32#ifndef QCA_SECURELAYER_H
33#define QCA_SECURELAYER_H
149 virtual void write(
const QByteArray &a) = 0;
348 explicit TLS(
QObject *parent =
nullptr,
const QString &provider = QString());
361 explicit TLS(
Mode mode,
QObject *parent =
nullptr,
const QString &provider = QString());
688 void write(
const QByteArray &a)
override;
800 friend class Private;
869 AuthFlagsNone = 0x00,
871 AllowAnonymous = 0x02,
872 RequireForwardSecrecy = 0x04,
873 RequirePassCredentials = 0x08,
874 RequireMutualAuth = 0x10,
875 RequireAuthzidSupport = 0x20
883 AllowClientSendFirst,
884 DisableClientSendFirst
893 DisableServerSendLast
922 Params(
bool user,
bool authzid,
bool pass,
bool realm);
972 explicit SASL(
QObject *parent =
nullptr,
const QString &provider = QString());
1055 const QString &host,
1056 const QStringList &mechlist,
1071 const QString &host,
1072 const QString &realm,
1180 void write(
const QByteArray &a)
override;
1237 void authCheck(
const QString &user,
const QString &authzid);
1245 Q_DISABLE_COPY(
SASL)
1248 friend class Private;
General superclass for an algorithm.
Definition qca_core.h:1164
A chain of related Certificates.
Definition qca_cert.h:1226
Bundle of Certificates and CRLs.
Definition qca_cert.h:1929
Certificate chain and private key pair.
Definition qca_cert.h:2176
Generic private key.
Definition qca_publickey.h:833
Parameter flags for the SASL authentication.
Definition qca_securelayer.h:907
bool needPassword() const
Password is needed.
bool canSendAuthzid() const
An Authorization ID can be sent if desired.
bool needUsername() const
User is needed.
bool canSendRealm() const
A Realm can be sent if desired.
Params(bool user, bool authzid, bool pass, bool realm)
Standard constructor.
Params & operator=(const Params &from)
Standard assignment operator.
Params(const Params &from)
Standard copy constructor.
Simple Authentication and Security Layer protocol implementation.
Definition qca_securelayer.h:832
void startServer(const QString &service, const QString &host, const QString &realm, ServerSendMode mode=DisableServerSendLast)
Initialise the server side of the connection.
void putServerFirstStep(const QString &mech)
Process the first step in server mode (server)
void setUsername(const QString &user)
Specify the username to use in authentication.
void setExternalSSF(int strength)
Specify a security strength factor for an externally secured connection.
Error errorCode() const
Return the error code.
void authCheck(const QString &user, const QString &authzid)
This signal is emitted when the server needs to perform the authentication check.
void continueAfterParams()
Continue negotiation after parameters have been set (client)
void write(const QByteArray &a) override
This method writes unencrypted (plain) data to the SecureLayer implementation.
void startClient(const QString &service, const QString &host, const QStringList &mechlist, ClientSendMode mode=AllowClientSendFirst)
Initialise the client side of the connection.
int convertBytesWritten(qint64 encryptedBytes) override
Convert encrypted bytes written to plain text bytes written.
SASL(QObject *parent=nullptr, const QString &provider=QString())
Standard constructor.
void setConstraints(AuthFlags f, SecurityLevel s=SL_None)
Specify connection constraints.
void setAuthzid(const QString &auth)
Specify the authorization identity to use in authentication.
void nextStep(const QByteArray &stepData)
This signal is emitted when there is data required to be sent over the network to complete the next s...
void continueAfterAuthCheck()
Continue negotiation after auth ids have been checked (server)
void writeIncoming(const QByteArray &a) override
This method accepts encoded (typically encrypted) data for processing.
AuthCondition
Possible authentication error states.
Definition qca_securelayer.h:849
@ NeedEncrypt
Encryption is needed in order to use mechanism (server side only)
Definition qca_securelayer.h:857
@ TooWeak
Mechanism too weak for this user (server side only)
Definition qca_securelayer.h:856
@ AuthFail
Generic authentication failure.
