summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
b62292b)
Use QSslSocket in the AuthHandler API to avoid having to cast
QTcpSocket to the SSL version in several places.
// Make sure the warning is shown next time we don't have SSL in the core
s.setAccountValue("ShowNoCoreSslWarning", true);
// Make sure the warning is shown next time we don't have SSL in the core
s.setAccountValue("ShowNoCoreSslWarning", true);
- auto* sslSocket = qobject_cast<QSslSocket*>(socket());
- Q_ASSERT(sslSocket);
- connect(sslSocket, &QSslSocket::encrypted, this, &ClientAuthHandler::onSslSocketEncrypted);
- connect(sslSocket, selectOverload<const QList<QSslError>&>(&QSslSocket::sslErrors), this, &ClientAuthHandler::onSslErrors);
+ connect(socket(), &QSslSocket::encrypted, this, &ClientAuthHandler::onSslSocketEncrypted);
+ connect(socket(), selectOverload<const QList<QSslError>&>(&QSslSocket::sslErrors), this, &ClientAuthHandler::onSslErrors);
qDebug() << "Starting encryption...";
qDebug() << "Starting encryption...";
- sslSocket->flush();
- sslSocket->startClientEncryption();
+ socket()->flush();
+ socket()->startClientEncryption();
}
else {
if (s.accountValue("ShowNoCoreSslWarning", true).toBool()) {
}
else {
if (s.accountValue("ShowNoCoreSslWarning", true).toBool()) {
void ClientAuthHandler::onSslErrors()
{
void ClientAuthHandler::onSslErrors()
{
- auto* socket = qobject_cast<QSslSocket*>(sender());
- Q_ASSERT(socket);
-
CoreAccountSettings s;
QByteArray knownDigest = s.accountValue("SslCert").toByteArray();
ClientAuthHandler::DigestVersion knownDigestVersion = static_cast<ClientAuthHandler::DigestVersion>(
CoreAccountSettings s;
QByteArray knownDigest = s.accountValue("SslCert").toByteArray();
ClientAuthHandler::DigestVersion knownDigestVersion = static_cast<ClientAuthHandler::DigestVersion>(
QByteArray calculatedDigest;
switch (knownDigestVersion) {
case ClientAuthHandler::DigestVersion::Md5:
QByteArray calculatedDigest;
switch (knownDigestVersion) {
case ClientAuthHandler::DigestVersion::Md5:
- calculatedDigest = socket->peerCertificate().digest(QCryptographicHash::Md5);
+ calculatedDigest = socket()->peerCertificate().digest(QCryptographicHash::Md5);
break;
case ClientAuthHandler::DigestVersion::Sha2_512:
break;
case ClientAuthHandler::DigestVersion::Sha2_512:
- calculatedDigest = socket->peerCertificate().digest(QCryptographicHash::Sha512);
+ calculatedDigest = socket()->peerCertificate().digest(QCryptographicHash::Sha512);
if (knownDigest != calculatedDigest) {
bool accepted = false;
bool permanently = false;
if (knownDigest != calculatedDigest) {
bool accepted = false;
bool permanently = false;
- emit handleSslErrors(socket, &accepted, &permanently);
+ emit handleSslErrors(socket(), &accepted, &permanently);
if (!accepted) {
requestDisconnect(tr("Unencrypted connection canceled"));
if (!accepted) {
requestDisconnect(tr("Unencrypted connection canceled"));
- s.setAccountValue("SslCert", socket->peerCertificate().digest(QCryptographicHash::Sha512));
+ s.setAccountValue("SslCert", socket()->peerCertificate().digest(QCryptographicHash::Sha512));
s.setAccountValue("SslCertDigestVersion", ClientAuthHandler::DigestVersion::Latest);
}
else {
s.setAccountValue("SslCertDigestVersion", ClientAuthHandler::DigestVersion::Latest);
}
else {
}
}
else if (knownDigestVersion != ClientAuthHandler::DigestVersion::Latest) {
}
}
else if (knownDigestVersion != ClientAuthHandler::DigestVersion::Latest) {
- s.setAccountValue("SslCert", socket->peerCertificate().digest(QCryptographicHash::Sha512));
+ s.setAccountValue("SslCert", socket()->peerCertificate().digest(QCryptographicHash::Sha512));
s.setAccountValue("SslCertDigestVersion", ClientAuthHandler::DigestVersion::Latest);
}
s.setAccountValue("SslCertDigestVersion", ClientAuthHandler::DigestVersion::Latest);
}
- socket->ignoreSslErrors();
+ socket()->ignoreSslErrors();
-QTcpSocket* AuthHandler::socket() const
+QSslSocket* AuthHandler::socket() const
-void AuthHandler::setSocket(QTcpSocket* socket)
+void AuthHandler::setSocket(QSslSocket* socket)
{
_socket = socket;
connect(socket, selectOverload<QAbstractSocket::SocketError>(&QTcpSocket::error), this, &AuthHandler::onSocketError);
{
_socket = socket;
connect(socket, selectOverload<QAbstractSocket::SocketError>(&QTcpSocket::error), this, &AuthHandler::onSocketError);
#include "common-export.h"
#include "common-export.h"
public:
AuthHandler(QObject* parent = nullptr);
public:
