QuasarApp/qca
4
0
Fork 0
mirror of https://github.com/QuasarApp/qca.git synced 2025-05-11 02:09:33 +00:00
Code Issues Projects Releases Wiki Activity

add tls issuer list support, prepare provider for remaining tls features

Browse Source 
svn path=/trunk/kdesupport/qca/; revision=652442
This commit is contained in:
Justin Karneges 2007-04-11 02:13:20 +00:00
parent 7769c1870f
commit 07104e0119
7 changed files with 143 additions and 13 deletions

5
TODO

@ -8,10 +8,6 @@
* beta4
api:
tls features
calist (SSL_get_client_CA_list)
compression
hostname
some functions report availability of "sub"features without having context
with a specific provider (that is, the functions are not members of an
instance owned by a provider, nor is a provider necessarily specified
@ -32,6 +28,7 @@
qca_securelayer.h
supportedCipherSuites
canCompress
canSetHostName (tbd)
QSecureArray/QBigInteger -> QCA::SecureArray/QCA::BigInteger ?
code:
cert: orderedToDNString

13
include/QtCrypto/qca_cert.h

@ -252,6 +252,12 @@ namespace QCA
Convert to RFC 1779 string format
*/
inline QString toString() const;
/**
Return a new CertificateInfoOrdered that only contains
the Distinguished Name (DN) types found in this object.
*/
inline CertificateInfoOrdered dnOnly() const;
};
/**
@ -259,11 +265,18 @@ namespace QCA
*/
QCA_EXPORT QString orderedToDNString(const CertificateInfoOrdered &in);
QCA_EXPORT CertificateInfoOrdered orderedDNOnly(const CertificateInfoOrdered &in);
inline QString CertificateInfoOrdered::toString() const
{
return orderedToDNString(*this);
}
inline CertificateInfoOrdered CertificateInfoOrdered::dnOnly() const
{
return orderedDNOnly(*this);
}
/**
%Certificate constraints type
*/

60
include/QtCrypto/qca_securelayer.h

@ -386,6 +386,36 @@ namespace QCA
*/
void setConstraints(const QStringList &cipherSuiteList);
/**
Retrieve the list of allowed issuers by the server,
if the server has provided them. Only DN types will
be present.
\code
Certificate someCert = ...
PrivateKey someKey = ...
// see if the server will take our cert
CertificateInfoOrdered issuerInfo = someCert.issuerInfoOrdered().dnOnly();
foreach(const CertificateInfoOrdered &info, tls->issuerList())
{
if(info == issuerInfo)
{
// server will accept someCert, let's present it
tls->setCertificate(someCert, someKey);
break;
}
}
\endcode
*/
QList<CertificateInfoOrdered> issuerList() const;
/**
Sets the issuer list to present to the client. For
use with servers only. Only DN types are allowed.
*/
void setIssuerList(const QList<CertificateInfoOrdered> &issuers);
/**
Test if the link can use compression.
@ -419,6 +449,16 @@ namespace QCA
*/
void startServer();
/**
Resumes TLS processing.
Call this function after firstStepDone() or handshaken() is
emitted. By requiring this function to be called in order
to proceed, applications are given a chance to perform user
interaction between steps in the TLS process.
*/
void continueAfterStep();
/**
test if the handshake is complete
@ -553,8 +593,26 @@ namespace QCA
Q_SIGNALS:
/**
Emitted when the protocol handshake is complete
Emitted when the server has completed the first part
of the TLS negotiation. At this time, the client can
inspect the peerCertificateChain() and issuerList().
You must call continueAfterStep() in order for TLS
processing to resume after this signal is emitted.
\sa continueAfterStep
*/
void firstStepDone();
/**
Emitted when the protocol handshake is complete. At
this time, all available information about the TLS
session can be inspected.
You must call continueAfterStep() in order for TLS
processing to resume after this signal is emitted.
\sa continueAfterStep
\sa isHandshaken
*/
void handshaken();