Definition qca_securelayer.h:850
@ BadProtocol
Bad protocol or cancelled.
Definition qca_securelayer.h:852
@ NoUser
User not found (server side only)
Definition qca_securelayer.h:860
@ NoMechanism
No compatible/appropriate authentication mechanism.
Definition qca_securelayer.h:851
@ BadServer
Server failed mutual authentication (client side only)
Definition qca_securelayer.h:853
@ Expired
Passphrase expired, has to be reset (server side only)
Definition qca_securelayer.h:858
@ Disabled
Account is disabled (server side only)
Definition qca_securelayer.h:859
@ BadAuth
Authentication failure (server side only)
Definition qca_securelayer.h:854
@ NoAuthzid
Authorization failure (server side only)
Definition qca_securelayer.h:855
ServerSendMode
Mode options for server side sending.
Definition qca_securelayer.h:891
QString mechanism() const
Return the mechanism selected (client)
void serverStarted()
This signal is emitted after the server has been successfully started.
void setPassword(const SecureArray &pass)
Specify the password to use in authentication.
void setExternalAuthId(const QString &authid)
Specify the id of the externally secured connection.
QStringList realmList() const
Return the realm list, if available (client)
int bytesOutgoingAvailable() const override
Returns the number of bytes available to be readOutgoing() on the network side.
void clientStarted(bool clientInit, const QByteArray &clientInitData)
This signal is emitted when the client has been successfully started.
QByteArray read() override
This method reads decrypted (plain) data from the SecureLayer implementation.
ClientSendMode
Mode options for client side sending.
Definition qca_securelayer.h:882
void needParams(const QCA::SASL::Params ¶ms)
This signal is emitted when the client needs additional parameters.
QStringList mechanismList() const
Return the mechanism list (server)
Error
Possible errors that may occur when using SASL.
Definition qca_securelayer.h:839
@ ErrorInit
problem starting up SASL
Definition qca_securelayer.h:840
@ ErrorHandshake
problem during the authentication process
Definition qca_securelayer.h:841
int ssf() const
Return the security strength factor of the connection.
void setRemoteAddress(const QString &addr, quint16 port)
Specify the peer address.
void setConstraints(AuthFlags f, int minSSF, int maxSSF)
This is an overloaded member function, provided for convenience. It differs from the above function o...
void putServerFirstStep(const QString &mech, const QByteArray &clientInit)
Process the first step in server mode (server)
void setRealm(const QString &realm)
Specify the realm to use in authentication.
void reset()
Reset the SASL mechanism.
int bytesAvailable() const override
Returns the number of bytes available to be read() on the application side.
AuthCondition authCondition() const
Return the reason for authentication failure.
void authenticated()
This signal is emitted when authentication is complete.
void setLocalAddress(const QString &addr, quint16 port)
Specify the local address.
QByteArray readOutgoing(int *plainBytes=nullptr) override
This method provides encoded (typically encrypted) data.
void putStep(const QByteArray &stepData)
Process an authentication step.
AuthFlags
Authentication requirement flag values.
Definition qca_securelayer.h:868
Secure array of bytes.
Definition qca_tools.h:317
Abstract interface to a security layer.
Definition qca_securelayer.h:105
virtual void write(const QByteArray &a)=0
This method writes unencrypted (plain) data to the SecureLayer implementation.
virtual int convertBytesWritten(qint64 encryptedBytes)=0
Convert encrypted bytes written to plain text bytes written.
virtual QByteArray readUnprocessed()
This allows you to read data without having it decrypted first.
