1.1.12
by Francois Marier
Import upstream version 1.4.1 |
1 |
/****************************************************************************
|
2 |
* Copyright (C) 2013-2014 by Savoir-Faire Linux *
|
|
3 |
* Author : Emmanuel Lepage Vallee <emmanuel.lepage@savoirfairelinux.com> *
|
|
4 |
* *
|
|
5 |
* This library is free software; you can redistribute it and/or *
|
|
6 |
* modify it under the terms of the GNU Lesser General Public *
|
|
7 |
* License as published by the Free Software Foundation; either *
|
|
8 |
* version 2.1 of the License, or (at your option) any later version. *
|
|
9 |
* *
|
|
10 |
* This library is distributed in the hope that it will be useful, *
|
|
11 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
|
12 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
|
|
13 |
* Lesser General Public License for more details. *
|
|
14 |
* *
|
|
15 |
* You should have received a copy of the GNU General Public License *
|
|
16 |
* along with this program. If not, see <http://www.gnu.org/licenses/>. *
|
|
17 |
***************************************************************************/
|
|
18 |
#ifndef SECURITYVALIDATIONMODEL_H
|
|
19 |
#define SECURITYVALIDATIONMODEL_H
|
|
20 |
#include <QAbstractListModel> |
|
21 |
||
22 |
//SFLPhone
|
|
23 |
#include "certificate.h" |
|
24 |
#include "typedefs.h" |
|
25 |
||
26 |
||
27 |
//SFLPhone
|
|
28 |
class Account; |
|
29 |
class Flaw; |
|
30 |
||
31 |
class LIB_EXPORT SecurityValidationModel : public QAbstractListModel { |
|
32 |
Q_OBJECT
|
|
33 |
friend class Flaw; |
|
34 |
public: |
|
35 |
/*
|
|
36 |
* This class evaluate the overall security of an account.
|
|
37 |
* It does so by checking various potential flaws, then create
|
|
38 |
* a metric called SecurityLevel. This model should be used to:
|
|
39 |
*
|
|
40 |
* 1) List all potential flaws
|
|
41 |
* 2) Decide if an account can be considered secure
|
|
42 |
* 3) Decide if a call can be considered secure
|
|
43 |
*
|
|
44 |
* End users should not have to be security gurus to setup SFLphone. It is our
|
|
45 |
* job to do as much as we can to make security configuration as transparent as
|
|
46 |
* possible.
|
|
47 |
*
|
|
48 |
* The SecurityLevel is computed by checking all possible flaw. The level cannot be
|
|
49 |
* higher than a flaw maximum security level. If there is 2 (or more) flaw in the same
|
|
50 |
* maximum level, the maximum level will be decreased by one (recursively).
|
|
51 |
*
|
|
52 |
* A flaw severity is used by the client to display the right icon ( (i), /!\, [x] ).
|
|
53 |
*/
|
|
54 |
||
55 |
///Give the user an overview of the current security state
|
|
56 |
enum class SecurityLevel { |
|
57 |
NONE = 0, /* Security is not functional or severely defective */ |
|
58 |
WEAK = 1, /* There is some security, but way too many flaws */ |
|
59 |
MEDIUM = 2, /* The security is probably good enough, but there is issues */ |
|
60 |
ACCEPTABLE = 3, /* The security is most probably good enough, only minor issues */ |
|
61 |
STRONG = 4, /* All the non-information items are correct */ |
|
62 |
COMPLETE = 5, /* Everything, even the recommendations, are correct */ |
|
63 |
};
|
|
64 |
||
65 |
///The severity of a given flaw
|
|
66 |
enum class Severity { |
|
67 |
INFORMATION , /* Tip and tricks to have better security */ |
|
68 |
WARNING , /* It is a problem, but it wont have other side effects */ |
|
69 |
ISSUE , /* The security is compromised */ |
|
70 |
ERROR , /* It simply wont work (REGISTER) */ |
|
71 |
FATAL_WARNING, /* Registration may work, but it render everything else useless */ |