AuthHandler(QObject* parent = nullptr);
- QTcpSocket* socket() const;
+ QSslSocket* socket() const;
virtual bool isLocal() const;
virtual bool isLocal() const;
void socketError(QAbstractSocket::SocketError error, const QString& errorString);
protected:
void socketError(QAbstractSocket::SocketError error, const QString& errorString);
protected:
- void setSocket(QTcpSocket* socket);
+ void setSocket(QSslSocket* socket);
protected slots:
virtual void onSocketError(QAbstractSocket::SocketError error);
protected slots:
virtual void onSocketError(QAbstractSocket::SocketError error);
private:
void invalidMessage();
private:
void invalidMessage();
- QTcpSocket* _socket{nullptr}; // FIXME: should be a QSharedPointer? -> premature disconnect before the peer has taken over
+ QSslSocket* _socket{nullptr}; // FIXME: should be a QSharedPointer? -> premature disconnect before the peer has taken over
bool _disconnectedSent{false};
};
bool _disconnectedSent{false};
};
bool Core::sslSupported()
{
bool Core::sslSupported()
{
- auto* sslServer = qobject_cast<SslServer*>(&instance()->_server);
- return sslServer && sslServer->isCertValid();
+ return instance()->_server.isCertValid() && instance()->_v6server.isCertValid();
}
bool Core::reloadCerts()
{
}
bool Core::reloadCerts()
{
- auto* sslServerv4 = qobject_cast<SslServer*>(&_server);
- bool retv4 = sslServerv4->reloadCerts();
-
- auto* sslServerv6 = qobject_cast<SslServer*>(&_v6server);
- bool retv6 = sslServerv6->reloadCerts();
+ bool retv4 = _server.reloadCerts();
+ bool retv6 = _v6server.reloadCerts();
void Core::incomingConnection()
{
void Core::incomingConnection()
{
- auto* server = qobject_cast<QTcpServer*>(sender());
+ auto* server = qobject_cast<SslServer*>(sender());
Q_ASSERT(server);
while (server->hasPendingConnections()) {
Q_ASSERT(server);
while (server->hasPendingConnections()) {
- QTcpSocket* socket = server->nextPendingConnection();
+ auto socket = qobject_cast<QSslSocket*>(server->nextPendingConnection());
+ Q_ASSERT(socket);
auto* handler = new CoreAuthHandler(socket, this);
_connectingClients.insert(handler);
auto* handler = new CoreAuthHandler(socket, this);
_connectingClients.insert(handler);
-CoreAuthHandler::CoreAuthHandler(QTcpSocket* socket, QObject* parent)
+CoreAuthHandler::CoreAuthHandler(QSslSocket* socket, QObject* parent)
: AuthHandler(parent)
, _peer(nullptr)
, _metricsServer(Core::instance()->metricsServer())
: AuthHandler(parent)
, _peer(nullptr)
, _metricsServer(Core::instance()->metricsServer())
void CoreAuthHandler::startSsl()
{
void CoreAuthHandler::startSsl()
{
- auto* sslSocket = qobject_cast<QSslSocket*>(socket());
- Q_ASSERT(sslSocket);
-
qDebug() << qPrintable(tr("Starting encryption for Client:")) << _peer->description();
qDebug() << qPrintable(tr("Starting encryption for Client:")) << _peer->description();
- connect(sslSocket, selectOverload<const QList<QSslError>&>(&QSslSocket::sslErrors), this, &CoreAuthHandler::onSslErrors);
- sslSocket->flush(); // ensure that the write cache is flushed before we switch to ssl (bug 682)
- sslSocket->startServerEncryption();
+ connect(socket(), selectOverload<const QList<QSslError>&>(&QSslSocket::sslErrors), this, &CoreAuthHandler::onSslErrors);
+ socket()->flush(); // ensure that the write cache is flushed before we switch to ssl (bug 682)
+ socket()->startServerEncryption();
}
void CoreAuthHandler::onSslErrors()
{
}
void CoreAuthHandler::onSslErrors()
{
- auto* sslSocket = qobject_cast<QSslSocket*>(socket());
- Q_ASSERT(sslSocket);
- sslSocket->ignoreSslErrors();
+ socket()->ignoreSslErrors();
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. *
***************************************************************************/
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. *
***************************************************************************/
-#ifndef COREAUTHHANDLER_H
-#define COREAUTHHANDLER_H
#include "authhandler.h"
#include "metricsserver.h"
#include "authhandler.h"
#include "metricsserver.h"
- CoreAuthHandler(QTcpSocket* socket, QObject* parent = nullptr);
+ CoreAuthHandler(QSslSocket* socket, QObject* parent = nullptr);
QHostAddress hostAddress() const;
bool isLocal() const override;
QHostAddress hostAddress() const;
bool isLocal() const override;
quint8 _connectionFeatures;
QVector<PeerFactory::ProtoDescriptor> _supportedProtos;
};
quint8 _connectionFeatures;
QVector<PeerFactory::ProtoDescriptor> _supportedProtos;
};