From c0d6dc0dec628f2e143e37ecc95cec45e636f8a5 Mon Sep 17 00:00:00 2001
From: Manuel Nickschas <sputnick@quassel-irc.org>
Date: Sun, 15 Mar 2020 20:24:59 +0100
Subject: [PATCH] ssl: Use QSslSocket directly to avoid redundant qobject_casts

Use QSslSocket in the AuthHandler API to avoid having to cast
QTcpSocket to the SSL version in several places.
---
 src/client/clientauthhandler.cpp | 25 ++++++++++---------------
 src/common/authhandler.cpp       |  4 ++--
 src/common/authhandler.h         |  8 ++++----
 src/core/core.cpp                | 15 ++++++---------
 src/core/coreauthhandler.cpp     | 15 +++++----------
 src/core/coreauthhandler.h       |  7 ++-----
 6 files changed, 29 insertions(+), 45 deletions(-)

diff --git a/src/client/clientauthhandler.cpp b/src/client/clientauthhandler.cpp
index 44743ae8..469299fd 100644
--- a/src/client/clientauthhandler.cpp
+++ b/src/client/clientauthhandler.cpp
@@ -384,13 +384,11 @@ void ClientAuthHandler::checkAndEnableSsl(bool coreSupportsSsl)
         // Make sure the warning is shown next time we don't have SSL in the core
         s.setAccountValue("ShowNoCoreSslWarning", true);
 
-        auto* sslSocket = qobject_cast<QSslSocket*>(socket());
-        Q_ASSERT(sslSocket);
-        connect(sslSocket, &QSslSocket::encrypted, this, &ClientAuthHandler::onSslSocketEncrypted);
-        connect(sslSocket, selectOverload<const QList<QSslError>&>(&QSslSocket::sslErrors), this, &ClientAuthHandler::onSslErrors);
+        connect(socket(), &QSslSocket::encrypted, this, &ClientAuthHandler::onSslSocketEncrypted);
+        connect(socket(), selectOverload<const QList<QSslError>&>(&QSslSocket::sslErrors), this, &ClientAuthHandler::onSslErrors);
         qDebug() << "Starting encryption...";
-        sslSocket->flush();
-        sslSocket->startClientEncryption();
+        socket()->flush();
+        socket()->startClientEncryption();
     }
     else {
         if (s.accountValue("ShowNoCoreSslWarning", true).toBool()) {
@@ -435,9 +433,6 @@ void ClientAuthHandler::onSslSocketEncrypted()
 
 void ClientAuthHandler::onSslErrors()
 {
-    auto* socket = qobject_cast<QSslSocket*>(sender());
-    Q_ASSERT(socket);
-
     CoreAccountSettings s;
     QByteArray knownDigest = s.accountValue("SslCert").toByteArray();
     ClientAuthHandler::DigestVersion knownDigestVersion = static_cast<ClientAuthHandler::DigestVersion>(
@@ -446,11 +441,11 @@ void ClientAuthHandler::onSslErrors()
     QByteArray calculatedDigest;
     switch (knownDigestVersion) {
     case ClientAuthHandler::DigestVersion::Md5:
-        calculatedDigest = socket->peerCertificate().digest(QCryptographicHash::Md5);
+        calculatedDigest = socket()->peerCertificate().digest(QCryptographicHash::Md5);
         break;
 
     case ClientAuthHandler::DigestVersion::Sha2_512:
-        calculatedDigest = socket->peerCertificate().digest(QCryptographicHash::Sha512);
+        calculatedDigest = socket()->peerCertificate().digest(QCryptographicHash::Sha512);
         break;
 
     default:
@@ -460,7 +455,7 @@ void ClientAuthHandler::onSslErrors()
     if (knownDigest != calculatedDigest) {
         bool accepted = false;
         bool permanently = false;
-        emit handleSslErrors(socket, &accepted, &permanently);
+        emit handleSslErrors(socket(), &accepted, &permanently);
 
