Skip to content
Snippets Groups Projects
Commit 0bb2fe44 authored by Emmanuel Lepage Vallee's avatar Emmanuel Lepage Vallee
Browse files

security: Upgrade the SecurityValidationModel (1/3)

It was previously hardcoded and useless. It still is, but now use
the real Certificate objects with real data. The algoritm as is
cannot work with the new data sources. It will be upgraded in
further commits. This one only make it work again.

Refs #66528
parent aae70fe8
No related branches found
No related tags found
No related merge requests found
......@@ -170,6 +170,7 @@ SET( libringclient_LIB_SRCS
src/video/device.cpp
src/video/renderer.cpp
src/certificate.cpp
src/securityflaw.cpp
#Models
src/bootstrapmodel.cpp
......@@ -313,6 +314,7 @@ SET( libringclient_LIB_HDRS
src/collectioneditor.h
src/collectioneditor.hpp
src/fallbackpersoncollection.h
src/securityflaw.h
)
SET(libringclient_video_LIB_HDRS
......@@ -453,6 +455,7 @@ SET(libringclient_PRIVATE_HDRS
src/private/instantmessagingmodel_p.h
src/private/videorenderer_p.h
src/private/collectionmodel_p.h
src/private/securityflaw_p.h
)
IF(${ENABLE_LIBWRAP} MATCHES true)
......
......@@ -50,6 +50,7 @@
#include "presencestatusmodel.h"
#include "uri.h"
#include "securityvalidationmodel.h"
#include "private/securityvalidationmodel_p.h"
#define TO_BOOL ?"true":"false"
#define IS_TRUE == "true"
......@@ -1052,6 +1053,7 @@ void Account::setPassword(const QString& detail)
void Account::setTlsPassword(const QString& detail)
{
d_ptr->setAccountProperty(DRing::Account::ConfProperties::TLS::PASSWORD, detail);
d_ptr->regenSecurityValidation();
}
///Set the certificate authority list file
......@@ -1080,6 +1082,7 @@ void Account::setTlsCaListCertificate(Certificate* cert)
{
d_ptr->m_pCaCert = cert;
d_ptr->setAccountProperty(DRing::Account::ConfProperties::TLS::CA_LIST_FILE, cert?cert->path().path():QString());
d_ptr->regenSecurityValidation();
}
///Set the certificate
......@@ -1087,6 +1090,7 @@ void Account::setTlsCertificate(Certificate* cert)
{
d_ptr->m_pTlsCert = cert;
d_ptr->setAccountProperty(DRing::Account::ConfProperties::TLS::CERTIFICATE_FILE, cert?cert->path().path():QString());
d_ptr->regenSecurityValidation();
}
///Set the private key
......@@ -1094,12 +1098,14 @@ void Account::setTlsPrivateKeyCertificate(Certificate* cert)
{
d_ptr->m_pPrivateKey = cert;
d_ptr->setAccountProperty(DRing::Account::ConfProperties::TLS::PRIVATE_KEY_FILE, cert?cert->path().path():QString());
d_ptr->regenSecurityValidation();
}
///Set the TLS server
void Account::setTlsServerName(const QString& detail)
{
d_ptr->setAccountProperty(DRing::Account::ConfProperties::TLS::SERVER_NAME, detail);
d_ptr->regenSecurityValidation();
}
///Set the stun server
......@@ -1148,6 +1154,7 @@ void Account::setLastErrorCode(int code)
void Account::setKeyExchange(KeyExchangeModel::Type detail)
{
d_ptr->setAccountProperty(DRing::Account::ConfProperties::SRTP::KEY_EXCHANGE ,KeyExchangeModel::toDaemonName(detail));
d_ptr->regenSecurityValidation();
}
///Set the account timeout, it will be renegotiated when that timeout occur
