/***************************************************************************
- * Copyright (C) 2005-09 by the Quassel Project *
+ * Copyright (C) 2005-2019 by the Quassel Project *
* devel@quassel-irc.org *
* *
* This program is free software; you can redistribute it and/or modify *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the *
* Free Software Foundation, Inc., *
- * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. *
***************************************************************************/
-#ifndef SSLSERVER_H
-#define SSLSERVER_H
+#pragma once
#ifdef HAVE_SSL
-#include <QSslCertificate>
-#include <QSslKey>
-#include <QTcpServer>
-#include <QLinkedList>
+# include <QFile>
+# include <QLinkedList>
+# include <QSslCertificate>
+# include <QSslKey>
+# include <QTcpServer>
-class SslServer : public QTcpServer {
- Q_OBJECT
+class SslServer : public QTcpServer
+{
+ Q_OBJECT
public:
- SslServer(QObject *parent = 0);
+ SslServer(QObject* parent = nullptr);
- virtual inline bool hasPendingConnections() const { return !_pendingConnections.isEmpty(); }
- virtual QTcpSocket *nextPendingConnection();
+ bool hasPendingConnections() const override { return !_pendingConnections.isEmpty(); }
+ QTcpSocket* nextPendingConnection() override;
- virtual inline const QSslCertificate &certificate() const { return _cert; }
- virtual inline const QSslKey &key() const { return _key; }
- virtual inline bool certIsValid() const { return _certIsValid; }
+ const QSslCertificate& certificate() const { return _cert; }
+ const QSslKey& key() const { return _key; }
+ bool isCertValid() const { return _isCertValid; }
+
+ /**
+ * Reloads SSL certificates used for connections
+ *
+ * If this command fails, it will try to maintain the most recent working certificate. Error
+ * conditions are automatically written to the log.
+ *
+ * @return True if certificates reloaded successfully, otherwise false.
+ */
+ bool reloadCerts();
protected:
- virtual void incomingConnection(int socketDescriptor);
+ void incomingConnection(qintptr socketDescriptor) override;
+
+ bool setCertificate(const QString& path, const QString& keyPath);
private:
- QLinkedList<QTcpSocket *> _pendingConnections;
- QSslCertificate _cert;
- QSslKey _key;
- bool _certIsValid;
-};
+ /**
+ * Loads SSL certificates used for connections
+ *
+ * If this command fails, it will try to maintain the most recent working certificate. Will log
+ * specific failure points, but does not offer verbose guidance.
+ *
+ * @return True if certificates loaded successfully, otherwise false.
+ */
+ bool loadCerts();
+ QSslKey loadKey(QFile* keyFile);
-#endif //HAVE_SSL
+ QLinkedList<QTcpSocket*> _pendingConnections;
+ QSslCertificate _cert;
+ QSslKey _key;
+ QList<QSslCertificate> _ca;
+ bool _isCertValid{false};
+
+ // Used when reloading certificates later
+ QString _sslCertPath; /// Path to the certificate file
+ QString _sslKeyPath; /// Path to the private key file (may be in same file as above)
+};
-#endif //SSLSERVER_H
+#endif // HAVE_SSL