/**************************************************************************** ** ** Copyright (C) 2015 The Qt Company Ltd. ** Contact: http://www.qt.io/licensing/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. ** ** $QT_BEGIN_LICENSE:LGPL21$ ** Commercial License Usage ** Licensees holding valid commercial Qt licenses may use this file in ** accordance with the commercial license agreement provided with the ** Software or, alternatively, in accordance with the terms contained in ** a written agreement between you and The Qt Company. For licensing terms ** and conditions see http://www.qt.io/terms-conditions. For further ** information use the contact form at http://www.qt.io/contact-us. ** ** GNU Lesser General Public License Usage ** Alternatively, this file may be used under the terms of the GNU Lesser ** General Public License version 2.1 or version 3 as published by the Free ** Software Foundation and appearing in the file LICENSE.LGPLv21 and ** LICENSE.LGPLv3 included in the packaging of this file. Please review the ** following information to ensure the GNU Lesser General Public License ** requirements will be met: https://www.gnu.org/licenses/lgpl.html and ** http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. ** ** As a special exception, The Qt Company gives you certain additional ** rights. These rights are described in The Qt Company LGPL Exception ** version 1.1, included in the file LGPL_EXCEPTION.txt in this package. ** ** $QT_END_LICENSE$ ** ****************************************************************************/ #ifndef QSSLSOCKET_P_H #define QSSLSOCKET_P_H #include "qsslsocket.h" // // W A R N I N G // ------------- // // This file is not part of the Qt API. It exists for the convenience // of the QLibrary class. This header file may change from // version to version without notice, or even be removed. // // We mean it. // #include #include "qsslkey.h" #include "qsslconfiguration_p.h" #ifndef QT_NO_OPENSSL #include #else class QSslContext; #endif #include #include #if defined(Q_OS_MAC) #include #include #elif defined(Q_OS_WIN) #include #ifndef Q_OS_WINRT #include #endif // !Q_OS_WINRT #ifndef HCRYPTPROV_LEGACY #define HCRYPTPROV_LEGACY HCRYPTPROV #endif // !HCRYPTPROV_LEGACY #endif // Q_OS_WIN QT_BEGIN_NAMESPACE #if defined(Q_OS_MACX) typedef CFDataRef (*PtrSecCertificateCopyData)(SecCertificateRef); typedef OSStatus (*PtrSecTrustSettingsCopyCertificates)(int, CFArrayRef*); typedef OSStatus (*PtrSecTrustCopyAnchorCertificates)(CFArrayRef*); #endif #if defined(Q_OS_WIN) && !defined(Q_OS_WINRT) #if defined(Q_OS_WINCE) typedef HCERTSTORE (WINAPI *PtrCertOpenSystemStoreW)(LPCSTR, DWORD, HCRYPTPROV_LEGACY, DWORD, const void*); #else typedef HCERTSTORE (WINAPI *PtrCertOpenSystemStoreW)(HCRYPTPROV_LEGACY, LPCWSTR); #endif typedef PCCERT_CONTEXT (WINAPI *PtrCertFindCertificateInStore)(HCERTSTORE, DWORD, DWORD, DWORD, const void*, PCCERT_CONTEXT); typedef BOOL (WINAPI *PtrCertCloseStore)(HCERTSTORE, DWORD); #endif // Q_OS_WIN && !Q_OS_WINRT class QSslSocketPrivate : public QTcpSocketPrivate { Q_DECLARE_PUBLIC(QSslSocket) public: QSslSocketPrivate(); virtual ~QSslSocketPrivate(); void init(); bool initialized; QSslSocket::SslMode mode; bool autoStartHandshake; bool connectionEncrypted; bool shutdown; bool ignoreAllSslErrors; QList ignoreErrorsList; bool* readyReadEmittedPointer; QSslConfigurationPrivate configuration; QList sslErrors; QSharedPointer sslContextPointer; // if set, this hostname is used for certificate validation instead of the hostname // that was used for connecting to. QString verificationPeerName; bool allowRootCertOnDemandLoading; static bool