SecureLayer(QObject *parent=nullptr)
Constructor for an abstract secure communications layer.
virtual void writeIncoming(const QByteArray &a)=0
This method accepts encoded (typically encrypted) data for processing.
virtual int bytesAvailable() const =0
Returns the number of bytes available to be read() on the application side.
virtual QByteArray readOutgoing(int *plainBytes=nullptr)=0
This method provides encoded (typically encrypted) data.
void error()
This signal is emitted when an error is detected.
virtual void close()
Close the link.
void readyReadOutgoing()
This signal is emitted when SecureLayer has encrypted (network side) data ready to be read.
virtual QByteArray read()=0
This method reads decrypted (plain) data from the SecureLayer implementation.
void closed()
This signal is emitted when the SecureLayer connection is closed.
virtual bool isClosable() const
Returns true if the layer has a meaningful "close".
virtual int bytesOutgoingAvailable() const =0
Returns the number of bytes available to be readOutgoing() on the network side.
void readyRead()
This signal is emitted when SecureLayer has decrypted (application side) data ready to be read.
Session token, used for TLS resuming.
Definition qca_securelayer.h:239
TLSSession & operator=(const TLSSession &from)
Assignment operator.
TLSSession(const TLSSession &from)
Copy constructor.
bool isNull() const
Test if the session token is valid.
Transport Layer Security / Secure Socket Layer.
Definition qca_securelayer.h:290
void setConstraints(SecurityLevel s)
The security level required for this link.
int packetsOutgoingAvailable() const
Determine the number of packets available to be read on the network side.
void setPacketMTU(int size) const
Set the maximum packet size to use.
TLS(Mode mode, QObject *parent=nullptr, const QString &provider=QString())
Constructor for Transport Layer Security connection.
int cipherMaxBits() const
The number of bits of security that the cipher could use.
void write(const QByteArray &a) override
This method writes unencrypted (plain) data to the SecureLayer implementation.
void startClient(const QString &host=QString())
Start the TLS/SSL connection as a client.
Version version() const
The protocol version that is in use for this connection.
void writeIncoming(const QByteArray &a) override
This method accepts encoded (typically encrypted) data for processing.
Mode
Operating mode.
Definition qca_securelayer.h:297
@ Stream
stream mode
Definition qca_securelayer.h:298
void setConstraints(int minSSF, int maxSSF)
This is an overloaded member function, provided for convenience. It differs from the above function o...
void continueAfterStep()
Resumes TLS processing.
PrivateKey localPrivateKey() const
The PrivateKey for the local host certificate.
void hostNameReceived()
Emitted if a host name is set by the client.
int cipherBits() const
The number of effective bits of security being used for this connection.
int bytesOutgoingAvailable() const override
Returns the number of bytes available to be readOutgoing() on the network side.
~TLS() override
Destructor.
QString hostName() const
Returns the host name specified or an empty string if no host name is specified.
TLSSession session() const
The session object of the TLS connection, which can be used for resuming.
Error
Type of error.
Definition qca_securelayer.h:317
@ ErrorHandshake
problem during the negotiation
Definition qca_securelayer.h:322
@ ErrorCertKeyMismatch
certificate and private key don't match
Definition qca_securelayer.h:320
@ ErrorSignerExpired
local certificate is expired
Definition qca_securelayer.h:318
@ ErrorSignerInvalid
local certificate is invalid in some way
Definition qca_securelayer.h:319
@ ErrorInit
problem starting up TLS
Definition qca_securelayer.h:321
void setTrustedCertificates(const CertificateCollection &trusted)
Set up the set of trusted certificates that will be used to verify that the certificate provided is v...
void reset()
Reset the connection.
bool isClosable() const override
Returns true if the layer has a meaningful "close".
void startServer()
Start the TLS/SSL connection as a server.
void setConstraints(const QStringList &cipherSuiteList)
This is an overloaded member function, provided for convenience. It differs from the above function o...
QStringList supportedCipherSuites(const Version &version=TLS_v1) const
Get the list of cipher suites that are available for use.
QList< CertificateInfoOrdered > issuerList() const
CertificateCollection trustedCertificates() const
Return the trusted certificates set for this object.
IdentityResult peerIdentityResult() const
After the SSL/TLS handshake is complete, this method allows you to determine if the other end of the ...
