diff options
Diffstat (limited to 'src/qmlnetwork/ssl/qqmlsslconfiguration.cpp')
-rw-r--r-- | src/qmlnetwork/ssl/qqmlsslconfiguration.cpp | 175 |
1 files changed, 175 insertions, 0 deletions
diff --git a/src/qmlnetwork/ssl/qqmlsslconfiguration.cpp b/src/qmlnetwork/ssl/qqmlsslconfiguration.cpp new file mode 100644 index 0000000000..74d171fc5e --- /dev/null +++ b/src/qmlnetwork/ssl/qqmlsslconfiguration.cpp @@ -0,0 +1,175 @@ +// Copyright (C) 2023 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only + +#include <QtCore/qfile.h> +#include <QtNetwork/qsslcipher.h> +#include "qqmlsslconfiguration_p.h" +#include <array> + +QT_BEGIN_NAMESPACE +static constexpr std::array<QSsl::SslOption, 8> SslOptions = { + QSsl::SslOptionDisableEmptyFragments, + QSsl::SslOptionDisableSessionTickets, + QSsl::SslOptionDisableCompression, + QSsl::SslOptionDisableServerNameIndication, + QSsl::SslOptionDisableLegacyRenegotiation, + QSsl::SslOptionDisableSessionSharing, + QSsl::SslOptionDisableSessionPersistence, + QSsl::SslOptionDisableServerCipherPreference +}; + +QString QQmlSslConfiguration::ciphers() const +{ + return m_ciphers; +} + +QList<QSsl::SslOption> QQmlSslConfiguration::sslOptions() const +{ + return m_sslOptions; +} + +QSsl::SslProtocol QQmlSslConfiguration::protocol() const +{ + return m_configuration.protocol(); +} + +QSslSocket::PeerVerifyMode QQmlSslConfiguration::peerVerifyMode() const +{ + return m_configuration.peerVerifyMode(); +} + +int QQmlSslConfiguration::peerVerifyDepth() const +{ + return m_configuration.peerVerifyDepth(); +} + +QByteArray QQmlSslConfiguration::sessionTicket() const +{ + return m_configuration.sessionTicket(); +} + +QSslConfiguration const QQmlSslConfiguration::configuration() +{ + return m_configuration; +} + +void QQmlSslConfiguration::setCertificateFiles(const QStringList &certificateFiles) +{ + if (m_certificateFiles == certificateFiles) + return; + + m_certificateFiles = certificateFiles; + QList<QSslCertificate> certificates; + for (const QString &fileName: m_certificateFiles) { + QFile certificateFile(fileName); + if (certificateFile.open(QIODevice::ReadOnly)) { + QByteArray cert = certificateFile.readAll(); + certificates.append(QSslCertificate(cert)); + } else { + qWarning() << "File: " << fileName << "is not found. It will be skipped."; + } + } + + if (!certificates.isEmpty()) + m_configuration.setCaCertificates(certificates); + else + qWarning() << "No certificates loaded."; +} + +void QQmlSslConfiguration::setProtocol(QSsl::SslProtocol protocol) +{ + if (m_configuration.protocol() == protocol) + return; + + m_configuration.setProtocol(protocol); +} + +void QQmlSslConfiguration::setPeerVerifyMode(QSslSocket::PeerVerifyMode mode) +{ + if (m_configuration.peerVerifyMode() == mode) + return; + + m_configuration.setPeerVerifyMode(mode); +} + +void QQmlSslConfiguration::setPeerVerifyDepth(int depth) +{ + if (m_configuration.peerVerifyDepth() == depth) + return; + + m_configuration.setPeerVerifyDepth(depth); +} + +void QQmlSslConfiguration::setCiphers(const QString &ciphers) +{ + if (ciphers == m_ciphers) + return; + + m_ciphers = ciphers; + m_configuration.setCiphers(ciphers); // split(":") is used inside +} + +void QQmlSslConfiguration::setSslOptions(const QList<QSsl::SslOption> &options) +{ + if (m_sslOptions == options) + return; + + m_sslOptions = options; + for (QSsl::SslOption option: m_sslOptions) + m_configuration.setSslOption(option, true); +} + +void QQmlSslConfiguration::setSessionTicket(const QByteArray &sessionTicket) +{ + if (m_configuration.sessionTicket() == sessionTicket) + return; + + m_configuration.setSessionTicket(sessionTicket); +} + +void QQmlSslConfiguration::setPrivateKey(const QQmlSslKey &privateKey) +{ + m_configuration.setPrivateKey(privateKey.getSslKey()); +} + +void QQmlSslConfiguration::setSslOptionsList(const QSslConfiguration &configuration) +{ + for (QSsl::SslOption option: SslOptions) { + if (configuration.testSslOption(option)) + m_sslOptions.append(option); + } +} + +void QQmlSslConfiguration::setCiphersList(const QSslConfiguration &configuration) +{ + QList<QSslCipher> ciphers = configuration.ciphers(); + for (int i = 0; i < ciphers.size(); ++i) { + if (i != 0) { + m_ciphers += QString::fromUtf8(":"); + } + m_ciphers += ciphers[i].name(); + } +} + +QQmlSslDefaultConfiguration::QQmlSslDefaultConfiguration() + : QQmlSslConfiguration() +{ + m_configuration = QSslConfiguration::defaultConfiguration(); + setSslOptionsList(m_configuration); + setCiphersList(m_configuration); +} + +QQmlSslDefaultDtlsConfiguration::QQmlSslDefaultDtlsConfiguration() + : QQmlSslConfiguration() +{ +#if QT_CONFIG(dtls) + m_configuration = QSslConfiguration::defaultDtlsConfiguration(); +#else + qWarning() << "No dtls support enabled"; + m_configuration = QSslConfiguration::defaultConfiguration(); +#endif // QT_CONFIG(dtls) + setSslOptionsList(m_configuration); + setCiphersList(m_configuration); +} + +QT_END_NAMESPACE |