition() const;
01129
01135 void setUsername(const QString &user);
01136
01142 void setAuthzid(const QString &auth);
01143
01149 void setPassword(const SecureArray &pass);
01150
01156 void setRealm(const QString &realm);
01157
01161 void continueAfterParams();
01162
01166 void continueAfterAuthCheck();
01167
01168
01169 virtual int bytesAvailable() const;
01170 virtual int bytesOutgoingAvailable() const;
01171 virtual void write(const QByteArray &a);
01172 virtual QByteArray read();
01173 virtual void writeIncoming(const QByteArray &a);
01174 virtual QByteArray readOutgoing(int *plainBytes = 0);
01175 virtual int convertBytesWritten(qint64 encryptedBytes);
01176
01177 Q_SIGNALS:
01190 void clientStarted(bool clientInit, const QByteArray &clientInitData);
01191
01196 void serverStarted();
01197
01205 void nextStep(const QByteArray &stepData);
01206
01217 void needParams(const QCA::SASL::Params ¶ms);
01218
01228 void authCheck(const QString &user, const QString &authzid);
01229
01233 void authenticated();
01234
01235 private:
01236 Q_DISABLE_COPY(SASL)
01237
01238 class Private;
01239 friend class Private;
01240 Private *d;
01241 };
01242
01243 }
01244
01245 #endif