1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
|
/****************************************************************************
* Copyright (C) 2013-2014 by Savoir-Faire Linux *
* Author : Emmanuel Lepage Vallee <emmanuel.lepage@savoirfairelinux.com> *
* *
* This library is free software; you can redistribute it and/or *
* modify it under the terms of the GNU Lesser General Public *
* License as published by the Free Software Foundation; either *
* version 2.1 of the License, or (at your option) any later version. *
* *
* This library is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
* Lesser General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program. If not, see <http://www.gnu.org/licenses/>. *
***************************************************************************/
#ifndef SECURITYVALIDATIONMODEL_H
#define SECURITYVALIDATIONMODEL_H
#include <QAbstractListModel>
//SFLPhone
#include "certificate.h"
#include "typedefs.h"
//SFLPhone
class Account;
class Flaw;
class LIB_EXPORT SecurityValidationModel : public QAbstractListModel {
Q_OBJECT
friend class Flaw;
public:
/*
* This class evaluate the overall security of an account.
* It does so by checking various potential flaws, then create
* a metric called SecurityLevel. This model should be used to:
*
* 1) List all potential flaws
* 2) Decide if an account can be considered secure
* 3) Decide if a call can be considered secure
*
* End users should not have to be security gurus to setup SFLphone. It is our
* job to do as much as we can to make security configuration as transparent as
* possible.
*
* The SecurityLevel is computed by checking all possible flaw. The level cannot be
* higher than a flaw maximum security level. If there is 2 (or more) flaw in the same
* maximum level, the maximum level will be decreased by one (recursively).
*
* A flaw severity is used by the client to display the right icon ( (i), /!\, [x] ).
*/
///Give the user an overview of the current security state
enum class SecurityLevel {
NONE = 0, /* Security is not functional or severely defective */
WEAK = 1, /* There is some security, but way too many flaws */
MEDIUM = 2, /* The security is probably good enough, but there is issues */
ACCEPTABLE = 3, /* The security is most probably good enough, only minor issues */
STRONG = 4, /* All the non-information items are correct */
COMPLETE = 5, /* Everything, even the recommendations, are correct */
};
///The severity of a given flaw
enum class Severity {
INFORMATION , /* Tip and tricks to have better security */
WARNING , /* It is a problem, but it wont have other side effects */
ISSUE , /* The security is compromised */
ERROR , /* It simply wont work (REGISTER) */
FATAL_WARNING, /* Registration may work, but it render everything else useless */
};
///Every supported flaws
enum class SecurityFlaw {
SRTP_DISABLED ,
TLS_DISABLED ,
CERTIFICATE_EXPIRED ,
CERTIFICATE_SELF_SIGNED ,
CA_CERTIFICATE_MISSING ,
END_CERTIFICATE_MISSING ,
PRIVATE_KEY_MISSING ,
CERTIFICATE_MISMATCH ,
CERTIFICATE_STORAGE_PERMISSION ,
CERTIFICATE_STORAGE_FOLDER ,
CERTIFICATE_STORAGE_LOCATION ,
OUTGOING_SERVER_MISMATCH ,
VERIFY_INCOMING_DISABLED ,
VERIFY_ANSWER_DISABLED ,
REQUIRE_CERTIFICATE_DISABLED ,
MISSING_CERTIFICATE ,
MISSING_AUTHORITY ,
__COUNT
};
///Role for the model
enum Role {
SeverityRole = 100
};
///Messages to show to the end user
static const QString messages[enum_class_size<SecurityFlaw>()];
//Constructor
explicit SecurityValidationModel(Account* account);
virtual ~SecurityValidationModel();
//Model functions
QVariant data ( const QModelIndex& index, int role = Qt::DisplayRole ) const;
int rowCount ( const QModelIndex& parent = QModelIndex() ) const;
Qt::ItemFlags flags ( const QModelIndex& index ) const;
virtual bool setData ( const QModelIndex& index, const QVariant &value, int role) ;
//Getter
QList<Flaw*> currentFlaws();
QModelIndex getIndex(const Flaw* flaw);
//Mutator
void update();
private:
//Attributes
QList<Flaw*> m_lCurrentFlaws ;
SecurityLevel m_CurrentSecurityLevel;
Account* m_pAccount ;
QHash< int, QHash< int, Flaw* > > m_hFlaws;
//Helpers
Flaw* getFlaw(SecurityFlaw _se,Certificate::Type _ty);
//Static mapping
static const TypedStateMachine< SecurityLevel , SecurityFlaw > maximumSecurityLevel;
static const TypedStateMachine< Severity , SecurityFlaw > flawSeverity ;
};
Q_DECLARE_METATYPE(SecurityValidationModel*)
///A flaw representation
class LIB_EXPORT Flaw : public QObject
{
Q_OBJECT
friend class SecurityValidationModel;
public:
//Operators
bool operator < ( const Flaw &r ) const {
return ( (int)m_severity > (int)r.m_severity );
}
bool operator > ( const Flaw &r ) const {
return ( (int)m_severity < (int)r.m_severity );
}
//Getter
Certificate::Type type() const;
SecurityValidationModel::SecurityFlaw flaw() const;
SecurityValidationModel::Severity severity() const;
private:
//Constructor
Flaw(SecurityValidationModel::SecurityFlaw f,Certificate::Type type = Certificate::Type::NONE)
: m_flaw(f),m_certType(type),m_Row(-1)
{
m_severity = SecurityValidationModel::flawSeverity[f];
}
//Attributes
SecurityValidationModel::SecurityFlaw m_flaw;
SecurityValidationModel::Severity m_severity;
Certificate::Type m_certType;
int m_Row;
public Q_SLOTS:
void slotRequestHighlight();
Q_SIGNALS:
void solved();
void requestHighlight();
};
#endif
|