11
include/QtCrypto/qcaprovider.h

@ -468,13 +468,16 @@ public:
virtual QStringList supportedCipherSuites(const TLS::Version &version) const = 0;
virtual bool canCompress() const = 0;
virtual bool canSetHostName() const = 0;
virtual int maxSSF() const = 0;
virtual void setConstraints(int minSSF, int maxSSF) = 0;
virtual void setConstraints(const QStringList &cipherSuiteList) = 0;
virtual void setup(const CertificateCollection &trusted,
const CertificateChain &cert, const PrivateKey &key, bool server,
const QString &hostName, bool compress, bool dtls) = 0;
bool serverMode,
const QList<CertificateInfoOrdered> &issuerList,
const QString &hostName, bool compress) = 0;
virtual void setCertificate(const CertificateChain &cert, const PrivateKey &key) = 0;
virtual void shutdown() = 0; // flag for shutdown, call update next
virtual void setMTU(int size); // for dtls
@ -510,6 +513,10 @@ public:
virtual QByteArray to_app() = 0;
virtual bool eof() const = 0;
// call after handshake continue, but before success
virtual bool serverHelloReceived() const = 0;
virtual QList<CertificateInfoOrdered> issuerList() const = 0;
// call after successful handshake
virtual Validity peerCertificateValidity() const = 0;
virtual CertificateChain peerCertificateChain() const = 0;

36
plugins/qca-openssl/qca-openssl.cpp

@ -4755,6 +4755,12 @@ public:
return false;
}
virtual bool canSetHostName() const
{
// TODO
return false;
}
virtual int maxSSF() const
{
// TODO
@ -4774,19 +4780,26 @@ public:
Q_UNUSED(cipherSuiteList);
}
virtual void setup(const CertificateCollection &_trusted, const CertificateChain &_cert, const PrivateKey &_key, bool serverMode,
const QString &hostName, bool compress, bool)
virtual void setup(const CertificateCollection &_trusted,
bool serverMode,
const QList<CertificateInfoOrdered> &issuerList,
const QString &hostName, bool compress)
{
trusted = _trusted;
if(!_cert.isEmpty())
cert = _cert.primary(); // TODO: take the whole chain
key = _key;
serv = serverMode;
if ( false == serverMode ) {
// client
targetHostName = hostName;
}
Q_UNUSED(compress); // TODO
Q_UNUSED(issuerList); // TODO
}
virtual void setCertificate(const CertificateChain &_cert, const PrivateKey &_key)
{
if(!_cert.isEmpty())
cert = _cert.primary(); // TODO: take the whole chain
key = _key;
}
virtual void shutdown()
@ -5056,6 +5069,18 @@ public:
return v_eof;
}
virtual bool serverHelloReceived() const
{
// TODO
return false;
}
virtual QList<CertificateInfoOrdered> issuerList() const
{
// TODO
return QList<CertificateInfoOrdered>();
}
virtual SessionInfo sessionInfo() const
{
SessionInfo sessInfo;
@ -5171,6 +5196,7 @@ public:
// this passes control of the bios to ssl. we don't need to free them.
SSL_set_bio(ssl, rbio, wbio);
// FIXME: move this to after server hello
// setup the cert to send
if(!cert.isNull() && !key.isNull())
{

11
src/qca_cert.cpp

@ -123,6 +123,17 @@ QString orderedToDNString(const CertificateInfoOrdered &in)
return QString();
}
CertificateInfoOrdered orderedDNOnly(const CertificateInfoOrdered &in)
{
CertificateInfoOrdered out;
for(int n = 0; n < in.count(); ++n)
{
if(in[n].section() == CertificateInfoPair::DN)
out += in[n];
}
return out;
}
QStringList makeFriendlyNames(const QList<Certificate> &list)
{
// TODO

20
src/qca_securelayer.cpp

@ -142,7 +142,8 @@ public:
else
c->setConstraints(con_cipherSuites);
c->setup(trusted, localCert, localKey, serverMode, host, tryCompress, false);
c->setup(trusted, serverMode, QList<CertificateInfoOrdered>(), host, tryCompress);
c->setCertificate(localCert, localKey);
bool ok;
c->start();
@ -431,6 +432,18 @@ void TLS::setConstraints(const QStringList &cipherSuiteList)
d->con_cipherSuites = cipherSuiteList;
}
QList<CertificateInfoOrdered> TLS::issuerList() const
{
// TODO
return QList<CertificateInfoOrdered>();
}
void TLS::setIssuerList(const QList<CertificateInfoOrdered> &issuers)
{
// TODO
Q_UNUSED(issuers);
}
bool TLS::canCompress(Mode mode, const QString &provider)
{
bool ok = false;
@ -476,6 +489,11 @@ void TLS::startServer()
//layerUpdateEnd();
}
void TLS::continueAfterStep()
{
// TODO
}
bool TLS::isHandshaken() const
{
return d->handshaken;