......@@ -1160,6 +1167,7 @@ void Account::setRegistrationExpire(int detail)
void Account::setTlsNegotiationTimeoutSec(int detail)
{
d_ptr->setAccountProperty(DRing::Account::ConfProperties::TLS::NEGOTIATION_TIMEOUT_SEC, QString::number(detail));
d_ptr->regenSecurityValidation();
}
///Set the local port for SIP/IAX communications
......@@ -1207,54 +1215,64 @@ void Account::setAutoAnswer(bool detail)
void Account::setTlsVerifyServer(bool detail)
{
d_ptr->setAccountProperty(DRing::Account::ConfProperties::TLS::VERIFY_SERVER, (detail)TO_BOOL);
d_ptr->regenSecurityValidation();
}
///Set the TLS verification client
void Account::setTlsVerifyClient(bool detail)
{
d_ptr->setAccountProperty(DRing::Account::ConfProperties::TLS::VERIFY_CLIENT, (detail)TO_BOOL);
d_ptr->regenSecurityValidation();
}
///Set if the peer need to be providing a certificate
void Account::setTlsRequireClientCertificate(bool detail)
{
d_ptr->setAccountProperty(DRing::Account::ConfProperties::TLS::REQUIRE_CLIENT_CERTIFICATE ,(detail)TO_BOOL);
d_ptr->regenSecurityValidation();
}
///Set if the security settings are enabled
void Account::setTlsEnabled(bool detail)
{
d_ptr->setAccountProperty(DRing::Account::ConfProperties::TLS::ENABLED ,(detail)TO_BOOL);
d_ptr->regenSecurityValidation();
}
void Account::setDisplaySasOnce(bool detail)
{
d_ptr->setAccountProperty(DRing::Account::ConfProperties::ZRTP::DISPLAY_SAS_ONCE, (detail)TO_BOOL);
d_ptr->regenSecurityValidation();
}
void Account::setSrtpRtpFallback(bool detail)
{
d_ptr->setAccountProperty(DRing::Account::ConfProperties::SRTP::RTP_FALLBACK, (detail)TO_BOOL);
d_ptr->regenSecurityValidation();
}
void Account::setSrtpEnabled(bool detail)
{
d_ptr->setAccountProperty(DRing::Account::ConfProperties::SRTP::ENABLED, (detail)TO_BOOL);
d_ptr->regenSecurityValidation();
}
void Account::setZrtpDisplaySas(bool detail)
{
d_ptr->setAccountProperty(DRing::Account::ConfProperties::ZRTP::DISPLAY_SAS, (detail)TO_BOOL);
d_ptr->regenSecurityValidation();
}
void Account::setZrtpNotSuppWarning(bool detail)
{
d_ptr->setAccountProperty(DRing::Account::ConfProperties::ZRTP::NOT_SUPP_WARNING, (detail)TO_BOOL);
d_ptr->regenSecurityValidation();
}
void Account::setZrtpHelloHash(bool detail)
{
d_ptr->setAccountProperty(DRing::Account::ConfProperties::ZRTP::HELLO_HASH, (detail)TO_BOOL);
d_ptr->regenSecurityValidation();
}
void Account::setSipStunEnabled(bool detail)
......@@ -1759,6 +1777,16 @@ void Account::saveCredentials() {
}
}
void AccountPrivate::regenSecurityValidation()
{
if (m_pSecurityValidationModel) {
m_pSecurityValidationModel->setTlsCaListCertificate(q_ptr->tlsCaListCertificate());
m_pSecurityValidationModel->setTlsCertificate(q_ptr->tlsCertificate());
m_pSecurityValidationModel->setTlsPrivateKeyCertificate(q_ptr->tlsPrivateKeyCertificate());
m_pSecurityValidationModel->d_ptr->update();
}
}
///Reload all audio codecs
void Account::reloadCodecs()
{
......
......@@ -86,6 +86,7 @@ public:
//Helpers
inline void changeState(Account::EditState state);
bool updateState();
void regenSecurityValidation();
//State actions
void performAction(Account::EditAction action);
......
