summaryrefslogtreecommitdiffstats
path: root/src/network/access/qhsts_p.h
Commit message (Collapse)AuthorAgeFilesLines
* Protect HSTS code for no-feature-settings buildTimur Pocheptsov2018-09-241-3/+5
| | | | | | | | | | | Under the hood we use QSettings to store HSTS policies. Qt configured with 'no feature settings' would fail to build then. For such builds, we fall back to in-memory only HSTS cache. Change-Id: I6df551d8c6c96d982080a51ce6b1bdce71d04b9f Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
* QHstsCache - do not mix const/non-const iteratorsTimur Pocheptsov2017-10-261-2/+3
| | | | | | | | | | | | | | | | | Found by clazy (clazy-strict-iterators). QMap::find returns 'iterator' and this is what we need, since we need to modify the value referenced by this iterator. But QMap::insert only accepts 'const_iterator' and clazy warns about mixed const/non-const iterators (though actually QHstsCache does not have the original problem this check it trying to find). Since we do not share cache and do not want to try detaching on non-const access, we can use std::map which conveniently has 'insert' taking 'iterator' as its first parameter. As a bonus this will also fix another warning from clazy-range-loop check (when iterating over such a non-const map). Change-Id: Id82991cefce33723d177ed04058d15295e9b71d7 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* Introduce QHstsStore - the permanent store for HSTS policiesTimur Pocheptsov2017-08-021-0/+7
| | | | | | | | | | | The store is using QSettings under the hood. A user can enable/disable storing HSTS policies (via QNAM's setter method) and we take care of the rest - filling QHstsCache from the store, writing updated/observed targets, removing expired policies. Change-Id: I26e4a98761ddfe5005fedd18be56a6303fe7b35a Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
* HSTS - API/naming fixesTimur Pocheptsov2017-02-231-3/+5
| | | | | | | | | | As recommended in API review: use 'is...STS...Enabled' and 'set...STS..Enabled(bool)' function names instead of stsEnabled and separate enable/disable functions. Replace QList with QVector in the public API. Change-Id: I1526124c830450058967ebc192d27575cc89292d Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
* Refactor HSTS cache implementationTimur Pocheptsov2017-01-241-53/+28
| | | | | | | | | | | | | | | | | | | | | | | | The original monstrosity is not needed at all. It was born only to implement RFC6797's description of the host matching algorithm (starting from superdomains and moving to subdomains). Actually, it does not really matter how we find known host - it can be a congruent match first instead, and then we proceed with superdomains. This way I can use QMap and my tests so far show it actually works faster (both insertion and lookup), also the code is cleaner now. Also, introduce the new class QHstsPolicy that essentially allows to mark a host as known host and conveniently encapsulates host name/expiration date/ subdomains policy. Add a public API providing access to HSTS policies, so that client code can pre-set or read back discovered known hosts (to implement persistent HSTS storage, for example). We support server-driven HSTS - this means client code is allowed to provide policies as hints to QNetworkAccessManager, but these policies can be overridden by HTTP responses with 'Strict-Transport-Security' headers. Change-Id: I64d250b6dc78bcb01003fadeded5302471d1389e Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* Fix uninitialized memberJesus Fernandez2017-01-231-2/+1
| | | | | | | | | Non-static class member "domainIndex" was not initialized in the constructor nor in any functions that it calls. Change-Id: Ie72d997a1f0cf2f3499aac6f7714c7a9d3c7d525 Coverity-Id: 174997 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* Add HTTP strict tranport security support to QNAMTimur Pocheptsov2017-01-201-0/+169
HTTP Strict Transport Security (HSTS) is a web security policy that allows a web server to declare that user agents should only interact with it using secure HTTPS connections. HSTS is described by RFC6797. This patch introduces a new API in Network Access Manager to enable this policy or disable it (default - STS is disabled). We also implement QHstsCache which caches known HTTS hosts, does host name lookup and domain name matching; QHstsHeaderParser to parse HSTS headers with HSTS policies. A new autotest added to test the caching, host name matching and headers parsing. [ChangeLog][QtNetwork] Added HTTP Strict Transport Security to QNAM Task-number: QTPM-238 Change-Id: Iabb5920344bf204a0d3036284f0d60675c29315c Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-25 15:43:29 +0000