|
72 |
};
|
|
73 |
||
74 |
///Every supported flaws
|
|
75 |
enum class SecurityFlaw { |
|
76 |
SRTP_DISABLED , |
|
77 |
TLS_DISABLED , |
|
78 |
CERTIFICATE_EXPIRED , |
|
79 |
CERTIFICATE_SELF_SIGNED , |
|
80 |
CA_CERTIFICATE_MISSING , |
|
81 |
END_CERTIFICATE_MISSING , |
|
82 |
PRIVATE_KEY_MISSING , |
|
83 |
CERTIFICATE_MISMATCH , |
|
84 |
CERTIFICATE_STORAGE_PERMISSION , |
|
85 |
CERTIFICATE_STORAGE_FOLDER , |
|
86 |
CERTIFICATE_STORAGE_LOCATION , |
|
87 |
OUTGOING_SERVER_MISMATCH , |
|
88 |
VERIFY_INCOMING_DISABLED , |
|
89 |
VERIFY_ANSWER_DISABLED , |
|
90 |
REQUIRE_CERTIFICATE_DISABLED , |
|
91 |
MISSING_CERTIFICATE , |
|
92 |
MISSING_AUTHORITY , |
|
93 |
__COUNT
|
|
94 |
};
|
|
95 |
||
96 |
///Role for the model
|
|
97 |
enum Role { |
|
98 |
SeverityRole = 100 |
|
99 |
};
|
|
100 |
||
101 |
///Messages to show to the end user
|
|
102 |
static const QString messages[enum_class_size<SecurityFlaw>()]; |
|
103 |
||
104 |
//Constructor
|
|
105 |
explicit SecurityValidationModel(Account* account); |
|
106 |
virtual ~SecurityValidationModel(); |
|
107 |
||
108 |
||
109 |
//Model functions
|
|
110 |
QVariant data ( const QModelIndex& index, int role = Qt::DisplayRole ) const; |
|
111 |
int rowCount ( const QModelIndex& parent = QModelIndex() ) const; |
|
112 |
Qt::ItemFlags flags ( const QModelIndex& index ) const; |
|
113 |
virtual bool setData ( const QModelIndex& index, const QVariant &value, int role) ; |
|
114 |
||
115 |
//Getter
|
|
116 |
QList<Flaw*> currentFlaws(); |
|
117 |
QModelIndex getIndex(const Flaw* flaw); |
|
118 |
||
119 |
//Mutator
|
|
120 |
void update(); |
|
121 |
||
122 |
private: |
|
123 |
//Attributes
|
|
124 |
QList<Flaw*> m_lCurrentFlaws ; |
|
125 |
SecurityLevel m_CurrentSecurityLevel; |
|
126 |
Account* m_pAccount ; |
|
127 |
QHash< int, QHash< int, Flaw* > > m_hFlaws; |
|
128 |
||
129 |
//Helpers
|
|
130 |
Flaw* getFlaw(SecurityFlaw _se,Certificate::Type _ty); |
|
131 |
||
132 |
//Static mapping
|
|
133 |
static const TypedStateMachine< SecurityLevel , SecurityFlaw > maximumSecurityLevel; |
|
134 |
static const TypedStateMachine< Severity , SecurityFlaw > flawSeverity ; |
|
135 |
};
|
|
136 |
Q_DECLARE_METATYPE(SecurityValidationModel*) |
|
137 |
||
138 |
///A flaw representation
|
|
139 |
class LIB_EXPORT Flaw : public QObject |
|
140 |
{
|
|
141 |
Q_OBJECT
|
|
142 |
friend class SecurityValidationModel; |
|
143 |
public: |
|
144 |
||
145 |
//Operators
|
|
146 |
bool operator < ( const Flaw &r ) const { |
|
147 |
return ( (int)m_severity > (int)r.m_severity ); |
|
148 |
}
|
|
149 |
bool operator > ( const Flaw &r ) const { |
|
150 |
return ( (int)m_severity < (int)r.m_severity ); |
|
151 |
}
|
|
152 |
||
153 |
//Getter
|
|
154 |
Certificate::Type type() const; |
|
155 |
SecurityValidationModel::SecurityFlaw flaw() const; |
|
156 |
SecurityValidationModel::Severity severity() const; |
|
157 |
private: |
|
158 |
//Constructor
|
|
159 |
Flaw(SecurityValidationModel::SecurityFlaw f,Certificate::Type type = Certificate::Type::NONE) |
|
160 |
: m_flaw(f),m_certType(type),m_Row(-1) |
|
161 |
{
|
|
162 |
m_severity = SecurityValidationModel::flawSeverity[f]; |
|
163 |
}
|
|
164 |
||
165 |
//Attributes
|
|
166 |
SecurityValidationModel::SecurityFlaw m_flaw; |
|
167 |
SecurityValidationModel::Severity m_severity; |
|
168 |
Certificate::Type m_certType; |
|
169 |
int m_Row; |
|
170 |
public Q_SLOTS: |
|
171 |
void slotRequestHighlight(); |
|
172 |
||
173 |
Q_SIGNALS: |
|
174 |
void solved(); |
|
175 |
void requestHighlight(); |
|
176 |
};
|
|
177 |
||
178 |
#endif
|