s_loadRootCertsOnDemand; static bool supportsSsl(); static long sslLibraryVersionNumber(); static QString sslLibraryVersionString(); static long sslLibraryBuildVersionNumber(); static QString sslLibraryBuildVersionString(); static void ensureInitialized(); static void deinitialize(); static QList defaultCiphers(); static QList supportedCiphers(); static void setDefaultCiphers(const QList &ciphers); static void setDefaultSupportedCiphers(const QList &ciphers); static void resetDefaultCiphers(); static QVector supportedEllipticCurves(); static void setDefaultSupportedEllipticCurves(const QVector &curves); static void resetDefaultEllipticCurves(); static QList defaultCaCertificates(); static QList systemCaCertificates(); static void setDefaultCaCertificates(const QList &certs); static bool addDefaultCaCertificates(const QString &path, QSsl::EncodingFormat format, QRegExp::PatternSyntax syntax); static void addDefaultCaCertificate(const QSslCertificate &cert); static void addDefaultCaCertificates(const QList &certs); static bool isMatchingHostname(const QSslCertificate &cert, const QString &peerName); Q_AUTOTEST_EXPORT static bool isMatchingHostname(const QString &cn, const QString &hostname); #if defined(Q_OS_MACX) static PtrSecCertificateCopyData ptrSecCertificateCopyData; static PtrSecTrustSettingsCopyCertificates ptrSecTrustSettingsCopyCertificates; static PtrSecTrustCopyAnchorCertificates ptrSecTrustCopyAnchorCertificates; #elif defined(Q_OS_WIN) && !defined(Q_OS_WINRT) static PtrCertOpenSystemStoreW ptrCertOpenSystemStoreW; static PtrCertFindCertificateInStore ptrCertFindCertificateInStore; static PtrCertCloseStore ptrCertCloseStore; #endif // Q_OS_WIN && !Q_OS_WINRT // The socket itself, including private slots. QTcpSocket *plainSocket; void createPlainSocket(QIODevice::OpenMode openMode); static void pauseSocketNotifiers(QSslSocket*); static void resumeSocketNotifiers(QSslSocket*); // ### The 2 methods below should be made member methods once the QSslContext class is made public static void checkSettingSslContext(QSslSocket*, QSharedPointer); static QSharedPointer sslContext(QSslSocket *socket); bool isPaused() const; bool bind(const QHostAddress &address, quint16, QAbstractSocket::BindMode) Q_DECL_OVERRIDE; void _q_connectedSlot(); void _q_hostFoundSlot(); void _q_disconnectedSlot(); void _q_stateChangedSlot(QAbstractSocket::SocketState); void _q_errorSlot(QAbstractSocket::SocketError); void _q_readyReadSlot(); void _q_bytesWrittenSlot(qint64); void _q_flushWriteBuffer(); void _q_flushReadBuffer(); void _q_resumeImplementation(); #if defined(Q_OS_WIN) && !defined(Q_OS_WINRT) virtual void _q_caRootLoaded(QSslCertificate,QSslCertificate) = 0; #endif static QList unixRootCertDirectories(); // used also by QSslContext virtual qint64 peek(char *data, qint64 maxSize) Q_DECL_OVERRIDE; virtual QByteArray peek(qint64 maxSize) Q_DECL_OVERRIDE; // Platform specific functions virtual void startClientEncryption() = 0; virtual void startServerEncryption() = 0; virtual void transmit() = 0; virtual void disconnectFromHost() = 0; virtual void disconnected() = 0; virtual QSslCipher sessionCipher() const = 0; virtual QSsl::SslProtocol sessionProtocol() const = 0; virtual void continueHandshake() = 0; Q_AUTOTEST_EXPORT static bool rootCertOnDemandLoadingSupported(); private: static bool ensureLibraryLoaded(); static void ensureCiphersAndCertsLoaded(); #if defined(Q_OS_ANDROID) && !defined(Q_OS_ANDROID_NO_SDK) static QList fetchSslCertificateData(); #endif static bool s_libraryLoaded; static bool s_loadedCiphersAndCerts; protected: bool verifyErrorsHaveBeenIgnored(); bool paused; }; QT_END_NAMESPACE #endif