/****************************************************************************
* Copyright (C) 2015 by Savoir-Faire Linux *
* Author : Emmanuel Lepage Vallee <emmanuel.lepage@savoirfairelinux.com> *
* *
* This library is free software; you can redistribute it and/or *
* modify it under the terms of the GNU Lesser General Public *
* License as published by the Free Software Foundation; either *
* version 2.1 of the License, or (at your option) any later version. *
* *
* This library is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
* Lesser General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program. If not, see <http://www.gnu.org/licenses/>. *
***************************************************************************/
#ifndef SECURITYFLAWPRIVATE_H
#define SECURITYFLAWPRIVATE_H
#include <QtCore/QObject>
#include "securityvalidationmodel.h"
class SecurityFlaw;
class SecurityFlawPrivate : public QObject
{
Q_OBJECT
public:
SecurityFlawPrivate(SecurityFlaw* parent, SecurityValidationModel::AccountSecurityFlaw f,Certificate::Type type);
//Attributes
SecurityValidationModel::AccountSecurityFlaw m_flaw;
SecurityValidationModel::Severity m_severity;
Certificate::Type m_certType;
int m_Row;
SecurityFlaw* q_ptr;
};
#endif
\ No newline at end of file
/****************************************************************************
* Copyright (C) 2015 by Savoir-Faire Linux *
* Author : Emmanuel Lepage Vallee <emmanuel.lepage@savoirfairelinux.com> *
* *
* This library is free software; you can redistribute it and/or *
* modify it under the terms of the GNU Lesser General Public *
* License as published by the Free Software Foundation; either *
* version 2.1 of the License, or (at your option) any later version. *
* *
* This library is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
* Lesser General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program. If not, see <http://www.gnu.org/licenses/>. *
***************************************************************************/
#ifndef SECURITYVALIDATIONMODELPRIVATE_H
#define SECURITYVALIDATIONMODELPRIVATE_H
class SecurityFlaw;
class Account;
class Certificate;
class SecurityValidationModelPrivate
{
public:
SecurityValidationModelPrivate(Account* account, SecurityValidationModel* parent);
//Attributes
QList<SecurityFlaw*> m_lCurrentFlaws ;
SecurityValidationModel::SecurityLevel m_CurrentSecurityLevel;
Account* m_pAccount ;
QHash< int, QHash< int, SecurityFlaw* > > m_hFlaws;
Certificate* m_pCa;
Certificate* m_pCert;
Certificate* m_pPrivateKey;
//Helpers
SecurityFlaw* getFlaw(SecurityValidationModel::AccountSecurityFlaw _se,Certificate::Type _ty);
//Mutator
void update();
///Messages to show to the end user
static const QString messages[enum_class_size<SecurityValidationModel::AccountSecurityFlaw>()];
//Static mapping
static const TypedStateMachine< SecurityValidationModel::SecurityLevel , SecurityValidationModel::AccountSecurityFlaw > maximumSecurityLevel;
static const TypedStateMachine< SecurityValidationModel::Severity , SecurityValidationModel::AccountSecurityFlaw > flawSeverity ;
SecurityValidationModel* q_ptr;
};
#endif
\ No newline at end of file
/****************************************************************************
* Copyright (C) 2013-2015 by Savoir-Faire Linux *
* Author : Emmanuel Lepage Vallee <emmanuel.lepage@savoirfairelinux.com> *
* *
* This library is free software; you can redistribute it and/or *
* modify it under the terms of the GNU Lesser General Public *
* License as published by the Free Software Foundation; either *
* version 2.1 of the License, or (at your option) any later version. *
* *
* This library is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
