Select Git revision
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
securityevaluationmodel.cpp 36.49 KiB
/****************************************************************************
* Copyright (C) 2013-2016 by Savoir-faire Linux *
* Author : Emmanuel Lepage Vallee <emmanuel.lepage@savoirfairelinux.com> *
* *
* This library is free software; you can redistribute it and/or *
* modify it under the terms of the GNU Lesser General Public *
* License as published by the Free Software Foundation; either *
* version 2.1 of the License, or (at your option) any later version. *
* *
* This library is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
* Lesser General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program. If not, see <http://www.gnu.org/licenses/>. *
***************************************************************************/
#include "securityevaluationmodel.h"
//Qt
#include <QtCore/QIdentityProxyModel>
#include <QtCore/QTimer>
//Ring
#include "account.h"
#include "certificatemodel.h"
#include "globalinstances.h"
#include "interfaces/pixmapmanipulatori.h"
#include "private/securityevaluationmodel_p.h"
#include "securityflaw.h"
#include "private/securityflaw_p.h"
#include "private/certificate_p.h"
#include <QtAlgorithms>
const QString SecurityEvaluationModelPrivate::messages[enum_class_size<SecurityEvaluationModel::AccountSecurityChecks>()] = {
/*SRTP_ENABLED */QObject::tr("Your media streams are not encrypted, please enable SDES"),
/*TLS_ENABLED */QObject::tr("TLS is disabled, the negotiation won't be encrypted. Your communication will be vulnerable to "
"snooping"),
/*CERTIFICATE_MATCH */QObject::tr("Your certificate and authority don't match, if your certificate require an authority, it won't work"),
/*OUTGOING_SERVER_MATCH */QObject::tr("The outgoing server specified doesn't match the hostname or the one included in the certificate"),
/*VERIFY_INCOMING_ENABLED */QObject::tr("The \"verify incoming certificate\" option is disabled, this leave you vulnerable to man in the middle attack"),
/*VERIFY_ANSWER_ENABLED */QObject::tr("The \"verify answer certificate\" option is disabled, this leave you vulnerable to man in the middle attack"),
/*REQUIRE_CERTIFICATE_ENABLED */QObject::tr("None of your certificate provide a private key, this is required. Please select a private key"
" or use a certificate with one built-in"),
/* NOT_MISSING_CERTIFICATE */QObject::tr("No certificate has been provided. This is, for now, unsupported by Ring"),
/* NOT_MISSING_AUTHORITY */QObject::tr("No certificate authority is provided, it won't be possible to validate if the answer certificates are valid. Some account may also not work."),
};
static const QString s1 = QObject::tr("Your certificate is expired, please contact your system administrator.");
static const QString s2 = QObject::tr("Your certificate is self signed. This break the chain of trust.");
const TypedStateMachine< SecurityEvaluationModel::SecurityLevel , SecurityEvaluationModel::AccountSecurityChecks >
SecurityEvaluationModelPrivate::maximumSecurityLevel = {{
/* SRTP_ENABLED */ SecurityEvaluationModel::SecurityLevel::NONE ,
/* TLS_ENABLED */ SecurityEvaluationModel::SecurityLevel::NONE ,
/* CERTIFICATE_MATCH */ SecurityEvaluationModel::SecurityLevel::WEAK ,
/* OUTGOING_SERVER_MATCH */ SecurityEvaluationModel::SecurityLevel::MEDIUM ,
/* VERIFY_INCOMING_ENABLED */ SecurityEvaluationModel::SecurityLevel::MEDIUM ,
/* VERIFY_ANSWER_ENABLED */ SecurityEvaluationModel::SecurityLevel::MEDIUM ,
/* REQUIRE_CERTIFICATE_ENABLED */ SecurityEvaluationModel::SecurityLevel::WEAK ,
/* NOT_MISSING_CERTIFICATE */ SecurityEvaluationModel::SecurityLevel::WEAK ,
/* NOT_MISSING_AUTHORITY */ SecurityEvaluationModel::SecurityLevel::ACCEPTABLE ,
}};
const TypedStateMachine< SecurityEvaluationModel::Severity , SecurityEvaluationModel::AccountSecurityChecks >
SecurityEvaluationModelPrivate::flawSeverity = {{
/* SRTP_ENABLED */ SecurityEvaluationModel::Severity::ISSUE ,
/* TLS_ENABLED */ SecurityEvaluationModel::Severity::ISSUE ,
/* CERTIFICATE_MATCH */ SecurityEvaluationModel::Severity::ERROR ,