diff options
Diffstat (limited to 'src/network/ssl/qtlsbackend_p.h')
-rw-r--r-- | src/network/ssl/qtlsbackend_p.h | 107 |
1 files changed, 30 insertions, 77 deletions
diff --git a/src/network/ssl/qtlsbackend_p.h b/src/network/ssl/qtlsbackend_p.h index 1a6110b17b..090531014b 100644 --- a/src/network/ssl/qtlsbackend_p.h +++ b/src/network/ssl/qtlsbackend_p.h @@ -1,41 +1,5 @@ -/**************************************************************************** -** -** Copyright (C) 2021 The Qt Company Ltd. -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the QtNetwork module of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:LGPL$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU Lesser General Public License Usage -** Alternatively, this file may be used under the terms of the GNU Lesser -** General Public License version 3 as published by the Free Software -** Foundation and appearing in the file LICENSE.LGPL3 included in the -** packaging of this file. Please review the following information to -** ensure the GNU Lesser General Public License version 3 requirements -** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 2.0 or (at your option) the GNU General -** Public license version 3 or any later version approved by the KDE Free -** Qt Foundation. The licenses are as published by the Free Software -** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-2.0.html and -** https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ +// Copyright (C) 2021 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only #ifndef QTLSBACKEND_P_H #define QTLSBACKEND_P_H @@ -67,7 +31,6 @@ #include <QtNetwork/qssl.h> #include <QtCore/qloggingcategory.h> -#include <QtCore/qsharedpointer.h> #include <QtCore/qnamespace.h> #include <QtCore/qobject.h> #include <QtCore/qglobal.h> @@ -94,14 +57,7 @@ class QSslKey; namespace QTlsPrivate { -// The class TlsKey encapsulates key's data (DER) or backend-specific -// data-structure, like RSA/DSA/DH structs in OpenSSL. -// TLSTODO: Interface is mostly what QSslKeyPrivate is now. Names, -// however strange they are, for now preserved to ease the transition -// (this may change in future - for example, 'decodeDer' is not just -// decoding DER, it's initializing a key from DER. Note, QSslKey requires -// a real TLS library because private keys tend to be encrypted. -class Q_NETWORK_PRIVATE_EXPORT TlsKey { +class Q_NETWORK_EXPORT TlsKey { public: virtual ~TlsKey(); @@ -117,7 +73,7 @@ public: virtual QByteArray derFromPem(const QByteArray &pem, QMap<QByteArray, QByteArray> *headers) const = 0; virtual QByteArray pemFromDer(const QByteArray &der, const QMap<QByteArray, QByteArray> &headers) const = 0; - virtual void fromHandle(Qt::HANDLE opaque, KeyType type) = 0; + virtual void fromHandle(Qt::HANDLE handle, KeyType type) = 0; virtual Qt::HANDLE handle() const = 0; virtual bool isNull() const = 0; @@ -127,35 +83,30 @@ public: virtual void clear(bool deepClear) = 0; - // Needed by QSslKeyPrivate::pemFromDer() for non-OpenSSL backends. virtual bool isPkcs8() const = 0; virtual QByteArray decrypt(Cipher cipher, const QByteArray &data, - const QByteArray &key, const QByteArray &iv) const = 0; + const QByteArray &passPhrase, const QByteArray &iv) const = 0; virtual QByteArray encrypt(Cipher cipher, const QByteArray &data, const QByteArray &key, const QByteArray &iv) const = 0; - // Those two are non-virtual, always the same and only depend on the key type - // and algorithm: QByteArray pemHeader() const; QByteArray pemFooter() const; }; -// An abstraction hiding OpenSSL's X509 or our generic -// 'derData'-based code. -class Q_NETWORK_PRIVATE_EXPORT X509Certificate +class Q_NETWORK_EXPORT X509Certificate { public: virtual ~X509Certificate(); - virtual bool isEqual(const X509Certificate &rhs) const = 0; + virtual bool isEqual(const X509Certificate &other) const = 0; virtual bool isNull() const = 0; virtual bool isSelfSigned() const = 0; virtual QByteArray version() const = 0; virtual QByteArray serialNumber() const = 0; - virtual QStringList issuerInfo(QSslCertificate::SubjectInfo info) const = 0; + virtual QStringList issuerInfo(QSslCertificate::SubjectInfo subject) const = 0; virtual QStringList issuerInfo(const QByteArray &attribute) const = 0; - virtual QStringList subjectInfo(QSslCertificate::SubjectInfo info) const = 0; + virtual QStringList subjectInfo(QSslCertificate::SubjectInfo subject) const = 0; virtual QStringList subjectInfo(const QByteArray &attribute) const = 0; virtual QList<QByteArray> subjectInfoAttributes() const = 0; @@ -167,13 +118,14 @@ public: virtual TlsKey *publicKey() const; // Extensions. Plugins do not expose internal representation - // and cannot rely on QSslCertificate's internals. + // and cannot rely on QSslCertificate's internals. Thus, + // we provide this information 'in pieces': virtual qsizetype numberOfExtensions() const = 0; - virtual QString oidForExtension(qsizetype index) const = 0; - virtual QString nameForExtension(qsizetype index) const = 0; - virtual QVariant valueForExtension(qsizetype index) const = 0; - virtual bool isExtensionCritical(qsizetype index) const = 0; - virtual bool isExtensionSupported(qsizetype index) const = 0; + virtual QString oidForExtension(qsizetype i) const = 0; + virtual QString nameForExtension(qsizetype i) const = 0; + virtual QVariant valueForExtension(qsizetype i) const = 0; + virtual bool isExtensionCritical(qsizetype i) const = 0; + virtual bool isExtensionSupported(qsizetype i) const = 0; virtual QByteArray toPem() const = 0; virtual QByteArray toDer() const = 0; @@ -199,14 +151,14 @@ using X509Pkcs12ReaderPtr = bool (*)(QIODevice *device, QSslKey *key, QSslCertif #if QT_CONFIG(ssl) // TLS over TCP. Handshake, encryption/decryption. -class Q_NETWORK_PRIVATE_EXPORT TlsCryptograph : public QObject +class Q_NETWORK_EXPORT TlsCryptograph : public QObject { public: virtual ~TlsCryptograph(); virtual void init(QSslSocket *q, QSslSocketPrivate *d) = 0; - virtual void checkSettingSslContext(QSharedPointer<QSslContext> tlsContext); - virtual QSharedPointer<QSslContext> sslContext() const; + virtual void checkSettingSslContext(std::shared_ptr<QSslContext> tlsContext); + virtual std::shared_ptr<QSslContext> sslContext() const; virtual QList<QSslError> tlsErrors() const = 0; @@ -225,7 +177,6 @@ public: virtual QList<QOcspResponse> ocsps() const; static bool isMatchingHostname(const QSslCertificate &cert, const QString &peerName); - static bool isMatchingHostname(const QString &cn, const QString &hostname); void setErrorAndEmit(QSslSocketPrivate *d, QAbstractSocket::SocketError errorCode, const QString &errorDescription) const; @@ -236,7 +187,7 @@ class TlsCryptograph; #if QT_CONFIG(dtls) -class Q_NETWORK_PRIVATE_EXPORT DtlsBase +class Q_NETWORK_EXPORT DtlsBase { public: virtual ~DtlsBase(); @@ -266,7 +217,7 @@ public: }; // TLS over UDP. Handshake, encryption/decryption. -class Q_NETWORK_PRIVATE_EXPORT DtlsCryptograph : virtual public DtlsBase +class Q_NETWORK_EXPORT DtlsCryptograph : virtual public DtlsBase { public: @@ -356,8 +307,9 @@ public: virtual QString longNameForId(int cid) const; virtual bool isTlsNamedCurve(int cid) const; - // TLSTODO: int->enum ugliness in error reporting. - // DH decoding: + // Note: int and not QSslDiffieHellmanParameter::Error - because this class and + // its enum are QT_CONFIG(ssl)-conditioned. But not QTlsBackend and + // its virtual functions. DH decoding: virtual int dhParametersFromDer(const QByteArray &derData, QByteArray *data) const; virtual int dhParametersFromPem(const QByteArray &pemData, QByteArray *data) const; @@ -394,8 +346,11 @@ public: static QSslCipher createCiphersuite(const QString &description, int bits, int supportedBits); static QSslCipher createCiphersuite(const QString &suiteName, QSsl::SslProtocol protocol, const QString &protocolString); - static QSslCipher createCipher(const QString &name, QSsl::SslProtocol protocol, - const QString &protocolString); + static QSslCipher createCiphersuite(const QString &name, const QString &keyExchangeMethod, + const QString &encryptionMethod, + const QString &authenticationMethod, + int bits, QSsl::SslProtocol protocol, + const QString &protocolString); // Those statics are implemented using QSslSocketPrivate (which is not exported, // unlike QTlsBackend). @@ -429,7 +384,7 @@ public: static void setNegotiatedProtocol(QSslSocketPrivate *d, const QByteArray &protocol); static void storePeerCertificate(QSslSocketPrivate *d, const QSslCertificate &peerCert); static void storePeerCertificateChain(QSslSocketPrivate *d, const QList<QSslCertificate> &peerChain); - static void addTustedRoot(QSslSocketPrivate *d, const QSslCertificate &rootCert); + static void addTustedRoot(QSslSocketPrivate *d, const QSslCertificate &rootCert);// TODO: "addTrusted..." // The next one - is a "very important" feature! Kidding ... static void setEphemeralKey(QSslSocketPrivate *d, const QSslKey &key); @@ -439,8 +394,6 @@ public: Q_DISABLE_COPY_MOVE(QTlsBackend) }; -Q_DECLARE_LOGGING_CATEGORY(lcTlsBackend) - #define QTlsBackend_iid "org.qt-project.Qt.QTlsBackend" Q_DECLARE_INTERFACE(QTlsBackend, QTlsBackend_iid); |