* Lesser General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program. If not, see <http://www.gnu.org/licenses/>. *
***************************************************************************/
#include "securityflaw.h"
//Ring
#include "private/securityvalidationmodel_p.h"
#include "private/securityflaw_p.h"
SecurityFlawPrivate::SecurityFlawPrivate(SecurityFlaw* parent, SecurityValidationModel::AccountSecurityFlaw f,Certificate::Type type):m_flaw(f),m_certType(type),m_Row(-1)
,m_severity(SecurityValidationModelPrivate::flawSeverity[f]),q_ptr(parent)
{
}
SecurityFlaw::SecurityFlaw(SecurityValidationModel::AccountSecurityFlaw f,Certificate::Type type)
: QObject(), d_ptr(new SecurityFlawPrivate(this, f, type))
{
}
Certificate::Type SecurityFlaw::type() const
{
return d_ptr->m_certType;
}
SecurityValidationModel::AccountSecurityFlaw SecurityFlaw::flaw() const
{
return d_ptr->m_flaw;
}
SecurityValidationModel::Severity SecurityFlaw::severity() const
{
return d_ptr->m_severity;
}
void SecurityFlaw::requestHighlight()
{
emit highlight();
}
bool SecurityFlaw::operator < ( const SecurityFlaw &r ) const {
return ( (int)d_ptr->m_severity > (int)r.d_ptr->m_severity );
}
bool SecurityFlaw::operator > ( const SecurityFlaw &r ) const {
return ( (int)d_ptr->m_severity < (int)r.d_ptr->m_severity );
}
#include <securityflaw.moc>
#ifndef SECURITY_FLAW_H
#define SECURITY_FLAW_H
#include <QtCore/QObject>
#include <typedefs.h>
#include <securityvalidationmodel.h>
class SecurityFlawPrivate;
///A flaw representation
class LIB_EXPORT SecurityFlaw : public QObject
{
Q_OBJECT
friend class SecurityValidationModel;
friend class SecurityValidationModelPrivate;
public:
//Operators
bool operator < ( const SecurityFlaw &r ) const;
bool operator > ( const SecurityFlaw &r ) const;
//Getter
Certificate::Type type() const;
SecurityValidationModel::AccountSecurityFlaw flaw() const;
SecurityValidationModel::Severity severity() const;
private:
explicit SecurityFlaw(SecurityValidationModel::AccountSecurityFlaw f,Certificate::Type type = Certificate::Type::NONE);
SecurityFlawPrivate* d_ptr;
Q_DECLARE_PRIVATE(SecurityFlaw)
public Q_SLOTS:
void requestHighlight();
Q_SIGNALS:
void solved();
void highlight();
};
#endif
\ No newline at end of file
......@@ -18,10 +18,13 @@
#include "securityvalidationmodel.h"
#include "account.h"
#include "delegates/pixmapmanipulationdelegate.h"
#include "private/securityvalidationmodel_p.h"
#include "securityflaw.h"
#include "private/securityflaw_p.h"
#include <QtAlgorithms>
const QString SecurityValidationModel::messages[enum_class_size<SecurityFlaw>()] = {
const QString SecurityValidationModelPrivate::messages[enum_class_size<SecurityValidationModel::AccountSecurityFlaw>()] = {
QObject::tr("Your communication negotiation is secured, but not the media stream, please enable ZRTP or SDES"),
QObject::tr("TLS is disabled, the negotiation wont be encrypted. Your communication will be vulnerable to "
"snooping"),
......@@ -41,51 +44,56 @@ const QString SecurityValidationModel::messages[enum_class_size<SecurityFlaw>()]
QObject::tr("REQUIRE_CERTIFICATE_DISABLED "),
};
const TypedStateMachine< SecurityValidationModel::SecurityLevel , SecurityValidationModel::SecurityFlaw >
SecurityValidationModel::maximumSecurityLevel = {{
/* SRTP_DISABLED */ SecurityLevel::WEAK ,
/* TLS_DISABLED */ SecurityLevel::WEAK ,
/* CERTIFICATE_EXPIRED */ SecurityLevel::MEDIUM ,
/* CERTIFICATE_SELF_SIGNED */ SecurityLevel::MEDIUM ,
/* CA_CERTIFICATE_MISSING */ SecurityLevel::MEDIUM ,
/* END_CERTIFICATE_MISSING */ SecurityLevel::MEDIUM ,
/* PRIVATE_KEY_MISSING */ SecurityLevel::MEDIUM ,
/* CERTIFICATE_MISMATCH */ SecurityLevel::NONE ,
/* CERTIFICATE_STORAGE_PERMISSION */ SecurityLevel::ACCEPTABLE ,