         if (!accepted) {
             requestDisconnect(tr("Unencrypted connection canceled"));
@@ -468,7 +463,7 @@ void ClientAuthHandler::onSslErrors()
         }
 
         if (permanently) {
-            s.setAccountValue("SslCert", socket->peerCertificate().digest(QCryptographicHash::Sha512));
+            s.setAccountValue("SslCert", socket()->peerCertificate().digest(QCryptographicHash::Sha512));
             s.setAccountValue("SslCertDigestVersion", ClientAuthHandler::DigestVersion::Latest);
         }
         else {
@@ -477,9 +472,9 @@ void ClientAuthHandler::onSslErrors()
         }
     }
     else if (knownDigestVersion != ClientAuthHandler::DigestVersion::Latest) {
-        s.setAccountValue("SslCert", socket->peerCertificate().digest(QCryptographicHash::Sha512));
+        s.setAccountValue("SslCert", socket()->peerCertificate().digest(QCryptographicHash::Sha512));
         s.setAccountValue("SslCertDigestVersion", ClientAuthHandler::DigestVersion::Latest);
     }
 
-    socket->ignoreSslErrors();
+    socket()->ignoreSslErrors();
 }
diff --git a/src/common/authhandler.cpp b/src/common/authhandler.cpp
index 1123ec5d..9e7b5e76 100644
--- a/src/common/authhandler.cpp
+++ b/src/common/authhandler.cpp
@@ -28,12 +28,12 @@ AuthHandler::AuthHandler(QObject* parent)
     : QObject(parent)
 {}
 
-QTcpSocket* AuthHandler::socket() const
+QSslSocket* AuthHandler::socket() const
 {
     return _socket;
 }
 
-void AuthHandler::setSocket(QTcpSocket* socket)
+void AuthHandler::setSocket(QSslSocket* socket)
 {
     _socket = socket;
     connect(socket, selectOverload<QAbstractSocket::SocketError>(&QTcpSocket::error), this, &AuthHandler::onSocketError);
diff --git a/src/common/authhandler.h b/src/common/authhandler.h
index b808442b..a14b7e4c 100644
--- a/src/common/authhandler.h
+++ b/src/common/authhandler.h
@@ -22,7 +22,7 @@
 
 #include "common-export.h"
 
-#include <QTcpSocket>
+#include <QSslSocket>
 
 #include "protocol.h"
 
@@ -35,7 +35,7 @@ class COMMON_EXPORT AuthHandler : public QObject
 public:
     AuthHandler(QObject* parent = nullptr);
 
-    QTcpSocket* socket() const;
+    QSslSocket* socket() const;
 
     virtual bool isLocal() const;
 
@@ -65,7 +65,7 @@ signals:
     void socketError(QAbstractSocket::SocketError error, const QString& errorString);
 
 protected:
-    void setSocket(QTcpSocket* socket);
+    void setSocket(QSslSocket* socket);
 
 protected slots:
     virtual void onSocketError(QAbstractSocket::SocketError error);
@@ -74,6 +74,6 @@ protected slots:
 private:
     void invalidMessage();
 
-    QTcpSocket* _socket{nullptr};  // FIXME: should be a QSharedPointer? -> premature disconnect before the peer has taken over
+    QSslSocket* _socket{nullptr};  // FIXME: should be a QSharedPointer? -> premature disconnect before the peer has taken over
     bool _disconnectedSent{false};
 };
diff --git a/src/core/core.cpp b/src/core/core.cpp
index 66e2e62a..11563fd5 100644
--- a/src/core/core.cpp
+++ b/src/core/core.cpp
@@ -572,17 +572,13 @@ bool Core::initAuthenticator(
 
 bool Core::sslSupported()
 {
-    auto* sslServer = qobject_cast<SslServer*>(&instance()->_server);
-    return sslServer && sslServer->isCertValid();
+    return instance()->_server.isCertValid() && instance()->_v6server.isCertValid();
 }
 
 bool Core::reloadCerts()
 {
-    auto* sslServerv4 = qobject_cast<SslServer*>(&_server);
-    bool retv4 = sslServerv4->reloadCerts();
-
-    auto* sslServerv6 = qobject_cast<SslServer*>(&_v6server);
-    bool retv6 = sslServerv6->reloadCerts();
+    bool retv4 = _server.reloadCerts();
+    bool retv6 = _v6server.reloadCerts();
 
     return retv4 && retv6;
 }
@@ -707,10 +703,11 @@ void Core::stopListening(const QString& reason)
 
 void Core::incomingConnection()
 {
-    auto* server = qobject_cast<QTcpServer*>(sender());
+    auto* server = qobject_cast<SslServer*>(sender());
     Q_ASSERT(server);
     while (server->hasPendingConnections()) {
-        QTcpSocket* socket = server->nextPendingConnection();
+        auto socket = qobject_cast<QSslSocket*>(server->nextPendingConnection());
+        Q_ASSERT(socket);
 
         auto* handler = new CoreAuthHandler(socket, this);
         _connectingClients.insert(handler);
diff --git a/src/core/coreauthhandler.cpp b/src/core/coreauthhandler.cpp
index 872c6d1e..b2895200 100644
--- a/src/core/coreauthhandler.cpp
+++ b/src/core/coreauthhandler.cpp
@@ -26,7 +26,7 @@
 
 #include "core.h"
 
-CoreAuthHandler::CoreAuthHandler(QTcpSocket* socket, QObject* parent)
+CoreAuthHandler::CoreAuthHandler(QSslSocket* socket, QObject* parent)
     : AuthHandler(parent)
     , _peer(nullptr)
     , _metricsServer(Core::instance()->metricsServer())
@@ -334,18 +334,13 @@ bool CoreAuthHandler::isLocal() const
 
 void CoreAuthHandler::startSsl()
 {
-    auto* sslSocket = qobject_cast<QSslSocket*>(socket());
-    Q_ASSERT(sslSocket);
-
     qDebug() << qPrintable(tr("Starting encryption for Client:")) << _peer->description();
-    connect(sslSocket, selectOverload<const QList<QSslError>&>(&QSslSocket::sslErrors), this, &CoreAuthHandler::onSslErrors);
-    sslSocket->flush();  // ensure that the write cache is flushed before we switch to ssl (bug 682)
-    sslSocket->startServerEncryption();
+    connect(socket(), selectOverload<const QList<QSslError>&>(&QSslSocket::sslErrors), this, &CoreAuthHandler::onSslErrors);
+    socket()->flush();  // ensure that the write cache is flushed before we switch to ssl (bug 682)
+    socket()->startServerEncryption();
 }
 
 void CoreAuthHandler::onSslErrors()
 {
-    auto* sslSocket = qobject_cast<QSslSocket*>(socket());
-    Q_ASSERT(sslSocket);
-    sslSocket->ignoreSslErrors();
+    socket()->ignoreSslErrors();
 }
diff --git a/src/core/coreauthhandler.h b/src/core/coreauthhandler.h
index 6471a3e0..21a2c512 100644
--- a/src/core/coreauthhandler.h
+++ b/src/core/coreauthhandler.h
@@ -18,8 +18,7 @@
  *   51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.         *
  ***************************************************************************/
 
-#ifndef COREAUTHHANDLER_H
-#define COREAUTHHANDLER_H
+#pragma once
 
 #include "authhandler.h"
 #include "metricsserver.h"
@@ -33,7 +32,7 @@ class CoreAuthHandler : public AuthHandler
     Q_OBJECT
 
 public:
-    CoreAuthHandler(QTcpSocket* socket, QObject* parent = nullptr);
+    CoreAuthHandler(QSslSocket* socket, QObject* parent = nullptr);
 
     QHostAddress hostAddress() const;
     bool isLocal() const override;
@@ -74,5 +73,3 @@ private:
     quint8 _connectionFeatures;
     QVector<PeerFactory::ProtoDescriptor> _supportedProtos;
 };
-
-#endif
-- 
2.20.1