aboutsummaryrefslogtreecommitdiffstats
path: root/src/qmlnetwork/ssl/qqmlsslconfiguration.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/qmlnetwork/ssl/qqmlsslconfiguration.cpp')
-rw-r--r--src/qmlnetwork/ssl/qqmlsslconfiguration.cpp175
1 files changed, 175 insertions, 0 deletions
diff --git a/src/qmlnetwork/ssl/qqmlsslconfiguration.cpp b/src/qmlnetwork/ssl/qqmlsslconfiguration.cpp
new file mode 100644
index 0000000000..74d171fc5e
--- /dev/null
+++ b/src/qmlnetwork/ssl/qqmlsslconfiguration.cpp
@@ -0,0 +1,175 @@
+// Copyright (C) 2023 The Qt Company Ltd.
+// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
+
+#include <QtCore/qfile.h>
+#include <QtNetwork/qsslcipher.h>
+#include "qqmlsslconfiguration_p.h"
+#include <array>
+
+QT_BEGIN_NAMESPACE
+static constexpr std::array<QSsl::SslOption, 8> SslOptions = {
+ QSsl::SslOptionDisableEmptyFragments,
+ QSsl::SslOptionDisableSessionTickets,
+ QSsl::SslOptionDisableCompression,
+ QSsl::SslOptionDisableServerNameIndication,
+ QSsl::SslOptionDisableLegacyRenegotiation,
+ QSsl::SslOptionDisableSessionSharing,
+ QSsl::SslOptionDisableSessionPersistence,
+ QSsl::SslOptionDisableServerCipherPreference
+};
+
+QString QQmlSslConfiguration::ciphers() const
+{
+ return m_ciphers;
+}
+
+QList<QSsl::SslOption> QQmlSslConfiguration::sslOptions() const
+{
+ return m_sslOptions;
+}
+
+QSsl::SslProtocol QQmlSslConfiguration::protocol() const
+{
+ return m_configuration.protocol();
+}
+
+QSslSocket::PeerVerifyMode QQmlSslConfiguration::peerVerifyMode() const
+{
+ return m_configuration.peerVerifyMode();
+}
+
+int QQmlSslConfiguration::peerVerifyDepth() const
+{
+ return m_configuration.peerVerifyDepth();
+}
+
+QByteArray QQmlSslConfiguration::sessionTicket() const
+{
+ return m_configuration.sessionTicket();
+}
+
+QSslConfiguration const QQmlSslConfiguration::configuration()
+{
+ return m_configuration;
+}
+
+void QQmlSslConfiguration::setCertificateFiles(const QStringList &certificateFiles)
+{
+ if (m_certificateFiles == certificateFiles)
+ return;
+
+ m_certificateFiles = certificateFiles;
+ QList<QSslCertificate> certificates;
+ for (const QString &fileName: m_certificateFiles) {
+ QFile certificateFile(fileName);
+ if (certificateFile.open(QIODevice::ReadOnly)) {
+ QByteArray cert = certificateFile.readAll();
+ certificates.append(QSslCertificate(cert));
+ } else {
+ qWarning() << "File: " << fileName << "is not found. It will be skipped.";
+ }
+ }
+
+ if (!certificates.isEmpty())
+ m_configuration.setCaCertificates(certificates);
+ else
+ qWarning() << "No certificates loaded.";
+}
+
+void QQmlSslConfiguration::setProtocol(QSsl::SslProtocol protocol)
+{
+ if (m_configuration.protocol() == protocol)
+ return;
+
+ m_configuration.setProtocol(protocol);
+}
+
+void QQmlSslConfiguration::setPeerVerifyMode(QSslSocket::PeerVerifyMode mode)
+{
+ if (m_configuration.peerVerifyMode() == mode)
+ return;
+
+ m_configuration.setPeerVerifyMode(mode);
+}
+
+void QQmlSslConfiguration::setPeerVerifyDepth(int depth)
+{
+ if (m_configuration.peerVerifyDepth() == depth)
+ return;
+
+ m_configuration.setPeerVerifyDepth(depth);
+}
+
+void QQmlSslConfiguration::setCiphers(const QString &ciphers)
+{
+ if (ciphers == m_ciphers)
+ return;
+
+ m_ciphers = ciphers;
+ m_configuration.setCiphers(ciphers); // split(":") is used inside
+}
+
+void QQmlSslConfiguration::setSslOptions(const QList<QSsl::SslOption> &options)
+{
+ if (m_sslOptions == options)
+ return;
+
+ m_sslOptions = options;
+ for (QSsl::SslOption option: m_sslOptions)
+ m_configuration.setSslOption(option, true);
+}
+
+void QQmlSslConfiguration::setSessionTicket(const QByteArray &sessionTicket)
+{
+ if (m_configuration.sessionTicket() == sessionTicket)
+ return;
+
+ m_configuration.setSessionTicket(sessionTicket);
+}
+
+void QQmlSslConfiguration::setPrivateKey(const QQmlSslKey &privateKey)
+{
+ m_configuration.setPrivateKey(privateKey.getSslKey());
+}
+
+void QQmlSslConfiguration::setSslOptionsList(const QSslConfiguration &configuration)
+{
+ for (QSsl::SslOption option: SslOptions) {
+ if (configuration.testSslOption(option))
+ m_sslOptions.append(option);
+ }
+}
+
+void QQmlSslConfiguration::setCiphersList(const QSslConfiguration &configuration)
+{
+ QList<QSslCipher> ciphers = configuration.ciphers();
+ for (int i = 0; i < ciphers.size(); ++i) {
+ if (i != 0) {
+ m_ciphers += QString::fromUtf8(":");
+ }
+ m_ciphers += ciphers[i].name();
+ }
+}
+
+QQmlSslDefaultConfiguration::QQmlSslDefaultConfiguration()
+ : QQmlSslConfiguration()
+{
+ m_configuration = QSslConfiguration::defaultConfiguration();
+ setSslOptionsList(m_configuration);
+ setCiphersList(m_configuration);
+}
+
+QQmlSslDefaultDtlsConfiguration::QQmlSslDefaultDtlsConfiguration()
+ : QQmlSslConfiguration()
+{
+#if QT_CONFIG(dtls)
+ m_configuration = QSslConfiguration::defaultDtlsConfiguration();
+#else
+ qWarning() << "No dtls support enabled";
+ m_configuration = QSslConfiguration::defaultConfiguration();
+#endif // QT_CONFIG(dtls)
+ setSslOptionsList(m_configuration);
+ setCiphersList(m_configuration);
+}
+
+QT_END_NAMESPACE
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-10 11:27:21 +0000