1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
/****************************************************************************
**
** Copyright (C) 2018 The Qt Company Ltd.
** Contact: https://www.qt.io/licensing/
**
** This file is part of the QtNetwork module of the Qt Toolkit.
**
** $QT_BEGIN_LICENSE:LGPL$
** Commercial License Usage
** Licensees holding valid commercial Qt licenses may use this file in
** accordance with the commercial license agreement provided with the
** Software or, alternatively, in accordance with the terms contained in
** a written agreement between you and The Qt Company. For licensing terms
** and conditions see https://www.qt.io/terms-conditions. For further
** information use the contact form at https://www.qt.io/contact-us.
**
** GNU Lesser General Public License Usage
** Alternatively, this file may be used under the terms of the GNU Lesser
** General Public License version 3 as published by the Free Software
** Foundation and appearing in the file LICENSE.LGPL3 included in the
** packaging of this file. Please review the following information to
** ensure the GNU Lesser General Public License version 3 requirements
** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
**
** GNU General Public License Usage
** Alternatively, this file may be used under the terms of the GNU
** General Public License version 2.0 or (at your option) the GNU General
** Public license version 3 or any later version approved by the KDE Free
** Qt Foundation. The licenses are as published by the Free Software
** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
** included in the packaging of this file. Please review the following
** information to ensure the GNU General Public License requirements will
** be met: https://www.gnu.org/licenses/gpl-2.0.html and
** https://www.gnu.org/licenses/gpl-3.0.html.
**
** $QT_END_LICENSE$
**
****************************************************************************/
#ifndef QSSLSOCKET_SCHANNEL_P_H
#define QSSLSOCKET_SCHANNEL_P_H
//
// W A R N I N G
// -------------
//
// This file is not part of the Qt API. It exists purely as an
// implementation detail. This header file may change from version to
// version without notice, or even be removed.
//
// We mean it.
//
QT_REQUIRE_CONFIG(schannel);
#include <QtNetwork/private/qtnetworkglobal_p.h>
#include "qsslsocket_p.h"
#define SECURITY_WIN32
#include <security.h>
#include <schnlsp.h>
#undef SECURITY_WIN32
#include <memory>
QT_BEGIN_NAMESPACE
struct QHCertStoreDeleter {
void operator()(HCERTSTORE store)
{
CertCloseStore(store, 0);
}
};
typedef std::unique_ptr<void, QHCertStoreDeleter> QHCertStorePointer;
class QSslSocketBackendPrivate final : public QSslSocketPrivate
{
Q_DISABLE_COPY_MOVE(QSslSocketBackendPrivate)
Q_DECLARE_PUBLIC(QSslSocket)
public:
QSslSocketBackendPrivate();
~QSslSocketBackendPrivate();
// Platform specific functions
void startClientEncryption() override;
void startServerEncryption() override;
void transmit() override;
void disconnectFromHost() override;
void disconnected() override;
QSslCipher sessionCipher() const override;
QSsl::SslProtocol sessionProtocol() const override;
void continueHandshake() override;
static QList<QSslCipher> defaultCiphers();
static QList<QSslError> verify(const QList<QSslCertificate> &certificateChain,
const QString &hostName);
static bool importPkcs12(QIODevice *device, QSslKey *key, QSslCertificate *cert,
QList<QSslCertificate> *caCertificates, const QByteArray &passPhrase);
private:
enum class SchannelState {
InitializeHandshake, // create and transmit context (client)/accept context (server)
PerformHandshake, // get token back, process it
VerifyHandshake, // Verify that things are OK
Done, // Connection encrypted!
Renegotiate // Renegotiating!
} schannelState = SchannelState::InitializeHandshake;
void reset();
bool acquireCredentialsHandle();
ULONG getContextRequirements();
bool createContext(); // for clients
bool acceptContext(); // for server
bool performHandshake();
bool verifyHandshake();
bool renegotiate();
bool sendToken(void *token, unsigned long tokenLength, bool emitError = true);
QString targetName() const;
bool checkSslErrors();
void deallocateContext();
void freeCredentialsHandle();
void closeCertificateStores();
void sendShutdown();
void initializeCertificateStores();
bool verifyCertContext(CERT_CONTEXT *certContext);
bool rootCertOnDemandLoadingAllowed();
SecPkgContext_ConnectionInfo connectionInfo = {};
SecPkgContext_StreamSizes streamSizes = {};
CredHandle credentialHandle; // Initialized in ctor
CtxtHandle contextHandle; // Initialized in ctor
QByteArray intermediateBuffer; // data which is left-over or incomplete
QHCertStorePointer localCertificateStore = nullptr;
QHCertStorePointer peerCertificateStore = nullptr;
QHCertStorePointer caCertificateStore = nullptr;
const CERT_CONTEXT *localCertContext = nullptr;
ULONG contextAttributes = 0;
bool renegotiating = false;
};
QT_END_NAMESPACE
#endif // QSSLSOCKET_SCHANNEL_P_H
|