/* CERTIFICATE_STORAGE_FOLDER */ SecurityLevel::ACCEPTABLE ,
/* CERTIFICATE_STORAGE_LOCATION */ SecurityLevel::ACCEPTABLE ,
/* OUTGOING_SERVER_MISMATCH */ SecurityLevel::ACCEPTABLE ,
/* VERIFY_INCOMING_DISABLED */ SecurityLevel::MEDIUM ,
/* VERIFY_ANSWER_DISABLED */ SecurityLevel::MEDIUM ,
/* REQUIRE_CERTIFICATE_DISABLED */ SecurityLevel::MEDIUM ,
/* MISSING_CERTIFICATE */ SecurityLevel::NONE ,
/* MISSING_AUTHORITY */ SecurityLevel::WEAK ,
const TypedStateMachine< SecurityValidationModel::SecurityLevel , SecurityValidationModel::AccountSecurityFlaw >
SecurityValidationModelPrivate::maximumSecurityLevel = {{
/* SRTP_DISABLED */ SecurityValidationModel::SecurityLevel::WEAK ,
/* TLS_DISABLED */ SecurityValidationModel::SecurityLevel::WEAK ,
/* CERTIFICATE_EXPIRED */ SecurityValidationModel::SecurityLevel::MEDIUM ,
/* CERTIFICATE_SELF_SIGNED */ SecurityValidationModel::SecurityLevel::MEDIUM ,
/* CA_CERTIFICATE_MISSING */ SecurityValidationModel::SecurityLevel::MEDIUM ,
/* END_CERTIFICATE_MISSING */ SecurityValidationModel::SecurityLevel::MEDIUM ,
/* PRIVATE_KEY_MISSING */ SecurityValidationModel::SecurityLevel::MEDIUM ,
/* CERTIFICATE_MISMATCH */ SecurityValidationModel::SecurityLevel::NONE ,
/* CERTIFICATE_STORAGE_PERMISSION */ SecurityValidationModel::SecurityLevel::ACCEPTABLE ,
/* CERTIFICATE_STORAGE_FOLDER */ SecurityValidationModel::SecurityLevel::ACCEPTABLE ,
/* CERTIFICATE_STORAGE_LOCATION */ SecurityValidationModel::SecurityLevel::ACCEPTABLE ,
/* OUTGOING_SERVER_MISMATCH */ SecurityValidationModel::SecurityLevel::ACCEPTABLE ,
/* VERIFY_INCOMING_DISABLED */ SecurityValidationModel::SecurityLevel::MEDIUM ,
/* VERIFY_ANSWER_DISABLED */ SecurityValidationModel::SecurityLevel::MEDIUM ,
/* REQUIRE_CERTIFICATE_DISABLED */ SecurityValidationModel::SecurityLevel::MEDIUM ,
/* MISSING_CERTIFICATE */ SecurityValidationModel::SecurityLevel::NONE ,
/* MISSING_AUTHORITY */ SecurityValidationModel::SecurityLevel::WEAK ,
}};
const TypedStateMachine< SecurityValidationModel::Severity , SecurityValidationModel::SecurityFlaw >
SecurityValidationModel::flawSeverity = {{
/* SRTP_DISABLED */ Severity::ISSUE ,
/* TLS_DISABLED */ Severity::ISSUE ,
/* CERTIFICATE_EXPIRED */ Severity::WARNING ,
/* CERTIFICATE_SELF_SIGNED */ Severity::WARNING ,
/* CA_CERTIFICATE_MISSING */ Severity::ISSUE ,
/* END_CERTIFICATE_MISSING */ Severity::ISSUE ,
/* PRIVATE_KEY_MISSING */ Severity::ERROR ,
/* CERTIFICATE_MISMATCH */ Severity::ERROR ,
/* CERTIFICATE_STORAGE_PERMISSION */ Severity::WARNING ,
/* CERTIFICATE_STORAGE_FOLDER */ Severity::INFORMATION ,
/* CERTIFICATE_STORAGE_LOCATION */ Severity::INFORMATION ,
/* OUTGOING_SERVER_MISMATCH */ Severity::WARNING ,
/* VERIFY_INCOMING_DISABLED */ Severity::ISSUE ,
/* VERIFY_ANSWER_DISABLED */ Severity::ISSUE ,
/* REQUIRE_CERTIFICATE_DISABLED */ Severity::ISSUE ,
/* MISSING_CERTIFICATE */ Severity::ERROR ,
/* MISSING_AUTHORITY */ Severity::ERROR ,
const TypedStateMachine< SecurityValidationModel::Severity , SecurityValidationModel::AccountSecurityFlaw >
SecurityValidationModelPrivate::flawSeverity = {{
/* SRTP_DISABLED */ SecurityValidationModel::Severity::ISSUE ,
/* TLS_DISABLED */ SecurityValidationModel::Severity::ISSUE ,
/* CERTIFICATE_EXPIRED */ SecurityValidationModel::Severity::WARNING ,
/* CERTIFICATE_SELF_SIGNED */ SecurityValidationModel::Severity::WARNING ,
/* CA_CERTIFICATE_MISSING */ SecurityValidationModel::Severity::ISSUE ,
/* END_CERTIFICATE_MISSING */ SecurityValidationModel::Severity::ISSUE ,
/* PRIVATE_KEY_MISSING */ SecurityValidationModel::Severity::ERROR ,
/* CERTIFICATE_MISMATCH */ SecurityValidationModel::Severity::ERROR ,
/* CERTIFICATE_STORAGE_PERMISSION */ SecurityValidationModel::Severity::WARNING ,
