1 files changed, 277 insertions, 0 deletions

diff --git a/examples/network/secureudpserver/server.cpp b/examples/network/secureudpserver/server.cpp
new file mode 100644
index 0000000000..0d83fa9b51
--- /dev/null
+++ b/examples/network/secureudpserver/server.cpp
@@ -0,0 +1,277 @@
+/****************************************************************************
+**
+** Copyright (C) 2018 The Qt Company Ltd.
+** Contact: https://www.qt.io/licensing/
+**
+** This file is part of the examples of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:BSD$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and The Qt Company. For licensing terms
+** and conditions see https://www.qt.io/terms-conditions. For further
+** information use the contact form at https://www.qt.io/contact-us.
+**
+** BSD License Usage
+** Alternatively, you may use this file under the terms of the BSD license
+** as follows:
+**
+** "Redistribution and use in source and binary forms, with or without
+** modification, are permitted provided that the following conditions are
+** met:
+**   * Redistributions of source code must retain the above copyright
+**     notice, this list of conditions and the following disclaimer.
+**   * Redistributions in binary form must reproduce the above copyright
+**     notice, this list of conditions and the following disclaimer in
+**     the documentation and/or other materials provided with the
+**     distribution.
+**   * Neither the name of The Qt Company Ltd nor the names of its
+**     contributors may be used to endorse or promote products derived
+**     from this software without specific prior written permission.
+**
+**
+** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+** LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+** A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+** OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+** SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+** LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+** DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+** THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+** OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE."
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#include "server.h"
+
+#include <algorithm>
+
+QT_BEGIN_NAMESPACE
+
+namespace {
+
+QString peer_info(const QHostAddress &address, quint16 port)
+{
+    const static QString info = QStringLiteral("(%1:%2)");
+    return info.arg(address.toString()).arg(port);
+}
+
+QString connection_info(QSharedPointer<QDtls> connection)
+{
+    QString info(DtlsServer::tr("Session cipher: "));
+    info += connection->sessionCipher().name();
+
+    info += DtlsServer::tr("; session protocol: ");
+    switch (connection->sessionProtocol()) {
+    case QSsl::DtlsV1_0:
+        info += DtlsServer::tr("DTLS 1.0.");
+        break;
+    case QSsl::DtlsV1_2:
+        info += DtlsServer::tr("DTLS 1.2.");
+        break;
+    case QSsl::DtlsV1_2OrLater:
+        info += DtlsServer::tr("DTLS 1.2 or later.");
+        break;
+    default:
+        info += DtlsServer::tr("Unknown protocol.");
+    }
+
+    return info;
+}
+
+} // unnamed namespace
+
+//! [1]
+DtlsServer::DtlsServer()
+{
+    connect(&serverSocket, &QAbstractSocket::readyRead, this, &DtlsServer::readyRead);
+
+    serverConfiguration = QSslConfiguration::defaultDtlsConfiguration();
+    serverConfiguration.setPreSharedKeyIdentityHint("Qt DTLS example server");
+    serverConfiguration.setPeerVerifyMode(QSslSocket::VerifyNone);
+}
+//! [1]
+
+DtlsServer::~DtlsServer()
+{
+    shutdown();
+}
+
+//! [2]
+bool DtlsServer::listen(const QHostAddress &address, quint16 port)
+{
+    if (address != serverSocket.localAddress() || port != serverSocket.localPort()) {
+        shutdown();
+        listening = serverSocket.bind(address, port);
+        if (!listening)
+            emit errorMessage(serverSocket.errorString());
+    } else {
+        listening = true;
+    }
+
+    return listening;
+}
+//! [2]
+
+bool DtlsServer::isListening() const
+{
+    return listening;
+}
+
+void DtlsServer::close()
+{
+    listening = false;
+}
+
+void DtlsServer::readyRead()
+{
+    //! [3]
+    const qint64 bytesToRead = serverSocket.pendingDatagramSize();
+    if (bytesToRead <= 0) {
+        emit warningMessage(tr("A spurious read notification"));
+        return;
+    }
+
+    QByteArray dgram(bytesToRead, Qt::Uninitialized);
+    QHostAddress peerAddress;
+    quint16 peerPort = 0;
+    const qint64 bytesRead = serverSocket.readDatagram(dgram.data(), dgram.size(),
