1 /****************************************************************************
2 **
3 ** Copyright (C) 2016 The Qt Company Ltd.
4 ** Copyright (C) 2014 BlackBerry Limited. All rights reserved.
5 ** Contact: https://www.qt.io/licensing/
6 **
7 ** This file is part of the QtNetwork module of the Qt Toolkit.
8 **
9 ** $QT_BEGIN_LICENSE:LGPL$
10 ** Commercial License Usage
11 ** Licensees holding valid commercial Qt licenses may use this file in
12 ** accordance with the commercial license agreement provided with the
13 ** Software or, alternatively, in accordance with the terms contained in
14 ** a written agreement between you and The Qt Company. For licensing terms
15 ** and conditions see https://www.qt.io/terms-conditions. For further
16 ** information use the contact form at https://www.qt.io/contact-us.
17 **
18 ** GNU Lesser General Public License Usage
19 ** Alternatively, this file may be used under the terms of the GNU Lesser
20 ** General Public License version 3 as published by the Free Software
21 ** Foundation and appearing in the file LICENSE.LGPL3 included in the
22 ** packaging of this file. Please review the following information to
23 ** ensure the GNU Lesser General Public License version 3 requirements
24 ** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
25 **
26 ** GNU General Public License Usage
27 ** Alternatively, this file may be used under the terms of the GNU
28 ** General Public License version 2.0 or (at your option) the GNU General
29 ** Public license version 3 or any later version approved by the KDE Free
30 ** Qt Foundation. The licenses are as published by the Free Software
31 ** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
32 ** included in the packaging of this file. Please review the following
33 ** information to ensure the GNU General Public License requirements will
34 ** be met: https://www.gnu.org/licenses/gpl-2.0.html and
35 ** https://www.gnu.org/licenses/gpl-3.0.html.
36 **
37 ** $QT_END_LICENSE$
38 **
39 ****************************************************************************/
40 
41 /****************************************************************************
42 **
43 ** In addition, as a special exception, the copyright holders listed above give
44 ** permission to link the code of its release of Qt with the OpenSSL project's
45 ** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the
46 ** same license as the original version), and distribute the linked executables.
47 **
48 ** You must comply with the GNU General Public License version 2 in all
49 ** respects for all of the code used other than the "OpenSSL" code.  If you
50 ** modify this file, you may extend this exception to your version of the file,
51 ** but you are not obligated to do so.  If you do not wish to do so, delete
52 ** this exception statement from your version of this file.
53 **
54 ****************************************************************************/
55 
56 #ifndef QSSLCONFIGURATION_H
57 #define QSSLCONFIGURATION_H
58 
59 #include <QtNetwork/qtnetworkglobal.h>
60 #include <QtCore/qmap.h>
61 #include <QtCore/qshareddata.h>
62 #include <QtNetwork/qsslsocket.h>
63 #include <QtNetwork/qssl.h>
64 
65 #ifndef QT_NO_SSL
66 
67 QT_BEGIN_NAMESPACE
68 
69 template<typename T> class QList;
70 class QSslCertificate;
71 class QSslCipher;
72 class QSslKey;
73 class QSslEllipticCurve;
74 class QSslDiffieHellmanParameters;
75 
76 namespace dtlsopenssl
77 {
78 class DtlsState;
79 }
80 
81 class QSslConfigurationPrivate;
82 class Q_NETWORK_EXPORT QSslConfiguration
83 {
84 public:
85     QSslConfiguration();
86     QSslConfiguration(const QSslConfiguration &other);
87     ~QSslConfiguration();
88     QSslConfiguration &operator=(QSslConfiguration &&other) noexcept { swap(other); return *this; }
89     QSslConfiguration &operator=(const QSslConfiguration &other);
90 
swap(QSslConfiguration & other)91     void swap(QSslConfiguration &other) noexcept
92     { qSwap(d, other.d); }
93 
94     bool operator==(const QSslConfiguration &other) const;
95     inline bool operator!=(const QSslConfiguration &other) const
96     { return !(*this == other); }
97 
98     bool isNull() const;
99 
100     QSsl::SslProtocol protocol() const;
101     void setProtocol(QSsl::SslProtocol protocol);
102 
103     // Verification
104     QSslSocket::PeerVerifyMode peerVerifyMode() const;
105     void setPeerVerifyMode(QSslSocket::PeerVerifyMode mode);
106 
107     int peerVerifyDepth() const;
108     void setPeerVerifyDepth(int depth);
109 
110     // Certificate & cipher configuration
111     QList<QSslCertificate> localCertificateChain() const;
112     void setLocalCertificateChain(const QList<QSslCertificate> &localChain);
113 
114     QSslCertificate localCertificate() const;
115     void setLocalCertificate(const QSslCertificate &certificate);
116 
117     QSslCertificate peerCertificate() const;
118     QList<QSslCertificate> peerCertificateChain() const;
119     QSslCipher sessionCipher() const;
120     QSsl::SslProtocol sessionProtocol() const;
121 
122     // Private keys, for server sockets
123     QSslKey privateKey() const;
124     void setPrivateKey(const QSslKey &key);
125 
126     // Cipher settings
127     QList<QSslCipher> ciphers() const;
128     void setCiphers(const QList<QSslCipher> &ciphers);
129     static QList<QSslCipher> supportedCiphers();
130 
131     // Certificate Authority (CA) settings
132     QList<QSslCertificate> caCertificates() const;
133     void setCaCertificates(const QList<QSslCertificate> &certificates);
134     bool addCaCertificates(
135             const QString &path, QSsl::EncodingFormat format = QSsl::Pem,
136             QSslCertificate::PatternSyntax syntax = QSslCertificate::PatternSyntax::FixedString);
137     void addCaCertificate(const QSslCertificate &certificate);
138     void addCaCertificates(const QList<QSslCertificate> &certificates);
139 
140     static QList<QSslCertificate> systemCaCertificates();
141 
142     void setSslOption(QSsl::SslOption option, bool on);
143     bool testSslOption(QSsl::SslOption option) const;
144 
145     QByteArray sessionTicket() const;
146     void setSessionTicket(const QByteArray &sessionTicket);
147     int sessionTicketLifeTimeHint() const;
148 
149     QSslKey ephemeralServerKey() const;
150 
151     // EC settings
152     QVector<QSslEllipticCurve> ellipticCurves() const;
153     void setEllipticCurves(const QVector<QSslEllipticCurve> &curves);
154     static QVector<QSslEllipticCurve> supportedEllipticCurves();
155 
156     QByteArray preSharedKeyIdentityHint() const;
157     void setPreSharedKeyIdentityHint(const QByteArray &hint);
158 
159     QSslDiffieHellmanParameters diffieHellmanParameters() const;
160     void setDiffieHellmanParameters(const QSslDiffieHellmanParameters &dhparams);
161 
162     QMap<QByteArray, QVariant> backendConfiguration() const;
163     void setBackendConfigurationOption(const QByteArray &name, const QVariant &value);
164     void setBackendConfiguration(const QMap<QByteArray, QVariant> &backendConfiguration = QMap<QByteArray, QVariant>());
165 
166     static QSslConfiguration defaultConfiguration();
167     static void setDefaultConfiguration(const QSslConfiguration &configuration);
168 
169 #if QT_CONFIG(dtls) || defined(Q_CLANG_QDOC)
170     bool dtlsCookieVerificationEnabled() const;
171     void setDtlsCookieVerificationEnabled(bool enable);
172 
173     static QSslConfiguration defaultDtlsConfiguration();
174     static void setDefaultDtlsConfiguration(const QSslConfiguration &configuration);
175 #endif // dtls
176 
177     void setOcspStaplingEnabled(bool enable);
178     bool ocspStaplingEnabled() const;
179 
180     enum NextProtocolNegotiationStatus {
181         NextProtocolNegotiationNone,
182         NextProtocolNegotiationNegotiated,
183         NextProtocolNegotiationUnsupported
184     };
185 
186 #if QT_VERSION >= QT_VERSION_CHECK(6,0,0)
187     void setAllowedNextProtocols(const QList<QByteArray> &protocols);
188 #else
189     void setAllowedNextProtocols(QList<QByteArray> protocols);
190 #endif
191     QList<QByteArray> allowedNextProtocols() const;
192 
193     QByteArray nextNegotiatedProtocol() const;
194     NextProtocolNegotiationStatus nextProtocolNegotiationStatus() const;
195 
196     static const char ALPNProtocolHTTP2[];
197     static const char NextProtocolSpdy3_0[];
198     static const char NextProtocolHttp1_1[];
199 
200 private:
201     friend class QSslSocket;
202     friend class QSslConfigurationPrivate;
203     friend class QSslSocketBackendPrivate;
204     friend class QSslContext;
205     friend class QDtlsBasePrivate;
206     friend class dtlsopenssl::DtlsState;
207     QSslConfiguration(QSslConfigurationPrivate *dd);
208     QSharedDataPointer<QSslConfigurationPrivate> d;
209 };
210 
211 Q_DECLARE_SHARED(QSslConfiguration)
212 
213 QT_END_NAMESPACE
214 
215 Q_DECLARE_METATYPE(QSslConfiguration)
216 
217 #endif  // QT_NO_SSL
218 
219 #endif
220