QByteArray readOutgoing(int *plainBytes=nullptr) override
This method provides encoded (typically encrypted) data.
IdentityResult
Type of identity.
Definition qca_securelayer.h:330
@ HostMismatch
valid cert provided, but wrong owner
Definition qca_securelayer.h:332
@ InvalidCertificate
invalid cert
Definition qca_securelayer.h:333
@ Valid
identity is verified
Definition qca_securelayer.h:331
TLS(QObject *parent=nullptr, const QString &provider=QString())
Constructor for Transport Layer Security connection.
bool canSetHostName() const
Test if the link can specify a hostname (Server Name Indication)
void close() override
Close the link.
QByteArray read() override
This method reads decrypted (plain) data from the SecureLayer implementation.
void connectNotify(const QMetaMethod &signal) override
Called when a connection is made to a particular signal.
bool isHandshaken() const
test if the handshake is complete
int packetsAvailable() const
Determine the number of packets available to be read on the application side.
Validity peerCertificateValidity() const
After the SSL/TLS handshake is valid, this method allows you to check if the received certificate fro...
QByteArray readUnprocessed() override
This allows you to read data without having it decrypted first.
Version
Version of TLS or SSL.
Definition qca_securelayer.h:306
@ SSL_v2
Secure Socket Layer, version 2.
Definition qca_securelayer.h:309
@ TLS_v1
Transport Layer Security, version 1.
Definition qca_securelayer.h:307
@ SSL_v3
Secure Socket Layer, version 3.
Definition qca_securelayer.h:308
int packetMTU() const
Return the currently configured maximum packet size.
Error errorCode() const
This method returns the type of error that has occurred.
bool compressionEnabled() const
Returns true if compression is enabled.
bool canCompress() const
Test if the link can use compression.
int convertBytesWritten(qint64 encryptedBytes) override
Convert encrypted bytes written to plain text bytes written.
CertificateChain peerCertificateChain() const
The CertificateChain from the peer (other end of the connection to the trusted root certificate).
int bytesAvailable() const override
Returns the number of bytes available to be read() on the application side.
void peerCertificateAvailable()
Emitted when a certificate is received from the peer.
QString cipherSuite() const
The cipher suite that has been negotiated for this connection.
void setCertificate(const CertificateChain &cert, const PrivateKey &key)
The local certificate to use.
bool isCompressed() const
test if the link is compressed
void handshaken()
Emitted when the protocol handshake is complete.
void disconnectNotify(const QMetaMethod &signal) override
Called when a connection is removed from a particular signal.
void setIssuerList(const QList< CertificateInfoOrdered > &issuers)
Sets the issuer list to present to the client.
void setSession(const TLSSession &session)
Resume a TLS session using the given session object.
void certificateRequested()
Emitted when the server requests a certificate.
void setCertificate(const KeyBundle &kb)
This is an overloaded member function, provided for convenience. It differs from the above function o...
CertificateChain localCertificateChain() const
The CertificateChain for the local host certificate.
void setCompressionEnabled(bool b)
Set the link to use compression.
QCA - the Qt Cryptographic Architecture.
Definition qca_basic.h:41
Validity
The validity (or otherwise) of a certificate.
Definition qca_cert.h:497
SecurityLevel
Specify the lower-bound for acceptable TLS/SASL security layers.
Definition qca_securelayer.h:60
@ SL_Baseline
must be 128 bit or more
Definition qca_securelayer.h:64
@ SL_Integrity
must at least get integrity protection
Definition qca_securelayer.h:62
@ SL_High
must be more than 128 bit
Definition qca_securelayer.h:65
@ SL_Export
must be export level bits or more
Definition qca_securelayer.h:63
@ SL_Highest
SL_High or max possible, whichever is greater.
Definition qca_securelayer.h:66
@ SL_None
indicates that no security is ok
Definition qca_securelayer.h:61
Header file for PGP key and X.509 certificate related classes.
Header file for core QCA infrastructure.
Header file for PublicKey and PrivateKey related classes.