/* CERTIFICATE_STORAGE_FOLDER */ SecurityValidationModel::Severity::INFORMATION ,
/* CERTIFICATE_STORAGE_LOCATION */ SecurityValidationModel::Severity::INFORMATION ,
/* OUTGOING_SERVER_MISMATCH */ SecurityValidationModel::Severity::WARNING ,
/* VERIFY_INCOMING_DISABLED */ SecurityValidationModel::Severity::ISSUE ,
/* VERIFY_ANSWER_DISABLED */ SecurityValidationModel::Severity::ISSUE ,
/* REQUIRE_CERTIFICATE_DISABLED */ SecurityValidationModel::Severity::ISSUE ,
/* MISSING_CERTIFICATE */ SecurityValidationModel::Severity::ERROR ,
/* MISSING_AUTHORITY */ SecurityValidationModel::Severity::ERROR ,
}};
SecurityValidationModelPrivate::SecurityValidationModelPrivate(Account* account, SecurityValidationModel* parent) : q_ptr(parent),
m_pAccount(account), m_CurrentSecurityLevel(SecurityValidationModel::SecurityLevel::NONE)
{
}
SecurityValidationModel::SecurityValidationModel(Account* account) : QAbstractListModel(account),
m_pAccount(account),m_CurrentSecurityLevel(SecurityLevel::NONE)
d_ptr(new SecurityValidationModelPrivate(account,this))
{
}
......@@ -110,10 +118,10 @@ QVariant SecurityValidationModel::data( const QModelIndex& index, int role) cons
{
if (index.isValid()) {
if (role == Qt::DisplayRole) {
return messages[static_cast<int>( m_lCurrentFlaws[index.row()]->flaw() )];
return SecurityValidationModelPrivate::messages[static_cast<int>( d_ptr->m_lCurrentFlaws[index.row()]->flaw() )];
}
else if (role == Role::SeverityRole) {
return static_cast<int>(m_lCurrentFlaws[index.row()]->severity());
return static_cast<int>(d_ptr->m_lCurrentFlaws[index.row()]->severity());
}
else if (role == Qt::DecorationRole) {
return PixmapManipulationDelegate::instance()->serurityIssueIcon(index);
......@@ -125,7 +133,7 @@ QVariant SecurityValidationModel::data( const QModelIndex& index, int role) cons
int SecurityValidationModel::rowCount( const QModelIndex& parent) const
{
Q_UNUSED(parent)
return m_lCurrentFlaws.size();
return d_ptr->m_lCurrentFlaws.size();
}
Qt::ItemFlags SecurityValidationModel::flags( const QModelIndex& index) const
......@@ -143,106 +151,101 @@ bool SecurityValidationModel::setData( const QModelIndex& index, const QVariant
}
///Do some unsafe convertions to bypass Qt4 issues with C++11 enum class
Flaw* SecurityValidationModel::getFlaw(SecurityFlaw _se,Certificate::Type _ty)
SecurityFlaw* SecurityValidationModelPrivate::getFlaw(SecurityValidationModel::AccountSecurityFlaw _se, Certificate::Type _ty)
{
if (! m_hFlaws[(int)_se][(int)_ty]) {
m_hFlaws[(int)_se][(int)_ty] = new Flaw(_se,_ty);
m_hFlaws[(int)_se][(int)_ty] = new SecurityFlaw(_se,_ty);
}
return m_hFlaws[(int)_se][(int)_ty];
}
#define _F(_se,_ty) getFlaw(SecurityFlaw::_se,_ty);
void SecurityValidationModel::update()
#define _F(_se,_ty) getFlaw(SecurityValidationModel::AccountSecurityFlaw::_se,_ty);
void SecurityValidationModelPrivate::update()
{
// m_lCurrentFlaws.clear();
//
// /**********************************
// * Check general issues *
// *********************************/
//
// /* If TLS is not enabled, everything else is worthless */
// if (!m_pAccount->isTlsEnabled()) {
// m_lCurrentFlaws << _F(TLS_DISABLED,Certificate::Type::NONE);
// }
//
// /* Check if the media stream is encrypted, it is something users
// * may care about if they get this far ;) */
// if (!m_pAccount->isSrtpEnabled()) {
// m_lCurrentFlaws << _F(SRTP_DISABLED,Certificate::Type::NONE);
// }
//
// /* The user certificate need to have a private key, otherwise it wont
// * be possible to encrypt anything */
// if ((! m_pAccount->tlsCertificate()->hasPrivateKey()) && (!m_pAccount->tlsPrivateKeyCertificate()->exist())) {
// m_lCurrentFlaws << _F(PRIVATE_KEY_MISSING,m_pAccount->tlsPrivateKeyCertificate()->type());