+                                                       &peerAddress, &peerPort);
+    if (bytesRead <= 0) {
+        emit warningMessage(tr("Failed to read a datagram: ") + serverSocket.errorString());
+        return;
+    }
+
+    dgram.resize(bytesRead);
+    //! [3]
+    //! [4]
+    if (peerAddress.isNull() || !peerPort) {
+        emit warningMessage(tr("Failed to extract peer info (address, port)"));
+        return;
+    }
+
+    const auto client = std::find_if(knownClients.begin(), knownClients.end(),
+                                     [&](const DtlsConnection &connection){
+        return connection->peerAddress() == peerAddress
+               && connection->peerPort() == peerPort;
+    });
+    //! [4]
+
+    //! [5]
+    if (client == knownClients.end())
+        return handleNewConnection(peerAddress, peerPort, dgram);
+    //! [5]
+
+    //! [6]
+    if ((*client)->isConnectionEncrypted()) {
+        decryptDatagram(*client, dgram);
+        if ((*client)->dtlsError() == QDtlsError::RemoteClosedConnectionError)
+            knownClients.erase(client);
+        return;
+    }
+    //! [6]
+
+    //! [7]
+    doHandshake(*client, dgram);
+    //! [7]
+}
+
+//! [13]
+void DtlsServer::pskRequired(QSslPreSharedKeyAuthenticator *auth)
+{
+    Q_ASSERT(auth);
+
+    emit infoMessage(tr("PSK callback, received a client's identity: '%1'")
+                     .arg(QString::fromLatin1(auth->identity())));
+    auth->setPreSharedKey(QByteArrayLiteral("\x1a\x2b\x3c\x4d\x5e\x6f"));
+}
+//! [13]
+
+//! [8]
+void DtlsServer::handleNewConnection(const QHostAddress &peerAddress,
+                                     quint16 peerPort, const QByteArray &clientHello)
+{
+    if (!listening)
+        return;
+
+    const QString peerInfo = peer_info(peerAddress, peerPort);
+    if (cookieSender.verifyClient(&serverSocket, clientHello, peerAddress, peerPort)) {
+        emit infoMessage(peerInfo + tr(": verified, starting a handshake"));
+    //! [8]
+    //! [9]
+        DtlsConnection newConnection(new QDtls(QSslSocket::SslServerMode));
+        newConnection->setDtlsConfiguration(serverConfiguration);
+        newConnection->setPeer(peerAddress, peerPort);
+        newConnection->connect(newConnection.data(), &QDtls::pskRequired,
+                               this, &DtlsServer::pskRequired);
+        knownClients.push_back(newConnection);
+        doHandshake(newConnection, clientHello);
+    //! [9]
+    } else if (cookieSender.dtlsError() != QDtlsError::NoError) {
+        emit errorMessage(tr("DTLS error: ") + cookieSender.dtlsErrorString());
+    } else {
+        emit infoMessage(peerInfo + tr(": not verified yet"));
+    }
+}
+
+//! [11]
+void DtlsServer::doHandshake(DtlsConnection newConnection, const QByteArray &clientHello)
+{
+    const bool result = newConnection->doHandshake(&serverSocket, clientHello);
+    if (!result) {
+        emit errorMessage(newConnection->dtlsErrorString());
+        return;
+    }
+
+    const QString peerInfo = peer_info(newConnection->peerAddress(),
+                                       newConnection->peerPort());
+    switch (newConnection->handshakeState()) {
+    case QDtls::HandshakeInProgress:
+        emit infoMessage(peerInfo + tr(": handshake is in progress ..."));
+        break;
+    case QDtls::HandshakeComplete:
+        emit infoMessage(tr("Connection with %1 encrypted. %2")
+                         .arg(peerInfo, connection_info(newConnection)));
+        break;
+    default:
+        Q_UNREACHABLE();
+    }
+}
+//! [11]
+
+//! [12]
+void DtlsServer::decryptDatagram(DtlsConnection connection, const QByteArray &clientMessage)
+{
+    Q_ASSERT(connection->isConnectionEncrypted());
+
+    const QString peerInfo = peer_info(connection->peerAddress(), connection->peerPort());
+    const QByteArray dgram = connection->decryptDatagram(&serverSocket, clientMessage);
+    if (dgram.size()) {
+        emit datagramReceived(peerInfo, clientMessage, dgram);
+        connection->writeDatagramEncrypted(&serverSocket, tr("to %1: ACK").arg(peerInfo).toLatin1());
+    } else if (connection->dtlsError() == QDtlsError::NoError) {
+        emit warningMessage(peerInfo + ": " + tr("0 byte dgram, could be a re-connect attempt?"));
+    } else {
+        emit errorMessage(peerInfo + ": " + connection->dtlsErrorString());
+    }
+}
+//! [12]
+
+//! [14]
+void DtlsServer::shutdown()
+{
+    for (DtlsConnection &connection : knownClients)
+        connection->shutdown(&serverSocket);
+
+    knownClients.clear();
+    serverSocket.close();
+}
+//! [14]
+
+QT_END_NAMESPACE