/***************************************************************************
- * Copyright (C) 2005-09 by the Quassel Project *
+ * Copyright (C) 2005-2020 by the Quassel Project *
* devel@quassel-irc.org *
* *
* This program is free software; you can redistribute it and/or modify *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the *
* Free Software Foundation, Inc., *
- * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. *
***************************************************************************/
-#ifndef SSLSERVER_H
-#define SSLSERVER_H
-
-#ifdef HAVE_SSL
+#pragma once
+#include <QFile>
#include <QSslCertificate>
#include <QSslKey>
#include <QTcpServer>
-#include <QLinkedList>
-class SslServer : public QTcpServer {
- Q_OBJECT
+#include "metricsserver.h"
+
+class SslServer : public QTcpServer
+{
+ Q_OBJECT
public:
- SslServer(QObject *parent = 0);
+ SslServer(QObject* parent = nullptr);
- virtual inline bool hasPendingConnections() const { return !_pendingConnections.isEmpty(); }
- virtual QTcpSocket *nextPendingConnection();
+ const QSslCertificate& certificate() const { return _cert; }
+ const QSslKey& key() const { return _key; }
+ bool isCertValid() const { return _isCertValid; }
- virtual inline const QSslCertificate &certificate() const { return _cert; }
- virtual inline const QSslKey &key() const { return _key; }
- virtual inline bool isCertValid() const { return _isCertValid; }
+ /**
+ * Reloads SSL certificates used for connections
+ *
+ * If this command fails, it will try to maintain the most recent working certificate. Error
+ * conditions are automatically written to the log.
+ *
+ * @return True if certificates reloaded successfully, otherwise false.
+ */
+ bool reloadCerts();
+
+ void setMetricsServer(MetricsServer* metricsServer);
protected:
- virtual void incomingConnection(int socketDescriptor);
- virtual bool setCertificate(const QString &path);
+ void incomingConnection(qintptr socketDescriptor) override;
+
+ bool setCertificate(const QString& path, const QString& keyPath);
private:
- QLinkedList<QTcpSocket *> _pendingConnections;
- QSslCertificate _cert;
- QSslKey _key;
- QList<QSslCertificate> _ca;
- bool _isCertValid;
-};
+ /**
+ * Loads SSL certificates used for connections
+ *
+ * If this command fails, it will try to maintain the most recent working certificate. Will log
+ * specific failure points, but does not offer verbose guidance.
+ *
+ * @return True if certificates loaded successfully, otherwise false.
+ */
+ bool loadCerts();
+ QSslKey loadKey(QFile* keyFile);
+
+ MetricsServer* _metricsServer{nullptr};
-#endif //HAVE_SSL
+ QSslCertificate _cert;
+ QSslKey _key;
+ QList<QSslCertificate> _ca;
+ bool _isCertValid{false};
-#endif //SSLSERVER_H
+ // Used when reloading certificates later
+ QString _sslCertPath; /// Path to the certificate file
+ QString _sslKeyPath; /// Path to the private key file (may be in same file as above)
+
+ QDateTime _certificateExpires;
+};