// }
//
// /**********************************
// * Certificates issues *
// *********************************/
// QList<Certificate*> certs;
// certs << m_pAccount->tlsCaListCertificate() << m_pAccount->tlsCertificate() << m_pAccount->tlsPrivateKeyCertificate();
// foreach (Certificate* cert, certs) {
// if (! cert->exist()) {
// m_lCurrentFlaws << _F(END_CERTIFICATE_MISSING,cert->type());
// }
// if (! cert->isExpired()) {
// m_lCurrentFlaws << _F(CERTIFICATE_EXPIRED,cert->type());
// }
// if (! cert->isSelfSigned()) {
// m_lCurrentFlaws << _F(CERTIFICATE_SELF_SIGNED,cert->type());
// }
// if (! cert->hasProtectedPrivateKey()) {
// m_lCurrentFlaws << _F(CERTIFICATE_STORAGE_PERMISSION,cert->type());
// }
// if (! cert->hasRightPermissions()) {
// m_lCurrentFlaws << _F(CERTIFICATE_STORAGE_PERMISSION,cert->type());
// }
// if (! cert->hasRightFolderPermissions()) {
// m_lCurrentFlaws << _F(CERTIFICATE_STORAGE_FOLDER,cert->type());
// }
// if (! cert->isLocationSecure()) {
// m_lCurrentFlaws << _F(CERTIFICATE_STORAGE_LOCATION,cert->type());
// }
// }
//
// qSort(m_lCurrentFlaws.begin(),m_lCurrentFlaws.end(),[] (const Flaw* f1, const Flaw* f2) -> int {
// return (*f1) < (*f2);
// });
// for (int i=0;i<m_lCurrentFlaws.size();i++) {
// m_lCurrentFlaws[i]->m_Row = i;
// }
//
// emit layoutChanged();
m_lCurrentFlaws.clear();
/**********************************
* Check general issues *
*********************************/
/* If TLS is not enabled, everything else is worthless */
if (!m_pAccount->isTlsEnabled()) {
m_lCurrentFlaws << _F(TLS_DISABLED,Certificate::Type::NONE);
}
#undef _F
QModelIndex SecurityValidationModel::getIndex(const Flaw* flaw)
{
return index(flaw->m_Row,0);
/* Check if the media stream is encrypted, it is something users
* may care about if they get this far ;) */
if (!m_pAccount->isSrtpEnabled()) {
m_lCurrentFlaws << _F(SRTP_DISABLED,Certificate::Type::NONE);
}
/* The user certificate need to have a private key, otherwise it wont
* be possible to encrypt anything */
if (( m_pAccount->tlsCertificate()->hasPrivateKey() == Certificate::CheckValues::FAILED) && (m_pAccount->tlsPrivateKeyCertificate()->exist() == Certificate::CheckValues::FAILED)) {
m_lCurrentFlaws << _F(PRIVATE_KEY_MISSING,m_pAccount->tlsPrivateKeyCertificate()->type());
}
/**********************************
* Certificates issues *
*********************************/
QList<Certificate*> certs;
certs << m_pAccount->tlsCaListCertificate() << m_pAccount->tlsCertificate() << m_pAccount->tlsPrivateKeyCertificate();
foreach (Certificate* cert, certs) {
if (cert->exist() == Certificate::CheckValues::FAILED) {
m_lCurrentFlaws << _F(END_CERTIFICATE_MISSING,cert->type());
}
if (cert->isNotExpired() == Certificate::CheckValues::FAILED) {
m_lCurrentFlaws << _F(CERTIFICATE_EXPIRED,cert->type());
}
if (cert->isNotSelfSigned() == Certificate::CheckValues::FAILED) {
m_lCurrentFlaws << _F(CERTIFICATE_SELF_SIGNED,cert->type());
}
if (cert->arePrivateKeyStoragePermissionOk() == Certificate::CheckValues::FAILED) {
m_lCurrentFlaws << _F(CERTIFICATE_STORAGE_PERMISSION,cert->type());
}
if (cert->arePublicKeyStoragePermissionOk() == Certificate::CheckValues::FAILED) {
m_lCurrentFlaws << _F(CERTIFICATE_STORAGE_PERMISSION,cert->type());
}
if (cert->arePrivateKeyDirectoryPermissionsOk() == Certificate::CheckValues::FAILED) {
m_lCurrentFlaws << _F(CERTIFICATE_STORAGE_FOLDER,cert->type());
}
if (cert->arePrivateKeyStorageLocationOk() == Certificate::CheckValues::FAILED) {
m_lCurrentFlaws << _F(CERTIFICATE_STORAGE_LOCATION,cert->type());
}
}
qSort(m_lCurrentFlaws.begin(),m_lCurrentFlaws.end(),[] (const SecurityFlaw* f1, const SecurityFlaw* f2) -> int {
return (*f1) < (*f2);
});
