1 /****************************************************************************
2 **
3 ** Copyright (C) 2017 The Qt Company Ltd.
4 ** Contact: https://www.qt.io/licensing/
5 **
6 ** This file is part of the QtNetwork module of the Qt Toolkit.
7 **
8 ** $QT_BEGIN_LICENSE:LGPL$
9 ** Commercial License Usage
10 ** Licensees holding valid commercial Qt licenses may use this file in
11 ** accordance with the commercial license agreement provided with the
12 ** Software or, alternatively, in accordance with the terms contained in
13 ** a written agreement between you and The Qt Company. For licensing terms
14 ** and conditions see https://www.qt.io/terms-conditions. For further
15 ** information use the contact form at https://www.qt.io/contact-us.
16 **
17 ** GNU Lesser General Public License Usage
18 ** Alternatively, this file may be used under the terms of the GNU Lesser
19 ** General Public License version 3 as published by the Free Software
20 ** Foundation and appearing in the file LICENSE.LGPL3 included in the
21 ** packaging of this file. Please review the following information to
22 ** ensure the GNU Lesser General Public License version 3 requirements
23 ** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
24 **
25 ** GNU General Public License Usage
26 ** Alternatively, this file may be used under the terms of the GNU
27 ** General Public License version 2.0 or (at your option) the GNU General
28 ** Public license version 3 or any later version approved by the KDE Free
29 ** Qt Foundation. The licenses are as published by the Free Software
30 ** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
31 ** included in the packaging of this file. Please review the following
32 ** information to ensure the GNU General Public License requirements will
33 ** be met: https://www.gnu.org/licenses/gpl-2.0.html and
34 ** https://www.gnu.org/licenses/gpl-3.0.html.
35 **
36 ** $QT_END_LICENSE$
37 **
38 ****************************************************************************/
39 
40 #ifndef QHSTS_P_H
41 #define QHSTS_P_H
42 
43 //
44 //  W A R N I N G
45 //  -------------
46 //
47 // This file is not part of the Qt API.  It exists for the convenience
48 // of the Network Access API.  This header file may change from
49 // version to version without notice, or even be removed.
50 //
51 // We mean it.
52 //
53 
54 #include <QtNetwork/private/qtnetworkglobal_p.h>
55 
56 #include <QtNetwork/qhstspolicy.h>
57 
58 #include <QtCore/qbytearray.h>
59 #include <QtCore/qdatetime.h>
60 #include <QtCore/qstring.h>
61 #include <QtCore/qglobal.h>
62 #include <QtCore/qpair.h>
63 #include <QtCore/qurl.h>
64 
65 #include <map>
66 
67 QT_BEGIN_NAMESPACE
68 
69 template<typename T> class QList;
70 template <typename T> class QVector;
71 
72 class Q_AUTOTEST_EXPORT QHstsCache
73 {
74 public:
75 
76     void updateFromHeaders(const QList<QPair<QByteArray, QByteArray>> &headers,
77                            const QUrl &url);
78     void updateFromPolicies(const QVector<QHstsPolicy> &hosts);
79     void updateKnownHost(const QUrl &url, const QDateTime &expires,
80                          bool includeSubDomains);
81     bool isKnownHost(const QUrl &url) const;
82     void clear();
83 
84     QVector<QHstsPolicy> policies() const;
85 
86 #if QT_CONFIG(settings)
87     void setStore(class QHstsStore *store);
88 #endif // QT_CONFIG(settings)
89 
90 private:
91 
92     void updateKnownHost(const QString &hostName, const QDateTime &expires,
93                          bool includeSubDomains);
94 
95     struct HostName
96     {
HostNameHostName97         explicit HostName(const QString &n) : name(n) { }
HostNameHostName98         explicit HostName(const QStringRef &r) : fragment(r) { }
99 
100         bool operator < (const HostName &rhs) const
101         {
102             if (fragment.size()) {
103                 if (rhs.fragment.size())
104                     return fragment < rhs.fragment;
105                 return fragment < QStringRef(&rhs.name);
106             }
107 
108             if (rhs.fragment.size())
109                 return QStringRef(&name) < rhs.fragment;
110             return name < rhs.name;
111         }
112 
113         // We use 'name' for a HostName object contained in our dictionary;
114         // we use 'fragment' only during lookup, when chopping the complete host
115         // name, removing subdomain names (such HostName object is 'transient', it
116         // must not outlive the original QString object.
117         QString name;
118         QStringRef fragment;
119     };
120 
121     mutable std::map<HostName, QHstsPolicy> knownHosts;
122 #if QT_CONFIG(settings)
123     QHstsStore *hstsStore = nullptr;
124 #endif // QT_CONFIG(settings)
125 };
126 
127 class Q_AUTOTEST_EXPORT QHstsHeaderParser
128 {
129 public:
130 
131     bool parse(const QList<QPair<QByteArray, QByteArray>> &headers);
132 
expirationDate()133     QDateTime expirationDate() const { return expiry; }
includeSubDomains()134     bool includeSubDomains() const { return subDomainsFound; }
135 
136 private:
137 
138     bool parseSTSHeader();
139     bool parseDirective();
140     bool processDirective(const QByteArray &name, const QByteArray &value);
141     bool nextToken();
142 
143     QByteArray header;
144     QByteArray token;
145 
146     QDateTime expiry;
147     int tokenPos = 0;
148     bool maxAgeFound = false;
149     qint64 maxAge = 0;
150     bool subDomainsFound = false;
151 };
152 
153 QT_END_NAMESPACE
154 
155 #endif
156