for (int i=0;i<m_lCurrentFlaws.size();i++) {
m_lCurrentFlaws[i]->d_ptr->m_Row = i;
}
emit q_ptr->layoutChanged();
}
#undef _F
QList<Flaw*> SecurityValidationModel::currentFlaws()
QModelIndex SecurityValidationModel::getIndex(const SecurityFlaw* flaw)
{
return m_lCurrentFlaws;
return index(flaw->d_ptr->m_Row,0);
}
Certificate::Type Flaw::type() const
QList<SecurityFlaw*> SecurityValidationModel::currentFlaws()
{
return m_certType;
return d_ptr->m_lCurrentFlaws;
}
SecurityValidationModel::SecurityFlaw Flaw::flaw() const
void SecurityValidationModel::setTlsCaListCertificate( Certificate* cert )
{
return m_flaw;
d_ptr->m_pCa = cert;
}
SecurityValidationModel::Severity Flaw::severity() const
void SecurityValidationModel::setTlsCertificate( Certificate* cert )
{
return m_severity;
d_ptr->m_pCert = cert;
}
void Flaw::slotRequestHighlight()
void SecurityValidationModel::setTlsPrivateKeyCertificate( Certificate* cert )
{
emit requestHighlight();
d_ptr->m_pPrivateKey = cert;
}
......@@ -26,11 +26,14 @@
//Ring
class Account;
class Flaw;
class SecurityFlaw;
class SecurityValidationModelPrivate;
class LIB_EXPORT SecurityValidationModel : public QAbstractListModel {
Q_OBJECT
friend class Flaw;
friend class SecurityFlaw;
friend class AccountPrivate;
public:
/*
* This class evaluate the overall security of an account.
......@@ -72,7 +75,7 @@ public:
};
///Every supported flaws
enum class SecurityFlaw {
enum class AccountSecurityFlaw {
SRTP_DISABLED ,
TLS_DISABLED ,
CERTIFICATE_EXPIRED ,
......@@ -98,9 +101,6 @@ public:
SeverityRole = 100
};
///Messages to show to the end user
static const QString messages[enum_class_size<SecurityFlaw>()];
//Constructor
explicit SecurityValidationModel(Account* account);
virtual ~SecurityValidationModel();
......@@ -114,66 +114,18 @@ public:
virtual QHash<int,QByteArray> roleNames() const override;
//Getter
QList<Flaw*> currentFlaws();
QModelIndex getIndex(const Flaw* flaw);
QList<SecurityFlaw*> currentFlaws();
QModelIndex getIndex(const SecurityFlaw* flaw);
//Mutator
void update();
//Setters
void setTlsCaListCertificate ( Certificate* cert );
void setTlsCertificate ( Certificate* cert );
void setTlsPrivateKeyCertificate( Certificate* cert );
private:
//Attributes
QList<Flaw*> m_lCurrentFlaws ;
SecurityLevel m_CurrentSecurityLevel;
Account* m_pAccount ;
QHash< int, QHash< int, Flaw* > > m_hFlaws;
//Helpers
Flaw* getFlaw(SecurityFlaw _se,Certificate::Type _ty);
//Static mapping
static const TypedStateMachine< SecurityLevel , SecurityFlaw > maximumSecurityLevel;
static const TypedStateMachine< Severity , SecurityFlaw > flawSeverity ;
SecurityValidationModelPrivate* d_ptr;
Q_DECLARE_PRIVATE(SecurityValidationModel)
};
Q_DECLARE_METATYPE(SecurityValidationModel*)
///A flaw representation
class LIB_EXPORT Flaw : public QObject
{
Q_OBJECT
friend class SecurityValidationModel;
public:
//Operators
bool operator < ( const Flaw &r ) const {
return ( (int)m_severity > (int)r.m_severity );
}
bool operator > ( const Flaw &r ) const {
return ( (int)m_severity < (int)r.m_severity );
}
//Getter
Certificate::Type type() const;
SecurityValidationModel::SecurityFlaw flaw() const;
SecurityValidationModel::Severity severity() const;
private:
//Constructor
explicit Flaw(SecurityValidationModel::SecurityFlaw f,Certificate::Type type = Certificate::Type::NONE)
: m_flaw(f),m_certType(type),m_Row(-1)
{
m_severity = SecurityValidationModel::flawSeverity[f];
}
//Attributes
SecurityValidationModel::SecurityFlaw m_flaw;
SecurityValidationModel::Severity m_severity;
Certificate::Type m_certType;
int m_Row;
public Q_SLOTS:
void slotRequestHighlight();
Q_SIGNALS:
void solved();
void requestHighlight();
};
#endif
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment